ironclaw
本页为离线静态分析自动生成;分数为信号驱动启发式,请结合证据与人工复核使用。
项目概况
- 名称:
ironclaw - 版本:
0.15.0 - Git HEAD:
a1f020895637 - 最近提交:
2026-03-05T01:44:03Z - 语言: Rust(302), Markdown(36), JSON(32), TOML(18), YAML(12), Python(10)
README 摘要
Your secure personal AI assistant, always on your side
评分(0-10)
| 维度 | 分数 | 等级 |
|---|---|---|
| 代码质量 | 1.0 | 🔴 不足 |
| 可维护性 | 6.5 | 🔵 良好 |
| 健壮性 | 4.0 | 🟡 一般 |
| 可持续性 | 6.0 | 🔵 良好 |
| 可迁移性 | 2.0 | 🟠 较弱 |
| 综合 | 3.9 | 🟠 较弱 |
工程信号
CI / 测试
- CI: 9 个 workflow
.github/workflows/code_style.yml,.github/workflows/coverage.yml,.github/workflows/e2e.yml,.github/workflows/pr-label-classify.yml,.github/workflows/pr-label-scope.yml,.github/workflows/regression-test-check.yml…
- CI 操作系统: linux
- Docker: 有
- 测试信号:
dir:tests/
代码质量工具
- 校验库: rust:serde
安全与治理
- 治理: file:CONTRIBUTING.md
架构与发布
- 发布信号: ci-file:.github/workflows/release-plz.yml, ci-file:.github/workflows/release.yml, ci:publish:.github/workflows/release-plz.yml, ci:publish:.github/workflows/release.yml, ci:release:.github/workflows/release-plz.yml, ci:release:.github/workflows/release.yml …
- 可观测性: rust:tracing
技术栈与依赖
- Rust: name=
ironclawcargo_lock=True- deps:
aes-gcm,aho-corasick,anyhow,async-trait,axum,base64,blake3,bollard,bytes,chrono,clap,clap_complete,cron,crossterm,deadpool-postgres,dirs…
- deps:
评分依据(信号 → 证据)
代码质量
- +2 CI: 9 workflow(s) (≥6)
- +1 tests: 1 signal(s), density 0% (<5%)
- -1 risky code patterns (10 hits)
- -1 many oversized files (33 files >1000 lines)
可维护性
- +1 README present
- +1 docs dirs: docs/
- +1 CHANGELOG present
- +1 governance: file:CONTRIBUTING.md
- +1 Cargo.lock present
- +1 CI present
- +0.5 monorepo management: cargo-workspace
健壮性
- +1.5 tests present (density 0%)
- +1 config signals: dir:docs/, file:.env.example
- +1 validation libs: rust:serde
- +0.5 retry/timeout libs (signals): rust:reqwest, rust:tokio
- +1 CI present
- -1 risky code patterns (10 hits)
可持续性
- -0.5 no license detected
- +1 version: 0.15.0
- +1 CHANGELOG present
- +0.5 alerting/observability (signals): rust:tracing
- +1 release signals: ci-file:.github/workflows/release-plz.yml, ci-file:.github/workflows/release.yml, ci:publish:.github/workflows/release-plz.yml, ci:publish:.github/workflows/release.yml, ci:release:.github/workflows/release-plz.yml, ci:release:.github/workflows/release.yml
- +1 tags: 20 tag(s) (≥20)
- +2 very recent commit (≤7d)
可迁移性
- +2 Docker present
安全与风险信号(静态扫描)
疑似凭据(已编辑)
Slack Tokenattools-src/slack/README.md:74value=***已编辑***OpenAI Keyatdocs/plans/2026-02-24-automated-qa.md:850value=***已编辑***GitHub PATatsrc/safety/leak_detector.rs:557value=***已编辑***AWS Access Keyatsrc/safety/leak_detector.rs:572value=***已编辑***OpenAI Keyatsrc/safety/leak_detector.rs:647value=***已编辑***AWS Access Keyatsrc/safety/leak_detector.rs:653value=***已编辑***GitHub PATatsrc/safety/leak_detector.rs:653value=***已编辑***AWS Access Keyatsrc/safety/leak_detector.rs:684value=***已编辑***GitHub PATatsrc/safety/leak_detector.rs:700value=***已编辑***Slack Tokenatsrc/safety/leak_detector.rs:771value=***已编辑***- …及其余 2 条(详见原始 JSON)
高风险模式(需人工复核)
curl|bash (code)atDockerfile.worker:49curl|bash (code)atsrc/tools/builtin/shell.rs:78wget|bash (code)atsrc/tools/builtin/shell.rs:79curl|bash (code)atsrc/tools/builtin/shell.rs:80wget|bash (code)atsrc/tools/builtin/shell.rs:81curl|bash (code)atsrc/tools/builtin/shell.rs:785curl|bash (code)atsrc/safety/policy.rs:168curl|bash (code)atsrc/safety/policy.rs:220eval() (code)atsrc/safety/sanitizer.rs:428eval() (code)atsrc/safety/sanitizer.rs:431- 文档中的风险模式:1 条(
curl|bash等安装指引,通常为预期行为) curl|bash (config)at.github/workflows/release.yml:66curl|bash (config)at.github/workflows/release.yml:128
改进建议
- 在 CI 中启用 Rust 静态检查:
cargo fmt --check+cargo clippy -D warnings。 - 补齐 License,明确使用与分发边界。
- 在 CI 增加安全扫描(依赖审计/secret 扫描/静态分析等)并设为质量闸门。
- 审计高风险执行路径(
eval/exec/shell=True/curl|bash等):最小权限、输入验证、隔离执行。