Merge pull request #228 from shivasurya/shiva/ext

SecureFlow Assistant for VSCode

Author: shivasurya

extension/secureflow/.vscode-test.mjs

@@ -0,0 +1,5 @@
+import { defineConfig } from '@vscode/test-cli';
+
+export default defineConfig({
+	files: 'out/test/**/*.test.js',
+});

extension/secureflow/.vscode/extensions.json

@@ -0,0 +1,5 @@
+{
+  // See http://go.microsoft.com/fwlink/?LinkId=827846
+  // for the documentation about the extensions.json format
+  "recommendations": ["dbaeumer.vscode-eslint", "amodio.tsl-problem-matcher", "ms-vscode.extension-test-runner"]
+}

extension/secureflow/.vscode/launch.json

@@ -0,0 +1,21 @@
+// A launch configuration that compiles the extension and then opens it inside a new window
+// Use IntelliSense to learn about possible attributes.
+// Hover to view descriptions of existing attributes.
+// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+{
+	"version": "0.2.0",
+	"configurations": [
+		{
+			"name": "Run Extension",
+			"type": "extensionHost",
+			"request": "launch",
+			"args": [
+				"--extensionDevelopmentPath=${workspaceFolder}"
+			],
+			"outFiles": [
+				"${workspaceFolder}/dist/**/*.js"
+			],
+			"preLaunchTask": "${defaultBuildTask}"
+		}
+	]
+}

extension/secureflow/.vscode/settings.json

@@ -0,0 +1,13 @@
+// Place your settings in this file to overwrite default and user settings.
+{
+	"files.exclude": {
+		"out": false, // set this to true to hide the "out" folder with the compiled JS files
+		"dist": false // set this to true to hide the "dist" folder with the compiled JS files
+	},
+	"search.exclude": {
+		"out": true, // set this to false to include "out" folder in search results
+		"dist": true // set this to false to include "dist" folder in search results
+	},
+	// Turn off tsc task auto detection since we have the necessary tasks as npm scripts
+	"typescript.tsc.autoDetect": "off"
+}

extension/secureflow/.vscode/tasks.json

@@ -0,0 +1,40 @@
+// See https://go.microsoft.com/fwlink/?LinkId=733558
+// for the documentation about the tasks.json format
+{
+	"version": "2.0.0",
+	"tasks": [
+		{
+			"type": "npm",
+			"script": "watch",
+			"problemMatcher": "$ts-webpack-watch",
+			"isBackground": true,
+			"presentation": {
+				"reveal": "never",
+				"group": "watchers"
+			},
+			"group": {
+				"kind": "build",
+				"isDefault": true
+			}
+		},
+		{
+			"type": "npm",
+			"script": "watch-tests",
+			"problemMatcher": "$tsc-watch",
+			"isBackground": true,
+			"presentation": {
+				"reveal": "never",
+				"group": "watchers"
+			},
+			"group": "build"
+		},
+		{
+			"label": "tasks: watch-tests",
+			"dependsOn": [
+				"npm: watch",
+				"npm: watch-tests"
+			],
+			"problemMatcher": []
+		}
+	]
+}

extension/secureflow/.vscodeignore

@@ -0,0 +1,14 @@
+.vscode/**
+.vscode-test/**
+out/**
+node_modules/**
+src/**
+.gitignore
+.yarnrc
+webpack.config.js
+vsc-extension-quickstart.md
+**/tsconfig.json
+**/eslint.config.mjs
+**/*.map
+**/*.ts
+**/.vscode-test.*

extension/secureflow/CHANGELOG.md

@@ -0,0 +1,9 @@
+# Change Log
+
+All notable changes to the "secureflow" extension will be documented in this file.
+
+Check [Keep a Changelog](http://keepachangelog.com/) for recommendations on how to structure this file.
+
+## [Unreleased]
+
+- Initial release

extension/secureflow/README.md

@@ -0,0 +1,70 @@
+# SecureFlow
+
+SecureFlow is your AI security co-pilot for smarter, safer code, right in your editor. This VS Code extension helps you identify potential security vulnerabilities in your code directly within your development workflow.
+
+## Features
+
+- **Quick Security Analysis**: Select any code snippet and press `Cmd+L` (Mac) to analyze it for security vulnerabilities
+- **Real-time Feedback**: Get immediate feedback on potential security issues
+- **Detailed Reports**: View comprehensive reports with severity ratings, descriptions, and recommendations
+- **In-Editor Experience**: All analysis happens right in your VS Code editor with no need to switch contexts
+
+![SecureFlow Analysis Demo](https://example.com/images/secureflow-demo.png)
+
+## Usage
+
+1. Select a block of code in your editor
+2. Press `Cmd+L` (Mac) or `Ctrl+L` (Windows/Linux)
+3. View the security analysis results in the output panel
+
+SecureFlow analyzes your code for common security vulnerabilities, including:
+- SQL Injection
+- Cross-Site Scripting (XSS)
+- Hardcoded Secrets
+- Insecure Random Number Generation
+- And more...
+
+## Requirements
+
+- VS Code version 1.102.0 or higher
+
+## Extension Settings
+
+This extension does not add any settings yet. Settings to customize the analysis will be added in future versions.
+
+## Known Issues
+
+- This is an early version with limited analysis capabilities
+- Only a subset of common security vulnerabilities are detected
+
+## Release Notes
+
+### 0.0.1
+
+Initial release of SecureFlow with basic security analysis features:
+- Code selection analysis with `Cmd+L`
+- Detection of basic security patterns
+- Output panel with security reports
+
+---
+
+## Following extension guidelines
+
+Ensure that you've read through the extensions guidelines and follow the best practices for creating your extension.
+
+* [Extension Guidelines](https://code.visualstudio.com/api/references/extension-guidelines)
+
+## Working with Markdown
+
+You can author your README using Visual Studio Code. Here are some useful editor keyboard shortcuts:
+
+* Split the editor (`Cmd+\` on macOS or `Ctrl+\` on Windows and Linux).
+* Toggle preview (`Shift+Cmd+V` on macOS or `Shift+Ctrl+V` on Windows and Linux).
+* Press `Ctrl+Space` (Windows, Linux, macOS) to see a list of Markdown snippets.
+
+## For more information
+
+* [Visual Studio Code's Markdown Support](http://code.visualstudio.com/docs/languages/markdown)
+* [Markdown Syntax Reference](https://help.github.com/articles/markdown-basics/)
+
+**Enjoy!**