feat: add Cline and Continue.dev formats, MCP search tool, CI tests, expanded tags#80
Open
ShaunSec wants to merge 1 commit into
Open
Conversation
…expanded tags
Add four features to improve CodeGuard's reach and developer experience:
1. New Format Support: Cline and Continue.dev
- src/formats/cline.py: generates .md rules for .clinerules/ directory
with paths-based conditional activation
- src/formats/continuedev.py: generates .md rules for .continue/rules/
with globs-based conditional activation
- Both formats registered in __init__.py and convert_to_ide_formats.py
- All 23 rules convert successfully to both formats with valid YAML
- Build, validation, and auto-update workflows updated to include
both formats in zip bundles and release uploads
- codeguard-reviewer AGENT.md exclusion list updated
2. MCP Server Enhancements
- rule_processor.py: added tags field to ProcessedRule, rule caching
to avoid repeated filesystem reads, and graceful error handling that
logs warnings and skips malformed rules instead of crashing
- tool_factory.py: enhanced tool output to include language and tag
metadata; added search_rules tool that filters the rule catalogue
by language, tag, or free-text keyword (AND logic, all optional)
- server.py: registers search_rules meta-tool, warns when no rules
are loaded to help debug CODEGUARD_RULES_DIR misconfiguration
3. CI/CD Test Infrastructure
- .github/workflows/test-mcp-server.yml: new workflow that runs
MCP server tests on Python 3.11/3.12/3.13 with ruff linting,
triggered on changes to src/codeguard-mcp/ or sources/rules/core/
4. Tag Mappings Expansion
- src/tag_mappings.py: expanded from 6 to 24 tags organized by
security domain (identity, data protection, application security,
infrastructure, supply chain, platform, compliance, serialization)
Testing:
- 25/25 MCP server tests pass (16 existing + 8 new + 1 new metadata)
- 23/23 rules convert to all 12 formats with 0 errors
- 46/46 Cline + Continue.dev files validate with correct YAML
- Edge cases verified: empty globs, single glob, always-apply,
special YAML characters, caching identity, malformed rule recovery
Security review: PASS
- yaml.safe_load() for all YAML parsing
- No exec/eval/shell injection vectors
- Search uses substring matching, no ReDoS risk
- All inputs normalized before comparison
|
|
Closed
6 tasks
thschaffr
pushed a commit
to thschaffr/project-codeguard
that referenced
this pull request
May 26, 2026
…tag-to-rule mapping table to the generated SKILL.md.
Tags are already validated in rule frontmatter (utils.validate_tags) and
exposed on ProcessedRule/ConversionResult, but they were not propagated
to any IDE-format output or to the generated SKILL.md. This change makes
the existing tag data actually usable downstream.
Format changes (tags appended to YAML frontmatter when present):
- cursor.py: tags: [authentication, web]
- copilot.py: tags: [authentication, web]
- windsurf.py: tags: [authentication, web]
- antigravity.py: tags: [authentication, web]
- agentskills.py: expanded YAML list (inherited by opencode, codex,
openclaw, hermes, claude formats)
SKILL.md template / generator:
- Add <!-- TAG_MAPPINGS_START --> / <!-- TAG_MAPPINGS_END --> markers
mirroring the existing language-mapping block
- New update_tag_mappings() renders a "Security Context (Tag) -> Rules"
table from the per-run tag_to_rules dict; falls back silently when the
markers are absent so older templates still build
- Add a new section to the skill workflow text that calls out tag-based
selection alongside the existing language-based selection
Regenerated skills/software-security/ artifacts to match the new
pipeline (committed because they ship as the plugin payload).
No change to tag_mappings.py (avoids overlap with PR cosai-oasis#80).
No change to validation behavior; validate_unified_rules.py already
rejects unknown tags.
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds four features to improve CodeGuard's reach and developer experience.
1. New Format Support: Cline and Continue.dev
Two new format implementations that expand CodeGuard's coverage to Cline (8M+ installs, VS Code / JetBrains / CLI) and Continue.dev (open-source AI assistant for VS Code and JetBrains).
src/formats/cline.py: generates .md rules for.clinerules/directory withpaths:for conditional activationsrc/formats/continuedev.py: generates .md rules for.continue/rules/directory withglobs:for conditional activation__init__.pyandconvert_to_ide_formats.pycodeguard-reviewerAGENT.md exclusion list updated2. MCP Server Enhancements
rule_processor.py: addedtagsfield toProcessedRule, rule caching to avoid repeated filesystem reads, graceful error handling that logs warnings and skips malformed rules instead of crashingtool_factory.py: enhanced tool output to include language and tag metadata; addedsearch_rulestool that filters the rule catalogue by language, tag, or free-text keyword (AND logic, all optional)server.py: registerssearch_rulesmeta-tool, warns when no rules are loaded to help debugCODEGUARD_RULES_DIRmisconfiguration3. CI/CD Test Infrastructure
.github/workflows/test-mcp-server.yml: new workflow that runs MCP server tests on Python 3.11/3.12/3.13 with ruff linting, triggered on changes tosrc/codeguard-mcp/orsources/rules/core/4. Tag Mappings Expansion
src/tag_mappings.py: expanded from 6 to 24 tags organized by security domain (identity, data protection, application security, infrastructure, supply chain, platform, compliance, serialization)Testing
Security Review
yaml.safe_load()Files Changed (14)
src/formats/cline.pysrc/formats/continuedev.pysrc/formats/__init__.pysrc/convert_to_ide_formats.pysrc/codeguard-mcp/src/codeguard_mcp/rule_processor.pysrc/codeguard-mcp/src/codeguard_mcp/server.pysrc/codeguard-mcp/src/codeguard_mcp/tool_factory.pysrc/codeguard-mcp/tests/test_tool_factory.pysrc/tag_mappings.py.github/workflows/test-mcp-server.yml.github/workflows/validate-rules.yml.github/workflows/build-ide-bundles.yml.github/workflows/update-codeguard-rules.ymlsources/agents/codeguard-reviewer/AGENT.md