Build a ComplianceAsCode product
Build a ComplianceAsCode product.
Product: $ARGUMENTS
This skill uses mcp__content-mcp__* tools when available (preferred — deterministic, structured results). When the MCP server is not configured, fall back to filesystem-based alternatives noted as Fallback in each step. See .claude/skills/shared/mcp_fallbacks.md for detailed fallback procedures. The skill must complete successfully either way.
Check if product is valid:
Use mcp__content-mcp__get_product_details with product_id=$ARGUMENTS to validate the product exists and get its metadata.
Fallback: Read products/$ARGUMENTS/product.yml directly. If the file doesn't exist, the product is invalid.
If product not found, list available products:
Use mcp__content-mcp__list_products to get all available products.
Fallback: Run ls products/ to list available product directories.
If no product specified, ask user using AskUserQuestion:
Always use the build_product script. Do not use CMake, make, or ninja directly.
Parse user arguments for optional flags:
--datastream-only — skip guides, tables, playbooks (faster)--rule-id <rule_id> — build only a specific rule (fastest, for testing)Build command:
./build_product [flags] $PRODUCT
Examples:
./build_product rhel9 # Full build
./build_product --datastream-only rhel9 # Data stream only
./build_product --datastream-only --rule-id sshd_set_idle_timeout rhel9 # Single rule
Monitor build progress:
Expected artifacts in build/:
ssg-$ARGUMENTS-ds.xml - SCAP data streamssg-$ARGUMENTS-ds-1.2.xml - SCAP 1.2 data streamssg-$ARGUMENTS-xccdf.xml - XCCDF documentssg-$ARGUMENTS-oval.xml - OVAL definitionsguides/ - HTML guides (skipped with --datastream-only)ansible/ - Ansible playbooks (skipped with --datastream-only)bash/ - Bash scripts (skipped with --datastream-only)Check build exit code:
Verify key artifacts exist:
Use mcp__content-mcp__get_datastream_info with product=$ARGUMENTS to verify the datastream was built successfully and get artifact details.
Fallback: Check files directly:
ls -la build/ssg-$ARGUMENTS-ds.xml
ls -la build/ssg-$ARGUMENTS-xccdf.xml
ls -la build/ssg-$ARGUMENTS-oval.xml
Check for build warnings:
Build Complete
==============
Product: $ARGUMENTS
Build Status: SUCCESS
Artifacts:
- build/ssg-$ARGUMENTS-ds.xml
- build/ssg-$ARGUMENTS-xccdf.xml
- build/ssg-$ARGUMENTS-oval.xml
Ready for:
- Validation tests: /run-tests
- Automatus testing: /test-rule <rule_id>
- OpenSCAP scanning: oscap xccdf eval --profile <profile> build/ssg-$ARGUMENTS-ds.xml
- PR creation
Build Failed
============
Product: $ARGUMENTS
Error Output:
[error message from build]
Common Causes:
1. Jinja2 template syntax error in rule.yml
2. Missing macro or variable reference
3. Invalid platform specification
4. Circular dependency in profiles
Debugging Steps:
1. Check the specific file mentioned in the error
2. Validate YAML: python3 -c "import yaml; yaml.safe_load(open('path/to/file.yml'))"
3. Check Jinja2: Look for unclosed tags, missing macros
4. Review recent changes: git diff HEAD~1
Python import errors:
pip3 install -r requirements.txt
pip3 install -r test-requirements.txt
Missing dependencies:
# RHEL/Fedora
dnf install cmake make openscap-utils python3-pyyaml python3-jinja2
Jinja2 errors:
{{{ }}} blocksOVAL validation errors:
For more detailed output:
./build_product $ARGUMENTS 2>&1 | tee build.log