Skip to main content

secureops_core/
lib.rs

1//! # secureops-core
2//!
3//! The shared, I/O-free heart of SecureOps. It holds:
4//!
5//! - the **type model** ([`types`]) — `AuditFinding`, `Severity`, `AuditReport`, …
6//! - the **OpenClaw config tree** ([`config`]) it audits
7//! - the **`AuditContext`** trait ([`context`]) — dependency injection for all
8//!   filesystem / environment access, so checks stay unit-testable against a mock
9//! - the **`Check`** trait ([`check`]) — one impl per audit category
10//! - **scoring** ([`scoring`]) — the faithful port of `calculateScore`,
11//!   `computeSummary` and the MAESTRO cross-layer compound-risk pass
12//! - **IOC / runtime** value types ([`ioc`], [`runtime`]) shared by the
13//!   intel, monitors and daemon crates
14//!
15//! ## Wire-format contract (PRODUCT.md A.5)
16//!
17//! The JSON emitted here must stay **byte-compatible** with the TypeScript tool
18//! for the whole migration window: both a TS shim and a Rust daemon may read and
19//! write the same `<stateDir>/.secureops/` files. Every serialized struct is
20//! `#[serde(rename_all = "camelCase")]` (or an explicit case) to match the TS
21//! field names exactly. Treat the field names as frozen.
22
23#![forbid(unsafe_code)]
24
25pub mod check;
26pub mod config;
27pub mod context;
28pub mod ioc;
29pub mod runtime;
30pub mod scoring;
31pub mod types;
32
33pub use check::*;
34pub use config::*;
35pub use context::*;
36pub use ioc::*;
37pub use runtime::*;
38pub use scoring::*;
39pub use types::*;