@indicated/vibeguard 1.3.2 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/cli/commands/scan.d.ts.map +1 -1
  2. package/dist/cli/commands/scan.js +5 -0
  3. package/dist/cli/commands/scan.js.map +1 -1
  4. package/dist/mcp/server.d.ts.map +1 -1
  5. package/dist/mcp/server.js +250 -49
  6. package/dist/mcp/server.js.map +1 -1
  7. package/dist/scanner/parsers/javascript.d.ts.map +1 -1
  8. package/dist/scanner/parsers/javascript.js +43 -1
  9. package/dist/scanner/parsers/javascript.js.map +1 -1
  10. package/dist/scanner/rules/definitions.d.ts.map +1 -1
  11. package/dist/scanner/rules/definitions.js +26 -9
  12. package/dist/scanner/rules/definitions.js.map +1 -1
  13. package/package.json +1 -1
  14. package/src/cli/commands/scan.ts +6 -0
  15. package/src/mcp/server.ts +292 -53
  16. package/src/scanner/parsers/javascript.ts +52 -1
  17. package/src/scanner/rules/definitions.ts +26 -9
package/dist/scanner/rules/definitions.js CHANGED
@@ -127,8 +127,9 @@ exports.securityRules = [
127
127
  tier: 'free',
128
128
  languages: ['javascript', 'typescript'],
129
129
  patterns: [
130
- /localStorage\.setItem\s*\(\s*['"`](?:token|jwt|auth|session|api[_-]?key|secret|password|credential)/i,
131
- /sessionStorage\.setItem\s*\(\s*['"`](?:token|jwt|auth|session|api[_-]?key|secret|password|credential)/i,
130
+ // Only match actual sensitive key names, not prefixes like "sessionStartTime"
131
+ /localStorage\.setItem\s*\(\s*['"`](?:access[_-]?token|refresh[_-]?token|auth[_-]?token|jwt[_-]?token|api[_-]?key|secret[_-]?key|password|private[_-]?key)['"`]/i,
132
+ /sessionStorage\.setItem\s*\(\s*['"`](?:access[_-]?token|refresh[_-]?token|auth[_-]?token|jwt[_-]?token|api[_-]?key|secret[_-]?key|password|private[_-]?key)['"`]/i,
132
133
  ],
133
134
  fix: 'Use httpOnly cookies for sensitive tokens, or encrypt before storage',
134
135
  },
@@ -140,7 +141,20 @@ exports.securityRules = [
140
141
  tier: 'pro',
141
142
  languages: ['javascript', 'typescript'],
142
143
  patterns: [
143
- /\.from\s*\(\s*['"`][^'"`]+['"`]\s*\)\.(?:select|insert|update|delete)/,
144
+ // Only flag client-side code - server-side using service role is correct pattern
145
+ /createClient\s*\([^)]*\)[\s\S]*\.from\s*\(\s*['"`][^'"`]+['"`]\s*\)\.(?:select|insert|update|delete)/,
146
+ ],
147
+ // Exclude server-side API files where service role key usage is correct
148
+ pathExclusions: [
149
+ /\/api\//,
150
+ /\/server\//,
151
+ /\/backend\//,
152
+ /\/routes\//,
153
+ /\/controllers\//,
154
+ /\/services\//,
155
+ /\.server\./,
156
+ /pages\/api\//,
157
+ /app\/api\//,
144
158
  ],
145
159
  astMatcher: 'supabase-no-rls',
146
160
  fix: 'Enable Row Level Security on Supabase tables and add policies',
@@ -403,17 +417,20 @@ exports.securityRules = [
403
417
  {
404
418
  id: 'prototype-pollution',
405
419
  name: 'Potential Prototype Pollution',
406
- description: 'Merging user input into objects can allow prototype pollution attacks',
420
+ description: 'Deep merging user input can allow prototype pollution attacks',
407
421
  severity: 'low',
408
422
  tier: 'free',
409
423
  languages: ['javascript', 'typescript'],
410
424
  patterns: [
411
- /Object\.assign\s*\(\s*\{\}\s*,[^)]*(?:req\.|body\.|params\.|query\.)/,
412
- /\{\s*\.\.\.(?:req|body|params|query)/,
413
- /lodash\.merge\s*\([^)]*(?:req\.|body\.)/,
414
- /deepmerge\s*\([^)]*(?:req\.|body\.)/,
425
+ // Only flag actual deep merge operations that can cause prototype pollution
426
+ // Spread operator {...obj} and Object.assign({}, obj) are SAFE - they don't pollute
427
+ /(?:lodash|_)\.merge\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
428
+ /(?:lodash|_)\.mergeWith\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
429
+ /(?:lodash|_)\.defaultsDeep\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
430
+ /deepmerge\s*\([^)]*(?:req\.|body\.|params\.|query\.)/,
431
+ /merge\s*\(\s*\w+\s*,\s*(?:req\.|body\.|params\.|query\.)/,
415
432
  ],
416
- fix: 'Validate and sanitize user input before merging. Use Object.create(null) for dictionaries',
433
+ fix: 'Validate and sanitize user input before deep merging. Use Object.create(null) for dictionaries',
417
434
  },
418
435
  // ============================================
419
436
  // PRO TIER RULES - Framework-specific
package/dist/scanner/rules/definitions.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../../src/scanner/rules/definitions.ts"],"names":[],"mappings":";;;AAsqBA,kCAEC;AAED,gDAEC;AA1qBY,QAAA,aAAa,GAAmB;IAC3C,+CAA+C;IAC/C,0CAA0C;IAC1C,+CAA+C;IAE/C,WAAW;IACX;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,0EAA0E;QACvF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,2CAA2C;YAC3C,8BAA8B;YAC9B,mCAAmC;YACnC,+CAA+C;YAC/C,qCAAqC;YACrC,eAAe;YACf,uCAAuC;YACvC,kBAAkB;YAClB,2BAA2B;YAC3B,mCAAmC;YACnC,qDAAqD;YACrD,kBAAkB;YAClB,gCAAgC;YAChC,cAAc;YACd,mDAAmD;YACnD,WAAW;YACX,mDAAmD;YACnD,SAAS;YACT,yBAAyB;YACzB,8DAA8D;YAC9D,2EAA2E;YAC3E,eAAe;YACf,wDAAwD;SACzD;QACD,GAAG,EAAE,2DAA2D;KACjE;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,gGAAgG;QAC7G,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,UAAU,EAAE,eAAe;QAC3B,GAAG,EAAE,kDAAkD;KACxD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,sDAAsD;QACnE,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,UAAU,EAAE,YAAY;QACxB,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,2EAA2E;QACxF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,mCAAmC;YACnC,iCAAiC;YACjC,8BAA8B;YAC9B,kCAAkC;YAClC,+BAA+B;YAC/B,qEAAqE;YACrE,2BAA2B;YAC3B,0BAA0B;SAC3B;QACD,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,qBAAqB;YACrB,gDAAgD;YAChD,yBAAyB;YACzB,sBAAsB;YACtB,gBAAgB;YAChB,kBAAkB;SACnB;QACD,GAAG,EAAE,qGAAqG;KAC3G;