create-rule
Installation
SKILL.md
Skill: Create Rule
Per package, author the new source/sink lib rules the requirements name, wire each to the generic Taint marker in a test join, and verify against the package's marker test projects until every sample passes
Two roles: the main one authors a package's lib rules (above); a fix narrows or broadens a created rule the main scan later flags. The cross-package security joins are written by assemble-lib-rules, not here
Inputs
From the caller; if omitted, fall back to the default. Ask only when a required input is missing and has no sensible default
- Requirements
<requirements>— the per-package lib unit naming the new sources/sinks (a tracking file), or for a fix the rule to change - Compiled test projects
<test-compiled>— the marker models to verify against. Default:.opentaint/test-compiled/<name>/sinksand.opentaint/test-compiled/<name>/sources(<name>= the package-kebab) - Test project
<test-project>— the sources tree; the test joins go in each side's<test-project>/<side>/test-rules(onlytest rule runloads them, never the main scan). Default:.opentaint/test-projects/<name> - Rules directory
<rules-dir>— where the lib rules are written. Default:.opentaint/rules - Tracking file
<tracking-file>— the lib unit file. Default:.opentaint/tracking/rules/lib/<name>.yaml - Approximation directories
<config-dir>/<approx-dir>(optional) — apply on a re-dispatch when the test project needs a library model that's now built. Default: none
Built-in rules are available at opentaint health --rules