@bddiudiu/vibeguard 0.1.0

package/dist/core/git.d.ts

@@ -0,0 +1,17 @@
+export interface DiffEntry {
+    filePath: string;
+    diff: string;
+}
+/**
+ * 从暂存区提取 diff，过滤非代码文件。
+ */
+export declare function getCachedDiff(ignorePaths?: string[]): DiffEntry[];
+/**
+ * 安装 pre-commit hook
+ */
+export declare function installHook(): void;
+/**
+ * 卸载 pre-commit hook
+ */
+export declare function uninstallHook(): void;
+//# sourceMappingURL=git.d.ts.map

package/dist/core/git.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"git.d.ts","sourceRoot":"","sources":["../../src/core/git.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,SAAS;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAWD;;GAEG;AACH,wBAAgB,aAAa,CAAC,WAAW,GAAE,MAAM,EAAO,GAAG,SAAS,EAAE,CAsCrE;AAED;;GAEG;AACH,wBAAgB,WAAW,IAAI,IAAI,CAiBlC;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,IAAI,CAcpC"}

package/dist/core/git.js

@@ -0,0 +1,92 @@
+import { execSync } from "child_process";
+import { existsSync, readFileSync, writeFileSync, chmodSync } from "fs";
+import { join } from "path";
+const HOOK_PATH = ".git/hooks/pre-commit";
+const HOOK_CONTENT = `#!/bin/sh
+# VibeGuard pre-commit hook
+echo "🛡️  VibeGuard: scanning staged changes..."
+npx vibeguard scan
+exit $?
+`;
+/**
+ * 从暂存区提取 diff，过滤非代码文件。
+ */
+export function getCachedDiff(ignorePaths = []) {
+    const names = execSync("git diff --cached --name-only --diff-filter=ACMR", {
+        encoding: "utf-8",
+    })
+        .trim()
+        .split("\n")
+        .filter(Boolean);
+    if (names.length === 0)
+        return [];
+    const binaryExts = [
+        ".png", ".jpg", ".jpeg", ".gif", ".ico", ".svg",
+        ".woff", ".woff2", ".ttf", ".eot",
+        ".zip", ".tar", ".gz", ".rar",
+        ".pdf", ".exe", ".bin",
+        ".mp3", ".mp4", ".avi",
+    ];
+    const entries = [];
+    for (const name of names) {
+        if (binaryExts.some((ext) => name.endsWith(ext)))
+            continue;
+        if (ignorePaths.some((p) => matchGlob(name, p)))
+            continue;
+        try {
+            const diff = execSync(`git diff --cached -- "${name}"`, {
+                encoding: "utf-8",
+                maxBuffer: 1024 * 1024 * 2,
+            });
+            if (diff.trim()) {
+                entries.push({ filePath: name, diff });
+            }
+        }
+        catch {
+            // 跳过无法读取的文件 (如新增的二进制文件)
+        }
+    }
+    return entries;
+}
+/**
+ * 安装 pre-commit hook
+ */
+export function installHook() {
+    const gitDir = execSync("git rev-parse --show-toplevel", {
+        encoding: "utf-8",
+    }).trim();
+    const hookPath = join(gitDir, ".git", "hooks", "pre-commit");
+    if (existsSync(hookPath)) {
+        const existing = readFileSync(hookPath, "utf-8");
+        if (existing.includes("VibeGuard")) {
+            return; // 已安装
+        }
+        // 备份已有 hook
+        writeFileSync(hookPath + ".bak", existing);
+    }
+    writeFileSync(hookPath, HOOK_CONTENT);
+    chmodSync(hookPath, 0o755);
+}
+/**
+ * 卸载 pre-commit hook
+ */
+export function uninstallHook() {
+    const gitDir = execSync("git rev-parse --show-toplevel", {
+        encoding: "utf-8",
+    }).trim();
+    const hookPath = join(gitDir, ".git", "hooks", "pre-commit");
+    const hookPathBak = hookPath + ".bak";
+    if (existsSync(hookPathBak)) {
+        const { renameSync } = require("fs");
+        renameSync(hookPathBak, hookPath);
+    }
+    else if (existsSync(hookPath)) {
+        const { unlinkSync } = require("fs");
+        unlinkSync(hookPath);
+    }
+}
+function matchGlob(name, pattern) {
+    const regex = new RegExp("^" + pattern.replace(/\*\*/g, ".*").replace(/\*/g, "[^/]*") + "$");
+    return regex.test(name);
+}
+//# sourceMappingURL=git.js.map

package/dist/core/git.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"git.js","sourceRoot":"","sources":["../../src/core/git.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAO5B,MAAM,SAAS,GAAG,uBAAuB,CAAC;AAE1C,MAAM,YAAY,GAAG;;;;;CAKpB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,cAAwB,EAAE;IACtD,MAAM,KAAK,GAAG,QAAQ,CAAC,kDAAkD,EAAE;QACzE,QAAQ,EAAE,OAAO;KAClB,CAAC;SACC,IAAI,EAAE;SACN,KAAK,CAAC,IAAI,CAAC;SACX,MAAM,CAAC,OAAO,CAAC,CAAC;IAEnB,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAElC,MAAM,UAAU,GAAG;QACjB,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;QAC/C,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,MAAM;QACjC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM;QAC7B,MAAM,EAAE,MAAM,EAAE,MAAM;QACtB,MAAM,EAAE,MAAM,EAAE,MAAM;KACvB,CAAC;IAEF,MAAM,OAAO,GAAgB,EAAE,CAAC;IAEhC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;YAAE,SAAS;QAC3D,IAAI,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC;YAAE,SAAS;QAE1D,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,QAAQ,CAAC,yBAAyB,IAAI,GAAG,EAAE;gBACtD,QAAQ,EAAE,OAAO;gBACjB,SAAS,EAAE,IAAI,GAAG,IAAI,GAAG,CAAC;aAC3B,CAAC,CAAC;YACH,IAAI,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;gBAChB,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;YACzC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,wBAAwB;QAC1B,CAAC;IACH,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,MAAM,MAAM,GAAG,QAAQ,CAAC,+BAA+B,EAAE;QACvD,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAC,IAAI,EAAE,CAAC;IACV,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;IAE7D,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACzB,MAAM,QAAQ,GAAG,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACjD,IAAI,QAAQ,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;YACnC,OAAO,CAAC,MAAM;QAChB,CAAC;QACD,YAAY;QACZ,aAAa,CAAC,QAAQ,GAAG,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC7C,CAAC;IAED,aAAa,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IACtC,SAAS,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;AAC7B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,MAAM,GAAG,QAAQ,CAAC,+BAA+B,EAAE;QACvD,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAC,IAAI,EAAE,CAAC;IACV,MAAM,QAAQ,GAAG,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC;IAC7D,MAAM,WAAW,GAAG,QAAQ,GAAG,MAAM,CAAC;IAEtC,IAAI,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAC5B,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QACrC,UAAU,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IACpC,CAAC;SAAM,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAChC,MAAM,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QACrC,UAAU,CAAC,QAAQ,CAAC,CAAC;IACvB,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,IAAY,EAAE,OAAe;IAC9C,MAAM,KAAK,GAAG,IAAI,MAAM,CACtB,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,OAAO,CAAC,GAAG,GAAG,CACnE,CAAC;IACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}

package/dist/rules/hallucination.d.ts

@@ -0,0 +1,7 @@
+interface RulesConfig {
+    bannedImports: string[];
+    bannedPatterns: string[];
+}
+export declare function hallucinationPrompt(rules: RulesConfig): string;
+export {};
+//# sourceMappingURL=hallucination.d.ts.map

package/dist/rules/hallucination.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hallucination.d.ts","sourceRoot":"","sources":["../../src/rules/hallucination.ts"],"names":[],"mappings":"AAAA,UAAU,WAAW;IACnB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CAqB9D"}

package/dist/rules/hallucination.js

@@ -0,0 +1,20 @@
+export function hallucinationPrompt(rules) {
+    let prompt = `## 幻觉检测规则
+
+请重点检查以下 AI 常见的幻觉特征:
+
+1. **虚假 API 调用**: AI 编造了不存在的函数、方法或参数。例如: requests.get_with_auto_retry()、lodash.deepClone() (注意 lodash 中实际是 cloneDeep)
+2. **逻辑矛盾**: 代码中存在前后矛盾的条件判断或变量使用
+3. **未实现的占位代码**: TODO、FIXME、placeholder、stub 等占位标记
+4. **虚构的库引用**: 引入了不存在的 npm 包或 Python 模块
+5. **类型/接口不匹配**: 函数签名与调用方式不一致
+6. **API 版本错误**: 使用了已废弃或不存在的 API 版本`;
+    if (rules.bannedImports.length > 0) {
+        prompt += `\n\n**禁止导入的库**: ${rules.bannedImports.join(", ")}`;
+    }
+    if (rules.bannedPatterns.length > 0) {
+        prompt += `\n\n**禁止使用的代码模式**: ${rules.bannedPatterns.join(", ")}`;
+    }
+    return prompt;
+}
+//# sourceMappingURL=hallucination.js.map

