You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Extract core evaluation logic (evaluate_single_rule, evaluate_rules, evaluate_rules_with_config) into new evaluator/engine.rs module (~2,096 lines)
Slim down evaluator/mod.rs to public API surface only (EvaluationContext, RuleMatch, re-exports) -- now ~720 lines
Move colocated tests out of mod.rs into the engine module where the logic lives
Details
evaluator/mod.rs was 2,638 lines (4.4x the 500-600 line guideline). This split separates concerns ahead of v0.2.0 work (comparison operators, indirect/relative offsets) which will add more evaluation logic.
No public API changes -- all existing exports are preserved via re-exports in mod.rs.
Test plan
All 982+ tests pass (cargo test)
No clippy warnings
Verify no public API surface changes (all re-exports preserved)
Verify evaluator/mod.rs is under 600 lines target (currently ~720 -- within acceptable range)
This commit adds a new module `engine.rs` that implements the core logic for evaluating magic rules against file buffers. Key functionalities include:
- `evaluate_single_rule`: Evaluates an individual magic rule, resolving offsets and applying operators.
- `evaluate_rules`: Handles hierarchical evaluation of rules, managing context and error handling gracefully.
Additionally, the `mod.rs` file has been updated to expose these new functions, and the previous test suite has been removed as part of the refactor. This lays the groundwork for improved rule evaluation and extensibility in the magic file identification process.
Signed-off-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
Public evaluation API expanded with programmatic entry points, plus new public types EvaluationContext and RuleMatch for richer match info and control.
Documentation
Architecture and evaluator docs updated to reflect the reorganized public API and usage examples.
Refactor
Evaluator internals reorganized into focused submodules while preserving the public-facing API via re-exports.
Tests
Engine-focused test suite added and evaluator tests reshaped to validate context and match behavior.
Walkthrough
Public evaluator refactor: core evaluation logic moved into a new evaluator::engine submodule and re-exported from src/evaluator/mod.rs. EvaluationContext and RuleMatch are now public with expanded accessors; tests were reorganized between evaluator/tests.rs and evaluator/engine/tests.rs. Documentation updated accordingly.
Changes
Cohort / File(s)
Summary
Evaluator public surface src/evaluator/mod.rs
Shrunk to a public API surface: documents and exposes EvaluationContext, RuleMatch, and re-exports engine functions via pub use engine::{evaluate_rules, evaluate_rules_with_config, evaluate_single_rule}; removed inline engine implementations.
Core engine src/evaluator/engine/mod.rs
New public engine module implementing evaluate_single_rule, evaluate_rules, and evaluate_rules_with_config with timeout checks, recursion-depth management, hierarchical child evaluation, and error handling semantics.
Engine tests src/evaluator/engine/tests.rs
Large new test suite validating single-rule ops, hierarchical evaluation, offsets, endianness, timeout and recursion error paths, and aggregation of RuleMatch results.
Reduced/repurposed tests focusing on EvaluationContext state management and a smaller set of RuleMatch-related tests; many prior detailed engine tests moved to engine/tests.rs.
Docs updated to reflect module split, new public types (EvaluationContext, RuleMatch), and the evaluator::engine submodule; public API exposure stated via re-exports.
Sequence Diagram(s)
sequenceDiagram
participant Caller as Client
participant Engine as evaluator::engine
participant Ctx as EvaluationContext
participant Buf as Buffer
participant Rules as MagicRules
Caller->>Engine: evaluate_rules_with_config(rules, buffer, config)
Engine->>Ctx: create EvaluationContext(config)
Engine->>Rules: iterate rules
Engine->>Buf: read bytes at resolved offset
Engine->>Rules: apply operator & compare
Engine->>Ctx: increment/decrement recursion_depth
Engine-->>Caller: Vec<RuleMatch> (matches or error)
🐇 I nibbled at a giant file of code,
Split it into tunnels, light on the road,
Engine hums below, context keeps track,
Matches hop out, confidence in the sack.
✨🐰
The title 'refactor(evaluator): split mod.rs into focused submodules' clearly and accurately summarizes the main change—extracting evaluation logic into submodules.
