From 837afddba3adb4c526147b960cb58266fdc51cfe Mon Sep 17 00:00:00 2001
From: Ivan Grynenko <ivan.grynenko@gmail.com>
Date: Mon, 27 Oct 2025 09:03:50 +1100
Subject: [PATCH 1/2] refactor: Restructured cursor rule files for improved
 readability and consistency

- Simplified rule file structure across all 22 rule files
- Reorganised content with dedicated sections for Rule Details, Filters, Rejections, and Suggestions
- Converted verbose rule definitions into more concise, readable format
- Improved consistency in formatting and documentation standards
- Enhanced clarity of metadata and priority levels
- Maintained all existing functionality whilst improving maintainability
---
 .cursor/rules/accessibility-standards.mdc     |  84 +++----
 .cursor/rules/api-standards.mdc               |  88 +++----
 .cursor/rules/build-optimization.mdc          |  88 +++----
 .cursor/rules/code-generation-standards.mdc   | 113 ++++-----
 .cursor/rules/cursor-rules.mdc                | 214 +++++++---------
 .cursor/rules/debugging-standards.mdc         |  61 +++--
 .cursor/rules/docker-compose-standards.mdc    | 235 ++++++++----------
 .../rules/drupal-authentication-failures.mdc  | 216 +++++++---------
 .../rules/drupal-broken-access-control.mdc    | 192 ++++++--------
 .../rules/drupal-cryptographic-failures.mdc   | 206 +++++++--------
 .cursor/rules/drupal-database-standards.mdc   |  61 +++--
 .cursor/rules/drupal-file-permissions.mdc     | 227 ++++++++---------
 .cursor/rules/drupal-injection.mdc            | 206 +++++++--------
 .cursor/rules/drupal-insecure-design.mdc      | 216 +++++++---------
 .cursor/rules/drupal-integrity-failures.mdc   | 216 +++++++---------
 .cursor/rules/drupal-logging-failures.mdc     | 220 +++++++---------
 .../drupal-security-misconfiguration.mdc      | 206 +++++++--------
 .cursor/rules/drupal-ssrf.mdc                 | 211 +++++++---------
 .../rules/drupal-vulnerable-components.mdc    | 216 +++++++---------
 .cursor/rules/generic_bash_style.mdc          | 106 ++++----
 .cursor/rules/git-commit-standards.mdc        |  77 +++---
 .cursor/rules/github-actions-standards.mdc    |  98 ++++----
 22 files changed, 1506 insertions(+), 2051 deletions(-)

diff --git a/.cursor/rules/accessibility-standards.mdc b/.cursor/rules/accessibility-standards.mdc
index 7729123..a41578c 100644
--- a/.cursor/rules/accessibility-standards.mdc
+++ b/.cursor/rules/accessibility-standards.mdc
@@ -6,51 +6,39 @@ globs: *.vue, *.jsx, *.tsx, *.html, *.php
 
 Ensures WCAG compliance and accessibility best practices.
 
-<rule>
-name: accessibility_standards
-description: Enforce accessibility standards and WCAG compliance
-filters:
-  - type: file_extension
-    pattern: "\\.(vue|jsx|tsx|html|php|css|scss|sass)$" # Expanded to include CSS files
-
-actions:
-  - type: enforce
-    conditions:
-      - pattern: "<img[^>]+(?!alt=)[^>]*>"
-        message: "Images must have alt attributes for screen readers."
-      
-      - pattern: "aria-[a-z]+=\"\""
-        message: "ARIA attributes should not be empty; provide meaningful values."
-
-      - pattern: "<button[^>]*>(?![^<]*[^\\s])[^<]*</button>"
-        message: "Buttons should have meaningful, descriptive content."
-
-      - pattern: "<a[^>]*href=\"#[^\"]*\"[^>]*>(?![^<]*<svg)[^<]*</a>"
-        message: "Links with href='#' should either be removed or have an aria-label for context."
-
-      - pattern: "<input[^>]+type=\"(text|email|password|search|tel|url)\"[^>]*>"
-        pattern_negate: "aria-label|aria-labelledby|title"
-        message: "Form inputs should include an aria-label or aria-labelledby attribute for better screen reader support."
-
-      - pattern: "<video[^>]*>(?!<track)[^<]*</video>"
-        message: "Videos should include captions for accessibility."
-
-  - type: suggest
-    message: |
-      **Accessibility Best Practices:**
-      - **Heading Hierarchy:** Use headings (h1 to h6) in a logical order to structure content.
-      - **Keyboard Navigation:** Ensure all interactive elements are accessible via keyboard.
-      - **Semantic HTML:** Favor semantic elements like <nav>, <article>, <section>, and <aside> for better structure comprehension.
-      - **Color Contrast:** Check color contrast ratios meet WCAG guidelines (4.5:1 for normal text, 7:1 for large text).
-      - **Skip Navigation Links:** Provide 'skip to main content' links for keyboard users to bypass repetitive navigation.
-      - **Focus Management:** Ensure focus indicators are visible and manage focus for modal dialogs or dynamic content changes.
-      - **Form Labels:** Associate labels with form controls using the 'for' attribute or wrap controls with <label>.
-      - **Descriptive Links:** Use descriptive text for links, avoiding generic phrases like "click here."
-      - **Touch Targets:** Ensure touch target sizes are large enough (at least 44x44 pixels) for mobile users.
-      - **Timeouts:** Avoid or provide options to extend time limits where possible, or warn users before session expiry.
-      - **Language Attribute:** Set the lang attribute on the <html> element to indicate the primary language of the page.
-
-metadata:
-  priority: high
-  version: 1.1
-</rule>
\ No newline at end of file
+## Rule Details
+
+- **Name:** accessibility_standards
+
+- **Description:** Enforce accessibility standards and WCAG compliance
+
+## Filters
+- file extension pattern: `"\\.(vue|jsx|tsx|html|php|css|scss|sass)$" # Expanded to include CSS files`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `<img[^>]+(?!alt=)[^>]*>` – Images must have alt attributes for screen readers.
+  - pattern `aria-[a-z]+=\"\"` – ARIA attributes should not be empty; provide meaningful values.
+  - pattern `<button[^>]*>(?![^<]*[^\\s])[^<]*</button>` – Buttons should have meaningful, descriptive content.
+  - pattern `<a[^>]*href=\"#[^\"]*\"[^>]*>(?![^<]*<svg)[^<]*</a>` – Links with href='#' should either be removed or have an aria-label for context.
+  - pattern `<input[^>]+type=\"(text|email|password|search|tel|url)\"[^>]*>` – negated `aria-label|aria-labelledby|title` – Form inputs should include an aria-label or aria-labelledby attribute for better screen reader support.
+  - pattern `<video[^>]*>(?!<track)[^<]*</video>` – Videos should include captions for accessibility.
+
+## Suggestions
+- Guidance:
+**Accessibility Best Practices:**
+- **Heading Hierarchy:** Use headings (h1 to h6) in a logical order to structure content.
+- **Keyboard Navigation:** Ensure all interactive elements are accessible via keyboard.
+- **Semantic HTML:** Favor semantic elements like <nav>, <article>, <section>, and <aside> for better structure comprehension.
+- **Color Contrast:** Check color contrast ratios meet WCAG guidelines (4.5:1 for normal text, 7:1 for large text).
+- **Skip Navigation Links:** Provide 'skip to main content' links for keyboard users to bypass repetitive navigation.
+- **Focus Management:** Ensure focus indicators are visible and manage focus for modal dialogs or dynamic content changes.
+- **Form Labels:** Associate labels with form controls using the 'for' attribute or wrap controls with <label>.
+- **Descriptive Links:** Use descriptive text for links, avoiding generic phrases like "click here."
+- **Touch Targets:** Ensure touch target sizes are large enough (at least 44x44 pixels) for mobile users.
+- **Timeouts:** Avoid or provide options to extend time limits where possible, or warn users before session expiry.
+- **Language Attribute:** Set the lang attribute on the <html> element to indicate the primary language of the page.
+
+## Metadata
+- Priority: high
+- Version: 1.1
diff --git a/.cursor/rules/api-standards.mdc b/.cursor/rules/api-standards.mdc
index 346d6e1..c550c6e 100644
--- a/.cursor/rules/api-standards.mdc
+++ b/.cursor/rules/api-standards.mdc
@@ -6,51 +6,43 @@ globs: *.php, *.js, *.ts
 
 Ensures consistent API design, documentation, and implementation best practices across PHP, JavaScript, and TypeScript files.
 
-<rule>
-name: enhanced_api_standards
-description: Enforce enhanced API design, implementation, and documentation standards
-filters:
-  - type: file_extension
-    pattern: "\\.(php|js|ts)$"
-
-actions:
-  - type: enforce
-    conditions:
-      - pattern: "@api\\s+(?!GET|POST|PUT|DELETE|PATCH|OPTIONS|HEAD)"
-        message: "Use standard HTTP methods (GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD) for API endpoints."
-
-      - pattern: "function\\s+[a-zA-Z]+Api\\s*\\([^)]*\\)\\s*\\{[^}]*\\}"
-        pattern_negate: "(?s)(throw new \\w+Exception|return\\s+(?:\\d{3}|4\\d\\d|5\\d\\d))"
-        message: "Ensure API functions handle or return errors appropriately using exceptions or HTTP status codes."
-
-      - pattern: "(?<!@api\\s+)(?<!\\s+returns\\s+)(?<!\\s+throws\\s+)[A-Z]{3,}(?!\\s+)"
-        message: "HTTP methods should be prefixed with '@api' for documentation purposes."
-
-      - pattern: "\\bresponse\\b(?![^;]*\\.json\\()"
-        message: "Ensure all API responses are properly formatted, preferably as JSON."
-
-  - type: suggest
-    message: |
-      **API Best Practices:**
-      - **HTTP Methods:** Use proper HTTP methods for operations (GET for retrieval, POST for creation, etc.).
-      - **Status Codes:** Use appropriate HTTP status codes to communicate the result of the request.
-      - **Versioning:** Implement API versioning to manage changes without breaking existing integrations.
-      - **Documentation:** 
-        - **Swagger/OpenAPI:** Use tools like Swagger for comprehensive API documentation.
-        - **Endpoint Descriptions:** Clearly document all endpoints including path, methods, parameters, and possible responses.
-      - **Authentication & Security:**
-        - Implement OAuth, JWT, or similar secure authentication methods.
-        - Use HTTPS for all API communications.
-      - **Rate Limiting:** Implement rate limiting to prevent abuse and ensure fair usage.
-      - **Error Handling:** 
-        - Provide clear, human-readable error messages with corresponding status codes.
-        - Implement error logging for debugging purposes.
-      - **Pagination:** For list endpoints, implement pagination to manage large datasets.
-      - **Validation:** Validate input data at the API level to ensure data integrity.
-      - **CORS:** Configure CORS headers if your API is meant to be consumed by web applications from different domains.
-      - **Monitoring:** Set up monitoring for API performance and usage statistics.
-
-metadata:
-  priority: high
-  version: 1.1
-</rule>
\ No newline at end of file
+## Rule Details
+
+- **Name:** enhanced_api_standards
+
+- **Description:** Enforce enhanced API design, implementation, and documentation standards
+
+## Filters
+- file extension pattern: `\\.(php|js|ts)$`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `@api\\s+(?!GET|POST|PUT|DELETE|PATCH|OPTIONS|HEAD)` – Use standard HTTP methods (GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD) for API endpoints.
+  - pattern `function\\s+[a-zA-Z]+Api\\s*\\([^)]*\\)\\s*\\{[^}]*\\}` – negated `(?s)(throw new \\w+Exception|return\\s+(?:\\d{3}|4\\d\\d|5\\d\\d))` – Ensure API functions handle or return errors appropriately using exceptions or HTTP status codes.
+  - pattern `(?<!@api\\s+)(?<!\\s+returns\\s+)(?<!\\s+throws\\s+)[A-Z]{3,}(?!\\s+)` – HTTP methods should be prefixed with '@api' for documentation purposes.
+  - pattern `\\bresponse\\b(?![^;]*\\.json\\()` – Ensure all API responses are properly formatted, preferably as JSON.
+
+## Suggestions
+- Guidance:
+**API Best Practices:**
+- **HTTP Methods:** Use proper HTTP methods for operations (GET for retrieval, POST for creation, etc.).
+- **Status Codes:** Use appropriate HTTP status codes to communicate the result of the request.
+- **Versioning:** Implement API versioning to manage changes without breaking existing integrations.
+- **Documentation:** 
+  - **Swagger/OpenAPI:** Use tools like Swagger for comprehensive API documentation.
+  - **Endpoint Descriptions:** Clearly document all endpoints including path, methods, parameters, and possible responses.
+- **Authentication & Security:**
+  - Implement OAuth, JWT, or similar secure authentication methods.
+  - Use HTTPS for all API communications.
+- **Rate Limiting:** Implement rate limiting to prevent abuse and ensure fair usage.
+- **Error Handling:** 
+  - Provide clear, human-readable error messages with corresponding status codes.
+  - Implement error logging for debugging purposes.
+- **Pagination:** For list endpoints, implement pagination to manage large datasets.
+- **Validation:** Validate input data at the API level to ensure data integrity.
+- **CORS:** Configure CORS headers if your API is meant to be consumed by web applications from different domains.
+- **Monitoring:** Set up monitoring for API performance and usage statistics.
+
+## Metadata
+- Priority: high
+- Version: 1.1
diff --git a/.cursor/rules/build-optimization.mdc b/.cursor/rules/build-optimization.mdc
index 1ba1680..4a2e301 100644
--- a/.cursor/rules/build-optimization.mdc
+++ b/.cursor/rules/build-optimization.mdc
@@ -6,52 +6,42 @@ globs: webpack.config.js, vite.config.js, *.config.js
 
 Ensures optimal build configuration and process for better performance and maintainability.
 
-<rule>
-name: enhanced_build_optimization
-description: Enforce standards for optimizing build processes
-filters:
-  - type: file_extension
-    pattern: "\\.(js|ts|json)$"  # Expanded to cover more config file types
-
-actions:
-  - type: enforce
-    conditions:
-      - pattern: "mode:\\s*['\"]development['\"]"
-        pattern_negate: "process\\.env\\.NODE_ENV === 'development'"
-        message: "Set 'mode' to 'production' for production builds unless dynamically set by NODE_ENV."
-
-      - pattern: "devtool:\\s*['\"]eval"
-        message: "Use 'source-map' or 'hidden-source-map' for production builds to balance performance and debugging."
-
-      - pattern: "optimization:\\s*{[^}]*?splitChunks:\\s*{[^}]*?chunks:\\s*(?!'all')"
-        message: "Enable code splitting for all chunks in optimization settings."
-
-      - pattern: "optimization:\\s*{[^}]*?usedExports:\\s*(?!true)"
-        message: "Enable tree shaking by setting 'usedExports' to true."
-
-      - pattern: "output\\s*:\\s*{[^}]*?filename:\\s*['\"][^\\[]+['\"]"
-        message: "Use content hashing in filenames for better caching (e.g., '[name].[contenthash].js')."
-
-  - type: suggest
-    message: |
-      **Build Optimization Best Practices:**
-      - **Code Splitting:** Implement code splitting to load only what's necessary for each page or component.
-      - **Tree Shaking:** Enable tree shaking to eliminate dead code, which reduces bundle size.
-      - **Asset Optimization:**
-        - Compress images and use modern formats like WebP where supported.
-        - Use lazy loading for images and other media.
-      - **Caching:**
-        - Configure proper caching strategies (e.g., HTTP headers, service workers for PWA).
-        - Use long-term caching for static assets with content hashing in filenames.
-      - **Modern JavaScript:** 
-        - Use ES6+ features but ensure polyfills for older browsers if needed.
-        - Consider using features like module/nomodule for graceful degradation.
-      - **Minification & Compression:** Ensure all JavaScript and CSS are minified and consider enabling gzip compression on the server.
-      - **Performance Budgets:** Set performance budgets to keep bundle sizes in check.
-      - **Environment Variables:** Use environment variables for configuration differentiation between development and production.
-      - **CI/CD:** Integrate with CI/CD pipelines for automated builds and testing, ensuring only optimized code goes to production.
-
-metadata:
-  priority: high
-  version: 1.1
-</rule>
\ No newline at end of file
+## Rule Details
+
+- **Name:** enhanced_build_optimization
+
+- **Description:** Enforce standards for optimizing build processes
+
+## Filters
+- file extension pattern: `"\\.(js|ts|json)$"  # Expanded to cover more config file types`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `mode:\\s*['\"]development['\"]` – negated `process\\.env\\.NODE_ENV === 'development'` – Set 'mode' to 'production' for production builds unless dynamically set by NODE_ENV.
+  - pattern `devtool:\\s*['\"]eval` – Use 'source-map' or 'hidden-source-map' for production builds to balance performance and debugging.
+  - pattern `optimization:\\s*{[^}]*?splitChunks:\\s*{[^}]*?chunks:\\s*(?!'all')` – Enable code splitting for all chunks in optimization settings.
+  - pattern `optimization:\\s*{[^}]*?usedExports:\\s*(?!true)` – Enable tree shaking by setting 'usedExports' to true.
+  - pattern `output\\s*:\\s*{[^}]*?filename:\\s*['\"][^\\[]+['\"]` – Use content hashing in filenames for better caching (e.g., '[name].[contenthash].js').
+
+## Suggestions
+- Guidance:
+**Build Optimization Best Practices:**
+- **Code Splitting:** Implement code splitting to load only what's necessary for each page or component.
+- **Tree Shaking:** Enable tree shaking to eliminate dead code, which reduces bundle size.
+- **Asset Optimization:**
+  - Compress images and use modern formats like WebP where supported.
+  - Use lazy loading for images and other media.
+- **Caching:**
+  - Configure proper caching strategies (e.g., HTTP headers, service workers for PWA).
+  - Use long-term caching for static assets with content hashing in filenames.
+- **Modern JavaScript:** 
+  - Use ES6+ features but ensure polyfills for older browsers if needed.
+  - Consider using features like module/nomodule for graceful degradation.
+- **Minification & Compression:** Ensure all JavaScript and CSS are minified and consider enabling gzip compression on the server.
+- **Performance Budgets:** Set performance budgets to keep bundle sizes in check.
+- **Environment Variables:** Use environment variables for configuration differentiation between development and production.
+- **CI/CD:** Integrate with CI/CD pipelines for automated builds and testing, ensuring only optimized code goes to production.
+
+## Metadata
+- Priority: high
+- Version: 1.1
diff --git a/.cursor/rules/code-generation-standards.mdc b/.cursor/rules/code-generation-standards.mdc
index a1689b4..1877cd3 100644
--- a/.cursor/rules/code-generation-standards.mdc
+++ b/.cursor/rules/code-generation-standards.mdc
@@ -6,65 +6,54 @@ globs: *.php, *.js, *.ts, *.vue, *.jsx, *.tsx, *.py
 
 Ensures high-quality, executable code generation adhering to best practices across multiple programming languages.
 
-<rule>
-name: enhanced_code_generation_standards
-description: Enforce standards for code generation ensuring high quality and integration readiness
-filters:
-  - type: file_extension
-    pattern: "\\.(php|js|ts|vue|jsx|tsx|py|rb|java)$"  # Expanded to include Ruby and Java
-
-actions:
-  - type: enforce
-    conditions:
-      - pattern: "// TODO:|#\\s*TODO:"
-        message: "Replace TODOs with actual implementation - no placeholders allowed."
-
-      - pattern: "function\\s+\\w+\\s*\\([^)]*\\)\\s*\\{\\s*(?:return\\s+null|throw\\s+new\\s+Error|console\\.log)\\s*\\}"
-        message: "Implement full functionality - no stub methods."
-
-      - pattern: "\\bif\\b\\s*\\(\\s*false\\s*\\)"
-        message: "Remove or replace conditional statements that are always false."
-
-      - pattern: "\\bconsole\\.[^(]+|print\\s*\\("
-        pattern_negate: "DEBUG|LOGGING"
-        message: "Remove debug logging unless it's conditional on a debug flag."
-
-      - pattern: "^\\s*#\\s*\\w+:\\s*\\w+\\s*$"
-        language: python
-        message: "In Python, prefer type hints over comments for type annotations."
-
-  - type: suggest
-    message: |
-      **Code Generation Best Practices:**
-      - **Executable Solutions:** Generate fully functional code, not just skeletons or stubs.
-      - **Readability:** 
-        - Prioritize code readability, with clear naming conventions and logical structure.
-        - Use whitespace effectively to enhance code clarity.
-      - **Error Handling:** 
-        - Implement comprehensive error handling with appropriate exceptions or error codes.
-        - Consider edge cases and provide meaningful error messages.
-      - **Imports/Dependencies:** 
-        - Include all necessary imports or require statements at the beginning of the file.
-        - Manage dependencies to ensure the code is self-contained or clearly documented for setup.
-      - **Integration:** 
-        - Code should be immediately usable within the project's existing framework or technology stack.
-        - Ensure compatibility with existing patterns or libraries used in the project.
-      - **Formatting:** 
-        - Adhere to the project's coding style guide (e.g., Prettier, Black for Python, etc.).
-        - Use linters and formatters to maintain consistent code style.
-      - **Testing:** 
-        - Include unit or integration tests where applicable to validate generated code.
-        - Encourage test-driven development if part of the project's culture.
-      - **Documentation:** 
-        - Provide inline comments for complex logic or algorithms.
-        - Write docstrings or JSDoc for functions, classes, and modules to describe usage, parameters, and return values.
-        - Consider generating external documentation if the project uses tools like Swagger for APIs or Sphinx for Python.
-      - **Security:** 
-        - Avoid hardcoded credentials or sensitive information.
-        - Follow security best practices for the language (e.g., SQL injection prevention in PHP, XSS in JavaScript).
-      - **Performance:** While readability takes precedence, be mindful of performance implications of the generated code.
-
-metadata:
-  priority: critical
-  version: 1.1
-</rule>
\ No newline at end of file
+## Rule Details
+
+- **Name:** enhanced_code_generation_standards
+
+- **Description:** Enforce standards for code generation ensuring high quality and integration readiness
+
+## Filters
+- file extension pattern: `"\\.(php|js|ts|vue|jsx|tsx|py|rb|java)$"  # Expanded to include Ruby and Java`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `// TODO:|#\\s*TODO:` – Replace TODOs with actual implementation - no placeholders allowed.
+  - pattern `function\\s+\\w+\\s*\\([^)]*\\)\\s*\\{\\s*(?:return\\s+null|throw\\s+new\\s+Error|console\\.log)\\s*\\}` – Implement full functionality - no stub methods.
+  - pattern `\\bif\\b\\s*\\(\\s*false\\s*\\)` – Remove or replace conditional statements that are always false.
+  - pattern `\\bconsole\\.[^(]+|print\\s*\\(` – negated `DEBUG|LOGGING` – Remove debug logging unless it's conditional on a debug flag.
+  - pattern `^\\s*#\\s*\\w+:\\s*\\w+\\s*$` – In Python, prefer type hints over comments for type annotations.
+
+## Suggestions
+- Guidance:
+**Code Generation Best Practices:**
+- **Executable Solutions:** Generate fully functional code, not just skeletons or stubs.
+- **Readability:** 
+  - Prioritize code readability, with clear naming conventions and logical structure.
+  - Use whitespace effectively to enhance code clarity.
+- **Error Handling:** 
+  - Implement comprehensive error handling with appropriate exceptions or error codes.
+  - Consider edge cases and provide meaningful error messages.
+- **Imports/Dependencies:** 
+  - Include all necessary imports or require statements at the beginning of the file.
+  - Manage dependencies to ensure the code is self-contained or clearly documented for setup.
+- **Integration:** 
+  - Code should be immediately usable within the project's existing framework or technology stack.
+  - Ensure compatibility with existing patterns or libraries used in the project.
+- **Formatting:** 
+  - Adhere to the project's coding style guide (e.g., Prettier, Black for Python, etc.).
+  - Use linters and formatters to maintain consistent code style.
+- **Testing:** 
+  - Include unit or integration tests where applicable to validate generated code.
+  - Encourage test-driven development if part of the project's culture.
+- **Documentation:** 
+  - Provide inline comments for complex logic or algorithms.
+  - Write docstrings or JSDoc for functions, classes, and modules to describe usage, parameters, and return values.
+  - Consider generating external documentation if the project uses tools like Swagger for APIs or Sphinx for Python.
+- **Security:** 
+  - Avoid hardcoded credentials or sensitive information.
+  - Follow security best practices for the language (e.g., SQL injection prevention in PHP, XSS in JavaScript).
+- **Performance:** While readability takes precedence, be mindful of performance implications of the generated code.
+
+## Metadata
+- Priority: critical
+- Version: 1.1
diff --git a/.cursor/rules/cursor-rules.mdc b/.cursor/rules/cursor-rules.mdc
index b76782a..7d11569 100644
--- a/.cursor/rules/cursor-rules.mdc
+++ b/.cursor/rules/cursor-rules.mdc
@@ -6,138 +6,100 @@ globs: *.mdc
 
 Standards for placing and organizing Cursor rule files in the repository, ensuring rules are always up-to-date and follow best practices.
 
