Update find-rule skill to look for sibling rules#14530
Open
rhmdnd wants to merge 1 commit intoComplianceAsCode:masterfrom
Open
Update find-rule skill to look for sibling rules#14530rhmdnd wants to merge 1 commit intoComplianceAsCode:masterfrom
rhmdnd wants to merge 1 commit intoComplianceAsCode:masterfrom
Conversation
This commit adds another step to the find-rule workflow that tells coding agents to look for sibling rules that are relevant to a given control text. This can be helpful in discovering additional related rules, giving contributors the ability to put those into profiles, too.
Collaborator
Author
|
@Vincent056 here is the PR from our pairing session yesterday. |
jan-cerny
reviewed
Mar 18, 2026
| 5. **Check control files** in `controls/` and `products/*/controls/` for matching control IDs or titles that already map to this requirement. | ||
|
|
||
| 6. **Present results** organized by match strength. For every rule, include a **Rationale** — a concise (1-2 sentence) explanation of why this rule satisfies or partially satisfies the requirement. Write the rationale so that a maintainer unfamiliar with the rule can understand the connection without reading the full rule.yml. Focus on *what the rule checks* and *how that maps to the requirement*. | ||
| 6. **Note product applicability** for each matched rule. Check the `identifiers` section of each rule.yml for `cce@<product>` entries (e.g., `cce@ocp4`, `cce@rhel9`). The product IDs after `@` correspond to subdirectory names under `products/`. This tells the user which products the rule applies to. |
Collaborator
There was a problem hiding this comment.
CCEs are used only for some products (RHEL, SLES). Many other products don't use CCEs (Ubuntu, Fedora, ...). Checking CCEs can be good enough if we work on RHEL or SLES. The product applicability check could be extended to check product/*/controls and product/*/profiles/ directories for presence of the rule ID. However, the only 100 % reliable way is currently to build all products and check the built data streams, which is something we probably don't want Claude to do as a part of this skill.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This commit adds another step to the find-rule workflow that tells
coding agents to look for sibling rules that are relevant to a given
control text. This can be helpful in discovering additional related
rules, giving contributors the ability to put those into profiles, too.