feat: added support to generate language-rule mappings in SKILLS using the script

Ramraj Bishnoie · Ramraj Bishnoie · commit cb025ae39120 · 2025-10-20T13:47:08.000-04:00
diff --git a/rules/codeguard-SKILLS.md.template b/rules/codeguard-SKILLS.md.template
@@ -0,0 +1,62 @@
+---
+name: software-security
+description: A software security skill that integrates with Project CodeGuard to help AI coding agents write secure code and prevent common vulnerabilities. Use this skill when writing, reviewing, or modifying code to ensure secure-by-default practices are followed.
+metadata:
+codeguard-version: "1.0.0"
+framework: "Project CodeGuard"
+purpose: "Embed secure-by-default practices into AI coding workflows"
+---
+
+# Software Security Skill (Project CodeGuard)
+This skill provides comprehensive security guidance to help AI coding agents generate secure code and prevent common vulnerabilities. It is based on **Project CodeGuard**, an open-source, model-agnostic security framework that embeds secure-by-default practices into AI coding workflows.
+
+## When to Use This Skill
+This skill should be activated when:
+- Writing new code in any language
+- Reviewing or modifying existing code
+- Implementing security-sensitive features (authentication, cryptography, data handling, etc.)
+- Working with user input, databases, APIs, or external services
+- Configuring cloud infrastructure, CI/CD pipelines, or containers
+- Handling sensitive data, credentials, or cryptographic operations
+
+## How to Use This Skill
+When writing or reviewing code:
+1. Always-Apply Rules: Some rules MUST be checked on every code operation:
+- `codeguard-1-hardcoded-credentials.md` - Never hardcode secrets, passwords, API keys, or tokens
+- `codeguard-1-crypto-algorithms.md` - Use only modern, secure cryptographic algorithms
+- `codeguard-1-digital-certificates.md` - Validate and manage digital certificates securely
+- `codeguard-1-safe-c-functions.md` - Avoid unsafe C/C++ functions and use safe alternatives
+2. Context-Specific Rules: Apply rules from /rules directory based on the language of the feature being implemented using the table given below:
+<!-- LANGUAGE_MAPPINGS_START -->
+<!-- LANGUAGE_MAPPINGS_END -->
+3. Proactive Security: Don't just avoid vulnerabilities-actively implement secure patterns:
+- Use parameterized queries for database access
+- Validate and sanitize all user input
+- Apply least-privilege principles
+- Use modern cryptographic algorithms and libraries
+- Implement defense-in-depth strategies
+
+## CodeGuard Security Rules
+The security rules are available in the `rules/` directory.
+
+### Usage Workflow
+When generating or reviewing code, follow this workflow:
+
+### 1. Initial Security Check
+Before writing any code:
+- Check: Will this handle credentials? → Apply codeguard-1-hardcoded-credentials
+- Check: What language am I using? → Identify applicable language-specific rules
+- Check: What security domains are involved? → Load relevant rule files
+
+### 2. Code Generation
+While writing code:
+- Apply secure-by-default patterns from relevant Project CodeGuard rules
+- Add security-relevant comments explaining choices
+
+### 3. Security Review
+After writing code:
+- Review against implementation checklists in each rule
+- Verify no hardcoded credentials or secrets
+- Validate that all the rules have been successfully followed when applicable.
+- Explain which security rules were applied
+- Highlight security features implemented
diff --git a/skills/software-security/SKILL.md b/skills/software-security/SKILL.md
@@ -26,10 +26,34 @@ When writing or reviewing code:
 - `codeguard-1-crypto-algorithms.md` - Use only modern, secure cryptographic algorithms
 - `codeguard-1-digital-certificates.md` - Validate and manage digital certificates securely
 - `codeguard-1-safe-c-functions.md` - Avoid unsafe C/C++ functions and use safe alternatives
-2. Context-Specific Rules: Apply rules based on the technology, language, or feature being implemented:
