guardvibe 0.9.4 → 0.9.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +4 -4
  2. package/build/data/rules/auth.d.ts.map +1 -1
  3. package/build/data/rules/auth.js +84 -0
  4. package/build/data/rules/auth.js.map +1 -1
  5. package/package.json +2 -2
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # GuardVibe
2
2
 
3
- **The security MCP built for vibe coding.** 120 security rules covering the entire vibe coder journey — from first line of code to production deployment.
3
+ **The security MCP built for vibe coding.** 127 security rules covering the entire vibe coder journey — from first line of code to production deployment.
4
4
 
5
5
  Works with **Claude Code, Cursor, Gemini CLI, Codex, Windsurf**, and any MCP-compatible coding agent.
6
6
 
@@ -8,7 +8,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, Windsurf**, and any MCP-com
8
8
 
9
9
  Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
10
10
 
11
- - **120 security rules** purpose-built for the stacks AI agents generate
11
+ - **127 security rules** purpose-built for the stacks AI agents generate
12
12
  - **Zero setup friction** — `npx guardvibe` and you're scanning
13
13
  - **No account required** — runs 100% locally, no API keys, no cloud
14
14
  - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -21,7 +21,7 @@ Most security tools are built for enterprise security teams. GuardVibe is built
21
21
  Next.js App Router, Server Actions, Server Components, React, Express, FastAPI, Go
22
22
 
23
23
  ### Authentication
24
- Clerk, Auth.js (NextAuth), Supabase Auth — middleware checks, secret exposure, session handling
24
+ Clerk, Auth.js (NextAuth), Supabase Auth — middleware checks, secret exposure, session handling, SSR cookie auth, admin method protection, email confirmation, callback code exchange
25
25
 
