Expand description
RAXIT Core - Runtime AI eXecution Integrity & Trust
Core security scanning engine for AI agent applications built with Rust. Provides high-performance static analysis, security vulnerability detection, and compliance validation for AI agent codebases.
§Features
- Fast AST Parsing: Uses tree-sitter for high-performance Python code analysis
- Framework Detection: Automatically detects PydanticAI, LangGraph, CrewAI, AutoGen, Swarm
- Security Analysis: 4 built-in analyzers for comprehensive security coverage
- Incremental Scanning: File-level caching for fast re-scans
- Multi-format Output: JSON and YAML serialization support
§Security Analyzers
- Trust Boundary Analyzer - Meta’s “Rule of Two” for unsafe component detection
- Secret Detection - Find exposed API keys, credentials, and sensitive data
- Memory Detection - Track vector stores, databases, and persistence layers
- Network Detection - Identify HTTP calls, API clients, and external communications
- Data Provenance - CaMeL-style taint analysis for data flow tracking
§Quick Start
use raxit_core::{scan, ScanConfig};
// Scan a directory for AI agent code
let config = ScanConfig::default()
.with_path("./my-agent-project")
.with_format("yaml");
let result = scan(config)?;
// Access discovered assets
println!("Found {} agents", result.agents.len());
println!("Found {} tools", result.tools.len());
println!("Secret findings: {}", result.secret_findings.len());
// Serialize to YAML
println!("{}", result.to_yaml()?);§Advanced Usage
use raxit_core::{scan, ScanConfig};
// Create a custom configuration
let config = ScanConfig::new("./agents")
.with_format("json");
// Run scan
let result = scan(config)?;
// Access specific findings
for finding in &result.secret_findings {
println!("Secret detected: {} (severity: {})",
finding.secret_type, finding.severity);
}
// Check for critical issues
let critical_secrets = result.secret_findings
.iter()
.filter(|s| s.severity == "critical")
.count();
let critical_flows = result.provenance_findings
.iter()
.filter(|p| p.severity == "critical")
.count();
println!("Found {} critical security issues", critical_secrets + critical_flows);Re-exports§
pub use config::ScanConfig;pub use error::RaxitError;pub use error::Result;pub use scanner::Scanner;pub use schema::AgentAssets;pub use schema::ScanResult;
Modules§
- analyzers
- Security Analysis Modules
- ast
- AST parsing using tree-sitter
- cache
- File cache for incremental scanning
- config
- Configuration types for RAXIT scanning
- error
- Error types for RAXIT Core
- extractors
- Framework-specific extractors
- scanner
- Scanner implementation - orchestrates the scanning pipeline
- schema
- Agent Assets Schema - Data structures for RAXIT scan results
Functions§
- scan
- Main entry point for scanning AI agent codebases