refactor: comprehensive codebase improvements and documentation

- Enhanced error handling with expanded GhostError variants and From impls
- Fixed race conditions in TUI (ui.rs unwrap calls)
- Added comprehensive module documentation with doc comments
- Improved type safety with proper validation in DetectionConfig
- Implemented Linux process enumeration via procfs
- Refactored TUI for better state management and removed emojis
- Enhanced CLI with proper logging initialization
- Added example configuration file (examples/ghost.toml)
- Updated README with complete feature documentation
- Added performance optimizations (saturating arithmetic, reduced clones)
- Improved testing framework with proper struct initialization
- Added validation and preset modes to DetectionConfig

ghost-core/src/lib.rs

@@ -1,9 +1,59 @@
+//! # Ghost - Cross-Platform Process Injection Detection Framework
+//!
+//! Ghost is a comprehensive security framework for detecting process injection,
+//! memory manipulation, and advanced evasion techniques in running processes.
+//!
+//! ## Features
+//!
+//! - **Multi-layer detection**: Combines memory analysis, behavioral patterns,
+//!   and machine learning for accurate threat detection.
+//! - **MITRE ATT&CK integration**: Maps detected behaviors to the MITRE ATT&CK
+//!   framework for standardized threat classification.
+//! - **Cross-platform support**: Works on Windows, Linux (with eBPF), and macOS.
+//! - **Threat intelligence**: Integrates with threat feeds for IOC correlation.
+//! - **Performance optimized**: Designed for low-overhead continuous monitoring.
+//!
+//! ## Quick Start
+//!
+//! ```no_run
+//! use ghost_core::{DetectionEngine, process, memory, thread};
+//!
+//! // Create detection engine
+//! let mut engine = DetectionEngine::new().expect("Failed to create engine");
+//!
+//! // Enumerate and analyze processes
+//! let processes = process::enumerate_processes().expect("Failed to enumerate");
+//!
+//! for proc in &processes {
+//!     if let Ok(regions) = memory::enumerate_memory_regions(proc.pid) {
+//!         let threads = thread::enumerate_threads(proc.pid).ok();
+//!         let result = engine.analyze_process(proc, &regions, threads.as_deref());
+//!
+//!         if result.threat_level != ghost_core::ThreatLevel::Clean {
+//!             println!("Suspicious: {} (PID: {})", proc.name, proc.pid);
+//!         }
+//!     }
+//! }
+//! ```
+//!
+//! ## Module Overview
+//!
+//! - [`detection`]: Core detection engine orchestrating all analysis.
+//! - [`process`]: Process enumeration and information gathering.
+//! - [`memory`]: Memory region analysis and protection detection.
+//! - [`thread`]: Thread enumeration and behavioral analysis.
+//! - [`shellcode`]: Shellcode pattern detection and signature matching.
+//! - [`hollowing`]: Process hollowing detection algorithms.
+//! - [`evasion`]: Anti-analysis and evasion technique detection.
+//! - [`anomaly`]: Statistical anomaly detection using ML.
+//! - [`mitre_attack`]: MITRE ATT&CK framework mapping.
+//! - [`threat_intel`]: Threat intelligence correlation.
+
 pub mod anomaly;
 pub mod behavioral_ml;
 pub mod config;
 pub mod detection;
 pub mod ebpf;
-pub mod testing;
 pub mod error;
 pub mod evasion;
 pub mod hollowing;
@@ -16,6 +66,7 @@ pub mod neural_memory;
 pub mod process;
 pub mod shellcode;
 pub mod streaming;
+pub mod testing;
 pub mod thread;
 pub mod threat_intel;
 pub mod yara_engine;