diff --git a/public/certificates/.gitkeep b/public/certificates/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/public/certificates/codegate_ca.crt b/public/certificates/codegate_ca.crt new file mode 100644 index 00000000..7c77323c --- /dev/null +++ b/public/certificates/codegate_ca.crt @@ -0,0 +1 @@ +sssssss \ No newline at end of file diff --git a/src/App.tsx b/src/App.tsx index e0d9930e..9b7822f8 100644 --- a/src/App.tsx +++ b/src/App.tsx @@ -8,6 +8,8 @@ import { usePromptsStore } from "./hooks/usePromptsStore"; import { Sidebar } from "./components/Sidebar"; import { useSse } from "./hooks/useSse"; import { Help } from "./components/Help"; +import { Certificates } from "./components/Certificates"; +import { CertificateSecurity } from "./components/CertificateSecurity"; function App() { const { prompts, loading, fetchPrompts } = usePromptsStore(); @@ -31,6 +33,8 @@ function App() { } /> } /> } /> + } /> + } /> diff --git a/src/components/CertificateSecurity.tsx b/src/components/CertificateSecurity.tsx new file mode 100644 index 00000000..8f79be08 --- /dev/null +++ b/src/components/CertificateSecurity.tsx @@ -0,0 +1,134 @@ +import { Card } from "./ui/card"; + +const SecurityShieldIcon = () => ( + + + + +); + +const KeySecurityIcon = () => ( + + + +); + +const OpenSourceIcon = () => ( + + + + +); + +export function CertificateSecurity() { + return ( +
+

Certificate Security

+ + +
+ +
+

Robust Certificate Security

+

+ Security is a top priority for us. We have designed CodeGates local certificate management with security in mind, balanced against ease of use. +

+

We will always seek to improve and balance security, privacy and usability as best as we can

+ + + +
+ +
+

Key Security Features

+
+
+

Per-Domain Certificate Generation

+

+ Instead of using wildcard certificates, CodeGate generates unique certificates for each domain. This approach minimizes security risks by limiting the impact of any single certificate compromise. +

+
+ +
+

High-Strength Encryption with 4096-bit RSA Keys

+

+ CodeGate utilizes 4096-bit RSA keys for Certificate Authority operations, providing enhanced security compared to the standard 2048-bit keys. The increased key length significantly reduces the risk of brute-force attacks, ensuring long-term protection for your data. We use 2048 for the server certs to balance in performance. +

+
+ +
+

Secure SSL/TLS Configuration

+

+ Our SSL context is configured to enforce the latest security standards, including strong cipher suites and disabling outdated protocols. This ensures secure and efficient encrypted communications. +

+
+ +
+

Certificate Caching and Management

+

+ Certificates are cached efficiently to optimize performance without compromising security. Additionally, mechanisms are in place to manage certificate lifecycles and prevent resource exhaustion. +

+
+
+ + + +
+ +
+

Open Source and Community Engagement

+
+

+ Security has been a fundamental consideration throughout the development of CodeGate. Our comprehensive approach ensures that your development environment remains secure without sacrificing functionality or performance. +

+

+ We believe in transparency and continuous improvement. By making our code open source, we invite the global security community to review, audit, and contribute to enhancing our security measures. +

+

+ If you discover a security vulnerability or have suggestions for improvement, please reach out to us at security@stacklok.com. Your contributions help us maintain the highest security standards. +

+

+ Explore our codebase on GitHub and join our community in making CodeGate secure and reliable for everyone. +

+
+ +
+ ); +} diff --git a/src/components/Certificates.tsx b/src/components/Certificates.tsx new file mode 100644 index 00000000..45af4da2 --- /dev/null +++ b/src/components/Certificates.tsx @@ -0,0 +1,263 @@ +import { Button } from "./ui/button"; +import { Card } from "./ui/card"; +import { Link } from "react-router-dom"; +import { useState, ReactNode } from "react"; + +type OS = 'macos' | 'windows' | 'linux'; +type Action = 'install' | 'remove'; + +function renderWithCode(text: string): ReactNode { + const parts = text.split(/(`[^`]+`)/); + return parts.map((part, index) => { + if (part.startsWith('`') && part.endsWith('`')) { + return ( + + {part.slice(1, -1)} + + ); + } + return part; + }); +} + +function InstructionStep({ number, text }: { number: number; text: string }) { + return ( +
+
+ {number} +
+

