README.md

June 7, 2025 ยท View on GitHub

VibeSec Banner

VibeSec

Security Rules & Workflows for Cursor and Windsurf AI assistants


GitHub issues GitHub stars GitHub forks License

Overview

VibeSec is an open-source project created by Untamed Theory that makes the new wave of AI development practices more secure across different AI coding tools. It provides a comprehensive set of security rules for both Windsurf and Cursor AI assistants to help developers write more secure code, following industry best practices.

What it does:

  • Downloads security rules for Windsurf and Cursor development workspaces. Pretty Simple.

๐Ÿ›ก๏ธ Current Features:

  • Supported AI assistants: Windsurf and Cursor
  • Industry Standards: OWASP Top 10 to start (and we'll add more as we go). You can contribute too.
  • Language-specific: Security hardening techniques for JavaScript, TypeScript, Python, and more
  • Framework-focused: Targeted security recommendations for popular frameworks like React, Next.js, and Supabase
  • AI-aware: Special considerations for LLM applications and AI-assisted development. Needs work. Help wanted.

๐Ÿš€ Quick Install

Apply VibeSec to your project with a single command:

# Auto-detect environment (defaults to Windsurf if detection fails)
curl -sL https://raw.githubusercontent.com/untamed-theory/vibesec/main/scripts/install.sh | bash

# Force Cursor installation
curl -sL https://raw.githubusercontent.com/untamed-theory/vibesec/main/scripts/install.sh | bash -s -- --cursor

# Force Windsurf installation
curl -sL https://raw.githubusercontent.com/untamed-theory/vibesec/main/scripts/install.sh | bash -s -- --windsurf

The installation script will automatically detect whether you're using Windsurf or Cursor and install the appropriate rules. If detection fails in a non-interactive environment (like when piped from curl), it will default to Windsurf.

๐Ÿ› ๏ธ Cautious Installation

Not feeling lucky? You can always install VibeSec manually. Here's how:

# From the root of your project
# Clone the repository
git clone https://github.com/untamed-theory/vibesec.git

# Install the rules
./vibesec/scripts/install.sh

OR

Copy and paste the rules wherever and however you want. This is America after all.

โœจ Features

๐Ÿ”„ Unified Security Rules

Consistent security guidelines that work seamlessly across both Windsurf and Cursor AI assistants.

๐Ÿ”Œ Easy Integration

Get started with a single command installation and zero configuration required.

๐Ÿ“š Well Documented

Clear examples distinguishing secure vs. insecure patterns with practical code snippets.

๐Ÿ› ๏ธ Community-Driven

Continuously updated by security experts and the developer community.

๐Ÿ“‹ Comprehensive Security Categories

  • frontend: CORS configuration, NextJS best practices, Supabase authentication, UI security
  • backend: Rate limiting, API security, server-side validation
  • database: SQL injection prevention, Supabase hardening, data access controls
  • infrastructure: Secrets management, configuration security, deployment safety
  • ai: LLM prompt injection prevention, model security considerations
  • supply-chain: Dependency management, secure package selection, SBOM
  • general: OWASP Top 10, cross-cutting security concerns

๐Ÿ—‚๏ธ Directory Structure

vibesec/
โ”œโ”€โ”€ definitions/         # Canonical security rule definitions
โ”‚   โ”œโ”€โ”€ frontend/           # Frontend security rules
โ”‚   โ”œโ”€โ”€ backend/            # Backend & API security rules
โ”‚   โ”œโ”€โ”€ database/           # Database security rules
โ”‚   โ”œโ”€โ”€ infrastructure/     # Infrastructure & DevOps security rules
โ”‚   โ”œโ”€โ”€ ai/                 # AI & LLM security rules
โ”‚   โ”œโ”€โ”€ supply-chain/       # Supply chain security rules
โ”‚   โ””โ”€โ”€ general/            # Cross-cutting security principles
โ”œโ”€โ”€ rules/               # Built rules for AI assistants
โ”‚   โ”œโ”€โ”€ windsurf/           # Windsurf-formatted rules (.md)
โ”‚   โ””โ”€โ”€ cursor/             # Cursor-formatted rules (.mdc)
โ””โ”€โ”€ scripts/
    โ”œโ”€โ”€ install.sh         # Installation script
    โ””โ”€โ”€ build_rules.sh     # Builds rules from definitions

๐Ÿ‘ฅ Contributing

We welcome contributions from the community!

Contributing to VibeSec is easy:

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/amazing-rule)
  3. Create your security rule with these guidelines:
    • All security rules start with the prefix security-
    • Create a single canonical rule in the appropriate definitions/ directory
    • Include clear code examples showing both secure and insecure patterns
    • Run ./scripts/build_rules.sh to generate Windsurf and Cursor versions
  4. Commit your changes (git commit -m 'Add amazing security rule')
  5. Push to the branch (git push origin feature/amazing-rule)
  6. Open a Pull Request

See CONTRIBUTING.md for detailed guidelines.

โš–๏ธ License

This project is licensed under the terms specified in the LICENSE file.


Untamed Theory

Created with โค๏ธ by Untamed Theory