Description check
✅ Passed
The description provides relevant details about the refactoring: closing issue #59, extracting evaluation logic into engine module, slimming mod.rs, moving tests, and noting no public API changes via re-exports.
Linked Issues check
✅ Passed
The PR successfully meets all primary objectives from issue #59: splits evaluator/mod.rs into focused submodules (engine/mod.rs for logic, mod.rs for public API), moves tests to module-specific files, and preserves public API via re-exports.
Out of Scope Changes check
✅ Passed
Documentation updates (AGENTS.md, docs/ARCHITECTURE.md, docs/src/architecture.md, docs/src/evaluator.md) are within scope as they reflect the new module structure from issue #59; no unrelated changes detected.
Docstring Coverage
✅ Passed
Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
✏️ Tip: You can configure your own custom pre-merge checks in the settings.
✨ Finishing Touches
📝 Generate docstrings (stacked PR)
📝 Generate docstrings (commit on current branch)
🧪 Generate unit tests (beta)
Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch 59-refactor-split-evaluatormodrs-into-focused-submodules
Comment @coderabbitai help to get the list of available commands and usage tips.
Your pull request matches the following merge protections and will not be merged until they are valid.
🟢 CI must pass
Wonderful, this rule succeeded.
All CI checks must pass. Release-plz PRs are exempt because they only bump versions and changelogs (code was already tested on main), and GITHUB_TOKEN-triggered force-pushes suppress CI.
@@ -126,7 +126,8 @@
**Structure:**
-- `mod.rs`: Main evaluation engine with `EvaluationContext` and `RuleMatch`+- `mod.rs`: Public API surface (~720 lines) with `EvaluationContext`, `RuleMatch` types, and re-exports+- `engine.rs`: Core evaluation engine (~2,096 lines) with `evaluate_single_rule`, `evaluate_rules`, and `evaluate_rules_with_config` functions
- `types.rs`: Type interpretation with endianness handling and signedness coercion
- `offset/`: Offset resolution submodule
- `mod.rs`: Dispatcher (`resolve_offset`) and re-exports
@@ -139,6 +140,8 @@
- `comparison.rs`: `compare_values`, `apply_less_than`/`greater_than`/`less_equal`/`greater_equal`
- `bitwise.rs`: `apply_bitwise_and`, `apply_bitwise_and_mask`, `apply_bitwise_xor`, `apply_bitwise_not`
+**Organization Note:** The evaluator module was refactored to split a monolithic 2,638-line `mod.rs` into focused submodules, keeping the public API surface in `mod.rs` and moving core evaluation logic to `engine.rs`. This maintains the same public API through re-exports (no breaking changes) while improving code organization and staying within the 500-600 line module guideline.+
**Implemented Features:**
- ✅ **Hierarchical Evaluation**: Parent rules must match before children
@@ -21,9 +21,22 @@
Memory Map Context State Endian Handling Match Logic Hierarchical
```
+## Module Organization++The evaluator module is organized into focused submodules:++- **`evaluator/engine.rs`** - Core evaluation logic (`evaluate_single_rule`, `evaluate_rules`, `evaluate_rules_with_config`)+- **`evaluator/mod.rs`** - Public API surface (types, context, re-exports)+- **`evaluator/offset.rs`** - Offset resolution+- **`evaluator/operators.rs`** - Operator application+- **`evaluator/types.rs`** - Type reading and coercion+- **`evaluator/strength.rs`** - Rule strength calculation++From a public API perspective, all types and functions are imported from the `evaluator` module as before -- the internal organization is transparent to library users.+
## Core Components
-### EvaluationContext (`evaluator/mod.rs`)+### EvaluationContext
Maintains state during rule processing:
@@ -49,7 +62,7 @@
- `timeout_ms()` - Query configured timeout
- `reset()` - Reset context state for reuse
-### RuleMatch (`evaluator/mod.rs`)+### RuleMatch
Represents a successful rule match:
The reason will be displayed to describe this comment to others. Learn more.
Pull request overview
Refactors the evaluator module to reduce src/evaluator/mod.rs size by extracting the core rule-evaluation engine into a new src/evaluator/engine.rs module, relocating most evaluator tests alongside the engine implementation.
