snyk · ShawkyZ · Oct 15, 2025 · Oct 14, 2025 · ShawkyZ · Oct 15, 2025
diff --git a/src/snyk/assets/snyk_rules.md → src/snyk/assets/snyk_rules_always_apply.md b/src/snyk/assets/snyk_rules.md → src/snyk/assets/snyk_rules_always_apply.md
diff --git a/src/snyk/assets/snyk_rules_smart_apply.md b/src/snyk/assets/snyk_rules_smart_apply.md
@@ -0,0 +1,13 @@
+---
+alwaysApply: false
+description: BEFORE declaring task complete and IF there are significant code changes: ensure best security practices are met
+---
+
+# Project security best practices
+
+
+- BEFORE declaring task complete: Run snyk_code_scan tool when a significant change has been made in first party code.
+- This shoule only apply for Snyk-supported coding language
+- If any security issues are found based on newly introduced or modified code or dependencies, attempt to fix the issues using the results context from Snyk.
+- Rescan the code after fixing the issues to ensure that the issues were fixed and that there are no newly introduced issues.
+- Repeat this process until no new issues are found.
diff --git a/src/snyk/cli/mcp/mcp.ts b/src/snyk/cli/mcp/mcp.ts
@@ -218,7 +218,10 @@ async function ensureMcpServerInJson(
 }
 
 async function readBundledRules(vsCodeContext: vscode.ExtensionContext): Promise<string> {
-  return await fs.promises.readFile(path.join(vsCodeContext.extensionPath, 'out', 'assets', 'snyk_rules.md'), 'utf8');
+  return await fs.promises.readFile(
+    path.join(vsCodeContext.extensionPath, 'out', 'assets', 'snyk_rules_always_apply.md'),
+    'utf8',
+  );
 }
 
 async function writeLocalRulesForIde(relativeRulesPath: string, rulesContent: string): Promise<void> {