+## Rule Details
+
+- **Name:** cursor_rules_location_and_maintenance
+
+- **Description:** Standards for placing and maintaining Cursor rule files in the correct directory
+
+## Filters
+- file extension pattern: `\\.mdc$`
+  - Match files that look like Cursor rules
+- content: `(?s)<rule>.*?</rule>`
+  - Match file creation or modification events
+- event: `file_create|file_modify`
+
+## Rejections
+- Conditions:
+  - pattern `^(?!\\.\\/\\.cursor\\/rules\\/.*\\.mdc$)` – Cursor rule files (.mdc) must be placed in the .cursor/rules directory
+
+## Suggestions
+- Guidance:
+## Cursor Rules Best Practices
+
+### 1. Location and Structure
+- **Location:** Always place rule files in **PROJECT_ROOT/.cursor/rules/**
+- **Directory Structure:**
+  ```
+  PROJECT_ROOT/
+  ├── .cursor/
+  │   └── rules/
+  │       ├── your-rule-name.mdc
+  │       └── ...
+  └── ...
+  ```
+
+### 2. Naming Conventions
+- Use **kebab-case** for filenames (e.g., `php-drupal-standards.mdc`)
+- Always use the **.mdc** extension
+- Make names descriptive of the rule's purpose
+- Group related rules with common prefixes (e.g., `drupal-*`, `lagoon-*`)
+
+### 3. Rule File Structure
+```
+---
+description: Brief description of the rule
+globs: *.php, *.module, *.inc
+alwaysApply: false
+---
+# Rule Title
+
 <rule>
-name: cursor_rules_location_and_maintenance
-description: Standards for placing and maintaining Cursor rule files in the correct directory
+name: rule_name_in_snake_case
+description: Detailed description of what the rule enforces
 filters:
-  # Match any .mdc files
   - type: file_extension
-    pattern: "\\.mdc$"
-  # Match files that look like Cursor rules
-  - type: content
-    pattern: "(?s)<rule>.*?</rule>"
-  # Match file creation or modification events
-  - type: event
-    pattern: "file_create|file_modify"
+    pattern: "pattern_to_match"
 
 actions:
-  - type: reject
+  - type: enforce|suggest|validate
     conditions:
-      - pattern: "^(?!\\.\\/\\.cursor\\/rules\\/.*\\.mdc$)"
-        message: "Cursor rule files (.mdc) must be placed in the .cursor/rules directory"
-
-  - type: suggest
-    message: |
-      ## Cursor Rules Best Practices
-
-      ### 1. Location and Structure
-      - **Location:** Always place rule files in **PROJECT_ROOT/.cursor/rules/**
-      - **Directory Structure:**
-        ```
-        PROJECT_ROOT/
-        ├── .cursor/
-        │   └── rules/
-        │       ├── your-rule-name.mdc
-        │       └── ...
-        └── ...
-        ```
-
-      ### 2. Naming Conventions
-      - Use **kebab-case** for filenames (e.g., `php-drupal-standards.mdc`)
-      - Always use the **.mdc** extension
-      - Make names descriptive of the rule's purpose
-      - Group related rules with common prefixes (e.g., `drupal-*`, `lagoon-*`)
-
-      ### 3. Rule File Structure
-      ```
-      ---
-      description: Brief description of the rule
-      globs: *.php, *.module, *.inc
-      alwaysApply: false
-      ---
-      # Rule Title
-
-      <rule>
-      name: rule_name_in_snake_case
-      description: Detailed description of what the rule enforces
-      filters:
-        - type: file_extension
-          pattern: "pattern_to_match"
-      
-      actions:
-        - type: enforce|suggest|validate
-          conditions:
-            - pattern: "regex_pattern"
-              message: "Clear message explaining the issue"
-      
-      metadata:
-        priority: high|medium|low
-        version: 1.0
-      </rule>
-      ```
-
-      ### 4. Rule Maintenance
-      - **When adding new rules:**
-        - Check for overlapping or conflicting rules
-        - Ensure patterns are efficient and specific
-        - Test rules against sample code
-      - **When modifying existing rules:**
-        - Update version number
-        - Document changes in commit messages
-        - Review and update related rules for consistency
-        - Consider backward compatibility
-
-      ### 5. Best Practices for Rule Content
-      - Use clear, specific regex patterns
-      - Provide helpful, actionable messages
-      - Include examples of good and bad code
-      - Set appropriate priority levels
-      - Use multiple conditions for complex rules
-      - Consider performance impact of complex patterns
-
-      ### 6. Rule Testing
-      - Test rules against both compliant and non-compliant code
-      - Verify that messages are clear and helpful
-      - Check for false positives and false negatives
-      - Ensure rules don't conflict with each other
-
-examples:
-  - input: |
-      # Bad: Rule file in wrong location
-      rules/my-rule.mdc
-      my-rule.mdc
-      .rules/my-rule.mdc
-
-      # Good: Rule file in correct location
-      .cursor/rules/my-rule.mdc
-    output: "Correctly placed Cursor rule file"
-  
-  - input: |
-      # Bad: Poorly structured rule
-      <rule>
-      name: bad_rule
-      description: This rule does something
-      </rule>
-
-      # Good: Well-structured rule
-      <rule>
-      name: good_rule
-      description: This rule enforces proper error handling in PHP code
-      filters:
-        - type: file_extension
-          pattern: "\\.php$"
-      actions:
-        - type: enforce
-          conditions:
-            - pattern: "try\\s*{[^}]*}\\s*catch\\s*\\([^)]*\\)\\s*{\\s*}"
-              message: "Empty catch blocks should include at least error logging"
-      metadata:
-        priority: high
-        version: 1.0
-      </rule>
-    output: "Well-structured Cursor rule with proper components"
+      - pattern: "regex_pattern"
+        message: "Clear message explaining the issue"
 
 metadata:
-  priority: high
-  version: 1.2
+  priority: high|medium|low
+  version: 1.0
 </rule>
+```
+
+### 4. Rule Maintenance
+- **When adding new rules:**
+  - Check for overlapping or conflicting rules
+  - Ensure patterns are efficient and specific
+  - Test rules against sample code
+- **When modifying existing rules:**
+  - Update version number
+  - Document changes in commit messages
+  - Review and update related rules for consistency
+  - Consider backward compatibility
+
+### 5. Best Practices for Rule Content
+- Use clear, specific regex patterns
+- Provide helpful, actionable messages
+- Include examples of good and bad code
+- Set appropriate priority levels
+- Use multiple conditions for complex rules
+- Consider performance impact of complex patterns
+
+### 6. Rule Testing
+- Test rules against both compliant and non-compliant code
+- Verify that messages are clear and helpful
+- Check for false positives and false negatives
+- Ensure rules don't conflict with each other
+
+## Metadata
+- Priority: high|medium|low
+- Version: 1.0
+- - **When Adding New Rules: **
+- - **When Modifying Existing Rules: **
diff --git a/.cursor/rules/debugging-standards.mdc b/.cursor/rules/debugging-standards.mdc
index 4fb041f..2b1828a 100644
--- a/.cursor/rules/debugging-standards.mdc
+++ b/.cursor/rules/debugging-standards.mdc
@@ -6,34 +6,33 @@ globs: *.php, *.js, *.ts, *.vue, *.jsx, *.tsx, *.py
 
 Ensures proper debugging practices and error handling.
 
-<rule>
-name: debugging_standards
-description: Enforce standards for debugging and error handling
-filters:
-  - type: file_extension
-    pattern: "\\.(php|js|ts|vue|jsx|tsx|py)$"
-
-actions:
-  - type: enforce
-    conditions:
-      - pattern: "console\\.log\\(|print_r\\(|var_dump\\("
-        message: "Replace debug statements with proper logging"
-
-      - pattern: "catch\\s*\\([^)]*\\)\\s*\\{\\s*\\}"
-        message: "Implement proper error handling in catch blocks"
-
-  - type: suggest
-    message: |
-      Debugging Best Practices:
-      - Address root causes, not symptoms
-      - Add descriptive logging messages
-      - Create isolated test functions
-      - Implement comprehensive error handling
-      - Use appropriate logging levels
-      - Add context to error messages
-      - Consider debugging tools integration
-
-metadata:
-  priority: high
-  version: 1.0
-</rule> 
\ No newline at end of file
+## Rule Details
+
+- **Name:** debugging_standards
+
+- **Description:** Enforce standards for debugging and error handling
+
+## Filters
+- file extension pattern: `\\.(php|js|ts|vue|jsx|tsx|py)$`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `console\\.log\\(|print_r\\(|var_dump\\(` – Replace debug statements with proper logging
+  - pattern `catch\\s*\\([^)]*\\)\\s*\\{\\s*\\}` – Implement proper error handling in catch blocks
+
+## Suggestions
+- Guidance:
+Debugging Best Practices:
+- Address root causes, not symptoms
+- Add descriptive logging messages
+- Create isolated test functions
+- Implement comprehensive error handling
+- Use appropriate logging levels
+- Add context to error messages
+- Consider debugging tools integration
+
+## Metadata
+- Priority: high
+- Version: 1.0
+
+ 
\ No newline at end of file
diff --git a/.cursor/rules/docker-compose-standards.mdc b/.cursor/rules/docker-compose-standards.mdc
index 8bb85cd..625a9f5 100644
--- a/.cursor/rules/docker-compose-standards.mdc
+++ b/.cursor/rules/docker-compose-standards.mdc
@@ -3,137 +3,104 @@ description: Docker Compose standards Rule
 globs: 
 alwaysApply: false
 ---
-<rule>
-name: docker_compose_best_practices
-description: Enforces best practices in docker-compose files to ensure maintainability, security, and consistency
-filters:
-  - type: file_name
-    pattern: "docker-compose\\.ya?ml$"
-  - type: event
-    pattern: "(file_create|file_modify)"
-actions:
-  # 1. Prevent deprecated 'version' field
-  - type: reject
-    conditions:
-      - pattern: "^\\s*version\\s*:"
-        message: "The 'version' field is deprecated in Docker Compose files. Compose files are now version-less by default."
-  # 2. Enforce consistent indentation
-  - type: reject
-    conditions:
-      - pattern: "^(  |\t)"
-        message: "Inconsistent indentation detected. Use 2 spaces for indentation."
-  # 3. Prevent usage of deprecated 'links' key
-  - type: reject
-    conditions:
-      - pattern: "^\\s*links\\s*:"
-        message: "The 'links' key is deprecated. Use networks and service names for inter-service communication."
-  # 4. Enforce explicit image tags
-  - type: reject
-    conditions:
-      - pattern: "^\\s*image\\s*:\\s*[^:]+$"
-        message: "Specify an explicit image tag to ensure consistency."
-  # 5. Prevent services from running in privileged mode
-  - type: reject
-    conditions:
-      - pattern: "^\\s*privileged\\s*:\\s*true"
-        message: "Running services in privileged mode is discouraged for security reasons."
-  # 6. Enforce defining resource limits
-  - type: reject
-    conditions:
-      - pattern: "^\\s*services\\s*:\\s*[^\\n]+\\n(?!.*\\blimits\\b)"
-        message: "Define resource limits for each service to prevent resource exhaustion."
-  # Suggestions for best practices
-  - type: suggest
-    message: |
-      To adhere to Docker Compose best practices:
-
-      1. **Omit the 'version' field**: Compose files are version-less by default.
-         ```yaml
-         services:
-           web:
-             image: nginx
-         ```
-
-      2. **Use consistent indentation**: Use 2 spaces for indentation.
-         ```yaml
-         services:
-           web:
-             image: nginx
-         ```
-
-      3. **Avoid 'links' key**: Use networks and service names for service communication.
-         ```yaml
-         services:
-           web:
-             image: nginx
-             networks:
-               - my-network
-           db:
-             image: mysql
-             networks:
-               - my-network
-         networks:
-           my-network:
-         ```
-
-      4. **Specify explicit image tags**: Prevent unintended updates by defining image tags.
-         ```yaml
-         services:
-           web:
-             image: nginx:1.21.0
-         ```
-
-      5. **Avoid privileged mode**: Do not use 'privileged: true'. Grant specific capabilities if necessary.
-         ```yaml
-         services:
-           web:
-             image: nginx
-             cap_add:
-               - NET_ADMIN
-         ```
-
-      6. **Define resource limits**: Prevent services from consuming excessive resources.
-         ```yaml
-         services:
-           web:
-             image: nginx
-             deploy:
-               resources:
-                 limits:
-                   cpus: '0.50'
-                   memory: '512M'
-         ```
-
-      Implementing these practices ensures secure, maintainable, and consistent Docker Compose configurations.
-examples:
-  - input: |
-      version: '3'
-      services:
-        web:
-          image: nginx
-          links:
-            - db
-          privileged: true
-        db:
-          image: mysql
-    output: |
-      services:
-        web:
-          image: nginx:1.21.0
-          networks:
-            - my-network
-          deploy:
-            resources:
-              limits:
-                cpus: '0.50'
-                memory: '512M'
-        db:
-          image: mysql:5.7
-          networks:
-            - my-network
-      networks:
-        my-network:
-metadata:
-  priority: high
-  version: 1.0
-</rule>
\ No newline at end of file
+
+## Rule Details
+
+- **Name:** docker_compose_best_practices
+
+- **Description:** Enforces best practices in docker-compose files to ensure maintainability, security, and consistency
+
+## Filters
+- file name: `docker-compose\\.ya?ml$`
+- event: `(file_create|file_modify)`
+
+## Rejections
+- Conditions:
+  - pattern `^\\s*version\\s*:` – The 'version' field is deprecated in Docker Compose files. Compose files are now version-less by default.
+
+## Rejections
+- Conditions:
+  - pattern `^(  |\t)` – Inconsistent indentation detected. Use 2 spaces for indentation.
+
+## Rejections
+- Conditions:
+  - pattern `^\\s*links\\s*:` – The 'links' key is deprecated. Use networks and service names for inter-service communication.
+
+## Rejections
+- Conditions:
+  - pattern `^\\s*image\\s*:\\s*[^:]+$` – Specify an explicit image tag to ensure consistency.
+
+## Rejections
+- Conditions:
+  - pattern `^\\s*privileged\\s*:\\s*true` – Running services in privileged mode is discouraged for security reasons.
+
+## Rejections
+- Conditions:
+  - pattern `^\\s*services\\s*:\\s*[^\\n]+\\n(?!.*\\blimits\\b)` – Define resource limits for each service to prevent resource exhaustion.
+
+## Suggestions
+- Guidance:
+To adhere to Docker Compose best practices:
+
+1. **Omit the 'version' field**: Compose files are version-less by default.
+   ```yaml
+   services:
+     web:
+       image: nginx
+   ```
+
+2. **Use consistent indentation**: Use 2 spaces for indentation.
+   ```yaml
+   services:
+     web:
+       image: nginx
+   ```
+
+3. **Avoid 'links' key**: Use networks and service names for service communication.
+   ```yaml
+   services:
+     web:
+       image: nginx
+       networks:
+         - my-network
+     db:
+       image: mysql
+       networks:
+         - my-network
+   networks:
+     my-network:
+   ```
+
+4. **Specify explicit image tags**: Prevent unintended updates by defining image tags.
+   ```yaml
+   services:
+     web:
+       image: nginx:1.21.0
+   ```
+
+5. **Avoid privileged mode**: Do not use 'privileged: true'. Grant specific capabilities if necessary.
+   ```yaml
+   services:
+     web:
+       image: nginx
+       cap_add:
+         - NET_ADMIN
+   ```
+
+6. **Define resource limits**: Prevent services from consuming excessive resources.
+   ```yaml
+   services:
+     web:
+       image: nginx
+       deploy:
+         resources:
+           limits:
+             cpus: '0.50'
+             memory: '512M'
+   ```
+
+Implementing these practices ensures secure, maintainable, and consistent Docker Compose configurations.
+
+## Metadata
+- Priority: high
+- Version: 1.0
diff --git a/.cursor/rules/drupal-authentication-failures.mdc b/.cursor/rules/drupal-authentication-failures.mdc
index c0ba535..9d3cc6b 100644
--- a/.cursor/rules/drupal-authentication-failures.mdc
+++ b/.cursor/rules/drupal-authentication-failures.mdc
@@ -7,133 +7,97 @@ alwaysApply: false
 
 This rule enforces security best practices to prevent identification and authentication failures in Drupal applications, as defined in OWASP Top 10:2021-A07.
 
-<rule>
-name: drupal_authentication_failures
-description: Detect and prevent identification and authentication failures in Drupal as defined in OWASP Top 10:2021-A07
-filters:
-  - type: file_extension
-    pattern: "\\.(php|inc|module|install|theme|yml)$"
-  - type: file_path
-    pattern: ".*"
+## Rule Details
+
+- **Name:** drupal_authentication_failures
+
+- **Description:** Detect and prevent identification and authentication failures in Drupal as defined in OWASP Top 10:2021-A07
+
+## Filters
+- file extension pattern: `\\.(php|inc|module|install|theme|yml)$`
+- file path pattern: `.*`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `UserPasswordConstraint|PasswordPolicy|user\\.settings\\.yml` – Ensure strong password policies are configured to require complexity, length, and prevent common passwords.
+    - Pattern 1: Weak or missing password policies
+  - pattern `(authenticate|login|auth).*function[^}]*return\\s+(TRUE|true|1)\\s*;` – Custom authentication functions should implement proper validation and not return TRUE without checks.
+    - Pattern 2: Custom authentication without proper validation
+  - pattern `==\\s*\\$password|===\\s*\\$password|strcmp\\(|password_verify\\([^,]+,[^,]+\\$plainTextPassword` – Avoid direct password comparison. Use Drupal's built-in password verification services.
+    - Pattern 3: Improper password comparison
+  - pattern `(username|user|pass|password|pwd)\\s*=\\s*['\"][^'\"]+['\"]` – Hardcoded credentials detected. Store credentials securely outside of code.
+    - Pattern 4: Credentials in code
+  - pattern `drupal_get_token\\(|form_token|\\$form\\[['\"]#token['\"]\\]\\s*=|drupal_valid_token\\(` – Ensure proper CSRF protection is implemented for all authenticated actions.
+    - Pattern 5: Missing or weak CSRF protection
+  - pattern `setcookie\\(|session_regenerate_id\\(false\\)|session_regenerate_id\\([^\\)]*` – Use Drupal's session management. If custom code is required, ensure secure session handling practices.
+    - Pattern 6: Insecure session management
+  - pattern `user\\.flood\\.yml|flood_control|UserFloodControl|user_failed_login_` – Ensure proper account lockout and flood control mechanisms are configured to prevent brute force attacks.
+    - Pattern 7: Missing account lockout protection
+  - pattern `user_pass_reset|password_reset|reset.*token` – Verify password reset functionality uses secure tokens with proper expiration and validation.
+    - Pattern 8: Insecure password reset implementation
+  - pattern `tfa|two_factor|multi_factor|2fa` – Consider implementing multi-factor authentication for sensitive operations or user roles.
+    - Pattern 9: Lack of multi-factor authentication
+  - pattern `\\$user->name\\s*=\\s*['\"]admin['\"]|\\$name\\s*=\\s*['\"]admin['\"]|->values\\(['\"](mdc:name|mail)['\"]\\)\\s*->\\s*set\\(['\"][^\\'\"]+['\"]\\)` – Avoid creating default administrator accounts or test users in production code.
+    - Pattern 10: Default or test accounts
+
+## Suggestions
+- Guidance:
+**Drupal Authentication Security Best Practices:**
+
+1. **Password Policies:**
+   - Use Drupal's Password Policy module for enforcing strong passwords
+   - Configure minimum password length (12+ characters recommended)
+   - Require complexity (uppercase, lowercase, numbers, special characters)
+   - Implement password rotation for sensitive roles
+   - Check passwords against known breached password databases
+
+2. **Authentication Infrastructure:**
+   - Use Drupal's core authentication mechanisms rather than custom solutions
+   - Implement proper account lockout after failed login attempts
+   - Consider multi-factor authentication (TFA module) for privileged accounts
+   - Implement session timeout for inactivity
+   - Use HTTPS for all authentication traffic
+
+3. **Session Management:**
+   - Use Drupal's session management system rather than PHP's session functions
+   - Configure secure session cookie settings in settings.php
+   - Implement proper session regeneration on privilege changes
+   - Consider using the Session Limit module to restrict concurrent sessions
+   - Properly destroy sessions on logout
+
+4. **Account Management:**
+   - Implement proper account provisioning and deprovisioning processes
+   - Use email verification for new account registration
+   - Implement secure password reset mechanisms with limited-time tokens
+   - Apply the principle of least privilege for user roles
+   - Regularly audit user accounts and permissions
 
-actions:
-  - type: enforce
-    conditions:
-      # Pattern 1: Weak or missing password policies
-      - pattern: "UserPasswordConstraint|PasswordPolicy|user\\.settings\\.yml"
-        message: "Ensure strong password policies are configured to require complexity, length, and prevent common passwords."
-        
-      # Pattern 2: Custom authentication without proper validation
-      - pattern: "(authenticate|login|auth).*function[^}]*return\\s+(TRUE|true|1)\\s*;"
-        message: "Custom authentication functions should implement proper validation and not return TRUE without checks."
-        
-      # Pattern 3: Improper password comparison
-      - pattern: "==\\s*\\$password|===\\s*\\$password|strcmp\\(|password_verify\\([^,]+,[^,]+\\$plainTextPassword"
-        message: "Avoid direct password comparison. Use Drupal's built-in password verification services."
-        
-      # Pattern 4: Credentials in code
-      - pattern: "(username|user|pass|password|pwd)\\s*=\\s*['\"][^'\"]+['\"]"
-        message: "Hardcoded credentials detected. Store credentials securely outside of code."
-        
-      # Pattern 5: Missing or weak CSRF protection
-      - pattern: "drupal_get_token\\(|form_token|\\$form\\[['\"]#token['\"]\\]\\s*=|drupal_valid_token\\("
-        message: "Ensure proper CSRF protection is implemented for all authenticated actions."
-        
-      # Pattern 6: Insecure session management
-      - pattern: "setcookie\\(|session_regenerate_id\\(false\\)|session_regenerate_id\\([^\\)]*"
-        message: "Use Drupal's session management. If custom code is required, ensure secure session handling practices."
-        
-      # Pattern 7: Missing account lockout protection
-      - pattern: "user\\.flood\\.yml|flood_control|UserFloodControl|user_failed_login_"
-        message: "Ensure proper account lockout and flood control mechanisms are configured to prevent brute force attacks."
-        
-      # Pattern 8: Insecure password reset implementation
-      - pattern: "user_pass_reset|password_reset|reset.*token"
-        message: "Verify password reset functionality uses secure tokens with proper expiration and validation."
-        
-      # Pattern 9: Lack of multi-factor authentication
-      - pattern: "tfa|two_factor|multi_factor|2fa"
-        message: "Consider implementing multi-factor authentication for sensitive operations or user roles."
-        
-      # Pattern 10: Default or test accounts
-      - pattern: "\\$user->name\\s*=\\s*['\"]admin['\"]|\\$name\\s*=\\s*['\"]admin['\"]|->values\\(['\"](mdc:name|mail)['\"]\\)\\s*->\\s*set\\(['\"][^\\'\"]+['\"]\\)"
-        message: "Avoid creating default administrator accounts or test users in production code."
+5. **Authentication Hardening:**
+   - Monitor for authentication failures and suspicious patterns
+   - Implement IP-based and username-based flood control
+   - Log authentication events for security monitoring
+   - Consider CAPTCHA or reCAPTCHA for login forms
+   - Use OAuth or SAML for single sign-on where appropriate
 
-  - type: suggest
-    message: |
-      **Drupal Authentication Security Best Practices:**
-      
-      1. **Password Policies:**
-         - Use Drupal's Password Policy module for enforcing strong passwords
-         - Configure minimum password length (12+ characters recommended)
-         - Require complexity (uppercase, lowercase, numbers, special characters)
-         - Implement password rotation for sensitive roles
-         - Check passwords against known breached password databases
-      
-      2. **Authentication Infrastructure:**
-         - Use Drupal's core authentication mechanisms rather than custom solutions
-         - Implement proper account lockout after failed login attempts
-         - Consider multi-factor authentication (TFA module) for privileged accounts
-         - Implement session timeout for inactivity
-         - Use HTTPS for all authentication traffic
-      
-      3. **Session Management:**
-         - Use Drupal's session management system rather than PHP's session functions
-         - Configure secure session cookie settings in settings.php
-         - Implement proper session regeneration on privilege changes
-         - Consider using the Session Limit module to restrict concurrent sessions
-         - Properly destroy sessions on logout
-      
-      4. **Account Management:**
-         - Implement proper account provisioning and deprovisioning processes
-         - Use email verification for new account registration
-         - Implement secure password reset mechanisms with limited-time tokens
-         - Apply the principle of least privilege for user roles
-         - Regularly audit user accounts and permissions
-      
-      5. **Authentication Hardening:**
-         - Monitor for authentication failures and suspicious patterns
-         - Implement IP-based and username-based flood control
-         - Log authentication events for security monitoring
-         - Consider CAPTCHA or reCAPTCHA for login forms
-         - Use OAuth or SAML for single sign-on where appropriate
+## Validation Checks
+- Conditions:
+  - pattern `password_verify\\(|UserPassword|\\\\Drupal::service\\(['\"]password['\"]\\)` – Using Drupal's password services correctly.
+    - Check 1: Proper password handling
+  - pattern `\\$form\\[['\"]#token['\"]\\]\\s*=\\s*['\"][^'\"]+['\"]` – Form includes CSRF protection token.
+    - Check 2: CSRF token implementation
+  - pattern `\\$request->getSession\\(\\)|\\\\Drupal::service\\(['\"]session['\"]\\)` – Using Drupal's session management services.
+    - Check 3: Proper session management
+  - pattern `user\\.flood\\.yml|flood|user_login_final_validate` – Implementing user flood protection.
+    - Check 4: User flood control
 
-  - type: validate
-    conditions:
-      # Check 1: Proper password handling
-      - pattern: "password_verify\\(|UserPassword|\\\\Drupal::service\\(['\"]password['\"]\\)"
-        message: "Using Drupal's password services correctly."
-      
-      # Check 2: CSRF token implementation
-      - pattern: "\\$form\\[['\"]#token['\"]\\]\\s*=\\s*['\"][^'\"]+['\"]"
-        message: "Form includes CSRF protection token."
-      
-      # Check 3: Proper session management
-      - pattern: "\\$request->getSession\\(\\)|\\\\Drupal::service\\(['\"]session['\"]\\)"
-        message: "Using Drupal's session management services."
-      
-      # Check 4: User flood control
-      - pattern: "user\\.flood\\.yml|flood|user_login_final_validate"
-        message: "Implementing user flood protection."
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: security, drupal, authentication, identification, owasp, language:php, framework:drupal, category:security, subcategory:authentication, standard:owasp-top10, risk:a07-authentication-failures
+## References
+- https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/
+- https://www.drupal.org/docs/security-in-drupal/drupal-security-best-practices
+- https://www.drupal.org/project/tfa
+- https://www.drupal.org/project/password_policy
 
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - security
-    - drupal
-    - authentication
-    - identification
-    - owasp
-    - language:php
-    - framework:drupal
-    - category:security
-    - subcategory:authentication
-    - standard:owasp-top10
-    - risk:a07-authentication-failures
-  references:
-    - "https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/"
-    - "https://www.drupal.org/docs/security-in-drupal/drupal-security-best-practices"
-    - "https://www.drupal.org/project/tfa"
-    - "https://www.drupal.org/project/password_policy"
-</rule> 
\ No newline at end of file
+ 
\ No newline at end of file
diff --git a/.cursor/rules/drupal-broken-access-control.mdc b/.cursor/rules/drupal-broken-access-control.mdc
index 4166475..70e51cf 100644
--- a/.cursor/rules/drupal-broken-access-control.mdc
+++ b/.cursor/rules/drupal-broken-access-control.mdc
@@ -7,122 +7,84 @@ alwaysApply: false
 
 This rule enforces security best practices to prevent broken access control vulnerabilities in Drupal applications, as defined in OWASP Top 10:2021-A01.
 
