From 13afd84856e1d9b6546633cd83bb00b0d39dd97d Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Tue, 27 Jan 2026 13:42:57 -0500 Subject: [PATCH 1/6] Add MCP (Model Context Protocol) security rule Add new security rule based on CoSAI MCP Security guidelines (OASIS Open Project, January 2026). The rule covers: - Workload identity and authentication (SPIFFE/SPIRE) - Input and data sanitization for prompt injection prevention - Sandboxing and isolation requirements - Cryptographic verification of resources - Transport layer security (stdio and HTTP) - Human-in-the-loop controls - Logging and observability - Deployment pattern security guidance --- sources/core/codeguard-0-mcp-security.md | 97 ++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 sources/core/codeguard-0-mcp-security.md diff --git a/sources/core/codeguard-0-mcp-security.md b/sources/core/codeguard-0-mcp-security.md new file mode 100644 index 0000000..d898d9c --- /dev/null +++ b/sources/core/codeguard-0-mcp-security.md @@ -0,0 +1,97 @@ +--- +description: MCP (Model Context Protocol) Security based on CoSAI MCP Security guidelines +languages: +- python +- javascript +- typescript +- go +- rust +alwaysApply: false +--- + +rule_id: codeguard-0-mcp-security + +# MCP (Model Context Protocol) Security Guidelines + +NEVER deploy MCP servers or clients without implementing proper security controls. + + +### Workload Identity and Authentication +- Use SPIFFE/SPIRE for cryptographic workload identities + - SPIFFE (Secure Production Identity Framework For Everyone) provides a standard for service identity + - SPIRE (SPIFFE Runtime Environment) issues and rotates short-lived cryptographic identities (SVIDs) + + +### Input and Data Sanitization +- Validate ALL inputs using allowlists at every trust boundary +- Sanitize file paths through canonicalization +- Use parameterized queries for database operations +- Apply context-aware output encoding (SQL, shell, HTML) +- Treat ALL AI-generated content as untrusted input +- Deploy prompt injection detection systems +- Use strict JSON schemas to maintain boundaries between instructions and data + +### Sandboxing and Isolation +- Design MCP servers to execute with least privilege +- MCP servers interacting with host environment (files, commands, network) MUST implement sandboxing controls +- LLM-generated code MUST NOT run with full user privileges +- Implement additional sandboxing layers: gVisor, Kata Containers, SELinux sandboxes + +### Cryptographic Verification of Resources +- Provide cryptographic signatures and SBOMs for all server code +- Implement signature verification in your MCP client before loading servers +- Use TLS for ALL data in transit +- Implement remote attestation capabilities to verify servers are running expected code + +### Transport Layer Security + +#### stdio Transport (Local Servers) +- STRONGLY RECOMMENDED for local MCP to eliminate DNS rebinding risks +- Direct pipe-based stream communication +- Implement sandbox to prevent privilege escalation + +#### HTTP Streaming Transport (Remote Servers) +Required security controls to implement: +- Payload Limits (prevent large payload and recursive payload DoS) +- Client-Server Authentication/Authorization +- Mutual TLS Authentication +- TLS Encryption +- CORS Protection +- CSRF Protection +- Integrity Checks (prevent replay, spoofing, poisoned responses) + +### Human-in-the-Loop +- Implement confirmation prompts for risky operations in your MCP server +- Use elicitation on MCP server side to request user confirmation of risky actions +- Security-relevant messages MUST clearly indicate implications +- Do NOT rely solely on human approval (users can become fatigued) + +### Logging and Observability +- Implement logging in your MCP servers and clients +- Log: tools decided to use, parameters, originating prompt +- Use OpenTelemetry for end-to-end linkability of actions +- Maintain immutable records of actions and authorizations + +--- + +## Deployment Pattern Security + +### All-Local (stdio or http) +- Security depends entirely on host system posture +- Use `stdio` transport to avoid DNS rebinding risks +- Use sandboxing to limit privilege escalation attacks +- Appropriate for development