package/dist/rules/hallucination.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hallucination.js","sourceRoot":"","sources":["../../src/rules/hallucination.ts"],"names":[],"mappings":"AAKA,MAAM,UAAU,mBAAmB,CAAC,KAAkB;IACpD,IAAI,MAAM,GAAG;;;;;;;;;oCASqB,CAAC;IAEnC,IAAI,KAAK,CAAC,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACnC,MAAM,IAAI,mBAAmB,KAAK,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IAChE,CAAC;IAED,IAAI,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,sBAAsB,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IACpE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/rules/index.d.ts

@@ -0,0 +1,3 @@
+import { VibeguardConfig } from "../core/config.js";
+export declare function buildAuditPrompt(diff: string, config: VibeguardConfig): string;
+//# sourceMappingURL=index.d.ts.map

package/dist/rules/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,mBAAmB,CAAC;AAIpD,wBAAgB,gBAAgB,CAC9B,IAAI,EAAE,MAAM,EACZ,MAAM,EAAE,eAAe,GACtB,MAAM,CA6BR"}

package/dist/rules/index.js

@@ -0,0 +1,27 @@
+import { hallucinationPrompt } from "./hallucination.js";
+import { securityPrompt } from "./security.js";
+export function buildAuditPrompt(diff, config) {
+    const sections = [];
+    sections.push("请分析以下 git diff 变更，检测代码中的幻觉错误和安全风险。\n");
+    if (config.scan.hallucinationDetection) {
+        sections.push(hallucinationPrompt(config.rules));
+    }
+    if (config.scan.securityScan) {
+        sections.push(securityPrompt(config.rules));
+    }
+    sections.push(`---\n\n以下是待分析的 diff:\n\n\`\`\`diff\n${diff}\n\`\`\``);
+    sections.push(`
+请按照以下 JSON 格式返回检测结果（如果没有问题，返回空数组 []）:
+
+[
+  {
+    "line": 可选的行号,
+    "severity": "high" | "medium" | "low",
+    "category": "hallucination" | "security" | "banned-import" | "banned-pattern",
+    "message": "问题描述",
+    "suggestion": "可选的修复建议"
+  }
+]`);
+    return sections.join("\n\n");
+}
+//# sourceMappingURL=index.js.map

package/dist/rules/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/rules/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAE/C,MAAM,UAAU,gBAAgB,CAC9B,IAAY,EACZ,MAAuB;IAEvB,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,QAAQ,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;IAEtD,IAAI,MAAM,CAAC,IAAI,CAAC,sBAAsB,EAAE,CAAC;QACvC,QAAQ,CAAC,IAAI,CAAC,mBAAmB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IACnD,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QAC7B,QAAQ,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAC9C,CAAC;IAED,QAAQ,CAAC,IAAI,CAAC,uCAAuC,IAAI,UAAU,CAAC,CAAC;IAErE,QAAQ,CAAC,IAAI,CAAC;;;;;;;;;;;EAWd,CAAC,CAAC;IAEF,OAAO,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AAC/B,CAAC"}

package/dist/rules/security.d.ts

@@ -0,0 +1,7 @@
+interface RulesConfig {
+    bannedImports: string[];
+    bannedPatterns: string[];
+}
+export declare function securityPrompt(rules: RulesConfig): string;
+export {};
+//# sourceMappingURL=security.d.ts.map

package/dist/rules/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../../src/rules/security.ts"],"names":[],"mappings":"AAAA,UAAU,WAAW;IACnB,aAAa,EAAE,MAAM,EAAE,CAAC;IACxB,cAAc,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED,wBAAgB,cAAc,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,CAmBzD"}

