feat: add unified code quality dashboard with multiple validators

- Add validator_type field to scans and violations (architecture, security, performance) - Create security validator with SEC-xxx rules - Create performance validator with PERF-xxx rules - Add base validator class for shared functionality - Add validate_all.py script to run all validators - Update code quality service with validator type filtering - Add validator type tabs to dashboard UI - Add validator type filter to violations list - Update stats response with per-validator breakdown - Add security and performance rules documentation - Add chat-bubble icons to icon library 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-21 20:57:47 +01:00
parent 6a903e16c6
commit 26b3dc9e3b
27 changed files with 5270 additions and 119 deletions
--- a/.security-rules/cryptography.yaml
+++ b/.security-rules/cryptography.yaml
@@ -0,0 +1,72 @@
+# Cryptography Rules
+# ==================
+
+cryptography_rules:
+  - id: SEC-041
+    name: Strong hashing algorithms
+    severity: error
+    description: >
+      Use bcrypt, argon2, scrypt for passwords.
+      Use SHA-256 or stronger for general hashing.
+      Never use MD5 or SHA1.
+
+  - id: SEC-042
+    name: Secure random generation
+    severity: error
+    description: >
+      Use the secrets module for security-sensitive randomness.
+      Never use random module for tokens or keys.
+
+  - id: SEC-043
+    name: No hardcoded encryption keys
+    severity: error
+    description: >
+      Encryption keys must come from environment variables
+      or secret management services.
+
+  - id: SEC-044
+    name: Strong encryption algorithms
+    severity: error
+    description: >
+      Use AES-256 or ChaCha20. Never use DES, 3DES, or RC4.
+
+  - id: SEC-045
+    name: Proper IV/nonce usage
+    severity: error
+    description: >
+      Encryption IVs and nonces must be randomly generated
+      and unique per encryption.
+
+  - id: SEC-046
+    name: TLS version requirements
+    severity: warning
+    description: >
+      Enforce TLS 1.2 or higher.
+      Disable SSLv2, SSLv3, TLS 1.0, TLS 1.1.
+
+  - id: SEC-047
+    name: Certificate verification
+    severity: error
+    description: >
+      Always verify SSL certificates.
+      Never disable verification in production.
+
+  - id: SEC-048
+    name: Key derivation for passwords
+    severity: warning
+    description: >
+      When deriving encryption keys from passwords,
+      use PBKDF2 with 100K+ iterations, Argon2, or scrypt.
+
+  - id: SEC-049
+    name: Secure key storage
+    severity: info
+    description: >
+      Encryption keys should be stored in environment variables,
+      secret management, or HSMs.
+
+  - id: SEC-050
+    name: Key rotation support
+    severity: info
+    description: >
+      Implement key rotation with multiple key versions.