Skip to content

Restructure sources/ and add codeguard-reviewer subagent#62

Merged
thomas-bartlett merged 3 commits into
mainfrom
refactor/sources-and-security-reviewer-agent
May 1, 2026
Merged

Restructure sources/ and add codeguard-reviewer subagent#62
thomas-bartlett merged 3 commits into
mainfrom
refactor/sources-and-security-reviewer-agent

Conversation

@thomas-bartlett

Copy link
Copy Markdown
Contributor

Summary

Restructures sources/ into {rules, skills, agents, templates} so authored inputs are clearly separated from generated outputs, and adds the codeguard-reviewer subagent for Claude Code and Cursor.

Closes #51.

Changes

sources/ restructure

  • sources/core/sources/rules/core/; sources/additional-skills/owasp/sources/rules/owasp/; sources/additional-skills/memory-safe-migration/sources/skills/memory-safe-migration/
  • skills/security-review/sources/skills/security-review/; root skills/ is now purely the generated software-security artifact. Plugin reads both via "skills": ["./skills/", "./sources/skills/"] in plugin.json (so memory-safe-migration now ships in the marketplace plugin)
  • All path references updated (converter, MCP server, Dockerfile, workflows, docs); --source <name> resolves to sources/rules/<name>; rule files must be named codeguard-*.md (now documented)

codeguard-reviewer subagent (#51)

  • sources/agents/codeguard-reviewer/AGENT.md — scans the repo against CodeGuard rules, triages findings, and emits SARIF 2.1.0
  • src/emit_agents.py + src/artifact_targets.py — fan the agent out to each host in AGENT_HOSTS with per-host frontmatter and {RULES_DIR}/{RULE_EXT} substitution; agent reads each host's existing rules dir (no duplication)
  • Ships for Claude Code (with skills: preload) and Cursor (with model: inherit)

Host path corrections

  • Antigravity: .agent/rules/.agents/rules/
  • Codex skills: .codex/skills/.agents/skills/ (the documented discovery path; .codex/skills/ was silently ignored)
  • update-codeguard-rules.yml warns on legacy paths so existing installs don't go silently stale

Misc

  • New ide-rules-claude.zip release bundle + ClaudeFormat
  • build-ide-bundles.yml: pass ${{ }} expressions via env: instead of inline shell interpolation (GHA script-injection hardening)
  • authlib>=1.6.11 constraint in codeguard-mcp for GHSA-jj8c-mmj3-mmgv
  • Root uv.lock regenerated to record the existing exclude-newer policy

Trying the subagent

git clone https://github.com/cosai-oasis/project-codeguard && cd project-codeguard
git checkout refactor/sources-and-security-reviewer-agent
uv run python src/convert_to_ide_formats.py
# install into the repo you want to scan:
cp -R dist/.claude/ /path/to/target-repo/.claude/   # for Claude Code
cp -R dist/.cursor/ /path/to/target-repo/.cursor/   # for Cursor

Then invoke codeguard-reviewer (via /agents in Claude Code or @codeguard-reviewer in Cursor). It writes codeguard-findings-<timestamp>.sarif to the target repo root and returns a structured summary.

Test plan

  • uv run python src/convert_to_ide_formats.py — 23 rules → all host formats; agent emitted to .claude + .cursor
  • MCP tests (18/18) against new sources/rules/core/ path
  • All workflow YAML parses; validate-rules.yml agent-bundle check passes locally
  • Agent tested in Claude Code and Cursor against an external repo

@thomas-bartlett thomas-bartlett added documentation Improvements or additions to documentation enhancement New feature or request dependencies Pull requests that update a dependency file labels Apr 30, 2026
@thomas-bartlett thomas-bartlett self-assigned this Apr 30, 2026
This was referenced Apr 30, 2026

@santosomar santosomar left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for restructuring this and adding the subagent.

@thomas-bartlett thomas-bartlett merged commit b622578 into main May 1, 2026
5 checks passed
@thomas-bartlett thomas-bartlett deleted the refactor/sources-and-security-reviewer-agent branch May 1, 2026 20:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file documentation Improvements or additions to documentation enhancement New feature or request

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add security-reviewer subagent

2 participants