Skip to content

untamed-theory/vibesec

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

31 Commits
.windsurf/rules
.windsurf/rules
 
 
definitions
definitions
 
 
rules
rules
 
 
scripts
scripts
 
 
static
static
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

VibeSec Banner

VibeSec

Security Rules & Workflows for Cursor and Windsurf AI assistants


GitHub issues GitHub stars GitHub forks License

Overview

VibeSec is an open-source project created by Untamed Theory that makes the new wave of AI development practices more secure across different AI coding tools. It provides a comprehensive set of security rules for both Windsurf and Cursor AI assistants to help developers write more secure code, following industry best practices.

What it does:

  • Downloads security rules for Windsurf and Cursor development workspaces. Pretty Simple.

🛡️ Current Features:

  • Supported AI assistants: Windsurf and Cursor
  • Industry Standards: OWASP Top 10 to start (and we'll add more as we go). You can contribute too.
  • Language-specific: Security hardening techniques for JavaScript, TypeScript, Python, and more
  • Framework-focused: Targeted security recommendations for popular frameworks like React, Next.js, and Supabase
  • AI-aware: Special considerations for LLM applications and AI-assisted development. Needs work. Help wanted.

🚀 Quick Install

Apply VibeSec to your project with a single command:

# Auto-detect environment (defaults to Windsurf if detection fails)
curl -sL https://raw.githubusercontent.com/untamed-theory/vibesec/main/scripts/install.sh | bash
# Force Cursor installation
curl -sL https://raw.githubusercontent.com/untamed-theory/vibesec/main/scripts/install.sh | bash -s -- --cursor
# Force Windsurf installation
curl -sL https://raw.githubusercontent.com/untamed-theory/vibesec/main/scripts/install.sh | bash -s -- --windsurf

The installation script will automatically detect whether you're using Windsurf or Cursor and install the appropriate rules. If detection fails in a non-interactive environment (like when piped from curl), it will default to Windsurf.

🛠️ Cautious Installation

Not feeling lucky? You can always install VibeSec manually. Here's how:

# From the root of your project
# Clone the repository
git clone https://github.com/untamed-theory/vibesec.git

# Install the rules
./vibesec/scripts/install.sh

OR

Copy and paste the rules wherever and however you want. This is America after all.

✨ Features

🔄 Unified Security Rules

Consistent security guidelines that work seamlessly across both Windsurf and Cursor AI assistants.

🔌 Easy Integration

Get started with a single command installation and zero configuration required.

📚 Well Documented

Clear examples distinguishing secure vs. insecure patterns with practical code snippets.

🛠️ Community-Driven

Continuously updated by security experts and the developer community.

📋 Comprehensive Security Categories

  • frontend: CORS configuration, NextJS best practices, Supabase authentication, UI security
  • backend: Rate limiting, API security, server-side validation
  • database: SQL injection prevention, Supabase hardening, data access controls
  • infrastructure: Secrets management, configuration security, deployment safety
  • ai: LLM prompt injection prevention, model security considerations
  • supply-chain: Dependency management, secure package selection, SBOM
  • general: OWASP Top 10, cross-cutting security concerns

🗂️ Directory Structure

vibesec/
├── definitions/         # Canonical security rule definitions
│   ├── frontend/           # Frontend security rules
│   ├── backend/            # Backend & API security rules
│   ├── database/           # Database security rules
│   ├── infrastructure/     # Infrastructure & DevOps security rules
│   ├── ai/                 # AI & LLM security rules
│   ├── supply-chain/       # Supply chain security rules
│   └── general/            # Cross-cutting security principles
├── rules/               # Built rules for AI assistants
│   ├── windsurf/           # Windsurf-formatted rules (.md)
│   └── cursor/             # Cursor-formatted rules (.mdc)
└── scripts/
    ├── install.sh         # Installation script
    └── build_rules.sh     # Builds rules from definitions

👥 Contributing

We welcome contributions from the community!

Contributing to VibeSec is easy:

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-rule)
  3. Create your security rule with these guidelines:
    • All security rules start with the prefix security-
    • Create a single canonical rule in the appropriate definitions/ directory
    • Include clear code examples showing both secure and insecure patterns
    • Run ./scripts/build_rules.sh to generate Windsurf and Cursor versions
  4. Commit your changes (git commit -m 'Add amazing security rule')
  5. Push to the branch (git push origin feature/amazing-rule)
  6. Open a Pull Request

See CONTRIBUTING.md for detailed guidelines.

⚖️ License

This project is licensed under the terms specified in the LICENSE file.


Untamed Theory

Created with ❤️ by Untamed Theory

About

Security Rules & Workflows for the new wave of AI Development.

untamed.cloud

Topics

security ai cursor appsec windsurf shift-left vibe-coding vibecoding

Resources

Readme

License

AGPL-3.0 license
Activity

Stars

19 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages