Skip to main content

raxit_core/
lib.rs

1//! RAXIT Core - Runtime AI eXecution Integrity & Trust
2//!
3//! Core security scanning engine for AI agent applications built with Rust.
4//! Provides high-performance static analysis, security vulnerability detection,
5//! and compliance validation for AI agent codebases.
6//!
7//! ## Features
8//!
9//! - **Fast AST Parsing**: Uses tree-sitter for high-performance Python code analysis
10//! - **Framework Detection**: Automatically detects PydanticAI, LangGraph, CrewAI, AutoGen, Swarm
11//! - **Security Analysis**: 4 built-in analyzers for comprehensive security coverage
12//! - **Incremental Scanning**: File-level caching for fast re-scans
13//! - **Multi-format Output**: JSON and YAML serialization support
14//!
15//! ## Security Analyzers
16//!
17//! 1. **Trust Boundary Analyzer** - Meta's "Rule of Two" for unsafe component detection
18//! 2. **Secret Detection** - Find exposed API keys, credentials, and sensitive data
19//! 3. **Memory Detection** - Track vector stores, databases, and persistence layers
20//! 4. **Network Detection** - Identify HTTP calls, API clients, and external communications
21//! 5. **Data Provenance** - CaMeL-style taint analysis for data flow tracking
22//!
23//! ## Quick Start
24//!
25//! ```rust,no_run
26//! use raxit_core::{scan, ScanConfig};
27//!
28//! // Scan a directory for AI agent code
29//! let config = ScanConfig::default()
30//!     .with_path("./my-agent-project")
31//!     .with_format("yaml");
32//!
33//! let result = scan(config)?;
34//!
35//! // Access discovered assets
36//! println!("Found {} agents", result.agents.len());
37//! println!("Found {} tools", result.tools.len());
38//! println!("Secret findings: {}", result.secret_findings.len());
39//!
40//! // Serialize to YAML
41//! println!("{}", result.to_yaml()?);
42//! # Ok::<(), raxit_core::RaxitError>(())
43//! ```
44//!
45//! ## Advanced Usage
46//!
47//! ```rust,no_run
48//! use raxit_core::{scan, ScanConfig};
49//!
50//! // Create a custom configuration
51//! let config = ScanConfig::new("./agents")
52//!     .with_format("json");
53//!
54//! // Run scan
55//! let result = scan(config)?;
56//!
57//! // Access specific findings
58//! for finding in &result.secret_findings {
59//!     println!("Secret detected: {} (severity: {})",
60//!         finding.secret_type, finding.severity);
61//! }
62//!
63//! // Check for critical issues
64//! let critical_secrets = result.secret_findings
65//!     .iter()
66//!     .filter(|s| s.severity == "critical")
67//!     .count();
68//!
69//! let critical_flows = result.provenance_findings
70//!     .iter()
71//!     .filter(|p| p.severity == "critical")
72//!     .count();
73//!
74//! println!("Found {} critical security issues", critical_secrets + critical_flows);
75//! # Ok::<(), raxit_core::RaxitError>(())
76//! ```
77
78pub mod analyzers;
79pub mod ast;
80pub mod cache;
81pub mod config;
82pub mod error;
83pub mod extractors;
84pub mod scanner;
85pub mod schema;
86
87// Re-export main types
88pub use config::ScanConfig;
89pub use error::{RaxitError, Result};
90pub use scanner::Scanner;
91pub use schema::{AgentAssets, ScanResult};
92
93/// Main entry point for scanning AI agent codebases
94///
95/// # Example
96///
97/// ```rust,no_run
98/// use raxit_core::{scan, ScanConfig};
99///
100/// let config = ScanConfig::default()
101///     .with_path("./my-agent-project")
102///     .with_format("yaml");
103///
104/// let result = scan(config)?;
105/// println!("{}", result.to_yaml()?);
106/// # Ok::<(), raxit_core::RaxitError>(())
107/// ```
108pub fn scan(config: ScanConfig) -> Result<ScanResult> {
109    tracing::info!("Starting RAXIT scan with config: {:?}", config);
110
111    // Create scanner instance
112    let mut scanner = Scanner::new(config)?;
113
114    // Execute scan pipeline:
115    // 1. File discovery (with incremental scanning)
116    let (files, files_skipped) = scanner.discover_files()?;
117    tracing::debug!(
118        "Discovered {} files ({} skipped)",
119        files.len(),
120        files_skipped
121    );
122
123    // 2. Framework detection
124    let frameworks = scanner.detect_frameworks(&files)?;
125    tracing::debug!("Detected frameworks: {:?}", frameworks);
126
127    // 3. Parallel extraction (using Rayon)
128    let results = scanner.extract_all(&files, &frameworks, files_skipped)?;
129    tracing::debug!("Extracted {} assets", results.agents.len());
130
131    // 4. Cross-file analysis
132    let _graph = scanner.build_call_graph(&results)?;
133    tracing::debug!("Built call graph");
134
135    // 5. Trust boundary analysis
136    let boundaries = scanner.analyze_trust_boundaries(&results)?;
137    tracing::debug!("Analyzed {} trust boundaries", boundaries.len());
138
139    // 6. Schema generation
140    let schema = scanner.generate_schema(&results, &boundaries)?;
141    tracing::info!(
142        "Scan complete: {} agents, {} tools",
143        schema.agents.len(),
144        schema.tools.len()
145    );
146
147    Ok(schema)
148}
149
150#[cfg(test)]
151mod tests {
152    use super::*;
153
154    #[test]
155    fn test_scan_api() {
156        // Placeholder test - will be implemented with actual test fixtures
157        let _config = ScanConfig::default().with_path("./test-fixtures/simple-agent");
158
159        // This will fail until we implement the scanner
160        // let result = scan(config);
161        // assert!(result.is_ok());
162    }
163}