26
26
  ### Database
27
27
  Supabase (RLS, anon vs service role), Prisma (raw query injection), Drizzle (SQL injection)
@@ -108,7 +108,7 @@ All scanning tools support `format: "json"` for machine-readable output.
108
108
  |----------|-------|----------|
109
109
  | Core OWASP | 20 | SQL injection, XSS, CSRF, command injection, eval, CORS, SSRF |
110
110
  | Next.js App Router | 12 | Server Actions, secret exposure, auth bypass, redirects |
111
- | Auth (Clerk / Auth.js) | 7 | Middleware, secret keys, session storage, role checks |
111
+ | Auth (Clerk / Auth.js / Supabase Auth) | 14 | Middleware, secret keys, session storage, role checks, SSR cookies, admin protection, email confirmation |
112
112
  | Database (Supabase / Prisma / Drizzle) | 7 | Raw queries, client exposure, service role leaks |
113
113
  | Deployment Config | 16 | Vercel, Next.js config, Docker Compose, Fly, Render, Netlify |
114
114
  | Payments (Stripe / Polar / Lemon) | 9 | Webhook signatures, key exposure, price manipulation |
package/build/data/rules/auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,SAAS,EAAE,YAAY,EA0GnC,CAAC"}
1
+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,eAAO,MAAM,SAAS,EAAE,YAAY,EA4MnC,CAAC"}
package/build/data/rules/auth.js CHANGED
@@ -87,5 +87,89 @@ export const authRules = [
87
87
  fixCode: '// CORRECT: validates with Auth server\nconst { data: { user }, error } = await supabase.auth.getUser();\nif (error || !user) throw new Error("Unauthorized");',
88
88
  compliance: ["SOC2:CC6.6"],
89
89
  },
90
+ // Supabase Auth specific rules
91
+ {
92
+ id: "VG440",
93
+ name: "Supabase Auth Signup Without Email Confirmation",
94
+ severity: "high",
95
+ owasp: "A01:2025 Broken Access Control",
96
+ description: "Supabase signUp is called but the app may not enforce email confirmation. Without it, anyone can sign up with a fake email and access the app.",
97
+ pattern: /supabase\.auth\.signUp\s*\(\s*\{[\s\S]{0,300}?(?![\s\S]{0,300}?(?:emailConfirm|email_confirm|confirmEmail|emailRedirectTo))/g,
98
+ languages: ["javascript", "typescript"],
99
+ fix: "Enable email confirmation in Supabase dashboard (Authentication > Settings > Enable email confirmations) and handle the confirmation flow.",
100
+ fixCode: '// Sign up with email redirect for confirmation\nconst { data, error } = await supabase.auth.signUp({\n email,\n password,\n options: {\n emailRedirectTo: `${origin}/auth/callback`,\n },\n});',
101
+ compliance: ["SOC2:CC6.6"],
102
+ },
103
+ {
104
+ id: "VG441",
105
+ name: "Supabase Auth Callback Missing Code Exchange",
106
+ severity: "high",
107
+ owasp: "A01:2025 Broken Access Control",
108
+ description: "Supabase Auth callback route does not exchange the auth code for a session. Without this, OAuth and magic link logins will not work correctly.",
109
+ pattern: /\/auth\/callback[\s\S]*?export\s+(?:async\s+)?function\s+GET\s*\([^)]*\)\s*\{(?:(?!exchangeCodeForSession|code)[\s\S])*?\}/g,
110
+ languages: ["javascript", "typescript"],
111
+ fix: "Exchange the auth code for a session in your callback route.",
112
+ fixCode: '// app/auth/callback/route.ts\nimport { createClient } from "@/utils/supabase/server";\nimport { NextResponse } from "next/server";\n\nexport async function GET(request: Request) {\n const { searchParams, origin } = new URL(request.url);\n const code = searchParams.get("code");\n if (code) {\n const supabase = await createClient();\n await supabase.auth.exchangeCodeForSession(code);\n }\n return NextResponse.redirect(`${origin}/dashboard`);\n}',
113
+ compliance: ["SOC2:CC6.6"],
114
+ },
115
+ {
116
+ id: "VG442",
117
+ name: "Supabase createClient Without SSR Cookie Handling",
118
+ severity: "high",
119
+ owasp: "A01:2025 Broken Access Control",
120
+ description: "Using @supabase/supabase-js createClient directly in Next.js server code instead of @supabase/ssr. Without cookie-based auth, the server has no access to the user session.",
121
+ pattern: /import\s*\{[^}]*createClient[^}]*\}\s*from\s*["']@supabase\/supabase-js["'][\s\S]{0,300}?(?:cookies|headers|NextRequest|NextResponse|getServerSession)/g,
122
+ languages: ["javascript", "typescript"],
123
+ fix: "Use @supabase/ssr for server-side Supabase client in Next.js. It handles cookie-based auth automatically.",
124
+ fixCode: '// utils/supabase/server.ts\nimport { createServerClient } from "@supabase/ssr";\nimport { cookies } from "next/headers";\n\nexport async function createClient() {\n const cookieStore = await cookies();\n return createServerClient(\n process.env.NEXT_PUBLIC_SUPABASE_URL!,\n process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!,\n { cookies: { getAll: () => cookieStore.getAll(), setAll: (c) => c.forEach(({ name, value, options }) => cookieStore.set(name, value, options)) } }\n );\n}',
