version: "1.0"
rules:
  - id: DANGER001
    name: Dangerous rm -rf with variable
    pattern: rm\s+-rf?\s+\$\w+
    severity: critical
    message: Dangerous deletion with variable
    suggestion: Use absolute paths
  - id: SECURITY001
    name: Unquoted variable
    pattern: (?<!["'])(\$[a-zA-Z_][a-zA-Z0-9_]*)(?!["'])
    severity: high
    message: Unquoted variable
    suggestion: Quote variables
  - id: BEST001
    name: Missing set -e
    pattern: ^[^#!]*set\s+-e
    severity: medium
    message: Missing set -e
    suggestion: Add set -e