and personal use + +### Single-Tenant Remote (http) +- Authentication between client and server is REQUIRED +- Use secure credential storage (OS keychains, secret managers) +- Communication MUST be authenticated and encrypted +- Enterprise clients should enforce authenticated server discovery with explicit allowlists + +### Multi-Tenant Remote (http) +- Require robust tenant isolation, identity, and access control +- Implement strong multi-tenancy controls (per-tenant encryption, role-based access control) +- Prefer MCP servers hosted directly by service provider +- Provide remote attestation when possible + +You must always explain how this rule was applied and why it was applied. From 457fdf8b7a54c2dbfd59f0f1f3598828ddc9ef70 Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Tue, 27 Jan 2026 14:13:14 -0500 Subject: [PATCH 2/6] Update sources/core/codeguard-0-mcp-security.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- sources/core/codeguard-0-mcp-security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sources/core/codeguard-0-mcp-security.md b/sources/core/codeguard-0-mcp-security.md index d898d9c..f278f3f 100644 --- a/sources/core/codeguard-0-mcp-security.md +++ b/sources/core/codeguard-0-mcp-security.md @@ -68,7 +68,7 @@ Required security controls to implement: ### Logging and Observability - Implement logging in your MCP servers and clients -- Log: tools decided to use, parameters, originating prompt +- Log: tools that were used, parameters, originating prompt - Use OpenTelemetry for end-to-end linkability of actions - Maintain immutable records of actions and authorizations From dcd21e47281b96513e40925e44e0c8dacdc6af11 Mon Sep 17 00:00:00 2001 From: Thomas Bartlett <67928676+thomas-bartlett@users.noreply.github.com> Date: Tue, 27 Jan 2026 14:51:10 -0500 Subject: [PATCH 3/6] Add better concistency to the MCP rule --- skills/software-security/SKILL.md | 13 +-- .../rules/codeguard-0-mcp-security.md | 94 +++++++++++++++++++ sources/core/codeguard-0-mcp-security.md | 7 +- uv.lock | 4 +- 4 files changed, 104 insertions(+), 14 deletions(-) create mode 100644 skills/software-security/rules/codeguard-0-mcp-security.md diff --git a/skills/software-security/SKILL.md b/skills/software-security/SKILL.md index d23646c..0d846b4 100644 --- a/skills/software-security/SKILL.md +++ b/skills/software-security/SKILL.md @@ -1,7 +1,7 @@ --- name: software-security description: A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed. -codeguard-version: "1.0.1" +codeguard-version: "1.1.0" framework: "Project CodeGuard" purpose: "Embed secure-by-default practices into AI coding workflows" --- @@ -34,21 +34,22 @@ When writing or reviewing code: | cpp | codeguard-0-safe-c-functions.md | | d | codeguard-0-iac-security.md | | docker | codeguard-0-devops-ci-cd-containers.md, codeguard-0-supply-chain-security.md | -| go | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md | +| go | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md | | html | codeguard-0-client-side-web-security.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md | -| java | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mobile-apps.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md | -| javascript | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-supply-chain-security.md | +| java | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-mobile-apps.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md | +| javascript | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-mcp-security.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-supply-chain-security.md | | kotlin | codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-framework-and-languages.md, codeguard-0-mobile-apps.md | | matlab | codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md | | perl | codeguard-0-mobile-apps.md | | php | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md | | powershell | codeguard-0-devops-ci-cd-containers.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md | -| python | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md | +| python | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md | | ruby | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md | +| rust | codeguard-0-mcp-security.md | | shell | codeguard-0-devops-ci-cd-containers.