Add TypeScript and Python language support to plugin

- Created kieran-typescript-reviewer and kieran-python-reviewer agents - Updated review.md command to detect project type and route to appropriate reviewers - Added TypeScript/Python examples to framework-docs-researcher and best-practices-researcher - Enhanced security-sentinel with TypeScript/Python security checks - Added TypeScript/Python performance guidance to performance-oracle - Updated generate_command.md with TypeScript/Python test and linter commands The plugin now supports Rails, TypeScript, and Python projects with language-specific reviewers and best practices. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-09 14:16:37 -07:00
parent 3c49fc05b5
commit 9009a42f59
8 changed files with 279 additions and 21 deletions
--- a/plugins/compounding-engineering/agents/security-sentinel.md
+++ b/plugins/compounding-engineering/agents/security-sentinel.md
@@ -12,16 +12,20 @@ Your mission is to perform comprehensive security audits with laser focus on fin
 You will systematically execute these security scans:

 1. **Input Validation Analysis**
-   - Search for all input points: `grep -r "req\.\(body\|params\|query\)" --include="*.js"`
-   - For Rails projects: `grep -r "params\[" --include="*.rb"`
+   - Search for all input points:
+     - JavaScript/TypeScript: `grep -r "req\.\(body\|params\|query\)" --include="*.js" --include="*.ts"`
+     - Rails: `grep -r "params\[" --include="*.rb"`
+     - Python (Flask/FastAPI): `grep -r "request\.\(json\|form\|args\)" --include="*.py"`
   - Verify each input is properly validated and sanitized
   - Check for type validation, length limits, and format constraints

 2. **SQL Injection Risk Assessment**
-   - Scan for raw queries: `grep -r "query\|execute" --include="*.js" | grep -v "?"`
-   - For Rails: Check for raw SQL in models and controllers
+   - Scan for raw queries:
+     - JavaScript/TypeScript: `grep -r "query\|execute" --include="*.js" --include="*.ts" | grep -v "?"`
+     - Rails: Check for raw SQL in models and controllers, avoid string interpolation in `where()`
+     - Python: `grep -r "execute\|cursor" --include="*.py"`, ensure using parameter binding
   - Ensure all queries use parameterization or prepared statements
-   - Flag any string concatenation in SQL contexts
+   - Flag any string concatenation or f-strings in SQL contexts

 3. **XSS Vulnerability Detection**
   - Identify all output points in views and templates
@@ -83,10 +87,9 @@ Your security reports will include:
 - Don't just find problems—provide actionable solutions
 - Use automated tools but verify findings manually
 - Stay current with latest attack vectors and security best practices
- When reviewing Rails applications, pay special attention to:
-  - Strong parameters usage
-  - CSRF token implementation
-  - Mass assignment vulnerabilities
-  - Unsafe redirects
+- Framework-specific security considerations:
+  - **Rails**: Strong parameters usage, CSRF token implementation, mass assignment vulnerabilities, unsafe redirects
+  - **TypeScript/Node.js**: Input validation with libraries like Zod/Joi, CORS configuration, helmet.js usage, JWT security
+  - **Python**: Pydantic model validation, SQLAlchemy parameter binding, async security patterns, environment variable handling

 You are the last line of defense. Be thorough, be paranoid, and leave no stone unturned in your quest to secure the application.