Getting Started

Get up and running with Project CodeGuard in just a few steps.

Prerequisites

Before you begin, familiarize yourself with how rules work in your IDE:

CursorWindsurfGitHub Copilot

Cursor uses .cursor/rules for rule configuration.

Cursor Rules Documentation

Windsurf uses .windsurf/rules for rule configuration.

Windsurf Rules Documentation

GitHub Copilot uses .github/instructions for rule configuration.

GitHub Copilot Instructions

Installation

Option 1: Download Pre-built Rules (Recommended)

1. Download: Visit the Releases page and download the latest release archive
2. Extract: Unzip the downloaded file
3. Install: Copy the relevant IDE-specific rules to your project root:
   • For Cursor: Copy .cursor/ directory
   • For Windsurf: Copy .windsurf/ directory
   • For GitHub Copilot: Copy .github/instructions/ directory

Repository Level Installation

Installing at the repository level ensures all team members benefit from the security rules automatically when they clone the repository.

Hidden Files on macOS/Linux

On macOS/Linux, you may need to show hidden files:

• macOS Finder: Press Cmd+Shift+. to toggle visibility
• Linux: Use ls -la in terminal or enable "Show Hidden Files" in your file manager

Option 2: Build from Source

If you want to customize or contribute to the rules:

# Clone the repository
git clone https://github.com/project-codeguard/rules.git
cd rules

# Install dependencies (requires Python 3.11+)
uv sync

# Convert unified rules to IDE-specific formats
uv run python src/unified_to_all.py rules/ .

# Copy the generated rules to your project
cp -r ./ide_rules/.cursor/ /path/to/your/project/
cp -r ./ide_rules/.windsurf/ /path/to/your/project/
cp -r ./ide_rules/.github/ /path/to/your/project/

Verify Installation

After installation, your project structure should include:

your-project/
├── .cursor/
│   └── rules/
├── .windsurf/
│   └── rules/
├── .github/
│   └── instructions/
└── ... (your project files)

What's Included

The security rules cover essential areas:

Core Security Rules

• 🔐 Cryptography: Safe algorithms, secure key management, TLS configuration
• 🛡️ Input Validation: SQL injection, XSS prevention, command injection defense
• 🔑 Authentication: MFA, OAuth/OIDC, password security, session management
• ⚡ Authorization: RBAC/ABAC, access control, privilege escalation prevention

Platform-Specific Rules

• 📱 Mobile Apps: iOS/Android security, secure storage, transport security
• 🌐 API Security: REST/GraphQL/SOAP security, rate limiting, SSRF prevention
• ☁️ Cloud & Containers: Docker/Kubernetes hardening, IaC security
• 🗄️ Data Storage: Database security, encryption, backup protection

DevOps & Supply Chain

• 📦 Dependencies: Supply chain security, SBOM, vulnerability management
• 🔄 CI/CD: Pipeline security, artifact signing, secrets management
• 📝 Logging: Secure logging, monitoring, privacy-aware telemetry

Testing the Integration

To verify the rules are working:

1. Open your IDE with the Project CodeGuard rules installed
2. Start a new file in a supported language (Python, JavaScript, Java, C/C++, etc.)
3. Ask your AI assistant to generate code that might have security implications:
4. "Create a function to hash a password"
5. "Write code to connect to a database"

6. "Generate an API endpoint with authentication"

7. Observe the output - The AI should automatically apply security best practices:

8. Using strong cryptographic algorithms (bcrypt/Argon2 for passwords)
9. Parameterized queries to prevent SQL injection
10. Proper authentication/authorization checks

Next Steps

• Review Rules: Explore the security rules in your IDE's rules directory
• Test Integration: Generate some code and see the security guidance in action
• Share Feedback: Help us improve by opening an issue
• Contribute: See CONTRIBUTING.md to contribute new rules or improvements

You're Ready!

Project CodeGuard is now protecting your development workflow. The security rules will automatically guide AI assistants to generate more secure code.

Troubleshooting

Rules Not Working

If the AI assistant doesn't seem to follow the rules:

1. Restart your IDE to ensure rules are loaded
2. Check file location - Ensure rules are in the correct directory for your IDE
3. Verify file format - Rules should be markdown files
4. Test with explicit request - Ask the AI directly: "Follow the security rules when generating this code"

Performance Impact

The rules have minimal performance impact, but if you experience issues:

• Reduce rule count: Start with core rules (cryptography, input validation, authentication)
• Combine rules: Merge related rules into fewer files
• Report issues: Let us know via GitHub Issues

Getting Help

• Documentation: You're reading it! Check the FAQ for common questions
• GitHub Issues: Report bugs or ask questions
• Discussions: Join the community discussion