1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
//! wafrift-core — Façade crate re-exporting all WAF Rift modules.
//!
//! This crate is a convenience umbrella. Each module lives in its own
//! focused crate; this crate re-exports them all under a single namespace
//! so existing consumers (`wafrift-cli`, `wafrift-transport`, integration
//! tests) can continue using `wafrift_core::*`.
//!
//! # Examples
//!
//! Use the umbrella to drive a payload through three subsystems
//! without depending on each subcrate by name:
//!
//! ```
//! use wafrift_core::{encoding, grammar};
//!
//! // Classify, mutate, encode — three lego-blocks, one façade.
//! let p = "' OR 1=1 --";
//! assert_eq!(grammar::classify(p), grammar::PayloadType::Sql);
//!
//! let mutations = grammar::mutate(p, 3);
//! assert!(!mutations.is_empty());
//!
//! let encoded = encoding::encode(p, encoding::Strategy::UrlEncode).unwrap();
//! assert!(encoded.contains("%27"));
//! ```
//!
//! Use the re-exported types to build a request without naming
//! `wafrift_types`:
//!
//! ```
//! use wafrift_core::{Method, Request};
//!
//! let r = Request::get("https://example.com").header("X-Test", "1");
//! assert_eq!(r.method(), &Method::Get);
//! assert_eq!(r.headers().len(), 1);
//! ```
//!
//! # Crate structure
//!
//! ## Re-exported crates
//!
//! | Crate | Re-exported as | Purpose |
//! |-------------------------|-----------------------------|-----------------------------------------------------|
//! | `wafrift-types` | (crate root via `*`) | Core types: Request, Technique, EvasionResult |
//! | `wafrift-encoding` | `encoding`, `header` | Payload encoding + header obfuscation |
//! | `wafrift-grammar` | `grammar` | Grammar-aware payload mutations |
//! | `wafrift-content-type` | `content_type` | WAFFLED Content-Type switching |
//! | `wafrift-smuggling` | `smuggling`, `h2_evasion` | HTTP smuggling + HTTP/2 frame-level evasion |
//! | `wafrift-fingerprint` | `fingerprint`, `tls_fingerprint` | Browser + TLS JA3/JA4 fingerprint profiles |
//! | `wafrift-detect` | `waf_detect`, `response_fingerprint` | WAF detection (HTTP headers, DNS CNAME, BGP ASN) |
//! | `wafrift-evolution` | `evolution`, `advisor`, `differential`, `custom_rules`, `intelligence` | Genetic algorithm + MCTS + advisor |
//! | `wafrift-oracle` | `oracle` | Payload validity oracles (SQL, XSS, SSTI, …) |
//! | `wafrift-strategy` | `host_state`, `strategy` | Evasion pipeline + gene bank + adaptive host state |
//! | `wafrift-transport` | `transport` | Evasion-aware HTTP client + stealth profiles |
//! | `proxywire` | `pool` | Canonical proxy substrate (routing, rotation, auth) |
//! | `wafrift-recon` | `recon` | Origin discovery via CT logs + DNS history |
//!
//! ### NOT re-exported by this crate
//!
//! These crates are part of the workspace but are not included in `wafrift-core`
//! to avoid the associated heavy dependencies (wasmtime, ed25519-dalek, etc.)
//! in consumers that don't need them. Use the sub-crates directly:
//!
//! - `wafrift-wafmodel` — L* WAF decompiler + offline SFA bypass mining
//! - `wafrift-genome-registry` — ed25519 genome signing + trust-list management
//! - `wafrift-plugin-api` — TOML + WASM external tamper SDK
//! - `wafrift-graphql` — GraphQL-specific evasion payloads
//! - `wafrift-grpc-evasion` — gRPC opaque-payload bypass
//! - `wafrift-captchaforge-bridge` — headless Chromium challenge solver
// ── Foundation types ──
pub use *;
// ── Technique modules (re-exported as submodules) ──
pub use wafrift_content_type as content_type;
pub use encoding;
pub use header;
pub use fingerprint;
pub use tls_fingerprint;
pub use grammar;
pub use wafrift_http3_evasion as http3_evasion;
pub use h2_evasion;
pub use smuggling;
// ── Cross-family smuggle aggregator (every probe, one iterator) ──
// ── Intelligence modules ──
pub use response_fingerprint;
pub use waf_detect;
pub use advisor;
pub use custom_rules;
pub use differential;
pub use evolution;
pub use intelligence;
// ── Pipeline ──
pub use host_state;
pub use strategy;
// ── Validation / oracle layer ──
pub use wafrift_oracle as oracle;
// ── Transport / network ──
// `pool` is the canonical proxy substrate. wafrift's naive round-robin
// `wafrift-pool` was consolidated onto `proxywire` (strict URL validation +
// health-aware rotation); this alias keeps the `wafrift_core::pool` path stable.
pub use proxywire as pool;
pub use wafrift_transport as transport;
// ── Discovery ──
pub use wafrift_recon as recon;
// Re-export `HostState` for integration-test ergonomics.
//
// R75 pass-21 §8 ARCHITECTURE: pre-fix this block also re-exported
// `CalibrationResult`, `EscalationLevel`, `EvasionConfig` via the
// `wafrift_strategy::strategy::*` path — but those are already
// available at this crate's root via `pub use wafrift_types::*` on
// line 59 (each is defined in `wafrift_types`, NOT in
// `wafrift_strategy`). Two valid import paths for the same symbol
// (`wafrift_core::EvasionConfig` AND `wafrift_core::strategy::
// EvasionConfig`) caused grep-confusion during refactors — half the
// usages would be missed. One canonical path now.
pub use HostState;