ATR 是 MIT 授權。貢獻只需要一個文字編輯器和一個 YAML 檔案。

Found a way to bypass an existing rule? This is the single most impactful thing you can do. Every confirmed evasion becomes a new test case and often triggers a rule improvement.

1. 1.Check the rule's existing evasion_tests section and LIMITATIONS.md
2. 2.Open an issue using the Evasion Report template
3. 3.Include: rule ID, bypass input, technique used, why it works

A rule triggered on legitimate content? Confirmed false positives become new true_negatives test cases, keeping ATR's 99.7% precision real.

1. 1.Open an issue using the False Positive Report template
2. 2.Include: rule ID, the input that triggered, why it's legitimate

Write a full detection rule for a new attack pattern. ATR rules are YAML files following a documented schema. We have a complete walkthrough.

1. 1.Fork the repository
2. 2.Create a YAML file in rules/<category>/
3. 3.Follow the ATR schema (spec/atr-schema.yaml)
4. 4.See examples/how-to-write-a-rule.md
5. 5.Run: npx agent-threat-rules validate && npx agent-threat-rules test
6. 6.Submit a PR

Use Claude Code, Cursor, or any AI coding agent with ATR's MCP server. The AI understands the rule schema, generates YAML, validates it, and runs tests. You review the output.

1. 1.Install: npx agent-threat-rules mcp (starts the MCP server)
2. 2.Connect your AI agent to the MCP server
3. 3.Describe the attack pattern you want to detect
4. 4.The AI generates rule YAML + test cases
5. 5.Review, refine, submit PR