package/dist/rules/security.js

@@ -0,0 +1,19 @@
+export function securityPrompt(rules) {
+    let prompt = `## 安全扫描规则
+
+请重点检查以下安全风险:
+
+1. **硬编码密钥**: 检测 API Key、Secret、Token、密码等敏感信息被直接写入代码
+   - 匹配模式: key=xxx, token=xxx, secret=xxx, password=xxx, api_key=xxx
+   - 常见格式: sk-xxx, AKIAxxx, ghpxxxx, xoxb-xxx
+2. **注入风险**: SQL 注入、命令注入、XSS 等明显的注入漏洞
+   - 例如: 字符串拼接 SQL、eval() 执行用户输入、innerHTML 赋值
+3. **不安全的加密**: 使用 MD5、SHA1 等已知不安全的哈希算法
+4. **敏感信息泄露**: 将凭据输出到日志或返回给前端
+5. **危险函数调用**: eval(), new Function(), exec(), spawn() 等高危函数`;
+    if (rules.bannedPatterns.length > 0) {
+        prompt += `\n\n**禁止使用的代码模式**: ${rules.bannedPatterns.join(", ")}`;
+    }
+    return prompt;
+}
+//# sourceMappingURL=security.js.map

package/dist/rules/security.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.js","sourceRoot":"","sources":["../../src/rules/security.ts"],"names":[],"mappings":"AAKA,MAAM,UAAU,cAAc,CAAC,KAAkB;IAC/C,IAAI,MAAM,GAAG;;;;;;;;;;;6DAW8C,CAAC;IAE5D,IAAI,KAAK,CAAC,cAAc,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QACpC,MAAM,IAAI,sBAAsB,KAAK,CAAC,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;IACpE,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/package.json

@@ -0,0 +1,54 @@
+{
+  "name": "@bddiudiu/vibeguard",
+  "version": "0.1.0",
+  "description": "AI 代码生成的语义安检门，在 git commit 前自动拦截幻觉错误与安全隐患",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/bddiudiu/vibeguard"
+  },
+  "type": "module",
+  "main": "dist/cli.js",
+  "bin": {
+    "vibeguard": "dist/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "lint": "eslint src/",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "vibeguard:scan": "node dist/cli.js scan",
+    "prepare": "husky"
+  },
+  "keywords": [
+    "ai",
+    "code-review",
+    "git-hook",
+    "hallucination",
+    "security",
+    "ollama",
+    "openai",
+    "lint",
+    "pre-commit"
+  ],
+  "author": "",
+  "license": "MIT",
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "js-yaml": "^4.1.0",
+    "openai": "^4.52.0",
+    "better-sqlite3": "^11.1.2"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.11",
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^20.14.10",
+    "husky": "^9.1.1",
+    "typescript": "^5.5.3",
+    "vitest": "^2.0.5"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}

package/src/cli.ts

@@ -0,0 +1,61 @@
+#!/usr/bin/env node
+
+import { Command } from "commander";
+import chalk from "chalk";
+import { runScan } from "./core/audit.js";
+import { installHook, uninstallHook } from "./core/git.js";
+import { loadConfig } from "./core/config.js";
+
+const program = new Command();
+
+program
+  .name("vibeguard")
+  .description("AI 代码生成的语义安检门 — 在 git commit 前拦截幻觉与安全隐患")
+  .version("0.1.0");
+
+program
+  .command("scan")
+  .description("扫描当前暂存区的变更")
+  .option("--no-verify", "强制扫描，不阻止 commit")
+  .action(async (opts) => {
+    const config = await loadConfig();
+    const result = await runScan(config);
+
+    if (!result.passed && opts.verify !== false) {
+      console.log(
+        chalk.red.bold(
+          "\n🛡️  VibeGuard 拦截了本次提交，请修复上述问题后重试。"
+        )
+      );
+      process.exit(1);
+    }
+  });
+
+program
+  .command("init")
+  .description("在当前项目安装 git pre-commit hook")
+  .action(async () => {
+    await installHook();
+    console.log(chalk.green("✅ pre-commit hook 已安装。"));
+    console.log(
+      chalk.dim("   提交时 VibeGuard 将自动扫描变更。使用 --no-verify 可跳过。")
+    );
+  });
+
+program
+  .command("uninstall")
+  .description("卸载 git pre-commit hook")
+  .action(async () => {
+    await uninstallHook();
+    console.log(chalk.yellow("⚠️  pre-commit hook 已卸载。"));
+  });
+
+program
+  .command("config")
+  .description("显示当前生效的配置")
+  .action(async () => {
+    const config = await loadConfig();
+    console.log(JSON.stringify(config, null, 2));
+  });
+
+program.parse();

