lintai Documentation

Rule Guide

Browse rules and presets with less guesswork.

Start with the quiet `recommended` default, then opt into `preview` or `governance` only when you want broader review.

Rule ReferenceBrowse every shipped rule with a short name, summary, severity, and scope.

Preset ReferenceSee which rules each preset enables and how overlay presets change behavior.

Start Here

• Open recommended preset if you want the main default most teams should start with.
• Open Rule Reference to browse checks by provider and rule code.
• Open Preset Reference to understand activation defaults and overlays.

Featured Rules

If you only look at a few rules first, start with these:

• SEC352 for unscoped Bash grants in AI-native frontmatter. This is currently the highest-signal skills markdown rule from the latest external validation pass.
• SEC347 for mutable MCP launchers in markdown setup docs.
• SEC340 for mutable package launchers in committed Claude hook settings.
• SEC329 for mutable package launchers in committed mcp.json.

What You Will Find

• Short, readable rule names for faster scanning in the catalog and sidebar.
• Clear rule pages with summary, severity, lifecycle, and preset membership.
• Preset pages that show the rules they enable and what they are meant for.

Project References

Most readers can stop at the rule and preset reference. If you need release or project-level detail, the main supporting docs are:

• SECURITY_RULES.md
• POSITIONING_AND_SCOPE.md
• EXTERNAL_VALIDATION_PLAN.md
• EXTERNAL_VALIDATION_FIELD_UPDATE_2026-03-30.md
• SIGNAL_QUALITY_AUDIT_2026-04-02.md
• SEC352_STABLE_CANDIDATE_TRACK.md
• EXTERNAL_VALIDATION_REPORT.md
• EXTERNAL_VALIDATION_TOOL_JSON_REPORT.md
• EXTERNAL_VALIDATION_SERVER_JSON_REPORT.md
• EXTERNAL_VALIDATION_GITHUB_ACTIONS_REPORT.md
• EXTERNAL_VALIDATION_AI_NATIVE_DISCOVERY_REPORT.md
• PUBLIC_BETA_RELEASE.md
• PUBLIC_BETA_SHIPPING_CHECKLIST.md
• BETA_TO_1_0_ROADMAP.md

Current beta distribution is limited to GitHub Release assets only.