Expand description
Repo Trust — a CLI tool that produces a multi-dimensional Trust Report for any public GitHub repository.
See the README for an overview.
§Crate organisation
cli— command-line interface and argument parsingapi— HTTP clients for GitHub, deps.dev, Scorecard, OSVcollectors— module-specific data collection from APIsfeatures— normalisation of raw data into per-module feature structsmodules— the five trust modules (stars, activity, maintainers, adoption, security)scoring— pure scoring functions; aggregates module resultsmodels— shared data types (reports, evidence, scores)reports— output writers (terminal, JSON, Markdown, CSV)storage— SQLite-backed cache and connection poolconfig— layered configuration loaderutils— cross-cutting helpers (sampling, time, ratelimit, tracing)
§Determinism
See ADR-0007. Same inputs + same upstream API state ⇒ byte-identical JSON.
All sampling uses rand_chacha::ChaCha20Rng seeded from
(repo, scoring_version) via blake3.
Modules§
- api
- HTTP clients for upstream services.
- cli
- Command-line interface.
- collectors
- Per-module data collection. Each collector is responsible for fetching the raw inputs its module needs and storing them via the cache facade.
- config
- Layered configuration.
- features
- Per-module feature pipelines. A feature pipeline turns raw collector output into the normalised feature struct that the module’s scorer expects.
- models
- Shared data types used across the crate.
- modules
- The five trust modules.
- reports
- Output writers.
- scoring
- Pure scoring functions. No I/O. Takes feature structs, returns score structs.
- storage
- Local SQLite-backed cache.
- utils
- Cross-cutting helpers.
- web
- Localhost web viewer (feature
web).
Constants§
- REPORT_
SCHEMA_ VERSION - JSON report schema version. Bumped on any breaking schema change.
- SCORING_
VERSION - SemVer of the scoring model. Bumped independently of the CLI version.
- VERSION
- Library version string — useful for
--versionoutput.