Skip to content

feat(rules): list and install rustinel-rules packs #107

Description

@Karib0u

Purpose

Allow Rustinel to discover and install one active cumulative rules profile from the released rustinel-rules catalog without requiring users to manually edit config.toml.

Scope

  • Add rustinel rules list.
  • Add rustinel rules install <PACK>.
  • Fetch and parse the released index.json catalog.
  • Filter packs for the current platform.
  • Validate manifest schema and engine paths.
  • Validate pack operating system.
  • Validate requires_rustinel compatibility.
  • Define and implement the Phase 1 catalog trust model.
  • Download artifacts into staging.
  • Enforce maximum download and extracted sizes.
  • Verify SHA-256 checksums.
  • Reject ZIP path traversal and unsafe entries.
  • Validate expected pack structure.
  • Atomically replace rules/current.
  • Write state.json with pack ID, version, checksum, and installation timestamp.
  • Preserve the previous working pack on failure.

Managed Rules Layout

rules/
├── current/
│   ├── pack.yml
│   ├── sigma/
│   ├── yara/
│   └── ioc/
├── staging/
└── state.json

Acceptance Criteria

  • rules list shows available packs for the current platform.
  • The active pack is clearly identified.
  • rules install validates OS and minimum Rustinel version.
  • Catalog trust is verified or the release limitation is explicitly documented before release.
  • SHA-256 verification is mandatory.
  • Unsafe ZIP entries are rejected.
  • Failed installation preserves the active working pack.
  • Tests use local fixtures rather than depending on live GitHub releases.

Dependencies

Priority

P0

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestp0Must ship in next cycle

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions