project-codeguard · santosomar · Oct 26, 2025 · Oct 22, 2025 · Oct 23, 2025 · Oct 24, 2025
diff --git a/.claude-plugin/marketplace.json b/.claude-plugin/marketplace.json
@@ -15,8 +15,11 @@
       "description": "Comprehensive security rules for AI coding agents",
       "version": "1.0.0",
       "repository": "https://github.com/project-codeguard/rules.git",
-      "tags": ["security", "code-review", "vulnerability-prevention"]
+      "tags": [
+        "security",
+        "code-review",
+        "vulnerability-prevention"
+      ]
     }
   ]
 }
-
diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json
@@ -9,6 +9,11 @@
   "license": "CC-BY-4.0 (rules), Apache-2.0 (tools)",
   "homepage": "https://github.com/project-codeguard/rules",
   "repository": "https://github.com/project-codeguard/rules.git",
-  "keywords": ["security", "secure-coding", "vulnerability-prevention", "code-review", "appsec"]
+  "keywords": [
+    "security",
+    "secure-coding",
+    "vulnerability-prevention",
+    "code-review",
+    "appsec"
+  ]
 }
-
diff --git a/.gitattributes b/.gitattributes
diff --git a/.github/workflows/build-ide-bundles.yml b/.github/workflows/build-ide-bundles.yml
@@ -0,0 +1,71 @@
+---
+name: Build and Release IDE Bundles
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build-and-release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.release.tag_name }}
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          enable-cache: true
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: uv sync
+
+      - name: Get version from release
+        id: get_version
+        run: |
+          TAG="${{ github.event.release.tag_name }}"
+          VERSION=${TAG#v}
+          echo "tag=$TAG" >> $GITHUB_OUTPUT
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+          echo "Release version: $VERSION (tag: $TAG)"
+
+      - name: Validate rules
+        run: uv run python src/validate_unified_rules.py sources/
+
+      - name: Validate versions match tag
+        run: uv run python src/validate_versions.py ${{ steps.get_version.outputs.version }}
+
+      - name: Generate IDE bundles
+        run: uv run python src/convert_to_ide_formats.py
+
+      - name: Create release archives
+        run: |
+          cd dist
+          zip -r ../ide-rules-cursor.zip .cursor/
+          zip -r ../ide-rules-windsurf.zip .windsurf/
+          zip -r ../ide-rules-copilot.zip .github/
+          cd ..
+          zip -r ide-rules-all.zip dist/
+          ls -lh ide-rules-*.zip
+
+      - name: Upload release assets
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh release upload "${{ steps.get_version.outputs.tag }}" \
+            ide-rules-all.zip \
+            ide-rules-cursor.zip \
+            ide-rules-windsurf.zip \
+            ide-rules-copilot.zip \
+            --clobber
+
diff --git a/.github/workflows/generate-ide-rules.yml b/.github/workflows/generate-ide-rules.yml
diff --git a/.github/workflows/validate-rules.yml b/.github/workflows/validate-rules.yml
@@ -0,0 +1,128 @@
+---
+name: Validate Rules
+
+permissions:
+  contents: read
+
+on:
+  pull_request:
+    paths:
+      - 'sources/**'
+      - 'src/**'
+      - 'pyproject.toml'
+  push:
+    branches:
+      - main
+      - develop
+    paths:
+      - 'sources/**'
+      - 'src/**'
+      - 'pyproject.toml'
+  workflow_dispatch:
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v4
+        with:
+          enable-cache: true
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: uv sync
+
+      - name: Validate unified rules
+        run: uv run python src/validate_unified_rules.py sources/
+
+      - name: Check required core rule files exist
+        run: |
+          echo "Checking for required core rule files..."
+          required_files=(
+            "sources/core/codeguard-1-hardcoded-credentials.md"
+            "sources/core/codeguard-1-crypto-algorithms.md"
+            "sources/core/codeguard-1-digital-certificates.md"
+            "sources/core/codeguard-1-safe-c-functions.md"
+            "sources/core/codeguard-SKILLS.md.template"
+          )
+
+          missing=0
+          for file in "${required_files[@]}"; do
+            if [ ! -f "$file" ]; then
+              echo "❌ Missing required file: $file"
+              missing=1
+            else
+              echo "✅ Found: $file"
+            fi
+          done
+
+          if [ $missing -eq 1 ]; then
+            exit 1
+          fi
+
+      - name: Test conversion to IDE formats
+        run: |
+          echo "Testing IDE format conversion..."
+          uv run python src/convert_to_ide_formats.py --output-dir test-output
+
+          # Check that files were generated
+          if [ ! -d "test-output/.cursor" ]; then
+            echo "❌ Cursor rules not generated"
+            exit 1
+          fi
+
+          if [ ! -d "test-output/.windsurf" ]; then
+            echo "❌ Windsurf rules not generated"
+            exit 1
+          fi
+
+          if [ ! -d "test-output/.github" ]; then
+            echo "❌ Copilot instructions not generated"
+            exit 1
+          fi
+
+          echo "✅ All IDE formats generated successfully"
+
+      - name: Check skills/ directory is up-to-date
+        run: |
+          echo "Checking if committed skills/ directory is up-to-date..."
+
+          # Save current skills
+          mv skills skills-committed
+
+          # Regenerate skills (core rules only, matching default)
+          uv run python src/convert_to_ide_formats.py
+
+          # Compare
+          if ! diff -r skills/ skills-committed/ > /dev/null 2>&1; then
+            echo "❌ The skills/ directory is out of date!"
+            echo "Please regenerate by running: python src/convert_to_ide_formats.py"
+            echo "Then: git add skills/"
+            mv skills-committed skills
+            exit 1
+          fi
+
+          # Restore original
+          rm -rf skills
+          mv skills-committed skills
+          echo "✅ Committed skills/ directory is up-to-date"
+
+      - name: Summary
+        if: success()
+        run: |
+          echo "✅ All validation checks passed!"
+          echo ""
+          echo "Rule validation: ✅"
+          echo "Required files: ✅"
+          echo "IDE conversion: ✅"
+          echo "Skills directory: ✅"
+
diff --git a/.gitignore b/.gitignore
@@ -162,4 +162,7 @@ AGENTS.md
 
 # Claude Code Plugin
 .claude-plugin/.cache
-.claude/settings.local.json
+.claude/settings.local.json
+
+# Generated IDE-specific rule bundles (not committed, built for releases)
+dist/