From 5c524b14ba0ee7dc1d96525c2fd00b2dac8d35dd Mon Sep 17 00:00:00 2001
From: Adir Shitrit <adirshit212@gmail.com>
Date: Fri, 7 Nov 2025 18:08:21 +0200
Subject: [PATCH] integrate detection engine into CLI

---
 ghost-cli/src/main.rs | 48 +++++++++++++++++++++++++++++++++----------
 1 file changed, 37 insertions(+), 11 deletions(-)

diff --git a/ghost-cli/src/main.rs b/ghost-cli/src/main.rs
index 1907aba..f86aa45 100644
--- a/ghost-cli/src/main.rs
+++ b/ghost-cli/src/main.rs
@@ -1,28 +1,54 @@
 use anyhow::Result;
-use ghost_core::{memory, process};
+use ghost_core::{memory, process, DetectionEngine, ThreatLevel};
 
 fn main() -> Result<()> {
     env_logger::init();
 
-    println!("Ghost - Process Injection Detection\n");
+    println!("Ghost v0.1.0 - Process Injection Detection\n");
 
+    let mut engine = DetectionEngine::new();
     let processes = process::enumerate_processes()?;
-    println!("Found {} processes\n", processes.len());
 
-    for proc in processes.iter().take(10) {
-        println!("{}", proc);
+    println!("Scanning {} processes...\n", processes.len());
 
+    let mut detections = Vec::new();
+
+    for proc in &processes {
         if let Ok(regions) = memory::enumerate_memory_regions(proc.pid) {
-            let rwx_regions: Vec<_> = regions
-                .iter()
-                .filter(|r| r.protection == ghost_core::MemoryProtection::ReadWriteExecute)
-                .collect();
+            let result = engine.analyze_process(proc, &regions);
 
-            if !rwx_regions.is_empty() {
-                println!("  RWX regions: {}", rwx_regions.len());
+            if result.threat_level != ThreatLevel::Clean {
+                detections.push(result);
             }
         }
     }
 
+    if detections.is_empty() {
+        println!("No suspicious activity detected.");
+    } else {
+        println!("Found {} suspicious processes:\n", detections.len());
+
+        for detection in detections {
+            let level_str = match detection.threat_level {
+                ThreatLevel::Suspicious => "SUSPICIOUS",
+                ThreatLevel::Malicious => "MALICIOUS",
+                _ => "CLEAN",
+            };
+
+            println!(
+                "[{}] {} (PID: {}) - Confidence: {:.1}%",
+                level_str,
+                detection.process.name,
+                detection.process.pid,
+                detection.confidence * 100.0
+            );
+
+            for indicator in &detection.indicators {
+                println!("  - {}", indicator);
+            }
+            println!();
+        }
+    }
+
     Ok(())
 }