From b4107306edbcde7240861b67b79ce5b9c5663c82 Mon Sep 17 00:00:00 2001 From: dleffel Date: Sun, 29 Jun 2025 07:40:31 -0700 Subject: [PATCH 1/4] feat: integrate security one-pager into website - Add comprehensive /security page with all security content - Update navigation to include Security link in main nav and footer - Add security hook section to enterprise page - Fix inappropriate contact section (remove fake security team/phone) - Correct inaccurate 'zero-trust architecture' claims to 'security-first architecture' - Use realistic contact information (support@roocode.com) - Maintain all genuine security features while improving accuracy --- apps/web-roo-code/src/app/enterprise/page.tsx | 61 ++- apps/web-roo-code/src/app/security/page.tsx | 467 ++++++++++++++++++ .../src/components/chromes/footer.tsx | 7 + .../src/components/chromes/nav-bar.tsx | 11 + apps/web-roo-code/src/lib/constants.ts | 1 + 5 files changed, 546 insertions(+), 1 deletion(-) create mode 100644 apps/web-roo-code/src/app/security/page.tsx diff --git a/apps/web-roo-code/src/app/enterprise/page.tsx b/apps/web-roo-code/src/app/enterprise/page.tsx index c89d2abd11..a0b5d0d1ab 100644 --- a/apps/web-roo-code/src/app/enterprise/page.tsx +++ b/apps/web-roo-code/src/app/enterprise/page.tsx @@ -1,9 +1,11 @@ -import { Code, CheckCircle, Shield, Users, Zap, Workflow } from "lucide-react" +import { Code, CheckCircle, Shield, Users, Zap, Workflow, Lock } from "lucide-react" +import Link from "next/link" import { Button } from "@/components/ui" import { AnimatedText } from "@/components/animated-text" import { AnimatedBackground } from "@/components/homepage" import { ContactForm } from "@/components/enterprise/contact-form" +import { INTERNAL_LINKS } from "@/lib/constants" export default async function Enterprise() { return ( @@ -385,6 +387,63 @@ export default async function Enterprise() { + {/* Security Hook Section */} +
+
+
+
+
+
+ +
+

Enterprise-Grade Security

+

+ Built with security-first principles to meet stringent enterprise requirements while + maintaining developer productivity. +

+
    +
  • + + SOC 2 Type I Certified with Type II in observation +
    • +
  • + + End-to-end encryption for all data transmission +
    • +
  • + + Security-first architecture with explicit permissions +
    • +
  • + + Complete audit trails and compliance reporting +
    • +
  • + + Open-source transparency for security verification +
    • +
+
+
+
+ +

Security-First Design

+

+ Every feature built with enterprise security requirements in mind +

+
+ +
+
+
+
+
+ {/* CTA Section */}
diff --git a/apps/web-roo-code/src/app/security/page.tsx b/apps/web-roo-code/src/app/security/page.tsx new file mode 100644 index 0000000000..4b3089d853 --- /dev/null +++ b/apps/web-roo-code/src/app/security/page.tsx @@ -0,0 +1,467 @@ +import { Metadata } from "next" +import { Shield, Lock, CheckCircle, Users, Zap, FileCheck, Globe, Phone } from "lucide-react" + +import { Button } from "@/components/ui" +import { AnimatedText } from "@/components/animated-text" +import { AnimatedBackground } from "@/components/homepage" +import { ContactForm } from "@/components/enterprise/contact-form" + +export const metadata: Metadata = { + title: "Enterprise Security | Roo Code - SOC 2 Compliant AI Development", + description: + "Enterprise-grade security built into Roo Code. SOC 2 Type I certified, GDPR compliant, with end-to-end encryption and zero-trust architecture for secure AI-powered development.", + alternates: { + canonical: "https://roocode.com/security", + }, +} + +export default function SecurityPage() { + return ( + <> + {/* Hero Section */} +
+ +
+
+
+
+

+ Enterprise-Grade + + Security Built-In + +

+

+ Roo Code is designed with{" "} + + security-first principles + {" "} + to meet the stringent requirements of enterprise customers while delivering powerful + AI-assisted development capabilities. +

+
+ +
+
+
+
+
+
+
+ +

Security Highlights

+
+
+
+ + SOC 2 Type I Certified +
+
+ + End-to-end encryption +
+
+ + Explicit permission controls +
+
+ + Open-source transparency +
+
+
+
+
+
+
+ + {/* Data Protection Section */} +
+
+
+

🔒 Data Protection & Privacy

+

+ Your code stays protected with multiple layers of security and user control. +

+
+ +
+
+
+ +
+

Local Processing First

+

+ Most operations happen locally within VSCode, minimizing external data exposure. +

+
+ +
+
+ +
+

Selective Sharing

+

+ Only explicitly selected code is sent to AI providers with your approval. +

+
+ +
+
+ +
+

Smart Filtering

+

+ Built-in .rooignore system prevents sensitive files from being accessed. +

+
+ +
+
+ +
+

Enterprise Encryption

+

+ All data encrypted at rest and in transit using industry-standard methods. +

+
+
+
+
+ + {/* Compliance Section */} +
+
+
+

+ 🏢 Enterprise Compliance & Controls +

+

+ Built to meet the highest standards of enterprise security and compliance. +

+
+ +
+
+

Organizational Management

+
    +
  • + +
    + MDM Integration: Mobile Device Management + support for policy enforcement +
    +
    • +
  • + +
    + Cloud Authentication: Centralized user + management through Roo Code Cloud +
    +
    • +
  • + +
    + Access Controls: Role-based permissions + and organizational policies +
    +
    • +
  • + +
    + Audit Logging: Comprehensive tracking of + all external API interactions +
    +
    • +
+
+ +
+

Compliance Ready

+
    +
  • + +
    + GDPR Compliant: European data protection + standards +
    +
    • +
  • + +
    + SOC 2 Type I: Certified with Type II in + observation{" "} + + (trust.delve.co/roo-code) + +
    +
    • +
  • + +
    + CCPA Ready: California consumer privacy + compliance +
    +
    • +
  • + +
    + Industry Standards: ISO 27001-inspired + controls practices +
    +
    • +
+
+
+
+
+ + {/* Security Architecture Section */} +
+
+
+

+ 🔐 Security Architecture Highlights +

+

+ Multi-layer protection with zero-trust approach. +

+
+ +
+
+

Multi-Layer Protection

+
+
+
User Code → Security Filters → Encryption → AI Providers
+
+     ↓            ↓              ↓           ↓ +
+
+  .rooignore   Access + Control   HTTPS/TLS   Secure APIs +
+
+
+
+ +
+

Security-First Approach

+
    +
  • + +
    + Explicit Permission: Every external + operation requires user approval +
    +
    • +
  • + +
    + Minimal Data Sharing: Only selected code + sent to approved AI providers +
    +
    • +
  • + +
    + Comprehensive Auditing: Complete tracking + of all external interactions +
    +
    • +
  • + +
    + Local Processing: Most operations happen + within your secure environment +
    +
    • +
+
+
+
+
+ + {/* FAQ Section */} +
+
+
+

+ 🎯 Common Security Questions Answered +

+

+ Get answers to the most frequently asked security questions. +

+
+ +
+
+

Q: Where is our code sent?

+

+ A: Only to AI providers you explicitly configure and approve. Code + never leaves your environment without explicit consent. +

+
+ +
+

Q: How are API keys protected?

+

+ A: Stored in VSCode's encrypted secret storage, integrated with your OS + keychain. Never transmitted in plain text. +

+
+ +
+

Q: Can we audit what data is shared?

+

+ A: Yes. Complete audit logs show exactly what data was sent to which + services, when, and by whom. Plus, our open-source codebase allows your security team to + verify exactly how data flows through the system. +

+
+ +
+

Q: What about sensitive files?

