guardvibe 2.4.5 → 2.7.3

package/CHANGELOG.md

@@ -5,6 +5,48 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.7.1] - 2026-04-04
+
+### Fixed
+- `--output` flag without value no longer creates a file named "true" — now errors with clear message
+- `--fail-on` default standardized to "critical" across all CLI commands (was inconsistently "high" in `guardvibe-scan`)
+- `--format` with invalid value (e.g., "yaml") now errors explicitly instead of silently falling back to markdown
+- `--output` with nested path (e.g., `--output reports/deep/out.json`) now auto-creates parent directories
+- CLI error messages now consistently use `[ERR]` prefix across all commands
+
+### Changed
+- Secret redaction expanded from 3 to 13 patterns — now covers AWS keys, GitHub tokens, Stripe keys, Google API keys, Slack tokens, SendGrid keys, private key headers, and DATABASE_URL
+- `guardvibe-init` binary entry removed as part of early CLI surface cleanup. Use `guardvibe init` going forward. This simplifies the public CLI before wider adoption.
+
+### Added
+- 21 new stabilization tests covering all v2.7.1 fixes
+
+## [2.7.0] - 2026-04-04
+
+### Added
+- `npx guardvibe doctor` CLI command with `--scope`, `--format`, `--output`, `--fail-on` flags
+- CLI modular decomposition: `src/cli/` with args, init, hook, ci, scan, doctor, remediation modules
+- Host-specific remediation: findings now include platform-tailored fix steps for Claude, Cursor, VS Code, Gemini, Windsurf, Shell, and .env files
+- 13 new doctor CLI tests
+
+## [2.6.0] - 2026-04-04
+
+### Added
+- Host security: `guardvibe_doctor` unified host hardening scanner
+- `audit_mcp_config` — MCP configuration scanner (CVE-2025-59536 hook injection)
+- `scan_host_config` — environment scanner (CVE-2026-21852 base URL hijack)
+- Four-axis finding model: severity, trustState, verdict, confidence
+- 14 new AI host security rules (VG880-VG895)
+- Secret redaction in all output paths
+- `.guardviberc` allowlist support for trusted servers, base URLs, registries
+
+## [2.5.0] - 2026-04-04
+
+### Added
+- Cross-file taint analysis — tracks tainted data flowing across module boundaries (`analyze_cross_file_dataflow` tool)
+- Import/export resolution, module graph building, and cross-file taint propagation
+- Detects SQL injection, XSS, open redirect, code injection, and path traversal across files
+
 ## [2.4.5] - 2026-04-04
 
 ### Added

package/README.md

@@ -6,7 +6,7 @@
 [![npm provenance](https://img.shields.io/badge/provenance-verified-brightgreen)](https://www.npmjs.com/package/guardvibe)
 [![codecov](https://codecov.io/gh/goklab/guardvibe/graph/badge.svg)](https://codecov.io/gh/goklab/guardvibe)
 
-**The security MCP built for vibe coding.** 313 security rules covering the entire AI-generated code journey — from first line to production deployment.
+**The security MCP built for vibe coding.** 330 security rules, 29 tools covering the entire AI-generated code journey — from first line to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -14,7 +14,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **313 security rules** purpose-built for the stacks AI agents generate
+- **330 security rules, 29 tools** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -35,12 +35,13 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
 | Runs inside AI agents (MCP) | Native | Not supported | Not supported |
 | Zero config setup | `npx guardvibe` | Account + config required | Built-in (limited) |
 | Vibecoding stack rules (Next.js, Supabase, Clerk, tRPC, Hono) | 100+ dedicated | Generic patterns | Not applicable |
-| AI/LLM security (prompt injection, MCP, tool abuse) | 17 rules | Experimental/None | None |
+| AI/LLM security (prompt injection, MCP, tool abuse) | 30 rules | Experimental/None | None |
+| AI host security (CVE-2025-59536, CVE-2026-21852) | `guardvibe doctor` | Not supported | Not supported |
 | Auto-fix suggestions for AI agents | `fix_code` tool | CLI autofix | Not supported |
 | CVE version detection | 21 packages | Extensive | Extensive |
 | Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |
 | SARIF CI/CD export | Yes | Yes | Limited |
-| Rule count | 313 (focused) | 5000+ (broad) | N/A |
+| Rule count | 330 (focused) | 5000+ (broad) | N/A |
 
 **When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.
 
@@ -149,6 +150,9 @@ Resend (email HTML injection), Upstash Redis, Pinecone, PostHog, Google Analytic
 ### AI / LLM Security
 Prompt injection detection, LLM output sinks, system prompt leaks, MCP server SSRF/path traversal/command injection, `dangerouslyAllowBrowser`, missing `maxTokens`, AI API key client exposure, indirect prompt injection via external data
 
