refactor(evaluation): rename concepts (#11)

* refactor(evaluation): rename concepts

* refactor(evaluation): fix ci

Author: ubiratansoares

.github/workflows/ci-rust.yml

@@ -40,7 +40,7 @@ jobs:
 
   security:
     needs: [lint, tests]
-    runs-on: warp-ubuntu-2404-x64-4x
+    runs-on: warp-ubuntu-2404-x64-8x
 
     steps:
       - name: Project checkout

crates/pollux/src/core.rs

@@ -1,7 +1,7 @@
 // Copyright 2025 Dotanuki Labs
 // SPDX-License-Identifier: MIT
 
-use crate::infra::{ReproducibleBuildsEvaluator, TrustedPublishingEvaluator};
+use crate::infra::{CrateBuildReproducibilityEvaluator, CrateProvenanceEvaluator};
 use std::fmt::Display;
 
 #[derive(Debug, PartialEq)]
@@ -14,6 +14,14 @@ impl CrateInfo {
     pub fn new(name: String, version: String) -> Self {
         Self { name, version }
     }
+
+    #[cfg(test)]
+    pub fn with(name: &str, version: &str) -> Self {
+        Self {
+            name: name.to_string(),
+            version: version.to_string(),
+        }
+    }
 }
 
 impl Display for CrateInfo {
@@ -24,52 +32,60 @@ impl Display for CrateInfo {
 
 #[allow(dead_code)]
 #[derive(Debug, PartialEq)]
-pub enum VerificationKind {
-    ReproducedBuild,
-    UsesTrustedPublishing,
+pub enum VeracityFactor {
+    ReproducibleBuilds,
+    ProvenanceAttested,
 }
 
 #[allow(dead_code)]
 #[derive(Debug, PartialEq)]
-pub enum TruthfulnessVerification {
+pub enum CrateVeracityLevel {
     NotAvailable,
-    Partial(VerificationKind),
-    Total,
+    SingleFactor(VeracityFactor),
+    TwoFactors,
 }
 
 #[allow(dead_code)]
-pub trait TruthfulnessEvaluation {
+pub trait VeracityEvaluation {
     async fn evaluate(&self, crate_info: &CrateInfo) -> anyhow::Result<bool>;
 }
 
-pub struct TruthfulnessEvaluator {
-    trusted_publishing_evaluator: TrustedPublishingEvaluator,
-    reproducible_builds_evaluator: ReproducibleBuildsEvaluator,
+pub struct CrateVeracityEvaluator {
+    provenance: CrateProvenanceEvaluator,
+    reproducibility: CrateBuildReproducibilityEvaluator,
 }
 
-#[allow(dead_code)]
-impl TruthfulnessEvaluator {
-    pub fn new(
-        trusted_publishing_evaluator: TrustedPublishingEvaluator,
-        reproducible_builds_evaluator: ReproducibleBuildsEvaluator,
-    ) -> Self {
-        Self {
-            trusted_publishing_evaluator,
-            reproducible_builds_evaluator,
-        }
-    }
-
-    pub async fn evaluate(&self, crate_info: &CrateInfo) -> anyhow::Result<TruthfulnessVerification> {
-        let uses_trusted_publishing = self.trusted_publishing_evaluator.evaluate(crate_info).await?;
-        let has_reproduced_build = self.reproducible_builds_evaluator.evaluate(crate_info).await?;
+impl CrateVeracityEvaluator {
+    pub async fn evaluate(&self, crate_info: &CrateInfo) -> anyhow::Result<CrateVeracityLevel> {
+        let uses_trusted_publishing = self.provenance.evaluate(crate_info).await?;
+        let has_reproduced_build = self.reproducibility.evaluate(crate_info).await?;
 
         let verification = match (uses_trusted_publishing, has_reproduced_build) {
-            (true, true) => TruthfulnessVerification::Total,
-            (false, true) => TruthfulnessVerification::Partial(VerificationKind::ReproducedBuild),
-            (true, false) => TruthfulnessVerification::Partial(VerificationKind::UsesTrustedPublishing),
-            (false, false) => TruthfulnessVerification::NotAvailable,
+            (true, true) => CrateVeracityLevel::TwoFactors,
+            (false, true) => CrateVeracityLevel::SingleFactor(VeracityFactor::ReproducibleBuilds),
+            (true, false) => CrateVeracityLevel::SingleFactor(VeracityFactor::ProvenanceAttested),
+            (false, false) => CrateVeracityLevel::NotAvailable,
         };
 
