ahrav/rule-optimize
.claude/skills/rule-optimize/SKILL.md
Use when adding or modifying rules in default_rules.yaml, when benchmarking rule performance against test corpuses, or when validating regex anchors and keyword choices. Detection rule edit-bench-compare workflow.
$ install --global
skillsauthnpx skillsauth add ahrav/gossip-rs rule-optimizeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 10, 2026, 3:11 AM4.2s1 file scanned
SKILL.md
- name:
- rule-optimize
- description:
- Use when adding or modifying rules in default_rules.yaml, when benchmarking rule performance against test corpuses, or when validating regex anchors and keyword choices. Detection rule edit-bench-compare workflow.
- user-invocable:
- true
Rule Optimization Workflow
Use after modifying rules in crates/scanner-engine/default_rules.yaml
(loaded by crates/scanner-engine/src/rules/).
Checklist
- [ ] Run
cargo testto verify no regressions - [ ] Build release:
RUSTFLAGS="-C target-cpu=native" cargo build --release - [ ] Benchmark against test repos (optional external corpuses):
./target/release/scanner-rs ../linux ../gitleaks ../tigerbeetle ../trufflehogNote:
../linux,../gitleaks,../tigerbeetle,../trufflehogare external test corpus directories. They are optional and must be cloned separately if not already present. - [ ] Compare throughput/findings against baseline
- [ ] Document anchor/keyword choice if non-obvious (add inline comment)
Pattern Guidelines
When adding or modifying rules:
Anchors
- Prefer structured prefixes (
sgp_,hvs.,AKIA) over service name keywords - Avoid generic patterns like
[a-fA-F0-9]{40}that match git SHAs - Add inline comments explaining non-obvious anchor/keyword choices
Performance
- Test rule isolation:
cargo bench --bench rule_isolation -- <rule_id> - Check for backtracking: avoid
.*followed by greedy quantifiers - Prefer character classes over alternation when possible
Validation
- Ensure validators don't make network calls in hot paths
- Use entropy checks for high-entropy secrets
- Add checksum validation where applicable (AWS keys, etc.)
Baseline Comparison
Before making changes, capture baseline:
# Run 3x and record median throughput
for i in 1 2 3; do
./target/release/scanner-rs ../linux 2>&1 | tail -1
done
After changes, compare:
# Calculate % change
# Acceptable: <2% regression
# Investigate: 2-5% regression
# Block: >5% regression without justification
Key Paths
| Item | Path |
|------|------|
| Default rules YAML | crates/scanner-engine/default_rules.yaml |
| Rules module | crates/scanner-engine/src/rules/ |
| Release binary | ./target/release/scanner-rs (from scanner-rs-cli) |
Related Skills
/bench-compare- Criterion benchmark comparison/perf-regression- Full performance regression workflow/test-strategy- Choose testing approach for rule changes
Related Skills
ahrav/first-principles
development
VerifiedTrustedCommunity
Deep first-principles code explanation that builds real understanding through phased walkthroughs with diagrams. Covers algorithms, data structures, memory layout, concurrency patterns, and performance tricks — especially for systems code in Rust. Use whenever the user asks to explain, walk through, break down, deep dive into, or understand code. Trigger on "how does this work", "what's happening here", "teach me about this", "why is it done this way", or when the user references a file with @ and wants to understand it. Proactively use when examining code involving lock-free algorithms, atomics/CAS, memory ordering,
1SKILL.mdUpdated Apr 17, 2026
ahrav/task-forge
development
VerifiedTrustedCommunity
Use when creating implementation-ready beads tasks that need testing strategy, optimal implementation approach, and documentation requirements baked in — composes /create-task with parallel enrichment agents that analyze the codebase and produce concrete test specifications, algorithm/data-structure guidance, and doc quality standards so implementing agents don't need to re-research
1SKILL.mdUpdated Apr 10, 2026
ahrav/.claude/skills/autoresearch
development
VerifiedTrustedCommunity
--- name: autoresearch description: Autonomous Goal-directed Iteration. Apply Karpathy's autoresearch principles to ANY task. Loops autonomously — modify, verify, keep/discard, repeat. Supports bounded iteration via Iterations: N inline config. version: 1.9.11 --- # Claude Autoresearch — Autonomous Goal-directed Iteration Inspired by [Karpathy's autoresearch](https://github.com/karpathy/autoresearch). Applies constraint-driven autonomous iteration to ANY work — not just ML research. **Core id
1SKILL.mdUpdated Apr 10, 2026
ahrav/test-pipeline
development
VerifiedTrustedCommunity
Use when implementing a new feature and assessing coverage gaps, during periodic test hygiene, when test suites feel bloated, or before merging code that changes coordination or hot paths. Two-phase assess-then-improve testing pipeline.
1SKILL.mdUpdated Apr 2, 2026