wafrift_core/lib.rs
1//! wafrift-core — Façade crate re-exporting all WAF Rift modules.
2//!
3//! This crate is a convenience umbrella. Each module lives in its own
4//! focused crate; this crate re-exports them all under a single namespace
5//! so existing consumers (`wafrift-cli`, `wafrift-transport`, integration
6//! tests) can continue using `wafrift_core::*`.
7//!
8//! # Examples
9//!
10//! Use the umbrella to drive a payload through three subsystems
11//! without depending on each subcrate by name:
12//!
13//! ```
14//! use wafrift_core::{encoding, grammar};
15//!
16//! // Classify, mutate, encode — three lego-blocks, one façade.
17//! let p = "' OR 1=1 --";
18//! assert_eq!(grammar::classify(p), grammar::PayloadType::Sql);
19//!
20//! let mutations = grammar::mutate(p, 3);
21//! assert!(!mutations.is_empty());
22//!
23//! let encoded = encoding::encode(p, encoding::Strategy::UrlEncode).unwrap();
24//! assert!(encoded.contains("%27"));
25//! ```
26//!
27//! Use the re-exported types to build a request without naming
28//! `wafrift_types`:
29//!
30//! ```
31//! use wafrift_core::{Method, Request};
32//!
33//! let r = Request::get("https://example.com").header("X-Test", "1");
34//! assert_eq!(r.method(), &Method::Get);
35//! assert_eq!(r.headers().len(), 1);
36//! ```
37//!
38//! # Crate structure
39//!
40//! ## Re-exported crates
41//!
42//! | Crate | Re-exported as | Purpose |
43//! |-------------------------|-----------------------------|-----------------------------------------------------|
44//! | `wafrift-types` | (crate root via `*`) | Core types: Request, Technique, EvasionResult |
45//! | `wafrift-encoding` | `encoding`, `header` | Payload encoding + header obfuscation |
46//! | `wafrift-grammar` | `grammar` | Grammar-aware payload mutations |
47//! | `wafrift-content-type` | `content_type` | WAFFLED Content-Type switching |
48//! | `wafrift-smuggling` | `smuggling`, `h2_evasion` | HTTP smuggling + HTTP/2 frame-level evasion |
49//! | `wafrift-fingerprint` | `fingerprint`, `tls_fingerprint` | Browser + TLS JA3/JA4 fingerprint profiles |
50//! | `wafrift-detect` | `waf_detect`, `response_fingerprint` | WAF detection (HTTP headers, DNS CNAME, BGP ASN) |
51//! | `wafrift-evolution` | `evolution`, `advisor`, `differential`, `custom_rules`, `intelligence` | Genetic algorithm + MCTS + advisor |
52//! | `wafrift-oracle` | `oracle` | Payload validity oracles (SQL, XSS, SSTI, …) |
53//! | `wafrift-strategy` | `host_state`, `strategy` | Evasion pipeline + gene bank + adaptive host state |
54//! | `wafrift-transport` | `transport` | Evasion-aware HTTP client + stealth profiles |
55//! | `proxywire` | `pool` | Canonical proxy substrate (routing, rotation, auth) |
56//! | `wafrift-recon` | `recon` | Origin discovery via CT logs + DNS history |
57//!
58//! ### NOT re-exported by this crate
59//!
60//! These crates are part of the workspace but are not included in `wafrift-core`
61//! to avoid the associated heavy dependencies (wasmtime, ed25519-dalek, etc.)
62//! in consumers that don't need them. Use the sub-crates directly:
63//!
64//! - `wafrift-wafmodel` — L* WAF decompiler + offline SFA bypass mining
65//! - `wafrift-genome-registry` — ed25519 genome signing + trust-list management
66//! - `wafrift-plugin-api` — TOML + WASM external tamper SDK
67//! - `wafrift-graphql` — GraphQL-specific evasion payloads
68//! - `wafrift-grpc-evasion` — gRPC opaque-payload bypass
69//! - `wafrift-captchaforge-bridge` — headless Chromium challenge solver
70
71// ── Foundation types ──
72pub use wafrift_types::*;
73
74// ── Technique modules (re-exported as submodules) ──
75pub use wafrift_content_type as content_type;
76pub use wafrift_encoding::encoding;
77pub use wafrift_encoding::header;
78pub use wafrift_fingerprint::fingerprint;
79pub use wafrift_fingerprint::tls_fingerprint;
80pub use wafrift_grammar::grammar;
81pub use wafrift_http3_evasion as http3_evasion;
82pub use wafrift_smuggling::h2_evasion;
83pub use wafrift_smuggling::smuggling;
84
85// ── Cross-family smuggle aggregator (every probe, one iterator) ──
86pub mod probe_aggregator;
87
88// ── Intelligence modules ──
89pub use wafrift_detect::response_fingerprint;
90pub use wafrift_detect::waf_detect;
91pub use wafrift_evolution::advisor;
92pub use wafrift_evolution::custom_rules;
93pub use wafrift_evolution::differential;
94pub use wafrift_evolution::evolution;
95pub use wafrift_evolution::intelligence;
96
97// ── Pipeline ──
98pub use wafrift_strategy::host_state;
99pub use wafrift_strategy::strategy;
100
101// ── Validation / oracle layer ──
102pub use wafrift_oracle as oracle;
103
104// ── Transport / network ──
105// `pool` is the canonical proxy substrate. wafrift's naive round-robin
106// `wafrift-pool` was consolidated onto `proxywire` (strict URL validation +
107// health-aware rotation); this alias keeps the `wafrift_core::pool` path stable.
108pub use proxywire as pool;
109pub use wafrift_transport as transport;
110
111// ── Discovery ──
112pub use wafrift_recon as recon;
113
114// Re-export `HostState` for integration-test ergonomics.
115//
116// R75 pass-21 §8 ARCHITECTURE: pre-fix this block also re-exported
117// `CalibrationResult`, `EscalationLevel`, `EvasionConfig` via the
118// `wafrift_strategy::strategy::*` path — but those are already
119// available at this crate's root via `pub use wafrift_types::*` on
120// line 59 (each is defined in `wafrift_types`, NOT in
121// `wafrift_strategy`). Two valid import paths for the same symbol
122// (`wafrift_core::EvasionConfig` AND `wafrift_core::strategy::
123// EvasionConfig`) caused grep-confusion during refactors — half the
124// usages would be missed. One canonical path now.
125pub use wafrift_strategy::host_state::HostState;