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md | | sql | codeguard-0-data-storage.md, codeguard-0-input-validation-injection.md | | swift | codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-mobile-apps.md | -| typescript | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md | +| typescript | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mcp-security.md, codeguard-0-session-management-and-cookies.md | | vlang | codeguard-0-client-side-web-security.md | | xml | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-framework-and-languages.md, codeguard-0-mobile-apps.md, codeguard-0-xml-and-serialization.md | | yaml | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authorization-access-control.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-logging.md, codeguard-0-privacy-data-protection.md, codeguard-0-supply-chain-security.md | diff --git a/skills/software-security/rules/codeguard-0-mcp-security.md b/skills/software-security/rules/codeguard-0-mcp-security.md new file mode 100644 index 0000000..25bc9b1 --- /dev/null +++ b/skills/software-security/rules/codeguard-0-mcp-security.md @@ -0,0 +1,94 @@ +--- +description: MCP (Model Context Protocol) Security based on CoSAI MCP Security guidelines +languages: +- python +- javascript +- typescript +- go +- rust +- java +alwaysApply: false +--- + +rule_id: codeguard-0-mcp-security + +# MCP (Model Context Protocol) Security Guidelines + +NEVER deploy MCP servers or clients without implementing proper security controls. + +### Workload Identity and Authentication +- Use SPIFFE/SPIRE for cryptographic workload identities + - SPIFFE (Secure Production Identity Framework For Everyone) provides a standard for service identity + - SPIRE (SPIFFE Runtime Environment) issues and rotates short-lived cryptographic identities (SVIDs) + +### Input and Data Sanitization +- Validate ALL inputs using allowlists at every trust boundary +- Sanitize file paths through canonicalization +- Use parameterized queries for database operations +- Apply context-aware output encoding (SQL, shell, HTML) +- Treat ALL AI-generated content as untrusted input +- Deploy prompt injection detection systems +- Use strict JSON schemas to maintain boundaries between instructions and data + +### Sandboxing and Isolation +- Design MCP servers to execute with least privilege +- MCP servers interacting with host environment (files, commands, network) MUST implement sandboxing controls +- LLM-generated code MUST NOT run with full user privileges +- Implement additional sandboxing layers: gVisor, Kata Containers, SELinux sandboxes + +### Cryptographic Verification of Resources +- Provide cryptographic signatures and SBOMs for all server code +- Implement signature verification in your MCP client before loading servers +- Use TLS for ALL data in transit +- Implement remote attestation capabilities to verify servers are running expected code + +### Transport Layer Security + +#### stdio Transport (Local Servers) +- STRONGLY RECOMMENDED for local MCP to eliminate DNS rebinding risks +- Direct pipe-based stream communication +- Implement sandbox to prevent privilege escalation + +#### HTTP Streaming Transport (Remote Servers) +Required security controls to implement: +- Payload Limits (prevent large payload and recursive payload DoS) +- Client-Server Authentication/Authorization +- Mutual TLS Authentication +- TLS Encryption +- CORS Protection +- CSRF Protection +- Integrity Checks (prevent replay, spoofing, poisoned responses) + +### Human-in-the-Loop +- Implement confirmation prompts for risky operations in your MCP server +- Use elicitation on MCP server side to request user confirmation of risky actions +- Security-relevant messages MUST clearly indicate implications +- Do NOT rely solely on human approval (users can become fatigued) + +### Logging and Observability +- Implement logging in your MCP servers and clients +- Log: tools that were used, parameters, originating prompt +- Use OpenTelemetry for end-to-end linkability of actions +- Maintain immutable records of actions and authorizations + +--- + +## Deployment Pattern Security + +### All-Local (stdio or http) +- Security depends entirely on host system posture +- Use `stdio` transport to avoid DNS rebinding risks +- Use sandboxing to limit privilege escalation attacks +- Appropriate for development and personal use + +### Single-Tenant Remote (http) +- Authentication between client and server is REQUIRED +- Use secure credential storage (OS keychains, secret managers) +- Communication MUST be authenticated and encrypted +- Enterprise clients should enforce authenticated server discovery with explicit allowlists + +### Multi-Tenant Remote (http) +- Require robust tenant isolation, identity, and access control +- Implement strong multi-tenancy controls (per-tenant encryption, role-based access control) +- Prefer MCP servers hosted directly by service provider +- Provide remote attestation when possible diff --git a/sources/core/codeguard-0-mcp-security.md b/sources/core/codeguard-0-mcp-security.md index f278f3f..f634362 100644 --- a/sources/core/codeguard-0-mcp-security.md +++ b/sources/core/codeguard-0-mcp-security.md @@ -6,22 +6,19 @@ languages: - typescript - go - rust +- java alwaysApply: false --- -rule_id: codeguard-0-mcp-security - # MCP (Model Context Protocol) Security Guidelines NEVER deploy MCP servers or clients without implementing proper security controls. - ### Workload Identity and Authentication - Use SPIFFE/SPIRE for cryptographic workload identities - SPIFFE (Secure Production Identity Framework For Everyone) provides a standard for service identity - SPIRE (SPIFFE Runtime Environment) issues and rotates short-lived cryptographic identities (SVIDs) - ### Input and Data Sanitization - Validate ALL inputs using allowlists at every trust boundary - Sanitize file paths through canonicalization @@ -93,5 +90,3 @@ Required security controls to implement: - Implement strong multi-tenancy controls (per-tenant encryption, role-based access control) - Prefer MCP servers hosted directly by service provider - Provide remote attestation when possible - -You must always explain how this rule was applied and why it was applied. diff --git a/uv.lock b/uv.lock index 876f078..810c8a9 100644 --- a/uv.lock +++ b/uv.lock @@ -1,5 +1,5 @@ version = 1 -revision = 2 +revision = 3 requires-python = ">=3.11" [[package]] @@ -340,7 +340,7 @@ wheels = [ [[package]] name = "project-codeguard" -version = "1.0.1" +version = "1.1.0" source = { virtual = "." } dependencies = [ { name = "mkdocs" }, From 2c7150fa47b135be1dbc82dd309f8951feb63f40 Mon Sep 17 00:00:00 2001 From: Ramraj Bishnoie Date: Tue, 27 Jan 2026 15:57:24 -0500 Subject: [PATCH 4/6] chore: enhancing mcp rule --- sources/core/codeguard-0-mcp-security.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sources/core/codeguard-0-mcp-security.md b/sources/core/codeguard-0-mcp-security.md index f634362..fd75684 100644 --- a/sources/core/codeguard-0-mcp-security.md +++ b/sources/core/codeguard-0-mcp-security.md @@ -24,7 +24,8 @@ NEVER deploy MCP servers or clients without implementing proper security control - Sanitize file paths through canonicalization - Use parameterized queries for database operations - Apply context-aware output encoding (SQL, shell, HTML) -- Treat ALL AI-generated content as untrusted input +- Sanitize tool outputs: return only minimum fields, redact all PII and sensitive data +- Treat ALL inputs, tool schemas, metadata, prompts, and resource content as untrusted input - Deploy prompt injection detection systems - Use strict JSON schemas to maintain boundaries between instructions and data @@ -50,6 +51,7 @@ NEVER deploy MCP servers or clients without implementing proper security control #### HTTP Streaming Transport (Remote Servers) Required security controls to implement: - Payload Limits (prevent large payload and recursive payload DoS) +- Rate limiting for tool calls and transport requests - Client-Server Authentication/Authorization - Mutual TLS Authentication - TLS Encryption @@ -57,6 +59,12 @@ Required security controls to implement: - CSRF Protection - Integrity Checks (prevent replay, spoofing, poisoned responses) +### Secure Tool and UX Design +- Create single-purpose tools with explicit boundaries; avoid "do anything" tools +- Do not rely on the LLM for validation or