cursor-devops-commands 1.0.0

package/commands/security/rollback-impact.md

@@ -0,0 +1,215 @@
+---
+description: Analyze impact of reverting a PR - dependency chains, downstream effects
+category: Ops & Monitoring
+aliases: [rollback, revert-impact, undo-impact]
+---
+
+# Rollback Impact - Simulate Revert Risk and Dependencies
+
+Analyze the impact of reverting a PR, including dependency chains and downstream effects.
+
+## Usage
+
+```
+/rollback-impact {PR_NUMBER}
+/rollback-impact {COMMIT_SHA}
+/rollback-impact {PR_NUMBER} --simulate    # Dry run
+```
+
+## What This Does
+
+1. **Identifies all changes** - Files, exports, types modified
+2. **Traces dependencies** - What depends on changed code
+3. **Simulates revert** - Tests if revert would compile
+4. **Estimates blast radius** - Apps, teams, features affected
+5. **Recommends action** - Safe rollback vs. fix-forward
+
+## Dependency Analysis
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│  DEPENDENCY CHAIN ANALYSIS                                  │
+├─────────────────────────────────────────────────────────────┤
+│                                                             │
+│  PR #23043 (LineItems.tsx)                                  │
+│      ↓                                                      │
+│  ProtectionPackageCard.tsx (imports TooltipTitle)           │
+│      ↓                                                      │
+│  FLFPackagesV2.tsx (uses ProtectionPackageCard)             │
+│      ↓                                                      │
+│  CoverageAndAddOns/index.tsx (exports FLFPackagesV2)        │
+│      ↓                                                      │
+│  rent-checkout app (renders CoverageAndAddOns)              │
+│                                                             │
+│  BLAST RADIUS: 1 app, 4 components, 1 team                  │
+└─────────────────────────────────────────────────────────────┘
+```
+
+## Risk Assessment Matrix
+
+| Risk Factor             | Weight   | Description                 |
+| ----------------------- | -------- | --------------------------- |
+| **Type changes**        | High     | Breaking type modifications |
+| **Export changes**      | High     | New/removed exports         |
+| **API changes**         | Critical | External contract changes   |
+| **Database migrations** | Critical | Data model changes          |
+| **Feature flag deps**   | Medium   | Flag-dependent code         |
+| **Style changes**       | Low      | CSS/styled changes only     |
+
+## Output Format
+
+````
+📋 Analyzing rollback impact for PR #23043...
+
+════════════════════════════════════════════════════════════════
+  PR SUMMARY
+════════════════════════════════════════════════════════════════
+
+PR:          #23043 - [TICKET-123] Marketing texts for protection
+Author:      SharathChandraSIXT
+Merged:      2024-12-23 15:30:00 UTC
+Commits:     3
+
+Files Changed:
+  - src/components/src/.../LineItems.tsx
+  - src/components/src/.../ProtectionPackageCard.styled.ts
+  - src/components/src/.../ProtectionPackageCard.types.ts
+  - src/features/checkout/src/.../helpers.ts
+  - src/features/checkout/src/.../PackagesV2.tsx
+
+════════════════════════════════════════════════════════════════
+  DEPENDENCY ANALYSIS
+════════════════════════════════════════════════════════════════
+
+## Direct Dependencies (files importing changed code)
+
+| File | Import | Risk |
+|------|--------|------|
+| ProtectionPackageCard.tsx | TooltipTitle | 🟠 Medium |
+| FLFPackagesV2.tsx | getModifiedLineItems | 🔴 High |
+| PackagesV2.tsx | getModifiedLineItems | 🔴 High |
+
+## Transitive Dependencies (downstream)
+
+| Level | Files | Apps | Teams |
+|-------|-------|------|-------|
+| Direct | 5 | 1 | 1 |
+| Level 2 | 8 | 1 | 1 |
+| Level 3 | 12 | 2 | 2 |
+| **Total Blast Radius** | **25 files** | **2 apps** | **2 teams** |
+
+## Type Analysis
+
+| Change | Type | Revert Risk |
+|--------|------|-------------|
+| Added `originalName?: string` to ILineItemInfo | Addition | ✅ Safe |
+| Added `LineItemInfoWithOriginalName` type | Addition | ✅ Safe |
+| Added `TooltipTitle` styled component | Addition | ✅ Safe |
+| Modified `getModifiedLineItems` signature | Modification | 🟠 Medium |
+
+════════════════════════════════════════════════════════════════
+  REVERT SIMULATION
+════════════════════════════════════════════════════════════════
+
+## Compile Test
+```bash
+git revert ed304bcf4fb --no-commit
+pnpm compile
+````
+
+Result: ✅ COMPILES SUCCESSFULLY
+
+## Type Check
+
+No breaking type changes detected.
