seval 0.1.2

AI-powered security research CLI with a split-pane TUI, agentic tool execution, and session persistence
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

//! Configuration types for the Seval CLI.

use serde::{Deserialize, Serialize};

use super::defaults;

/// Tool approval mode controlling how Seval handles tool execution.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize, clap::ValueEnum, Default)]
#[serde(rename_all = "kebab-case")]
pub enum ApprovalMode {
    /// Read-only mode, no tool execution.
    Plan,
    /// Ask before write operations (default).
    #[default]
    Default,
    /// Auto-approve file edits, ask for shell commands.
    AutoEdit,
    /// Approve everything automatically.
    Yolo,
}

/// AWS-related configuration.
#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
pub struct AwsConfig {
    /// AWS profile name.
    pub profile: Option<String>,
    /// AWS region.
    pub region: Option<String>,
    /// Bedrock model ID.
    pub model: Option<String>,
}

/// Tools configuration with defaults.
#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
pub struct ToolsConfig {
    /// Tool approval mode.
    #[serde(default)]
    pub approval_mode: ApprovalMode,
    /// Deny rules for dangerous commands.
    #[serde(default = "defaults::default_deny_rules")]
    pub deny_rules: Vec<String>,
    /// Maximum turns for the agentic loop.
    #[serde(default = "defaults::default_max_turns")]
    pub max_turns: usize,
}

impl Default for ToolsConfig {
    fn default() -> Self {
        Self {
            approval_mode: ApprovalMode::default(),
            deny_rules: defaults::default_deny_rules(),
            max_turns: defaults::default_max_turns(),
        }
    }
}

/// AI provider kind.
#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize, Deserialize, Default)]
#[serde(rename_all = "kebab-case")]
pub enum ProviderKind {
    /// AWS Bedrock (access key + secret key + region).
    #[default]
    Bedrock,
    /// `OpenRouter` multi-model API.
    OpenRouter,
}

/// Provider configuration.
#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
pub struct ProviderConfig {
    /// Active provider.
    #[serde(default)]
    pub active: ProviderKind,
    /// Model override.
    pub model: Option<String>,
}

/// AWS Bedrock API configuration.
#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
pub struct BedrockConfig {
    /// AWS access key ID.
    pub access_key_id: Option<String>,
    /// AWS secret access key.
    pub secret_access_key: Option<String>,
    /// AWS region (e.g. us-east-1).
    pub region: Option<String>,
}

/// `OpenRouter` API configuration.
#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
pub struct OpenRouterConfig {
    /// API key for `OpenRouter`.
    pub api_key: Option<String>,
}

/// Global configuration stored at ~/.seval/config.toml.
#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
pub struct GlobalConfig {
    /// AWS configuration.
    #[serde(default)]
    pub aws: AwsConfig,
    /// Tools configuration.
    #[serde(default)]
    pub tools: ToolsConfig,
    /// Provider configuration.
    #[serde(default)]
    pub provider: ProviderConfig,
    /// Bedrock configuration.
    #[serde(default)]
    pub bedrock: BedrockConfig,
    /// `OpenRouter` configuration.
    #[serde(default)]
    pub openrouter: OpenRouterConfig,
    /// Brave Search API key for web search tool.
    #[serde(default)]
    pub brave_api_key: Option<String>,
}

/// Project-local tools configuration (all fields optional for override).
#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
pub struct ProjectToolsConfig {
    /// Override approval mode.
    pub approval_mode: Option<ApprovalMode>,
    /// Override deny rules (replaces, not appends).
    pub deny_rules: Option<Vec<String>>,
}

/// Project-local configuration stored at .seval/config.toml.
#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
pub struct ProjectConfig {
    /// Override AWS configuration.
    pub aws: Option<AwsConfig>,
    /// Override tools configuration.
    pub tools: Option<ProjectToolsConfig>,
}

/// Merged runtime configuration used by the application.
#[derive(Debug, Clone, PartialEq, Eq)]
pub struct AppConfig {
    /// AWS configuration.
    pub aws: AwsConfig,
    /// Tools configuration.
    pub tools: ToolsConfig,
    /// Provider configuration.
    pub provider: ProviderConfig,
    /// Bedrock configuration.
    pub bedrock: BedrockConfig,
    /// `OpenRouter` configuration.
    pub openrouter: OpenRouterConfig,
    /// Brave Search API key for web search tool.
    pub brave_api_key: Option<String>,
}