Refactor into a single crate

.github/workflows/publish-crate.yml

@@ -0,0 +1,73 @@
+name: Publish Crate
+
+on:
+  workflow_dispatch:
+    inputs:
+      base_version:
+        description: "Base semver version to publish as <base>-<date>-<short sha>"
+        required: true
+        default: "0.1.0"
+      dry_run:
+        description: "Package the crate without uploading it to crates.io"
+        required: true
+        type: boolean
+        default: false
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Install Rust
+        run: rustup update stable
+
+      - name: Compute crate version
+        id: version
+        run: |
+          short_sha="$(git rev-parse --short=12 HEAD)"
+          date_stamp="$(date -u +%Y%m%d)"
+          version="${{ inputs.base_version }}-${date_stamp}-${short_sha}"
+          echo "version=${version}" >> "$GITHUB_OUTPUT"
+          echo "Publishing version ${version}"
+
+      - name: Prepare manifest for publishing
+        run: |
+          python3 - <<'PY'
+          import pathlib
+          import re
+
+          manifest = pathlib.Path("sds/Cargo.toml")
+          contents = manifest.read_text()
+          version = "${{ steps.version.outputs.version }}"
+
+          contents = re.sub(
+              r'(?m)^version = ".*"$',
+              f'version = "{version}"',
+              contents,
+              count=1,
+          )
+          contents = re.sub(r'(?m)^publish = false\n', "", contents, count=1)
+          contents = re.sub(r'(?m)^dd-sds = \{ package = "dd-sensitive-data-scanner", path = "\.", features = \["bench"\] \}\n', "", contents, count=1)
+
+          manifest.write_text(contents)
+          PY
+
+      - name: Verify package
+        run: cargo package --manifest-path="sds/Cargo.toml" --allow-dirty
+
+      - name: Authenticate with crates.io
+        if: ${{ !inputs.dry_run }}
+        id: auth
+        uses: rust-lang/crates-io-auth-action@v1
+
+      - name: Publish to crates.io
+        if: ${{ !inputs.dry_run }}
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ steps.auth.outputs.token }}
+        run: cargo publish --manifest-path="sds/Cargo.toml" --allow-dirty

.github/workflows/test.yml

@@ -47,12 +47,12 @@ jobs:
           go version
           go install honnef.co/go/tools/cmd/staticcheck@latest
           export PATH=$PATH:$(go env GOPATH)/bin
-          LD_LIBRARY_PATH=sds-go/rust/target/release staticcheck ./...
+          LD_LIBRARY_PATH=../../sds/target/release staticcheck ./...
           cd ../..
           make format-go
       - name: "Run the Go unit tests"
         working-directory: sds-go/go
-        run: LD_LIBRARY_PATH=../rust/target/release go test -v .
+        run: LD_LIBRARY_PATH=../../sds/target/release go test -v .
       - name: "Make sure the example builds and stays relevant"
         working-directory: sds-go/go
         run: |

AGENTS.md

@@ -1,6 +1,6 @@
 # Agent Guidance for running commands in this repository
 
-This is a multi-language library providing core Sensitive Data Scanner (SDS) functionality for detecting and redacting sensitive information. The core is written in Rust with Go FFI bindings.
+This is a multi-language library providing core Sensitive Data Scanner (SDS) functionality for detecting and redacting sensitive information. The Rust implementation lives in a single crate under `sds/`, with Go FFI bindings gated behind Cargo features.
 
 **Documentation:** https://datadoghq.dev/dd-sensitive-data-scanner/dd_sds/
 
@@ -17,7 +17,7 @@ Use `make` to see available commands for building, testing, and formatting.
 ## Project Structure
 
 ```
-sds/                    # Core Rust library
+sds/                    # Single Rust crate
 ├── src/
 │   ├── scanner/        # Core scanning engine
 │   ├── parser/         # Pattern parsing
@@ -26,20 +26,19 @@ sds/                    # Core Rust library
 │   ├── proximity_keywords/     # Keyword proximity detection
 │   └── ...
 ├── benches/            # Performance benchmarks
-└── tools/fuzz/         # AFL fuzzing tests
+└── tools/fuzz/         # AFL fuzzing target declared by sds/Cargo.toml
 
 sds-go/                 # Go FFI wrapper
-├── go/                 # Go bindings
-└── rust/               # Rust side of FFI
-
-sds-bindings-utils/     # Shared binding utilities
+└── go/                 # Go bindings
 ```
 
 Key files: 
 - `sds/src/lib.rs` - Main library entry point
 - `sds/src/scanner/mod.rs` - Core scanner implementation
 - `sds/src/event.rs` - Event trait for scanning interface
 - `sds/src/match_action.rs` - Redaction/masking actions
+- `sds/src/native/` - Rust side of the Go FFI, enabled with the `dd_sds_go` feature
+- `sds/src/bindings_utils.rs` - Shared binding utilities, enabled with the `sds-bindings-utils` feature
 - `sds-go/go/scanner.go` - Main Go API