125
+ compliance: ["SOC2:CC6.6"],
126
+ },
127
+ {
128
+ id: "VG443",
129
+ name: "Supabase Auth Admin Methods in Client Code",
130
+ severity: "critical",
131
+ owasp: "A01:2025 Broken Access Control",
132
+ description: "Supabase admin auth methods (admin.deleteUser, admin.listUsers, admin.createUser) are used in client-side code. These require the service role key and should never run in the browser.",
133
+ pattern: /["']use client["'][\s\S]{0,500}?supabase\.auth\.admin\.\w+\s*\(/g,
134
+ languages: ["javascript", "typescript"],
135
+ fix: "Use Supabase admin auth methods only in server-side code with the service role key.",
136
+ fixCode: '// Server-side only (API route or Server Action)\nconst supabaseAdmin = createClient(url, process.env.SUPABASE_SERVICE_ROLE_KEY!);\nawait supabaseAdmin.auth.admin.deleteUser(userId);',
137
+ compliance: ["SOC2:CC6.6", "HIPAA:§164.312(d)"],
138
+ },
139
+ {
140
+ id: "VG444",
141
+ name: "Supabase Auth Password in URL",
142
+ severity: "high",
143
+ owasp: "A07:2025 Sensitive Data Exposure",
144
+ description: "Password sent via URL query parameter to Supabase auth. Passwords in URLs are logged by browsers, proxies, and servers.",
145
+ pattern: /(?:signInWithPassword|signUp)[\s\S]{0,200}?(?:searchParams|query|req\.query|params)[\s\S]{0,100}?password/gi,
146
+ languages: ["javascript", "typescript"],
147
+ fix: "Always send passwords via POST request body, never in URL parameters.",
148
+ compliance: ["SOC2:CC6.1", "PCI-DSS:Req8"],
149
+ },
150
+ {
151
+ id: "VG445",
152
+ name: "Supabase Auth Token Stored in localStorage",
153
+ severity: "high",
154
+ owasp: "A07:2025 Sensitive Data Exposure",
155
+ description: "Manually storing Supabase auth tokens in localStorage instead of letting the Supabase client handle storage. This is vulnerable to XSS attacks.",
156
+ pattern: /localStorage\.setItem\s*\([\s\S]{0,100}?(?:supabase|sb_|access_token|refresh_token)[\s\S]{0,100}?(?:session|token|access|refresh)/gi,
157
+ languages: ["javascript", "typescript"],
158
+ fix: "Let the Supabase client handle token storage automatically. For SSR, use @supabase/ssr with cookie-based auth.",
159
+ fixCode: "// Don't manually store tokens\n// The Supabase client handles this automatically\nconst supabase = createBrowserClient(\n process.env.NEXT_PUBLIC_SUPABASE_URL!,\n process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!\n);",
160
+ compliance: ["SOC2:CC6.1"],
161
+ },
162
+ {
163
+ id: "VG446",
164
+ name: "Supabase Auth Missing Middleware",
165
+ severity: "high",
166
+ owasp: "A01:2025 Broken Access Control",
167
+ description: "Next.js project uses Supabase Auth but middleware.ts/proxy.ts does not refresh the Supabase session. Without this, sessions expire and users get unexpectedly logged out.",
168
+ pattern: /(?:middleware|proxy)\.(?:ts|js)[\s\S]*?export\s+(?:async\s+)?function\s+middleware[\s\S]*?(?![\s\S]*?(?:supabase|createServerClient|updateSession))/g,
169
+ languages: ["javascript", "typescript"],
170
+ fix: "Add Supabase session refresh to your middleware.",
171
+ fixCode: '// middleware.ts\nimport { createServerClient } from "@supabase/ssr";\nimport { NextResponse, type NextRequest } from "next/server";\n\nexport async function middleware(request: NextRequest) {\n const response = NextResponse.next();\n const supabase = createServerClient(url, anonKey, {\n cookies: { /* cookie handlers */ }\n });\n await supabase.auth.getUser(); // refreshes session\n return response;\n}',
172
+ compliance: ["SOC2:CC6.6"],
173
+ },
90
174
  ];
91
175
  //# sourceMappingURL=auth.js.map
package/build/data/rules/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAEA,+DAA+D;AAC/D,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,kPAAkP;QACpP,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,iOAAiO;QACnO,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD,8EAA8E;IAC9E,mFAAmF;IACnF,uEAAuE;IACvE;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,0GAA0G;QAC5G,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sFAAsF;QAC3F,OAAO,EACL,gIAAgI;QAClI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2GAA2G;QAC7G,OAAO,EAAE,6DAA6D;QACtE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4EAA4E;QACjF,OAAO,EACL,yHAAyH;QAC3H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;KAC7C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,8IAA8I;QAChJ,OAAO,EACL,4FAA4F;QAC9F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gIAAgI;QAClI,OAAO,EACL,6GAA6G;QAC/G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+MAA+M;QACjN,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mCAAmC;QACzC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4EAA4E;QAC9E,OAAO,EACL,uNAAuN;QACzN,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,8NAA8N;QAChO,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,6JAA6J;QAC/J,OAAO,EAAE,kCAAkC;QAC3C,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iDAAiD;QACtD,OAAO,EACL,gKAAgK;QAClK,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;CACF,CAAC"}