-- Review the relevant rule files in the `rules/` directory
-- Match rules to the specific languages and technologies in use
-- Follow the guidance, checklists, and examples provided
+2. Context-Specific Rules: Apply rules from /rules directory based on the language of the feature being implemented using the table given below:
+
+
+| Language | Rule Files to Apply |
+|----------|---------------------|
+| c | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-data-storage.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md |
+| d | codeguard-0-iac-security.md |
+| docker | codeguard-0-devops-ci-cd-containers.md, codeguard-0-supply-chain-security.md |
+| go | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md |
+| html | codeguard-0-client-side-web-security.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md |
+| java | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-mobile-apps.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md |
+| javascript | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-logging.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-supply-chain-security.md |
+| kotlin | codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-framework-and-languages.md, codeguard-0-mobile-apps.md |
+| matlab | codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-mobile-apps.md, codeguard-0-privacy-data-protection.md |
+| perl | codeguard-0-mobile-apps.md |
+| php | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md |
+| powershell | codeguard-0-devops-ci-cd-containers.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md |
+| python | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md |
+| ruby | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md, codeguard-0-xml-and-serialization.md |
+| shell | codeguard-0-devops-ci-cd-containers.md, codeguard-0-iac-security.md, codeguard-0-input-validation-injection.md |
+| sql | codeguard-0-data-storage.md, codeguard-0-input-validation-injection.md |
+| swift | codeguard-0-additional-cryptography.md, codeguard-0-authentication-mfa.md, codeguard-0-mobile-apps.md |
+| typescript | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authentication-mfa.md, codeguard-0-authorization-access-control.md, codeguard-0-client-side-web-security.md, codeguard-0-file-handling-and-uploads.md, codeguard-0-framework-and-languages.md, codeguard-0-input-validation-injection.md, codeguard-0-session-management-and-cookies.md |
+| vlang | codeguard-0-client-side-web-security.md |
+| xml | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-framework-and-languages.md, codeguard-0-mobile-apps.md, codeguard-0-xml-and-serialization.md |
+| yaml | codeguard-0-additional-cryptography.md, codeguard-0-api-web-services.md, codeguard-0-authorization-access-control.md, codeguard-0-cloud-orchestration-kubernetes.md, codeguard-0-data-storage.md, codeguard-0-devops-ci-cd-containers.md, codeguard-0-framework-and-languages.md, codeguard-0-iac-security.md, codeguard-0-logging.md, codeguard-0-privacy-data-protection.md, codeguard-0-supply-chain-security.md |
+
+
 3. Proactive Security: Don't just avoid vulnerabilities-actively implement secure patterns:
 - Use parameterized queries for database access
 - Validate and sanitize all user input
diff --git a/src/converter.py b/src/converter.py
@@ -44,7 +44,7 @@ class ConversionResult:
         filename: Original filename (e.g., 'my-rule.md')
         basename: Filename without extension (e.g., 'my-rule')
         outputs: Dictionary mapping format names to their outputs
-
+        languages: List of programming languages the rule applies to, empty list if always applies
     Example:
         result = ConversionResult(
             filename="my-rule.md",
@@ -55,13 +55,15 @@ class ConversionResult:
                     extension=".mdc",
                     subpath=".cursor/rules"
                 )
-            }
+            },
+            languages=["python", "javascript"]
         )
     """
 