-<rule>
-name: drupal_broken_access_control
-description: Detect and prevent broken access control vulnerabilities in Drupal as defined in OWASP Top 10:2021-A01
-filters:
-  - type: file_extension
-    pattern: "\\.(php|inc|module|install|theme)$"
-  - type: file_path
-    pattern: "(modules|themes|profiles)/custom"
+## Rule Details
+
+- **Name:** drupal_broken_access_control
+
+- **Description:** Detect and prevent broken access control vulnerabilities in Drupal as defined in OWASP Top 10:2021-A01
+
+## Filters
+- file extension pattern: `\\.(php|inc|module|install|theme)$`
+- file path pattern: `(modules|themes|profiles)/custom`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `\\s*\\$routes\\['[^']*'\\]\\s*=\\s*.*(?!_access|access_callback|requirements)` – Route definition is missing access control. Add '_permission', '_role', '_access', or custom access check in requirements.
+    - Pattern 1: Missing access checks in routes
+  - pattern `user_access\\(` – user_access() is deprecated. Use $account->hasPermission() or proper dependency injection with AccessResult methods.
+    - Pattern 2: Using user_access() instead of more secure methods
+  - pattern `(\\$user->id\\(\\)|\\$user->uid)\\s*===?\\s*1` – Avoid hardcoded checks against user ID 1. Use role-based permissions or proper access control services.
+    - Pattern 3: Hard-coded user ID checks
+  - pattern `\\$entity->(?!access)(save|delete|update)\\(\\)` – Entity operation without prior access check. Use \$entity->access('operation') before performing operations.
+    - Pattern 4: Missing access check on entity operations
+  - pattern `\\\\Drupal::currentUser\\(\\)` – Avoid using \\Drupal::currentUser() directly. Inject the current_user service for better testability and security.
+    - Pattern 5: Using Drupal::currentUser() directly in services
+  - pattern `class [A-Za-z0-9_]+Controller.+extends ControllerBase[^}]+public function [a-zA-Z0-9_]+\\([^{]*\\)\\s*\\{(?![^}]*access)` – Controller method lacks explicit access checking. Add checks via route requirements or within the controller method.
+    - Pattern 6: Missing access checks in controllers
+  - pattern `\\$entity->set\\([^)]+\\)\\s*;(?![^;]*access)` – Direct field value manipulation without access check. Verify entity field access before manipulation.
+    - Pattern 7: Direct field value manipulation without access check
+  - pattern `@RestResource\\([^)]*\\)(?![^{]*_access|access_callback)` – REST resource lacks access controls. Add access checks via annotations or in methods.
+    - Pattern 8: Unprotected REST endpoints
+  - pattern `\\$_SERVER\\['REMOTE_ADDR'\\]\\s*===?\\s*` – IP-based access control is insufficient. Use proper Drupal permission system instead.
+    - Pattern 9: Insecure access check by client IP
+  - pattern `#cache\\['contexts'\\]\\s*=\\s*\\[[^\\]]*'user'[^\\]]*\\]` – Using 'user' cache context without proper access checks may expose content to unauthorized users.
+    - Pattern 10: Allow bypassing cache for authenticated users without proper checks
+
+## Suggestions
+- Guidance:
+**Drupal Access Control Best Practices:**
+
+1. **Route Access Controls:**
+   - Always define access requirements in route definitions
+   - Use permission-based access checks: '_permission', '_role', '_entity_access'
+   - Implement custom access checkers implementing AccessInterface
+
+2. **Entity Access Controls:**
+   - Always check entity access: $entity->access('view'|'update'|'delete') 
+   - Use EntityAccessControlHandler for consistent access control
+   - Respect entity field access with $entity->get('field')->access('view'|'edit')
+
+3. **Controller Security:**
+   - Inject and use proper services rather than \Drupal static calls
+   - Add explicit access checks within controller methods
+   - Use AccessResult methods (allowed, forbidden, neutral) with proper caching metadata
 
-actions:
-  - type: enforce
-    conditions:
-      # Pattern 1: Missing access checks in routes
-      - pattern: "\\s*\\$routes\\['[^']*'\\]\\s*=\\s*.*(?!_access|access_callback|requirements)"
-        message: "Route definition is missing access control. Add '_permission', '_role', '_access', or custom access check in requirements."
-        
-      # Pattern 2: Using user_access() instead of more secure methods
-      - pattern: "user_access\\("
-        message: "user_access() is deprecated. Use $account->hasPermission() or proper dependency injection with AccessResult methods."
-        
-      # Pattern 3: Hard-coded user ID checks
-      - pattern: "(\\$user->id\\(\\)|\\$user->uid)\\s*===?\\s*1"
-        message: "Avoid hardcoded checks against user ID 1. Use role-based permissions or proper access control services."
-        
-      # Pattern 4: Missing access check on entity operations
-      - pattern: "\\$entity->(?!access)(save|delete|update)\\(\\)"
-        message: "Entity operation without prior access check. Use \$entity->access('operation') before performing operations."
-        
-      # Pattern 5: Using Drupal::currentUser() directly in services
-      - pattern: "\\\\Drupal::currentUser\\(\\)"
-        message: "Avoid using \\Drupal::currentUser() directly. Inject the current_user service for better testability and security."
-        
-      # Pattern 6: Missing access checks in controllers
-      - pattern: "class [A-Za-z0-9_]+Controller.+extends ControllerBase[^}]+public function [a-zA-Z0-9_]+\\([^{]*\\)\\s*\\{(?![^}]*access)"
-        message: "Controller method lacks explicit access checking. Add checks via route requirements or within the controller method."
-        
-      # Pattern 7: Direct field value manipulation without access check
-      - pattern: "\\$entity->set\\([^)]+\\)\\s*;(?![^;]*access)"
-        message: "Direct field value manipulation without access check. Verify entity field access before manipulation."
-        
-      # Pattern 8: Unprotected REST endpoints
-      - pattern: "@RestResource\\([^)]*\\)(?![^{]*_access|access_callback)"
-        message: "REST resource lacks access controls. Add access checks via annotations or in methods."
-        
-      # Pattern 9: Insecure access check by client IP
-      - pattern: "\\$_SERVER\\['REMOTE_ADDR'\\]\\s*===?\\s*"
-        message: "IP-based access control is insufficient. Use proper Drupal permission system instead."
-        
-      # Pattern 10: Allow bypassing cache for authenticated users without proper checks
-      - pattern: "#cache\\['contexts'\\]\\s*=\\s*\\[[^\\]]*'user'[^\\]]*\\]"
-        message: "Using 'user' cache context without proper access checks may expose content to unauthorized users."
+4. **Service Security:**
+   - Inject AccountProxyInterface rather than calling currentUser() directly
+   - Use dependency injection for access-related services
+   - Implement session-based CSRF protection with form tokens
 
-  - type: suggest
-    message: |
-      **Drupal Access Control Best Practices:**
-      
-      1. **Route Access Controls:**
-         - Always define access requirements in route definitions
-         - Use permission-based access checks: '_permission', '_role', '_entity_access'
-         - Implement custom access checkers implementing AccessInterface
-      
-      2. **Entity Access Controls:**
-         - Always check entity access: $entity->access('view'|'update'|'delete') 
-         - Use EntityAccessControlHandler for consistent access control
-         - Respect entity field access with $entity->get('field')->access('view'|'edit')
-      
-      3. **Controller Security:**
-         - Inject and use proper services rather than \Drupal static calls
-         - Add explicit access checks within controller methods
-         - Use AccessResult methods (allowed, forbidden, neutral) with proper caching metadata
-      
-      4. **Service Security:**
-         - Inject AccountProxyInterface rather than calling currentUser() directly
-         - Use dependency injection for access-related services
-         - Implement session-based CSRF protection with form tokens
-      
-      5. **REST/API Security:**
-         - Implement OAuth or proper authentication
-         - Define specific permissions for REST operations
-         - Never rely solely on client-side access control
+5. **REST/API Security:**
+   - Implement OAuth or proper authentication
+   - Define specific permissions for REST operations
+   - Never rely solely on client-side access control
 
-  - type: validate
-    conditions:
-      # Check 1: Ensuring proper access check implementation
-      - pattern: "AccessResult::(allowed|forbidden|neutral)\\(\\)(?=.*addCacheContexts)"
-        message: "Access check is properly implemented with cache metadata."
-      
-      # Check 2: Proper hook_entity_access implementation
-      - pattern: "function hook_entity_access\\([^)]*\\)\\s*\\{[^}]*return AccessResult"
-        message: "Entity access hook is correctly returning AccessResult."
-      
-      # Check 3: Properly secured route access
-      - pattern: "_permission|_role|_access|_entity_access|_custom_access"
-        message: "Route has proper access controls defined."
-      
-      # Check 4: Secure REST implementation
-      - pattern: "@RestResource\\(.*,\\s*authentication\\s*=\\s*\\{[^}]+\\}"
-        message: "REST Resource has authentication configured."
+## Validation Checks
+- Conditions:
+  - pattern `AccessResult::(allowed|forbidden|neutral)\\(\\)(?=.*addCacheContexts)` – Access check is properly implemented with cache metadata.
+    - Check 1: Ensuring proper access check implementation
+  - pattern `function hook_entity_access\\([^)]*\\)\\s*\\{[^}]*return AccessResult` – Entity access hook is correctly returning AccessResult.
+    - Check 2: Proper hook_entity_access implementation
+  - pattern `_permission|_role|_access|_entity_access|_custom_access` – Route has proper access controls defined.
+    - Check 3: Properly secured route access
+  - pattern `@RestResource\\(.*,\\s*authentication\\s*=\\s*\\{[^}]+\\}` – REST Resource has authentication configured.
+    - Check 4: Secure REST implementation
 
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - security
-    - drupal
-    - access-control
-    - permissions
-    - owasp
-    - language:php
-    - framework:drupal
-    - category:security
-    - subcategory:access-control
-    - standard:owasp-top10
-    - risk:a01-broken-access-control
-  references:
-    - "https://owasp.org/Top10/A01_2021-Broken_Access_Control/"
-    - "https://www.drupal.org/docs/8/api/routing-system/access-checking-on-routes"
-    - "https://www.drupal.org/docs/8/api/entity-api/entity-access-api"
-</rule>
\ No newline at end of file
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: security, drupal, access-control, permissions, owasp, language:php, framework:drupal, category:security, subcategory:access-control, standard:owasp-top10, risk:a01-broken-access-control
+## References
+- https://owasp.org/Top10/A01_2021-Broken_Access_Control/
+- https://www.drupal.org/docs/8/api/routing-system/access-checking-on-routes
+- https://www.drupal.org/docs/8/api/entity-api/entity-access-api
diff --git a/.cursor/rules/drupal-cryptographic-failures.mdc b/.cursor/rules/drupal-cryptographic-failures.mdc
index a116255..56aa97e 100644
--- a/.cursor/rules/drupal-cryptographic-failures.mdc
+++ b/.cursor/rules/drupal-cryptographic-failures.mdc
@@ -7,128 +7,92 @@ alwaysApply: false
 
 This rule enforces security best practices to prevent cryptographic failures in Drupal applications, as defined in OWASP Top 10:2021-A02.
 
-<rule>
-name: drupal_cryptographic_failures
-description: Detect and prevent cryptographic failures in Drupal as defined in OWASP Top 10:2021-A02
-filters:
-  - type: file_extension
-    pattern: "\\.(php|inc|module|install|theme)$"
-  - type: file_path
-    pattern: "(modules|themes|profiles|core)/.*"
+## Rule Details
+
+- **Name:** drupal_cryptographic_failures
+
+- **Description:** Detect and prevent cryptographic failures in Drupal as defined in OWASP Top 10:2021-A02
+
+## Filters
+- file extension pattern: `\\.(php|inc|module|install|theme)$`
+- file path pattern: `(modules|themes|profiles|core)/.*`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `(md5|sha1)\\([^)]*\\)` – Weak hash algorithm detected. Use password_hash() for passwords or hash('sha256'/'sha512') for other data.
+    - Pattern 1: Use of weak hash algorithms
+  - pattern `(password|key|token|secret|credentials|pwd)\\s*=\\s*['\"][^'\"]+['\"]` – Hardcoded credentials or sensitive keys detected. Use Drupal's State API, key module, or environment variables.
+    - Pattern 2: Hardcoded credentials or keys
+  - pattern `\\$user->setPassword\\((?!password_hash|\\$hash)[^)]+\\)` – Never store plaintext passwords. Drupal handles password hashing internally.
+    - Pattern 3: Plaintext password storage
+  - pattern `file_(get|put)_contents\\([^,]+,\\s*[^,]+\\)` – Consider encrypting sensitive file contents using Drupal's encryption API or PHP's openssl functions.
+    - Pattern 4: Improper file encryption
+  - pattern `\\$settings\\[['\"](mdc:?!hash_salt|update_free_access)[^]]+\\]\\s*=\\s*['\"][^\"']+['\"]` – Sensitive data in settings.php should be moved to environment variables or settings.local.php.
+    - Pattern 5: Unprotected sensitive data in settings
+  - pattern `(rand|mt_rand|array_rand)\\(` – Insecure random number generation. Use random_bytes() or random_int() for cryptographic purposes.
+    - Pattern 6: Insecure random number generation
+  - pattern `'#cache'|'cache'` – Ensure HTTPS is enforced for cached pages containing sensitive information.
+    - Pattern 7: Missing HTTPS enforcement
+  - pattern `(->set|->get)\\('field_[^']*(?:password|ssn|credit|card|secret|key|token|credentials|pwd)[^']*'\\)` – Consider using field encryption for sensitive data fields.
+    - Pattern 8: Missing encryption for content with private information
+  - pattern `session_(start|regenerate_id)` – Avoid custom session handling. Use Drupal's session management services.
+    - Pattern 9: Custom session handling without proper security
+  - pattern `\\$token\\s*=\\s*.*?\\$[^;]+;(?![^;]*expir|[^;]*valid)` – API tokens should include expiration time or rotation mechanism.
+    - Pattern 10: API tokens without expiration or rotation
+
+## Suggestions
+- Guidance:
+**Drupal Cryptographic Security Best Practices:**
+
+1. **Secure Data Storage:**
+   - Use Drupal's Key module for storing encryption keys
+   - Store sensitive configuration in environment variables or settings.local.php
+   - Use Drupal's State API for non-configuration sensitive data
+   - Never store plaintext sensitive information in the database
+
+2. **Encryption and Hashing:**
+   - Use Drupal's password hashing system, which uses password_hash() internally
+   - For non-password data hashing, use SHA-256 or SHA-512
+   - Use the Encrypt module or PHP's openssl_encrypt() with proper algorithms (AES-256-GCM)
+   - Always use proper salting techniques
+
+3. **Communication Security:**
+   - Enforce HTTPS site-wide using settings.php configuration
+   - Use secure cookies (secure, HttpOnly, SameSite)
+   - Implement proper Content-Security-Policy headers
+   - Use TLS 1.2+ for all connections
+
+4. **API Security:**
+   - Use OAuth or JWT with proper signature verification
+   - Implement token expiration and rotation
+   - Use HMAC for API request signatures when appropriate
+   - Never expose internal encryption keys through APIs
 
-actions:
-  - type: enforce
-    conditions:
-      # Pattern 1: Use of weak hash algorithms
-      - pattern: "(md5|sha1)\\([^)]*\\)"
-        message: "Weak hash algorithm detected. Use password_hash() for passwords or hash('sha256'/'sha512') for other data."
-        
-      # Pattern 2: Hardcoded credentials or keys
-      - pattern: "(password|key|token|secret|credentials|pwd)\\s*=\\s*['\"][^'\"]+['\"]"
-        message: "Hardcoded credentials or sensitive keys detected. Use Drupal's State API, key module, or environment variables."
-        
-      # Pattern 3: Plaintext password storage
-      - pattern: "\\$user->setPassword\\((?!password_hash|\\$hash)[^)]+\\)"
-        message: "Never store plaintext passwords. Drupal handles password hashing internally."
-        
-      # Pattern 4: Improper file encryption
-      - pattern: "file_(get|put)_contents\\([^,]+,\\s*[^,]+\\)"
-        message: "Consider encrypting sensitive file contents using Drupal's encryption API or PHP's openssl functions."
-        
-      # Pattern 5: Unprotected sensitive data in settings
-      - pattern: "\\$settings\\[['\"](mdc:?!hash_salt|update_free_access)[^]]+\\]\\s*=\\s*['\"][^\"']+['\"]"
-        message: "Sensitive data in settings.php should be moved to environment variables or settings.local.php."
-        
-      # Pattern 6: Insecure random number generation
-      - pattern: "(rand|mt_rand|array_rand)\\("
-        message: "Insecure random number generation. Use random_bytes() or random_int() for cryptographic purposes."
-        
-      # Pattern 7: Missing HTTPS enforcement
-      - pattern: "'#cache'|'cache'"
-        message: "Ensure HTTPS is enforced for cached pages containing sensitive information."
-        
-      # Pattern 8: Missing encryption for content with private information
-      - pattern: "(->set|->get)\\('field_[^']*(?:password|ssn|credit|card|secret|key|token|credentials|pwd)[^']*'\\)"
-        message: "Consider using field encryption for sensitive data fields."
-        
-      # Pattern 9: Custom session handling without proper security
-      - pattern: "session_(start|regenerate_id)"
-        message: "Avoid custom session handling. Use Drupal's session management services."
-        
-      # Pattern 10: API tokens without expiration or rotation
-      - pattern: "\\$token\\s*=\\s*.*?\\$[^;]+;(?![^;]*expir|[^;]*valid)"
-        message: "API tokens should include expiration time or rotation mechanism."
+5. **Configuration Best Practices:**
+   - Regularly rotate encryption keys and credentials
+   - Implement secure key storage using key management services
+   - Monitor and log cryptographic operations 
+   - Maintain an inventory of cryptographic algorithms in use
 
-  - type: suggest
-    message: |
-      **Drupal Cryptographic Security Best Practices:**
-      
-      1. **Secure Data Storage:**
-         - Use Drupal's Key module for storing encryption keys
-         - Store sensitive configuration in environment variables or settings.local.php
-         - Use Drupal's State API for non-configuration sensitive data
-         - Never store plaintext sensitive information in the database
-      
-      2. **Encryption and Hashing:**
-         - Use Drupal's password hashing system, which uses password_hash() internally
-         - For non-password data hashing, use SHA-256 or SHA-512
-         - Use the Encrypt module or PHP's openssl_encrypt() with proper algorithms (AES-256-GCM)
-         - Always use proper salting techniques
-      
-      3. **Communication Security:**
-         - Enforce HTTPS site-wide using settings.php configuration
-         - Use secure cookies (secure, HttpOnly, SameSite)
-         - Implement proper Content-Security-Policy headers
-         - Use TLS 1.2+ for all connections
-      
-      4. **API Security:**
-         - Use OAuth or JWT with proper signature verification
-         - Implement token expiration and rotation
-         - Use HMAC for API request signatures when appropriate
-         - Never expose internal encryption keys through APIs
-      
-      5. **Configuration Best Practices:**
-         - Regularly rotate encryption keys and credentials
-         - Implement secure key storage using key management services
-         - Monitor and log cryptographic operations 
-         - Maintain an inventory of cryptographic algorithms in use
+## Validation Checks
+- Conditions:
+  - pattern `UserInterface::PASSWORD_|password_hash\\(` – Using Drupal's password system correctly.
+    - Check 1: Proper password handling
+  - pattern `random_bytes|random_int|\\\\Drupal::service\\('random'\\)` – Using secure random generation methods.
+    - Check 2: Proper random generation
+  - pattern `getenv\\('|\\$_ENV\\['|\\$_SERVER\\['|settings\\.local\\.php` – Using environment variables or local settings correctly.
+    - Check 3: Secure settings
+  - pattern `openssl_encrypt\\(|\\\\Drupal::service\\('encryption'\\)` – Using proper encryption methods.
+    - Check 4: Proper encryption usage
 
-  - type: validate
-    conditions:
-      # Check 1: Proper password handling
-      - pattern: "UserInterface::PASSWORD_|password_hash\\("
-        message: "Using Drupal's password system correctly."
-      
-      # Check 2: Proper random generation
-      - pattern: "random_bytes|random_int|\\\\Drupal::service\\('random'\\)"
-        message: "Using secure random generation methods."
-      
-      # Check 3: Secure settings
-      - pattern: "getenv\\('|\\$_ENV\\['|\\$_SERVER\\['|settings\\.local\\.php"
-        message: "Using environment variables or local settings correctly."
-      
-      # Check 4: Proper encryption usage
-      - pattern: "openssl_encrypt\\(|\\\\Drupal::service\\('encryption'\\)"
-        message: "Using proper encryption methods."
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: security, drupal, cryptography, encryption, owasp, language:php, framework:drupal, category:security, subcategory:cryptography, standard:owasp-top10, risk:a02-cryptographic-failures
+## References
+- https://owasp.org/Top10/A02_2021-Cryptographic_Failures/
+- https://www.drupal.org/docs/security-in-drupal
+- https://www.drupal.org/project/key
+- https://www.drupal.org/project/encrypt
 
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - security
-    - drupal
-    - cryptography
-    - encryption
-    - owasp
-    - language:php
-    - framework:drupal
-    - category:security
-    - subcategory:cryptography
-    - standard:owasp-top10
-    - risk:a02-cryptographic-failures
-  references:
-    - "https://owasp.org/Top10/A02_2021-Cryptographic_Failures/"
-    - "https://www.drupal.org/docs/security-in-drupal"
-    - "https://www.drupal.org/project/key"
-    - "https://www.drupal.org/project/encrypt"
-</rule> 
\ No newline at end of file
+ 
\ No newline at end of file
diff --git a/.cursor/rules/drupal-database-standards.mdc b/.cursor/rules/drupal-database-standards.mdc
index d325295..6b84be7 100644
--- a/.cursor/rules/drupal-database-standards.mdc
+++ b/.cursor/rules/drupal-database-standards.mdc
@@ -6,35 +6,32 @@ globs: *.php, *.install, *.module
 
 Ensures proper database handling in Drupal applications.
 
-<rule>
-name: drupal_database_standards
-description: Enforce Drupal database best practices and standards
-filters:
-  - type: file_extension
-    pattern: "\\.(php|install|module)$"
-
-actions:
-  - type: enforce
-    conditions:
-      - pattern: "db_query"
-        message: "Use Database API instead of db_query"
-
-      - pattern: "hook_update_N.*\\{\\s*[^}]*\\}"
-        message: "Ensure hook_update_N includes proper schema changes"
-
-      - pattern: "\\$query->execute\\(\\)"
-        message: "Consider using try-catch block for database operations"
-
-  - type: suggest
-    message: |
-      Database Best Practices:
-      - Use Schema API for table definitions
-      - Implement proper error handling
-      - Use update hooks for schema changes
-      - Follow Drupal's database abstraction layer
-      - Implement proper indexing strategies
-
-metadata:
-  priority: critical
-  version: 1.0
-</rule> 
\ No newline at end of file
+## Rule Details
+
+- **Name:** drupal_database_standards
+
+- **Description:** Enforce Drupal database best practices and standards
+
+## Filters
+- file extension pattern: `\\.(php|install|module)$`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `db_query` – Use Database API instead of db_query
+  - pattern `hook_update_N.*\\{\\s*[^}]*\\}` – Ensure hook_update_N includes proper schema changes
+  - pattern `\\$query->execute\\(\\)` – Consider using try-catch block for database operations
+
+## Suggestions
+- Guidance:
+Database Best Practices:
+- Use Schema API for table definitions
+- Implement proper error handling
+- Use update hooks for schema changes
+- Follow Drupal's database abstraction layer
+- Implement proper indexing strategies
+
+## Metadata
+- Priority: critical
+- Version: 1.0
+
+ 
\ No newline at end of file
diff --git a/.cursor/rules/drupal-file-permissions.mdc b/.cursor/rules/drupal-file-permissions.mdc
index ac45a4b..441a526 100644
--- a/.cursor/rules/drupal-file-permissions.mdc
+++ b/.cursor/rules/drupal-file-permissions.mdc
@@ -6,129 +6,104 @@ globs: *.dockerfile, *.sh, docker-compose.yml, Dockerfile
 
 Standards for securing Drupal file permissions in Docker environments and production servers, ensuring proper security while maintaining functionality.
 
