secureops-core
The shared, I/O-free heart of SecureOps. It holds:
- the type model ([
types]) —AuditFinding,Severity,AuditReport, … - the OpenClaw config tree ([
config]) it audits - the
AuditContexttrait ([context]) — dependency injection for all filesystem / environment access, so checks stay unit-testable against a mock - the
Checktrait ([check]) — one impl per audit category - scoring ([
scoring]) — the faithful port ofcalculateScore,computeSummaryand the MAESTRO cross-layer compound-risk pass - IOC / runtime value types ([
ioc], [runtime]) shared by the intel, monitors and daemon crates
Wire-format contract (PRODUCT.md A.5)
The JSON emitted here must stay byte-compatible with the TypeScript tool
for the whole migration window: both a TS shim and a Rust daemon may read and
write the same <stateDir>/.secureops/ files. Every serialized struct is
#[serde(rename_all = "camelCase")] (or an explicit case) to match the TS
field names exactly. Treat the field names as frozen.