     filename: str
     basename: str
     outputs: dict[str, FormatOutput]
+    languages: list[str]
 
 
 class RuleConverter:
@@ -239,4 +241,5 @@ def convert(self, filepath: str) -> ConversionResult:
             filename=filename,
             basename=basename,
             outputs=outputs,
+            languages=rule.languages,
         )
diff --git a/src/unified_to_all.py b/src/unified_to_all.py
@@ -10,12 +10,58 @@
 """
 
 from pathlib import Path
+from collections import defaultdict
 
 from converter import RuleConverter
 from formats import CursorFormat, WindsurfFormat, CopilotFormat
 from utils import get_version_from_pyproject
 
 
+def update_skill_md(language_to_rules: dict[str, list[str]], skill_path: str) -> None:
+    """
+    Update SKILL.md with language-to-rules mapping table.
+
+    Args:
+        language_to_rules: Dictionary mapping languages to rule files
+        skill_path: Path to SKILL.md file
+    """
+    # Generate markdown table
+    table_lines = [
+        "| Language | Rule Files to Apply |",
+        "|----------|---------------------|",
+    ]
+
+    for language in sorted(language_to_rules.keys()):
+        rules = sorted(language_to_rules[language])
+        rules_str = ", ".join(rules)
+        table_lines.append(f"| {language} | {rules_str} |")
+
+    table = "\n".join(table_lines)
+
+    # Markers for the language mappings section
+    start_marker = "<!-- LANGUAGE_MAPPINGS_START -->"
+    end_marker = "<!-- LANGUAGE_MAPPINGS_END -->"
+
+    # Read SKILL.md
+    skill_file = Path(skill_path)
+    content = skill_file.read_text(encoding="utf-8")
+
+    if not start_marker in content or not end_marker in content:
+        raise RuntimeError(
+            "Invalid SKILLS.md template: Language mappings section not found in SKILL.md"
+        )
+
+    # Replace entire section including markers with just the table
+    start_idx = content.index(start_marker)
+    end_idx = content.index(end_marker) + len(end_marker)
+    new_section = f"\n\n{table}\n\n"
+    updated_content = content[:start_idx] + new_section + content[end_idx:]
+
+    # Write back to SKILL.md
+    skill_file.write_text(updated_content, encoding="utf-8")
+    print(f"Updated SKILL.md with language mappings")
+
+
 def convert_rules(input_path: str, output_dir: str = ".") -> dict[str, list[str]]:
     """
     Convert rule file(s) to all supported IDE formats using RuleConverter.
@@ -68,6 +114,8 @@ def convert_rules(input_path: str, output_dir: str = ".") -> dict[str, list[str]
 
     results = {"success": [], "errors": []}
 
+    language_to_rules = defaultdict(list)
+
     # Process each file
     for md_file in files_to_process:
         try:
@@ -92,6 +140,10 @@ def convert_rules(input_path: str, output_dir: str = ".") -> dict[str, list[str]
             print(f"Success: {result.filename} → {', '.join(output_files)}")
             results["success"].append(result.filename)
 
+            # Update language mappings for SKILL.md
+            for language in result.languages:
+                language_to_rules[language].append(result.filename)
+
         except FileNotFoundError as e:
             error_msg = f"{md_file.name}: File not found - {e}"
             print(f"Error: {error_msg}")
@@ -112,6 +164,27 @@ def convert_rules(input_path: str, output_dir: str = ".") -> dict[str, list[str]
         f"\nResults: {len(results['success'])} success, {len(results['errors'])} errors"
     )
 
+    # Write language mappings to SKILL.md
+    if language_to_rules:
+        # Determine rules directory (where template should be)
+        rules_dir = path if path.is_dir() else path.parent
+        template_path = rules_dir / "codeguard-SKILLS.md.template"
+        output_skill_dir = output_base / "skills" / "software-security"
+        output_skill_path = output_skill_dir / "SKILL.md"
+
+        # Create output directory if it doesn't exist
+        output_skill_dir.mkdir(parents=True, exist_ok=True)
+
+        # Copy template to output location and update with mappings
+        if not template_path.exists():
+            raise FileNotFoundError(f"Template not found at {template_path}")
+
+        output_skill_path.write_text(
+            template_path.read_text(encoding="utf-8"), encoding="utf-8"
+        )
+        # Update with language mappings
+        update_skill_md(language_to_rules, str(output_skill_path))
+
     return results
 
 