package/src/connectors/ollama.ts

@@ -0,0 +1,38 @@
+interface OllamaConfig {
+  model: string;
+  baseUrl: string;
+}
+
+export async function callOllama(
+  prompt: string,
+  config: OllamaConfig
+): Promise<string> {
+  const response = await fetch(`${config.baseUrl}/api/chat`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({
+      model: config.model,
+      messages: [
+        {
+          role: "system",
+          content:
+            "你是代码审计专家。请严格以 JSON 数组格式返回检测结果，不要包含任何其他文本。如果没有发现问题，返回空数组 []。",
+        },
+        { role: "user", content: prompt },
+      ],
+      stream: false,
+      options: {
+        temperature: 0.1,
+      },
+    }),
+  });
+
+  if (!response.ok) {
+    throw new Error(
+      `Ollama API error: ${response.status} ${response.statusText}`
+    );
+  }
+
+  const data = (await response.json()) as { message?: { content?: string } };
+  return data.message?.content ?? "[]";
+}

package/src/connectors/openai.ts

@@ -0,0 +1,32 @@
+import OpenAI from "openai";
+
+interface OpenAIConfig {
+  model: string;
+  apiKey?: string;
+  baseUrl?: string;
+}
+
+export async function callOpenAI(
+  prompt: string,
+  config: OpenAIConfig
+): Promise<string> {
+  const client = new OpenAI({
+    apiKey: config.apiKey || process.env.OPENAI_API_KEY,
+    baseURL: config.baseUrl,
+  });
+
+  const response = await client.chat.completions.create({
+    model: config.model,
+    temperature: 0.1,
+    messages: [
+      {
+        role: "system",
+        content:
+          "你是代码审计专家。请严格以 JSON 数组格式返回检测结果，不要包含任何其他文本。如果没有发现问题，返回空数组 []。",
+      },
+      { role: "user", content: prompt },
+    ],
+  });
+
+  return response.choices[0]?.message?.content ?? "[]";
+}

package/src/core/analyzer.ts

@@ -0,0 +1,68 @@
+import { DiffEntry } from "./git.js";
+import { VibeguardConfig } from "./config.js";
+import { callOpenAI } from "../connectors/openai.js";
+import { callOllama } from "../connectors/ollama.js";
+import { buildAuditPrompt } from "../rules/index.js";
+
+export interface AuditResult {
+  file: string;
+  line?: number;
+  severity: "high" | "medium" | "low";
+  category: string;
+  message: string;
+  suggestion?: string;
+}
+
+interface RawAuditItem {
+  line?: number;
+  severity: "high" | "medium" | "low";
+  category: string;
+  message: string;
+  suggestion?: string;
+}
+
+export async function analyzeWithAI(
+  entry: DiffEntry,
+  config: VibeguardConfig
+): Promise<AuditResult[]> {
+  const prompt = buildAuditPrompt(entry.diff, config);
+  const timeout = config.scan.timeout * 1000;
+
+  const raw = await Promise.race([
+    callAI(prompt, config),
+    new Promise<never>((_, reject) =>
+      setTimeout(() => reject(new Error("AI scan timeout")), timeout)
+    ),
+  ]);
+
+  return parseResults(entry.filePath, raw);
+}
+
+async function callAI(
+  prompt: string,
+  config: VibeguardConfig
+): Promise<string> {
+  if (config.model.provider === "ollama") {
+    return callOllama(prompt, config.model.ollama);
+  }
+  return callOpenAI(prompt, config.model.openai);
+}
+
+function parseResults(filePath: string, raw: string): AuditResult[] {
+  const jsonMatch = raw.match(/\[[\s\S]*\]/);
+  if (!jsonMatch) return [];
+
+  try {
+    const items: RawAuditItem[] = JSON.parse(jsonMatch[0]);
+    return items.map((item) => ({
+      file: filePath,
+      line: item.line,
+      severity: item.severity,
+      category: item.category,
+      message: item.message,
+      suggestion: item.suggestion,
+    }));
+  } catch {
+    return [];
+  }
+}

