crush icon indicating copy to clipboard operation
crush copied to clipboard
verified publisher icon charmbracelet

feat: add security review command for git changes

Open novalis78 opened this issue 1 month ago • 1 comments

Add /security-review command that performs AI-powered security analysis of uncommitted git changes. The command only appears when there are pending changes to review.

Features:

  • Automatic detection of git changes (only shows when needed)
  • Comprehensive security analysis covering:
    • Security vulnerabilities (SQL injection, XSS, CSRF, etc.)
    • Insecure dependencies or configurations
    • Hardcoded secrets, credentials, or API keys
    • Permission or access control issues
    • Logging of sensitive data
    • Other security concerns
  • Context-aware: includes current branch and full diff
  • Integrates seamlessly with existing command palette

Implementation:

  • Add SecurityReviewMsg type for command handling
  • Add hasGitChanges() to detect uncommitted changes
  • Add performSecurityReview() to generate security analysis prompt
  • Conditionally show command only when git changes exist

🤖 Generated with Claude Code

  • [ ] I have read CONTRIBUTING.md.
  • [ ] I have created a discussion that was approved by a maintainer (for new features).

novalis78 avatar Nov 08 '25 20:11 novalis78