Surface deprecated prebuilt detection rules as a sibling nav page

[Mpdreamz]

Why

Elastic's prebuilt detection rules repo contains a _deprecated/ folder of rules that have been retired. These rules were previously invisible to users browsing the docs — there was no way to discover them, understand why they exist, or know what replaced them. Users navigating directly to a deprecated rule page (e.g. from a bookmark or external link) also lost their nav context entirely: nothing in the sidebar was highlighted.

What

Deprecated rules page

When the detection-rules plugin processes a rule folder that contains a _deprecated/ subfolder, it automatically generates a sibling "Deprecated prebuilt detection rules" page in the navigation alongside the active rules overview. No docset.yml changes are required for the page to appear.

The page lists all deprecated rules alphabetically by domain, linking to individual rule pages. Each individual rule page shows a deprecation warning admonition with the date the rule was deprecated.

Optional preface

The security team can supply introductory content for the deprecated rules page by adding a markdown file to the detection-rules docs folder and referencing it in docset.yml:

- file: index.md
  detection_rules: ['../rules', '../rules_building_block']
  deprecated_file: deprecated-rules.md   # optional

When deprecated_file is set, the content of that file prefixes the auto-generated rules listing. This lets the team explain what deprecated rules are, what users should do with them, and link to related guidance — all without touching the docs-builder codebase.

Follow-up: elastic/detection-rules#5968 adds this preface file (draft, cannot merge until this PR is released to production).

Nav active state for hidden pages

Individual rule pages (both active and deprecated) are hidden nav leaves — they exist in the nav tree for ordering/breadcrumb purposes but don't appear as visible links in the sidebar. Before this change, landing on a rule page left the sidebar with nothing selected.

The fix emits a <meta name="docs:nav-active" content="{parentUrl}"> tag server-side when the current page is a hidden nav item. The client reads this and highlights the nearest visible ancestor instead. This restores nav context for rule pages and fixes the same issue on the live site for any hidden page.

Verification

Run locally against the detection-rules repo:

dotnet run --project src/tooling/docs-builder -- serve --path /path/to/detection-rules

• http://localhost:3000/deprecated-detection-rules — lists deprecated rules
• http://localhost:3000/rules/_deprecated/<rule> — deprecation warning, sidebar highlights deprecated rules page
• http://localhost:3000/rules/<category>/<rule> — sidebar highlights prebuilt rules overview

[coderabbitai]

Warning

Rate limit exceeded

@Mpdreamz has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 48 minutes and 18 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 48 minutes and 18 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 23d6b678-7205-4c26-9b5b-e15863d6abf3

📥 Commits

Reviewing files that changed from the base of the PR and between 9042a9a and f915644.

📒 Files selected for processing (3)

• Directory.Packages.props
• src/Elastic.Documentation.Configuration/Toc/DocumentationSetFile.cs
• src/Elastic.Markdown/HtmlWriter.cs

📝 Walkthrough

Walkthrough

This pull request introduces support for deprecated detection rules in the documentation system. It adds an in-memory file system factory scoped to git roots, extends the TOC resolution to detect and generate deprecated rule overviews as sibling references, updates YAML parsing to recognize deprecated rules, and adds detection rule maturity and deprecation date metadata. The build process creates synthetic overview markdowns for deprecated rules, and the frontend uses a NavigationActiveUrl meta tag to highlight the appropriate navigation link for pages that lack direct nav entries.

Sequence Diagram

sequenceDiagram
    participant Build as Build System
    participant TOC as TOC Resolution
    participant FS as File System
    participant HTML as HTML Renderer
    participant Client as Browser Client
    participant Nav as Navigation

