Uniform.dev plugin for Cursor marketplace

cursor-marketplace/.cursor-plugin/marketplace.json

@@ -0,0 +1,25 @@
+{
+  "name": "uniform.dev",
+  "owner": {
+    "name": "Uniform.dev",
+    "email": "plugins@example.com"
+  },
+  "metadata": {
+    "description": "Uniform.dev",
+    "version": "1.0.0"
+  },
+  "plugins": [
+    {
+      "name": "uniform-rules",
+      "source": "uniform-rules",
+      "description": "Uniform CMS rules for AI-assisted development (compositions, components, patterns, SDK, mesh)",
+      "keywords": ["uniform", "cms", "headless", "canvas", "sveltekit", "next"]
+    },
+    {
+      "name": "enterprise-toolkit",
+      "source": "enterprise-toolkit",
+      "description": "Enterprise development toolkit with security, compliance, and automation",
+      "keywords": ["enterprise", "security", "compliance", "code-review"]
+    }
+  ]
+}

cursor-marketplace/README.md

@@ -0,0 +1,63 @@
+# Cursor Marketplace – AI Rules
+
+This repository is a **Cursor marketplace**: a multi-plugin repo that can be submitted to the Cursor marketplace so others can install the plugins.
+
+## Structure
+
+```
+cursor-marketplace/
+├── .cursor-plugin/
+│   └── marketplace.json       # Marketplace manifest (lists plugins)
+├── uniform-rules/             # Plugin: Uniform CMS rules
+│   ├── .cursor-plugin/
+│   │   └── plugin.json
+│   ├── rules/
+│   │   ├── uniform.mdc
+│   │   ├── uniform-sdk.mdc
+│   │   ├── uniform-sveltekit.mdc
+│   │   ├── uniform-next-app-router.mdc
+│   │   ├── uniform-next-page-router.mdc
+│   │   └── uniform-mesh.mdc
+│   └── README.md
+├── enterprise-toolkit/        # Plugin: Security, compliance, automation
+│   ├── .cursor-plugin/
+│   │   └── plugin.json
+│   ├── rules/
+│   ├── skills/
+│   ├── agents/
+│   ├── commands/
+│   ├── hooks/
+│   ├── .mcp.json
+│   ├── assets/
+│   ├── scripts/
+│   └── README.md
+└── README.md
+```
+
+## Plugins
+
+| Plugin              | Description |
+|---------------------|-------------|
+| **uniform-rules**   | Uniform CMS rules for compositions, components, patterns, SDK, SvelteKit, Next.js, Mesh. |
+| **enterprise-toolkit** | Rules, skills, agents, commands, hooks, and optional MCP for security, compliance, and automation. |
+
+## Submitting to the Cursor marketplace
+
+1. Push this repo (or the `cursor-marketplace` folder as its own repo) to a **public** Git host.
+2. Go to [cursor.com/marketplace/publish](https://cursor.com/marketplace/publish) and submit the repository URL.
+3. Ensure:
+   - Each plugin has a valid `.cursor-plugin/plugin.json` with a unique `name` (lowercase, kebab-case).
+   - All rules/skills/agents/commands have proper frontmatter.
+   - Paths in manifests are relative and valid.
+   - You have tested the plugins locally.
+
+## Local use
+
+To use as a local marketplace or single plugin:
+
+- **Multi-plugin**: Point Cursor at the root of `cursor-marketplace` (where `.cursor-plugin/marketplace.json` lives).
+- **Single plugin**: Point Cursor at `cursor-marketplace/uniform-rules` or `cursor-marketplace/enterprise-toolkit`.
+
+## License
+
+See repository license. Plugin manifests may specify their own license.

cursor-marketplace/enterprise-toolkit/.cursor-plugin/plugin.json

@@ -0,0 +1,11 @@
+{
+  "name": "enterprise-toolkit",
+  "version": "1.0.0",
+  "description": "Enterprise development toolkit with security scanning, compliance checks, and automation",
+  "author": {
+    "name": "AI Rules",
+    "email": "plugins@example.com"
+  },
+  "keywords": ["enterprise", "security", "compliance", "code-review"],
+  "logo": "assets/logo.svg"
+}

cursor-marketplace/enterprise-toolkit/.mcp.json

@@ -0,0 +1,9 @@
+{
+  "mcpServers": {
+    "filesystem": {
+      "command": "npx",
+      "args": ["-y", "@modelcontextprotocol/server-filesystem", "."],
+      "env": {}
+    }
+  }
+}

cursor-marketplace/enterprise-toolkit/README.md

@@ -0,0 +1,22 @@
+# Enterprise Toolkit
+
+Cursor plugin with security standards, compliance checks, and automation for enterprise development.
+
+## Contents
+
+- **Rules**: `security-standards.mdc`, `code-style.mdc`
+- **Skills**: `compliance-check`, `security-review`
+- **Agents**: `security-reviewer`, `compliance-checker`
+- **Commands**: `run-compliance-scan`
+- **Hooks**: afterFileEdit (format), beforeShellExecution (validate), sessionEnd (audit)
+- **MCP**: Optional filesystem server (configure path in `.mcp.json`)
+
+## Configuration
+
+- Edit `hooks/hooks.json` to enable or disable hooks and matchers.
+- Edit `.mcp.json` to add or change MCP servers (e.g. database, APIs).
+- Replace placeholder scripts in `scripts/` with your formatters and validators.
+
+## Usage
+
+Install this plugin via the Cursor marketplace or from this repo. Rules and skills apply when the plugin is active. Use agents and commands from the Cursor UI as needed.