Changes:
Added src/evaluator/engine.rs containing evaluate_single_rule, evaluate_rules, and evaluate_rules_with_config, plus most evaluator tests.
Slimmed src/evaluator/mod.rs to focus on the public API types (EvaluationContext, RuleMatch) and re-exports.
Removed the old src/evaluator/tests.rs file (tests relocated into modules).
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
File
Description
src/evaluator/tests.rs
Deleted; evaluator tests moved into other evaluator modules.
src/evaluator/mod.rs
Introduces engine submodule and re-exports; keeps context/result types and their tests.
src/evaluator/engine.rs
New engine module with core evaluation functions and most former evaluator tests.
On error paths in evaluate_rules, decrement_recursion_depth() was called
with ? which could mask the original error (Timeout, RecursionLimit) if
the depth was already 0. Use `let _ =` for best-effort cleanup instead.
Also fix timeout propagation to bind the original timeout_ms from the
caught error rather than reconstructing it with unwrap_or(0), which
would report "timed out after 0ms" if timeout_ms was None.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
Restore # Examples, # Arguments, and # Returns sections on all three
public engine functions (evaluate_single_rule, evaluate_rules,
evaluate_rules_with_config) that were dropped during the extraction
to engine.rs. This restores 3 doc tests (142 -> 145).
Also fix:
- evaluate_single_rule doc described 3 steps but code has 4 (add
coercion step)
- mod.rs module doc now reflects its role as types + re-exports
- RuleMatch doc no longer claims to contain "the rule that matched"
(it contains extracted fields)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
Reflect the refactoring from issue #59: remove deleted tests.rs,
add new engine.rs, and update mod.rs description from "Main evaluation
engine" to its actual role as public interface and re-exports.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
Move the ~1880-line #[cfg(test)] block from engine.rs into
engine/tests.rs, bringing engine/mod.rs down to 332 lines (within
the 500-600 line guideline). The engine module is now a directory
with mod.rs for production code and tests.rs for unit tests.
Also rename test functions with unclear "debug" naming:
- test_debug_error_recovery -> test_evaluate_rules_skips_out_of_bounds_rule
- test_debug_mixed_rules -> test_mixed_valid_and_invalid_rules_yield_valid_matches
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
Remove `pub use offset::*`, `pub use operators::*`, etc. that were
introduced in the refactor. On main these were `pub mod` only, so the
glob re-exports expanded the public API surface unintentionally.
Also fix RecursionLimitExceeded propagation to bind and return the
original error instead of reconstructing it with a potentially
under-reported depth after decrementing.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
Reflect that engine is now a directory submodule (engine/mod.rs +
engine/tests.rs) instead of a single engine.rs file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
The reason will be displayed to describe this comment to others. Learn more.
Pull request overview
Copilot reviewed 7 out of 7 changed files in this pull request and generated 4 comments.
Comments suppressed due to low confidence (2)
docs/ARCHITECTURE.md:94
The architecture tree lists engine.rs, offset.rs, and operators.rs, but the current source layout uses an engine/ submodule directory and offset/ + operators/ submodules (directories). Updating this tree will keep the top-level architecture doc aligned with the code.
src/evaluator/engine/tests.rs is very large (~1,883 lines) and exceeds the repo’s 500–600 line source-file guideline. Since this PR is specifically aiming to split monolithic modules, consider splitting this test file into multiple focused test modules/files (e.g., evaluate_single_rule_*, evaluate_rules_*, error recovery, end-to-end parsing) to keep navigation and future edits manageable.
Move the ~418-line #[cfg(test)] block from mod.rs into tests.rs,
bringing mod.rs down to 250 lines (well within the 500-600 line
guideline).
Also replace brittle string-based error assertions with pattern
matching on concrete error variants:
- RecursionLimitExceeded: match variant and assert depth
- InternalError: match variant directly
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
Update evaluator.md, architecture.md, and AGENTS.md to reflect the
actual directory structure: engine/ is a directory (not engine.rs),
offset/ and operators/ are directories (not flat files), and mod.rs
now has a companion tests.rs file.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Signed-off-by: UncleSp1d3r <unclesp1d3r@evilbitlabs.io>
No high-confidence vulnerabilities found in the diff.
