fix(audit): align with Composer's AuditCommand pipeline

- Add mozart-core::advisory::{AuditFormat, AbandonedHandling, AuditConfig} mirroring Composer\Advisory\AuditConfig; reads audit.ignore, audit.ignore-severity, audit.ignore-abandoned, audit.abandoned, audit.block-insecure, audit.block-abandoned, audit.ignore-unreachable from composer.json config with full apply-scope support - Add mozart-registry::advisory::Auditor mirroring Composer\Advisory\Auditor; process_advisories() filters by package name, advisory ID, CVE, source remote ID, and severity; filter_abandoned_packages() respects ignore-abandoned - Add RepositorySet::get_matching_security_advisories() wrapping fetch_security_advisories with version-matching and unreachable-repo tracking - JSON output now includes ignored-advisories and unreachable-repositories keys - --abandoned falls back to audit.abandoned config (was hardcoded to "fail") - --ignore-severity merges with audit.ignore-severity config - --ignore-unreachable ORs with audit.ignore-unreachable config - Move normalize_or_separator into repository/mod.rs alongside version matching Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
author: nsfisis <nsfisis@gmail.com> 2026-05-08 23:22:34 +0900
committer: nsfisis <nsfisis@gmail.com> 2026-05-08 23:22:34 +0900
commit: d770693bac655da4a21144b4cae7592536fecb8b (patch)
tree: 5d29005db018416c03a14c9d367f412b8148650c /crates/mozart/src/commands/repository.rs
parent: eeb845f2f8629e3ccfb8ee1a1ec0602c0f186427 (diff)
download: php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.tar.gz
php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.tar.zst
php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.zip
1 files changed, 22 insertions, 17 deletions
diff --git a/crates/mozart/src/commands/repository.rs b/crates/mozart/src/commands/repository.rs
index 318450a..27c822c 100644
--- a/crates/mozart/src/commands/repository.rs
+++ b/crates/mozart/src/commands/repository.rs
@@ -89,10 +89,7 @@ fn list_repositories(
     let mut display_repos = repos;
     if !packagist_present {
         let mut m = serde_json::Map::new();
-        m.insert(
-            "packagist.org".to_string(),
-            serde_json::Value::Bool(false),
-        );
+        m.insert("packagist.org".to_string(), serde_json::Value::Bool(false));
         display_repos.push(serde_json::Value::Object(m));
     }
 
@@ -119,10 +116,7 @@ fn list_repositories(
             .get("type")
             .and_then(|t| t.as_str())
             .unwrap_or("unknown");
-        let url = entry
-            .get("url")
-            .map(render_value)
-            .unwrap_or_default();
+        let url = entry.get("url").map(render_value).unwrap_or_default();
 
         console_writeln!(console, &format!("[{name}] {repo_type} {url}"));
     }
@@ -139,12 +133,15 @@ fn host_ends_with_packagist_org(url: &str) -> bool {
 
 fn execute_add(ctx: &BaseConfigContext, args: &RepositoryArgs) -> anyhow::Result<()> {
     let name = args.name.as_deref().ok_or_else(|| {
-        anyhow!("You must pass a repository name. Example: mozart repo add foo vcs https://example.org")
+        anyhow!(
+            "You must pass a repository name. Example: mozart repo add foo vcs https://example.org"
+        )
     })?;
 
-    let arg1 = args.arg1.as_deref().ok_or_else(|| {
-        anyhow!("You must pass the type and a url, or a JSON string.")
-    })?;
+    let arg1 = args
+        .arg1
+        .as_deref()
+        .ok_or_else(|| anyhow!("You must pass the type and a url, or a JSON string."))?;
 
     // Mirror Composer's `Preg::isMatch('{^\s*\{}', $arg1)` check.
     let repo_config = if arg1.trim_start().starts_with('{') {
@@ -186,8 +183,11 @@ fn execute_remove(ctx: &BaseConfigContext, args: &RepositoryArgs) -> anyhow::Res
         // Removing packagist means disabling it (Composer behaviour).
         // Default append=false so the disable entry goes to the front when
         // the user didn't pass --append.
-        ctx.config_source
-            .add_repository("packagist.org", &serde_json::Value::Bool(false), args.append)?;
+        ctx.config_source.add_repository(
+            "packagist.org",
+            &serde_json::Value::Bool(false),
+            args.append,
+        )?;
     }
 
     Ok(())
@@ -251,12 +251,17 @@ fn execute_disable(ctx: &BaseConfigContext, args: &RepositoryArgs) -> anyhow::Re
         .ok_or_else(|| anyhow!("Usage: mozart repo disable packagist.org"))?;
 
     if name == "packagist.org" || name == "packagist" {
-        ctx.config_source
-            .add_repository("packagist.org", &serde_json::Value::Bool(false), args.append)?;
+        ctx.config_source.add_repository(
+            "packagist.org",
+            &serde_json::Value::Bool(false),
+            args.append,
+        )?;
         return Ok(());
     }
 
-    anyhow::bail!("Only packagist.org can be enabled/disabled using this command. Use add/remove for other repositories.");
+    anyhow::bail!(
+        "Only packagist.org can be enabled/disabled using this command. Use add/remove for other repositories."
+    );
 }
 
 fn execute_enable(ctx: &BaseConfigContext, args: &RepositoryArgs) -> anyhow::Result<()> {
author	nsfisis <nsfisis@gmail.com>	2026-05-08 23:22:34 +0900
committer	nsfisis <nsfisis@gmail.com>	2026-05-08 23:22:34 +0900
commit	d770693bac655da4a21144b4cae7592536fecb8b (patch)
tree	5d29005db018416c03a14c9d367f412b8148650c /crates/mozart/src/commands/repository.rs
parent	eeb845f2f8629e3ccfb8ee1a1ec0602c0f186427 (diff)
download	php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.tar.gz php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.tar.zst php-mozart-d770693bac655da4a21144b4cae7592536fecb8b.zip