+### AI Host Security (NEW in v2.6.0+)
+`guardvibe doctor` — unified host hardening scanner detecting CVE-2025-59536 (hook injection via `.claude/settings.json`), CVE-2026-21852 (API key exfiltration via `ANTHROPIC_BASE_URL` override), MCP config audit, environment scanner, permission analysis. Supports Claude, Cursor, VS Code, Gemini, Windsurf. Host-specific remediation with platform-tailored fix steps.
+
 ### OWASP API Security
 BOLA/IDOR (Broken Object Level Authorization), mass assignment (spread request body, Object.assign), missing pagination, rate limiting, admin endpoint authorization, verbose error leaks
 
@@ -179,7 +183,7 @@ SOC2, PCI-DSS, HIPAA control mapping with compliance reports
 ### Supply Chain
 Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 
-## Tools (25 MCP tools)
+## Tools (29 MCP tools)
 
 | Tool | What it does |
 |------|-------------|
@@ -201,6 +205,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 | `scan_secrets_history` | Scan git history for leaked secrets (active and removed) |
 | `policy_check` | Check project against compliance policies defined in .guardviberc |
 | `analyze_dataflow` | Track tainted data flows from user input to dangerous sinks |
+| `analyze_cross_file_dataflow` | **Cross-file taint analysis** — track tainted data across module boundaries |
 | `check_command` | Analyze shell commands for security risks before execution |
 | `scan_config_change` | Compare config file versions to detect security downgrades |
 | `repo_security_posture` | Assess overall repository security posture and map sensitive areas |
@@ -208,26 +213,31 @@ Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 | `scan_file` | Real-time single-file scan — designed for post-edit hooks |
 | `scan_changed_files` | Scan only git-changed files — for PRs and incremental CI |
 | `security_stats` | Cumulative security dashboard — scans, fixes, grade trend over time |
+| `guardvibe_doctor` | **Host security audit** — CVE-2025-59536, CVE-2026-21852, MCP config, env scanner |
+| `audit_mcp_config` | Audit MCP server configurations for hook injection, file:// abuse, sensitive paths |
+| `scan_host_config` | Scan shell profiles, .env files for base URL hijack and credential sniffing |
 
 All scanning tools support `format: "json"` for machine-readable output.
 
-## Security Rules (313 rules across 23 modules)
+## Security Rules (330 rules across 25 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|
 | Core OWASP | 38 | SQL injection, XSS, CSRF, command injection, CORS, SSRF, hardcoded secrets |
 | Next.js App Router | 17 | Server Actions, secret exposure, auth bypass, CSP, redirects |
 | Auth (Clerk / Auth.js / Supabase Auth) | 16 | Middleware, secret keys, session storage, role checks, SSR cookies |
-| Database (Supabase / Prisma / Drizzle) | 10 | Raw queries, client exposure, service role leaks |
+| Database (Supabase / Prisma / Drizzle) | 11 | Raw queries, client exposure, service role leaks, NoSQL injection |
 | OWASP API Security | 10 | BOLA/IDOR, mass assignment, pagination, rate limiting, error leaks |
-| Modern Stack | 36 | Zod, tRPC, Hono, GraphQL, Uploadthing, Turso, Convex, OAuth, CSP, webhooks, AI SDK |
-| Deployment Config | 20 | Vercel, Next.js config, Docker Compose, Fly, Render, Netlify, Cloudflare |
+| Modern Stack | 37 | Zod, tRPC, Hono, GraphQL, Uploadthing, Turso, Convex, OAuth, CSP, webhooks, AI SDK |
+| Deployment Config | 21 | Vercel, Next.js config, Docker Compose, Fly, Render, Netlify, Cloudflare, K8s secrets |
 | Payments (Stripe / Polar / Lemon) | 9 | Webhook signatures, key exposure, price manipulation |
 | Services (Resend / Upstash / Pinecone / PostHog) | 11 | API key leaks, PII tracking, email injection |
 | Web Security | 15 | Webhooks, CSP, .env safety, AI key exposure, cookie handling |
 | React Native / Expo | 10 | AsyncStorage secrets, deep links, ATS, hardcoded URLs |
 | Firebase | 7 | Firestore rules, admin SDK, storage, custom tokens |
 | AI / LLM Security | 16 | Prompt injection, MCP SSRF, excessive agency, indirect injection |
+| **AI Host Security** | **10** | **CVE-2025-59536 hook injection, CVE-2026-21852 base URL hijack, MCP config audit** |
+| **AI Tool Runtime** | **4** | **MCP tool output sanitization, obfuscated descriptions, safety bypass** |
 | CVE Version Intelligence | 21 | Known vulnerable versions in package.json (21 CVEs) |
 | Shell / Bash | 5 | Pipe to bash, chmod 777, rm -rf, sudo password |
 | SQL | 4 | DROP/DELETE without WHERE, stacked queries, GRANT ALL |
@@ -242,12 +252,32 @@ All scanning tools support `format: "json"` for machine-readable output.
 ## CLI Commands
 
 ```bash
-npx guardvibe init <platform>    # Setup MCP server (claude, cursor, gemini, all)
-npx guardvibe hook install       # Install pre-commit hook
-npx guardvibe hook uninstall     # Remove pre-commit hook
-npx guardvibe ci github          # Generate GitHub Actions workflow
-npx guardvibe-scan               # Scan staged files (for pre-commit)
+# Scanning
+npx guardvibe scan [path]            # Scan a directory for security issues
+npx guardvibe scan . --format json   # JSON output for automation
+npx guardvibe check <file>           # Scan a single file
+npx guardvibe diff [base]            # Scan only changed files since git ref
+
+# Host security audit
+npx guardvibe doctor                 # Host hardening audit (project scope)
+npx guardvibe doctor --scope host    # + shell profiles, global MCP configs
+npx guardvibe doctor --scope full    # + home dir configs
+npx guardvibe doctor --format json   # JSON output
+
+# Setup
+npx guardvibe init <platform>       # Setup MCP server (claude, cursor, gemini, all)
+npx guardvibe hook install           # Install pre-commit hook
+npx guardvibe hook uninstall         # Remove pre-commit hook
+npx guardvibe ci github              # Generate GitHub Actions workflow
+
+# Pre-commit / CI
+npx guardvibe-scan                   # Scan staged files (for pre-commit)
 npx guardvibe-scan --format sarif --output results.sarif  # CI mode
+
+# Options (all scan commands)
+#   --format markdown|json|sarif|buddy
+#   --output <file>     Write results to file
+#   --fail-on <level>   Exit 1 on findings: critical|high|medium|low|none
 ```
 
