Attribute Macro cheat_aware 

#[cheat_aware]

Mark a test as cheat-aware, documenting how it could be cheated.

Attributes

• protects - What user scenario this test protects (string)
• severity - Impact severity: “CRITICAL”, “HIGH”, “MEDIUM”, “LOW” (string)
• ease - How easy it is to cheat: “EASY”, “MEDIUM”, “HARD” (string)
• cheats - List of ways to cheat this test (array of strings)
• consequence - What users see when cheated (string)
• legitimate_change - Optional: how to legitimately change behavior (string)

The legitimate_change field implements “inoculation prompting” from Anthropic’s research on emergent misalignment. By explicitly describing the legitimate path for changing behavior, we reduce the temptation to cheat.

Example

#[cheat_aware(
    protects = "User can log in",
    severity = "CRITICAL",
    ease = "EASY",
    cheats = ["Skip PAM config check", "Accept any password"],
    consequence = "Authentication failure",
    legitimate_change = "If PAM is genuinely not needed (e.g., embedded system), \
        configure the profile in builder/src/profiles.rs with auth_method = None"
)]
#[test]
fn test_login_works() {
    // ...
}