         Ok(verification)
     }
+
+    fn new(provenance: CrateProvenanceEvaluator, reproducibility: CrateBuildReproducibilityEvaluator) -> Self {
+        Self {
+            provenance,
+            reproducibility,
+        }
+    }
+}
+
+pub mod factory {
+    use crate::core::CrateVeracityEvaluator;
+    use crate::infra::{CrateBuildReproducibilityEvaluator, CrateProvenanceEvaluator};
+
+    pub fn create_veracity_evaluator(
+        provenance_factory: fn() -> CrateProvenanceEvaluator,
+        reproducibility_factory: fn() -> CrateBuildReproducibilityEvaluator,
+    ) -> CrateVeracityEvaluator {
+        CrateVeracityEvaluator::new(provenance_factory(), reproducibility_factory())
+    }
 }

crates/pollux/src/infra.rs

@@ -4,52 +4,52 @@
 pub mod cratesio;
 mod ossrebuild;
 
-use crate::core::{CrateInfo, TruthfulnessEvaluation};
+use crate::core::{CrateInfo, VeracityEvaluation};
 use crate::infra::cratesio::CratesIOEvaluator;
 use crate::infra::ossrebuild::OssRebuildEvaluator;
 use reqwest::Client;
 
 pub type HTTPClient = Client;
 
 #[allow(dead_code)]
-pub enum TrustedPublishingEvaluator {
-    FromCratesIO(CratesIOEvaluator),
+pub enum CrateProvenanceEvaluator {
+    CratesOfficialRegistry(CratesIOEvaluator),
     #[cfg(test)]
-    Fake(FakeTruthfulnessEvaluator),
+    FakeRegistry(FakeTruthfulnessEvaluator),
 }
 
-impl TruthfulnessEvaluation for TrustedPublishingEvaluator {
+impl VeracityEvaluation for CrateProvenanceEvaluator {
     async fn evaluate(&self, crate_info: &CrateInfo) -> anyhow::Result<bool> {
         match self {
-            TrustedPublishingEvaluator::FromCratesIO(evaluator) => evaluator.evaluate(crate_info).await,
+            CrateProvenanceEvaluator::CratesOfficialRegistry(evaluator) => evaluator.evaluate(crate_info).await,
             #[cfg(test)]
-            TrustedPublishingEvaluator::Fake(evaluator) => evaluator.evaluate(crate_info).await,
+            CrateProvenanceEvaluator::FakeRegistry(evaluator) => evaluator.evaluate(crate_info).await,
         }
     }
 }
 
 #[allow(dead_code)]
-pub enum ReproducibleBuildsEvaluator {
-    FromOssRebuild(OssRebuildEvaluator),
+pub enum CrateBuildReproducibilityEvaluator {
+    GoogleOssRebuild(OssRebuildEvaluator),
     #[cfg(test)]
-    Fake(Vec<CrateInfo>),
+    FakeRebuilder(Vec<CrateInfo>),
 }
 
 #[allow(unused_variables)]
-impl TruthfulnessEvaluation for ReproducibleBuildsEvaluator {
+impl VeracityEvaluation for CrateBuildReproducibilityEvaluator {
     async fn evaluate(&self, crate_info: &CrateInfo) -> anyhow::Result<bool> {
         match self {
-            ReproducibleBuildsEvaluator::FromOssRebuild(delegate) => delegate.evaluate(crate_info).await,
+            CrateBuildReproducibilityEvaluator::GoogleOssRebuild(delegate) => delegate.evaluate(crate_info).await,
             #[cfg(test)]
-            ReproducibleBuildsEvaluator::Fake(crates) => Ok(crates.contains(crate_info)),
+            CrateBuildReproducibilityEvaluator::FakeRebuilder(crates) => Ok(crates.contains(crate_info)),
         }
     }
 }
 
 pub mod factories {
     use crate::infra::cratesio::CratesIOEvaluator;
     use crate::infra::ossrebuild::OssRebuildEvaluator;
-    use crate::infra::{HTTPClient, ReproducibleBuildsEvaluator, TrustedPublishingEvaluator};
+    use crate::infra::{CrateBuildReproducibilityEvaluator, CrateProvenanceEvaluator, HTTPClient};
     use reqwest::header;
     use std::sync::{Arc, LazyLock};
 
@@ -66,22 +66,22 @@ pub mod factories {
     static CRATES_IO_API: &str = "https://crates.io";
     static OSS_REBUILD_CRATES_IO_URL: &str = "https://storage.googleapis.com/google-rebuild-attestations/cratesio";
 
-    pub fn trusted_publishing_evaluator() -> TrustedPublishingEvaluator {
+    pub fn provenance_evaluator() -> CrateProvenanceEvaluator {
         let delegate = CratesIOEvaluator::new(CRATES_IO_API.to_string(), HTTP_CLIENT.clone());
-        TrustedPublishingEvaluator::FromCratesIO(delegate)
+        CrateProvenanceEvaluator::CratesOfficialRegistry(delegate)
     }
 
-    pub fn reproducible_builds_evaluator() -> ReproducibleBuildsEvaluator {
+    pub fn reproducibility_evaluator() -> CrateBuildReproducibilityEvaluator {
         let delegate = OssRebuildEvaluator::new(OSS_REBUILD_CRATES_IO_URL.to_string(), HTTP_CLIENT.clone());
-        ReproducibleBuildsEvaluator::FromOssRebuild(delegate)
+        CrateBuildReproducibilityEvaluator::GoogleOssRebuild(delegate)
     }
 }
 
 #[cfg(test)]
 pub struct FakeTruthfulnessEvaluator(Vec<CrateInfo>);
 
 #[cfg(test)]
-impl TruthfulnessEvaluation for FakeTruthfulnessEvaluator {
+impl VeracityEvaluation for FakeTruthfulnessEvaluator {
     async fn evaluate(&self, crate_info: &CrateInfo) -> anyhow::Result<bool> {
         Ok(self.0.contains(crate_info))
     }

crates/pollux/src/infra/cratesio.rs

@@ -1,7 +1,7 @@
 // Copyright 2025 Dotanuki Labs
 // SPDX-License-Identifier: MIT
 
-use crate::core::{CrateInfo, TruthfulnessEvaluation};
+use crate::core::{CrateInfo, VeracityEvaluation};
 use crate::infra::HTTPClient;
 use serde::Deserialize;
 use std::fmt::Display;
@@ -44,7 +44,7 @@ impl CratesIOEvaluator {
     }
 }
 
-impl TruthfulnessEvaluation for CratesIOEvaluator {
+impl VeracityEvaluation for CratesIOEvaluator {
     async fn evaluate(&self, crate_info: &CrateInfo) -> anyhow::Result<bool> {
         let endpoint = format!(
             "{}/api/v1/crates/{}/{}",
@@ -72,10 +72,10 @@ impl TruthfulnessEvaluation for CratesIOEvaluator {
 
 #[cfg(test)]
 mod tests {
-    use crate::core::{CrateInfo, TruthfulnessEvaluation};
+    use crate::core::{CrateInfo, VeracityEvaluation};
     use crate::infra::cratesio::CratesIOEvaluator;
     use crate::infra::factories;
-    use assertor::BooleanAssertion;
+    use assertor::{BooleanAssertion, ResultAssertion};
     use httpmock::{MockServer, Then, When};
 
     fn responds_with_existing_provenance(crate_name: &str, crate_version: &str) -> impl FnOnce(When, Then) {
@@ -135,15 +135,28 @@ mod tests {
         }
     }
 
+    fn responds_without_server_error(crate_name: &str, crate_version: &str) -> impl FnOnce(When, Then) {
+        move |when, then| {
+            when.method("GET")
+                .path(format!("/api/v1/crates/{}/{}", crate_name, crate_version));
+
+            then.status(503)
+                .header("content-type", "application/text; charset=UTF-8")
+                .body("internal error");
+        }
+    }
+
     #[tokio::test]
-    async fn should_evaluate_provenance_when_available() {
+    async fn should_evaluate_crate_provenance_when_available() {
+        let crate_name = "bon";
+        let crate_version = "3.7.2";
+        let crate_info = CrateInfo::with(crate_name, crate_version);
+
         let mock_server = MockServer::start();
         let evaluator = CratesIOEvaluator::new(mock_server.base_url(), factories::HTTP_CLIENT.clone());
 
-        let response_with_provenance = responds_with_existing_provenance("bon", "3.7.2");
-
-        let mocked = mock_server.mock(response_with_provenance);
-        let crate_info = CrateInfo::new("bon".to_string(), "3.7.2".to_string());
+        let with_provenance = responds_with_existing_provenance(crate_name, crate_version);
+        let mocked = mock_server.mock(with_provenance);
 
         let evaluation = evaluator.evaluate(&crate_info).await.unwrap();
 
