fix: resolve all clippy warnings

- Remove unused imports across 17 files
- Prefix unused variables/fields with underscore
- Implement Default trait instead of inherent default() methods (dedup, threat_scorer)
- Implement FromStr trait instead of inherent from_str() methods (AiProvider, LogSourceType)
- Replace Iterator::last() with next_back() on DoubleEndedIterator
- Derive Default for EbpfLoader instead of manual impl
- Remove useless .into() conversion in database connection
- Wrap too-many-arguments functions with param structs (SniffArgs, CreateLogSummaryParams)
- Replace filter_map(Some(...)) with map(...) in build_readers
- Replace manual find loop with Iterator::find
- Collapse nested if-let in signature_matcher
- Gate program_to_tracepoint with cfg for Linux+ebpf only
- Move api module to library crate, fix binary to import from library
- Fix pre-existing test_get_alerts_empty to init database
- Use std::io::Error::other() instead of Error::new(Other, e)

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: vsilent

src/alerting/dedup.rs

@@ -16,12 +16,12 @@ pub struct DedupConfig {
 }
 
 impl DedupConfig {
-    /// Create default config
-    pub fn default() -> Self {
+    /// Create a new config with given values
+    pub fn new(enabled: bool, window_seconds: u64, aggregation: bool) -> Self {
         Self {
-            enabled: true,
-            window_seconds: 300, // 5 minutes
-            aggregation: true,
+            enabled,
+            window_seconds,
+            aggregation,
         }
     }
 
@@ -61,7 +61,7 @@ impl DedupConfig {
 
 impl Default for DedupConfig {
     fn default() -> Self {
-        Self::default()
+        Self::new(true, 300, true)
     }
 }
 

src/alerting/manager.rs

@@ -3,7 +3,6 @@
 //! Manages alert generation, storage, and lifecycle
 
 use anyhow::Result;
-use chrono::{DateTime, Utc};
 use std::collections::HashMap;
 use std::sync::{Arc, RwLock};
 
@@ -129,7 +128,7 @@ impl AlertManager {
 
     /// Get statistics
     pub fn get_stats(&self) -> AlertStats {
-        let stats = self.stats.read().unwrap();
+        let _stats = self.stats.read().unwrap();
 
         // Calculate current counts from alerts
         let alerts = self.alerts.read().unwrap();

src/alerting/notifications.rs

@@ -3,7 +3,6 @@
 //! Notification channels for alert delivery
 
 use anyhow::Result;
-use chrono::{DateTime, Utc};
 
 use crate::alerting::alert::{Alert, AlertSeverity};
 
@@ -13,10 +12,10 @@ pub struct NotificationConfig {
     slack_webhook: Option<String>,
     smtp_host: Option<String>,
     smtp_port: Option<u16>,
-    smtp_user: Option<String>,
-    smtp_password: Option<String>,
+    _smtp_user: Option<String>,
+    _smtp_password: Option<String>,
     webhook_url: Option<String>,
-    email_recipients: Vec<String>,
+    _email_recipients: Vec<String>,
 }
 
 impl NotificationConfig {
@@ -26,10 +25,10 @@ impl NotificationConfig {
             slack_webhook: None,
             smtp_host: None,
             smtp_port: None,
-            smtp_user: None,
-            smtp_password: None,
+            _smtp_user: None,
+            _smtp_password: None,
             webhook_url: None,
-            email_recipients: Vec::new(),
+            _email_recipients: Vec::new(),
         }
     }
 

src/api/alerts.rs

@@ -5,9 +5,7 @@ use crate::database::{
     update_alert_status, AlertFilter, DbPool,
 };
 use actix_web::{web, HttpResponse, Responder};
-use chrono::Utc;
 use serde::Deserialize;
-use uuid::Uuid;
 
