@indicated/vibeguard 1.0.0

package/src/cli/commands/scan.ts

@@ -0,0 +1,94 @@
+import { Command } from 'commander';
+import * as path from 'path';
+import { Scanner } from '../../scanner';
+import { getLicenseKey } from '../../api/license';
+import { loadConfig } from '../config';
+import {
+  formatHeader,
+  formatScanning,
+  formatFinding,
+  formatSummary,
+  formatBlockedCommit,
+  formatCleanResult,
+  formatError,
+  shouldBlockCommit,
+} from '../output';
+
+const packageJson = require('../../../package.json');
+
+export function createScanCommand(): Command {
+  const scan = new Command('scan')
+    .description('Scan files or directories for security vulnerabilities')
+    .argument('[targets...]', 'Files or directories to scan', ['.'])
+    .option('--staged', 'Scan only git staged files')
+    .option('--force', 'Continue even if critical/high issues found')
+    .option('--json', 'Output results as JSON')
+    .option('--quiet', 'Minimal output (exit code only)')
+    .action(async (targets: string[], options) => {
+      try {
+        const config = loadConfig();
+        const licenseKey = getLicenseKey();
+        const cwd = process.cwd();
+
+        const scanner = new Scanner(config);
+        await scanner.initialize(licenseKey || undefined);
+
+        if (!options.quiet && !options.json) {
+          console.log(formatHeader(packageJson.version));
+        }
+
+        // Perform scan
+        const result = options.staged
+          ? await scanner.scanStaged()
+          : await scanner.scan(targets.length > 0 ? targets : ['.']);
+
+        if (!options.quiet && !options.json) {
+          console.log(formatScanning(result.files));
+        }
+
+        // Output results
+        if (options.json) {
+          console.log(JSON.stringify({
+            version: packageJson.version,
+            files: result.files,
+            findings: result.findings.map(f => ({
+              rule: f.rule.id,
+              severity: f.rule.severity,
+              file: path.relative(cwd, f.file),
+              line: f.line,
+              column: f.column,
+              message: f.rule.name,
+              fix: f.rule.fix,
+            })),
+            duration: result.duration,
+          }, null, 2));
+        } else if (!options.quiet) {
+          if (result.findings.length === 0) {
+            console.log(formatCleanResult());
+          } else {
+            for (const finding of result.findings) {
+              console.log(formatFinding(finding, cwd));
+            }
+            console.log(formatSummary(result));
+          }
+        }
+
+        // Determine exit code
+        const hasBlockingIssues = shouldBlockCommit(result);
+
+        if (hasBlockingIssues && !options.force) {
+          if (!options.quiet && !options.json) {
+            console.log(formatBlockedCommit());
+          }
+          process.exit(1);
+        }
+
+        process.exit(0);
+      } catch (error) {
+        console.error(formatError(error instanceof Error ? error.message : 'Scan failed'));
+        process.exit(1);
+      }
+    });
+
+  return scan;
+}

package/src/cli/config.ts

@@ -0,0 +1,54 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import { Config } from '../types';
+
+const CONFIG_FILES = [
+  '.vibeguardrc.json',
+  '.vibeguardrc',
+  'vibeguard.config.json',
+];
+
+export function loadConfig(cwd: string = process.cwd()): Config {
+  for (const configFile of CONFIG_FILES) {
+    const configPath = path.join(cwd, configFile);
+    if (fs.existsSync(configPath)) {
+      try {
+        const content = fs.readFileSync(configPath, 'utf-8');
+        return JSON.parse(content) as Config;
+      } catch {
+        // Invalid config, continue to next
+      }
+    }
+  }
+
+  // Check package.json for vibeguard key
+  const packageJsonPath = path.join(cwd, 'package.json');
+  if (fs.existsSync(packageJsonPath)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(packageJsonPath, 'utf-8'));
+      if (pkg.vibeguard) {
+        return pkg.vibeguard as Config;
+      }
+    } catch {
+      // Invalid package.json
+    }
+  }
+
+  // Return default config
+  return {};
+}
+
+export function createDefaultConfig(): Config {
+  return {
+    exclude: [
+      'node_modules',
+      'dist',
+      'build',
+      '.git',
+      'coverage',
+    ],
+    rules: {
+      disabled: [],
+    },
+  };
+}

