Does Rust need static analysis if the compiler already catches so much?

Yes. The Rust compiler catches memory safety and type errors, but it cannot detect logic issues like hardcoded secrets, performance anti-patterns (excessive cloning, blocking in async), architectural problems, or dependency vulnerabilities. rust-doctor fills this gap with 700+ clippy lints, 19 custom AST rules, CVE detection via cargo-audit, and unused dependency detection via cargo-machete.

How do I measure Rust code quality?

rust-doctor provides a 0-100 health score for any Rust project. The score is a weighted average across 5 dimensions (Security, Reliability, Maintainability, Performance, Dependencies). Each dimension deducts 1.5 points per unique error rule, 0.75 per warning, and 0.25 per info. Scores above 75 indicate a healthy codebase, 50-74 needs work, and below 50 is critical. Run 'npx -y rust-doctor@latest .' at your project root to get your score instantly.

What is a Rust health score?

A Rust health score is a single 0-100 metric that summarizes the overall quality of a Rust codebase. rust-doctor calculates it by scanning for security vulnerabilities, performance issues, correctness bugs, architectural anti-patterns, and dependency problems. Unlike raw lint counts, the score counts unique rules violated. Fixing all instances of one issue removes the entire penalty.

How does rust-doctor compare to Clippy?

rust-doctor runs Clippy internally (700+ lints with severity overrides) and adds 19 custom AST rules that Clippy doesn't cover: hardcoded secret detection, blocking-in-async detection, framework-specific rules for tokio/axum/actix-web, and architectural anti-patterns. It also integrates cargo-audit for CVE scanning and cargo-machete for unused dependency detection, all producing a single health score.

Can I use rust-doctor with AI coding assistants?

Yes. Run 'rust-doctor setup' to auto-detect your AI agent (Claude Code, Cursor, Windsurf) and configure it in one command. Choose CLI + Skills for a skill-based deep analysis workflow, or MCP Server for direct tool integration. Both give your agent full access to scanning, scoring, rule explanations, and fix guidance.

How do I add rust-doctor to CI/CD?

Add the GitHub Action to your workflow: 'uses: ArthurDEV44/rust-doctor@v1' with 'fail-on: warning' to block PRs with issues. It posts a PR comment with the health score, error/warning counts, and top diagnostics. It also supports SARIF output for GitHub Code Scanning integration.

How do I track technical debt in a Rust project?

rust-doctor quantifies technical debt as a health score: 100 means zero detected issues, lower scores indicate accumulated debt. Each rule category (security, performance, correctness, architecture, dependencies) contributes independently, so you can see exactly where debt is concentrated. Run it in CI to track score trends over time and prevent debt from growing.

What issues does rust-doctor catch that other tools miss?

rust-doctor detects hardcoded secrets in connection strings, blocking I/O inside async functions, panic!() in library crates, excessive .clone() in hot loops, and framework-specific anti-patterns for tokio/axum/actix-web. These are logic and architecture issues that the Rust compiler, Clippy, and cargo-audit each miss individually. rust-doctor combines all three plus 19 custom AST rules into one scan.

rust-doctor | Rust code health scanner

What it checks

Everything clippy doesn't.

LINTS

700+

Clippy lints

Severity overrides across pedantic, nursery, and cargo groups.

AST

Custom rules

Error handling, performance, architecture, security, async, and framework anti-patterns via syn.

DEPS

Cargo tools

cargo-audit, cargo-deny, cargo-geiger, cargo-machete, cargo-semver-checks.

FRAMEWORKS

Runtime targets

tokio, axum, actix-web — blocking in async, missing handlers, spawn without move.

External tools are optional — missing ones are skipped gracefully. Run rust-doctor --install-deps to install them all at once.

Scoring

One number. Zero ambiguity.

Weighted across 5 dimensions (Security ×2, Reliability ×1.5, Maintainability, Performance, Dependencies). Per dimension: 100 − errors ×1.5 − warnings ×0.75 − info ×0.25. Counts unique rules, not occurrences — fix one issue entirely and the penalty disappears.

75–100

Great

50–74

Needs work

0–49

Critical

MCP Server

Built for AI coding assistants.

rust-doctor includes a built-in Model Context Protocol server. Claude Code, Cursor, VS Code — any MCP-compatible tool can scan your project, explain rules, and suggest fixes.

scan

Full diagnostics + health score

score

Quick 0–100 pass/fail

explain_rule

Rule docs + fix guidance

list_rules

Browse all available checks

Install

Pick your method.

npx

npx -y rust-doctor@latest .

cargo

cargo install rust-doctor

MCP

claude mcp add --transport stdio -s user rust-doctor -- npx -y rust-doctor --mcp

Skill

npx skills add https://github.com/ArthurDEV44/rust-doctor --skill rust-doctor

GitHub Actions

- uses: ArthurDEV44/rust-doctor@v1
  with:
    token: ${{ secrets.GITHUB_TOKEN }}
    fail-on: warning

Rules

19 custom AST rules.

Error Handling

unwrap-in-production

Warning

Error Handling

panic-in-library

Error

Error Handling

box-dyn-error-in-public-api

Warning

Error Handling

result-unit-error

Warning

Performance

excessive-clone

Warning

Performance

string-from-literal

Info

Performance

collect-then-iterate

Warning

Performance

large-enum-variant

Warning

Performance

unnecessary-allocation

Warning

Architecture

high-cyclomatic-complexity

Warning

Security

hardcoded-secrets

Error

Security

unsafe-block-audit

Warning

Security

sql-injection-risk

Error

Async

blocking-in-async

Error

Async

block-on-in-async

Error

Framework

tokio-main-missing

Error

Framework

tokio-spawn-without-move

Error

Framework

axum-handler-not-async

Warning

Framework

actix-blocking-handler

Warning

Category	Rule	Severity
Error Handling	`unwrap-in-production`	Warning
Error Handling	`panic-in-library`	Error
Error Handling	`box-dyn-error-in-public-api`	Warning
Error Handling	`result-unit-error`	Warning
Performance	`excessive-clone`	Warning
Performance	`string-from-literal`	Info
Performance	`collect-then-iterate`	Warning
Performance	`large-enum-variant`	Warning
Performance	`unnecessary-allocation`	Warning
Architecture	`high-cyclomatic-complexity`	Warning
Security	`hardcoded-secrets`	Error
Security	`unsafe-block-audit`	Warning
Security	`sql-injection-risk`	Error
Async	`blocking-in-async`	Error
Async	`block-on-in-async`	Error
Framework	`tokio-main-missing`	Error
Framework	`tokio-spawn-without-move`	Error
Framework	`axum-handler-not-async`	Warning
Framework	`actix-blocking-handler`	Warning

FAQ

Know if your Rust code
is actually healthy.

Everything clippy doesn't.

One number. Zero ambiguity.

Built for AI coding assistants.

Pick your method.

19 custom AST rules.

Common questions.

Know if your Rust codeis actually healthy.

Everything clippy doesn't.

One number. Zero ambiguity.

Built for AI coding assistants.

Pick your method.

19 custom AST rules.

Common questions.

Does Rust need static analysis if the compiler already catches so much?

How do I measure Rust code quality?

What is a Rust health score?

How does rust-doctor compare to Clippy?

Can I use rust-doctor with AI coding assistants?

How do I add rust-doctor to CI/CD?

How do I track technical debt in a Rust project?

What issues does rust-doctor catch that other tools miss?

Know if your Rust code
is actually healthy.