 /// Query parameters for alert filtering
 #[derive(Debug, Deserialize)]
@@ -156,6 +154,7 @@ mod tests {
     #[actix_rt::test]
     async fn test_get_alerts_empty() {
         let pool = create_pool(":memory:").unwrap();
+        crate::database::init_database(&pool).unwrap();
         let pool_data = web::Data::new(pool);
 
         let app =

src/api/containers.rs

@@ -1,6 +1,5 @@
 //! Containers API endpoints
 
-use crate::database::models::ContainerCache;
 use crate::database::DbPool;
 use crate::docker::client::ContainerInfo;
 use crate::docker::containers::ContainerManager;

src/api/security.rs

@@ -1,7 +1,7 @@
 //! Security API endpoints
 
+use crate::models::api::security::SecurityStatusResponse;
 use actix_web::{web, HttpResponse, Responder};
-use stackdog::models::api::security::SecurityStatusResponse;
 
 /// Get overall security status
 ///

src/api/threats.rs

@@ -1,7 +1,7 @@
 //! Threats API endpoints
 
+use crate::models::api::threats::{ThreatResponse, ThreatStatisticsResponse};
 use actix_web::{web, HttpResponse, Responder};
-use stackdog::models::api::threats::{ThreatResponse, ThreatStatisticsResponse};
 use std::collections::HashMap;
 
 /// Get all threats

src/collectors/ebpf/container.rs

@@ -2,7 +2,7 @@
 //!
 //! Detects container ID from cgroup and other sources
 
-use anyhow::{Context, Result};
+use anyhow::Result;
 
 /// Container detector
 pub struct ContainerDetector {
@@ -45,11 +45,11 @@ impl ContainerDetector {
     }
 
     /// Detect container ID from cgroup file
-    fn detect_from_cgroup(&self, pid: u32) -> Option<String> {
+    fn detect_from_cgroup(&self, _pid: u32) -> Option<String> {
         #[cfg(target_os = "linux")]
         {
             // Read /proc/[pid]/cgroup
-            let cgroup_path = format!("/proc/{}/cgroup", pid);
+            let cgroup_path = format!("/proc/{}/cgroup", _pid);
             if let Ok(content) = std::fs::read_to_string(&cgroup_path) {
                 for line in content.lines() {
                     if let Some(id) = Self::parse_container_from_cgroup(line) {
@@ -114,7 +114,7 @@ impl ContainerDetector {
         // Look for /kubepods/.../container_id
         if path.contains("/kubepods/") {
             // Get last component
-            let id = path.split('/').last()?;
+            let id = path.split('/').next_back()?;
 
             if Self::is_valid_container_id(id) {
                 return Some(id.to_string());

src/collectors/ebpf/enrichment.rs

@@ -7,22 +7,21 @@ use anyhow::Result;
 
 /// Event enricher
 pub struct EventEnricher {
-    // Cache for process information
-    process_cache: std::collections::HashMap<u32, ProcessInfo>,
+    _process_cache: std::collections::HashMap<u32, ProcessInfo>,
 }
 
 #[derive(Debug, Clone)]
 struct ProcessInfo {
-    pid: u32,
-    ppid: u32,
-    comm: Option<String>,
+    _pid: u32,
+    _ppid: u32,
+    _comm: Option<String>,
 }
 
 impl EventEnricher {
     /// Create a new event enricher
     pub fn new() -> Result<Self> {
         Ok(Self {
-            process_cache: std::collections::HashMap::new(),
+            _process_cache: std::collections::HashMap::new(),
         })
     }
 
@@ -44,11 +43,11 @@ impl EventEnricher {
     }
 
     /// Get parent PID for a process
-    pub fn get_parent_pid(&self, pid: u32) -> Option<u32> {
+    pub fn get_parent_pid(&self, _pid: u32) -> Option<u32> {
         #[cfg(target_os = "linux")]
         {
             // Read from /proc/[pid]/stat
-            let stat_path = format!("/proc/{}/stat", pid);
+            let stat_path = format!("/proc/{}/stat", _pid);
             if let Ok(content) = std::fs::read_to_string(&stat_path) {
                 // Parse ppid from stat file (field 4)
                 let parts: Vec<&str> = content.split_whitespace().collect();
@@ -64,11 +63,11 @@ impl EventEnricher {
     }
 