package/src/cli/index.ts

@@ -0,0 +1,28 @@
+#!/usr/bin/env node
+
+import { Command } from 'commander';
+import { createScanCommand } from './commands/scan';
+import { createLoginCommand, createLogoutCommand } from './commands/login';
+import { createInitCommand } from './commands/init';
+import { createRulesCommand } from './commands/rules';
+import { createMcpCommand } from './commands/mcp';
+
+const packageJson = require('../../package.json');
+
+const program = new Command();
+
+program
+  .name('vibeguard')
+  .description('Local CLI security scanner for AI-generated code')
+  .version(packageJson.version);
+
+// Add commands
+program.addCommand(createScanCommand());
+program.addCommand(createLoginCommand());
+program.addCommand(createLogoutCommand());
+program.addCommand(createInitCommand());
+program.addCommand(createRulesCommand());
+program.addCommand(createMcpCommand());
+
+// Parse and execute
+program.parse();

package/src/cli/output.ts

@@ -0,0 +1,159 @@
+import { Finding, ScanResult, Severity, SecurityRule } from '../types';
+
+// ANSI color codes (chalk is ESM-only, so we use direct codes for CommonJS compatibility)
+const colors = {
+  reset: '\x1b[0m',
+  bold: '\x1b[1m',
+  dim: '\x1b[2m',
+  red: '\x1b[31m',
+  green: '\x1b[32m',
+  yellow: '\x1b[33m',
+  blue: '\x1b[34m',
+  magenta: '\x1b[35m',
+  cyan: '\x1b[36m',
+  white: '\x1b[37m',
+  bgRed: '\x1b[41m',
+  bgYellow: '\x1b[43m',
+  bgBlue: '\x1b[44m',
+  bgMagenta: '\x1b[45m',
+};
+
+const severityColors: Record<Severity, string> = {
+  critical: colors.bgRed + colors.white,
+  high: colors.red,
+  medium: colors.yellow,
+  low: colors.blue,
+};
+
+const severityLabels: Record<Severity, string> = {
+  critical: 'CRITICAL',
+  high: 'HIGH',
+  medium: 'MEDIUM',
+  low: 'LOW',
+};
+
+export function formatSeverity(severity: Severity): string {
+  const color = severityColors[severity];
+  const label = severityLabels[severity].padEnd(8);
+  return `${color}${colors.bold} ${label} ${colors.reset}`;
+}
+
+export function formatFinding(finding: Finding, cwd: string): string {
+  const relativePath = finding.file.replace(cwd + '/', '');
+  const location = `${relativePath}:${finding.line}`;
+  const severity = formatSeverity(finding.rule.severity);
+
+  let output = `\n${severity} ${colors.cyan}${location}${colors.reset}\n`;
+  output += `           ${finding.rule.name}\n`;
+
+  if (finding.rule.fix) {
+    output += `           ${colors.dim}→ ${finding.rule.fix}${colors.reset}\n`;
+  }
+
+  return output;
+}
+
+export function formatSummary(result: ScanResult): string {
+  const counts = {
+    critical: 0,
+    high: 0,
+    medium: 0,
+    low: 0,
+  };
+
+  for (const finding of result.findings) {
+    counts[finding.rule.severity]++;
+  }
+
+  const total = result.findings.length;
+  const grade = calculateGrade(counts);
+
+  let output = '\n';
+  output += `${colors.dim}─────────────────────────────────────────${colors.reset}\n`;
+  output += `Found ${colors.bold}${total}${colors.reset} issue${total !== 1 ? 's' : ''} `;