package/src/core/audit.ts

@@ -0,0 +1,72 @@
+import chalk from "chalk";
+import { getCachedDiff, DiffEntry } from "./git.js";
+import { loadConfig, VibeguardConfig } from "./config.js";
+import { analyzeWithAI, AuditResult } from "./analyzer.js";
+
+export interface ScanResult {
+  passed: boolean;
+  issues: AuditResult[];
+  scannedFiles: number;
+}
+
+export async function runScan(config: VibeguardConfig): Promise<ScanResult> {
+  const entries = getCachedDiff(config.rules.ignorePaths);
+
+  if (entries.length === 0) {
+    console.log(chalk.dim("🛡️  VibeGuard: 暂存区无代码变更，跳过扫描。"));
+    return { passed: true, issues: [], scannedFiles: 0 };
+  }
+
+  console.log(
+    chalk.cyan(`🛡️  VibeGuard: 发现 ${entries.length} 个变更文件，开始扫描...\n`)
+  );
+
+  const allIssues: AuditResult[] = [];
+
+  for (const entry of entries) {
+    const truncated = truncateDiff(entry, config.scan.maxDiffChars);
+    const issues = await analyzeWithAI(truncated, config);
+    allIssues.push(...issues);
+  }
+
+  printReport(allIssues);
+
+  return {
+    passed: allIssues.filter((i) => i.severity === "high").length === 0,
+    issues: allIssues,
+    scannedFiles: entries.length,
+  };
+}
+
+function truncateDiff(entry: DiffEntry, maxChars: number): DiffEntry {
+  if (entry.diff.length <= maxChars) return entry;
+  return {
+    filePath: entry.filePath,
+    diff: entry.diff.slice(0, maxChars) + "\n... (diff truncated)",
+  };
+}
+
+function printReport(issues: AuditResult[]): void {
+  if (issues.length === 0) {
+    console.log(chalk.green.bold("✅ VibeGuard: 未检测到风险，可以安全提交。"));
+    return;
+  }
+
+  console.log(chalk.yellow.bold(`\n⚠️  检测到 ${issues.length} 个问题:\n`));
+
+  for (const issue of issues) {
+    const icon =
+      issue.severity === "high"
+        ? chalk.red.bold("🚨 HIGH")
+        : issue.severity === "medium"
+          ? chalk.yellow("⚠️  MED ")
+          : chalk.blue("ℹ️  LOW ");
+
+    console.log(`${icon}  ${chalk.bold(issue.file)}:${issue.line ?? "?"}`);
+    console.log(`    ${issue.message}`);
+    if (issue.suggestion) {
+      console.log(chalk.dim(`    💡 建议: ${issue.suggestion}`));
+    }
+    console.log();
+  }
+}

package/src/core/config.ts

@@ -0,0 +1,76 @@
+import { readFileSync, existsSync } from "fs";
+import { join } from "path";
+import yaml from "js-yaml";
+
+export interface VibeguardConfig {
+  model: {
+    provider: "openai" | "ollama";
+    openai: {
+      model: string;
+      apiKey?: string;
+      baseUrl?: string;
+    };
+    ollama: {
+      model: string;
+      baseUrl: string;
+    };
+  };
+  scan: {
+    maxDiffChars: number;
+    hallucinationDetection: boolean;
+    securityScan: boolean;
+    timeout: number;
+  };
+  rules: {
+    bannedImports: string[];
+    bannedPatterns: string[];
+    ignorePaths: string[];
+  };
+}
+
+const DEFAULT_CONFIG: VibeguardConfig = {
+  model: {
+    provider: "ollama",
+    openai: {
+      model: "gpt-4o-mini",
+      // 默认使用 OpenAI 官方 API，不设置 baseUrl
+    },
+    ollama: {
+      model: "llama3",
+      baseUrl: "http://localhost:11434",
+    },
+  },
+  scan: {
+    maxDiffChars: 12000,
+    hallucinationDetection: true,
+    securityScan: true,
+    timeout: 30,
+  },
+  rules: {
+    bannedImports: [],
+    bannedPatterns: [],
+    ignorePaths: ["dist/**", "node_modules/**"],
+  },
+};
+
+export async function loadConfig(): Promise<VibeguardConfig> {
+  const configPath = join(process.cwd(), ".vibeguard.yaml");
+
+  if (!existsSync(configPath)) {
+    return DEFAULT_CONFIG;
+  }
+
+  const raw = readFileSync(configPath, "utf-8");
+  const userConfig = yaml.load(raw) as Partial<VibeguardConfig>;
+
+  return {
+    model: {
+      ...DEFAULT_CONFIG.model,
+      ...userConfig?.model,
+      openai: { ...DEFAULT_CONFIG.model.openai, ...userConfig?.model?.openai },
+      ollama: { ...DEFAULT_CONFIG.model.ollama, ...userConfig?.model?.ollama },
+    },
+    scan: { ...DEFAULT_CONFIG.scan, ...userConfig?.scan },
+    rules: { ...DEFAULT_CONFIG.rules, ...userConfig?.rules },
+  };
+}