Skip to main content

Module report

sanitize_engine

Module report 

Source
Expand description

Structured reporting for sanitization runs.

Generates a JSON report summarising what the sanitization tool did without ever including original secret values. The report captures:

  • Metadata: tool version, CLI flags, timestamp.
  • Per-file details: matches found, replacements applied, bytes processed, and per-pattern match counts.
  • Aggregated summary: totals across all files plus wall-clock duration.
  • Log context (optional): keyword-matched lines with surrounding context windows, populated when --extract-context is used.

§Thread Safety

ReportBuilder is Send + Sync. Multiple threads can record file results concurrently via ReportBuilder::record_file, which takes an internal Mutex only long enough to push a single entry.

§Example

use sanitize_engine::log_context::{extract_context, LogContextConfig};
use sanitize_engine::report::{FileReport, ReportBuilder, ReportMetadata};
use std::collections::HashMap;

let meta = ReportMetadata {
    version: "0.4.0".into(),
    timestamp: "2026-03-01T00:00:00Z".into(),
    deterministic: true,
    dry_run: false,
    strict: false,
    chunk_size: 1_048_576,
    threads: Some(4),
    secrets_file: Some("secrets.enc".into()),
};

let builder = ReportBuilder::new(meta);

builder.record_file(FileReport {
    path: "data.log".into(),
    matches: 42,
    replacements: 42,
    bytes_processed: 10_000,
    bytes_output: 10_200,
    pattern_counts: HashMap::from([("email".into(), 30), ("ipv4".into(), 12)]),
    method: "scanner".into(),
    log_context: None,
    match_locations: None,
});

// Optionally attach per-file log context (populated by --extract-context).
let sanitized_output = "INFO ok\nERROR disk full\nINFO retrying";
let ctx = extract_context(sanitized_output, &LogContextConfig::new().with_context_lines(1));
builder.set_file_log_context("data.log", ctx);

let report = builder.finish();
let json = report.to_json_pretty().unwrap();
assert!(json.contains("\"total_matches\": 42"));
assert!(json.contains("\"log_context\""));
assert!(json.contains("\"keyword\": \"error\""));

Structs§

FileReport
Per-file result details.
MatchLocationsResult
Per-match line-number results for a file, populated when --max-match-locations is non-zero and the scanner path is used.
ReportBuilder
Thread-safe builder that accumulates per-file results and produces a final SanitizeReport.
ReportMetadata
Tool metadata embedded in every report.
ReportSummary
Aggregated summary across all processed files.
SanitizeReport
Top-level sanitization report.