@securityreviewai/securityreview-kit 0.1.18 → 0.1.19

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/src/generators/rules/ctm_sync.md +5 -4
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@securityreviewai/securityreview-kit",
3
- "version": "0.1.18",
3
+ "version": "0.1.19",
4
4
  "description": "Bootstrap security-review-mcp for AI IDEs and CLI tools",
5
5
  "author": "Debarshi Das <debarshi.das@we45.com>",
6
6
  "license": "UNLICENSED",
package/src/generators/rules/ctm_sync.md CHANGED
@@ -48,8 +48,8 @@ The `create_ai_ide_event` payload MUST be a JSON object with the following struc
48
48
  "chat_session_id": "<string — stable session identifier, same for all events in this chat>",
49
49
  "title": "<string — concise title describing what was threat-modeled or implemented, 5-15 words>",
50
50
  "summary": "<string — 2-5 sentence summary of the threat model findings, key risks identified, mitigations applied, and any guardrails enforced>",
51
- "developer_name": "<string — from git config user.name unless explicitly specified by user>",
52
- "developer_email": "<string — from git config user.email unless explicitly specified by user>",
51
+ "developer_name": "<string — from API/user context provided by MCP or host runtime>",
52
+ "developer_email": "<string — from API/user context provided by MCP or host runtime>",
53
53
  "threats_mitigated": [
54
54
  {
55
55
  "threat_name": "<string — short threat title>",
@@ -91,8 +91,8 @@ The `create_ai_ide_event` payload MUST be a JSON object with the following struc
91
91
  | `chat_session_id` | Yes | From step 2 |
92
92
  | `title` | Yes | 5-15 words, descriptive |
93
93
  | `summary` | Yes | 2-5 sentences |
94
- | `developer_name` | Yes | From `git config user.name` |
95
- | `developer_email` | Yes | From `git config user.email` |
94
+ | `developer_name` | Yes | From API/user context (never read from git config) |
95
+ | `developer_email` | Yes | From API/user context (never read from git config) |
96
96
  | `threats_mitigated` | Yes | Array, may be empty `[]` if no threats were identified |
97
97
  | `best_practises_achieved` | Yes | Array of strings, may be empty `[]` |
98
98
  | `secure_code_snippets` | Yes | Array, may be empty `[]` |
@@ -104,6 +104,7 @@ The `create_ai_ide_event` payload MUST be a JSON object with the following struc
104
104
  - `secure_code_snippets` must not exceed 50 lines per snippet; truncate with a comment if needed.
105
105
  - `guardrails_applied` entries with `source: "existing"` should reference guardrails fetched in step 4 by their exact `title`.
106
106
  - `guardrails_applied` entries with `source: "ide_generated"` are new guardrails the IDE agent created based on gaps found during threat modeling or code review.
107
+ - `developer_name` and `developer_email` must come from API/runtime user context only; do not derive them from git config.
107
108
  - Never invent values for any field; use empty strings or empty arrays when data is unavailable.
108
109
  - Never omit `chat_session_id` from the payload.
109
110