+

+ A: The .rooignore system automatically prevents access to sensitive + files (credentials, secrets, proprietary code). +

+
+ +
+

Q: Is this SOC 2 compliant?

+

+ A: Yes. We have SOC 2 Type I certification with Type II currently in + observation period. You can monitor our compliance status in real-time at{" "} + + trust.delve.co/roo-code + + . +

+
+ +
+

+ Q: Can we control which AI providers are used? +

+

+ A: Yes. You have complete control over which AI providers are enabled + and can restrict to specific approved services only. +

+
+
+
+
+ + {/* Contact Section */} +
+
+
+

+ 📞 Questions About Security? +

+

+ Get in touch with our team to discuss security features, compliance requirements, or + schedule a demonstration. +

+ +
+
+
+ +
+

Request a Demo

+

+ See our enterprise security features in action with a personalized demonstration. +

+ +
+ +
+
+ +
+

Contact Our Team

+

+ Reach out to discuss security requirements or technical questions. +

+
+ +
+ We'll connect you with the right team member +
+
+
+
+ +
+

Why Choose Roo Code Security?

+
+
+
+ ✓ +
+
+
Open Source Transparency
+
+ Verify our security claims by reviewing the code +
+
+
+
+
+ ✓ +
+
+
Enterprise-Grade Security
+
+ SOC 2 certified with comprehensive compliance +
+
+
+
+
+ ✓ +
+
+
Developer-Friendly
+
+ Security without compromising productivity +
+
+
+
+
+
+
+
+ + ) +} diff --git a/apps/web-roo-code/src/components/chromes/footer.tsx b/apps/web-roo-code/src/components/chromes/footer.tsx index 0d322f31e1..8a3eaf11cc 100644 --- a/apps/web-roo-code/src/components/chromes/footer.tsx +++ b/apps/web-roo-code/src/components/chromes/footer.tsx @@ -118,6 +118,13 @@ export function Footer() { Enterprise +
  • + + Security + +
  • Enterprise + + Security + setIsMenuOpen(false)}> Enterprise + setIsMenuOpen(false)}> + Security + Date: Mon, 30 Jun 2025 09:55:17 -0500 Subject: [PATCH 2/4] fix: resolve lint issues in security page --- apps/web-roo-code/src/app/security/page.tsx | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/web-roo-code/src/app/security/page.tsx b/apps/web-roo-code/src/app/security/page.tsx index 4b3089d853..f80819dab2 100644 --- a/apps/web-roo-code/src/app/security/page.tsx +++ b/apps/web-roo-code/src/app/security/page.tsx @@ -1,5 +1,5 @@ import { Metadata } from "next" -import { Shield, Lock, CheckCircle, Users, Zap, FileCheck, Globe, Phone } from "lucide-react" +import { Shield, Lock, CheckCircle, Users, Zap, FileCheck, Phone } from "lucide-react" import { Button } from "@/components/ui" import { AnimatedText } from "@/components/animated-text" @@ -325,8 +325,8 @@ export default function SecurityPage() {

    Q: How are API keys protected?

    - A: Stored in VSCode's encrypted secret storage, integrated with your OS - keychain. Never transmitted in plain text. + A: Stored in VSCode's encrypted secret storage, integrated with + your OS keychain. Never transmitted in plain text.

    @@ -415,7 +415,7 @@ export default function SecurityPage() {
    • - We'll connect you with the right team member + We'll connect you with the right team member
    From 9c2450f7ee03470210a8a3ad26a58b749381faf1 Mon Sep 17 00:00:00 2001 From: Matt Rubens Date: Wed, 2 Jul 2025 16:32:53 -0400 Subject: [PATCH 3/4] Update to point at trust.roocode.com --- apps/web-roo-code/src/app/enterprise/page.tsx | 7 +- apps/web-roo-code/src/app/security/page.tsx | 467 ------------------ .../src/components/chromes/footer.tsx | 10 +- .../src/components/chromes/nav-bar.tsx | 18 +- apps/web-roo-code/src/lib/constants.ts | 3 +- 5 files changed, 22 insertions(+), 483 deletions(-) delete mode 100644 apps/web-roo-code/src/app/security/page.tsx diff --git a/apps/web-roo-code/src/app/enterprise/page.tsx b/apps/web-roo-code/src/app/enterprise/page.tsx index a0b5d0d1ab..7b1481e431 100644 --- a/apps/web-roo-code/src/app/enterprise/page.tsx +++ b/apps/web-roo-code/src/app/enterprise/page.tsx @@ -1,11 +1,10 @@ import { Code, CheckCircle, Shield, Users, Zap, Workflow, Lock } from "lucide-react" -import Link from "next/link" import { Button } from "@/components/ui" import { AnimatedText } from "@/components/animated-text" import { AnimatedBackground } from "@/components/homepage" import { ContactForm } from "@/components/enterprise/contact-form" -import { INTERNAL_LINKS } from "@/lib/constants" +import { SECURITY_LINK } from "@/lib/constants" export default async function Enterprise() { return ( @@ -433,10 +432,10 @@ export default async function Enterprise() {

    diff --git a/apps/web-roo-code/src/app/security/page.tsx b/apps/web-roo-code/src/app/security/page.tsx deleted file mode 100644 index f80819dab2..0000000000 --- a/apps/web-roo-code/src/app/security/page.tsx +++ /dev/null @@ -1,467 +0,0 @@ -import { Metadata } from "next" -import { Shield, Lock, CheckCircle, Users, Zap, FileCheck, Phone } from "lucide-react" - -import { Button } from "@/components/ui" -import { AnimatedText } from "@/components/animated-text" -import { AnimatedBackground } from "@/components/homepage" -import { ContactForm } from "@/components/enterprise/contact-form" - -export const metadata: Metadata = { - title: "Enterprise Security | Roo Code - SOC 2 Compliant AI Development", - description: - "Enterprise-grade security built into Roo Code. SOC 2 Type I certified, GDPR compliant, with end-to-end encryption and zero-trust architecture for secure AI-powered development.", - alternates: { - canonical: "https://roocode.com/security", - }, -} - -export default function SecurityPage() { - return ( - <> - {/* Hero Section */} -
    - -
    -
    -
    -
    -

    - Enterprise-Grade - - Security Built-In - -

    -

    - Roo Code is designed with{" "} - - security-first principles - {" "} - to meet the stringent requirements of enterprise customers while delivering powerful - AI-assisted development capabilities. -

    -
    - -
    -
    -
    -
    -
    -
    -
    - -

    Security Highlights

    -
    -
    -
    - - SOC 2 Type I Certified -
    -
    - - End-to-end encryption -
    -
    - - Explicit permission controls -
    -
    - - Open-source transparency -
    -
    -
    -
    -
    -
    -
    - - {/* Data Protection Section */} -
    -
    -
    -

    🔒 Data Protection & Privacy

    -

    - Your code stays protected with multiple layers of security and user control. -

    -
    - -
    -
    -
    - -
    -

    Local Processing First

    -

    - Most operations happen locally within VSCode, minimizing external data exposure. -

    -
    - -
    -
    - -
    -

    Selective Sharing

    -

    - Only explicitly selected code is sent to AI providers with your approval. -

    -
    - -
    -
    - -
    -

    Smart Filtering

    -

    - Built-in .rooignore system prevents sensitive files from being accessed. -

    -
    - -
    -
    - -
    -

    Enterprise Encryption

    -

    - All data encrypted at rest and in transit using industry-standard methods. -

    -
    -
    -
    -
    - - {/* Compliance Section */} -
    -
    -
    -

    - 🏢 Enterprise Compliance & Controls -

    -

    - Built to meet the highest standards of enterprise security and compliance. -

    -
    - -
    -
    -

    Organizational Management

    -
      -
    • - -
      - MDM Integration: Mobile Device Management - support for policy enforcement -
      -
      • -
    • - -
      - Cloud Authentication: Centralized user - management through Roo Code Cloud -
      -
      • -
    • - -
      - Access Controls: Role-based permissions - and organizational policies -
      -
      • -
    • - -
      - Audit Logging: Comprehensive tracking of - all external API interactions -
      -
      • -
    -
    - -
    -

    Compliance Ready

    -
      -
    • - -
      - GDPR Compliant: European data protection - standards -
      -
      • -
    • - -
      - SOC 2 Type I: Certified with Type II in - observation{" "} - - (trust.delve.co/roo-code) - -
      -
      • -
    • - -
      - CCPA Ready: California consumer privacy - compliance -
      -
      • -
    • - -
      - Industry Standards: ISO 27001-inspired - controls practices -
      -
      • -
    -
    -
    -
    -
    - - {/* Security Architecture Section */} -
    -
    -
    -

    - 🔐 Security Architecture Highlights -

    -

    - Multi-layer protection with zero-trust approach. -

    -
    - -
    -
    -

    Multi-Layer Protection

    -
    -
    -
    User Code → Security Filters → Encryption → AI Providers
    -
    -     ↓            ↓              ↓           ↓ -
    -
    -  .rooignore   Access - Control   HTTPS/TLS   Secure APIs -
    -
    -
    -
    - -
    -

    Security-First Approach

    -
      -
    • - -
      - Explicit Permission: Every external - operation requires user approval -
      -
      • -
    • - -
      - Minimal Data Sharing: Only selected code - sent to approved AI providers -
      -
      • -
    • - -
      - Comprehensive Auditing: Complete tracking - of all external interactions -
      -
      • -
    • - -
      - Local Processing: Most operations happen - within your secure environment -
      -
      • -
    -
    -
    -
    -
    - - {/* FAQ Section */} -
    -
    -
    -

    - 🎯 Common Security Questions Answered -

    -

    - Get answers to the most frequently asked security questions. -

    -
    - -
    -
    -

    Q: Where is our code sent?

    -

    - A: Only to AI providers you explicitly configure and approve. Code - never leaves your environment without explicit consent. -

    -
    - -
    -

    Q: How are API keys protected?

    -

    - A: Stored in VSCode's encrypted secret storage, integrated with - your OS keychain. Never transmitted in plain text. -

    -
    - -
    -

    Q: Can we audit what data is shared?

    -

    - A: Yes. Complete audit logs show exactly what data was sent to which - services, when, and by whom. Plus, our open-source codebase allows your security team to - verify exactly how data flows through the system. -

    -
    - -
    -

    Q: What about sensitive files?

    -

    - A: The .rooignore system automatically prevents access to sensitive - files (credentials, secrets, proprietary code). -

    -
    - -
    -

    Q: Is this SOC 2 compliant?

    -

    - A: Yes. We have SOC 2 Type I certification with Type II currently in - observation period. You can monitor our compliance status in real-time at{" "} - - trust.delve.co/roo-code - - . -

    -
    - -
    -

    - Q: Can we control which AI providers are used? -

    -

    - A: Yes. You have complete control over which AI providers are enabled - and can restrict to specific approved services only. -

    -
    -
    -
    -
    - - {/* Contact Section */} -
    -
    -
    -

    - 📞 Questions About Security? -

    -

    - Get in touch with our team to discuss security features, compliance requirements, or - schedule a demonstration. -

    - -
    -
    -
    - -
    -

    Request a Demo

    -

    - See our enterprise security features in action with a personalized demonstration. -

    - -
    - -
    -
    - -
    -

    Contact Our Team

    -

    - Reach out to discuss security requirements or technical questions. -

    -
    - -
    - We'll connect you with the right team member -
    -
    -
    -
    - -
    -

    Why Choose Roo Code Security?