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,cAAc;QAC1B,GAAG,EAAE,qEAAqE;KAC3E;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,eAAe;QAC3B,GAAG,EAAE,kEAAkE;KACxE;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,qEAAqE;QAClF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,sGAAsG;YACtG,wGAAwG;SACzG;QACD,GAAG,EAAE,sEAAsE;KAC5E;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,uEAAuE;SACxE;QACD,UAAU,EAAE,iBAAiB;QAC7B,GAAG,EAAE,+DAA+D;KACrE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,mEAAmE;QAChF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yDAAyD;YACzD,kCAAkC;SACnC;QACD,GAAG,EAAE,sDAAsD;KAC5D;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,4EAA4E;QACzF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,MAAM;QAClB,GAAG,EAAE,sEAAsE;KAC5E;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,uDAAuD;YACvD,+IAA+I;YAC/I,iFAAiF;YACjF,4DAA4D;YAC5D,qEAAqE;YACrE,wEAAwE;SACzE;QACD,GAAG,EAAE,6FAA6F;KACnG;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,sEAAsE;YACtE,yEAAyE;YACzE,0HAA0H;YAC1H,qFAAqF;YACrF,mCAAmC;YACnC,4FAA4F;YAC5F,yEAAyE;YACzE,4BAA4B;YAC5B,gEAAgE;SACjE;QACD,GAAG,EAAE,0GAA0G;KAChH;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,0DAA0D;YAC1D,wDAAwD;YACxD,sDAAsD;YACtD,oDAAoD;YACpD,4CAA4C;YAC5C,yCAAyC;SAC1C;QACD,GAAG,EAAE,+DAA+D;KACrE;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,iEAAiE;QAC9E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,oFAAoF;YACpF,kEAAkE;YAClE,sGAAsG;SACvG;QACD,GAAG,EAAE,2GAA2G;KACjH;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,iEAAiE;YACjE,sFAAsF;SACvF;QACD,GAAG,EAAE,6EAA6E;KACnF;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,kDAAkD;YAClD,yCAAyC;YACzC,aAAa;SACd;QACD,GAAG,EAAE,2CAA2C;KACjD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,iEAAiE;SAClE;QACD,GAAG,EAAE,wCAAwC;KAC9C;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,4CAA4C;YAC5C,2CAA2C;YAC3C,6BAA6B;SAC9B;QACD,GAAG,EAAE,2DAA2D;KACjE;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,6FAA6F;QAC1G,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,6CAA6C;YAC7C,2DAA2D;YAC3D,0CAA0C;YAC1C,0GAA0G;SAC3G;QACD,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,2EAA2E;QACxF,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,QAAQ;YACR,qBAAqB;YACrB,UAAU;YACV,mBAAmB;YACnB,yBAAyB;YACzB,gBAAgB;YAChB,aAAa;YACb,WAAW;SACZ;QACD,GAAG,EAAE,gEAAgE;KACtE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,0CAA0C;YAC1C,iCAAiC;YACjC,oBAAoB;YACpB,6BAA6B;SAC9B;QACD,GAAG,EAAE,uEAAuE;KAC7E;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,+DAA+D;YAC/D,6FAA6F;SAC9F;QACD,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,4EAA4E;QACzF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,4FAA4F;YAC5F,uFAAuF;YACvF,uGAAuG;SACxG;QACD,UAAU,EAAE,oBAAoB;QAChC,GAAG,EAAE,yDAAyD;KAC/D;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,0DAA0D;QACvE,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,kGAAkG;YAClG,+EAA+E;YAC/E,mEAAmE;YACnE,qEAAqE;YACrE,gFAAgF;SACjF;QACD,GAAG,EAAE,8CAA8C;KACpD;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,gEAAgE;YAChE,uBAAuB;YACvB,sDAAsD;YACtD,+DAA+D;YAC/D,gCAAgC;SACjC;QACD,GAAG,EAAE,+CAA+C;KACrD;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,uEAAuE;QACpF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,sEAAsE;YACtE,sCAAsC;YACtC,yCAAyC;YACzC,qCAAqC;SACtC;QACD,GAAG,EAAE,2FAA2F;KACjG;IAED,+CAA+C;IAC/C,sCAAsC;IACtC,+CAA+C;IAE/C,kBAAkB;IAClB;QACE,EAAE,EAAE,8BAA8B;QAClC,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,8IAA8I;SAC/I;QACD,GAAG,EAAE,6FAA6F;KACnG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,6EAA6E;YAC7E,iEAAiE;YACjE,+NAA+N;SAChO;QACD,yEAAyE;QACzE,cAAc,EAAE;YACd,WAAW;YACX,YAAY;YACZ,YAAY;YACZ,aAAa;YACb,cAAc;YACd,YAAY;YACZ,qBAAqB;YACrB,oBAAoB;YACpB,YAAY;YACZ,cAAc;YACd,cAAc;YACd,WAAW;YACX,UAAU;YACV,UAAU;YACV,YAAY;SACb;QACD,GAAG,EAAE,6EAA6E;KACnF;IACD;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,gDAAgD;QACtD,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,gEAAgE;SACjE;QACD,GAAG,EAAE,+EAA+E;KACrF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,uCAAuC;QAC7C,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,kEAAkE;SACnE;QACD,GAAG,EAAE,2FAA2F;KACjG;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,oFAAoF;QACjG,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,kBAAkB;SACnB;QACD,GAAG,EAAE,6DAA6D;KACnE;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,kEAAkE;QAC/E,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,wCAAwC;SACzC;QACD,GAAG,EAAE,yEAAyE;KAC/E;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,wEAAwE;QACrF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,qBAAqB;YACrB,6BAA6B;YAC7B,+BAA+B;YAC/B,+BAA+B;SAChC;QACD,GAAG,EAAE,iEAAiE;KACvE;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,cAAc;SACf;QACD,GAAG,EAAE,mGAAmG;KACzG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,4CAA4C;SAC7C;QACD,GAAG,EAAE,oFAAoF;KAC1F;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,0CAA0C;QAChD,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,sJAAsJ;SACvJ;QACD,GAAG,EAAE,2FAA2F;KACjG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,kEAAkE;QAC/E,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,qFAAqF;SACtF;QACD,GAAG,EAAE,8DAA8D;KACpE;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,CAAC;QACzB,QAAQ,EAAE;YACR,6HAA6H;SAC9H;QACD,GAAG,EAAE,0EAA0E;KAChF;IACD;QACE,EAAE,EAAE,mCAAmC;QACvC,IAAI,EAAE,mCAAmC;QACzC,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,CAAC;QACzB,QAAQ,EAAE;YACR,oFAAoF;SACrF;QACD,GAAG,EAAE,gEAAgE;KACtE;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,qDAAqD;QAClE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,oCAAoC;YACpC,6BAA6B;SAC9B;QACD,GAAG,EAAE,0DAA0D;KAChE;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yDAAyD;YACzD,+CAA+C;SAChD;QACD,GAAG,EAAE,4DAA4D;KAClE;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,qDAAqD;QAClE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,kCAAkC;SACnC;QACD,GAAG,EAAE,0CAA0C;KAChD;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,2DAA2D;QACxE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yBAAyB;YACzB,4BAA4B;SAC7B;QACD,GAAG,EAAE,wDAAwD;KAC9D;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,+CAA+C;QAC5D,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,0EAA0E;SAC3E;QACD,GAAG,EAAE,yGAAyG;KAC/G;CACF,CAAC;AAEF,SAAgB,WAAW,CAAC,EAAU;IACpC,OAAO,qBAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,SAAgB,kBAAkB,CAAC,QAAgB;IACjD,OAAO,qBAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAClE,CAAC"}
