From d770693bac655da4a21144b4cae7592536fecb8b Mon Sep 17 00:00:00 2001
From: nsfisis <nsfisis@gmail.com>
Date: Fri, 8 May 2026 23:22:34 +0900
Subject: fix(audit): align with Composer's AuditCommand pipeline

- Add mozart-core::advisory::{AuditFormat, AbandonedHandling, AuditConfig}
  mirroring Composer\Advisory\AuditConfig; reads audit.ignore,
  audit.ignore-severity, audit.ignore-abandoned, audit.abandoned,
  audit.block-insecure, audit.block-abandoned, audit.ignore-unreachable
  from composer.json config with full apply-scope support
- Add mozart-registry::advisory::Auditor mirroring Composer\Advisory\Auditor;
  process_advisories() filters by package name, advisory ID, CVE, source
  remote ID, and severity; filter_abandoned_packages() respects ignore-abandoned
- Add RepositorySet::get_matching_security_advisories() wrapping
  fetch_security_advisories with version-matching and unreachable-repo tracking
- JSON output now includes ignored-advisories and unreachable-repositories keys
- --abandoned falls back to audit.abandoned config (was hardcoded to "fail")
- --ignore-severity merges with audit.ignore-severity config
- --ignore-unreachable ORs with audit.ignore-unreachable config
- Move normalize_or_separator into repository/mod.rs alongside version matching

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 crates/mozart/src/commands.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'crates/mozart/src/commands.rs')

diff --git a/crates/mozart/src/commands.rs b/crates/mozart/src/commands.rs
index bf98bee..1717437 100644
--- a/crates/mozart/src/commands.rs
+++ b/crates/mozart/src/commands.rs
@@ -1,7 +1,7 @@
 pub mod about;
 pub mod archive;
-pub(crate) mod base_config;
 pub mod audit;
+pub(crate) mod base_config;
 pub mod browse;
 pub mod bump;
 pub mod check_platform_reqs;
-- 
cgit v1.3.1