fix(audit): align with Composer's AuditCommand pipeline

- Add mozart-core::advisory::{AuditFormat, AbandonedHandling, AuditConfig} mirroring Composer\Advisory\AuditConfig; reads audit.ignore, audit.ignore-severity, audit.ignore-abandoned, audit.abandoned, audit.block-insecure, audit.block-abandoned, audit.ignore-unreachable from composer.json config with full apply-scope support - Add mozart-registry::advisory::Auditor mirroring Composer\Advisory\Auditor; process_advisories() filters by package name, advisory ID, CVE, source remote ID, and severity; filter_abandoned_packages() respects ignore-abandoned - Add RepositorySet::get_matching_security_advisories() wrapping fetch_security_advisories with version-matching and unreachable-repo tracking - JSON output now includes ignored-advisories and unreachable-repositories keys - --abandoned falls back to audit.abandoned config (was hardcoded to "fail") - --ignore-severity merges with audit.ignore-severity config - --ignore-unreachable ORs with audit.ignore-unreachable config - Move normalize_or_separator into repository/mod.rs alongside version matching Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
author: nsfisis <nsfisis@gmail.com> 2026-05-08 23:22:34 +0900
committer: nsfisis <nsfisis@gmail.com> 2026-05-08 23:22:34 +0900
commit: d770693bac655da4a21144b4cae7592536fecb8b (patch)
tree: 5d29005db018416c03a14c9d367f412b8148650c /crates/mozart-core/src/config_source.rs
parent: eeb845f2f8629e3ccfb8ee1a1ec0602c0f186427 (diff)
download: php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.tar.gz
php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.tar.zst
php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.zip
1 files changed, 16 insertions, 17 deletions
diff --git a/crates/mozart-core/src/config_source.rs b/crates/mozart-core/src/config_source.rs
index e5c3536..984007a 100644
--- a/crates/mozart-core/src/config_source.rs
+++ b/crates/mozart-core/src/config_source.rs
@@ -54,10 +54,7 @@ impl JsonConfigSource {
                 if let Some(inner) = val.as_object() {
                     let mut entry = serde_json::Map::new();
                     if !inner.contains_key("name") {
-                        entry.insert(
-                            "name".to_string(),
-                            serde_json::Value::String(key.clone()),
-                        );
+                        entry.insert("name".to_string(), serde_json::Value::String(key.clone()));
                     }
                     for (k, v) in inner {
                         entry.insert(k.clone(), v.clone());
@@ -91,9 +88,7 @@ impl JsonConfigSource {
             serde_json::Value::Object(o) => o.is_empty(),
             _ => false,
         };
-        if is_empty
-            && let Some(obj) = root.as_object_mut()
-        {
+        if is_empty && let Some(obj) = root.as_object_mut() {
             obj.remove("repositories");
         }
     }
@@ -269,9 +264,9 @@ impl JsonConfigSource {
 
         // List format: find entry by `name` field
         let idx = root["repositories"].as_array().and_then(|repos| {
-            repos.iter().position(|repo| {
-                repo.get("name").and_then(|n| n.as_str()) == Some(name)
-            })
+            repos
+                .iter()
+                .position(|repo| repo.get("name").and_then(|n| n.as_str()) == Some(name))
         });
 
         match idx {
@@ -329,7 +324,11 @@ mod tests {
     fn add_repository_prepend() {
         let dir = TempDir::new().unwrap();
         let (src, path) = source(&dir, "composer.json");
-        std::fs::write(&path, r#"{"repositories":[{"name":"a","type":"vcs","url":"https://a.com"}]}"#).unwrap();
+        std::fs::write(
+            &path,
+            r#"{"repositories":[{"name":"a","type":"vcs","url":"https://a.com"}]}"#,
+        )
+        .unwrap();
         src.add_repository(
             "b",
             &serde_json::json!({"type": "vcs", "url": "https://b.com"}),
@@ -346,7 +345,11 @@ mod tests {
     fn add_repository_append() {
         let dir = TempDir::new().unwrap();
         let (src, path) = source(&dir, "composer.json");
-        std::fs::write(&path, r#"{"repositories":[{"name":"a","type":"vcs","url":"https://a.com"}]}"#).unwrap();
+        std::fs::write(
+            &path,
+            r#"{"repositories":[{"name":"a","type":"vcs","url":"https://a.com"}]}"#,
+        )
+        .unwrap();
         src.add_repository(
             "b",
             &serde_json::json!({"type": "vcs", "url": "https://b.com"}),
@@ -375,11 +378,7 @@ mod tests {
     fn add_repository_disable_already_disabled_is_noop() {
         let dir = TempDir::new().unwrap();
         let (src, path) = source(&dir, "composer.json");
-        std::fs::write(
-            &path,
-            r#"{"repositories":[{"packagist.org":false}]}"#,
-        )
-        .unwrap();
+        std::fs::write(&path, r#"{"repositories":[{"packagist.org":false}]}"#).unwrap();
         src.add_repository("packagist.org", &serde_json::Value::Bool(false), true)
             .unwrap();
         let json: serde_json::Value =
author	nsfisis <nsfisis@gmail.com>	2026-05-08 23:22:34 +0900
committer	nsfisis <nsfisis@gmail.com>	2026-05-08 23:22:34 +0900
commit	d770693bac655da4a21144b4cae7592536fecb8b (patch)
tree	5d29005db018416c03a14c9d367f412b8148650c /crates/mozart-core/src/config_source.rs
parent	eeb845f2f8629e3ccfb8ee1a1ec0602c0f186427 (diff)
download	php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.tar.gz php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.tar.zst php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.zip