-<rule>
-name: drupal_file_permissions
-description: Enforce secure file permissions for Drupal sites/default directory and critical files
-filters:
-  - type: file_extension
-    pattern: "\\.(dockerfile|sh|yml)$"
-  - type: file_name
-    pattern: "^Dockerfile$|^docker-compose\\.yml$"
-  - type: content
-    pattern: "(?i)chmod|chown|drupal|settings\\.php|services\\.yml"
-
-actions:
-  - type: enforce
-    conditions:
-      - pattern: "chmod\\s+(?!755)\\d+\\s+[^\\n]*sites\\/default(?![^\\n]*files)"
-        message: "sites/default directory should have 755 permissions (read-only for group/others)"
-
-      - pattern: "chmod\\s+(?!444)\\d+\\s+[^\\n]*settings\\.php"
-        message: "settings.php should have 444 permissions (read-only for everyone)"
-
-      - pattern: "chmod\\s+(?!444)\\d+\\s+[^\\n]*services\\.yml"
-        message: "services.yml should have 444 permissions (read-only for everyone)"
-        
-      - pattern: "chmod\\s+(?!755)\\d+\\s+[^\\n]*sites\\/default\\/files"
-        message: "sites/default/files directory should have 755 permissions with proper ownership"
-        
-      - pattern: "chown\\s+(?!www-data:www-data)[^\\s]+\\s+[^\\n]*sites\\/default\\/files"
-        message: "sites/default/files should be owned by the web server user (www-data:www-data)"
-
-  - type: suggest
-    message: |
-      ## Drupal File Permissions Security Best Practices
-
-      ### 1. Critical File Permissions
-      - **sites/default directory**: 755 (drwxr-xr-x)
-      - **settings.php**: 444 (r--r--r--)
-      - **services.yml**: 444 (r--r--r--)
-      - **settings.local.php**: 444 (r--r--r--)
-      - **sites/default/files**: 755 (drwxr-xr-x)
-      - **sites/default/files/** (contents): 644 (rw-r--r--) for files, 755 (drwxr-xr-x) for directories
-
-      ### 2. Ownership Configuration
-      - **Web root**: application user (varies by environment)
-      - **sites/default/files**: web server user (www-data:www-data)
-      
-      ### 3. Implementation in Dockerfile
-      ```dockerfile
-      # Set proper permissions for Drupal
-      RUN mkdir -p /app/${WEBROOT}/sites/default/files && \
-          chown www-data:www-data /app/${WEBROOT}/sites/default/files && \
-          chmod 755 /app/${WEBROOT}/sites/default && \
-          chmod 444 /app/${WEBROOT}/sites/default/settings.php && \
-          chmod 444 /app/${WEBROOT}/sites/default/services.yml && \
-          find /app/${WEBROOT}/sites/default/files -type d -exec chmod 755 {} \\; && \
-          find /app/${WEBROOT}/sites/default/files -type f -exec chmod 644 {} \\;
-      ```
-
-      ### 4. Permission Fix Script
-      Create a script at `/app/scripts/custom/fix-drupal-permissions.sh`:
-      ```bash
-      #!/bin/bash
-      
-      # Exit on error
-      set -e
-      
-      WEBROOT=${WEBROOT:-web}
-      
-      echo "Setting Drupal file permissions..."
-      
-      # Ensure directories exist
-      mkdir -p /app/${WEBROOT}/sites/default/files
-      
-      # Set ownership
-      chown www-data:www-data /app/${WEBROOT}/sites/default/files
-      
-      # Set directory permissions
-      chmod 755 /app/${WEBROOT}/sites/default
-      chmod 755 /app/${WEBROOT}/sites/default/files
-      find /app/${WEBROOT}/sites/default/files -type d -exec chmod 755 {} \;
-      
-      # Set file permissions
-      chmod 444 /app/${WEBROOT}/sites/default/settings.php
-      [ -f /app/${WEBROOT}/sites/default/services.yml ] && chmod 444 /app/${WEBROOT}/sites/default/services.yml
-      [ -f /app/${WEBROOT}/sites/default/settings.local.php ] && chmod 444 /app/${WEBROOT}/sites/default/settings.local.php
-      find /app/${WEBROOT}/sites/default/files -type f -exec chmod 644 {} \;
-      
-      echo "Drupal file permissions set successfully."
-      ```
-
-      ### 5. Verify Permissions
-      ```bash
-      # Check file permissions
-      ahoy cli "ls -la /app/${WEBROOT}/sites/default"
-      ahoy cli "ls -la /app/${WEBROOT}/sites/default/files"
-      
-      # Check Drupal status
-      ahoy drush status-report | grep -i "protected"
-      ```
-
-      ### 6. Security Considerations
-      - Never set 777 permissions on any Drupal files or directories
-      - Temporary files should be stored in private file system when possible
-      - Use Drupal's private file system for sensitive uploads
-      - Implement file access controls through Drupal's permission system
-      - Consider using file encryption for highly sensitive data
-
-examples:
-  - input: |
-      # Bad: Insecure permissions
-      RUN chmod 777 /app/${WEBROOT}/sites/default
-      RUN chmod 666 /app/${WEBROOT}/sites/default/settings.php
-      RUN chmod -R 777 /app/${WEBROOT}/sites/default/files
-
-      # Good: Secure permissions
-      RUN chmod 755 /app/${WEBROOT}/sites/default
-      RUN chmod 444 /app/${WEBROOT}/sites/default/settings.php
-      RUN chmod 444 /app/${WEBROOT}/sites/default/services.yml
-      RUN chown www-data:www-data /app/${WEBROOT}/sites/default/files
-      RUN find /app/${WEBROOT}/sites/default/files -type d -exec chmod 755 {} \;
-      RUN find /app/${WEBROOT}/sites/default/files -type f -exec chmod 644 {} \;
-    output: "Correctly set Drupal file permissions with proper security"
-
-metadata:
-  priority: high
-  version: 1.1
-</rule> 
+## Rule Details
+
+- **Name:** drupal_file_permissions
+
+- **Description:** Enforce secure file permissions for Drupal sites/default directory and critical files
+
+## Filters
+- file extension pattern: `\\.(dockerfile|sh|yml)$`
+- file name: `^Dockerfile$|^docker-compose\\.yml$`
+- content: `(?i)chmod|chown|drupal|settings\\.php|services\\.yml`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `chmod\\s+(?!755)\\d+\\s+[^\\n]*sites\\/default(?![^\\n]*files)` – sites/default directory should have 755 permissions (read-only for group/others)
+  - pattern `chmod\\s+(?!444)\\d+\\s+[^\\n]*settings\\.php` – settings.php should have 444 permissions (read-only for everyone)
+  - pattern `chmod\\s+(?!444)\\d+\\s+[^\\n]*services\\.yml` – services.yml should have 444 permissions (read-only for everyone)
+  - pattern `chmod\\s+(?!755)\\d+\\s+[^\\n]*sites\\/default\\/files` – sites/default/files directory should have 755 permissions with proper ownership
+  - pattern `chown\\s+(?!www-data:www-data)[^\\s]+\\s+[^\\n]*sites\\/default\\/files` – sites/default/files should be owned by the web server user (www-data:www-data)
+
+## Suggestions
+- Guidance:
+## Drupal File Permissions Security Best Practices
+
+### 1. Critical File Permissions
+- **sites/default directory**: 755 (drwxr-xr-x)
+- **settings.php**: 444 (r--r--r--)
+- **services.yml**: 444 (r--r--r--)
+- **settings.local.php**: 444 (r--r--r--)
+- **sites/default/files**: 755 (drwxr-xr-x)
+- **sites/default/files/** (contents): 644 (rw-r--r--) for files, 755 (drwxr-xr-x) for directories
+
+### 2. Ownership Configuration
+- **Web root**: application user (varies by environment)
+- **sites/default/files**: web server user (www-data:www-data)
+
+### 3. Implementation in Dockerfile
+```dockerfile
+# Set proper permissions for Drupal
+RUN mkdir -p /app/${WEBROOT}/sites/default/files && \
+    chown www-data:www-data /app/${WEBROOT}/sites/default/files && \
+    chmod 755 /app/${WEBROOT}/sites/default && \
+    chmod 444 /app/${WEBROOT}/sites/default/settings.php && \
+    chmod 444 /app/${WEBROOT}/sites/default/services.yml && \
+    find /app/${WEBROOT}/sites/default/files -type d -exec chmod 755 {} \\; && \
+    find /app/${WEBROOT}/sites/default/files -type f -exec chmod 644 {} \\;
+```
+
+### 4. Permission Fix Script
+Create a script at `/app/scripts/custom/fix-drupal-permissions.sh`:
+```bash
+#!/bin/bash
+
+# Exit on error
+set -e
+
+WEBROOT=${WEBROOT:-web}
+
+echo "Setting Drupal file permissions..."
+
+# Ensure directories exist
+mkdir -p /app/${WEBROOT}/sites/default/files
+
+# Set ownership
+chown www-data:www-data /app/${WEBROOT}/sites/default/files
+
+# Set directory permissions
+chmod 755 /app/${WEBROOT}/sites/default
+chmod 755 /app/${WEBROOT}/sites/default/files
+find /app/${WEBROOT}/sites/default/files -type d -exec chmod 755 {} \;
+
+# Set file permissions
+chmod 444 /app/${WEBROOT}/sites/default/settings.php
+[ -f /app/${WEBROOT}/sites/default/services.yml ] && chmod 444 /app/${WEBROOT}/sites/default/services.yml
+[ -f /app/${WEBROOT}/sites/default/settings.local.php ] && chmod 444 /app/${WEBROOT}/sites/default/settings.local.php
+find /app/${WEBROOT}/sites/default/files -type f -exec chmod 644 {} \;
+
+echo "Drupal file permissions set successfully."
+```
+
+### 5. Verify Permissions
+```bash
+# Check file permissions
+ahoy cli "ls -la /app/${WEBROOT}/sites/default"
+ahoy cli "ls -la /app/${WEBROOT}/sites/default/files"
+
+# Check Drupal status
+ahoy drush status-report | grep -i "protected"
+```
+
+### 6. Security Considerations
+- Never set 777 permissions on any Drupal files or directories
+- Temporary files should be stored in private file system when possible
+- Use Drupal's private file system for sensitive uploads
+- Implement file access controls through Drupal's permission system
+- Consider using file encryption for highly sensitive data
+
+## Metadata
+- Priority: high
+- Version: 1.1
+
+ 
diff --git a/.cursor/rules/drupal-injection.mdc b/.cursor/rules/drupal-injection.mdc
index 3d8a502..f7b2b0e 100644
--- a/.cursor/rules/drupal-injection.mdc
+++ b/.cursor/rules/drupal-injection.mdc
@@ -7,129 +7,91 @@ alwaysApply: false
 
 This rule enforces security best practices to prevent injection vulnerabilities in Drupal applications, as defined in OWASP Top 10:2021-A03.
 
-<rule>
-name: drupal_injection
-description: Detect and prevent injection vulnerabilities in Drupal as defined in OWASP Top 10:2021-A03
-filters:
-  - type: file_extension
-    pattern: "\\.(php|inc|module|install|theme)$"
-  - type: file_path
-    pattern: "(modules|themes|profiles|core)/.*"
+## Rule Details
+
+- **Name:** drupal_injection
+
+- **Description:** Detect and prevent injection vulnerabilities in Drupal as defined in OWASP Top 10:2021-A03
+
+## Filters
+- file extension pattern: `\\.(php|inc|module|install|theme)$`
+- file path pattern: `(modules|themes|profiles|core)/.*`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `db_query\\(['\"][^'\"]*\\$[^'\"]*['\"]` – Direct variables in SQL queries are vulnerable to SQL injection. Use parameterized queries with placeholders.
+    - Pattern 1: Raw SQL queries without placeholders
+  - pattern `->query\\(['\"][^'\"]*\\$[^'\"]*['\"]` – Use parameterized queries with placeholders to prevent SQL injection: ->query($sql, [$param1, $param2]).
+    - Pattern 2: Modern DB API without placeholders
+  - pattern `<?=|<?php\\s+echo\\s+(?!(t|\\\\t|\\$this->t))[^;]*;` – Direct output may lead to XSS. Use t(), escaped variables with Html::escape(), or Twig templates.
+    - Pattern 3: Unescaped output
+  - pattern `[\"']#markup[\"']\\s*=>\\s*(?!t\\(|\\\\t\\(|Xss::filterAdmin|Html::escape)\\$` – Never use unfiltered variables in #markup. Use t(), Xss::filterAdmin(), or Html::escape().
+    - Pattern 4: Unfiltered user input in render arrays
+  - pattern `->addJsSettings\\(\\[(?![^\\]]*(Xss::filter|Json::encode))\\$` – Filter variables before adding to JavaScript settings using Xss::filter() or properly encode with Json::encode().
+    - Pattern 5: Unescaped variables in JavaScript settings
+  - pattern `exec\\(|shell_exec\\(|system\\(|passthru\\(|proc_open\\(|popen\\(|`` – Command execution functions can lead to command injection. Use Symfony\Component\Process\Process if necessary.
+    - Pattern 6: Direct command execution
+  - pattern `->redirect\\(\\s*\\$(?!(this->|allowed_destinations|config))` – Unvalidated redirects can lead to open redirect vulnerabilities. Whitelist allowed destinations.
+    - Pattern 7: Unvalidated redirect
+  - pattern `->condition\\([^,]*,\\s*\\$(?!(this->|config|entity|storage))[^,]*,` – Use proper input validation before using variables in database conditions to prevent SQL injection.
+    - Pattern 8: Raw user input in conditions
+  - pattern `(?<!buildForm|getFormId)\\s*function\\s+[a-zA-Z0-9_]+Form\\s*\\([^{]*\\{[^}]*return\\s+\\$form;(?![^}]*FormBuilderInterface|[^}]*::TOKEN|[^}]*#token)` – Form submissions must include CSRF protection with $form['#token'].
+    - Pattern 9: Missing CSRF protection in forms
+  - pattern `file_get_contents\\(\\s*\\$(?!(this->|allowed_paths|config))` – Validate file paths before operations to prevent path traversal attacks.
+    - Pattern 10: Unvalidated file operations
+
+## Suggestions
+- Guidance:
+**Drupal Injection Prevention Best Practices:**
+
+1. **SQL Injection Prevention:**
+   - Always use parameterized queries with placeholders
+   - Use the Database API's condition methods: ->condition(), ->where()
+   - Properly escape table and field names with {}
+   - Consider using EntityQuery for entity operations
+
+2. **XSS Prevention:**
+   - Use Drupal's t() function for user-visible strings
+   - Apply appropriate filtering: Html::escape(), Xss::filter(), Xss::filterAdmin()
+   - Use #plain_text instead of #markup when displaying user input
+   - Utilize Twig's automatic escaping in templates
+   - For admin UIs, be careful with Xss::filterAdmin() as it allows some tags
+
+3. **CSRF Protection:**
+   - Always include form tokens with $form['#token']
+   - Validate form tokens with FormState->validateToken()
+   - For AJAX requests, utilize Drupal's ajax framework
+   - Use drupal_valid_token() for custom validation
+
+4. **Command Injection Prevention:**
+   - Avoid command execution functions entirely
+   - Use Symfony\Component\Process\Process with escaped arguments
+   - Validate and whitelist any input used in command contexts
 
-actions:
-  - type: enforce
-    conditions:
-      # Pattern 1: Raw SQL queries without placeholders
-      - pattern: "db_query\\(['\"][^'\"]*\\$[^'\"]*['\"]"
-        message: "Direct variables in SQL queries are vulnerable to SQL injection. Use parameterized queries with placeholders."
-        
-      # Pattern 2: Modern DB API without placeholders
-      - pattern: "->query\\(['\"][^'\"]*\\$[^'\"]*['\"]"
-        message: "Use parameterized queries with placeholders to prevent SQL injection: ->query($sql, [$param1, $param2])."
-        
-      # Pattern 3: Unescaped output
-      - pattern: "<?=|<?php\\s+echo\\s+(?!(t|\\\\t|\\$this->t))[^;]*;"
-        message: "Direct output may lead to XSS. Use t(), escaped variables with Html::escape(), or Twig templates."
-        
-      # Pattern 4: Unfiltered user input in render arrays
-      - pattern: "[\"']#markup[\"']\\s*=>\\s*(?!t\\(|\\\\t\\(|Xss::filterAdmin|Html::escape)\\$"
-        message: "Never use unfiltered variables in #markup. Use t(), Xss::filterAdmin(), or Html::escape()."
-        
-      # Pattern 5: Unescaped variables in JavaScript settings
-      - pattern: "->addJsSettings\\(\\[(?![^\\]]*(Xss::filter|Json::encode))\\$"
-        message: "Filter variables before adding to JavaScript settings using Xss::filter() or properly encode with Json::encode()."
-        
-      # Pattern 6: Direct command execution
-      - pattern: "exec\\(|shell_exec\\(|system\\(|passthru\\(|proc_open\\(|popen\\(|`"
-        message: "Command execution functions can lead to command injection. Use Symfony\Component\Process\Process if necessary."
-        
-      # Pattern 7: Unvalidated redirect
-      - pattern: "->redirect\\(\\s*\\$(?!(this->|allowed_destinations|config))"
-        message: "Unvalidated redirects can lead to open redirect vulnerabilities. Whitelist allowed destinations."
-        
-      # Pattern 8: Raw user input in conditions
-      - pattern: "->condition\\([^,]*,\\s*\\$(?!(this->|config|entity|storage))[^,]*,"
-        message: "Use proper input validation before using variables in database conditions to prevent SQL injection."
-        
-      # Pattern 9: Missing CSRF protection in forms
-      - pattern: "(?<!buildForm|getFormId)\\s*function\\s+[a-zA-Z0-9_]+Form\\s*\\([^{]*\\{[^}]*return\\s+\\$form;(?![^}]*FormBuilderInterface|[^}]*::TOKEN|[^}]*#token)"
-        message: "Form submissions must include CSRF protection with $form['#token']."
-        
-      # Pattern 10: Unvalidated file operations
-      - pattern: "file_get_contents\\(\\s*\\$(?!(this->|allowed_paths|config))"
-        message: "Validate file paths before operations to prevent path traversal attacks."
+5. **Path Traversal Prevention:**
+   - Validate file paths with FileSystem::validatedLocalFileSystem()
+   - Use stream wrappers (public://, private://) instead of direct paths
+   - Implement strict input validation for any path components
 
-  - type: suggest
-    message: |
-      **Drupal Injection Prevention Best Practices:**
-      
-      1. **SQL Injection Prevention:**
-         - Always use parameterized queries with placeholders
-         - Use the Database API's condition methods: ->condition(), ->where()
-         - Properly escape table and field names with {}
-         - Consider using EntityQuery for entity operations
-      
-      2. **XSS Prevention:**
-         - Use Drupal's t() function for user-visible strings
-         - Apply appropriate filtering: Html::escape(), Xss::filter(), Xss::filterAdmin()
-         - Use #plain_text instead of #markup when displaying user input
-         - Utilize Twig's automatic escaping in templates
-         - For admin UIs, be careful with Xss::filterAdmin() as it allows some tags
-      
-      3. **CSRF Protection:**
-         - Always include form tokens with $form['#token']
-         - Validate form tokens with FormState->validateToken()
-         - For AJAX requests, utilize Drupal's ajax framework
-         - Use drupal_valid_token() for custom validation
-      
-      4. **Command Injection Prevention:**
-         - Avoid command execution functions entirely
-         - Use Symfony\Component\Process\Process with escaped arguments
-         - Validate and whitelist any input used in command contexts
-      
-      5. **Path Traversal Prevention:**
-         - Validate file paths with FileSystem::validatedLocalFileSystem()
-         - Use stream wrappers (public://, private://) instead of direct paths
-         - Implement strict input validation for any path components
+## Validation Checks
+- Conditions:
+  - pattern `->query\\(['\"][^'\"]*\\?[^'\"]*['\"],\\s*\\[[^\\]]*\\]\\)` – Properly using parameterized queries with placeholders.
+    - Check 1: Proper SQL query usage
+  - pattern `(t\\(|Xss::filter|Html::escape|#plain_text)` – Using proper XSS prevention techniques.
+    - Check 2: Proper XSS prevention
+  - pattern `#token|FormBuilderInterface::TOKEN|drupal_valid_token` – Implementing CSRF protection correctly.
+    - Check 3: Proper CSRF protection
+  - pattern `FileSystem::validatedLocalFileSystem|file_exists\\(\\s*DRUPAL_ROOT` – Using safe file operation practices.
+    - Check 4: Safe file operations
 
-  - type: validate
-    conditions:
-      # Check 1: Proper SQL query usage
-      - pattern: "->query\\(['\"][^'\"]*\\?[^'\"]*['\"],\\s*\\[[^\\]]*\\]\\)"
-        message: "Properly using parameterized queries with placeholders."
-      
-      # Check 2: Proper XSS prevention
-      - pattern: "(t\\(|Xss::filter|Html::escape|#plain_text)"
-        message: "Using proper XSS prevention techniques."
-      
-      # Check 3: Proper CSRF protection
-      - pattern: "#token|FormBuilderInterface::TOKEN|drupal_valid_token"
-        message: "Implementing CSRF protection correctly."
-      
-      # Check 4: Safe file operations
-      - pattern: "FileSystem::validatedLocalFileSystem|file_exists\\(\\s*DRUPAL_ROOT"
-        message: "Using safe file operation practices."
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: security, drupal, injection, sql, xss, csrf, owasp, language:php, framework:drupal, category:security, subcategory:injection, standard:owasp-top10, risk:a03-injection
+## References
+- https://owasp.org/Top10/A03_2021-Injection/
+- https://www.drupal.org/docs/security-in-drupal/writing-secure-code-for-drupal
+- https://www.drupal.org/docs/8/security/drupal-8-sanitizing-output
+- https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Component%21Utility%21Xss.php/class/Xss/9
 
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - security
-    - drupal
-    - injection
-    - sql
-    - xss
-    - csrf
-    - owasp
-    - language:php
-    - framework:drupal
-    - category:security
-    - subcategory:injection
-    - standard:owasp-top10
-    - risk:a03-injection
-  references:
-    - "https://owasp.org/Top10/A03_2021-Injection/"
-    - "https://www.drupal.org/docs/security-in-drupal/writing-secure-code-for-drupal"
-    - "https://www.drupal.org/docs/8/security/drupal-8-sanitizing-output"
-    - "https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Component%21Utility%21Xss.php/class/Xss/9"
-</rule> 
\ No newline at end of file
+ 
\ No newline at end of file
diff --git a/.cursor/rules/drupal-insecure-design.mdc b/.cursor/rules/drupal-insecure-design.mdc
index 1402dc6..55607cc 100644
--- a/.cursor/rules/drupal-insecure-design.mdc
+++ b/.cursor/rules/drupal-insecure-design.mdc
@@ -7,133 +7,97 @@ alwaysApply: false
 
 This rule enforces security best practices to prevent insecure design vulnerabilities in Drupal applications, as defined in OWASP Top 10:2021-A04.
 