+  output += `(${colors.red}${counts.critical} critical${colors.reset}, `;
+  output += `${colors.yellow}${counts.high} high${colors.reset}, `;
+  output += `${colors.blue}${counts.medium} medium${colors.reset}, `;
+  output += `${colors.dim}${counts.low} low${colors.reset})\n\n`;
+
+  output += `Grade: ${formatGrade(grade)}\n`;
+
+  return output;
+}
+
+function calculateGrade(counts: Record<Severity, number>): string {
+  if (counts.critical > 0) return 'F';
+  if (counts.high > 2) return 'D';
+  if (counts.high > 0) return 'C';
+  if (counts.medium > 3) return 'C';
+  if (counts.medium > 0) return 'B';
+  if (counts.low > 5) return 'B';
+  if (counts.low > 0) return 'A';
+  return 'A+';
+}
+
+function formatGrade(grade: string): string {
+  const gradeColors: Record<string, string> = {
+    'A+': colors.green + colors.bold,
+    'A': colors.green,
+    'B': colors.blue,
+    'C': colors.yellow,
+    'D': colors.red,
+    'F': colors.bgRed + colors.white + colors.bold,
+  };
+
+  const color = gradeColors[grade] || colors.white;
+  return `${color}${grade}${colors.reset}`;
+}
+
+export function formatHeader(version: string): string {
+  return `\n${colors.cyan}${colors.bold}VibeGuard${colors.reset} Security Scanner ${colors.dim}v${version}${colors.reset}\n`;
+}
+
+export function formatScanning(fileCount: number): string {
+  return `\n${colors.dim}Scanning ${fileCount} file${fileCount !== 1 ? 's' : ''}...${colors.reset}\n`;
+}
+
+export function formatSuccess(message: string): string {
+  return `${colors.green}✓${colors.reset} ${message}`;
+}
+
+export function formatError(message: string): string {
+  return `${colors.red}✗${colors.reset} ${message}`;
+}
+
+export function formatWarning(message: string): string {
+  return `${colors.yellow}⚠${colors.reset} ${message}`;
+}
+
+export function formatInfo(message: string): string {
+  return `${colors.blue}ℹ${colors.reset} ${message}`;
+}
+
+export function formatRule(rule: SecurityRule): string {
+  const severity = formatSeverity(rule.severity);
+  let output = `${severity} ${colors.bold}${rule.id}${colors.reset}\n`;
+  output += `           ${rule.name}\n`;
+  output += `           ${colors.dim}${rule.description}${colors.reset}\n`;
+  if (rule.fix) {
+    output += `           ${colors.cyan}Fix: ${rule.fix}${colors.reset}\n`;
+  }
+  output += `           ${colors.dim}Languages: ${rule.languages.join(', ')}${colors.reset}\n`;
+  return output;
+}
+
+export function formatBlockedCommit(): string {
+  return `\n${colors.bgRed}${colors.white}${colors.bold} COMMIT BLOCKED ${colors.reset}\n` +
+    `${colors.red}Fix critical/high issues or use ${colors.bold}git commit --no-verify${colors.reset}${colors.red} to override.${colors.reset}\n`;
+}
+
+export function formatCleanResult(): string {
+  return `\n${colors.green}${colors.bold}✓ No security issues found!${colors.reset}\n` +
+    `\nGrade: ${formatGrade('A+')}\n`;
+}
+
+export function shouldBlockCommit(result: ScanResult): boolean {
+  return result.findings.some(
+    f => f.rule.severity === 'critical' || f.rule.severity === 'high'
+  );
+}

