Skip to main content

fallow_api/
security_output.rs

1//! Shared security JSON payload contracts for programmatic consumers.
2
3use serde::Serialize;
4
5/// Gate mode for `fallow security --gate <mode>`.
6#[derive(Debug, Clone, Copy, PartialEq, Eq, Serialize)]
7#[cfg_attr(feature = "schema", derive(schemars::JsonSchema))]
8#[serde(rename_all = "kebab-case")]
9pub enum SecurityGateMode {
10    /// Fail when the change introduces a new security-sink candidate on a
11    /// changed line, not merely a sink in a changed file.
12    New,
13    /// Fail when a candidate becomes runtime-reachable from an entry point in
14    /// head but the matching candidate was not runtime-reachable in base.
15    NewlyReachable,
16}
17
18#[cfg(test)]
19mod tests {
20    use super::*;
21
22    #[test]
23    fn security_gate_mode_uses_kebab_case_wire_names() {
24        let value = serde_json::to_value(SecurityGateMode::NewlyReachable)
25            .expect("serialize security gate mode");
26        assert_eq!(value, serde_json::json!("newly-reachable"));
27    }
28}