1
+ {"version":3,"file":"definitions.js","sourceRoot":"","sources":["../../../src/scanner/rules/definitions.ts"],"names":[],"mappings":";;;AAurBA,kCAEC;AAED,gDAEC;AA3rBY,QAAA,aAAa,GAAmB;IAC3C,+CAA+C;IAC/C,0CAA0C;IAC1C,+CAA+C;IAE/C,WAAW;IACX;QACE,EAAE,EAAE,kBAAkB;QACtB,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,0EAA0E;QACvF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,2CAA2C;YAC3C,8BAA8B;YAC9B,mCAAmC;YACnC,+CAA+C;YAC/C,qCAAqC;YACrC,eAAe;YACf,uCAAuC;YACvC,kBAAkB;YAClB,2BAA2B;YAC3B,mCAAmC;YACnC,qDAAqD;YACrD,kBAAkB;YAClB,gCAAgC;YAChC,cAAc;YACd,mDAAmD;YACnD,WAAW;YACX,mDAAmD;YACnD,SAAS;YACT,yBAAyB;YACzB,8DAA8D;YAC9D,2EAA2E;YAC3E,eAAe;YACf,wDAAwD;SACzD;QACD,GAAG,EAAE,2DAA2D;KACjE;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,gGAAgG;QAC7G,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,UAAU,EAAE,eAAe;QAC3B,GAAG,EAAE,kDAAkD;KACxD;IACD;QACE,EAAE,EAAE,YAAY;QAChB,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,sDAAsD;QACnE,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,UAAU,EAAE,YAAY;QACxB,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,2EAA2E;QACxF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,mCAAmC;YACnC,iCAAiC;YACjC,8BAA8B;YAC9B,kCAAkC;YAClC,+BAA+B;YAC/B,qEAAqE;YACrE,2BAA2B;YAC3B,0BAA0B;SAC3B;QACD,GAAG,EAAE,0FAA0F;KAChG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,qBAAqB;YACrB,gDAAgD;YAChD,yBAAyB;YACzB,sBAAsB;YACtB,gBAAgB;YAChB,kBAAkB;SACnB;QACD,GAAG,EAAE,qGAAqG;KAC3G;IAED,kCAAkC;IAClC;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,cAAc;QAC1B,GAAG,EAAE,qEAAqE;KAC3E;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,gEAAgE;QAC7E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,eAAe;QAC3B,GAAG,EAAE,kEAAkE;KACxE;IACD;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,qEAAqE;QAClF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,8EAA8E;YAC9E,iKAAiK;YACjK,mKAAmK;SACpK;QACD,GAAG,EAAE,sEAAsE;KAC5E;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,iFAAiF;YACjF,sGAAsG;SACvG;QACD,wEAAwE;QACxE,cAAc,EAAE;YACd,SAAS;YACT,YAAY;YACZ,aAAa;YACb,YAAY;YACZ,iBAAiB;YACjB,cAAc;YACd,YAAY;YACZ,cAAc;YACd,YAAY;SACb;QACD,UAAU,EAAE,iBAAiB;QAC7B,GAAG,EAAE,+DAA+D;KACrE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,mEAAmE;QAChF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yDAAyD;YACzD,kCAAkC;SACnC;QACD,GAAG,EAAE,sDAAsD;KAC5D;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,4EAA4E;QACzF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,UAAU,EAAE,MAAM;QAClB,GAAG,EAAE,sEAAsE;KAC5E;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,8BAA8B;QACpC,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,uDAAuD;YACvD,+IAA+I;YAC/I,iFAAiF;YACjF,4DAA4D;YAC5D,qEAAqE;YACrE,wEAAwE;SACzE;QACD,GAAG,EAAE,6FAA6F;KACnG;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,sEAAsE;YACtE,yEAAyE;YACzE,0HAA0H;YAC1H,qFAAqF;YACrF,mCAAmC;YACnC,4FAA4F;YAC5F,yEAAyE;YACzE,4BAA4B;YAC5B,gEAAgE;SACjE;QACD,GAAG,EAAE,0GAA0G;KAChH;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,0DAA0D;YAC1D,wDAAwD;YACxD,sDAAsD;YACtD,oDAAoD;YACpD,4CAA4C;YAC5C,yCAAyC;SAC1C;QACD,GAAG,EAAE,+DAA+D;KACrE;IACD;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,iEAAiE;QAC9E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,oFAAoF;YACpF,kEAAkE;YAClE,sGAAsG;SACvG;QACD,GAAG,EAAE,2GAA2G;KACjH;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,yBAAyB;QAC/B,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,iEAAiE;YACjE,sFAAsF;SACvF;QACD,GAAG,EAAE,6EAA6E;KACnF;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,iBAAiB;QACrB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,kDAAkD;YAClD,yCAAyC;YACzC,aAAa;SACd;QACD,GAAG,EAAE,2CAA2C;KACjD;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,iDAAiD;QAC9D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,iEAAiE;SAClE;QACD,GAAG,EAAE,wCAAwC;KAC9C;IACD;QACE,EAAE,EAAE,eAAe;QACnB,IAAI,EAAE,4BAA4B;QAClC,WAAW,EAAE,gDAAgD;QAC7D,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,4CAA4C;YAC5C,2CAA2C;YAC3C,6BAA6B;SAC9B;QACD,GAAG,EAAE,2DAA2D;KACjE;IACD;QACE,EAAE,EAAE,cAAc;QAClB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,6FAA6F;QAC1G,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,6CAA6C;YAC7C,2DAA2D;YAC3D,0CAA0C;YAC1C,0GAA0G;SAC3G;QACD,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,qCAAqC;QAC3C,WAAW,EAAE,2EAA2E;QACxF,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,QAAQ;YACR,qBAAqB;YACrB,UAAU;YACV,mBAAmB;YACnB,yBAAyB;YACzB,gBAAgB;YAChB,aAAa;YACb,WAAW;SACZ;QACD,GAAG,EAAE,gEAAgE;KACtE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,wDAAwD;QACrE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,0CAA0C;YAC1C,iCAAiC;YACjC,oBAAoB;YACpB,6BAA6B;SAC9B;QACD,GAAG,EAAE,uEAAuE;KAC7E;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,+DAA+D;YAC/D,6FAA6F;SAC9F;QACD,GAAG,EAAE,mEAAmE;KACzE;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,4EAA4E;QACzF,