sxmc 0.2.1

One Rust binary to bridge skills, MCP, and APIs into reusable agent, terminal, and automation workflows
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174

//! Security scanning primitives for skills and MCP servers.
//!
//! The scanner is intentionally lightweight and heuristic-based. It is useful
//! for catching obviously risky content early, not for proving something is
//! completely safe.

pub mod mcp_scanner;
pub mod patterns;
pub mod skill_scanner;

use std::fmt;

/// Severity level for security findings.
#[derive(Debug, Clone, Copy, PartialEq, Eq, PartialOrd, Ord)]
pub enum Severity {
    Info,
    Warning,
    Error,
    Critical,
}

impl fmt::Display for Severity {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        match self {
            Severity::Info => write!(f, "INFO"),
            Severity::Warning => write!(f, "WARN"),
            Severity::Error => write!(f, "ERROR"),
            Severity::Critical => write!(f, "CRITICAL"),
        }
    }
}

/// A single security finding.
#[derive(Debug, Clone)]
pub struct Finding {
    /// Stable rule identifier such as `SL-INJ-001`.
    pub code: String,
    /// Severity assigned by the scanner.
    pub severity: Severity,
    /// Short human-readable label.
    pub title: String,
    /// Explanation of what was detected.
    pub description: String,
    /// Optional logical location such as a file, tool name, or MCP path.
    pub location: Option<String>,
    /// Optional 1-based line number when available.
    pub line: Option<usize>,
}

impl fmt::Display for Finding {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(
            f,
            "[{}] {} ({}): {}",
            self.severity, self.code, self.title, self.description
        )?;
        if let Some(ref loc) = self.location {
            write!(f, " at {}", loc)?;
        }
        if let Some(line) = self.line {
            write!(f, ":{}", line)?;
        }
        Ok(())
    }
}

/// A security scan report.
#[derive(Debug, Clone)]
pub struct ScanReport {
    /// The scanned target, such as a skill name or MCP server identifier.
    pub target: String,
    /// All findings produced for that target.
    pub findings: Vec<Finding>,
}

impl ScanReport {
    /// Create an empty report for a named target.
    pub fn new(target: &str) -> Self {
        Self {
            target: target.to_string(),
            findings: Vec::new(),
        }
    }

    /// Add a single finding to the report.
    pub fn add(&mut self, finding: Finding) {
        self.findings.push(finding);
    }

    /// Return a copy of the report containing only findings at or above `min`.
    pub fn filtered(&self, min: Severity) -> Self {
        Self {
            target: self.target.clone(),
            findings: self
                .findings
                .iter()
                .filter(|f| f.severity >= min)
                .cloned()
                .collect(),
        }
    }

    /// Get findings filtered by minimum severity.
    pub fn findings_at_severity(&self, min: Severity) -> Vec<&Finding> {
        self.findings.iter().filter(|f| f.severity >= min).collect()
    }

    pub fn has_critical(&self) -> bool {
        self.findings
            .iter()
            .any(|f| f.severity == Severity::Critical)
    }

    /// Whether the report contains any `Error` or `Critical` findings.
    pub fn has_errors(&self) -> bool {
        self.findings.iter().any(|f| f.severity >= Severity::Error)
    }

    /// Whether the scanner produced zero findings.
    pub fn is_clean(&self) -> bool {
        self.findings.is_empty()
    }

    /// Format report as human-readable text.
    pub fn format_text(&self) -> String {
        if self.findings.is_empty() {
            return format!("[PASS] {} — no security issues found", self.target);
        }

        let mut lines = vec![format!(
            "[SCAN] {}{} issue(s) found",
            self.target,
            self.findings.len()
        )];

        let mut sorted = self.findings.clone();
        sorted.sort_by(|a, b| b.severity.cmp(&a.severity));

        for f in &sorted {
            lines.push(format!("  {}", f));
        }

        lines.join("\n")
    }

    /// Format report as JSON.
    pub fn format_json(&self) -> serde_json::Value {
        serde_json::json!({
            "target": self.target,
            "findings": self.findings.iter().map(|f| {
                let mut obj = serde_json::json!({
                    "code": f.code,
                    "severity": format!("{}", f.severity),
                    "title": f.title,
                    "description": f.description,
                });
                if let Some(ref loc) = f.location {
                    obj["location"] = serde_json::json!(loc);
                }
                if let Some(line) = f.line {
                    obj["line"] = serde_json::json!(line);
                }
                obj
            }).collect::<Vec<_>>(),
            "summary": {
                "total": self.findings.len(),
                "critical": self.findings.iter().filter(|f| f.severity == Severity::Critical).count(),
                "error": self.findings.iter().filter(|f| f.severity == Severity::Error).count(),
                "warning": self.findings.iter().filter(|f| f.severity == Severity::Warning).count(),
                "info": self.findings.iter().filter(|f| f.severity == Severity::Info).count(),
            }
        })
    }
}