Purpose
Allow Rustinel to discover and install one active cumulative rules profile from the released rustinel-rules catalog without requiring users to manually edit config.toml.
Scope
- Add
rustinel rules list.
- Add
rustinel rules install <PACK>.
- Fetch and parse the released
index.json catalog.
- Filter packs for the current platform.
- Validate manifest schema and engine paths.
- Validate pack operating system.
- Validate
requires_rustinel compatibility.
- Define and implement the Phase 1 catalog trust model.
- Download artifacts into staging.
- Enforce maximum download and extracted sizes.
- Verify SHA-256 checksums.
- Reject ZIP path traversal and unsafe entries.
- Validate expected pack structure.
- Atomically replace
rules/current.
- Write
state.json with pack ID, version, checksum, and installation timestamp.
- Preserve the previous working pack on failure.
Managed Rules Layout
rules/
├── current/
│ ├── pack.yml
│ ├── sigma/
│ ├── yara/
│ └── ioc/
├── staging/
└── state.json
Acceptance Criteria
Dependencies
Priority
P0
Purpose
Allow Rustinel to discover and install one active cumulative rules profile from the released
rustinel-rulescatalog without requiring users to manually editconfig.toml.Scope
rustinel rules list.rustinel rules install <PACK>.index.jsoncatalog.requires_rustinelcompatibility.rules/current.state.jsonwith pack ID, version, checksum, and installation timestamp.Managed Rules Layout
Acceptance Criteria
rules listshows available packs for the current platform.rules installvalidates OS and minimum Rustinel version.Dependencies
Priority
P0