     /// Get process command name
-    pub fn get_process_comm(&self, pid: u32) -> Option<String> {
+    pub fn get_process_comm(&self, _pid: u32) -> Option<String> {
         #[cfg(target_os = "linux")]
         {
             // Read from /proc/[pid]/comm
-            let comm_path = format!("/proc/{}/comm", pid);
+            let comm_path = format!("/proc/{}/comm", _pid);
             if let Ok(content) = std::fs::read_to_string(&comm_path) {
                 return Some(content.trim().to_string());
             }
@@ -91,11 +90,11 @@ impl EventEnricher {
     }
 
     /// Get process executable path
-    pub fn get_process_exe(&self, pid: u32) -> Option<String> {
+    pub fn get_process_exe(&self, _pid: u32) -> Option<String> {
         #[cfg(target_os = "linux")]
         {
             // Read symlink /proc/[pid]/exe
-            let exe_path = format!("/proc/{}/exe", pid);
+            let exe_path = format!("/proc/{}/exe", _pid);
             if let Ok(path) = std::fs::read_link(&exe_path) {
                 return path.to_str().map(|s| s.to_string());
             }
@@ -105,11 +104,11 @@ impl EventEnricher {
     }
 
     /// Get process working directory
-    pub fn get_process_cwd(&self, pid: u32) -> Option<String> {
+    pub fn get_process_cwd(&self, _pid: u32) -> Option<String> {
         #[cfg(target_os = "linux")]
         {
             // Read symlink /proc/[pid]/cwd
-            let cwd_path = format!("/proc/{}/cwd", pid);
+            let cwd_path = format!("/proc/{}/cwd", _pid);
             if let Ok(path) = std::fs::read_link(&cwd_path) {
                 return path.to_str().map(|s| s.to_string());
             }

src/collectors/ebpf/loader.rs

@@ -4,7 +4,7 @@
 //!
 //! Note: This module is only available on Linux with the ebpf feature enabled
 
-use anyhow::{bail, Context, Result};
+use anyhow::Result;
 use std::collections::HashMap;
 
 /// eBPF loader errors
@@ -36,6 +36,7 @@ pub enum LoadError {
 ///
 /// Responsible for loading eBPF programs from ELF files
 /// and attaching them to kernel tracepoints
+#[derive(Default)]
 pub struct EbpfLoader {
     #[cfg(all(target_os = "linux", feature = "ebpf"))]
     bpf: Option<aya::Bpf>,
@@ -46,7 +47,7 @@ pub struct EbpfLoader {
 
 #[derive(Debug, Clone)]
 struct ProgramInfo {
-    name: String,
+    _name: String,
     attached: bool,
 }
 
@@ -160,7 +161,7 @@ impl EbpfLoader {
             self.loaded_programs.insert(
                 _program_name.to_string(),
                 ProgramInfo {
-                    name: _program_name.to_string(),
+                    _name: _program_name.to_string(),
                     attached: true,
                 },
             );
@@ -270,18 +271,8 @@ impl EbpfLoader {
     }
 }
 
-impl Default for EbpfLoader {
-    fn default() -> Self {
-        Self {
-            #[cfg(all(target_os = "linux", feature = "ebpf"))]
-            bpf: None,
-            loaded_programs: HashMap::new(),
-            kernel_version: None,
-        }
-    }
-}
-
 /// Map program name to its tracepoint (category, name) for aya attachment.
+#[cfg(all(target_os = "linux", feature = "ebpf"))]
 fn program_to_tracepoint(name: &str) -> Option<(&'static str, &'static str)> {
     match name {
         "trace_execve" => Some(("syscalls", "sys_enter_execve")),