Expand description
May 2026 CVE pattern pack for MCP manifests.
Each rule is a pure function &Tool -> Option<Finding> so the engine is
trivially parallelizable and unit-testable in isolation. Patterns are
compiled once into a RuleSet (regexes lazily built behind OnceLock).
Rule IDs follow SEN-NNN. See docs/RULES.md for prose descriptions.