CodeCome currently treats Rust as unsupported by the local CodeQL integration and skips Rust entries under soft fail policy. Phase 1a should mention detected Rust code in notes rather than adding it to codeql-plan.yml analysis languages.
This issue tracks whether Rust should become first-class in the CodeQL integration or be handled by a separate static-analysis path.
Acceptance criteria:
- Confirm current upstream CodeQL support status for Rust and whether a stable extractor/query pack exists.
- If supported, add Rust to templates/codeql-packs.yml with validated official pack references.
- Add Rust to tools/codeql/capabilities.py with supported build modes.
- Update templates/codeql-plan.yml and prompts/phase-1a-profile.md allowed-language guidance.
- Add runner/gate tests covering Rust plans under soft and hard fail policies.
- Validate at least one cargo-based sandbox target end-to-end.
- If not supported, document recommended fallback tooling such as cargo-audit, clippy, semgrep, or manual review in the workflow docs/prompts.
CodeCome currently treats Rust as unsupported by the local CodeQL integration and skips Rust entries under soft fail policy. Phase 1a should mention detected Rust code in notes rather than adding it to codeql-plan.yml analysis languages.
This issue tracks whether Rust should become first-class in the CodeQL integration or be handled by a separate static-analysis path.
Acceptance criteria: