3 releases
Uses new Rust 2024
| 0.1.2 | Apr 25, 2026 |
|---|---|
| 0.1.1 | Apr 21, 2026 |
| 0.1.0 | Apr 20, 2026 |
#681 in Authentication
Used in 2 crates
100KB
2K
SLoC
pedant maps what code can do — network access, filesystem operations, crypto, process execution — across Rust, Python, JavaScript/TypeScript, Go, and Bash. It hashes dependency source on every build and alerts when capabilities change. A supply chain attack that adds file_read or env_access to a library is caught before the compromised code runs.
What it catches
A dependency update adds environment variable exfiltration to a library that previously only did HTTP:
$ pedant diff baseline.json current.json
{
"added": [
{"capability": "env_access", "evidence": "std::env::var"},
{"capability": "file_read", "evidence": "std::fs::read_to_string"}
],
"new_capabilities": ["env_access", "file_read"]
}
A build script phones home during compilation:
$ pedant gate build.rs
::error:: build-script-network: build script has network access (deny)
::error:: build-script-download-exec: build script downloads and executes (deny)
Nesting three levels deep in a match arm:
$ pedant check -d 2 src/lib.rs
src/lib.rs:5:17: if-in-match: if inside match arm, consider match guard
src/lib.rs:5:17: max-depth: nesting depth 3 exceeds limit of 2
Quick start
# Install
cargo install pedant
# Scan a project for capabilities
pedant capabilities src/**/*.rs scripts/*.py
# Check for suspicious patterns
pedant gate src/**/*.rs
# Set up CI supply chain monitoring (see examples/supply-chain-check.md)
Migrating from the old flat flag CLI? See docs/migrating-from-flat-cli.md.
CI Supply Chain Check
The included GitHub Action hashes every dependency's source and compares against stored baselines on every build. It detects:
- Tag-swap attacks — same version number, different content (hash mismatch)
- Capability drift — new capabilities appearing in a dependency update
- New unaudited dependencies — dependencies with no existing baseline
# .github/workflows/ci.yml
jobs:
supply-chain:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: dtolnay/rust-toolchain@a54c7afe936fefeb4456b2dd8068152669aa8211 # stable
- uses: jostled-org/pedant/.github/actions/supply-chain-check@<commit> # pin to commit
with:
baseline-path: .pedant/baselines
fail-on: hash-mismatch
Pedant is built from the same pinned commit as the action — no registry fetch, one trust boundary. See examples/supply-chain-check.md for setup, baseline management, and configuration.
Capability Detection
# Rust, Python, JS/TS, Go, Bash — language detected automatically
pedant capabilities src/**/*.rs scripts/*.py deploy/*.sh
# Attestation: capability profile + SHA-256 source hash + crate identity
pedant attestation --crate-name my-crate --crate-version 0.1.0 src/**/*.rs
# Diff two profiles or attestations
pedant diff old.json new.json
| Capability | What triggers it |
|---|---|
network |
std::net, reqwest, curl, fetch(), net/http, URL literals |
file_read |
std::fs, open(), os.Open() |
file_write |
std::fs::write, cp, mv, rm |
process_exec |
std::process, subprocess, exec, bash -c |
env_access |
std::env::var, process.env, os.Getenv, export |
unsafe_code |
unsafe blocks, unsafe fn, unsafe impl |
ffi |
extern blocks, ctypes, import "C" |
crypto |
ring, openssl, PEM blocks, hex keys, credential prefixes |
system_time |
SystemTime, chrono, time |
proc_macro |
#[proc_macro], #[proc_macro_derive] |
Gate rules evaluate per language group by default. Use --cross-language to merge all findings for combined evaluation.
See examples/capability-detection.md for the full guide: output format, all 24 gate rules, multi-language details, string literal analysis, attestation, and diffing.
Style Checks (Rust)
23 checks across five categories. Nesting checks run by default; everything else requires a .pedant.toml config.
pedant check src/**/*.rs # check files
pedant check -d 2 src/lib.rs # custom depth limit
pedant list-checks # see all checks
pedant explain max-depth # detailed rationale
| Category | Checks |
|---|---|
| Nesting | max-depth, nested-if, if-in-match, nested-match, match-in-if, else-chain |
| Forbidden patterns | forbidden-attribute, forbidden-type, forbidden-call, forbidden-macro, forbidden-else, forbidden-unsafe |
| Performance & dispatch | dyn-return, dyn-param, vec-box-dyn, dyn-field, clone-in-loop, default-hasher |
| Structure | mixed-concerns, inline-tests, let-underscore-result, high-param-count |
| Naming | generic-naming |
To run pedant as a Claude Code hook that blocks AI-generated code on every edit:
{
"hooks": {
"PostToolUse": [
{
"matcher": "Write|Edit",
"hooks": [{ "type": "command", "command": "~/.claude/hooks/pedant-check.sh" }]
}
]
}
}
Semantic Analysis (Rust)
With the semantic feature, pedant resolves types through aliases using rust-analyzer and enables data flow analysis: taint tracking (environment variables flowing to network sinks), quality checks (dead stores, discarded results), performance checks (unnecessary clones, allocation in loops), and concurrency checks (lock guards across await points).
cargo install pedant --features semantic
pedant gate --semantic src/**/*.rs
MCP Server
pedant-mcp exposes analysis as MCP tools for AI agents.
cargo install pedant-mcp
claude mcp add --transport stdio --scope user pedant -- pedant-mcp
Tools: query_capabilities, query_gate_verdicts, query_violations, search_by_capability, explain_finding, audit_crate, find_structural_duplicates.
Configuration
# .pedant.toml
max_depth = 2
forbid_else = true
check_clone_in_loop = true
[forbid_calls]
enabled = true
patterns = [".unwrap()", ".expect(*)"]
[gate]
build-script-exec = false # disable a rule
env-access-network = "warn" # override severity
[overrides."tests/**"]
max_depth = 5
[overrides."tests/**".forbid_calls]
enabled = false
Config loads from .pedant.toml (project) or ~/.config/pedant/config.toml (global). Project wins. See examples/ for full configs.
License
MIT or Apache-2.0, at your option.
Dependencies
~0.5–11MB
~342K SLoC