-<rule>
-name: drupal_insecure_design
-description: Detect and prevent insecure design patterns in Drupal as defined in OWASP Top 10:2021-A04
-filters:
-  - type: file_extension
-    pattern: "\\.(php|inc|module|install|theme|info\\.yml)$"
-  - type: file_path
-    pattern: "(modules|themes|profiles)/custom"
+## Rule Details
+
+- **Name:** drupal_insecure_design
+
+- **Description:** Detect and prevent insecure design patterns in Drupal as defined in OWASP Top 10:2021-A04
+
+## Filters
+- file extension pattern: `\\.(php|inc|module|install|theme|info\\.yml)$`
+- file path pattern: `(modules|themes|profiles)/custom`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `\\$permissions\\[['\"][^'\"]+['\"]\\]\\s*=\\s*array\\((?![^)]*(administer|manage|edit|delete)[^)]*(content|configuration|users)).*?\\);` – Permissions should follow Drupal naming patterns (verb + object) and be specific. Avoid overly broad permissions.
+    - Pattern 1: Insecure permission design
+  - pattern `if\\s*\\([^\\)]*===?\\s*['\"][a-zA-Z0-9_]+['\"]\\s*\\)` – Consider moving business logic rules to configuration to allow for proper adjustment without code changes.
+    - Pattern 2: Hard-coded business logic values
+  - pattern `preg_replace|str_replace|strip_tags` – Avoid ad hoc sanitization. Use Drupal's built-in sanitization tools: t(), Xss::filter(), etc.
+    - Pattern 3: Ad hoc input sanitization
+  - pattern `class\\s+[a-zA-Z0-9_]+Controller.+\\{[^}]*->query\\(` – Follow separation of concerns. Move database logic to services or repositories, not in controllers.
+    - Pattern 4: Database logic in controllers
+  - pattern `function\\s+[a-zA-Z0-9_]+_entity_access\\([^)]*\\)\\s*\\{[^}]*return\\s+AccessResult::allowed\\(\\);` – Avoid unconditional access grants. Implement proper conditional checks based on roles, permissions, or entity ownership.
+    - Pattern 5: Weak entity access policy
+  - pattern `session_start|session_set_cookie_params` – Avoid custom session management. Use Drupal's session handling system and services.
+    - Pattern 6: Custom session management
+  - pattern `(?:\\\\Drupal::[a-zA-Z_]+\\(\\).*){3,}` – Excessive static service calls indicate poor dependency injection. Use proper service injection.
+    - Pattern 7: Excessive global state dependency
+  - pattern `password_verify\\(|password_hash\\(` – Avoid custom authentication. Use Drupal's built-in authentication system and services.
+    - Pattern 8: Custom user authentication
+  - pattern `function\\s+[a-zA-Z0-9_]+_schema\\(\\)[^{]*\\{[^}]*return\\s+\\$schema;(?![^}]*validate_utf8|[^}]*'not null')` – Database schemas should enforce data integrity with proper constraints (NOT NULL, length, etc.).
+    - Pattern 9: Missing schema definitions
+  - pattern `\\$config\\[['\"](mdc:?!secure_|security_|private_)[^'\"]+['\"]\\]\\s*=\\s*(?:FALSE|0|'0'|\"0\");` – Security-related configuration should default to secure settings (opt-in for potentially insecure features).
+    - Pattern 10: Insecure defaults
+
+## Suggestions
+- Guidance:
+**Drupal Secure Design Best Practices:**
+
+1. **Secure Architecture Principles:**
+   - Follow the principle of least privilege for all user roles and permissions
+   - Implement defense in depth with multiple security layers
+   - Use Drupal's entity/field API for structured data instead of custom tables
+   - Employ service-oriented architecture with proper dependency injection
+   - Follow Drupal coding standards to leverage community security expertise
+
+2. **Permission System Design:**
+   - Design granular permissions following the verb+object pattern
+   - Avoid creating omnipotent permissions that grant excessive access
+   - Use context-aware access systems like Entity Access or Node Grants
+   - Consider record-based and field-based access for better control
+   - Document permission architecture and security implications
+
+3. **Module Architecture:**
+   - Separate concerns into appropriate services
+   - Use hooks judiciously and document security implications
+   - Implement proper validation and sanitization layers
+   - Design APIs with security in mind from the start
+   - Provide secure default configurations
+
+4. **Data Modeling Security:**
+   - Implement appropriate validation constraints on entity fields
+   - Design schema definitions with integrity constraints
+   - Use appropriate field types for sensitive data
+   - Implement field-level access control when needed
+   - Consider encryption for sensitive stored data
 
-actions:
-  - type: enforce
-    conditions:
-      # Pattern 1: Insecure permission design
-      - pattern: "\\$permissions\\[['\"][^'\"]+['\"]\\]\\s*=\\s*array\\((?![^)]*(administer|manage|edit|delete)[^)]*(content|configuration|users)).*?\\);"
-        message: "Permissions should follow Drupal naming patterns (verb + object) and be specific. Avoid overly broad permissions."
-        
-      # Pattern 2: Hard-coded business logic values
-      - pattern: "if\\s*\\([^\\)]*===?\\s*['\"][a-zA-Z0-9_]+['\"]\\s*\\)"
-        message: "Consider moving business logic rules to configuration to allow for proper adjustment without code changes."
-        
-      # Pattern 3: Ad hoc input sanitization
-      - pattern: "preg_replace|str_replace|strip_tags"
-        message: "Avoid ad hoc sanitization. Use Drupal's built-in sanitization tools: t(), Xss::filter(), etc."
-        
-      # Pattern 4: Database logic in controllers
-      - pattern: "class\\s+[a-zA-Z0-9_]+Controller.+\\{[^}]*->query\\("
-        message: "Follow separation of concerns. Move database logic to services or repositories, not in controllers."
-        
-      # Pattern 5: Weak entity access policy
-      - pattern: "function\\s+[a-zA-Z0-9_]+_entity_access\\([^)]*\\)\\s*\\{[^}]*return\\s+AccessResult::allowed\\(\\);"
-        message: "Avoid unconditional access grants. Implement proper conditional checks based on roles, permissions, or entity ownership."
-        
-      # Pattern 6: Custom session management 
-      - pattern: "session_start|session_set_cookie_params"
-        message: "Avoid custom session management. Use Drupal's session handling system and services."
-        
-      # Pattern 7: Excessive global state dependency
-      - pattern: "(?:\\\\Drupal::[a-zA-Z_]+\\(\\).*){3,}"
-        message: "Excessive static service calls indicate poor dependency injection. Use proper service injection."
-        
-      # Pattern 8: Custom user authentication
-      - pattern: "password_verify\\(|password_hash\\("
-        message: "Avoid custom authentication. Use Drupal's built-in authentication system and services."
-        
-      # Pattern 9: Missing schema definitions
-      - pattern: "function\\s+[a-zA-Z0-9_]+_schema\\(\\)[^{]*\\{[^}]*return\\s+\\$schema;(?![^}]*validate_utf8|[^}]*'not null')"
-        message: "Database schemas should enforce data integrity with proper constraints (NOT NULL, length, etc.)."
-        
-      # Pattern 10: Insecure defaults
-      - pattern: "\\$config\\[['\"](mdc:?!secure_|security_|private_)[^'\"]+['\"]\\]\\s*=\\s*(?:FALSE|0|'0'|\"0\");"
-        message: "Security-related configuration should default to secure settings (opt-in for potentially insecure features)."
+5. **Error Handling and Logging:**
+   - Design contextual error messages (detailed for admins, general for users)
+   - Implement appropriate logging for security events
+   - Avoid exposing sensitive data in error messages
+   - Design fault-tolerant systems that fail securely
+   - Include appropriate transaction management
 
-  - type: suggest
-    message: |
-      **Drupal Secure Design Best Practices:**
-      
-      1. **Secure Architecture Principles:**
-         - Follow the principle of least privilege for all user roles and permissions
-         - Implement defense in depth with multiple security layers
-         - Use Drupal's entity/field API for structured data instead of custom tables
-         - Employ service-oriented architecture with proper dependency injection
-         - Follow Drupal coding standards to leverage community security expertise
-      
-      2. **Permission System Design:**
-         - Design granular permissions following the verb+object pattern
-         - Avoid creating omnipotent permissions that grant excessive access
-         - Use context-aware access systems like Entity Access or Node Grants
-         - Consider record-based and field-based access for better control
-         - Document permission architecture and security implications
-      
-      3. **Module Architecture:**
-         - Separate concerns into appropriate services
-         - Use hooks judiciously and document security implications
-         - Implement proper validation and sanitization layers
-         - Design APIs with security in mind from the start
-         - Provide secure default configurations
-      
-      4. **Data Modeling Security:**
-         - Implement appropriate validation constraints on entity fields
-         - Design schema definitions with integrity constraints
-         - Use appropriate field types for sensitive data
-         - Implement field-level access control when needed
-         - Consider encryption for sensitive stored data
-      
-      5. **Error Handling and Logging:**
-         - Design contextual error messages (detailed for admins, general for users)
-         - Implement appropriate logging for security events
-         - Avoid exposing sensitive data in error messages
-         - Design fault-tolerant systems that fail securely
-         - Include appropriate transaction management
+## Validation Checks
+- Conditions:
+  - pattern `protected\\s+\\$[a-zA-Z0-9_]+;[^}]*public\\s+function\\s+__construct\\([^\\)]*\\)` – Using proper dependency injection pattern.
+    - Check 1: Proper dependency injection
+  - pattern `config\\/schema\\/[a-zA-Z0-9_]+\\.schema\\.yml` – Providing configuration schema for validation.
+    - Check 2: Configuration schema usage
+  - pattern `\\$permissions\\[['\"][a-z\\s]+[a-z0-9\\s]+['\"]\\]\\s*=\\s*\\[` – Following permission naming conventions.
+    - Check 3: Proper permission definition
+  - pattern `@EntityAccessControl\\(|class\\s+[a-zA-Z0-9_]+AccessControlHandler\\s+extends\\s+` – Using dedicated access control handlers for entities.
+    - Check 4: Entity access handlers
 
-  - type: validate
-    conditions:
-      # Check 1: Proper dependency injection
-      - pattern: "protected\\s+\\$[a-zA-Z0-9_]+;[^}]*public\\s+function\\s+__construct\\([^\\)]*\\)"
-        message: "Using proper dependency injection pattern."
-      
-      # Check 2: Configuration schema usage
-      - pattern: "config\\/schema\\/[a-zA-Z0-9_]+\\.schema\\.yml"
-        message: "Providing configuration schema for validation."
-      
-      # Check 3: Proper permission definition
-      - pattern: "\\$permissions\\[['\"][a-z\\s]+[a-z0-9\\s]+['\"]\\]\\s*=\\s*\\["
-        message: "Following permission naming conventions."
-      
-      # Check 4: Entity access handlers
-      - pattern: "@EntityAccessControl\\(|class\\s+[a-zA-Z0-9_]+AccessControlHandler\\s+extends\\s+"
-        message: "Using dedicated access control handlers for entities."
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: security, drupal, design, architecture, owasp, language:php, framework:drupal, category:security, subcategory:design, standard:owasp-top10, risk:a04-insecure-design
+## References
+- https://owasp.org/Top10/A04_2021-Insecure_Design/
+- https://www.drupal.org/docs/develop/security-in-drupal
+- https://www.drupal.org/docs/8/api/entity-api/access-control-for-entities
+- https://www.drupal.org/docs/8/api/configuration-api/configuration-schemametadata
 
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - security
-    - drupal
-    - design
-    - architecture
-    - owasp
-    - language:php
-    - framework:drupal
-    - category:security
-    - subcategory:design
-    - standard:owasp-top10
-    - risk:a04-insecure-design
-  references:
-    - "https://owasp.org/Top10/A04_2021-Insecure_Design/"
-    - "https://www.drupal.org/docs/develop/security-in-drupal"
-    - "https://www.drupal.org/docs/8/api/entity-api/access-control-for-entities"
-    - "https://www.drupal.org/docs/8/api/configuration-api/configuration-schemametadata"
-</rule> 
\ No newline at end of file
+ 
\ No newline at end of file
diff --git a/.cursor/rules/drupal-integrity-failures.mdc b/.cursor/rules/drupal-integrity-failures.mdc
index 2af8004..edf62d7 100644
--- a/.cursor/rules/drupal-integrity-failures.mdc
+++ b/.cursor/rules/drupal-integrity-failures.mdc
@@ -7,133 +7,97 @@ alwaysApply: false
 
 This rule enforces security best practices to prevent software and data integrity failures in Drupal applications, as defined in OWASP Top 10:2021-A08.
 
-<rule>
-name: drupal_integrity_failures
-description: Detect and prevent software and data integrity failures in Drupal as defined in OWASP Top 10:2021-A08
-filters:
-  - type: file_extension
-    pattern: "\\.(php|inc|module|install|theme|yml|json)$"
-  - type: file_path
-    pattern: ".*"
+## Rule Details
+
+- **Name:** drupal_integrity_failures
+
+- **Description:** Detect and prevent software and data integrity failures in Drupal as defined in OWASP Top 10:2021-A08
+
+## Filters
+- file extension pattern: `\\.(php|inc|module|install|theme|yml|json)$`
+- file path pattern: `.*`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `unserialize\\(\\$|unserialize\\([^,]+\\$|php_unserialize\\(\\$` – Insecure PHP deserialization detected. Use safer alternatives like JSON for data interchange or implement proper validation before deserialization.
+    - Pattern 1: Insecure deserialization
+  - pattern `eval\\(|assert\\(|create_function\\(` – Potentially dangerous code execution function detected. Avoid dynamic code execution whenever possible.
+    - Pattern 2: Unsafe use of eval or similar functions
+  - pattern `module_load_include\\(\\$|require(_once)?\\s*\\(\\s*\\$|include(_once)?\\s*\\(\\s*\\$` – Dynamic inclusion of files based on user input is dangerous. Use validated, allowlisted paths only.
+    - Pattern 3: Insecure plugin/module loading
+  - pattern `update\\.settings\\.yml|function [a-zA-Z0-9_]+_update_[0-9]+\\(\\)` – Ensure update hooks validate the integrity of updates and data transformations to prevent unauthorized modifications.
+    - Pattern 4: Missing update verification
+  - pattern `ConfigImporter|\\$config_importer|config_import|cmci` – Validate configuration before import to ensure integrity and detect potentially malicious changes.
+    - Pattern 5: Unsafe configuration imports
+  - pattern `drupal_http_request\\(|\\\\Drupal::httpClient\\(\\)->get\\(|curl_exec\\(` – Always validate data from remote sources before processing or storing it. Implement integrity checks for remote content.
+    - Pattern 6: Unchecked remote data
+  - pattern `composer\\.json` – Verify you're using secure Composer practices: validate package signatures, pin dependencies, and use composer.lock.
+    - Pattern 7: Insecure Composer usage
+  - pattern `INSERT\\s+INTO|UPDATE\\s+[a-zA-Z0-9_]+\\s+SET|db_update\\(|->update\\(|->insert\\(` – Direct database modifications should implement validation to preserve data integrity. Prefer using entity API.
+    - Pattern 8: Direct database modifications
+  - pattern `file_save_data\\(|file_save_upload\\(|file_copy\\(|file_move\\(` – Implement file integrity checking for uploaded or manipulated files to prevent malicious content.
+    - Pattern 9: Missing file integrity verification
+  - pattern `\\$entity\\s*=\\s*new\\s+[A-Za-z]+\\(|::create\\(\\$` – Validate all input used to create entity objects to maintain data integrity and prevent creating malicious entities.
+    - Pattern 10: Unsafe entity creation
+
+## Suggestions
+- Guidance:
+**Drupal Data & Software Integrity Best Practices:**
+
+1. **Secure Deserialization:**
+   - Avoid PHP's unserialize() with untrusted data entirely
+   - Use JSON or other structured formats for data interchange
+   - When deserialization is necessary, implement allowlists and validation
+   - Consider using Drupal's typed data API for structured data handling
+   - Avoid serializing sensitive data that could be tampered with
+
+2. **Update & Configuration Integrity:**
+   - Validate data before and after migrations/updates
+   - Implement checksums/hashing for critical configuration
+   - Use Drupal's Configuration Management system properly
+   - Monitor configuration changes for unauthorized modifications
+   - Implement proper workflow for configuration management
+
+3. **Dependency & Plugin Security:**
+   - Verify the integrity of downloaded modules and themes
+   - Use Composer with package signature verification
+   - Pin dependencies to specific versions in production
+   - Maintain awareness of security advisories
+   - Implement proper validation for plugin/module loading
+
+4. **CI/CD Pipeline Security:**
+   - Sign build artifacts
+   - Verify signatures during deployment
+   - Implement proper secrets management
+   - Control access to build and deployment systems
+   - Validate code changes through code reviews
 
-actions:
-  - type: enforce
-    conditions:
-      # Pattern 1: Insecure deserialization
-      - pattern: "unserialize\\(\\$|unserialize\\([^,]+\\$|php_unserialize\\(\\$"
-        message: "Insecure PHP deserialization detected. Use safer alternatives like JSON for data interchange or implement proper validation before deserialization."
-        
-      # Pattern 2: Unsafe use of eval or similar functions
-      - pattern: "eval\\(|assert\\(|create_function\\("
-        message: "Potentially dangerous code execution function detected. Avoid dynamic code execution whenever possible."
-        
-      # Pattern 3: Insecure plugin/module loading
-      - pattern: "module_load_include\\(\\$|require(_once)?\\s*\\(\\s*\\$|include(_once)?\\s*\\(\\s*\\$"
-        message: "Dynamic inclusion of files based on user input is dangerous. Use validated, allowlisted paths only."
-        
-      # Pattern 4: Missing update verification
-      - pattern: "update\\.settings\\.yml|function [a-zA-Z0-9_]+_update_[0-9]+\\(\\)"
-        message: "Ensure update hooks validate the integrity of updates and data transformations to prevent unauthorized modifications."
-        
-      # Pattern 5: Unsafe configuration imports
-      - pattern: "ConfigImporter|\\$config_importer|config_import|cmci"
-        message: "Validate configuration before import to ensure integrity and detect potentially malicious changes."
-        
-      # Pattern 6: Unchecked remote data
-      - pattern: "drupal_http_request\\(|\\\\Drupal::httpClient\\(\\)->get\\(|curl_exec\\("
-        message: "Always validate data from remote sources before processing or storing it. Implement integrity checks for remote content."
-        
-      # Pattern 7: Insecure Composer usage
-      - pattern: "composer\\.json"
-        message: "Verify you're using secure Composer practices: validate package signatures, pin dependencies, and use composer.lock."
-        
-      # Pattern 8: Direct database modifications
-      - pattern: "INSERT\\s+INTO|UPDATE\\s+[a-zA-Z0-9_]+\\s+SET|db_update\\(|->update\\(|->insert\\("
-        message: "Direct database modifications should implement validation to preserve data integrity. Prefer using entity API."
-        
-      # Pattern 9: Missing file integrity verification
-      - pattern: "file_save_data\\(|file_save_upload\\(|file_copy\\(|file_move\\("
-        message: "Implement file integrity checking for uploaded or manipulated files to prevent malicious content."
-        
-      # Pattern 10: Unsafe entity creation
-      - pattern: "\\$entity\\s*=\\s*new\\s+[A-Za-z]+\\(|::create\\(\\$"
-        message: "Validate all input used to create entity objects to maintain data integrity and prevent creating malicious entities."
+5. **Data Integrity Validation:**
+   - Use database constraints to enforce data integrity
+   - Implement validation at every layer of the application
+   - Add integrity checks for critical data flows
+   - Maintain audit logs for data modifications
+   - Regularly verify data consistency
 
-  - type: suggest
-    message: |
-      **Drupal Data & Software Integrity Best Practices:**
-      
-      1. **Secure Deserialization:**
-         - Avoid PHP's unserialize() with untrusted data entirely
-         - Use JSON or other structured formats for data interchange
-         - When deserialization is necessary, implement allowlists and validation
-         - Consider using Drupal's typed data API for structured data handling
-         - Avoid serializing sensitive data that could be tampered with
-      
-      2. **Update & Configuration Integrity:**
-         - Validate data before and after migrations/updates
-         - Implement checksums/hashing for critical configuration
-         - Use Drupal's Configuration Management system properly
-         - Monitor configuration changes for unauthorized modifications
-         - Implement proper workflow for configuration management
-      
-      3. **Dependency & Plugin Security:**
-         - Verify the integrity of downloaded modules and themes
-         - Use Composer with package signature verification
-         - Pin dependencies to specific versions in production
-         - Maintain awareness of security advisories
-         - Implement proper validation for plugin/module loading
-      
-      4. **CI/CD Pipeline Security:**
-         - Sign build artifacts
-         - Verify signatures during deployment
-         - Implement proper secrets management
-         - Control access to build and deployment systems
-         - Validate code changes through code reviews
-      
-      5. **Data Integrity Validation:**
-         - Use database constraints to enforce data integrity
-         - Implement validation at every layer of the application
-         - Add integrity checks for critical data flows
-         - Maintain audit logs for data modifications
-         - Regularly verify data consistency
+## Validation Checks
+- Conditions:
+  - pattern `json_encode|json_decode|\\\\Drupal::service\\('serialization\\.|->toArray\\(\\)` – Using safer serialization alternatives.
+    - Check 1: Secure serialization alternatives
+  - pattern `\\$entity->validate\\(\\)|\\$violations\\s*=\\s*\\$entity->validate\\(\\)` – Properly validating entity data.
+    - Check 2: Proper entity validation
+  - pattern `::validateSyncedConfig\\(|ConfigImporter::validate|->getUnprocessedConfiguration\\(\\)` – Implementing configuration validation.
+    - Check 3: Config verification
+  - pattern `file_validate_|FileValidatorInterface|\\$validators` – Using file validation mechanisms.
+    - Check 4: Safe file handling
 
-  - type: validate
-    conditions:
-      # Check 1: Secure serialization alternatives
-      - pattern: "json_encode|json_decode|\\\\Drupal::service\\('serialization\\.|->toArray\\(\\)"
-        message: "Using safer serialization alternatives."
-      
-      # Check 2: Proper entity validation
-      - pattern: "\\$entity->validate\\(\\)|\\$violations\\s*=\\s*\\$entity->validate\\(\\)"
-        message: "Properly validating entity data."
-      
-      # Check 3: Config verification
-      - pattern: "::validateSyncedConfig\\(|ConfigImporter::validate|->getUnprocessedConfiguration\\(\\)"
-        message: "Implementing configuration validation."
-      
-      # Check 4: Safe file handling
-      - pattern: "file_validate_|FileValidatorInterface|\\$validators"
-        message: "Using file validation mechanisms."
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: security, drupal, integrity, deserialization, owasp, language:php, framework:drupal, category:security, subcategory:integrity, standard:owasp-top10, risk:a08-integrity-failures
+## References
+- https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/
+- https://www.drupal.org/docs/develop/security-in-drupal/drupal-8-sanitizing-output
+- https://www.drupal.org/docs/8/api/configuration-api/configuration-api-overview
+- https://www.drupal.org/docs/develop/using-composer
 
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - security
-    - drupal
-    - integrity
-    - deserialization
-    - owasp
-    - language:php
-    - framework:drupal
-    - category:security
-    - subcategory:integrity
-    - standard:owasp-top10
-    - risk:a08-integrity-failures
-  references:
-    - "https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/"
-    - "https://www.drupal.org/docs/develop/security-in-drupal/drupal-8-sanitizing-output"
-    - "https://www.drupal.org/docs/8/api/configuration-api/configuration-api-overview"
-    - "https://www.drupal.org/docs/develop/using-composer"
-</rule> 
\ No newline at end of file
+ 
\ No newline at end of file
diff --git a/.cursor/rules/drupal-logging-failures.mdc b/.cursor/rules/drupal-logging-failures.mdc
index 6ce9692..d18b8a3 100644
--- a/.cursor/rules/drupal-logging-failures.mdc
+++ b/.cursor/rules/drupal-logging-failures.mdc
@@ -7,135 +7,99 @@ alwaysApply: false
 
 This rule enforces security best practices to prevent logging and monitoring failures in Drupal applications, as defined in OWASP Top 10:2021-A09.
 
-<rule>
-name: drupal_logging_failures
-description: Detect and prevent security logging and monitoring failures in Drupal as defined in OWASP Top 10:2021-A09
-filters:
-  - type: file_extension
-    pattern: "\\.(php|inc|module|install|theme|yml)$"
-  - type: file_path
-    pattern: ".*"
+## Rule Details
+
+- **Name:** drupal_logging_failures
+
+- **Description:** Detect and prevent security logging and monitoring failures in Drupal as defined in OWASP Top 10:2021-A09
+
+## Filters
+- file extension pattern: `\\.(php|inc|module|install|theme|yml)$`
+- file path pattern: `.*`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `(delete|update|create|execute|grant|revoke|config|schema).*function[^}]*\\{(?![^}]*(log|watchdog|logger))` – Critical operations should include logging. Implement proper logging for security-relevant actions.
+    - Pattern 1: Missing critical event logging
+  - pattern `@include|@require|@eval|error_reporting\\(0\\)|ini_set\\(['\"](mdc:display_errors|log_errors)['\"],\\s*['\"]0['\"]\\)` – Avoid suppressing errors and warnings. Implement proper error handling and logging instead.
+    - Pattern 2: Suppressed error logging
+  - pattern `catch\\s*\\([^{]*\\)\\s*\\{(?![^}]*log|[^}]*watchdog|[^}]*logger)` – Exceptions should be properly logged, especially in security-critical sections.
+    - Pattern 3: Improper exception handling without logging
+  - pattern `dblog\\.settings\\.yml|syslog\\.settings\\.yml|logging\\.settings\\.yml` – Ensure logging is properly configured and not disabled. Verify log verbosity and retention policies.
+    - Pattern 4: Disabled watchdog
+  - pattern `(login|authenticate|logout|password).*function[^}]*\\{(?![^}]*(log|watchdog|logger))` – Authentication events should always be logged for security monitoring and auditing.
+    - Pattern 5: Missing authentication event logging
+  - pattern `AccessResult::(allowed|forbidden|neutral)\\([^)]*\\)(?![^;]*(log|watchdog|logger))` – Consider logging significant access control decisions, especially denials, for security monitoring.
+    - Pattern 6: Failure to log access control decisions
+  - pattern `(file_save|file_delete|file_move|file_copy)[^;]*;(?![^;]*(log|watchdog|logger))` – File operations should be logged, especially for security-sensitive files.
+    - Pattern 7: Missing logging in file operations
+  - pattern `(\\->log|watchdog)\\([^,)]*,[^,)]*\\)` – Log messages should include sufficient context and detail for effective security monitoring.
+    - Pattern 8: Insufficient detail in log messages
+  - pattern `\\$config->set\\([^;]*;(?![^;]*(log|watchdog|logger))` – Configuration changes should be logged to maintain an audit trail and detect unauthorized changes.
+    - Pattern 9: Failure to log configuration changes
+  - pattern `class\\s+[a-zA-Z0-9_]+Resource.+\\{[^}]*function\\s+[a-zA-Z0-9_]+\\([^{]*\\)\\s*\\{(?![^}]*(log|watchdog|logger))` – API endpoint access should be logged for security monitoring, especially for sensitive operations.
+    - Pattern 10: Missing logs for API access
+
+## Suggestions
+- Guidance:
+**Drupal Security Logging & Monitoring Best Practices:**
+
+1. **Comprehensive Logging Implementation:**
+   - Use Drupal's Logger Factory service: `\Drupal::logger('module_name')`
+   - Implement proper log levels: emergency, alert, critical, error, warning, notice, info, debug
+   - Include context in log messages with relevant identifiers and information
+   - Log security-relevant events consistently across the application
+   - Structure log messages to facilitate automated analysis
+
+2. **Critical Events to Log:**
+   - Authentication events (login attempts, failures, logouts)
+   - Access control decisions (particularly denials)
+   - All administrative actions
+   - Data modification operations on sensitive information
+   - Configuration and settings changes
+   - File operations (uploads, downloads of sensitive content)
+   - API access and usage
+
+3. **Logging Configuration:**
+   - Configure appropriate log retention periods based on security requirements
+   - Implement log rotation to maintain performance
+   - Consider using syslog for centralized logging
+   - Protect log files from unauthorized access and modification
+   - Configure appropriate verbosity for different environments
+
+4. **Monitoring Implementation:**
+   - Define security-relevant log patterns to monitor
+   - Implement log aggregation and analysis
+   - Set up alerts for suspicious activity patterns
+   - Establish response procedures for security events
+   - Consider integration with SIEM solutions
 
-actions:
-  - type: enforce
-    conditions:
-      # Pattern 1: Missing critical event logging
-      - pattern: "(delete|update|create|execute|grant|revoke|config|schema).*function[^}]*\\{(?![^}]*(log|watchdog|logger))"
-        message: "Critical operations should include logging. Implement proper logging for security-relevant actions."
-        
-      # Pattern 2: Suppressed error logging
-      - pattern: "@include|@require|@eval|error_reporting\\(0\\)|ini_set\\(['\"](mdc:display_errors|log_errors)['\"],\\s*['\"]0['\"]\\)"
-        message: "Avoid suppressing errors and warnings. Implement proper error handling and logging instead."
-        
-      # Pattern 3: Improper exception handling without logging
-      - pattern: "catch\\s*\\([^{]*\\)\\s*\\{(?![^}]*log|[^}]*watchdog|[^}]*logger)"
-        message: "Exceptions should be properly logged, especially in security-critical sections."
-        
-      # Pattern 4: Disabled watchdog
-      - pattern: "dblog\\.settings\\.yml|syslog\\.settings\\.yml|logging\\.settings\\.yml"
-        message: "Ensure logging is properly configured and not disabled. Verify log verbosity and retention policies."
-        
-      # Pattern 5: Missing authentication event logging
-      - pattern: "(login|authenticate|logout|password).*function[^}]*\\{(?![^}]*(log|watchdog|logger))"
-        message: "Authentication events should always be logged for security monitoring and auditing."
-        
-      # Pattern 6: Failure to log access control decisions
-      - pattern: "AccessResult::(allowed|forbidden|neutral)\\([^)]*\\)(?![^;]*(log|watchdog|logger))"
-        message: "Consider logging significant access control decisions, especially denials, for security monitoring."
-        
-      # Pattern 7: Missing logging in file operations
-      - pattern: "(file_save|file_delete|file_move|file_copy)[^;]*;(?![^;]*(log|watchdog|logger))"
-        message: "File operations should be logged, especially for security-sensitive files."
-        
-      # Pattern 8: Insufficient detail in log messages
-      - pattern: "(\\->log|watchdog)\\([^,)]*,[^,)]*\\)"
-        message: "Log messages should include sufficient context and detail for effective security monitoring."
-        
-      # Pattern 9: Failure to log configuration changes
-      - pattern: "\\$config->set\\([^;]*;(?![^;]*(log|watchdog|logger))"
-        message: "Configuration changes should be logged to maintain an audit trail and detect unauthorized changes."
-        
-      # Pattern 10: Missing logs for API access
-      - pattern: "class\\s+[a-zA-Z0-9_]+Resource.+\\{[^}]*function\\s+[a-zA-Z0-9_]+\\([^{]*\\)\\s*\\{(?![^}]*(log|watchdog|logger))"
-        message: "API endpoint access should be logged for security monitoring, especially for sensitive operations."
+5. **Error Handling:**
+   - Log exceptions with appropriate error levels
+   - Include stack traces in development but not production
+   - Implement custom error handlers that ensure proper logging
+   - Avoid suppressing errors that might indicate security issues
+   - Monitor for patterns in error logs that could indicate attacks
 
-  - type: suggest
-    message: |
-      **Drupal Security Logging & Monitoring Best Practices:**
-      
-      1. **Comprehensive Logging Implementation:**
-         - Use Drupal's Logger Factory service: `\Drupal::logger('module_name')`
-         - Implement proper log levels: emergency, alert, critical, error, warning, notice, info, debug
-         - Include context in log messages with relevant identifiers and information
-         - Log security-relevant events consistently across the application
-         - Structure log messages to facilitate automated analysis
-      
-      2. **Critical Events to Log:**
-         - Authentication events (login attempts, failures, logouts)
-         - Access control decisions (particularly denials)
-         - All administrative actions
-         - Data modification operations on sensitive information
-         - Configuration and settings changes
-         - File operations (uploads, downloads of sensitive content)
-         - API access and usage
-      
-      3. **Logging Configuration:**
-         - Configure appropriate log retention periods based on security requirements
-         - Implement log rotation to maintain performance
-         - Consider using syslog for centralized logging
-         - Protect log files from unauthorized access and modification
-         - Configure appropriate verbosity for different environments
-      
-      4. **Monitoring Implementation:**
-         - Define security-relevant log patterns to monitor
-         - Implement log aggregation and analysis
-         - Set up alerts for suspicious activity patterns
-         - Establish response procedures for security events
-         - Consider integration with SIEM solutions
-      
-      5. **Error Handling:**
-         - Log exceptions with appropriate error levels
-         - Include stack traces in development but not production
-         - Implement custom error handlers that ensure proper logging
-         - Avoid suppressing errors that might indicate security issues
-         - Monitor for patterns in error logs that could indicate attacks
+## Validation Checks
+- Conditions:
+  - pattern `\\\\Drupal::logger\\([^)]+\\)->\\w+\\(|\\$this->logger->\\w+\\(` – Using Drupal's logger service correctly.
+    - Check 1: Proper logger usage
+  - pattern `->\\w+\\([^,]+,\\s*[^,]+,\\s*\\[` – Including context information in log messages.
+    - Check 2: Context in log messages
+  - pattern `dblog\\.settings|syslog\\.settings|logging\\.yml` – Configuring logging appropriately.
+    - Check 3: Logging configuration
+  - pattern `catch[^{]*\\{[^}]*logger|catch[^{]*\\{[^}]*watchdog|catch[^{]*\\{[^}]*log` – Properly logging exceptions.
+    - Check 4: Exception logging
 
-  - type: validate
-    conditions:
-      # Check 1: Proper logger usage
-      - pattern: "\\\\Drupal::logger\\([^)]+\\)->\\w+\\(|\\$this->logger->\\w+\\("
-        message: "Using Drupal's logger service correctly."
-      
-      # Check 2: Context in log messages
-      - pattern: "->\\w+\\([^,]+,\\s*[^,]+,\\s*\\["
-        message: "Including context information in log messages."
-      
-      # Check 3: Logging configuration
-      - pattern: "dblog\\.settings|syslog\\.settings|logging\\.yml"
-        message: "Configuring logging appropriately."
-      
-      # Check 4: Exception logging
-      - pattern: "catch[^{]*\\{[^}]*logger|catch[^{]*\\{[^}]*watchdog|catch[^{]*\\{[^}]*log"
-        message: "Properly logging exceptions."
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: security, drupal, logging, monitoring, owasp, language:php, framework:drupal, category:security, subcategory:logging, standard:owasp-top10, risk:a09-logging-monitoring
+## References
+- https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/
+- https://www.drupal.org/docs/8/api/logging-api/overview
+- https://www.drupal.org/docs/develop/security-in-drupal/writing-secure-code-for-drupal
+- https://www.drupal.org/docs/8/modules/syslog
 
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - security
-    - drupal
-    - logging
-    - monitoring
-    - owasp
-    - language:php
-    - framework:drupal
-    - category:security
-    - subcategory:logging
-    - standard:owasp-top10
-    - risk:a09-logging-monitoring
-  references:
-    - "https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/"
-    - "https://www.drupal.org/docs/8/api/logging-api/overview"
-    - "https://www.drupal.org/docs/develop/security-in-drupal/writing-secure-code-for-drupal"
-    - "https://www.drupal.org/docs/8/modules/syslog"
-</rule> 
\ No newline at end of file
+ 
\ No newline at end of file
diff --git a/.cursor/rules/drupal-security-misconfiguration.mdc b/.cursor/rules/drupal-security-misconfiguration.mdc
index a51b6e8..9847221 100644
--- a/.cursor/rules/drupal-security-misconfiguration.mdc
+++ b/.cursor/rules/drupal-security-misconfiguration.mdc
@@ -7,128 +7,92 @@ alwaysApply: false
 
 This rule enforces security best practices to prevent misconfiguration vulnerabilities in Drupal applications, as defined in OWASP Top 10:2021-A05.
 
-<rule>
-name: drupal_security_misconfiguration
-description: Detect and prevent security misconfigurations in Drupal as defined in OWASP Top 10:2021-A05
-filters:
-  - type: file_extension
-    pattern: "\\.(php|inc|module|install|theme|yml|info\\.yml)$"
-  - type: file_path
-    pattern: ".*"
+## Rule Details
+
+- **Name:** drupal_security_misconfiguration
+
+- **Description:** Detect and prevent security misconfigurations in Drupal as defined in OWASP Top 10:2021-A05
+
+## Filters
+- file extension pattern: `\\.(php|inc|module|install|theme|yml|info\\.yml)$`
+- file path pattern: `.*`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `\\$settings\\['update_free_access'\\]\\s*=\\s*TRUE|\\$settings\\['cache'\\]\\s*=\\s*FALSE|\\$settings\\['rebuild_access'\\]\\s*=\\s*TRUE|\\$config\\['system\\.performance'\\]\\['cache'\\]\\s*=\\s*FALSE` – Development settings detected in production code. Ensure these settings are only enabled in development environments.
+    - Pattern 1: Development settings in production code
+  - pattern `settings\\.php|settings\\.local\\.php` – Verify that $settings['trusted_host_patterns'] is properly configured to prevent HTTP Host header attacks.
+    - Pattern 2: Missing or weak trusted host patterns
+  - pattern `\\$config\\['system\\.logging'\\]\\['error_level'\\]\\s*=\\s*'verbose'|ini_set\\('display_errors'\\s*,\\s*'1'\\)|error_reporting\\(E_ALL\\)` – Error display should be disabled in production. Use 'hide' for error_level in production.
+    - Pattern 3: Debugging/error display enabled
+  - pattern `\\$settings\\['file_chmod_directory'\\]\\s*=\\s*0777|\\$settings\\['file_chmod_file'\\]\\s*=\\s*0666` – Excessively permissive file permissions detected. Use more restrictive permissions.
+    - Pattern 4: Insecure file permissions settings
+  - pattern `\\.htaccess|sites/default/default\\.settings\\.php` – Ensure Content-Security-Policy headers are properly configured to prevent XSS attacks.
+    - Pattern 5: Disabled or misconfigured CSP headers
+  - pattern `session\\.cookie_secure\\s*=\\s*0|session\\.cookie_httponly\\s*=\\s*0|\\$settings\\['cookie_secure_only'\\]\\s*=\\s*FALSE` – Session cookies should be secure and HTTP-only in production environments.
+    - Pattern 6: Insecure session cookie settings
+  - pattern `settings\\.php` – Ensure $settings['file_private_path'] is properly configured for storing sensitive files.
+    - Pattern 7: Missing or misconfigured private file path
+  - pattern `core\\.extension\\.yml` – Check for development modules (devel, webprofiler, etc.) that should not be enabled in production.
+    - Pattern 8: Development modules enabled in production
+  - pattern `function\\s+[a-zA-Z0-9_]+_install\\(\\)` – Remove or secure default/demo content and users in production environments.
+    - Pattern 9: Default or demo content in production
+  - pattern `\\.htaccess|nginx\\.conf` – Verify X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, and Referrer-Policy headers are properly configured.
+    - Pattern 10: Missing or misconfigured security headers
+
+## Suggestions
+- Guidance:
+**Drupal Security Configuration Best Practices:**
+
+1. **Environment-Specific Configurations:**
+   - Use `settings.local.php` for environment-specific settings
+   - Maintain separate development, staging, and production configurations
+   - Never enable development settings in production: update_free_access, rebuild_access, etc.
+   - Use environment variables or secrets management for sensitive information
+
+2. **Essential Security Settings:**
+   - Configure trusted_host_patterns to prevent HTTP Host header attacks
+   - Set secure file permissions (e.g., 0755 for directories, 0644 for files)
+   - Configure private file path for sensitive uploads
+   - Set file_scan_ignore_directories to prevent public access to sensitive directories
+   - Implement secure session cookie settings (HTTPOnly, Secure, SameSite)
+
+3. **Error Handling:**
+   - Disable verbose error reporting in production with $config['system.logging']['error_level'] = 'hide'
+   - Configure custom error pages that don't leak system information
+   - Implement appropriate logging without exposing sensitive data
+
+4. **Security Headers:**
+   - Set Content-Security-Policy to restrict resource origins
+   - Configure X-Frame-Options to prevent clickjacking
+   - Enable X-Content-Type-Options to prevent MIME-type sniffing
+   - Set Referrer-Policy to control information in HTTP referers
 
-actions:
-  - type: enforce
-    conditions:
-      # Pattern 1: Development settings in production code
-      - pattern: "\\$settings\\['update_free_access'\\]\\s*=\\s*TRUE|\\$settings\\['cache'\\]\\s*=\\s*FALSE|\\$settings\\['rebuild_access'\\]\\s*=\\s*TRUE|\\$config\\['system\\.performance'\\]\\['cache'\\]\\s*=\\s*FALSE"
-        message: "Development settings detected in production code. Ensure these settings are only enabled in development environments."
-        
-      # Pattern 2: Missing or weak trusted host patterns
-      - pattern: "settings\\.php|settings\\.local\\.php"
-        message: "Verify that $settings['trusted_host_patterns'] is properly configured to prevent HTTP Host header attacks."
-        
-      # Pattern 3: Debugging/error display enabled
-      - pattern: "\\$config\\['system\\.logging'\\]\\['error_level'\\]\\s*=\\s*'verbose'|ini_set\\('display_errors'\\s*,\\s*'1'\\)|error_reporting\\(E_ALL\\)"
-        message: "Error display should be disabled in production. Use 'hide' for error_level in production."
-        
-      # Pattern 4: Insecure file permissions settings
-      - pattern: "\\$settings\\['file_chmod_directory'\\]\\s*=\\s*0777|\\$settings\\['file_chmod_file'\\]\\s*=\\s*0666"
-        message: "Excessively permissive file permissions detected. Use more restrictive permissions."
-        
-      # Pattern 5: Disabled or misconfigured CSP headers
-      - pattern: "\\.htaccess|sites/default/default\\.settings\\.php"
-        message: "Ensure Content-Security-Policy headers are properly configured to prevent XSS attacks."
-        
-      # Pattern 6: Insecure session cookie settings
-      - pattern: "session\\.cookie_secure\\s*=\\s*0|session\\.cookie_httponly\\s*=\\s*0|\\$settings\\['cookie_secure_only'\\]\\s*=\\s*FALSE"
-        message: "Session cookies should be secure and HTTP-only in production environments."
-        
-      # Pattern 7: Missing or misconfigured private file path
-      - pattern: "settings\\.php"
-        message: "Ensure $settings['file_private_path'] is properly configured for storing sensitive files."
-        
-      # Pattern 8: Development modules enabled in production
-      - pattern: "core\\.extension\\.yml"
-        message: "Check for development modules (devel, webprofiler, etc.) that should not be enabled in production."
-        
-      # Pattern 9: Default or demo content in production
-      - pattern: "function\\s+[a-zA-Z0-9_]+_install\\(\\)"
-        message: "Remove or secure default/demo content and users in production environments."
-        
-      # Pattern 10: Missing or misconfigured security headers
-      - pattern: "\\.htaccess|nginx\\.conf"
-        message: "Verify X-Frame-Options, X-Content-Type-Options, X-XSS-Protection, and Referrer-Policy headers are properly configured."
+5. **Module & Extension Security:**
+   - Disable and uninstall unnecessary modules in production
+   - Keep core and contributed modules updated
+   - Remove development modules from production (devel, webprofiler, etc.)
+   - Implement proper configuration management workflows
 
-  - type: suggest
-    message: |
-      **Drupal Security Configuration Best Practices:**
-      
-      1. **Environment-Specific Configurations:**
-         - Use `settings.local.php` for environment-specific settings
-         - Maintain separate development, staging, and production configurations
-         - Never enable development settings in production: update_free_access, rebuild_access, etc.
-         - Use environment variables or secrets management for sensitive information
-      
-      2. **Essential Security Settings:**
-         - Configure trusted_host_patterns to prevent HTTP Host header attacks
-         - Set secure file permissions (e.g., 0755 for directories, 0644 for files)
-         - Configure private file path for sensitive uploads
-         - Set file_scan_ignore_directories to prevent public access to sensitive directories
-         - Implement secure session cookie settings (HTTPOnly, Secure, SameSite)
-      
-      3. **Error Handling:**
-         - Disable verbose error reporting in production with $config['system.logging']['error_level'] = 'hide'
-         - Configure custom error pages that don't leak system information
-         - Implement appropriate logging without exposing sensitive data
-      
-      4. **Security Headers:**
-         - Set Content-Security-Policy to restrict resource origins
-         - Configure X-Frame-Options to prevent clickjacking
-         - Enable X-Content-Type-Options to prevent MIME-type sniffing
-         - Set Referrer-Policy to control information in HTTP referers
-      
-      5. **Module & Extension Security:**
-         - Disable and uninstall unnecessary modules in production
-         - Keep core and contributed modules updated
-         - Remove development modules from production (devel, webprofiler, etc.)
-         - Implement proper configuration management workflows
+## Validation Checks
+- Conditions:
+  - pattern `\\$settings\\['trusted_host_patterns'\\]\\s*=\\s*\\[\\s*['\"][^\"']+['\"]` – Trusted host patterns are properly configured.
+    - Check 1: Proper trusted host patterns
+  - pattern `\\$settings\\['cookie_secure_only'\\]\\s*=\\s*TRUE|session\\.cookie_secure\\s*=\\s*1` – Secure cookie settings are properly configured.
+    - Check 2: Secure session cookie settings
+  - pattern `\\$settings\\['file_private_path'\\]\\s*=\\s*(\"|')[^\"']+(\"|')` – Private file path is configured for sensitive files.
+    - Check 3: Private file path configuration
+  - pattern `\\$config\\['system\\.logging'\\]\\['error_level'\\]\\s*=\\s*'hide'` – Error reporting is properly configured for production.
+    - Check 4: Production error settings
 
-  - type: validate
-    conditions:
-      # Check 1: Proper trusted host patterns
-      - pattern: "\\$settings\\['trusted_host_patterns'\\]\\s*=\\s*\\[\\s*['\"][^\"']+['\"]"
-        message: "Trusted host patterns are properly configured."
-      
-      # Check 2: Secure session cookie settings
-      - pattern: "\\$settings\\['cookie_secure_only'\\]\\s*=\\s*TRUE|session\\.cookie_secure\\s*=\\s*1"
-        message: "Secure cookie settings are properly configured."
-      
-      # Check 3: Private file path configuration
-      - pattern: "\\$settings\\['file_private_path'\\]\\s*=\\s*(\"|')[^\"']+(\"|')"
-        message: "Private file path is configured for sensitive files."
-      
-      # Check 4: Production error settings
-      - pattern: "\\$config\\['system\\.logging'\\]\\['error_level'\\]\\s*=\\s*'hide'"
-        message: "Error reporting is properly configured for production."
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: security, drupal, configuration, misconfiguration, owasp, language:php, framework:drupal, category:security, subcategory:configuration, standard:owasp-top10, risk:a05-misconfiguration
+## References
+- https://owasp.org/Top10/A05_2021-Security_Misconfiguration/
+- https://www.drupal.org/docs/security-in-drupal/securing-your-site
+- https://www.drupal.org/docs/security-in-drupal/drupal-security-best-practices
+- https://www.drupal.org/docs/8/security/writing-secure-code-for-drupal-8
 
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - security
-    - drupal
-    - configuration
-    - misconfiguration
-    - owasp
-    - language:php
-    - framework:drupal
-    - category:security
-    - subcategory:configuration
-    - standard:owasp-top10
-    - risk:a05-misconfiguration
-  references:
-    - "https://owasp.org/Top10/A05_2021-Security_Misconfiguration/"
-    - "https://www.drupal.org/docs/security-in-drupal/securing-your-site"
-    - "https://www.drupal.org/docs/security-in-drupal/drupal-security-best-practices"
-    - "https://www.drupal.org/docs/8/security/writing-secure-code-for-drupal-8"
-</rule> 
\ No newline at end of file
+ 
\ No newline at end of file
diff --git a/.cursor/rules/drupal-ssrf.mdc b/.cursor/rules/drupal-ssrf.mdc
index c48453d..5dab951 100644
--- a/.cursor/rules/drupal-ssrf.mdc
+++ b/.cursor/rules/drupal-ssrf.mdc
@@ -7,130 +7,95 @@ alwaysApply: false
 
 This rule enforces security best practices to prevent Server-Side Request Forgery (SSRF) vulnerabilities in Drupal applications, as defined in OWASP Top 10:2021-A10.
 
-<rule>
-name: drupal_ssrf
-description: Detect and prevent Server-Side Request Forgery (SSRF) vulnerabilities in Drupal applications as defined in OWASP Top 10:2021-A10
-filters:
-  - type: file_extension
-    pattern: "\\.(php|inc|module|install|theme)$"
-  - type: file_path
-    pattern: ".*"
+## Rule Details
+
+- **Name:** drupal_ssrf
+
+- **Description:** Detect and prevent Server-Side Request Forgery (SSRF) vulnerabilities in Drupal applications as defined in OWASP Top 10:2021-A10
+
+## Filters
+- file extension pattern: `\\.(php|inc|module|install|theme)$`
+- file path pattern: `.*`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `(file_get_contents|fopen|curl_exec|drupal_http_request|\\$client->request|\\$client->get|Drupal::httpClient\\(\\)->get)\\s*\\([^)]*\\$_(GET|POST|REQUEST|COOKIE|SERVER|FILES)[^)]*\\)` – Potential SSRF vulnerability: URL constructed with user input. Validate and sanitize user-supplied URL parameters before making requests.
+    - Pattern 1: Unsafe URL construction with user input
+  - pattern `GuzzleHttp\\\\Client[^;]*;[^;]*->request\\s*\\([^;]*\\$[^;]*` – Validate and restrict URLs before making HTTP requests with Guzzle to prevent SSRF attacks.
+    - Pattern 2: Unsafe Guzzle HTTP client usage
+  - pattern `(Http(Client|Request)|curl_exec|file_get_contents)\\s*\\([^)]*(http|\\$[a-zA-Z0-9_]+)[^)]*\\)[^;]*;(?![^;]*(valid|check|sanitize|UrlHelper))` – HTTP requests should validate URLs with \\Drupal\\Component\\Utility\\UrlHelper::isValid() before execution to prevent SSRF.
+    - Pattern 3: Missing URL validation before making HTTP requests
+  - pattern `(https?:?//|www\\.)\\s*\\.\\s*\\$[a-zA-Z0-9_]+` – Potential SSRF vulnerability: URL being constructed with variable concatenation. Use URL validation and allowlisting.
+    - Pattern 4: Unsafe URL construction with variable input
+  - pattern `file_get_contents\\([\"'](mdc:?:http|https|ftp|php|data|expect|zip|phar)://` – Avoid using PHP wrappers with file operations that could lead to SSRF vulnerabilities.
+    - Pattern 5: Using file system wrappers which can lead to SSRF
+  - pattern `CURLOPT_PROXY[^;]*none|CURLOPT_PROXY[^;]*null` – Bypassing proxy settings can lead to SSRF vulnerabilities. Maintain proper proxy configurations.
+    - Pattern 6: Bypassing local proxy settings
+  - pattern `simplexml_load_|DOMDocument|SimpleXMLElement|xml_parse` – XML processing without disabling external entities can lead to XXE and SSRF. Use libxml_disable_entity_loader(true).
+    - Pattern 7: Unsafe processing of XML with external entities
+  - pattern `(127\\.0\\.0\\.1|10\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|172\\.(1[6-9]|2[0-9]|3[0-1])\\.[0-9]{1,3}\\.[0-9]{1,3}|192\\.168\\.[0-9]{1,3}\\.[0-9]{1,3}|169\\.254\\.[0-9]{1,3}\\.[0-9]{1,3}|localhost)` – Hardcoded internal IP addresses or localhost may facilitate SSRF attacks if exposed to user manipulation.
+    - Pattern 8: Accessing or using internal network IPs
+  - pattern `\\\\Drupal::httpClient\\(\\)(?!.*[^;]*UrlHelper::isValid)` – Always validate URLs with UrlHelper::isValid() before making HTTP requests with Drupal's HTTP client.
+    - Pattern 9: Custom Drupal HTTP client usage without validation
+  - pattern `curl_setopt\\([^,]+,\\s*CURLOPT_PORT,\\s*\\$[a-zA-Z0-9_]+` – Potential SSRF vulnerability: Restrict allowed ports for outbound HTTP requests to prevent service probing.
+    - Pattern 10: Allowing unrestricted ports in HTTP requests
+
+## Suggestions
+- Guidance:
+**Drupal SSRF Prevention Best Practices:**
+
+1. **Input Validation for URLs:**
+   - Always validate any user-supplied URL or URL components
+   - Use `\Drupal\Component\Utility\UrlHelper::isValid()` to validate URLs
+   - Implement allowlists rather than blocklists for domains/IPs
+   - Parse URLs and validate each component (protocol, domain, port, path)
+
+2. **Network-Level Controls:**
+   - Implement network-level access controls for internal services
+   - Use application firewalls to restrict outbound connections
+   - Configure proxies to control and monitor outbound requests
+   - Segment sensitive internal services from public-facing applications
+
+3. **Request Handling:**
+   - Avoid passing raw user input to HTTP clients
+   - Set reasonable timeouts for all HTTP requests
+   - Disable HTTP redirects or limit redirect chains
+   - Validate response types match expected formats
+   - Use dedicated service accounts with minimal privileges for API calls
+
+4. **Drupal-Specific Controls:**
+   - Utilize Drupal's built-in UrlHelper class for URL validation
+   - Configure Guzzle HTTP client with appropriate security options
+   - Consider using middleware to enforce URL validation
+   - Use Drupal's logging system to record suspicious outbound requests
+   - Implement specific content security policies
 
-actions:
-  - type: enforce
-    conditions:
-      # Pattern 1: Unsafe URL construction with user input
-      - pattern: "(file_get_contents|fopen|curl_exec|drupal_http_request|\\$client->request|\\$client->get|Drupal::httpClient\\(\\)->get)\\s*\\([^)]*\\$_(GET|POST|REQUEST|COOKIE|SERVER|FILES)[^)]*\\)"
-        message: "Potential SSRF vulnerability: URL constructed with user input. Validate and sanitize user-supplied URL parameters before making requests."
-        
-      # Pattern 2: Unsafe Guzzle HTTP client usage
-      - pattern: "GuzzleHttp\\\\Client[^;]*;[^;]*->request\\s*\\([^;]*\\$[^;]*"
-        message: "Validate and restrict URLs before making HTTP requests with Guzzle to prevent SSRF attacks."
-        
-      # Pattern 3: Missing URL validation before making HTTP requests
-      - pattern: "(Http(Client|Request)|curl_exec|file_get_contents)\\s*\\([^)]*(http|\\$[a-zA-Z0-9_]+)[^)]*\\)[^;]*;(?![^;]*(valid|check|sanitize|UrlHelper))"
-        message: "HTTP requests should validate URLs with \\Drupal\\Component\\Utility\\UrlHelper::isValid() before execution to prevent SSRF."
-        
-      # Pattern 4: Unsafe URL construction with variable input
-      - pattern: "(https?:?//|www\\.)\\s*\\.\\s*\\$[a-zA-Z0-9_]+"
-        message: "Potential SSRF vulnerability: URL being constructed with variable concatenation. Use URL validation and allowlisting."
-        
-      # Pattern 5: Using file system wrappers which can lead to SSRF
-      - pattern: "file_get_contents\\([\"'](mdc:?:http|https|ftp|php|data|expect|zip|phar)://"
-        message: "Avoid using PHP wrappers with file operations that could lead to SSRF vulnerabilities."
-        
-      # Pattern 6: Bypassing local proxy settings
-      - pattern: "CURLOPT_PROXY[^;]*none|CURLOPT_PROXY[^;]*null"
-        message: "Bypassing proxy settings can lead to SSRF vulnerabilities. Maintain proper proxy configurations."
-        
-      # Pattern 7: Unsafe processing of XML with external entities
-      - pattern: "simplexml_load_|DOMDocument|SimpleXMLElement|xml_parse"
-        message: "XML processing without disabling external entities can lead to XXE and SSRF. Use libxml_disable_entity_loader(true)."
-        
-      # Pattern 8: Accessing or using internal network IPs
-      - pattern: "(127\\.0\\.0\\.1|10\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}|172\\.(1[6-9]|2[0-9]|3[0-1])\\.[0-9]{1,3}\\.[0-9]{1,3}|192\\.168\\.[0-9]{1,3}\\.[0-9]{1,3}|169\\.254\\.[0-9]{1,3}\\.[0-9]{1,3}|localhost)"
-        message: "Hardcoded internal IP addresses or localhost may facilitate SSRF attacks if exposed to user manipulation."
-        
-      # Pattern 9: Custom Drupal HTTP client usage without validation
-      - pattern: "\\\\Drupal::httpClient\\(\\)(?!.*[^;]*UrlHelper::isValid)"
-        message: "Always validate URLs with UrlHelper::isValid() before making HTTP requests with Drupal's HTTP client."
-        
-      # Pattern 10: Allowing unrestricted ports in HTTP requests
-      - pattern: "curl_setopt\\([^,]+,\\s*CURLOPT_PORT,\\s*\\$[a-zA-Z0-9_]+"
-        message: "Potential SSRF vulnerability: Restrict allowed ports for outbound HTTP requests to prevent service probing."
+5. **Authentication and Access Controls:**
+   - Implement proper authentication for internal service calls
+   - Use context-specific API tokens with limited privileges
+   - Avoid exposing service credentials in code or configurations
+   - Implement rate limiting for outbound requests
 
-  - type: suggest
-    message: |
-      **Drupal SSRF Prevention Best Practices:**
-      
-      1. **Input Validation for URLs:**
-         - Always validate any user-supplied URL or URL components
-         - Use `\Drupal\Component\Utility\UrlHelper::isValid()` to validate URLs
-         - Implement allowlists rather than blocklists for domains/IPs
-         - Parse URLs and validate each component (protocol, domain, port, path)
-         
-      2. **Network-Level Controls:**
-         - Implement network-level access controls for internal services
-         - Use application firewalls to restrict outbound connections
-         - Configure proxies to control and monitor outbound requests
-         - Segment sensitive internal services from public-facing applications
-         
-      3. **Request Handling:**
-         - Avoid passing raw user input to HTTP clients
-         - Set reasonable timeouts for all HTTP requests
-         - Disable HTTP redirects or limit redirect chains
-         - Validate response types match expected formats
-         - Use dedicated service accounts with minimal privileges for API calls
-         
-      4. **Drupal-Specific Controls:**
-         - Utilize Drupal's built-in UrlHelper class for URL validation
-         - Configure Guzzle HTTP client with appropriate security options
-         - Consider using middleware to enforce URL validation
-         - Use Drupal's logging system to record suspicious outbound requests
-         - Implement specific content security policies
-         
-      5. **Authentication and Access Controls:**
-         - Implement proper authentication for internal service calls
-         - Use context-specific API tokens with limited privileges
-         - Avoid exposing service credentials in code or configurations
-         - Implement rate limiting for outbound requests
+## Validation Checks
+- Conditions:
+  - pattern `UrlHelper::isValid\\([^)]+\\)` – Using proper URL validation with UrlHelper.
+    - Check 1: Proper URL validation
+  - pattern `array_intersect|in_array|allowlist|whitelist` – Implementing domain/URL allowlisting for outbound requests.
+    - Check 2: Allowlisting domains
+  - pattern `libxml_disable_entity_loader\\(true\\)` – Properly disabling XML external entities.
+    - Check 3: Safe XML processing
+  - pattern `\\\\Drupal::httpClient\\(\\)[^;]*\\$options` – Using Drupal's HTTP client with explicit options.
+    - Check 4: Using Drupal's HTTP client safely
 
-  - type: validate
-    conditions:
-      # Check 1: Proper URL validation
-      - pattern: "UrlHelper::isValid\\([^)]+\\)"
-        message: "Using proper URL validation with UrlHelper."
-      
-      # Check 2: Allowlisting domains
-      - pattern: "array_intersect|in_array|allowlist|whitelist"
-        message: "Implementing domain/URL allowlisting for outbound requests."
-      
-      # Check 3: Safe XML processing
-      - pattern: "libxml_disable_entity_loader\\(true\\)"
-        message: "Properly disabling XML external entities."
-      
-      # Check 4: Using Drupal's HTTP client safely
-      - pattern: "\\\\Drupal::httpClient\\(\\)[^;]*\\$options"
-        message: "Using Drupal's HTTP client with explicit options."
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: security, drupal, ssrf, owasp, language:php, framework:drupal, category:security, subcategory:ssrf, standard:owasp-top10, risk:a10-ssrf
+## References
+- https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
+- https://cwe.mitre.org/data/definitions/918.html
+- https://www.drupal.org/docs/develop/security-in-drupal/writing-secure-code-for-drupal
+- https://portswigger.net/web-security/ssrf
+- https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
 
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - security
-    - drupal
-    - ssrf
-    - owasp
-    - language:php
-    - framework:drupal
-    - category:security
-    - subcategory:ssrf
-    - standard:owasp-top10
-    - risk:a10-ssrf
-  references:
-    - "https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/"
-    - "https://cwe.mitre.org/data/definitions/918.html"
-    - "https://www.drupal.org/docs/develop/security-in-drupal/writing-secure-code-for-drupal"
-    - "https://portswigger.net/web-security/ssrf"
-    - "https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html"
-</rule> 
+ 
diff --git a/.cursor/rules/drupal-vulnerable-components.mdc b/.cursor/rules/drupal-vulnerable-components.mdc
index 96975a7..dc7c3df 100644
--- a/.cursor/rules/drupal-vulnerable-components.mdc
+++ b/.cursor/rules/drupal-vulnerable-components.mdc
@@ -7,133 +7,97 @@ alwaysApply: false
 
 This rule enforces security best practices to prevent vulnerabilities related to outdated or vulnerable components in Drupal applications, as defined in OWASP Top 10:2021-A06.
 
-<rule>
-name: drupal_vulnerable_components
-description: Detect and prevent vulnerabilities related to outdated or vulnerable components in Drupal as defined in OWASP Top 10:2021-A06
-filters:
-  - type: file_extension
-    pattern: "\\.(php|inc|module|install|info\\.yml|json)$"
-  - type: file_path
-    pattern: ".*"
+## Rule Details
+
+- **Name:** drupal_vulnerable_components
+
+- **Description:** Detect and prevent vulnerabilities related to outdated or vulnerable components in Drupal as defined in OWASP Top 10:2021-A06
+
+## Filters
+- file extension pattern: `\\.(php|inc|module|install|info\\.yml|json)$`
+- file path pattern: `.*`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `core:\\s*('|\")8\\.[0-6](mdc:'|\")|core_version_requirement:\\s*('|\")[^9].+('|\")` – Potentially outdated Drupal core version detected. Consider upgrading to the latest secure version of Drupal 9 or 10.
+    - Pattern 1: Outdated Drupal core version declaration
+  - pattern `drupal_set_message\\(|format_date\\(|drupal_render\\(|entity_load\\(|variable_get\\(|variable_set\\(` – Deprecated function detected. Use modern replacements to ensure compatibility and security updates.
+    - Pattern 2: Usage of deprecated functions
+  - pattern `jquery\\.min\\.js\\?v=1\\.|jquery-1\\.|jquery-2\\.|ckeditor/|tinymce/|angular\\.js@1\\.` – Potentially vulnerable JavaScript library version detected. Update to the latest secure version.
+    - Pattern 3: Known vulnerable libraries referenced
+  - pattern `<script\\s+src=['\"]http|<script\\s+src=['\"]//|<link\\s+[^>]*href=['\"]http` – External scripts or stylesheets without Subresource Integrity (SRI) checks detected. Add integrity and crossorigin attributes.
+    - Pattern 4: Direct inclusion of external scripts without SRI
+  - pattern `module:\\s*('[^']*captcha'|'recaptcha'|'xmlrpc'|'openid'|'php')` – Potentially vulnerable or deprecated module detected. Consider using more secure alternatives.
+    - Pattern 5: Use of obsolete or removed modules
+  - pattern `\"drupal/[^\"]+\":\\s*\"(~|\\^)?[0-9]\\.[0-9]\\.[0-9]\"` – Hard-coded specific version detected in composer.json. Consider using version ranges to receive security updates.
+    - Pattern 6: Hard-coded versions in composer.json
+  - pattern `mysql_|split\\(|ereg\\(|eregi\\(|create_function\\(|each\\(` – Deprecated or insecure PHP function detected. Use modern alternatives for better security.
+    - Pattern 7: Outdated or insecure PHP API usage
+  - pattern `type:\\s*module\\s*\\nname:` – Ensure your module specifies core_version_requirement to prevent installation on unsupported Drupal versions.
+    - Pattern 8: Usage of contrib modules without version constraints
+  - pattern `composer\\.json` – Consider adding drupal/core-security-advisories as a dev dependency to detect known vulnerable packages.
+    - Pattern 9: Missing security advisories handling in composer.json
+  - pattern `check_plain\\(|filter_xss\\(|filter_xss_admin\\(` – Legacy text sanitization function detected. Use Html::escape() or Xss::filter() instead.
+    - Pattern 10: Direct usage of vulnerable sanitization functions
+
+## Suggestions
+- Guidance:
+**Drupal Component Security Best Practices:**
+
+1. **Update Management:**
+   - Keep Drupal core updated to the latest secure version
+   - Subscribe to the Drupal Security Newsletter
+   - Implement a regular update schedule (monthly at minimum)
+   - Use security advisories checking in your development workflow
+   - Implement Composer's security-advisories metadata
+
+2. **Dependency Management:**
+   - Use Composer for managing all dependencies
+   - Specify version constraints that allow security updates
+   - Add drupal/core-security-advisories as a dev dependency
+   - Regularly run `composer update --with-dependencies`
+   - Use `composer outdated` to identify outdated packages
+
+3. **API Usage:**
+   - Use modern Drupal APIs rather than deprecated functions
+   - Migrate away from jQuery to modern JavaScript where possible
+   - Implement Subresource Integrity (SRI) for external resources
+   - Update custom code to use current best practices
+   - Follow the Drupal API deprecation policies
+
+4. **Security Monitoring:**
+   - Implement automated vulnerability scanning in CI/CD
+   - Use tools like Drupal Check or Upgrade Status module
+   - Monitor the Drupal security advisories page
+   - Implement automated updates for non-critical dependencies
+   - Set up alerts for security issues in used components
 
-actions:
-  - type: enforce
-    conditions:
-      # Pattern 1: Outdated Drupal core version declaration
-      - pattern: "core:\\s*('|\")8\\.[0-6](mdc:'|\")|core_version_requirement:\\s*('|\")[^9].+('|\")"
-        message: "Potentially outdated Drupal core version detected. Consider upgrading to the latest secure version of Drupal 9 or 10."
-        
-      # Pattern 2: Usage of deprecated functions
-      - pattern: "drupal_set_message\\(|format_date\\(|drupal_render\\(|entity_load\\(|variable_get\\(|variable_set\\("
-        message: "Deprecated function detected. Use modern replacements to ensure compatibility and security updates."
-        
-      # Pattern 3: Known vulnerable libraries referenced
-      - pattern: "jquery\\.min\\.js\\?v=1\\.|jquery-1\\.|jquery-2\\.|ckeditor/|tinymce/|angular\\.js@1\\."
-        message: "Potentially vulnerable JavaScript library version detected. Update to the latest secure version."
-        
-      # Pattern 4: Direct inclusion of external scripts without SRI
-      - pattern: "<script\\s+src=['\"]http|<script\\s+src=['\"]//|<link\\s+[^>]*href=['\"]http"
-        message: "External scripts or stylesheets without Subresource Integrity (SRI) checks detected. Add integrity and crossorigin attributes."
-        
-      # Pattern 5: Use of obsolete or removed modules
-      - pattern: "module:\\s*('[^']*captcha'|'recaptcha'|'xmlrpc'|'openid'|'php')"
-        message: "Potentially vulnerable or deprecated module detected. Consider using more secure alternatives."
-        
-      # Pattern 6: Hard-coded versions in composer.json
-      - pattern: "\"drupal/[^\"]+\":\\s*\"(~|\\^)?[0-9]\\.[0-9]\\.[0-9]\"" 
-        message: "Hard-coded specific version detected in composer.json. Consider using version ranges to receive security updates."
-        
-      # Pattern 7: Outdated or insecure PHP API usage
-      - pattern: "mysql_|split\\(|ereg\\(|eregi\\(|create_function\\(|each\\("
-        message: "Deprecated or insecure PHP function detected. Use modern alternatives for better security."
-        
-      # Pattern 8: Usage of contrib modules without version constraints
-      - pattern: "type:\\s*module\\s*\\nname:"
-        message: "Ensure your module specifies core_version_requirement to prevent installation on unsupported Drupal versions."
-        
-      # Pattern 9: Missing security advisories handling in composer.json
-      - pattern: "composer\\.json"
-        message: "Consider adding drupal/core-security-advisories as a dev dependency to detect known vulnerable packages."
-        
-      # Pattern 10: Direct usage of vulnerable sanitization functions
-      - pattern: "check_plain\\(|filter_xss\\(|filter_xss_admin\\("
-        message: "Legacy text sanitization function detected. Use Html::escape() or Xss::filter() instead."
+5. **Module Management:**
+   - Remove unused modules from your codebase
+   - Prefer well-maintained modules with security teams
+   - Implement proper version constraints in module info files
+   - Consider the security impact before adding new dependencies
+   - Document your dependency management practices
 
-  - type: suggest
-    message: |
-      **Drupal Component Security Best Practices:**
-      
-      1. **Update Management:**
-         - Keep Drupal core updated to the latest secure version
-         - Subscribe to the Drupal Security Newsletter
-         - Implement a regular update schedule (monthly at minimum)
-         - Use security advisories checking in your development workflow
-         - Implement Composer's security-advisories metadata
-      
-      2. **Dependency Management:**
-         - Use Composer for managing all dependencies
-         - Specify version constraints that allow security updates
-         - Add drupal/core-security-advisories as a dev dependency
-         - Regularly run `composer update --with-dependencies`
-         - Use `composer outdated` to identify outdated packages
-      
-      3. **API Usage:**
-         - Use modern Drupal APIs rather than deprecated functions
-         - Migrate away from jQuery to modern JavaScript where possible
-         - Implement Subresource Integrity (SRI) for external resources
-         - Update custom code to use current best practices
-         - Follow the Drupal API deprecation policies
-      
-      4. **Security Monitoring:**
-         - Implement automated vulnerability scanning in CI/CD
-         - Use tools like Drupal Check or Upgrade Status module
-         - Monitor the Drupal security advisories page
-         - Implement automated updates for non-critical dependencies
-         - Set up alerts for security issues in used components
-      
-      5. **Module Management:**
-         - Remove unused modules from your codebase
-         - Prefer well-maintained modules with security teams
-         - Implement proper version constraints in module info files
-         - Consider the security impact before adding new dependencies
-         - Document your dependency management practices
+## Validation Checks
+- Conditions:
+  - pattern `core_version_requirement:\\s*[\"']\\^(8\\.8|8\\.9|9|10)\\.[0-9]+[\"']` – Using proper core version requirements.
+    - Check 1: Proper core version requirement
+  - pattern `\\\\Drupal::messenger\\(\\)|->messenger\\(\\)|\\\\Drupal::service\\('messenger'\\)` – Using modern message API instead of deprecated functions.
+    - Check 2: Use of modern APIs
+  - pattern `\"require\":\\s*\\{[^}]*\"drupal/core(-recommended)?\":\\s*\"\\^[0-9]+\\.[0-9]+\"` – Using proper version constraints in Composer.
+    - Check 3: Proper composer usage
+  - pattern `integrity=[\"'][a-zA-Z0-9\\+/=\\-_]+[\"']\\s+crossorigin=[\"']anonymous[\"']` – Properly implementing Subresource Integrity.
+    - Check 4: SRI implementation
 
-  - type: validate
-    conditions:
-      # Check 1: Proper core version requirement
-      - pattern: "core_version_requirement:\\s*[\"']\\^(8\\.8|8\\.9|9|10)\\.[0-9]+[\"']"
-        message: "Using proper core version requirements."
-      
-      # Check 2: Use of modern APIs
-      - pattern: "\\\\Drupal::messenger\\(\\)|->messenger\\(\\)|\\\\Drupal::service\\('messenger'\\)"
-        message: "Using modern message API instead of deprecated functions."
-      
-      # Check 3: Proper composer usage
-      - pattern: "\"require\":\\s*\\{[^}]*\"drupal/core(-recommended)?\":\\s*\"\\^[0-9]+\\.[0-9]+\""
-        message: "Using proper version constraints in Composer."
-      
-      # Check 4: SRI implementation
-      - pattern: "integrity=[\"'][a-zA-Z0-9\\+/=\\-_]+[\"']\\s+crossorigin=[\"']anonymous[\"']"
-        message: "Properly implementing Subresource Integrity."
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: security, drupal, dependencies, vulnerable-components, owasp, language:php, framework:drupal, category:security, subcategory:dependencies, standard:owasp-top10, risk:a06-vulnerable-components
+## References
+- https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
+- https://www.drupal.org/docs/security-in-drupal/staying-up-to-date
+- https://www.drupal.org/docs/upgrading-drupal
+- https://www.drupal.org/docs/develop/using-composer/managing-dependencies-for-a-drupal-project
 
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - security
-    - drupal
-    - dependencies
-    - vulnerable-components
-    - owasp
-    - language:php
-    - framework:drupal
-    - category:security
-    - subcategory:dependencies
-    - standard:owasp-top10
-    - risk:a06-vulnerable-components
-  references:
-    - "https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/"
-    - "https://www.drupal.org/docs/security-in-drupal/staying-up-to-date"
-    - "https://www.drupal.org/docs/upgrading-drupal"
-    - "https://www.drupal.org/docs/develop/using-composer/managing-dependencies-for-a-drupal-project"
-</rule> 
\ No newline at end of file
+ 
\ No newline at end of file
diff --git a/.cursor/rules/generic_bash_style.mdc b/.cursor/rules/generic_bash_style.mdc
index 45f08a8..4e69f7e 100644
--- a/.cursor/rules/generic_bash_style.mdc
+++ b/.cursor/rules/generic_bash_style.mdc
@@ -6,66 +6,46 @@ globs:
 
 This rule enforces best practices for writing Bash scripts, with an emphasis on using colorized logging for better output readability.
 
-<rule>
-name: enhanced_bash_style
-description: Enforce Bash scripting standards with colorized logging
-filters:
-  - type: file_extension
-    pattern: "\\.sh$"
-
-actions:
-  - type: enforce
-    conditions:
-      - pattern: "^#!/usr/bin/env bash$"
-        message: "All scripts should start with the shebang '#!/usr/bin/env bash'."
-
-      - pattern: "^set -eu$"
-        message: "Enable 'set -eu' for script robustness."
-
-      - pattern: "^set -x$"
-        pattern_negate: "^\\[ \"\\${DEBUG-}\" = \"1\" ] && set -x$"
-        message: "Use conditional 'set -x' based on debug flag."
-
-      - pattern: "^# @formatter:off$"
-        message: "Start of formatting block for log functions."
-
-      - pattern: "note\\(\\) { printf \"       %s\\n\" \"\\${1}\"; }$"
-        message: "Include 'note' function for plain messages."
-
-      - pattern: "info\\(\\) { \\[ \"\\${TERM:-}\" != \"dumb\" ] && tput colors >/dev/null 2>&1 && printf \"\\\\033\\[34m\\[INFO] %s\\\\033\\[0m\\n\" \"\\${1}\" || printf \"\\[INFO] %s\\n\" \"\\${1}\"; }$"
-        message: "Include 'info' function for blue informational messages."
-
-      - pattern: "pass\\(\\) { \\[ \"\\${TERM:-}\" != \"dumb\" ] && tput colors >/dev/null 2>&1 && printf \"\\\\033\\[32m\\[ OK ] %s\\\\033\\[0m\\n\" \"\\${1}\" || printf \"\\[ OK ] %s\\n\" \"\\${1}\"; }$"
-        message: "Include 'pass' function for green success messages."
-
-      - pattern: "fail\\(\\) { \\[ \"\\${TERM:-}\" != \"dumb\" ] && tput colors >/dev/null 2>&1 && printf \"\\\\033\\[31m\\[FAIL] %s\\\\033\\[0m\\n\" \"\\${1}\" || printf \"\\[FAIL] %s\\n\" \"\\${1}\"; }$"
-        message: "Include 'fail' function for red error messages."
-
-      - pattern: "warn\\(\\) { \\[ \"\\${TERM:-}\" != \"dumb\" ] && tput colors >/dev/null 2>&1 && printf \"\\\\033\\[33m\\[WARN] %s\\\\033\\[0m\\n\" \"\\${1}\" || printf \"\\[WARN] %s\\n\" \"\\${1}\"; }$"
-        message: "Include 'warn' function for yellow warning messages."
-
-      - pattern: "^# @formatter:on$"
-        message: "End of formatting block for log functions."
-
-  - type: suggest
-    message: |
-      **Bash Scripting Best Practices:**
-      - **Error Handling:** Use `set -eu` to catch errors and undefined variables early.
-      - **Debugging:** Implement conditional debugging with `set -x` using a DEBUG variable.
-      - **Logging Functions:** Use colorized logging for better script output readability:
-        - `note()` for plain notes
-        - `info()` for blue informational messages
-        - `pass()` for green success messages
-        - `fail()` for red error messages
-        - `warn()` for yellow warnings, ensuring users can distinguish different types of messages easily
-      - **Security:** Avoid using `eval` or similar constructs; use safe alternatives.
-      - **Documentation:** Include descriptive comments, especially for complex logic.
-      - **Portability:** Use `/usr/bin/env bash` for the shebang to ensure script runs with bash on any system.
-      - **Variable Checks:** Ensure necessary variables are set, enhancing script reliability.
-      - **Exit Codes:** Use explicit exit codes for different failure scenarios.
-      - **Color Support:** Ensure logging functions check for terminal color support before applying colors.
-
-metadata:
-  priority: medium
-  version: 1.1
-</rule>
\ No newline at end of file
+## Rule Details
+
+- **Name:** enhanced_bash_style
+
+- **Description:** Enforce Bash scripting standards with colorized logging
+
+## Filters
+- file extension pattern: `\\.sh$`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `^#!/usr/bin/env bash$` – All scripts should start with the shebang '#!/usr/bin/env bash'.
+  - pattern `^set -eu$` – Enable 'set -eu' for script robustness.
+  - pattern `^set -x$` – negated `^\\[ \"\\${DEBUG-}\" = \"1\" ] && set -x$` – Use conditional 'set -x' based on debug flag.
+  - pattern `^# @formatter:off$` – Start of formatting block for log functions.
+  - pattern `note\\(\\) { printf \"       %s\\n\" \"\\${1}\"; }$` – Include 'note' function for plain messages.
+  - pattern `info\\(\\) { \\[ \"\\${TERM:-}\" != \"dumb\" ] && tput colors >/dev/null 2>&1 && printf \"\\\\033\\[34m\\[INFO] %s\\\\033\\[0m\\n\" \"\\${1}\" || printf \"\\[INFO] %s\\n\" \"\\${1}\"; }$` – Include 'info' function for blue informational messages.
+  - pattern `pass\\(\\) { \\[ \"\\${TERM:-}\" != \"dumb\" ] && tput colors >/dev/null 2>&1 && printf \"\\\\033\\[32m\\[ OK ] %s\\\\033\\[0m\\n\" \"\\${1}\" || printf \"\\[ OK ] %s\\n\" \"\\${1}\"; }$` – Include 'pass' function for green success messages.
+  - pattern `fail\\(\\) { \\[ \"\\${TERM:-}\" != \"dumb\" ] && tput colors >/dev/null 2>&1 && printf \"\\\\033\\[31m\\[FAIL] %s\\\\033\\[0m\\n\" \"\\${1}\" || printf \"\\[FAIL] %s\\n\" \"\\${1}\"; }$` – Include 'fail' function for red error messages.
+  - pattern `warn\\(\\) { \\[ \"\\${TERM:-}\" != \"dumb\" ] && tput colors >/dev/null 2>&1 && printf \"\\\\033\\[33m\\[WARN] %s\\\\033\\[0m\\n\" \"\\${1}\" || printf \"\\[WARN] %s\\n\" \"\\${1}\"; }$` – Include 'warn' function for yellow warning messages.
+  - pattern `^# @formatter:on$` – End of formatting block for log functions.
+
+## Suggestions
+- Guidance:
+**Bash Scripting Best Practices:**
+- **Error Handling:** Use `set -eu` to catch errors and undefined variables early.
+- **Debugging:** Implement conditional debugging with `set -x` using a DEBUG variable.
+- **Logging Functions:** Use colorized logging for better script output readability:
+  - `note()` for plain notes
+  - `info()` for blue informational messages
+  - `pass()` for green success messages
+  - `fail()` for red error messages
+  - `warn()` for yellow warnings, ensuring users can distinguish different types of messages easily
+- **Security:** Avoid using `eval` or similar constructs; use safe alternatives.
+- **Documentation:** Include descriptive comments, especially for complex logic.
+- **Portability:** Use `/usr/bin/env bash` for the shebang to ensure script runs with bash on any system.
+- **Variable Checks:** Ensure necessary variables are set, enhancing script reliability.
+- **Exit Codes:** Use explicit exit codes for different failure scenarios.
+- **Color Support:** Ensure logging functions check for terminal color support before applying colors.
+
+## Metadata
+- Priority: medium
+- Version: 1.1
diff --git a/.cursor/rules/git-commit-standards.mdc b/.cursor/rules/git-commit-standards.mdc
index ace1472..34f0626 100644
--- a/.cursor/rules/git-commit-standards.mdc
+++ b/.cursor/rules/git-commit-standards.mdc
@@ -6,45 +6,38 @@ globs: .git/*
 
 Ensures consistent Git commit messages.
 
