Skip to content

feat: pattern engine, scanner, allowlist, reporters#1

Merged
hermanngeorge15 merged 4 commits into
mainfrom
feat/pattern-engine
Apr 2, 2026
Merged

feat: pattern engine, scanner, allowlist, reporters#1
hermanngeorge15 merged 4 commits into
mainfrom
feat/pattern-engine

Conversation

@hermanngeorge15
Copy link
Copy Markdown
Contributor

@hermanngeorge15 hermanngeorge15 commented Apr 2, 2026

Summary

  • 30 patterns across 5 categories (role-override, instruction-injection, exfiltration, jailbreak, encoding) defined in YAML and embedded at compile time via include_str!
  • External pattern directory support for community extensions
  • Regex-based scanner with pre-compiled patterns and line-level matching
  • Inline suppression via <!-- injection-scanner:ignore PI001 --> HTML comments (per-pattern, per-line)
  • Text and JSON reporters with severity counts and per-finding detail

Test plan

  • 7 pattern loading tests (categories, counts, severity defaults/overrides, IDs, remediation)
  • 6 scanner tests (clean file, injected file, line numbers, severity counts, empty content, benign text)
  • 9 allowlist tests (parse single/multi, no suppressions, is_suppressed true/false/wrong-line, scan integration: suppressed not detected, unsuppressed detected, PI001 does not suppress PI011)
  • 7 reporter tests (text with/without findings, line numbers, JSON validity, JSON pattern IDs, empty reports, summary counts)
  • cargo clippy -- -D warnings clean
  • cargo fmt --check clean
  • 29 tests total, all passing

🤖 Generated with Claude Code

hermanngeorge15 and others added 4 commits April 2, 2026 12:09
@hermanngeorge15 @claude
feat: add 30 embedded patterns across 5 categories with YAML loader
0f28ff8 
5 YAML pattern files (role-override, instruction-injection, exfiltration,
jailbreak, encoding) with 30 patterns total. Embedded at compile time
via include_str!. External pattern directory support for community
extensions. 7 pattern loading tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@hermanngeorge15 @claude
feat: add regex-based scanner engine with line-level matching
5fafada 
Pre-compiles all pattern regexes once before scanning (not per-line).
Supports per-line suppression via allowlist integration. Includes 6
scanner tests with clean and injected fixtures.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@hermanngeorge15 @claude
feat: add inline suppression with injection-scanner:ignore
2d953fc 
Per-line suppression via HTML comments (<!-- injection-scanner:ignore PI001 -->).
Supports multiple IDs per line. Suppression is pattern-specific: suppressing
PI001 does not suppress PI011 on the same line. 9 allowlist tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@hermanngeorge15 @claude
feat: add text and JSON reporters
1503454 
Text reporter: per-file findings with line numbers, severity, message,
remediation, pattern ID, and summary counts. JSON reporter returns
Result<String, serde_json::Error> for precise error handling. 7 reporter tests.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@hermanngeorge15 hermanngeorge15 merged commit 1503454 into main Apr 2, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@hermanngeorge15