원클릭으로
rust-audit
Audit Rust code against the Microsoft Pragmatic Rust Guidelines checklist and report violations with file:line references
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Audit Rust code against the Microsoft Pragmatic Rust Guidelines checklist and report violations with file:line references
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Ultimate pre-push gate — rust-polish, then parallel specialist subagents across async safety, API surface, refactoring signals, and test strategy, then rust-audit
Full ordered Rust code quality pipeline — clippy all → clippy pedantic+nursery → simplify agents → test + audit → verify
Quick sanity check — clippy, test, audit. Lightweight alternative to /preflight.
| name | rust-audit |
| description | Audit Rust code against the Microsoft Pragmatic Rust Guidelines checklist and report violations with file:line references |
Audit Rust source files against the Microsoft Pragmatic Rust Guidelines.
Full checklist with severity tiers is in checklist.md alongside this file — read it before starting.
.rs files in that directory (non-recursive).src/ tree before proceeding. Do not silently audit all files.Use the Read tool to load each file before auditing it. Do not audit from memory or partial context.
Check Cargo.toml for [lib] vs [[bin]] to determine if this is a library or application crate.
Library / rules (M-ESCAPE-HATCHES, M-DONT-LEAK-TYPES, M-SIMPLE-ABSTRACTIONS, M-AVOID-WRAPPERS, M-DI-HIERARCHY, M-ERRORS-CANONICAL-STRUCTS, M-INIT-BUILDER, M-INIT-CASCADED, M-SERVICES-CLONE, M-IMPL-ASREF, M-IMPL-RANGEBOUNDS, M-IMPL-IO, M-ESSENTIAL-FN-INHERENT, M-MOCKABLE-SYSCALLS, M-NO-GLOB-REEXPORTS, M-OOBE, M-FEATURES-ADDITIVE, M-TYPES-SEND). These only apply to published library APIs.For each violation:
[critical] M-UNSAFE)Only flag real violations — don't invent issues. If a file is clean, say so in one line.
Group findings by file, then by guideline ID:
src/main.rs
[critical] M-UNSAFE (line 42): `unsafe` block has no SAFETY comment — add `// SAFETY: <reason>`
[warning] M-PUBLIC-DEBUG (line 10): `pub struct Foo` does not derive Debug
src/data.rs — clean
At the end, print:
critical / warning / style)Read checklist.md before auditing — do not audit from memory. The checklist is the source of truth for rule IDs and severity tiers. Auditing from memory produces wrong severity tags and missed or invented rules.
This is an application crate — skip all Library rules.
Cargo.toml has [[bin]], not [lib]. Rules prefixed with "Library /" (M-ESCAPE-HATCHES, M-DONT-LEAK-TYPES, M-SIMPLE-ABSTRACTIONS, etc.) do not apply. Flagging them wastes time and creates false positives.
M-PANIC-IS-STOP vs M-PANIC-ON-BUG are distinct.
M-PANIC-IS-STOP: .unwrap() on recoverable conditions (user input, external APIs, env vars) — flag these. M-PANIC-ON-BUG: .unwrap() on invariants that must hold (logic bugs) — acceptable, do not flag.