cursor-marketplace/enterprise-toolkit/agents/compliance-checker.md

@@ -0,0 +1,15 @@
+---
+name: compliance-checker
+description: Runs compliance and policy checks on the codebase
+---
+
+# Compliance Checker
+
+You run compliance and policy checks. When asked:
+
+1. Summarize security-related findings (secrets, dependencies, obvious vulnerabilities)
+2. Note licensing and policy documents (CONTRIBUTING, SECURITY, LICENSE)
+3. Compare current state to any stated policies
+4. Produce a short pass/warn/fail report with next steps
+
+Use the compliance-check skill when performing detailed audits.

cursor-marketplace/enterprise-toolkit/agents/security-reviewer.md

@@ -0,0 +1,17 @@
+---
+name: security-reviewer
+description: Security-focused code reviewer that checks for vulnerabilities and proven approaches
+---
+
+# Security Reviewer
+
+You are a security-focused code reviewer. When reviewing code:
+
+1. Check for injection vulnerabilities (SQL, XSS, command injection)
+2. Verify proper authentication and authorization
+3. Look for sensitive data exposure (API keys, passwords, PII)
+4. Ensure secure cryptographic practices
+5. Review dependency security and known vulnerabilities
+6. Check for proper input validation and sanitization
+
+Report findings with severity and concrete remediation. Prefer safe defaults.

cursor-marketplace/enterprise-toolkit/commands/run-compliance-scan.md

@@ -0,0 +1,27 @@
+---
+name: run-compliance-scan
+description: Run a full compliance scan (security, licensing, policy) on the current project
+---
+
+# Run compliance scan
+
+Execute a compliance scan for the current project:
+
+1. **Security**
+   - Check for hardcoded secrets and unsafe patterns
+   - List dependency audit commands (e.g. `npm audit`, `pnpm audit`) and suggest running them
+   - Note any obvious injection or auth issues in the codebase
+
+2. **Licensing**
+   - Identify root and package license files
+   - Summarize license types; flag any that may need legal review
+
+3. **Policy**
+   - Look for CONTRIBUTING.md, SECURITY.md, CODE_OF_CONDUCT.md, or similar
+   - Summarize requirements and whether the repo state aligns
+
+4. **Report**
+   - Output a short summary with pass/warn/fail per area
+   - Recommend concrete next steps (e.g. run `npm audit`, add SECURITY.md)
+
+Do not modify code or run destructive commands unless the user asks.

cursor-marketplace/enterprise-toolkit/hooks/hooks.json

@@ -0,0 +1,21 @@
+{
+  "hooks": {
+    "afterFileEdit": [
+      {
+        "command": "./scripts/format-code.py",
+        "matcher": "**/*.py"
+      }
+    ],
+    "beforeShellExecution": [
+      {
+        "command": "./scripts/validate-shell.sh",
+        "matcher": "rm\\s+-rf|curl\\s+.*\\|\\s*sh|wget\\s+.*\\|\\s*sh"
+      }
+    ],
+    "sessionEnd": [
+      {
+        "command": "./scripts/audit.sh"
+      }
+    ]
+  }
+}

cursor-marketplace/enterprise-toolkit/rules/code-style.mdc

@@ -0,0 +1,13 @@
+---
+description: Consistent code style and cleanup
+alwaysApply: true
+globs:
+---
+
+# Code style
+
+- Prefer `const` over `let` for variables that are never reassigned.
+- Remove unused code and imports so linters and type checks pass.
+- Use the project's existing style (indentation, quotes, semicolons). When in doubt, match surrounding code.
+- Keep functions and files focused; avoid unnecessary abstraction.
+- Add comments in English when non-obvious logic needs explanation.

cursor-marketplace/enterprise-toolkit/rules/security-standards.mdc

@@ -0,0 +1,16 @@
+---
+description: Security standards for code - injection, auth, secrets, crypto
+alwaysApply: false
+globs: "**/*.{ts,tsx,js,jsx,py,go,java}"
+---
+
+# Security standards
+
+When writing or reviewing code, enforce these practices:
+
+1. **Injection**: Never concatenate user input into SQL, shell commands, or HTML. Use parameterized queries, safe APIs, and output encoding.
+2. **Authentication and authorization**: Verify identity and permissions on every sensitive operation. Prefer established libraries (e.g. OAuth2, JWT validation).
+3. **Secrets**: Never commit API keys, passwords, or tokens. Use environment variables or secret managers. Do not log or expose secrets in errors.
+4. **Cryptography**: Use standard libraries and algorithms (e.g. bcrypt/argon2 for hashing, TLS for transport). Avoid custom crypto.
+5. **Input validation**: Validate and sanitize all external input. Enforce allowlists and bounds where possible.
+6. **Dependencies**: Keep dependencies updated. Check for known vulnerabilities (e.g. npm audit, dependabot).

cursor-marketplace/enterprise-toolkit/scripts/audit.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+# Optional session-end audit. Hook script for enterprise-toolkit.
+# Placeholder: e.g. log session end, run lightweight checks.
+exit 0

cursor-marketplace/enterprise-toolkit/scripts/format-code.py

@@ -0,0 +1,11 @@
+#!/usr/bin/env python3
+"""
+Format Python files after edit. Hook script for enterprise-toolkit.
+Replace with actual formatter (e.g. black, ruff format) as needed.
+"""
+import sys
+
+# Placeholder: in production, run e.g. subprocess.run(["black", path])
+# This script is invoked by the afterFileEdit hook for **/*.py
+if __name__ == "__main__":
+    sys.exit(0)

cursor-marketplace/enterprise-toolkit/scripts/validate-shell.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env sh
+# Validates shell commands before execution. Hook script for enterprise-toolkit.
+# Placeholder: in production, parse stdin and block dangerous patterns (e.g. rm -rf /, curl | sh).
+exit 0

cursor-marketplace/enterprise-toolkit/skills/compliance-check/SKILL.md

@@ -0,0 +1,21 @@
+---
+name: compliance-check
+description: Run compliance checks for security, licensing, and policy. Use when auditing a codebase, before releases, or when asked about compliance or policy.
+---
+
+# Compliance Check Skill
+
+## When to use
+
+- Auditing a codebase for security or policy compliance
+- Before releases or merge to main
+- When the user asks about compliance, licensing, or policy
+
+## Instructions
+
+1. **Security**: Scan for hardcoded secrets, unsafe dependencies, and obvious injection or auth issues. Suggest fixes or follow-up tools (e.g. npm audit, secret scanning).
+2. **Licensing**: Note any license files or package metadata. Flag incompatible or unclear licenses if the user cares about license compliance.
+3. **Policy**: If the project has a CONTRIBUTING, SECURITY, or policy doc, summarize requirements and check whether the current change aligns.
+4. **Reporting**: Summarize findings in a short report (pass/warn/fail per area). Recommend concrete next steps.
+
+Do not run destructive or invasive commands unless the user explicitly requests them.

cursor-marketplace/enterprise-toolkit/skills/security-review/SKILL.md

@@ -0,0 +1,25 @@
+---
+name: security-review
+description: Security-focused code review. Use when reviewing PRs, auditing for vulnerabilities, or improving secure coding practices.
+---
+
+# Security Reviewer Skill
+
+## When to use
+
+- Reviewing pull requests or diffs for security issues
+- Auditing code for vulnerabilities
+- Improving secure coding practices
+
+## Instructions
+
+When performing a security review:
+
+1. **Injection**: Look for SQL, command, or XSS injection (untrusted input in queries, exec, or DOM).
+2. **Auth and access control**: Check that sensitive operations require authentication and correct authorization.
+3. **Secrets and PII**: Ensure no API keys, passwords, or PII are logged, committed, or exposed in errors.
+4. **Crypto**: Verify hashing, encryption, and TLS usage follow best practices (no custom crypto, strong algorithms).
+5. **Dependencies**: Note outdated or known-vulnerable packages; suggest updates or alternatives.
+6. **Input validation**: Check that external input is validated and sanitized before use.
+
+Provide a concise list of findings with severity (high/medium/low) and concrete remediation steps. Prefer safe defaults and defense in depth.

cursor-marketplace/uniform-rules/.cursor-plugin/plugin.json

@@ -0,0 +1,9 @@
+{
+  "name": "uniform-rules",
+  "version": "1.0.0",
+  "description": "Uniform CMS rules for AI-assisted development: compositions, components, patterns, SDK, and framework guides",
+  "author": {
+    "name": "AI Rules"
+  },
+  "keywords": ["uniform", "cms", "headless", "canvas", "sveltekit", "next", "mesh"]
+}

cursor-marketplace/uniform-rules/README.md

@@ -0,0 +1,16 @@
+# Uniform Rules
+
+Cursor plugin that provides Uniform CMS rules for AI-assisted development.
+
+## Contents
+
+- **uniform.mdc** – Core concepts: compositions, components, patterns, entries, content types, assets, localization
+- **uniform-sdk.mdc** – SDK: auth, routing, CLI, frontend integration
+- **uniform-sveltekit.mdc** – SvelteKit: packages, component mapping, hooks, preview, edge personalization
+- **uniform-next-app-router.mdc** – Next.js App Router
+- **uniform-next-page-router.mdc** – Next.js Page Router
+- **uniform-mesh.mdc** – Mesh integrations: manifest, locations, data connectors
+
+## Usage
+
+Install this plugin via the Cursor marketplace or from this repo. Use when building or maintaining projects that use Uniform CMS (Canvas, Context, Mesh).