Update README and disable unsupported languages

Co-authored-by: script3r <[email protected]>

Author: cursoragent

Cargo.toml

@@ -34,4 +34,8 @@ tree-sitter-python = "0.21"
 tree-sitter-javascript = "0.21"
 tree-sitter-java = "0.21"
 tree-sitter-go = "0.21"
+# tree-sitter-php = "0.22"
+# tree-sitter-swift = "0.7" 
+# tree-sitter-kotlin = "0.3"
+# Note: Additional languages disabled due to inconsistent tree-sitter APIs
 

LANGUAGE_COVERAGE_STATUS.md

@@ -0,0 +1,74 @@
+# Language Coverage Status
+
+## Currently Supported Languages (AST-based detection)
+
+✅ **C** - 9 fixture files, OpenSSL library detection
+✅ **C++** - 12 fixture files, OpenSSL/Botan/CryptoPP library detection  
+✅ **Rust** - 13 fixture files, Ring/RustCrypto library detection
+✅ **Python** - 16 fixture files, Cryptography library detection
+✅ **Java** - 13 fixture files, JCA/BouncyCastle library detection
+✅ **Go** - 12 fixture files, std-crypto/x-crypto library detection
+
+**Total**: 37 ground truth files generated for supported languages
+
+## Languages with Fixtures but No AST Support Yet
+
+⏳ **PHP** - 9 fixture files (OpenSSL/Sodium libraries)
+⏳ **Swift** - 9 fixture files (CryptoKit/CommonCrypto libraries)  
+⏳ **Kotlin** - 5 fixture files (JCA library)
+⏳ **Objective-C** - 9 fixture files (CommonCrypto/OpenSSL libraries)
+⏳ **Erlang** - 5 fixture files (OTP-crypto library)
+
+**Total**: 37 fixture files without AST support
+
+## Why Some Languages Aren't Supported Yet
+
+The missing languages have inconsistent or incompatible tree-sitter parser APIs:
+
+- **tree-sitter-php**: Uses different function naming convention
+- **tree-sitter-swift**: Uses `LANGUAGE` constant instead of `language()` function
+- **tree-sitter-kotlin**: Different API structure
+- **Objective-C**: No stable tree-sitter parser available
+- **Erlang**: No stable tree-sitter parser available
+
+## Detection Quality by Language
+
+### High Quality Detection
+- **C/C++**: Detects include statements and function calls accurately
+- **Python**: Detects import statements and algorithm usage
+- **Java**: Detects import statements for crypto APIs
+- **Go**: Detects import statements for crypto packages
+
+### Needs Refinement
+- **Rust**: Currently generates many false positives (51 findings for a simple file)
+  - AST patterns are too broad and match every identifier
+  - Need more specific patterns for crypto-specific usage
+
+## How to Add New Language Support
+
+1. **Add tree-sitter parser dependency** to Cargo.toml
+2. **Add parser initialization** in `AstDetector::new()`
+3. **Add language matching** in `find_matches()` method
+4. **Define AST patterns** for the language in `default_patterns()` or patterns.toml
+5. **Add detector** in CLI main.rs
+6. **Test and validate** with existing fixtures
+
+## Future Improvements
+
+1. **Refine Rust patterns** to reduce false positives
+2. **Add support for missing languages** with stable tree-sitter parsers
+3. **Enhance algorithm detection** with parameter extraction
+4. **Add more library patterns** for comprehensive coverage
+5. **Consider fallback regex detection** for languages without AST support
+
+## Current Tool Usage
+
+The tool currently works well for the 6 supported languages:
+
+```bash
+./target/release/cipherscope fixtures/python/cryptography/ --patterns patterns.toml
+./target/release/cipherscope fixtures/c/openssl/ --patterns patterns.toml  
+./target/release/cipherscope fixtures/java/jca/ --patterns patterns.toml
+```
+
+For unsupported languages, the tool will simply skip the files (no errors, just no output).

README.md

@@ -45,7 +45,9 @@ cargo build --release
 
 ## Languages Supported
 
-C, C++, Go, Java, Python, Rust (AST-based detection)
+**AST-based detection**: C, C++, Go, Java, Python, Rust
+
+**Note**: Additional languages like PHP, Swift, Kotlin, Objective-C, and Erlang have fixture files but are not yet supported by AST-based detection due to tree-sitter parser compatibility issues. These can be added in future versions.
 
 ## How It Works (High-Level)
 

crates/scanner-core/Cargo.toml

@@ -24,6 +24,9 @@ tree-sitter-python = { workspace = true }
 tree-sitter-javascript = { workspace = true }
 tree-sitter-java = { workspace = true }
 tree-sitter-go = { workspace = true }
+# tree-sitter-php = { workspace = true }
+# tree-sitter-swift = { workspace = true }
+# tree-sitter-kotlin = { workspace = true }
 
 [dev-dependencies]
 criterion = "0.5"

crates/scanner-core/src/ast.rs

@@ -55,7 +55,7 @@ impl AstDetector {
         parsers.insert(ScanLanguage::Python, Self::create_parser(tree_sitter_python::language())?);
         parsers.insert(ScanLanguage::Java, Self::create_parser(tree_sitter_java::language())?);
         parsers.insert(ScanLanguage::Go, Self::create_parser(tree_sitter_go::language())?);
-        // Note: JavaScript parser can be used for basic JS-like syntax if needed
+        // Note: PHP, Swift, Kotlin, Objective-C and Erlang disabled due to inconsistent tree-sitter APIs
 
         Ok(Self {
             parsers,
@@ -297,6 +297,7 @@ impl AstDetector {
                 match_type: AstMatchType::Library { name: "std-crypto".to_string() },
                 metadata: HashMap::new(),
             },
+            
         ]
     }
 
@@ -321,7 +322,7 @@ impl AstDetector {
             ScanLanguage::Python => tree_sitter_python::language(),
             ScanLanguage::Java => tree_sitter_java::language(),
             ScanLanguage::Go => tree_sitter_go::language(),
-            _ => return Ok(matches), // Skip unsupported languages
+            _ => return Ok(matches), // Skip unsupported languages (PHP, Swift, Kotlin, ObjC, Erlang)
         };
 
         // Execute each pattern that matches this language