    -
    -
    -
    - ✓ -
    -
    -
    Open Source Transparency
    -
    - Verify our security claims by reviewing the code -
    -
    -
    -
    -
    - ✓ -
    -
    -
    Enterprise-Grade Security
    -
    - SOC 2 certified with comprehensive compliance -
    -
    -
    -
    -
    - ✓ -
    -
    -
    Developer-Friendly
    -
    - Security without compromising productivity -
    -
    -
    -
    -
    -
    -
    -
    - - ) -} diff --git a/apps/web-roo-code/src/components/chromes/footer.tsx b/apps/web-roo-code/src/components/chromes/footer.tsx index 8a3eaf11cc..4e00ebcff7 100644 --- a/apps/web-roo-code/src/components/chromes/footer.tsx +++ b/apps/web-roo-code/src/components/chromes/footer.tsx @@ -6,7 +6,7 @@ import Image from "next/image" import { ChevronDown } from "lucide-react" import { FaBluesky, FaDiscord, FaGithub, FaLinkedin, FaReddit, FaTiktok, FaXTwitter } from "react-icons/fa6" -import { EXTERNAL_LINKS, INTERNAL_LINKS } from "@/lib/constants" +import { EXTERNAL_LINKS, INTERNAL_LINKS, SECURITY_LINK } from "@/lib/constants" import { useLogoSrc } from "@/lib/hooks/use-logo-src" import { ScrollButton } from "@/components/ui" @@ -119,11 +119,13 @@ export function Footer() {
  • - Security - +
  • Enterprise - Security - + setIsMenuOpen(false)}> Enterprise - setIsMenuOpen(false)}> Security - + Date: Wed, 2 Jul 2025 16:35:02 -0400 Subject: [PATCH 4/4] Move to EXTERNAL_LINKS --- apps/web-roo-code/src/app/enterprise/page.tsx | 4 ++-- apps/web-roo-code/src/components/chromes/footer.tsx | 4 ++-- apps/web-roo-code/src/components/chromes/nav-bar.tsx | 6 +++--- apps/web-roo-code/src/lib/constants.ts | 3 +-- 4 files changed, 8 insertions(+), 9 deletions(-) diff --git a/apps/web-roo-code/src/app/enterprise/page.tsx b/apps/web-roo-code/src/app/enterprise/page.tsx index 7b1481e431..d2c38fba05 100644 --- a/apps/web-roo-code/src/app/enterprise/page.tsx +++ b/apps/web-roo-code/src/app/enterprise/page.tsx @@ -4,7 +4,7 @@ import { Button } from "@/components/ui" import { AnimatedText } from "@/components/animated-text" import { AnimatedBackground } from "@/components/homepage" import { ContactForm } from "@/components/enterprise/contact-form" -import { SECURITY_LINK } from "@/lib/constants" +import { EXTERNAL_LINKS } from "@/lib/constants" export default async function Enterprise() { return ( @@ -432,7 +432,7 @@ export default async function Enterprise() {

  • diff --git a/apps/web-roo-code/src/components/chromes/nav-bar.tsx b/apps/web-roo-code/src/components/chromes/nav-bar.tsx index 176e70b94e..c9b1df9f2b 100644 --- a/apps/web-roo-code/src/components/chromes/nav-bar.tsx +++ b/apps/web-roo-code/src/components/chromes/nav-bar.tsx @@ -10,7 +10,7 @@ import { VscVscode } from "react-icons/vsc" import { HiMenu } from "react-icons/hi" import { IoClose } from "react-icons/io5" -import { EXTERNAL_LINKS, SECURITY_LINK } from "@/lib/constants" +import { EXTERNAL_LINKS } from "@/lib/constants" import { useLogoSrc } from "@/lib/hooks/use-logo-src" import { ScrollButton } from "@/components/ui" import ThemeToggle from "@/components/chromes/theme-toggle" @@ -62,7 +62,7 @@ export function NavBar({ stars, downloads }: NavBarProps) { Enterprise @@ -150,7 +150,7 @@ export function NavBar({ stars, downloads }: NavBarProps) { Enterprise