After some effort I have now my Firestore emulator setup and my first tests written using mocha! Great.
I understand it is not possible to debug security rules step by step but is there a way to log information or state to the console, directly from the security rules?
I believe there is an undocumented function in security rules that lets you write debug values to the log when running on the local emulator. Try the debug() function. It takes a parameter with value to log, and returns that same value to continue evaluation of the expression.
match /users/{id} {
allow read: if debug(id) == request.auth.uid;
}