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,4FAA4F;YAC5F,uFAAuF;YACvF,uGAAuG;SACxG;QACD,UAAU,EAAE,oBAAoB;QAChC,GAAG,EAAE,yDAAyD;KAC/D;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,0DAA0D;QACvE,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,kGAAkG;YAClG,+EAA+E;YAC/E,mEAAmE;YACnE,qEAAqE;YACrE,gFAAgF;SACjF;QACD,GAAG,EAAE,8CAA8C;KACpD;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,kCAAkC;QACxC,WAAW,EAAE,8DAA8D;QAC3E,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,EAAE,QAAQ,CAAC;QACjD,QAAQ,EAAE;YACR,gEAAgE;YAChE,uBAAuB;YACvB,sDAAsD;YACtD,+DAA+D;YAC/D,gCAAgC;SACjC;QACD,GAAG,EAAE,+CAA+C;KACrD;IACD;QACE,EAAE,EAAE,qBAAqB;QACzB,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,4EAA4E;YAC5E,oFAAoF;YACpF,gEAAgE;YAChE,oEAAoE;YACpE,uEAAuE;YACvE,sDAAsD;YACtD,0DAA0D;SAC3D;QACD,GAAG,EAAE,gGAAgG;KACtG;IAED,+CAA+C;IAC/C,sCAAsC;IACtC,+CAA+C;IAE/C,kBAAkB;IAClB;QACE,EAAE,EAAE,8BAA8B;QAClC,IAAI,EAAE,oCAAoC;QAC1C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,8IAA8I;SAC/I;QACD,GAAG,EAAE,6FAA6F;KACnG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,oEAAoE;QACjF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,6EAA6E;YAC7E,iEAAiE;YACjE,+NAA+N;SAChO;QACD,yEAAyE;QACzE,cAAc,EAAE;YACd,WAAW;YACX,YAAY;YACZ,YAAY;YACZ,aAAa;YACb,cAAc;YACd,YAAY;YACZ,qBAAqB;YACrB,oBAAoB;YACpB,YAAY;YACZ,cAAc;YACd,cAAc;YACd,WAAW;YACX,UAAU;YACV,UAAU;YACV,YAAY;SACb;QACD,GAAG,EAAE,6EAA6E;KACnF;IACD;QACE,EAAE,EAAE,gCAAgC;QACpC,IAAI,EAAE,gDAAgD;QACtD,WAAW,EAAE,+DAA+D;QAC5E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,gEAAgE;SACjE;QACD,GAAG,EAAE,+EAA+E;KACrF;IACD;QACE,EAAE,EAAE,oBAAoB;QACxB,IAAI,EAAE,uCAAuC;QAC7C,WAAW,EAAE,gFAAgF;QAC7F,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,kEAAkE;SACnE;QACD,GAAG,EAAE,2FAA2F;KACjG;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,mBAAmB;QACvB,IAAI,EAAE,iCAAiC;QACvC,WAAW,EAAE,oFAAoF;QACjG,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,kBAAkB;SACnB;QACD,GAAG,EAAE,6DAA6D;KACnE;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,6BAA6B;QACnC,WAAW,EAAE,kEAAkE;QAC/E,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,wCAAwC;SACzC;QACD,GAAG,EAAE,yEAAyE;KAC/E;IACD;QACE,EAAE,EAAE,gBAAgB;QACpB,IAAI,EAAE,sBAAsB;QAC5B,WAAW,EAAE,wEAAwE;QACrF,QAAQ,EAAE,UAAU;QACpB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,qBAAqB;YACrB,6BAA6B;YAC7B,+BAA+B;YAC/B,+BAA+B;SAChC;QACD,GAAG,EAAE,iEAAiE;KACvE;IACD;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,uBAAuB;QAC7B,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,cAAc;SACf;QACD,GAAG,EAAE,mGAAmG;KACzG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,+BAA+B;QACrC,WAAW,EAAE,mDAAmD;QAChE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,4CAA4C;SAC7C;QACD,GAAG,EAAE,oFAAoF;KAC1F;IAED,kBAAkB;IAClB;QACE,EAAE,EAAE,4BAA4B;QAChC,IAAI,EAAE,0CAA0C;QAChD,WAAW,EAAE,6DAA6D;QAC1E,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,sJAAsJ;SACvJ;QACD,GAAG,EAAE,2FAA2F;KACjG;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,gCAAgC;QACtC,WAAW,EAAE,kEAAkE;QAC/E,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,QAAQ,CAAC;QACrB,QAAQ,EAAE;YACR,qFAAqF;SACtF;QACD,GAAG,EAAE,8DAA8D;KACpE;IAED,iBAAiB;IACjB;QACE,EAAE,EAAE,sBAAsB;QAC1B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,sEAAsE;QACnF,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,CAAC;QACzB,QAAQ,EAAE;YACR,6HAA6H;SAC9H;QACD,GAAG,EAAE,0EAA0E;KAChF;IACD;QACE,EAAE,EAAE,mCAAmC;QACvC,IAAI,EAAE,mCAAmC;QACzC,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,KAAK;QACf,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,CAAC;QACzB,QAAQ,EAAE;YACR,oFAAoF;SACrF;QACD,GAAG,EAAE,gEAAgE;KACtE;IAED,0BAA0B;IAC1B;QACE,EAAE,EAAE,uBAAuB;QAC3B,IAAI,EAAE,sCAAsC;QAC5C,WAAW,EAAE,qDAAqD;QAClE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,oCAAoC;YACpC,6BAA6B;SAC9B;QACD,GAAG,EAAE,0DAA0D;KAChE;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,yDAAyD;QACtE,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yDAAyD;YACzD,+CAA+C;SAChD;QACD,GAAG,EAAE,4DAA4D;KAClE;IAED,qBAAqB;IACrB;QACE,EAAE,EAAE,wBAAwB;QAC5B,IAAI,EAAE,2CAA2C;QACjD,WAAW,EAAE,qDAAqD;QAClE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,kCAAkC;SACnC;QACD,GAAG,EAAE,0CAA0C;KAChD;IACD;QACE,EAAE,EAAE,2BAA2B;QAC/B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,2DAA2D;QACxE,QAAQ,EAAE,QAAQ;QAClB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,yBAAyB;YACzB,4BAA4B;SAC7B;QACD,GAAG,EAAE,wDAAwD;KAC9D;IACD;QACE,EAAE,EAAE,0BAA0B;QAC9B,IAAI,EAAE,wCAAwC;QAC9C,WAAW,EAAE,+CAA+C;QAC5D,QAAQ,EAAE,MAAM;QAChB,IAAI,EAAE,KAAK;QACX,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,QAAQ,EAAE;YACR,0EAA0E;SAC3E;QACD,GAAG,EAAE,yGAAyG;KAC/G;CACF,CAAC;AAEF,SAAgB,WAAW,CAAC,EAAU;IACpC,OAAO,qBAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;AACpD,CAAC;AAED,SAAgB,kBAAkB,CAAC,QAAgB;IACjD,OAAO,qBAAa,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AAClE,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@indicated/vibeguard",
3
- "version": "1.3.2",
3
+ "version": "1.5.0",
4
4
  "description": "Local CLI security scanner for AI-generated code",
5
5
  "main": "dist/cli/index.js",
6
6
  "bin": {
package/src/cli/commands/scan.ts CHANGED
@@ -26,12 +26,18 @@ export function createScanCommand(): Command {
26
26
  .option('--force', 'Continue even if critical/high issues found')
27
27
  .option('--json', 'Output results as JSON')
28
28
  .option('--quiet', 'Minimal output (exit code only)')
29
+ .option('-e, --exclude <patterns...>', 'Glob patterns to exclude (e.g., "**/vendor/**" "*.min.js")')
29
30
  .action(async (targets: string[], options) => {
30
31
  try {
31
32
  const config = loadConfig();
32
33
  const licenseKey = getLicenseKey();
33
34
  const cwd = process.cwd();
34
35
 
