Operational corruption detection for fixed-record COBOL data: record-length anomaly, EBCDIC/ASCII-FTP transfer damage, zoned-sign damage, packed-decimal nibble validation, CR/LF injection, trailing-byte loss, and dirty-data triage.
Part of KOBOLD -- a forensic archaeology and evidence system for legacy COBOL estates: it maps real COBOL codebases, generated oracle witnesses, compiler-profile behavior, and migration risk into court-backed receipts. Independently-authored tooling; contains no GnuCOBOL source.
- gnucobol-rs (separate crate) = the oracle-proven semantic primitive layer.
- kobold-* = the forensic-intelligence layer.
- kobold-* MAY depend on gnucobol-rs; gnucobol-rs MUST NOT depend on kobold-*.
Triages a fixed-record COBOL byte image against a declared layout and emits a fail-closed findings report. It catches the damage that happens in transfer, before parsing:
- record-length anomaly -- file length not a whole multiple of LRECL (truncated/padded transfer);
- CR/LF injection -- 0x0D/0x0A inside a fixed record (FTP ASCII-mode corruption);
- SUB / soft-EOF -- embedded 0x1A bytes;
- packed-decimal (COMP-3) validation -- non-BCD digit nibbles, invalid sign nibbles, wrong width;
- zoned-decimal validation -- ASCII and EBCDIC zones + trailing overpunch signs.
A finding means "these bytes are inconsistent with the declared layout", never "this value is wrong". Clean data produces zero findings.
kobold-guard scan data.bin --layout layout.json --pretty
Library: kobold_guard::triage(&data, &layout) -> Report. The byte formats it inspects are public,
long-documented data conventions; the crate depends on nothing and contains no GnuCOBOL source.
Apache-2.0 (see LICENSE).