+
+## Runtime Risk
+
+🟠 MEDIUM - Some call sites may expect new behavior
+
+════════════════════════════════════════════════════════════════
+RECOMMENDATION
+════════════════════════════════════════════════════════════════
+
+## Risk Score: 35/100 (Low-Medium)
+
+### Option A: Safe Rollback ✅
+
+-   Revert is compile-safe
+-   No breaking type changes
+-   Feature flag can disable behavior
+-   Estimated time: 15 minutes
+
+### Option B: Fix Forward
+
+-   If issue is minor, fix in new PR
+-   Preserves git history
+-   Estimated time: 30-60 minutes
+
+**RECOMMENDED: Option A (Safe Rollback)**
+
+Rollback command:
+
+```bash
+git revert ed304bcf4fb
+git push origin master
+```
+
+Post-rollback:
+
+1. Monitor error rates for 30 minutes
+2. Notify team in #web-booking
+3. Create follow-up ticket for investigation
+
+````
+
+## Commands Used
+
+```bash
+# Get PR details
+gh pr view {PR_NUMBER} --json files,commits,mergeCommit
+
+# Find dependents
+grep -rl "TooltipTitle\|getModifiedLineItems" --include="*.tsx" apps/ libraries/
+
+# Simulate revert
+git stash
+git checkout master
+git revert {SHA} --no-commit
+pnpm compile
+git reset --hard HEAD
+git stash pop
+
+# Check CODEOWNERS for affected teams
+for file in $(gh pr diff {PR} --name-only); do
+    grep -E "^$(dirname $file)" .github/CODEOWNERS
+done | awk '{print $NF}' | sort -u
+````
+
+## Risk Scoring
+
+| Factor           | Points | Max            |
+| ---------------- | ------ | -------------- |
+| Type changes     | 0-30   | Breaking = 30  |
+| Export changes   | 0-25   | Removed = 25   |
+| Dependency depth | 0-20   | >3 levels = 20 |
+| Apps affected    | 0-15   | >2 apps = 15   |
+| Teams affected   | 0-10   | >2 teams = 10  |
+
+**Score Interpretation:**
+
+-   0-25: ✅ Safe to rollback
+-   26-50: 🟠 Rollback with caution
+-   51-75: 🟠 Consider fix-forward
+-   76-100: 🔴 Fix-forward recommended
+
+## AI Execution
+
+When user runs `/rollback-impact {PR}`:
+
+1. **Fetch PR details** - Files, commits, merge info
+2. **Trace dependencies** - Find all importing files
+3. **Calculate blast radius** - Apps, teams, depth
+4. **Simulate revert** - Test compilation
+5. **Score risk** - Calculate impact score
+6. **Recommend action** - Rollback vs fix-forward

package/commands/security/security-audit.md

@@ -0,0 +1,238 @@
+---
+description: Scan for secrets, vulnerabilities, supply chain risks before PR
+category: Code Quality
+aliases: [security, scan, audit]
+---
+
+# Security Shift-Left - Pre-PR Security Scanning
+
+Scan for vulnerabilities, secrets, and supply chain risks before PR.
+
+**Alias:** `/security-audit`, `/supply-chain-audit`
+
+## Usage
+
+```
+/security-audit
+/security-audit {FILE_PATH}
+/security-audit --pr {PR_NUMBER}
+/security-audit --deep                  # Full SAST scan
+```
+
+## Why This Matters
+
+2025 has seen a rise in:
+
+-   **MCPoison attacks** - Malicious MCP servers
+-   **Prompt injection** - AI command manipulation
+-   **Secret leakage** - API keys in code/prompts
+-   **Dependency vulnerabilities** - Supply chain attacks
+
+## What This Does
+
+1. **Secret scanning** - API keys, tokens, credentials
+2. **Dependency audit** - CVEs in npm packages
+3. **SAST analysis** - Static security patterns
+4. **Prompt injection** - AI-specific vulnerabilities
+5. **Code patterns** - XSS, injection, auth issues
+
+## Security Checks
+
+### 🔴 Critical (Block PR)
+
+| Check        | Pattern                               | Action |
+| ------------ | ------------------------------------- | ------ |
+| API Keys     | `/[A-Za-z0-9_-]{32,}/`                | Block  |
+| AWS Keys     | `/AKIA[0-9A-Z]{16}/`                  | Block  |
+| Private Keys | `/-----BEGIN.*PRIVATE KEY-----/`      | Block  |
+| Passwords    | `/password\s*[:=]\s*['"][^'"]+['"]/i` | Block  |
+| Tokens       | `/token\s*[:=]\s*['"][^'"]+['"]/i`    | Review |
+
+### 🟠 High (Requires Review)
+
+| Check                     | Issue          | Mitigation        |
+| ------------------------- | -------------- | ----------------- |
+| `dangerouslySetInnerHTML` | XSS risk       | Sanitize input    |
+| `eval()`                  | Code injection | Remove usage      |
+| `innerHTML`               | XSS risk       | Use textContent   |
+| Unsanitized URLs          | Open redirect  | Validate URLs     |
+| SQL concatenation         | Injection      | Use parameterized |
+
+### 🟡 Medium (Warning)
+
+| Check         | Issue            | Recommendation     |
+| ------------- | ---------------- | ------------------ |
+| `console.log` | Info leakage     | Remove in prod     |
+| Hardcoded IPs | Environment leak | Use env vars       |
+| `any` type    | Type safety      | Use specific types |
+| Missing CSRF  | Security gap     | Add protection     |
+
+## Output Format
+
+````
+📋 Running security audit...
+
+════════════════════════════════════════════════════════════════
+  SECURITY SCAN RESULTS
+════════════════════════════════════════════════════════════════
+
+## Summary
+
+| Severity | Count | Status |
+|----------|-------|--------|
+| 🔴 Critical | 0 | ✅ Pass |
+| 🟠 High | 2 | ⚠️ Review |
+| 🟡 Medium | 5 | 📝 Note |
+| 🟢 Low | 8 | ℹ️ Info |
+
+════════════════════════════════════════════════════════════════
+  🔴 CRITICAL FINDINGS
+════════════════════════════════════════════════════════════════
+
+None found ✅
+
+════════════════════════════════════════════════════════════════
+  🟠 HIGH FINDINGS
+════════════════════════════════════════════════════════════════
+
+## 1. Potential XSS via dangerouslySetInnerHTML
+
+**File:** src/features/checkout/src/components/RichText.tsx:45
+**Code:**
+```typescript
+<div dangerouslySetInnerHTML={{ __html: content }} />
+````
+
+**Risk:** User-controlled content could execute scripts
+**Mitigation:** Use `DOMPurify.sanitize()` or `OXRichTextBlock`
+
+**Suggested fix:**
+
+```typescript
+import DOMPurify from 'dompurify';
+<div dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(content) }} />
+```
+
+---
+
+## 2. Missing Input Validation
+
+**File:** src/features/checkout/src/hooks/useBookingUpdate.ts:67
+**Code:**
+
+```typescript
+const url = `${API_BASE}/${userInput}`;
+fetch(url);
+```
+
+**Risk:** URL manipulation, SSRF
+**Mitigation:** Validate and sanitize userInput
+
+════════════════════════════════════════════════════════════════
+🟡 MEDIUM FINDINGS
+════════════════════════════════════════════════════════════════
+
+| #   | File       | Issue                         | Line |
+| --- | ---------- | ----------------------------- | ---- |
+| 1   | helpers.ts | console.log in production     | 23   |
+| 2   | api.ts     | Hardcoded timeout value       | 45   |
+| 3   | config.ts  | Environment variable fallback | 12   |
+| 4   | types.ts   | Use of `any` type             | 78   |
+| 5   | auth.ts    | Token stored in localStorage  | 34   |
+
+════════════════════════════════════════════════════════════════
+🔍 DEPENDENCY AUDIT
+════════════════════════════════════════════════════════════════
+
+Running `npm audit`...
+
+| Package | Severity | CVE            | Fixed In |
+| ------- | -------- | -------------- | -------- |
+| lodash  | High     | CVE-2021-23337 | 4.17.21  |
+| axios   | Medium   | CVE-2023-45857 | 1.6.0    |
+
+**Recommendation:** Run `pnpm update lodash axios`
+
+════════════════════════════════════════════════════════════════
+🤖 AI/PROMPT SECURITY
+════════════════════════════════════════════════════════════════
+
+## Prompt Injection Scan
+
+Checking for:
+
+-   [ ] User input in AI prompts: None found ✅
+-   [ ] Unvalidated MCP calls: None found ✅
+-   [ ] Prompt templates with injection risk: None found ✅
+
+## MCP Server Audit
+
+Connected MCP servers:
+
+-   Atlassian (Jira) - ✅ Official
+-   GitHub - ✅ Official
+-   Figma - ✅ Official
+
+⚠️ No untrusted MCP servers detected
+
+════════════════════════════════════════════════════════════════
+VERDICT
+════════════════════════════════════════════════════════════════
+
+## Overall Security Score: 78/100 (🟠 Needs Attention)
+
+### Blocking Issues: 0
+
+### Review Required: 2
+
+### Improvements Suggested: 5
+
+**Recommendation:**
+
+1. Fix the 2 HIGH findings before PR
+2. Address MEDIUM findings in follow-up
+3. Run `pnpm audit fix` for dependencies
+
+### Pre-PR Checklist
+
+-   [ ] Fix dangerouslySetInnerHTML (HIGH)
+-   [ ] Add URL validation (HIGH)
+-   [ ] Remove console.log statements
+-   [ ] Update vulnerable dependencies
+
+````
+
+## Commands Used
+
+```bash
+# Secret scanning
+grep -rn "AKIA\|api[_-]key\|password\s*=" --include="*.ts" .
+
+# Dependency audit
+pnpm audit --json
+
+# SAST with semgrep (if available)
+semgrep --config=p/security-audit .
+
+# Find dangerous patterns
+grep -rn "dangerouslySetInnerHTML\|eval(\|innerHTML" --include="*.tsx" .
+````
+
+## Integration with Workflow
+
+This command is automatically invoked by:
+
+-   `/full-flow` - Before PR creation
+-   `/pre-pr-check` - As part of validation
+-   `/orchestrate` - Via Security Agent
+
+## AI Execution
+
+When user runs `/security-audit`:
+
+1. **Scan secrets** - Regex patterns for credentials
+2. **Audit dependencies** - npm/pnpm vulnerability check
+3. **SAST analysis** - Security antipatterns
+4. **Prompt security** - AI-specific risks
+5. **Generate report** - Severity-ranked findings
+6. **Recommend fixes** - Specific mitigations

package/package.json

@@ -0,0 +1,36 @@
+{
+  "name": "cursor-devops-commands",
+  "version": "1.0.0",
+  "description": "DevOps & Git Commands for Cursor IDE - Security, Deployment, Git Operations",
+  "bin": {
+    "cursor-devops": "./bin/cli.js",
+    "devops-commands": "./bin/cli.js"
+  },
+  "main": "./bin/cli.js",
+  "keywords": [
+    "cursor",
+    "cursor-rules",
+    "cursor-commands",
+    "devops",
+    "git",
+    "security",
+    "deployment",
+    "dev-productivity",
+    "ai-coding"
+  ],
+  "author": "Sharath Chandra",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/sharath317/cursor-devops-commands"
+  },
+  "homepage": "https://github.com/sharath317/cursor-devops-commands#readme",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "bin/",
+    "commands/"
+  ]
+}
+