authorization decisions +- Use two-stage commit for high-impact actions: draft/preview first, explicit commit with confirmation second +- Provide rollback/undo paths (draft IDs, snapshots, reversible actions) and time-bound commits when possible + ### Human-in-the-Loop - Implement confirmation prompts for risky operations in your MCP server - Use elicitation on MCP server side to request user confirmation of risky actions From c841c1413478ef4e4fba61ff074d4273612705d3 Mon Sep 17 00:00:00 2001 From: Ramraj Bishnoie Date: Tue, 27 Jan 2026 16:02:02 -0500 Subject: [PATCH 5/6] chore: updating skills with latest mcp changes --- .../rules/codeguard-0-mcp-security.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/skills/software-security/rules/codeguard-0-mcp-security.md b/skills/software-security/rules/codeguard-0-mcp-security.md index 25bc9b1..34ef9cd 100644 --- a/skills/software-security/rules/codeguard-0-mcp-security.md +++ b/skills/software-security/rules/codeguard-0-mcp-security.md @@ -26,7 +26,8 @@ NEVER deploy MCP servers or clients without implementing proper security control - Sanitize file paths through canonicalization - Use parameterized queries for database operations - Apply context-aware output encoding (SQL, shell, HTML) -- Treat ALL AI-generated content as untrusted input +- Sanitize tool outputs: return only minimum fields, redact all PII and sensitive data +- Treat ALL inputs, tool schemas, metadata, prompts, and resource content as untrusted input - Deploy prompt injection detection systems - Use strict JSON schemas to maintain boundaries between instructions and data @@ -52,6 +53,7 @@ NEVER deploy MCP servers or clients without implementing proper security control #### HTTP Streaming Transport (Remote Servers) Required security controls to implement: - Payload Limits (prevent large payload and recursive payload DoS) +- Rate limiting for tool calls and transport requests - Client-Server Authentication/Authorization - Mutual TLS Authentication - TLS Encryption @@ -59,6 +61,12 @@ Required security controls to implement: - CSRF Protection - Integrity Checks (prevent replay, spoofing, poisoned responses) +### Secure Tool and UX Design +- Create single-purpose tools with explicit boundaries; avoid "do anything" tools +- Do not rely on the LLM for validation or authorization decisions +- Use two-stage commit for high-impact actions: draft/preview first, explicit commit with confirmation second +- Provide rollback/undo paths (draft IDs, snapshots, reversible actions) and time-bound commits when possible + ### Human-in-the-Loop - Implement confirmation prompts for risky operations in your MCP server - Use elicitation on MCP server side to request user confirmation of risky actions From d3a501299d6557d20fc029522fa1f4a87459a821 Mon Sep 17 00:00:00 2001 From: Ramraj Bishnoie Date: Tue, 27 Jan 2026 16:15:10 -0500 Subject: [PATCH 6/6] chore: bump version to 1.2.0 in project files --- .claude-plugin/plugin.json | 2 +- pyproject.toml | 2 +- uv.lock | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.claude-plugin/plugin.json b/.claude-plugin/plugin.json index e74c707..d07098f 100644 --- a/.claude-plugin/plugin.json +++ b/.claude-plugin/plugin.json @@ -1,7 +1,7 @@ { "name": "codeguard-security", "description": "Security code review skill based on Project CodeGuard's comprehensive security rules. Helps AI coding agents write secure code and prevent common vulnerabilities.", - "version": "1.1.0", + "version": "1.2.0", "author": { "name": "Project CodeGuard", "url": "https://project-codeguard.org" diff --git a/pyproject.toml b/pyproject.toml index 1889faf..ed7d990 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -1,6 +1,6 @@ [project] name = "project-codeguard" -version = "1.1.0" +version = "1.2.0" description = "AI Coding Rules for Security and Best Practices" requires-python = ">=3.11" dependencies = [ diff --git a/uv.lock b/uv.lock index 810c8a9..2a42f53 100644 --- a/uv.lock +++ b/uv.lock @@ -1,5 +1,5 @@ version = 1 -revision = 3 +revision = 2 requires-python = ">=3.11" [[package]] @@ -340,7 +340,7 @@ wheels = [ [[package]] name = "project-codeguard" -version = "1.1.0" +version = "1.2.0" source = { virtual = "." } dependencies = [ { name = "mkdocs" },