secureops-core 0.0.2

SecureOps shared core: types, Check/AuditContext traits, scoring. No I/O.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

//! Runtime value types shared by monitors, hardening and the daemon.
//!
//! Port of the monitor / cost / hardening / skill-scan interfaces in
//! `src/types.ts`. Behavior (the actual tokio monitors, AlertBus, hardening
//! modules) lives in `secureops-monitors` / future hardening crates; these are
//! the data shapes that cross the JSON / IPC boundary.

use crate::types::Severity;
use serde::{Deserialize, Serialize};
use std::collections::HashMap;

/// A monitor alert emitted onto the AlertBus and persisted to SQLite.
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct MonitorAlert {
    pub timestamp: String,
    pub severity: Severity,
    pub monitor: String,
    pub message: String,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub details: Option<String>,
}

/// Snapshot of a monitor's state.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct MonitorStatus {
    pub running: bool,
    #[serde(skip_serializing_if = "Option::is_none", default)]
    pub last_check: Option<String>,
    pub alerts: Vec<MonitorAlert>,
}

/// One cost-tracking entry.
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct CostEntry {
    pub timestamp: String,
    pub model: String,
    pub input_tokens: u64,
    pub output_tokens: u64,
    pub estimated_cost_usd: f64,
}

/// Rolling cost report + circuit-breaker state.
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct CostReport {
    pub hourly: f64,
    pub daily: f64,
    pub monthly: f64,
    pub projection: CostProjection,
    pub circuit_breaker_tripped: bool,
    pub entries: Vec<CostEntry>,
}

#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct CostProjection {
    pub daily: f64,
    pub monthly: f64,
}

/// Result of scanning a single skill.
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct SkillScanResult {
    pub safe: bool,
    pub skill_name: String,
    pub findings: Vec<String>,
    pub dangerous_patterns: Vec<String>,
    pub ioc_matches: Vec<String>,
}

/// Behavioral baseline entry (directive G3).
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct BehavioralBaseline {
    pub tool_call_frequency: HashMap<String, u64>,
    pub typical_tools: Vec<String>,
    pub typical_data_paths: Vec<String>,
    pub window_minutes: u64,
    pub last_updated: String,
}

// ---- Hardening ----

/// A single hardening action taken (before/after for rollback + audit).
#[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct HardeningAction {
    pub id: String,
    pub description: String,
    pub before: String,
    pub after: String,
}

/// Result of running one hardening module.
#[derive(Serialize, Deserialize, Clone, Debug, Default, PartialEq)]
#[serde(rename_all = "camelCase")]
pub struct HardeningResult {
    pub module: String,
    pub applied: Vec<HardeningAction>,
    pub skipped: Vec<HardeningAction>,
    pub errors: Vec<String>,
}