36
+ // Merge CLI exclude patterns with config
37
+ if (options.exclude) {
38
+ config.exclude = [...(config.exclude || []), ...options.exclude];
39
+ }
40
+
35
41
  const scanner = new Scanner(config);
36
42
  await scanner.initialize(licenseKey || undefined);
37
43
 
package/src/mcp/server.ts CHANGED
@@ -2,10 +2,11 @@ import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
2
2
  import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
3
3
  import { z } from 'zod';
4
4
  import * as path from 'path';
5
+ import * as fs from 'fs';
5
6
  import { Scanner } from '../scanner';
6
7
  import { securityRules } from '../scanner/rules/definitions';
7
8
  import { getLicenseKey } from '../api/license';
8
- import { Severity, Tier } from '../types';
9
+ import { Severity, Tier, Finding } from '../types';
9
10
 
10
11
  function calculateGrade(counts: Record<Severity, number>): string {
11
12
  if (counts.critical > 0) return 'F';
@@ -18,6 +19,249 @@ function calculateGrade(counts: Record<Severity, number>): string {
18
19
  return 'A+';
19
20
  }
20
21
 
22
+ interface ContextSignal {
23
+ signal: string;
24
+ type: 'positive' | 'negative' | 'neutral';
25
+ }
26
+
27
+ interface EnrichedFinding {
28
+ severity: string;
29
+ rule: string;
30
+ name: string;
31
+ file: string;
32
+ line: number;
33
+ codeSnippet: string;
34
+ contextSignals: ContextSignal[];
35
+ analysisQuestion: string;
36
+ confidence: 'high' | 'medium' | 'low';
37
+ fix: string;
38
+ }
39
+
40
+ function getCodeSnippet(filePath: string, line: number, contextLines: number = 3): string {
41
+ try {
42
+ const content = fs.readFileSync(filePath, 'utf-8');
43
+ const lines = content.split('\n');
44
+ const startLine = Math.max(0, line - contextLines - 1);
45
+ const endLine = Math.min(lines.length, line + contextLines);
46
+
47
+ return lines.slice(startLine, endLine).map((l, i) => {
48
+ const lineNum = startLine + i + 1;
49
+ const marker = lineNum === line ? '→' : ' ';
50
+ return `${marker} ${lineNum.toString().padStart(4)}: ${l}`;
51
+ }).join('\n');
52
+ } catch {
53
+ return '(Could not read file)';
54
+ }
55
+ }
56
+
57
+ function analyzeContext(finding: Finding, cwd: string): { signals: ContextSignal[], confidence: 'high' | 'medium' | 'low', question: string } {
58
+ const signals: ContextSignal[] = [];
59
+ let confidence: 'high' | 'medium' | 'low' = 'high';
60
+ let question = '';
61
+
62
+ const filePath = finding.file;
63
+ const relativePath = path.relative(cwd, filePath).toLowerCase();
64
+
65
+ // Read file content for analysis
66
+ let fileContent = '';
67
+ try {
68
+ fileContent = fs.readFileSync(filePath, 'utf-8').toLowerCase();
69
+ } catch {
70
+ // Can't read file
71
+ }
72
+
73
+ // Analyze based on rule type
74
+ switch (finding.rule.id) {
75
+ case 'xss-innerhtml':
76
+ // Check for sanitizer imports
77
+ if (fileContent.includes('dompurify') || fileContent.includes('sanitize') ||
78
+ fileContent.includes('escapehtml') || fileContent.includes('escape-html')) {
79
+ signals.push({ signal: 'File imports sanitization library', type: 'positive' });
80
+ confidence = 'low';
81
+ }
82
+ // Check if it's static HTML
83
+ if (finding.code.includes("'<") || finding.code.includes('"<') || finding.code.includes('`<')) {
84
+ signals.push({ signal: 'Appears to be static HTML string', type: 'positive' });
85
+ confidence = 'low';
86
+ }
87
+ // Check for user input indicators
88
+ if (finding.code.includes('user') || finding.code.includes('input') ||
89
+ finding.code.includes('req.') || finding.code.includes('params')) {
90
+ signals.push({ signal: 'May contain user-controlled input', type: 'negative' });
91
+ confidence = 'high';
92
+ }
93
+ question = 'Is the data being inserted sanitized before this line? Check if escapeHtml() or similar is called on the variable.';
94
+ break;
95
+
96
+ case 'supabase-no-rls':
97
+ // Check if it's server-side
98
+ if (relativePath.includes('/api/') || relativePath.includes('/server/') ||
99
+ relativePath.includes('/routes/') || relativePath.includes('/backend/')) {
100
+ signals.push({ signal: 'File is in server-side directory', type: 'positive' });
101
+ confidence = 'low';
102
+ }
103
+ // Check for service role key
104
+ if (fileContent.includes('service_role') || fileContent.includes('servicerole') ||
105
+ fileContent.includes('supabase_service')) {
106
+ signals.push({ signal: 'Uses service role key (server-side pattern)', type: 'positive' });
107
+ confidence = 'low';
108
+ }
109
+ // Check for auth middleware
110
+ if (fileContent.includes('requireauth') || fileContent.includes('requireadmin') ||
111
+ fileContent.includes('middleware') || fileContent.includes('authenticate')) {
112
+ signals.push({ signal: 'File has authentication middleware', type: 'positive' });
113
+ confidence = 'low';
114
+ }
115
+ // Client-side indicators
116
+ if (relativePath.includes('/components/') || relativePath.includes('/pages/') ||
117
+ relativePath.includes('/app/') && !relativePath.includes('/api/')) {
118
+ signals.push({ signal: 'File appears to be client-side', type: 'negative' });
119
+ confidence = 'high';
120
+ }
121
+ question = 'Is this server-side code with proper auth middleware, or client-side code that should use RLS?';
122
+ break;
123
+
124
+ case 'secrets-localstorage':
125
+ // Check what's being stored
126
+ if (finding.code.includes('token') || finding.code.includes('jwt') ||
127
+ finding.code.includes('auth') || finding.code.includes('key')) {
128
+ signals.push({ signal: 'Storing authentication-related data', type: 'negative' });
129
+ confidence = 'high';
130
+ }
131
+ question = 'Is this storing actual auth tokens, or just non-sensitive data like UI preferences?';
132
+ break;
133
+
134
+ case 'ssrf-vulnerability':
135
+ // Check if URL is from env var
136
+ if (finding.code.includes('process.env') || finding.code.includes('env.')) {
137
+ signals.push({ signal: 'URL appears to come from environment variable', type: 'positive' });
138
+ confidence = 'low';
139
+ }
140
+ // Check for user input
141
+ if (finding.code.includes('req.') || finding.code.includes('body.') ||
142
+ finding.code.includes('params.') || finding.code.includes('query.')) {
143
+ signals.push({ signal: 'URL contains user-controlled input', type: 'negative' });
144
+ confidence = 'high';
145
+ }
146
