shakrs_json_parser/types/config.rs
1//! Typed model of a `shakrs.json` document: version, policy enablement, and
2//! waivers.
3
4use std::collections::BTreeMap;
5
6use garde::Validate;
7use serde::{Deserialize, Serialize};
8
9use crate::types::Waiver;
10
11/// A whole `shakrs.json` document.
12#[expect(
13 clippy::module_name_repetitions,
14 reason = "ShakrsConfig is the canonical document type, named after the shakrs.json file it models, not after the `config` module."
15)]
16#[derive(Debug, Clone, Serialize, Deserialize, Validate)]
17#[serde(deny_unknown_fields)]
18pub struct ShakrsConfig {
19 /// Schema version. Only `1` is supported.
20 #[garde(range(min = 1, max = 1))]
21 pub version: u32,
22 /// Which registered policies run, and with what parameters.
23 #[serde(default)]
24 #[garde(dive)]
25 pub policies: PoliciesSection,
26 /// Per-finding suppressions.
27 #[serde(default)]
28 #[garde(dive)]
29 pub waivers: Vec<Waiver>,
30}
31
32/// The `policies` block: a baseline enablement plus per-policy overrides.
33#[derive(Debug, Clone, Serialize, Deserialize, Validate)]
34#[serde(deny_unknown_fields, rename_all = "camelCase")]
35pub struct PoliciesSection {
36 /// Enablement for every registered policy not named in `overrides`.
37 /// `true` (default) is opt-out; `false` is opt-in.
38 #[serde(default = "crate::runtime::config::default_true")]
39 #[garde(skip)]
40 pub default_enabled: bool,
41 /// Per-policy enablement and parameters, keyed by policy id. Wins over
42 /// `default_enabled` for the policies it names.
43 #[serde(default)]
44 #[garde(skip)]
45 pub overrides: BTreeMap<String, PolicyOverride>,
46}
47
48/// One entry in `policies.overrides`: either a bare boolean toggle or a
49/// detailed object carrying typed parameters.
50///
51/// `params` stays an opaque `serde_json::Value` here; the owning policy
52/// deserializes it into its own input type in the runner, not in this crate.
53#[derive(Debug, Clone, Serialize, Deserialize)]
54#[serde(untagged)]
55pub enum PolicyOverride {
56 /// Shorthand: `true`/`false` toggles the policy with default parameters.
57 Enabled(bool),
58 /// Full form: explicit enablement plus opaque parameters.
59 Detailed {
60 /// Whether the policy runs.
61 enabled: bool,
62 /// Opaque parameters, deserialized by the owning policy later.
63 #[serde(default)]
64 params: serde_json::Value,
65 },
66}