skill-veil-core 0.1.1

Core library for skill-veil behavioral analysis
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

//! skill-veil-core: Behavioral & Supply-Chain Security Analysis for Agent Skills
//!
//! This crate provides the core analysis engine for detecting security risks
//! in agent skills based on Markdown and associated code.
//!
//! # Overview
//!
//! skill-veil-core analyzes agent skill files (typically Markdown) for security
//! risks such as:
//!
//! - Remote code execution patterns (`curl | bash`, PowerShell IEX, etc.)
//! - Supply chain risks (untrusted sources, suspicious packages)
//! - Credential exposure
//! - Privilege escalation attempts
//! - Data exfiltration indicators
//!
//! # Quick Start
//!
//! ```
//! use skill_veil_core::scanner::Scanner;
//! use skill_veil_core::findings::Severity;
//!
//! // Create a scanner with default rules
//! let scanner = Scanner::new().unwrap();
//!
//! // Scan content directly (for demo purposes)
//! # use std::io::Write;
//! # let mut file = tempfile::NamedTempFile::new().unwrap();
//! # writeln!(file, "# Test Skill\n## Setup\n```bash\necho hello\n```").unwrap();
//! let result = scanner.scan_file(file.path()).unwrap();
//!
//! // Check results
//! println!("Found {} findings", result.findings.len());
//! if result.has_severity(Severity::Critical) {
//!     println!("Critical issues detected!");
//! }
//! ```
//!
//! # Architecture
//!
//! The crate follows a hexagonal (ports and adapters) architecture:
//!
//! - **Core Domain**: [`scanner`], [`rules`], [`findings`], [`analyzer`]
//! - **Port Traits**: [`ports`] - Interfaces for dependency injection
//! - **Adapters**: [`adapters`] - Default implementations of port traits
//! - **Services**: [`services`] - Business logic services
//!
//! # Modules
//!
//! - [`scanner`] - High-level scanning orchestration
//! - [`rules`] - Rule engine and rule definitions
//! - [`findings`] - Finding and severity types
//! - [`analyzer`] - Document parsing and analysis
//! - [`policy`] - Policy generation (SHIELD.md, SARIF, JSON)
//! - [`ports`] - Trait definitions for dependency injection
//! - [`adapters`] - Default implementations
//! - [`services`] - File discovery and filtering services

pub mod adapters;
pub mod analyzer;
pub mod artifact_graph;
pub mod benchmark;
pub mod findings;
pub mod policy;
mod policy_eval;
mod policy_serializers;
mod policy_state;
mod policy_types;
pub mod ports;
pub mod rules;
pub mod scanner;
mod scanner_execution;
mod scanner_graph;
mod scanner_support;
mod scanner_types;
pub mod services;
mod verdict;

#[cfg(feature = "yara")]
pub mod yara_engine;

// Domain types
pub use analyzer::{
    AgentExtensionKind, ArtifactAssessment, ArtifactClassification, ArtifactIdentitySource,
    CodeBlock, Section, SkillDocument, StructuralSignals, StructuralValidity,
};
pub use benchmark::{
    AttackFamilyMetrics, BenchmarkError, BenchmarkHistory, BenchmarkHistoryEntry,
    CalibrationBucket, CalibrationSummary, CorpusCoverage, CorpusEvaluation, CorpusManifest,
    CoverageBucket, DeduplicationMetrics, LabeledSample, RegressionMetrics, SampleEvaluation,
    SampleLabel, ThresholdRecommendation,
};
pub use findings::{
    artifact_scope_for_kind, deduplicate_findings, derive_package_verdict, signal_class_for,
    ArtifactKind, ArtifactScope, BlastRadiusLevel, BlastRadiusSummary, DeclaredPermission,
    DeduplicationSummary, EvidenceKind, Finding, HygieneSummary, MatchTarget, OperationalContext,
    PackageHealth, PackageVerdictReport, RecommendedAction, RootCauseGroup, Severity, SignalClass,
    ThreatCategory, Verdict, VerdictReason,
};
pub use policy::{
    AppliedPolicyOverride, BaselineEntry, BaselineFile, ConfiguredProfile, ContextActionOverride,
    ContextPolicy, DiffEntry, DiffReport, JsonReport, PolicyAudit, PolicyFile, PolicyGenerator,
    PolicyOverride, PolicyProfile, PolicyProfiles, ShieldPolicy, SuppressionSummary, WaiverEntry,
    WaiverFile, POLICY_PRECEDENCE_ORDER, POLICY_SCHEMA_VERSION,
};
pub use policy_state::{
    apply_baseline, apply_policy_overrides, apply_policy_overrides_with_audit, apply_waivers,
    baseline_from_reports, diff_reports, diff_reports_with_policy_state, finding_fingerprint,
    load_baseline, load_policy, load_waivers, validate_policy, validate_waivers,
};
pub use rules::{
    default_external_rule_dirs, is_supported_rule_pack_schema, parse_rules_file, IocFeedFile, Rule,
    RuleCondition, RuleEngine, RulePackFile, RulePackKind, RulePackMetadata,
    RULE_PACK_SCHEMA_VERSION,
};
pub use scanner::{ScanOptions, ScanResult, ScanTargetMode, Scanner};

// Port traits (interfaces for dependency injection)
pub use ports::{DecodedText, FileContent, FileSystemProvider, MarkdownParser, PatternMatcher};

// Default adapters (implementations of port traits)
pub use adapters::{PulldownMarkdownParser, RegexPatternMatcher, StdFileSystemProvider};
pub use artifact_graph::{
    ArtifactCapability, ArtifactCapabilityFact, ArtifactCapabilitySource, ArtifactEdge,
    ArtifactGraph, ArtifactNode, ArtifactRelation,
};