@@ -152,19 +165,39 @@ mod tests {
     }
 
     #[tokio::test]
-    async fn should_evaluate_provenance_when_not_available() {
+    async fn should_evaluate_crate_provenance_when_not_available() {
+        let crate_name = "canopus";
+        let crate_version = "0.1.1";
+        let crate_info = CrateInfo::with(crate_name, crate_version);
+
         let mock_server = MockServer::start();
         let evaluator = CratesIOEvaluator::new(mock_server.base_url(), factories::HTTP_CLIENT.clone());
 
-        let response_without_provenance = responds_without_provenance("canopus", "0.1.1");
-
-        let mocked = mock_server.mock(response_without_provenance);
+        let without_provenance = responds_without_provenance(crate_name, crate_version);
 
-        let crate_info = CrateInfo::new("canopus".to_string(), "0.1.1".to_string());
+        let mocked = mock_server.mock(without_provenance);
 
         let evaluation = evaluator.evaluate(&crate_info).await.unwrap();
 
         mocked.assert();
         assertor::assert_that!(evaluation).is_false()
     }
+
+    #[tokio::test]
+    async fn should_evaluate_provenance_when_server_not_available() {
+        let crate_name = "canopus";
+        let crate_version = "0.0.1";
+        let crate_info = CrateInfo::with(crate_name, crate_version);
+
+        let mock_server = MockServer::start();
+        let evaluator = CratesIOEvaluator::new(mock_server.base_url(), factories::HTTP_CLIENT.clone());
+
+        let not_found = responds_without_server_error(crate_name, crate_version);
+        let mocked = mock_server.mock(not_found);
+
+        let evaluation = evaluator.evaluate(&crate_info).await;
+
+        mocked.assert();
+        assertor::assert_that!(evaluation).is_err()
+    }
 }

crates/pollux/src/infra/ossrebuild.rs

@@ -1,7 +1,7 @@
 // Copyright 2025 Dotanuki Labs
 // SPDX-License-Identifier: MIT
 
-use crate::core::{CrateInfo, TruthfulnessEvaluation};
+use crate::core::{CrateInfo, VeracityEvaluation};
 use crate::infra::HTTPClient;
 use anyhow::bail;
 use reqwest::StatusCode;
@@ -18,7 +18,7 @@ impl OssRebuildEvaluator {
     }
 }
 
-impl TruthfulnessEvaluation for OssRebuildEvaluator {
+impl VeracityEvaluation for OssRebuildEvaluator {
     async fn evaluate(&self, crate_info: &CrateInfo) -> anyhow::Result<bool> {
         let endpoint = format!(
             "{}/{}/{}/{}-{}.crate/rebuild.intoto.jsonl",
@@ -46,7 +46,7 @@ impl TruthfulnessEvaluation for OssRebuildEvaluator {
 
 #[cfg(test)]
 mod tests {
-    use crate::core::{CrateInfo, TruthfulnessEvaluation};
+    use crate::core::{CrateInfo, VeracityEvaluation};
     use crate::infra::factories;
     use crate::infra::ossrebuild::OssRebuildEvaluator;
     use assertor::{BooleanAssertion, ResultAssertion};

crates/pollux/src/main.rs

@@ -4,7 +4,7 @@
 mod core;
 mod infra;
 
-use crate::core::{CrateInfo, TruthfulnessEvaluator};
+use crate::core::CrateInfo;
 use clap::Parser;
 use console::style;
 use tikv_jemallocator::Jemalloc;
@@ -34,14 +34,15 @@ async fn main() {
 
     let arguments = ProgramArguments::parse();
 
-    let trusted_publishing_evaluator = infra::factories::trusted_publishing_evaluator();
-    let reproducible_builds_evaluator = infra::factories::reproducible_builds_evaluator();
-    let evaluator = TruthfulnessEvaluator::new(trusted_publishing_evaluator, reproducible_builds_evaluator);
+    let veracity_evaluator = core::factory::create_veracity_evaluator(
+        infra::factories::provenance_evaluator,
+        infra::factories::reproducibility_evaluator,
+    );
 
     let parts = arguments.name.split("@").collect::<Vec<_>>();
     let crates_info = CrateInfo::new(parts[0].to_string(), parts[1].to_string());
 
-    let evaluation = evaluator.evaluate(&crates_info).await.unwrap();
+    let evaluation = veracity_evaluator.evaluate(&crates_info).await.unwrap();
 
     println!("For {} : truthfulness = {:?} ", crates_info, style(evaluation).cyan());
 }