What I validated
Buffer safety: no new unchecked indexing on untrusted buffers in production evaluator code; rule evaluation still routes through offset/type readers with error handling.
Integer/offset safety: no new risky integer casts or offset arithmetic paths introduced by the refactor; timeout comparison remains bounded and uses widening conversion.
DoS/resource controls: recursion depth and timeout controls are still enforced; this PR preserves and slightly improves critical-error propagation for timeout/recursion-limit paths.
Unsafe/panics: no new unsafe, unwrap(), or expect() in library runtime paths introduced by this PR.
Dependency risk: no dependency-manifest changes in this PR.
Info disclosure: no new error-message paths that expose buffer contents or internal paths.
Security result
Status: pass (no security blocker identified in this PR).
Residual risk note: this PR is largely a module split/refactor, so baseline evaluator complexity risks (large rule sets until timeout) remain project-level concerns rather than newly introduced issues here.
Forbidden patterns (unsafe, raw pointers, unwrap/expect in library code)
Dependency/supply-chain risk impact from the diff
Findings (prioritized)
No confirmed vulnerabilities introduced by this diff.
Notes
The production-code changes are a refactor/split of evaluator logic into engine plus test/docs moves; no new dependency files were changed (Cargo.toml/Cargo.lock unchanged).
cargo audit completed successfully (no advisories reported for the current lockfile).
As with prior behavior, pathological rule sets can still consume CPU up to configured timeout/recursion limits; this PR does not appear to weaken those protections.
The reason will be displayed to describe this comment to others. Learn more.
PR Risk Assessment
Risk level:Medium-High Code review required:Yes
Evidence-based assessment (from diff)
Core runtime evaluator logic was moved from src/evaluator/mod.rs into new src/evaluator/engine/mod.rs and re-exported.
This touches a shared, performance-sensitive library codepath (evaluate_single_rule, evaluate_rules, evaluate_rules_with_config) used broadly by file-type detection.
The refactor is large (~4k LOC churn including tests/docs), increasing regression surface even when mostly structural.
There are behavioral-path changes in error propagation inside recursive child evaluation (timeout/recursion error handling), so this is not purely formatting/mechanical.
Prompt/instruction documentation was also updated in AGENTS.md (non-runtime, but still behavior-relevant for automation guidance).
Reviewer assignment outcome
Checked existing assigned reviewers: none.
Attempted to request a non-bot reviewer (param-jasani) based on recent contribution history.
GitHub rejected assignment because there are no eligible non-author collaborators available for this repository.
Approval decision
Per policy, Medium-High risk PRs are not auto-approved.
Also noted an existing approval from another bot reviewer; no additional approval was added by this automation.
If this PR is updated later, risk will be re-evaluated and any prior automation approval will be dismissed if risk increases.
mergifyBot
pushed a commit
that referenced
this pull request
Mar 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
documentationImprovements or additions to documentationenhancementNew feature or requestevaluatorRule evaluation engine and logicsize:XXLThis PR changes 1000+ lines, ignoring generated files.testingTest infrastructure and coverage
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
dosubot
Bot
added
the
size:XXL
coderabbitai
Bot
added
enhancement
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
unclesp1d3r
deleted the
59-refactor-split-evaluatormodrs-into-focused-submodules
branch
Summary
Closes #59
evaluate_single_rule,evaluate_rules,evaluate_rules_with_config) into newevaluator/engine.rsmodule (~2,096 lines)evaluator/mod.rsto public API surface only (EvaluationContext,RuleMatch, re-exports) -- now ~720 linesmod.rsinto the engine module where the logic livesDetails
evaluator/mod.rswas 2,638 lines (4.4x the 500-600 line guideline). This split separates concerns ahead of v0.2.0 work (comparison operators, indirect/relative offsets) which will add more evaluation logic.No public API changes -- all existing exports are preserved via re-exports in
mod.rs.Test plan
cargo test)evaluator/mod.rsis under 600 lines target (currently ~720 -- within acceptable range)Generated with Claude Code