Crate zift 

Zift — static analysis for embedded authorization logic.

This crate is published as both a binary (zift) and a library.

Stable public API

The types below form the semver-committed surface. Everything else is internal or opt-in via --features unstable.

• cli — CLI argument types (Cli, ScanArgs, …)
• error — ZiftError and Result<T>
• types — core data types (Finding, Language, AuthCategory, …)
• rules — rule loading (read-only)
• policy — engine-agnostic policy::PolicyGenerator trait and dispatch
• rego — Rego/OPA policy generation; rego::validator is the stable surface
• cedar — Cedar policy generation; cedar::validator is the stable surface
• run — binary entry point

Modules

cedar

cli

error

policy

Engine-agnostic policy generation. The PolicyGenerator trait collapses the parallel Rego/Cedar pipelines that grew out of Phase A (#27) into a single dispatch surface keyed off PolicyEngine.

rego

rules

types

Functions

run

Entry point used by the zift binary.