[SPRINT-07] rules-and-redteam

## Sprint 07: Rules and Red-Team Validation Gate

**Epic**: ACA-03 Analysis
**Branch**: sprint/07-rules-and-redteam
**Stories**: 4 (8 FP expected)
**Expected Duration**: 25-30 seconds

### Objectives

Implement 3 additional analysis rules (R-02, R-03, R-04) with cost optimization focus:
- R-02: Log Analytics cost > $500/year in non-prod
- R-03: Microsoft Defender cost > $2,000/year
- R-04: Compute scheduling (VM + App Service + Containers) > $5,000/year

Plus red-team validation gate to assert Tier 1 findings never leak internal fields.

### Acceptance Gate

- All 4 story modules exist and pass import checks
- Unit tests cover both finding and no-finding scenarios  
- Red-team gate validates Tier 1 field masking
- Total tests: 33/33 (29 baseline + 4 new)
- Lint: ruff check exits 0

### Progress Tracking

| ID | Title | Status |
|---|---|---|
| ACA-03-010 | Red-team gate | TODO |
| ACA-03-012 | R-02 Log Retention rule | TODO |
| ACA-03-013 | R-03 Defender Mismatch rule | TODO |
| ACA-03-014 | R-04 Compute Scheduling rule | TODO |

### Success Criteria

After merge to main:
- PR applies cleanly
- All tests pass (33/33)
- No regressions
- Coverage maintained

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[SPRINT-07] rules-and-redteam #28

Sprint 07: Rules and Red-Team Validation Gate

Objectives

Acceptance Gate

Progress Tracking

Success Criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

ID	Title	Status
ACA-03-010	Red-team gate	TODO
ACA-03-012	R-02 Log Retention rule	TODO
ACA-03-013	R-03 Defender Mismatch rule	TODO
ACA-03-014	R-04 Compute Scheduling rule	TODO

[SPRINT-07] rules-and-redteam #28

Description

Sprint 07: Rules and Red-Team Validation Gate

Objectives

Acceptance Gate

Progress Tracking

Success Criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions