secure-coding-rules 2.0.0 → 2.0.1

package/src/index.js

@@ -1,22 +1,15 @@
 /**
- * secure-rules - OWASP 2025 Security Rules Generator for AI Coding Assistants
- *
- * Generates security coding rules in the format of your preferred AI tool:
- * - CLAUDE.md (Claude Code)
- * - .cursor/rules/*.mdc (Cursor)
- * - .windsurf/rules/*.md (Windsurf)
- * - .github/copilot-instructions.md (GitHub Copilot)
- * - AGENTS.md (vendor-neutral)
+ * secure-coding-rules - OWASP 2025 Security Rules Generator for AI Coding Assistants
  */
 
 import { mkdir, readFile, writeFile } from 'node:fs/promises';
 import { readFileSync, existsSync } from 'node:fs';
 import { join, dirname } from 'node:path';
 import { fileURLToPath } from 'node:url';
+import { initLang, t } from './i18n.js';
 import { promptUser } from './prompts.js';
 import { loadTemplates } from './loader.js';
 
-// Adapter imports
 import * as claudeAdapter from './adapters/claude.js';
 import * as cursorAdapter from './adapters/cursor.js';
 import * as windsurfAdapter from './adapters/windsurf.js';
@@ -33,7 +26,7 @@ function getVersion() {
     );
     return pkg.version;
   } catch {
-    return '2.0.0';
+    return '2.1.0';
   }
 }
 
@@ -45,53 +38,88 @@ const adapters = {
   agents: agentsAdapter,
 };
 
+// Tools that natively use directory-based output
+const DIRECTORY_NATIVE_TOOLS = ['cursor', 'windsurf'];
+
+// Tools that support optional directory mode
+const DIRECTORY_OPTIONAL_TOOLS = ['claude', 'copilot'];
+
 export async function run() {
   const args = process.argv.slice(2);
   const version = getVersion();
 
-  // Help flag
+  initLang(args);
+
   if (args.includes('--help') || args.includes('-h')) {
     printHelp(version);
     return;
   }
 
-  // Version flag
   if (args.includes('--version') || args.includes('-v')) {
     console.log(`secure-coding-rules v${version}`);
     return;
   }
 
+  // --remove flag
+  if (args.includes('--remove')) {
+    await removeRules();
+    return;
+  }
+
+  const dryRun = args.includes('--dry-run');
   const config = await promptUser(args);
 
-  // --check returns null to signal early exit
   if (config === null) return;
 
-  const adapter = adapters[config.tool];
-
-  console.log(`\nLoading security templates...`);
+  console.log(`\n${t('loading')}`);
   const templates = await loadTemplates(config.categories);
 
   if (templates.size === 0) {
-    console.error('No templates found. Please check your installation.');
+    console.error(t('noTemplates'));
     process.exit(1);
   }
 
-  console.log(`Loaded ${templates.size} security rule modules.`);
+  console.log(t('loaded', templates.size));
 
   const cwd = process.cwd();
   const options = { framework: config.framework, version };
 
-  if (config.tool === 'cursor') {
-    await generateMultipleFiles(cursorAdapter, templates, options, cwd);
-  } else if (config.tool === 'windsurf') {
-    await generateMultipleFiles(windsurfAdapter, templates, options, cwd);
-  } else {
-    await generateSingleFile(adapter, templates, options, cwd);
+  // Process each selected tool
+  for (const toolName of config.tools) {
+    const adapter = adapters[toolName];
+    if (!adapter) continue;
+
+    if (config.tools.length > 1) {
+      console.log(`\n${t('generatingFor', adapter.name)}`);
+    }
+
+    if (dryRun) {
+      dryRunPreview(adapter, toolName, config, templates, options, cwd);
+      continue;
+    }
+
+    const useDirectory = shouldUseDirectory(toolName, config.outputMode);
+
+    if (useDirectory) {
+      await generateDirectoryMode(adapter, toolName, templates, options, config, cwd);
+    } else if (DIRECTORY_NATIVE_TOOLS.includes(toolName)) {
+      await generateMultipleFiles(adapter, templates, options, cwd);
+    } else {
+      await generateSingleFile(adapter, templates, options, cwd);
+    }
+  }
+
+  if (!dryRun) {
+    console.log(`\n✅ ${t('success')}`);
+    console.log(`📖 ${t('reference')}`);
+    console.log(`\n${t('runAgain')}\n`);
   }
+}
 
-  console.log('\n✅ Security rules generated successfully!');
-  console.log('📖 Based on OWASP Top 10 2025 (https://owasp.org/Top10/2025/)');
-  console.log('\nRun again anytime to update: npx secure-coding-rules\n');
+function shouldUseDirectory(toolName, outputMode) {
+  if (DIRECTORY_NATIVE_TOOLS.includes(toolName)) return false; // cursor/windsurf already directory-based
+  if (DIRECTORY_OPTIONAL_TOOLS.includes(toolName) && outputMode === 'directory') return true;
+  return false;
 }
 
 async function generateSingleFile(adapter, templates, options, cwd) {
@@ -108,10 +136,10 @@ async function generateSingleFile(adapter, templates, options, cwd) {
     const existing = await readFile(outputPath, 'utf-8');
     const merged = adapter.merge(existing, newContent);
     await writeFile(outputPath, merged, 'utf-8');
-    console.log(`\n📝 Updated: ${adapter.outputPath} (merged with existing content)`);
+    console.log(`📝 ${t('updated', adapter.outputPath)}`);
   } else {
     await writeFile(outputPath, newContent, 'utf-8');
-    console.log(`\n📝 Created: ${adapter.outputPath}`);
+    console.log(`📝 ${t('created', adapter.outputPath)}`);
   }
 }
 
@@ -131,47 +159,185 @@ async function generateMultipleFiles(adapter, templates, options, cwd) {
     count++;
   }
 
-  console.log(`\n📝 Generated ${count} files in ${adapter.outputDir}/`);
+  console.log(`📝 ${t('generated', count, adapter.outputDir)}`);
+}
+
+async function generateDirectoryMode(adapter, toolName, templates, options, config, cwd) {
+  // 1. Generate individual rule files in the rules directory
+  const rulesDir = join(cwd, adapter.rulesDir);
+
+  if (!existsSync(rulesDir)) {
+    await mkdir(rulesDir, { recursive: true });
+  }
+
+  const files = adapter.formatMultiple(templates, options);
+  let count = 0;
+
+  for (const [filename, content] of files) {
+    const filePath = join(rulesDir, filename);
+    await writeFile(filePath, content, 'utf-8');
+    count++;
+  }
+
+  console.log(`📝 ${t('generated', count, adapter.rulesDir)}`);
+
+  // 2. Add/update reference in main file
+  const mainPath = join(cwd, adapter.outputPath);
+  const mainDir = dirname(mainPath);
+
+  if (!existsSync(mainDir)) {
+    await mkdir(mainDir, { recursive: true });
+  }
+
+  const refContent = adapter.formatReference(config.categories, options);
+
+  if (existsSync(mainPath) && adapter.merge) {
+    const existing = await readFile(mainPath, 'utf-8');
+    const merged = adapter.merge(existing, refContent);
+    await writeFile(mainPath, merged, 'utf-8');
+    console.log(`📝 ${t('refUpdated', adapter.outputPath)}`);
+  } else {
+    await writeFile(mainPath, refContent, 'utf-8');
+    console.log(`📝 ${t('refCreated', adapter.outputPath)}`);
+  }
+}
+
+function dryRunPreview(adapter, toolName, config, templates, options, cwd) {
+  console.log(`\n── ${t('dryRunTitle')} (${adapter.name}) ──────────────────`);
+  console.log(`${t('dryRunFramework')}  ${config.framework}`);
+  console.log(`${t('dryRunCategories')} ${config.categories.length}`);
+
+  const useDirectory = shouldUseDirectory(toolName, config.outputMode);
+
+  if (useDirectory) {
+    const files = adapter.formatMultiple(templates, options);
+    console.log(`\n${t('dryRunWouldGenerate', files.size, adapter.rulesDir)}`);
+    for (const [filename] of files) {
+      console.log(`  - ${filename}`);
+    }
+    console.log(`\n${t('dryRunWouldUpdate', adapter.outputPath)} (reference only)`);
+  } else if (DIRECTORY_NATIVE_TOOLS.includes(toolName)) {
+    const files = adapter.formatMultiple(templates, options);
+    console.log(`\n${t('dryRunWouldGenerate', files.size, adapter.outputDir)}`);
+    for (const [filename] of files) {
+      console.log(`  - ${filename}`);
+    }
+  } else {
+    const outputPath = join(cwd, adapter.outputPath);
+    const content = adapter.format(templates, options);
+    const exists = existsSync(outputPath);
+    console.log(
+      `\n${exists ? t('dryRunWouldUpdate', adapter.outputPath) : t('dryRunWouldCreate', adapter.outputPath)}`
+    );
+    console.log(t('dryRunSize', (content.length / 1024).toFixed(1)));
+  }
+
+  console.log(`── ${t('dryRunApply')} ───────────────────\n`);
+}
+
+async function removeRules() {
+  const cwd = process.cwd();
+  const SECTION_START = '<!-- js-secure-coding:start -->';
+  const SECTION_END = '<!-- js-secure-coding:end -->';
+  let removed = 0;
+
+  // 1. Clean markers from single-file tools
+  const singleFiles = ['CLAUDE.md', '.github/copilot-instructions.md', 'AGENTS.md'];
+  for (const file of singleFiles) {
+    const filePath = join(cwd, file);
+    if (!existsSync(filePath)) continue;
+    const content = await readFile(filePath, 'utf-8');
+    if (!content.includes(SECTION_START)) continue;
+
+    const before = content.substring(0, content.indexOf(SECTION_START));
+    const after = content.substring(
+      content.indexOf(SECTION_END) + SECTION_END.length
+    );
+    const cleaned = (before.trimEnd() + '\n' + after.trimStart()).trim();
+
+    if (cleaned) {
+      await writeFile(filePath, cleaned + '\n', 'utf-8');
+      console.log(`🗑️  ${t('removedMarkers', file)}`);
+    } else {
+      const { unlink } = await import('node:fs/promises');
+      await unlink(filePath);
+      console.log(`🗑️  ${t('removedFile', file)}`);
+    }
+    removed++;
+  }
+
+  // 2. Remove security-* files from rule directories
+  const ruleDirs = [
+    { dir: '.cursor/rules', ext: '.mdc' },
+    { dir: '.windsurf/rules', ext: '.md' },
+    { dir: '.claude/rules', ext: '.md' },
+    { dir: '.github/instructions', ext: '.md' },
+  ];
+
+  for (const { dir, ext } of ruleDirs) {
+    const dirPath = join(cwd, dir);
+    if (!existsSync(dirPath)) continue;
+
+    const { readdir, unlink } = await import('node:fs/promises');
+    const files = await readdir(dirPath);
+    const securityFiles = files.filter(
+      (f) => f.startsWith('security-') && f.endsWith(ext)
+    );
+
+    for (const file of securityFiles) {
+      await unlink(join(dirPath, file));
+      removed++;
+    }
+
+    if (securityFiles.length > 0) {
+      console.log(`🗑️  ${t('removedDir', securityFiles.length, dir)}`);
+    }
+  }
+
+  if (removed === 0) {
+    console.log(`\n${t('noRulesFound')}`);
+  } else {
+    console.log(`\n✅ ${t('removeSuccess')}`);
+  }
 }
 
 function printHelp(version) {
   console.log(`
 secure-coding-rules v${version}
 
-OWASP 2025 기반 JavaScript 보안 코딩 룰을 AI 코딩 어시스턴트에 자동 적용
+${t('helpDesc')}
 
 Usage:
-  npx secure-coding-rules              Interactive mode (auto-detects project)
-  npx secure-coding-rules --yes        Apply all rules with smart defaults
-  npx secure-coding-rules --check      Show current project security status
+  npx secure-coding-rules              Interactive mode (multi-tool select)
+  npx secure-coding-rules --yes        Smart defaults
+  npx secure-coding-rules --check      Project status
+  npx secure-coding-rules --dry-run    Preview
+  npx secure-coding-rules --remove     Remove all generated rules
+  npx secure-coding-rules --lang ko    한국어로 실행
 
 Options:
-  -y, --yes      Non-interactive mode (auto-detects tool & framework)
-  --check        Show which AI tools and frameworks are detected
+  -y, --yes      Non-interactive mode
+  --check        Show detected AI tools and frameworks
+  --dry-run      Preview without writing files
+  --remove       Remove all security rules (clean uninstall)
+  --lang <code>  Language: en (default), ko
   -h, --help     Show this help
   -v, --version  Show version
 
-Supported AI Tools:
-  - Claude Code    → CLAUDE.md
+Output Modes:
+  inline         Embed all rules in main file (e.g. CLAUDE.md)
+  directory      Separate rule files + reference in main file
+                 (e.g. .claude/rules/security-*.md + CLAUDE.md reference)
+
+Supported AI Tools (select multiple):
+  - Claude Code    → CLAUDE.md or .claude/rules/
   - Cursor         → .cursor/rules/*.mdc
   - Windsurf       → .windsurf/rules/*.md
-  - GitHub Copilot → .github/copilot-instructions.md
-  - AGENTS.md      → AGENTS.md (vendor-neutral)
-
-Security Categories (OWASP Top 10 2025):
-  A01: Broken Access Control
-  A02: Security Misconfiguration
-  A03: Supply Chain Failures (NEW in 2025)
-  A04: Cryptographic Failures
-  A05: Injection
-  A06: Insecure Design
-  A07: Authentication Failures
-  A08: Data Integrity Failures
-  A09: Logging & Alerting Failures
-  A10: Error Handling (NEW in 2025)
-
-  + Frontend: XSS, CSRF, CSP, Secure State Management
-
-Homepage: https://github.com/user/secure-coding-rules
+  - GitHub Copilot → .github/copilot-instructions.md or .github/instructions/
+  - AGENTS.md      → AGENTS.md
+
+OWASP Top 10 2025: A01-A10 + Frontend (XSS, CSRF, CSP, State)
+
+Homepage: https://github.com/kwakseongjae/js-secure-coding-prompt-templates
 `);
 }

package/src/loader.js

@@ -10,31 +10,40 @@ const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
 const TEMPLATES_DIR = join(__dirname, 'templates');
 
-const CORE_CATEGORIES = [
-  'access-control',
-  'security-config',
-  'supply-chain',
-  'cryptographic',
-  'injection',
-  'secure-design',
-  'authentication',
-  'data-integrity',
-  'logging-alerting',
-  'error-handling',
-];
-
-const FRONTEND_CATEGORIES = [
-  'xss-prevention',
-  'csrf-protection',
-  'csp',
-  'secure-state',
-];
+const CATEGORY_DIRS = {
+  // OWASP Top 10 2025
+  'access-control': 'core',
+  'security-config': 'core',
+  'supply-chain': 'core',
+  'cryptographic': 'core',
+  'injection': 'core',
+  'secure-design': 'core',
+  'authentication': 'core',
+  'data-integrity': 'core',
+  'logging-alerting': 'core',
+  'error-handling': 'core',
+  // Frontend
+  'xss-prevention': 'frontend',
+  'csrf-protection': 'frontend',
+  'csp': 'frontend',
+  'secure-state': 'frontend',
+  // TypeScript
+  'typescript-security': 'typescript',
+  // Frameworks
+  'react-security': 'frameworks',
+  'express-security': 'frameworks',
+  'nextjs-security': 'frameworks',
+};
 
 /**
  * Load a single template file by category name
  */
 export async function loadTemplate(category) {
-  const subdir = CORE_CATEGORIES.includes(category) ? 'core' : 'frontend';
+  const subdir = CATEGORY_DIRS[category];
+  if (!subdir) {
+    console.warn(`Warning: Template not found: ${category}`);
+    return null;
+  }
   const filePath = join(TEMPLATES_DIR, subdir, `${category}.md`);
   try {
     return await readFile(filePath, 'utf-8');
@@ -80,6 +89,10 @@ export function getCategoryInfo(category) {
     'csrf-protection': { owasp: 'FE-02', title: 'CSRF Protection', group: 'frontend' },
     'csp': { owasp: 'FE-03', title: 'Content Security Policy', group: 'frontend' },
     'secure-state': { owasp: 'FE-04', title: 'Secure State Management', group: 'frontend' },
+    'typescript-security': { owasp: 'TS-01', title: 'TypeScript Security', group: 'typescript' },
+    'react-security': { owasp: 'FW-01', title: 'React Security', group: 'frameworks' },
+    'express-security': { owasp: 'FW-02', title: 'Express Security', group: 'frameworks' },
+    'nextjs-security': { owasp: 'FW-03', title: 'Next.js Security', group: 'frameworks' },
   };
   return info[category] || { owasp: '??', title: category, group: 'unknown' };
 }