    Build->>TOC: Process detection rule overview reference
    TOC->>FS: Check for _deprecated subfolder
    alt Deprecated folder exists
        FS-->>TOC: Folder found
        TOC->>TOC: Create DeprecatedSiblingRef
        TOC->>Build: Append deprecated overview reference
        Build->>FS: Generate DeprecatedDetectionRuleOverviewFile
        FS-->>Build: Overview markdown created
    end
    Build->>HTML: Render page with detection rule
    alt Rule is deprecated
        HTML->>HTML: Insert deprecation warning block
    end
    HTML->>HTML: Compute NavigationActiveUrl<br/>(closest visible ancestor)
    HTML->>Client: Emit docs:nav-active meta tag
    Client->>Nav: Read meta tag content
    Nav->>Nav: Query for matching href
    Nav->>Nav: Apply current class to ancestor link

Loading

Suggested labels

feature, fix

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 21.21% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title clearly summarizes the main change: surfacing deprecated prebuilt detection rules as a sibling navigation page, which is the core objective of this changeset.
Description check	✅ Passed	The PR description comprehensively explains why the change was made (users couldn't discover deprecated rules), what was implemented (auto-generated deprecated rules page, optional preface, nav context restoration), and how to verify it locally with specific URLs.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch feature/deprecated-detection-rules

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/Elastic.Documentation.Configuration/Toc/TableOfContentsYamlConverters.cs (1)

75-87: ⚠️ Potential issue | 🟡 Minor

Remove unused deprecated_detection_rules from parsing logic.

The deprecated_detection_rules key is parsed into the dictionary but never read anywhere in the codebase. The PR auto-discovers deprecated rules via folder scanning, making this key dead code. Remove it from the condition or document why it's retained.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/Elastic.Documentation.Configuration/Toc/TableOfContentsYamlConverters.cs`
around lines 75 - 87, In the YAML parsing branch inside
TableOfContentsYamlConverters (the else-if that checks key.Value against
"detection_rules" or "exclude" or "deprecated_detection_rules"), remove
"deprecated_detection_rules" from that condition and any related parsing branch
so the parser no longer adds that key into the dictionary; if you intentionally
want to keep it, add a comment explaining why and where it's consumed. Update or
remove any tests or usages that expect deprecated_detection_rules to be present
and ensure the parsing of the remaining keys ("detection_rules", "exclude") is
unchanged.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In
`@src/Elastic.Documentation.Configuration/Toc/TableOfContentsYamlConverters.cs`:
- Around line 75-87: In the YAML parsing branch inside
TableOfContentsYamlConverters (the else-if that checks key.Value against
"detection_rules" or "exclude" or "deprecated_detection_rules"), remove
"deprecated_detection_rules" from that condition and any related parsing branch
so the parser no longer adds that key into the dictionary; if you intentionally
want to keep it, add a comment explaining why and where it's consumed. Update or
remove any tests or usages that expect deprecated_detection_rules to be present
and ensure the parsing of the remaining keys ("detection_rules", "exclude") is
unchanged.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 81e46472-e23f-4459-8cba-6b14b17737ff

📥 Commits

Reviewing files that changed from the base of the PR and between b94fd12 and 9042a9a.

📒 Files selected for processing (15)

• src/Elastic.Documentation.Configuration/FileSystemFactory.cs
• src/Elastic.Documentation.Configuration/Toc/DetectionRules/DetectionRuleOverviewRef.cs
• src/Elastic.Documentation.Configuration/Toc/DocumentationSetFile.cs
• src/Elastic.Documentation.Configuration/Toc/TableOfContentsYamlConverters.cs
• src/Elastic.Documentation.Site/Assets/pages-nav.ts
• src/Elastic.Documentation.Site/Layout/_Head.cshtml
• src/Elastic.Documentation.Site/_ViewModels.cs
• src/Elastic.Markdown/Extensions/DetectionRules/DetectionRule.cs
• src/Elastic.Markdown/Extensions/DetectionRules/DetectionRuleFile.cs
• src/Elastic.Markdown/Extensions/DetectionRules/DetectionRulesDocsBuilderExtension.cs
• src/Elastic.Markdown/HtmlWriter.cs
• src/Elastic.Markdown/Page/Index.cshtml
• src/Elastic.Markdown/Page/IndexViewModel.cs
• src/tooling/docs-builder/Http/InMemoryBuildState.cs
• src/tooling/docs-builder/Http/ReloadGeneratorService.cs