+ question = 'Is the URL/host controlled by user input, or is it a fixed/environment-based URL?';
147
+ break;
148
+
149
+ case 'prototype-pollution':
150
+ // Check if it's just spread operator
151
+ if (finding.code.includes('...') && !finding.code.includes('merge')) {
152
+ signals.push({ signal: 'Uses spread operator (generally safe)', type: 'positive' });
153
+ confidence = 'low';
154
+ }
155
+ // Check for deep merge
156
+ if (finding.code.includes('merge') || finding.code.includes('deepmerge')) {
157
+ signals.push({ signal: 'Uses deep merge function', type: 'negative' });
158
+ confidence = 'high';
159
+ }
160
+ question = 'Is this using deep merge with user input, or just shallow spread/assign?';
161
+ break;
162
+
163
+ case 'missing-auth-route':
164
+ case 'nextjs-api-route-no-auth':
165
+ // Check for auth in file
166
+ if (fileContent.includes('getsession') || fileContent.includes('getserversession') ||
167
+ fileContent.includes('requireauth') || fileContent.includes('authenticate') ||
168
+ fileContent.includes('verifytoken') || fileContent.includes('middleware')) {
169
+ signals.push({ signal: 'File contains authentication logic', type: 'positive' });
170
+ confidence = 'low';
171
+ }
172
+ // Check if it's a public endpoint
173
+ if (relativePath.includes('login') || relativePath.includes('signup') ||
174
+ relativePath.includes('register') || relativePath.includes('public') ||
175
+ relativePath.includes('health') || relativePath.includes('webhook')) {
176
+ signals.push({ signal: 'Endpoint appears to be intentionally public', type: 'positive' });
177
+ confidence = 'low';
178
+ }
179
+ question = 'Is this endpoint intentionally public (login, webhook, health check) or should it require authentication?';
180
+ break;
181
+
182
+ case 'hardcoded-secret':
183
+ // Check if it's in a test/example file
184
+ if (relativePath.includes('test') || relativePath.includes('example') ||
185
+ relativePath.includes('sample') || relativePath.includes('mock')) {
186
+ signals.push({ signal: 'File appears to be test/example code', type: 'positive' });
187
+ confidence = 'low';
188
+ }
189
+ // Check for placeholder indicators
190
+ if (finding.code.includes('xxx') || finding.code.includes('example') ||
191
+ finding.code.includes('placeholder') || finding.code.includes('your-')) {
192
+ signals.push({ signal: 'Value appears to be a placeholder', type: 'positive' });
193
+ confidence = 'low';
194
+ }
195
+ question = 'Is this a real secret or a placeholder/example value? Check if this file is in version control.';
196
+ break;
197
+
198
+ default:
199
+ question = `Verify if this ${finding.rule.name} finding is a real security issue in your specific context.`;
200
+ }
201
+
202
+ // Add file path context
203
+ if (relativePath.includes('test') || relativePath.includes('spec') ||
204
+ relativePath.includes('mock') || relativePath.includes('fixture')) {
205
+ signals.push({ signal: 'File is in test/mock directory', type: 'positive' });
206
+ if (confidence === 'high') confidence = 'medium';
207
+ }
208
+
209
+ if (signals.length === 0) {
210
+ signals.push({ signal: 'No additional context detected', type: 'neutral' });
211
+ }
212
+
213
+ return { signals, confidence, question };
214
+ }
215
+
216
+ function formatEnrichedFindings(findings: EnrichedFinding[]): string {
217
+ // Group by confidence
218
+ const highConf = findings.filter(f => f.confidence === 'high');
219
+ const medConf = findings.filter(f => f.confidence === 'medium');
220
+ const lowConf = findings.filter(f => f.confidence === 'low');
221
+
222
+ let output = '';
223
+
224
+ if (highConf.length > 0) {
225
+ output += `\n## 🔴 Likely Real Issues (${highConf.length})\nThese findings have high confidence and should be investigated:\n\n`;
226
+ output += highConf.map(f => formatSingleFinding(f)).join('\n---\n');
227
+ }
228
+
229
+ if (medConf.length > 0) {
230
+ output += `\n\n## 🟡 Needs Review (${medConf.length})\nThese findings need context to determine if they're issues:\n\n`;
231
+ output += medConf.map(f => formatSingleFinding(f)).join('\n---\n');
232
+ }
233
+
234
+ if (lowConf.length > 0) {
235
+ output += `\n\n## 🟢 Likely False Positives (${lowConf.length})\nThese findings appear safe based on context signals:\n\n`;
236
+ output += lowConf.map(f => formatSingleFinding(f)).join('\n---\n');
237
+ }
238
+
239
+ return output;
240
+ }
241
+
242
+ function formatSingleFinding(f: EnrichedFinding): string {
243
+ const signalIcons = f.contextSignals.map(s => {
244
+ const icon = s.type === 'positive' ? '✓' : s.type === 'negative' ? '⚠' : '•';
245
+ return ` ${icon} ${s.signal}`;
246
+ }).join('\n');
247
+
248
+ return `
249
+ **[${f.severity.toUpperCase()}] ${f.name}**
250
+ 📍 ${f.file}:${f.line}
251
+
252
+ \`\`\`
253
+ ${f.codeSnippet}
254
+ \`\`\`
255
+
256
+ **Context signals:**
257
+ ${signalIcons}
258
+
259
+ **🤔 Analysis needed:** ${f.analysisQuestion}
260
+
261
+ **💡 Suggested fix:** ${f.fix}
262
+ `;
263
+ }
264
+
21
265
  export async function startMcpServer(): Promise<void> {
22
266
  const server = new McpServer({
23
267
  name: 'vibeguard',
@@ -27,15 +271,16 @@ export async function startMcpServer(): Promise<void> {
27
271
  // Tool: scan_code
28
272
  server.tool(
29
273
  'scan_code',
30
- 'Scan files or directories for security vulnerabilities. Returns findings with severity, location, and fix suggestions. Use this after writing code or before commits.',
274
+ 'Scan files or directories for security vulnerabilities. Returns findings with context analysis to help determine real issues vs false positives. After receiving results, analyze each finding based on the context signals and code snippets provided.',
31
275
  {
32
276
  paths: z.array(z.string()).describe('File or directory paths to scan (relative to current working directory)'),
33
277
  staged_only: z.boolean().optional().describe('If true, only scan git staged files'),
278
+ exclude: z.array(z.string()).optional().describe('Glob patterns to exclude (e.g., "**/vendor/**", "*.min.js")'),
34
279
  },
35
- async ({ paths, staged_only }) => {
280
+ async ({ paths, staged_only, exclude }) => {
36
281
  try {
37
282
  const licenseKey = getLicenseKey();
38
- const scanner = new Scanner();
283
+ const scanner = new Scanner(exclude ? { exclude } : {});
39
284
  await scanner.initialize(licenseKey || undefined);
40
285
 
41
286
  const cwd = process.cwd();
@@ -53,7 +298,7 @@ export async function startMcpServer(): Promise<void> {
53
298
  content: [
54
299
  {
55
300
  type: 'text' as const,
56
- text: `✅ No security issues found in ${result.files} file(s).\n\nGrade: A+ | Tier: ${tierLabel}`,
301
+ text: `✅ **No security issues found** in ${result.files} file(s).\n\nGrade: A+ | Tier: ${tierLabel}`,
57
302
  },
58
303
  ],
59
304
  };
@@ -67,47 +312,58 @@ export async function startMcpServer(): Promise<void> {
67
312
  };
68
313
 
69
314
  const grade = calculateGrade(counts);
70
- const summary = `Found ${result.findings.length} issue(s): ${counts.critical} critical, ${counts.high} high, ${counts.medium} medium, ${counts.low} low`;
71
315
 
72
- // Free tier: show counts only, no individual findings
316
+ // Free tier: show counts only
73
317
  if (userTier === 'free') {
74
318
  return {
75
319
  content: [
76
320
  {
77
321
  type: 'text' as const,
78
- text: `${summary}\n\nGrade: ${grade} | Tier: ${tierLabel}\n\nUpgrade to Pro to see individual findings with file locations and fix suggestions.\nRun 'vibeguard upgrade' to unlock full scan details.`,
322
+ text: `# Security Scan Results\n\n**Found ${result.findings.length} potential issue(s):** ${counts.critical} critical, ${counts.high} high, ${counts.medium} medium, ${counts.low} low\n\n**Grade: ${grade}** | Tier: ${tierLabel}\n\nUpgrade to Pro to see detailed findings with context analysis.\nRun \`vibeguard upgrade\` to unlock.`,
79
323
  },
80
324
  ],
81
325
  };
82
326
  }
83
327
 