{renderWithCode(text)}

+
+ ); +} + +const CheckIcon = () => ( + + + +); + +const ShieldIcon = () => ( + + + +); + +const ArrowIcon = () => ( + + + +); + +export function Certificates() { + const [activeOS, setActiveOS] = useState('macos'); + const [activeAction, setActiveAction] = useState('install'); + + const handleDownload = () => { + const link = document.createElement('a'); + link.href = '/certificates/codegate_ca.crt'; + link.download = 'codegate.crt'; + document.body.appendChild(link); + link.click(); + document.body.removeChild(link); + }; + + const steps = { + macos: { + install: [ + "Double-click the downloaded certificate file", + "Keychain Access will open automatically", + "Add the certificate to the System keychain", + "Double-click the imported certificate", + "Expand the \"Trust\" section", + "Set \"When using this certificate\" to \"Always Trust\"" + ], + remove: [ + "Open Keychain Access", + "Select the System keychain", + "Find the CodeGate certificate", + "Right-click and select \"Delete\"", + "Confirm the deletion when prompted" + ] + }, + windows: { + install: [ + "Double-click the downloaded certificate file", + "Click \"Install Certificate\"", + "Select \"Local Machine\" and click Next", + "Choose \"Place all certificates in the following store\"", + "Click \"Browse\" and select \"Trusted Root Certification Authorities\"", + "Click \"Next\" and then \"Finish\"" + ], + remove: [ + "Open \"Run\" (Windows + R)", + "Type `certmgr.msc` and press Enter", + "Navigate to \"Trusted Root Certification Authorities\" → \"Certificates\"", + "Find the CodeGate certificate", + "Right-click and select \"Delete\"", + "Confirm the deletion when prompted" + ] + }, + linux: { + install: [ + "Copy the certificate to `/usr/local/share/ca-certificates/`", + "Rename it to have a `.crt` extension", + "Run: `sudo update-ca-certificates`", + "Restart your browser" + ], + remove: [ + "Remove the certificate from `/usr/local/share/ca-certificates/`", + "Run: `sudo update-ca-certificates --fresh`", + "Restart your browser" + ] + } + }; + + const currentSteps = steps[activeOS][activeAction]; + + return ( +
+

Certificates

+ + +
+
+ +
+
+

CodeGate SSL Certificate

+

+ This certificate allows CodeGate to act as a proxy for certain software such as CoPilot. +

+ +
+
+ + + +

Is this certificate safe to install on my machine?

+
+
+ +

Local Only: CodeGate runs entirely on your machine within an isolated container, ensuring all data processing stays local without any external transmissions.

+
+ +
+ +

Secure Certificate Handling: This custom CA is locally generated and managed, the developers of CodeGate have no access to it.

+
+ +
+ +

No External Communications: CodeGate is designed with no capability to call home or communicate with external servers, outside of those requested by the IDE or Agent.

+
+
+
+ + Learn More + + +
+ + + +

Certificate Management

+ + {/* OS Selection Tabs */} +
+ + + +
+ + {/* Action Selection Tabs */} +
+ + +
+ +
+
+ {currentSteps.map((step, index) => ( + + ))} +
+
+ +
+ ); +} diff --git a/src/components/Header.tsx b/src/components/Header.tsx index 54489718..759f5da0 100644 --- a/src/components/Header.tsx +++ b/src/components/Header.tsx @@ -4,7 +4,7 @@ import { Separator } from "./ui/separator"; export function Header() { return ( -
+
@@ -16,28 +16,50 @@ export function Header() {
-
-
- Help +
+
+
+ Certificates +
+
+
+ + Download + + + Certificate Security + +
+
- {/* Dropdown menu */} -
-
- - Continue Setup - - - CoPilot Setup - +
+
+ Help +
+
+
+ + Continue Setup + + + CoPilot Setup + +
-
+ ); }