Project CodeGuard provides an AI model-agnostic security framework and ruleset designed to embed secure-by-default practices into AI coding workflows. It addresses the security vulnerabilities that can arise from rapid AI-driven code generation and review. The framework ships core security rules, translators for popular coding agents, and validators, enabling developers to integrate security seamlessly throughout the AI coding lifecycle, from planning to post-generation review.

How It Works

The project employs a unified markdown format for its security rules, stored in the sources/ directory. Conversion tools within src/ translate these rules into formats compatible with specific AI coding agents like Cursor, Windsurf, GitHub Copilot, Codex, and Claude Code. Release automation packages these rules, allowing AI assistants to reference them automatically during code generation and review, thereby producing more secure code with minimal developer intervention. This approach ensures security best practices are embedded directly into the AI's workflow, regardless of the underlying AI model.

Quick Start & Requirements

To get started, clone the repository and install dependencies:

git clone https://github.com/project-codeguard/rules.git
cd rules
uv sync

Python is a primary requirement. Validate the unified rules with python src/validate_unified_rules.py sources/ and generate IDE-specific formats using python src/convert_to_ide_formats.py. Further details are available on the releases page and in the Get Started section of the README.

Highlighted Details

• Comprehensive Security Coverage: Rules span Cryptography, Input Validation, Authentication, Authorization, Supply Chain, Cloud Security, Platform Security, and Data Protection.
• Broad AI Agent Compatibility: Includes translators for popular agents such as Cursor, Windsurf, GitHub Copilot, Codex, and Claude Code.
• Lifecycle Integration: Supports security integration before, during, and after code generation, enabling spec-driven development and automated code review.

Maintenance & Community

The project is developed with contributions from Cisco Systems, Inc. Community engagement is encouraged through Issues for bug reports and feature requests, and Discussions for broader conversations. Contribution guidelines are available in CONTRIBUTING.md.

Licensing & Compatibility

Project CodeGuard utilizes a dual-licensing strategy. The Security Rules & Documentation (content in sources/) are licensed under Creative Commons Attribution 4.0 International (CC BY 4.0), permitting free reuse with attribution. The Source Code & Tools (in src/) are licensed under the Apache License 2.0, which is permissive for commercial use and integration into closed-source projects.

Limitations & Caveats

The effectiveness of Project CodeGuard is contingent upon the support and integration capabilities of the target AI coding agents with the generated rule formats. While the ruleset aims for broad coverage, its efficacy in preventing specific vulnerabilities depends on the completeness of the rules and the AI's adherence to them. The project does not explicitly detail alpha status or known bugs in the provided README.