-<rule>
-name: git_commit_standards
-description: Enforce structured Git commit messages.
-filters:
-  - type: file_extension
-    pattern: "\\.git/.*"
-
-actions:
-  - type: enforce
-    conditions:
-      # More precise regex to ensure prefix is followed by colon and space
-      - pattern: "^(?!fix|feat|perf|docs|style|refactor|test|chore): "
-        message: "Use a commit message prefix followed by colon and space (fix:, feat:, etc.)."
-
-      # Check for uppercase after the prefix
-      - pattern: "^(fix|feat|perf|docs|style|refactor|test|chore): [A-Z]"
-        message: "First word after prefix should be lowercase."
-
-      # More precise length check that excludes the prefix from the count
-      - pattern: "^(fix|feat|perf|docs|style|refactor|test|chore): .{46,}"
-        message: "Keep commit message content (excluding prefix) under 46 characters."
-
-      # Ensure there's a space after the colon
-      - pattern: "^(fix|feat|perf|docs|style|refactor|test|chore):(?! )"
-        message: "Include a space after the colon in prefix."
-
-  - type: suggest
-    message: |
-      Recommended commit format:
-      - "fix: resolved bug in user authentication"
-      - "feat: added new search functionality"
-      - "docs: updated installation guide"
-      - "style: fixed button alignment"
-      - "refactor: simplified login logic"
-      - "test: added unit tests for auth"
-      - "chore: updated dependencies"
-      - "perf: optimized database queries"
-
-metadata:
-  priority: high
-  version: 1.1
-</rule>
+## Rule Details
+
+- **Name:** git_commit_standards
+
+- **Description:** Enforce structured Git commit messages.
+
+## Filters
+- file extension pattern: `\\.git/.*`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `^(?!fix|feat|perf|docs|style|refactor|test|chore): ` – Use a commit message prefix followed by colon and space (fix:, feat:, etc.).
+    - More precise regex to ensure prefix is followed by colon and space
+  - pattern `^(fix|feat|perf|docs|style|refactor|test|chore): [A-Z]` – First word after prefix should be lowercase.
+    - Check for uppercase after the prefix
+  - pattern `^(fix|feat|perf|docs|style|refactor|test|chore): .{46,}` – Keep commit message content (excluding prefix) under 46 characters.
+    - More precise length check that excludes the prefix from the count
+  - pattern `^(fix|feat|perf|docs|style|refactor|test|chore):(?! )` – Include a space after the colon in prefix.
+    - Ensure there's a space after the colon
+
+## Suggestions
+- Guidance:
+Recommended commit format:
+- "fix: resolved bug in user authentication"
+- "feat: added new search functionality"
+- "docs: updated installation guide"
+- "style: fixed button alignment"
+- "refactor: simplified login logic"
+- "test: added unit tests for auth"
+- "chore: updated dependencies"
+- "perf: optimized database queries"
+
+## Metadata
+- Priority: high
+- Version: 1.1
diff --git a/.cursor/rules/github-actions-standards.mdc b/.cursor/rules/github-actions-standards.mdc
index 37abb6e..f91fa1f 100644
--- a/.cursor/rules/github-actions-standards.mdc
+++ b/.cursor/rules/github-actions-standards.mdc
@@ -7,59 +7,45 @@ alwaysApply: false
 
 Ensures GitHub Actions workflows follow best practices and use the latest action versions.
 
-<rule>
-name: github_actions_standards
-description: Enforce standards for GitHub Actions workflows
-filters:
-  - type: file_extension
-    pattern: "\\.ya?ml$"
-  - type: file_path
-    pattern: "\\.github/workflows/"
-
-actions:
-  - type: enforce
-    conditions:
-      - pattern: "uses:\\s*actions/upload-artifact@v[123]"
-        message: "Use actions/upload-artifact@v4 instead of older versions. Version 3 is deprecated: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/"
-
-      - pattern: "uses:\\s*actions/download-artifact@v[123]"
-        message: "Use actions/download-artifact@v4 instead of older versions."
-
-      - pattern: "uses:\\s*actions/checkout@v[12]"
-        message: "Consider using actions/checkout@v4 for the latest features and security updates."
-
-  - type: suggest
-    message: |
-      **GitHub Actions Best Practices:**
-      - **Latest Action Versions:** Always use the latest stable versions of GitHub Actions.
-        - `actions/checkout@v4`
-        - `actions/upload-artifact@v4`
-        - `actions/download-artifact@v4`
-        - `actions/setup-node@v4`
-        - `actions/setup-python@v5`
-      - **Workflow Structure:** Organize workflows with clear job names and step descriptions.
-      - **Caching:** Implement caching for dependencies to speed up workflows.
-      - **Security:** Use `GITHUB_TOKEN` with minimum required permissions.
-      - **Artifacts:** Use descriptive names for artifacts and set appropriate retention periods.
-      - **Matrix Strategy:** Use matrix builds for testing across multiple environments.
-      - **Timeouts:** Set appropriate timeouts for jobs to prevent hanging workflows.
-
-  - type: validate
-    conditions:
-      - pattern: "uses:\\s*actions/upload-artifact@v4"
-        message: "Good job using the latest version of actions/upload-artifact!"
-
-      - pattern: "uses:\\s*actions/download-artifact@v4"
-        message: "Good job using the latest version of actions/download-artifact!"
-
-      - pattern: "uses:\\s*actions/checkout@v[34]"
-        message: "Good job using a recent version of actions/checkout!"
-
-metadata:
-  priority: high
-  version: 1.0
-  tags:
-    - ci/cd
-    - github
-    - automation
-</rule>
\ No newline at end of file
+## Rule Details
+
+- **Name:** github_actions_standards
+
+- **Description:** Enforce standards for GitHub Actions workflows
+
+## Filters
+- file extension pattern: `\\.ya?ml$`
+- file path pattern: `\\.github/workflows/`
+
+## Enforcement Checks
+- Conditions:
+  - pattern `uses:\\s*actions/upload-artifact@v[123]` – Use actions/upload-artifact@v4 instead of older versions. Version 3 is deprecated: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/
+  - pattern `uses:\\s*actions/download-artifact@v[123]` – Use actions/download-artifact@v4 instead of older versions.
+  - pattern `uses:\\s*actions/checkout@v[12]` – Consider using actions/checkout@v4 for the latest features and security updates.
+
+## Suggestions
+- Guidance:
+**GitHub Actions Best Practices:**
+- **Latest Action Versions:** Always use the latest stable versions of GitHub Actions.
+  - `actions/checkout@v4`
+  - `actions/upload-artifact@v4`
+  - `actions/download-artifact@v4`
+  - `actions/setup-node@v4`
+  - `actions/setup-python@v5`
+- **Workflow Structure:** Organize workflows with clear job names and step descriptions.
+- **Caching:** Implement caching for dependencies to speed up workflows.
+- **Security:** Use `GITHUB_TOKEN` with minimum required permissions.
+- **Artifacts:** Use descriptive names for artifacts and set appropriate retention periods.
+- **Matrix Strategy:** Use matrix builds for testing across multiple environments.
+- **Timeouts:** Set appropriate timeouts for jobs to prevent hanging workflows.
+
+## Validation Checks
+- Conditions:
+  - pattern `uses:\\s*actions/upload-artifact@v4` – Good job using the latest version of actions/upload-artifact!
+  - pattern `uses:\\s*actions/download-artifact@v4` – Good job using the latest version of actions/download-artifact!
+  - pattern `uses:\\s*actions/checkout@v[34]` – Good job using a recent version of actions/checkout!
+
+## Metadata
+- Priority: high
+- Version: 1.0
+- Tags: ci/cd, github, automation

From 1dccc46df4c1d290bb6abcb3fdb12b378ece11e5 Mon Sep 17 00:00:00 2001
From: Ivan Grynenko <ivan.grynenko@gmail.com>
Date: Mon, 27 Oct 2025 09:19:44 +1100
Subject: [PATCH 2/2] chore: Incremented minor version for all restructured
 rule files
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Updated 22 rule files to reflect the restructuring changes
- Incremented minor version across the following files:
  - accessibility-standards.mdc: 1.1 → 1.2
  - api-standards.mdc: 1.1 → 1.2
  - build-optimization.mdc: 1.1 → 1.2
  - code-generation-standards.mdc: 1.1 → 1.2
  - cursor-rules.mdc: 1.0 → 1.1
  - debugging-standards.mdc: 1.0 → 1.1
  - docker-compose-standards.mdc: 1.0 → 1.1
  - drupal-authentication-failures.mdc: 1.0 → 1.1
  - drupal-broken-access-control.mdc: 1.0 → 1.1
  - drupal-cryptographic-failures.mdc: 1.0 → 1.1
  - drupal-database-standards.mdc: 1.0 → 1.1
  - drupal-file-permissions.mdc: 1.1 → 1.2
  - drupal-injection.mdc: 1.0 → 1.1
  - drupal-insecure-design.mdc: 1.0 → 1.1
  - drupal-integrity-failures.mdc: 1.0 → 1.1
  - drupal-logging-failures.mdc: 1.0 → 1.1
  - drupal-security-misconfiguration.mdc: 1.0 → 1.1
  - drupal-ssrf.mdc: 1.0 → 1.1
  - drupal-vulnerable-components.mdc: 1.0 → 1.1
  - generic_bash_style.mdc: 1.1 → 1.2
  - git-commit-standards.mdc: 1.1 → 1.2
  - github-actions-standards.mdc: 1.0 → 1.1
- Front matter and all other content preserved
---
 .cursor/rules/accessibility-standards.mdc          | 2 +-
 .cursor/rules/api-standards.mdc                    | 2 +-
 .cursor/rules/build-optimization.mdc               | 2 +-
 .cursor/rules/code-generation-standards.mdc        | 2 +-
 .cursor/rules/cursor-rules.mdc                     | 4 ++--
 .cursor/rules/debugging-standards.mdc              | 2 +-
 .cursor/rules/docker-compose-standards.mdc         | 2 +-
 .cursor/rules/drupal-authentication-failures.mdc   | 2 +-
 .cursor/rules/drupal-broken-access-control.mdc     | 2 +-
 .cursor/rules/drupal-cryptographic-failures.mdc    | 2 +-
 .cursor/rules/drupal-database-standards.mdc        | 2 +-
 .cursor/rules/drupal-file-permissions.mdc          | 2 +-
 .cursor/rules/drupal-injection.mdc                 | 2 +-
 .cursor/rules/drupal-insecure-design.mdc           | 2 +-
 .cursor/rules/drupal-integrity-failures.mdc        | 2 +-
 .cursor/rules/drupal-logging-failures.mdc          | 2 +-
 .cursor/rules/drupal-security-misconfiguration.mdc | 2 +-
 .cursor/rules/drupal-ssrf.mdc                      | 2 +-
 .cursor/rules/drupal-vulnerable-components.mdc     | 2 +-
 .cursor/rules/generic_bash_style.mdc               | 2 +-
 .cursor/rules/git-commit-standards.mdc             | 2 +-
 .cursor/rules/github-actions-standards.mdc         | 2 +-
 22 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/.cursor/rules/accessibility-standards.mdc b/.cursor/rules/accessibility-standards.mdc
index a41578c..22885e4 100644
--- a/.cursor/rules/accessibility-standards.mdc
+++ b/.cursor/rules/accessibility-standards.mdc
@@ -41,4 +41,4 @@ Ensures WCAG compliance and accessibility best practices.
 
 ## Metadata
 - Priority: high
-- Version: 1.1
+- Version: 1.2
diff --git a/.cursor/rules/api-standards.mdc b/.cursor/rules/api-standards.mdc
index c550c6e..b621909 100644
--- a/.cursor/rules/api-standards.mdc
+++ b/.cursor/rules/api-standards.mdc
@@ -45,4 +45,4 @@ Ensures consistent API design, documentation, and implementation best practices
 
 ## Metadata
 - Priority: high
-- Version: 1.1
+- Version: 1.2
diff --git a/.cursor/rules/build-optimization.mdc b/.cursor/rules/build-optimization.mdc
index 4a2e301..5db62e0 100644
--- a/.cursor/rules/build-optimization.mdc
+++ b/.cursor/rules/build-optimization.mdc
@@ -44,4 +44,4 @@ Ensures optimal build configuration and process for better performance and maint
 
 ## Metadata
 - Priority: high
-- Version: 1.1
+- Version: 1.2
diff --git a/.cursor/rules/code-generation-standards.mdc b/.cursor/rules/code-generation-standards.mdc
index 1877cd3..4ba9dad 100644
--- a/.cursor/rules/code-generation-standards.mdc
+++ b/.cursor/rules/code-generation-standards.mdc
@@ -56,4 +56,4 @@ Ensures high-quality, executable code generation adhering to best practices acro
 
 ## Metadata
 - Priority: critical
-- Version: 1.1
+- Version: 1.2
diff --git a/.cursor/rules/cursor-rules.mdc b/.cursor/rules/cursor-rules.mdc
index 7d11569..484cf56 100644
--- a/.cursor/rules/cursor-rules.mdc
+++ b/.cursor/rules/cursor-rules.mdc
@@ -69,7 +69,7 @@ actions:
 
 metadata:
   priority: high|medium|low
-  version: 1.0
+  version: 1.1
 </rule>
 ```
 
@@ -100,6 +100,6 @@ metadata:
 
 ## Metadata
 - Priority: high|medium|low
-- Version: 1.0
+- Version: 1.1
 - - **When Adding New Rules: **
 - - **When Modifying Existing Rules: **
diff --git a/.cursor/rules/debugging-standards.mdc b/.cursor/rules/debugging-standards.mdc
index 2b1828a..89bdd56 100644
--- a/.cursor/rules/debugging-standards.mdc
+++ b/.cursor/rules/debugging-standards.mdc
@@ -33,6 +33,6 @@ Debugging Best Practices:
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 
  
\ No newline at end of file
diff --git a/.cursor/rules/docker-compose-standards.mdc b/.cursor/rules/docker-compose-standards.mdc
index 625a9f5..9861e2d 100644
--- a/.cursor/rules/docker-compose-standards.mdc
+++ b/.cursor/rules/docker-compose-standards.mdc
@@ -103,4 +103,4 @@ Implementing these practices ensures secure, maintainable, and consistent Docker
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
diff --git a/.cursor/rules/drupal-authentication-failures.mdc b/.cursor/rules/drupal-authentication-failures.mdc
index 9d3cc6b..02ae567 100644
--- a/.cursor/rules/drupal-authentication-failures.mdc
+++ b/.cursor/rules/drupal-authentication-failures.mdc
@@ -92,7 +92,7 @@ This rule enforces security best practices to prevent identification and authent
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: security, drupal, authentication, identification, owasp, language:php, framework:drupal, category:security, subcategory:authentication, standard:owasp-top10, risk:a07-authentication-failures
 ## References
 - https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/
diff --git a/.cursor/rules/drupal-broken-access-control.mdc b/.cursor/rules/drupal-broken-access-control.mdc
index 70e51cf..771ac06 100644
--- a/.cursor/rules/drupal-broken-access-control.mdc
+++ b/.cursor/rules/drupal-broken-access-control.mdc
@@ -82,7 +82,7 @@ This rule enforces security best practices to prevent broken access control vuln
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: security, drupal, access-control, permissions, owasp, language:php, framework:drupal, category:security, subcategory:access-control, standard:owasp-top10, risk:a01-broken-access-control
 ## References
 - https://owasp.org/Top10/A01_2021-Broken_Access_Control/
diff --git a/.cursor/rules/drupal-cryptographic-failures.mdc b/.cursor/rules/drupal-cryptographic-failures.mdc
index 56aa97e..3bd20bb 100644
--- a/.cursor/rules/drupal-cryptographic-failures.mdc
+++ b/.cursor/rules/drupal-cryptographic-failures.mdc
@@ -87,7 +87,7 @@ This rule enforces security best practices to prevent cryptographic failures in
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: security, drupal, cryptography, encryption, owasp, language:php, framework:drupal, category:security, subcategory:cryptography, standard:owasp-top10, risk:a02-cryptographic-failures
 ## References
 - https://owasp.org/Top10/A02_2021-Cryptographic_Failures/
diff --git a/.cursor/rules/drupal-database-standards.mdc b/.cursor/rules/drupal-database-standards.mdc
index 6b84be7..0b9dcbc 100644
--- a/.cursor/rules/drupal-database-standards.mdc
+++ b/.cursor/rules/drupal-database-standards.mdc
@@ -32,6 +32,6 @@ Database Best Practices:
 
 ## Metadata
 - Priority: critical
-- Version: 1.0
+- Version: 1.1
 
  
\ No newline at end of file
diff --git a/.cursor/rules/drupal-file-permissions.mdc b/.cursor/rules/drupal-file-permissions.mdc
index 441a526..d9f9e15 100644
--- a/.cursor/rules/drupal-file-permissions.mdc
+++ b/.cursor/rules/drupal-file-permissions.mdc
@@ -104,6 +104,6 @@ ahoy drush status-report | grep -i "protected"
 
 ## Metadata
 - Priority: high
-- Version: 1.1
+- Version: 1.2
 
  
diff --git a/.cursor/rules/drupal-injection.mdc b/.cursor/rules/drupal-injection.mdc
index f7b2b0e..0a447a4 100644
--- a/.cursor/rules/drupal-injection.mdc
+++ b/.cursor/rules/drupal-injection.mdc
@@ -86,7 +86,7 @@ This rule enforces security best practices to prevent injection vulnerabilities
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: security, drupal, injection, sql, xss, csrf, owasp, language:php, framework:drupal, category:security, subcategory:injection, standard:owasp-top10, risk:a03-injection
 ## References
 - https://owasp.org/Top10/A03_2021-Injection/
diff --git a/.cursor/rules/drupal-insecure-design.mdc b/.cursor/rules/drupal-insecure-design.mdc
index 55607cc..0941987 100644
--- a/.cursor/rules/drupal-insecure-design.mdc
+++ b/.cursor/rules/drupal-insecure-design.mdc
@@ -92,7 +92,7 @@ This rule enforces security best practices to prevent insecure design vulnerabil
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: security, drupal, design, architecture, owasp, language:php, framework:drupal, category:security, subcategory:design, standard:owasp-top10, risk:a04-insecure-design
 ## References
 - https://owasp.org/Top10/A04_2021-Insecure_Design/
diff --git a/.cursor/rules/drupal-integrity-failures.mdc b/.cursor/rules/drupal-integrity-failures.mdc
index edf62d7..9268ca9 100644
--- a/.cursor/rules/drupal-integrity-failures.mdc
+++ b/.cursor/rules/drupal-integrity-failures.mdc
@@ -92,7 +92,7 @@ This rule enforces security best practices to prevent software and data integrit
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: security, drupal, integrity, deserialization, owasp, language:php, framework:drupal, category:security, subcategory:integrity, standard:owasp-top10, risk:a08-integrity-failures
 ## References
 - https://owasp.org/Top10/A08_2021-Software_and_Data_Integrity_Failures/
diff --git a/.cursor/rules/drupal-logging-failures.mdc b/.cursor/rules/drupal-logging-failures.mdc
index d18b8a3..f6c5c96 100644
--- a/.cursor/rules/drupal-logging-failures.mdc
+++ b/.cursor/rules/drupal-logging-failures.mdc
@@ -94,7 +94,7 @@ This rule enforces security best practices to prevent logging and monitoring fai
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: security, drupal, logging, monitoring, owasp, language:php, framework:drupal, category:security, subcategory:logging, standard:owasp-top10, risk:a09-logging-monitoring
 ## References
 - https://owasp.org/Top10/A09_2021-Security_Logging_and_Monitoring_Failures/
diff --git a/.cursor/rules/drupal-security-misconfiguration.mdc b/.cursor/rules/drupal-security-misconfiguration.mdc
index 9847221..c42428c 100644
--- a/.cursor/rules/drupal-security-misconfiguration.mdc
+++ b/.cursor/rules/drupal-security-misconfiguration.mdc
@@ -87,7 +87,7 @@ This rule enforces security best practices to prevent misconfiguration vulnerabi
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: security, drupal, configuration, misconfiguration, owasp, language:php, framework:drupal, category:security, subcategory:configuration, standard:owasp-top10, risk:a05-misconfiguration
 ## References
 - https://owasp.org/Top10/A05_2021-Security_Misconfiguration/
diff --git a/.cursor/rules/drupal-ssrf.mdc b/.cursor/rules/drupal-ssrf.mdc
index 5dab951..7e3806a 100644
--- a/.cursor/rules/drupal-ssrf.mdc
+++ b/.cursor/rules/drupal-ssrf.mdc
@@ -89,7 +89,7 @@ This rule enforces security best practices to prevent Server-Side Request Forger
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: security, drupal, ssrf, owasp, language:php, framework:drupal, category:security, subcategory:ssrf, standard:owasp-top10, risk:a10-ssrf
 ## References
 - https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_%28SSRF%29/
diff --git a/.cursor/rules/drupal-vulnerable-components.mdc b/.cursor/rules/drupal-vulnerable-components.mdc
index dc7c3df..9928029 100644
--- a/.cursor/rules/drupal-vulnerable-components.mdc
+++ b/.cursor/rules/drupal-vulnerable-components.mdc
@@ -92,7 +92,7 @@ This rule enforces security best practices to prevent vulnerabilities related to
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: security, drupal, dependencies, vulnerable-components, owasp, language:php, framework:drupal, category:security, subcategory:dependencies, standard:owasp-top10, risk:a06-vulnerable-components
 ## References
 - https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
diff --git a/.cursor/rules/generic_bash_style.mdc b/.cursor/rules/generic_bash_style.mdc
index 4e69f7e..ebc2276 100644
--- a/.cursor/rules/generic_bash_style.mdc
+++ b/.cursor/rules/generic_bash_style.mdc
@@ -48,4 +48,4 @@ This rule enforces best practices for writing Bash scripts, with an emphasis on
 
 ## Metadata
 - Priority: medium
-- Version: 1.1
+- Version: 1.2
diff --git a/.cursor/rules/git-commit-standards.mdc b/.cursor/rules/git-commit-standards.mdc
index 34f0626..5f8492a 100644
--- a/.cursor/rules/git-commit-standards.mdc
+++ b/.cursor/rules/git-commit-standards.mdc
@@ -40,4 +40,4 @@ Recommended commit format:
 
 ## Metadata
 - Priority: high
-- Version: 1.1
+- Version: 1.2
diff --git a/.cursor/rules/github-actions-standards.mdc b/.cursor/rules/github-actions-standards.mdc
index f91fa1f..b16ef5a 100644
--- a/.cursor/rules/github-actions-standards.mdc
+++ b/.cursor/rules/github-actions-standards.mdc
@@ -47,5 +47,5 @@ Ensures GitHub Actions workflows follow best practices and use the latest action
 
 ## Metadata
 - Priority: high
-- Version: 1.0
+- Version: 1.1
 - Tags: ci/cd, github, automation