84
- // Pro tier: show full details
85
- const findings = result.findings.map(f => ({
86
- severity: f.rule.severity,
87
- rule: f.rule.id,
88
- name: f.rule.name,
89
- file: path.relative(cwd, f.file),
90
- line: f.line,
91
- message: f.rule.description,
92
- fix: f.rule.fix,
93
- isRestricted: f.isRestricted,
94
- }));
95
-
96
- const formattedFindings = findings.map(f => {
97
- const proTag = f.isRestricted ? ' [PRO]' : '';
98
- const fixLine = f.isRestricted
99
- ? ' Fix: Upgrade to Pro to see fix details'
100
- : ` Fix: ${f.fix}`;
101
- return `[${f.severity.toUpperCase()}]${proTag} ${f.file}:${f.line}\n ${f.name}\n${fixLine}`;
102
- }).join('\n\n');
328
+ // Pro tier: enrich findings with context
329
+ const enrichedFindings: EnrichedFinding[] = result.findings.map(f => {
330
+ const { signals, confidence, question } = analyzeContext(f, cwd);
331
+ return {
332
+ severity: f.rule.severity,
333
+ rule: f.rule.id,
334
+ name: f.rule.name,
335
+ file: path.relative(cwd, f.file),
336
+ line: f.line,
337
+ codeSnippet: getCodeSnippet(f.file, f.line),
338
+ contextSignals: signals,
339
+ analysisQuestion: question,
340
+ confidence,
341
+ fix: f.rule.fix || 'Review and fix as appropriate',
342
+ };
343
+ });
103
344
 
104
- const footer = `\nGrade: ${grade} | Tier: ${tierLabel}`;
345
+ const highConfCount = enrichedFindings.filter(f => f.confidence === 'high').length;
346
+ const lowConfCount = enrichedFindings.filter(f => f.confidence === 'low').length;
347
+
348
+ const header = `# Security Scan Results
349
+
350
+ **Found ${result.findings.length} potential issue(s):** ${counts.critical} critical, ${counts.high} high, ${counts.medium} medium, ${counts.low} low
351
+ **Grade: ${grade}** | Tier: ${tierLabel}
352
+
353
+ **Confidence breakdown:**
354
+ - 🔴 ${highConfCount} likely real issues
355
+ - 🟢 ${lowConfCount} likely false positives
356
+
357
+ > **Instructions:** Review each finding below. Use the context signals and code snippets to determine if each is a real security issue. Focus on 🔴 high-confidence findings first.
358
+ `;
359
+
360
+ const formattedFindings = formatEnrichedFindings(enrichedFindings);
105
361
 
106
362
  return {
107
363
  content: [
108
364
  {
109
365
  type: 'text' as const,
110
- text: `${summary}\n\n${formattedFindings}${footer}`,
366
+ text: header + formattedFindings,
111
367
  },
112
368
  ],
113
369
  };
@@ -164,7 +420,6 @@ export async function startMcpServer(): Promise<void> {
164
420
  },
165
421
  async ({ code, language }) => {
166
422
  try {
167
- const fs = await import('fs');
168
423
  const os = await import('os');
169
424
 
170
425
  // Create temp file
@@ -189,7 +444,7 @@ export async function startMcpServer(): Promise<void> {
189
444
  content: [
190
445
  {
191
446
  type: 'text' as const,
192
- text: `✅ No security issues found in this code snippet.\n\nGrade: A+ | Tier: ${tierLabel}`,
447
+ text: `✅ **No security issues found** in this code snippet.\n\nGrade: A+ | Tier: ${tierLabel}`,
193
448
  },
194
449
  ],
195
450
  };
@@ -203,45 +458,29 @@ export async function startMcpServer(): Promise<void> {
203
458
  };
204
459
 
205
460
  const grade = calculateGrade(counts);
206
- const summary = `Found ${result.findings.length} issue(s): ${counts.critical} critical, ${counts.high} high, ${counts.medium} medium, ${counts.low} low`;
207
461
 
208
- // Free tier: show counts only, no individual findings
462
+ // Free tier: show counts only
209
463
  if (userTier === 'free') {
210
464
  return {
211
465
  content: [
212
466
  {
213
467
  type: 'text' as const,
214
- text: `${summary}\n\nGrade: ${grade} | Tier: ${tierLabel}\n\nUpgrade to Pro to see individual findings with line numbers and fix suggestions.`,
468
+ text: `Found ${result.findings.length} potential issue(s): ${counts.critical} critical, ${counts.high} high, ${counts.medium} medium, ${counts.low} low\n\nGrade: ${grade} | Tier: ${tierLabel}\n\nUpgrade to Pro to see details.`,
215
469
  },
216
470
  ],
217
471
  };
218
472
  }
219
473
 
220
- // Pro tier: show full details
221
- const findings = result.findings.map(f => ({
222
- severity: f.rule.severity,
223
- rule: f.rule.id,
224
- name: f.rule.name,
225
- line: f.line,
226
- fix: f.rule.fix,
227
- isRestricted: f.isRestricted,
228
- }));
229
-
230
- const formatted = findings.map(f => {
231
- const proTag = f.isRestricted ? ' [PRO]' : '';
232
- const fixLine = f.isRestricted
233
- ? ' Fix: Upgrade to Pro to see fix details'
234
- : ` Fix: ${f.fix}`;
235
- return `[${f.severity.toUpperCase()}]${proTag} Line ${f.line}: ${f.name}\n${fixLine}`;
474
+ // Pro tier: show findings with line numbers
475
+ const formatted = result.findings.map(f => {
476
+ return `**[${f.rule.severity.toUpperCase()}] Line ${f.line}: ${f.rule.name}**\n ${f.rule.description}\n 💡 Fix: ${f.rule.fix}`;
236
477
  }).join('\n\n');
237
478
 
238
- const footer = `\nGrade: ${grade} | Tier: ${tierLabel}`;
239
-
240
479
  return {
241
480
  content: [
242
481
  {
243
482
  type: 'text' as const,
244
- text: `Found ${findings.length} issue(s):\n\n${formatted}${footer}`,
483
+ text: `# Code Snippet Security Check\n\n**Found ${result.findings.length} issue(s):** ${counts.critical} critical, ${counts.high} high, ${counts.medium} medium, ${counts.low} low\n**Grade: ${grade}** | Tier: ${tierLabel}\n\n${formatted}`,
245
484
  },
246
485
  ],
247
486
  };