1
+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/data/rules/auth.ts"],"names":[],"mappings":"AAEA,+DAA+D;AAC/D,MAAM,CAAC,MAAM,SAAS,GAAmB;IACvC;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,2BAA2B;QACjC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,8FAA8F;QAChG,OAAO,EACL,kPAAkP;QACpP,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kFAAkF;QACvF,OAAO,EACL,iOAAiO;QACnO,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,EAAE,mBAAmB,CAAC;KACrE;IACD,8EAA8E;IAC9E,mFAAmF;IACnF,uEAAuE;IACvE;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,0GAA0G;QAC5G,OAAO,EAAE,mDAAmD;QAC5D,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,sFAAsF;QAC3F,OAAO,EACL,gIAAgI;QAClI,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,0BAA0B;QAChC,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,2GAA2G;QAC7G,OAAO,EAAE,6DAA6D;QACtE,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4EAA4E;QACjF,OAAO,EACL,yHAAyH;QAC3H,UAAU,EAAE,CAAC,YAAY,EAAE,gBAAgB,CAAC;KAC7C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,8IAA8I;QAChJ,OAAO,EACL,4FAA4F;QAC9F,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iFAAiF;QACtF,OAAO,EACL,iKAAiK;QACnK,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,6BAA6B;QACnC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gIAAgI;QAClI,OAAO,EACL,6GAA6G;QAC/G,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iEAAiE;QACtE,OAAO,EACL,+MAA+M;QACjN,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mCAAmC;QACzC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,4EAA4E;QAC9E,OAAO,EACL,uNAAuN;QACzN,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2DAA2D;QAChE,OAAO,EACL,8NAA8N;QAChO,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,wCAAwC;QAC9C,QAAQ,EAAE,QAAQ;QAClB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,6JAA6J;QAC/J,OAAO,EAAE,kCAAkC;QAC3C,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,iDAAiD;QACtD,OAAO,EACL,gKAAgK;QAClK,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IAED,+BAA+B;IAC/B;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,iDAAiD;QACvD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gJAAgJ;QAClJ,OAAO,EAAE,8HAA8H;QACvI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,4IAA4I;QACjJ,OAAO,EACL,wMAAwM;QAC1M,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,8CAA8C;QACpD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,gJAAgJ;QAClJ,OAAO,EAAE,6HAA6H;QACtI,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,8DAA8D;QACnE,OAAO,EACL,4cAA4c;QAC9c,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,mDAAmD;QACzD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,6KAA6K;QAC/K,OAAO,EAAE,yJAAyJ;QAClK,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,2GAA2G;QAChH,OAAO,EACL,yeAAye;QAC3e,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,UAAU;QACpB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,yLAAyL;QAC3L,OAAO,EAAE,kEAAkE;QAC3E,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,qFAAqF;QAC1F,OAAO,EACL,wLAAwL;QAC1L,UAAU,EAAE,CAAC,YAAY,EAAE,mBAAmB,CAAC;KAChD;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,+BAA+B;QACrC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,yHAAyH;QAC3H,OAAO,EAAE,6GAA6G;QACtH,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,uEAAuE;QAC5E,UAAU,EAAE,CAAC,YAAY,EAAE,cAAc,CAAC;KAC3C;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,4CAA4C;QAClD,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,kCAAkC;QACzC,WAAW,EACT,iJAAiJ;QACnJ,OAAO,EAAE,qIAAqI;QAC9I,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,gHAAgH;QACrH,OAAO,EACL,sNAAsN;QACxN,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;IACD;QACE,EAAE,EAAE,OAAO;QACX,IAAI,EAAE,kCAAkC;QACxC,QAAQ,EAAE,MAAM;QAChB,KAAK,EAAE,gCAAgC;QACvC,WAAW,EACT,2KAA2K;QAC7K,OAAO,EAAE,sJAAsJ;QAC/J,SAAS,EAAE,CAAC,YAAY,EAAE,YAAY,CAAC;QACvC,GAAG,EAAE,kDAAkD;QACvD,OAAO,EACL,+ZAA+Z;QACja,UAAU,EAAE,CAAC,YAAY,CAAC;KAC3B;CACF,CAAC"}
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "guardvibe",
3
- "version": "0.9.4",
4
- "description": "Security MCP for vibe coding. 120 rules for Next.js, Supabase, Stripe, Clerk, Prisma, Vercel, and the full AI-generated web app stack.",
3
+ "version": "0.9.5",
4
+ "description": "Security MCP for vibe coding. 127 rules for Next.js, Supabase, Stripe, Clerk, Prisma, Vercel, and the full AI-generated web app stack.",
5
5
  "type": "module",
6
6
  "bin": {
7
7
  "guardvibe": "build/index.js",