package/src/mcp/server.ts

@@ -0,0 +1,195 @@
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { z } from 'zod';
+import * as path from 'path';
+import { Scanner } from '../scanner';
+import { securityRules } from '../scanner/rules/definitions';
+
+export async function startMcpServer(): Promise<void> {
+  const server = new McpServer({
+    name: 'vibeguard',
+    version: '1.0.0',
+  });
+
+  // Tool: scan_code
+  server.tool(
+    'scan_code',
+    'Scan files or directories for security vulnerabilities. Returns findings with severity, location, and fix suggestions. Use this after writing code or before commits.',
+    {
+      paths: z.array(z.string()).describe('File or directory paths to scan (relative to current working directory)'),
+      staged_only: z.boolean().optional().describe('If true, only scan git staged files'),
+    },
+    async ({ paths, staged_only }) => {
+      try {
+        const scanner = new Scanner();
+        await scanner.initialize();
+
+        const cwd = process.cwd();
+        const targets = paths.map(p => path.resolve(cwd, p));
+
+        const result = staged_only
+          ? await scanner.scanStaged()
+          : await scanner.scan(targets);
+
+        if (result.findings.length === 0) {
+          return {
+            content: [
+              {
+                type: 'text' as const,
+                text: `✅ No security issues found in ${result.files} file(s).`,
+              },
+            ],
+          };
+        }
+
+        // Format findings
+        const findings = result.findings.map(f => ({
+          severity: f.rule.severity,
+          rule: f.rule.id,
+          name: f.rule.name,
+          file: path.relative(cwd, f.file),
+          line: f.line,
+          message: f.rule.description,
+          fix: f.rule.fix,
+        }));
+
+        const counts = {
+          critical: findings.filter(f => f.severity === 'critical').length,
+          high: findings.filter(f => f.severity === 'high').length,
+          medium: findings.filter(f => f.severity === 'medium').length,
+          low: findings.filter(f => f.severity === 'low').length,
+        };
+
+        const summary = `Found ${findings.length} issue(s): ${counts.critical} critical, ${counts.high} high, ${counts.medium} medium, ${counts.low} low`;
+
+        const formattedFindings = findings.map(f =>
+          `[${f.severity.toUpperCase()}] ${f.file}:${f.line}\n  ${f.name}\n  Fix: ${f.fix}`
+        ).join('\n\n');
+
+        return {
+          content: [
+            {
+              type: 'text' as const,
+              text: `${summary}\n\n${formattedFindings}`,
+            },
+          ],
+        };
+      } catch (error) {
+        return {
+          content: [
+            {
+              type: 'text' as const,
+              text: `Error scanning: ${error instanceof Error ? error.message : 'Unknown error'}`,
+            },
+          ],
+          isError: true,
+        };
+      }
+    }
+  );
+
+  // Tool: list_security_rules
+  server.tool(
+    'list_security_rules',
+    'List all available security rules that VibeGuard checks for. Use this to understand what vulnerabilities are detected.',
+    {
+      severity: z.enum(['critical', 'high', 'medium', 'low']).optional().describe('Filter by severity level'),
+    },
+    async ({ severity }) => {
+      let rules = securityRules;
+
+      if (severity) {
+        rules = rules.filter(r => r.severity === severity);
+      }
+
+      const formatted = rules.map(r =>
+        `[${r.severity.toUpperCase()}] ${r.id}\n  ${r.name}\n  ${r.description}\n  Languages: ${r.languages.join(', ')}`
+      ).join('\n\n');
+
+      return {
+        content: [
+          {
+            type: 'text' as const,
+            text: `${rules.length} security rule(s):\n\n${formatted}`,
+          },
+        ],
+      };
+    }
+  );
+
+  // Tool: check_code_snippet
+  server.tool(
+    'check_code_snippet',
+    'Check a code snippet for security vulnerabilities without writing to disk. Useful for validating code before suggesting it.',
+    {
+      code: z.string().describe('The code snippet to check'),
+      language: z.enum(['javascript', 'typescript', 'python']).describe('The programming language'),
+    },
+    async ({ code, language }) => {
+      try {
+        const fs = await import('fs');
+        const os = await import('os');
+
+        // Create temp file
+        const ext = language === 'python' ? '.py' : language === 'typescript' ? '.ts' : '.js';
+        const tempFile = path.join(os.tmpdir(), `vibeguard-check-${Date.now()}${ext}`);
+
+        fs.writeFileSync(tempFile, code);
+
+        const scanner = new Scanner();
+        await scanner.initialize();
+
+        const result = await scanner.scan([tempFile]);
+
+        // Clean up
+        fs.unlinkSync(tempFile);
+
+        if (result.findings.length === 0) {
+          return {
+            content: [
+              {
+                type: 'text' as const,
+                text: '✅ No security issues found in this code snippet.',
+              },
+            ],
+          };
+        }
+
+        const findings = result.findings.map(f => ({
+          severity: f.rule.severity,
+          rule: f.rule.id,
+          name: f.rule.name,
+          line: f.line,
+          fix: f.rule.fix,
+        }));
+
+        const formatted = findings.map(f =>
+          `[${f.severity.toUpperCase()}] Line ${f.line}: ${f.name}\n  Fix: ${f.fix}`
+        ).join('\n\n');
+
+        return {
+          content: [
+            {
+              type: 'text' as const,
+              text: `Found ${findings.length} issue(s):\n\n${formatted}`,
+            },
+          ],
+        };
+      } catch (error) {
+        return {
+          content: [
+            {
+              type: 'text' as const,
+              text: `Error checking code: ${error instanceof Error ? error.message : 'Unknown error'}`,
+            },
+          ],
+          isError: true,
+        };
+      }
+    }
+  );
+
+  // Connect via stdio
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+}