 ## Plugin System

package/build/cli/args.d.ts

@@ -0,0 +1,15 @@
+/**
+ * CLI argument parsing utilities
+ */
+export declare function getStringFlag(flags: Record<string, string | true>, key: string): string | null;
+export declare function validateFormat(flags: Record<string, string | true>): string;
+export declare function getOutputPath(flags: Record<string, string | true>): string | null;
+export declare function parseArgs(args: string[]): {
+    flags: Record<string, string | true>;
+    positional: string[];
+};
+/**
+ * Check if scan results should cause a non-zero exit based on --fail-on flag.
+ * Default: "critical" — only exit 1 on critical findings.
+ */
+export declare function shouldFail(result: string, failOn: string): boolean;

package/build/cli/args.js

@@ -0,0 +1,78 @@
+/**
+ * CLI argument parsing utilities
+ */
+const VALID_FORMATS = new Set(["markdown", "json", "sarif", "buddy"]);
+export function getStringFlag(flags, key) {
+    const val = flags[key];
+    if (val === undefined || val === true)
+        return null;
+    return val;
+}
+export function validateFormat(flags) {
+    const format = getStringFlag(flags, "format") ?? "markdown";
+    if (!VALID_FORMATS.has(format)) {
+        console.error(`  [ERR] Invalid format "${format}". Use: markdown, json, sarif, or buddy`);
+        process.exit(1);
+    }
+    return format;
+}
+export function getOutputPath(flags) {
+    const val = flags.output;
+    if (val === undefined)
+        return null;
+    if (val === true) {
+        console.error("  [ERR] --output requires a file path. Usage: --output results.json");
+        process.exit(1);
+    }
+    return val;
+}
+export function parseArgs(args) {
+    const flags = {};
+    const positional = [];
+    for (let i = 0; i < args.length; i++) {
+        if (args[i].startsWith("--")) {
+            const key = args[i].slice(2);
+            const next = args[i + 1];
+            if (next && !next.startsWith("--")) {
+                flags[key] = next;
+                i++;
+            }
+            else {
+                flags[key] = true;
+            }
+        }
+        else {
+            positional.push(args[i]);
+        }
+    }
+    return { flags, positional };
+}
+/**
+ * Check if scan results should cause a non-zero exit based on --fail-on flag.
+ * Default: "critical" — only exit 1 on critical findings.
+ */
+export function shouldFail(result, failOn) {
+    if (failOn === "none")
+        return false;
+    const levels = {
+        low: ["critical", "high", "medium", "low"],
+        medium: ["critical", "high", "medium"],
+        high: ["critical", "high"],
+        critical: ["critical"],
+    };
+    const failLevels = levels[failOn] || levels.critical;
+    // Try JSON format first
+    try {
+        const parsed = JSON.parse(result);
+        if (parsed.summary) {
+            return failLevels.some(level => (parsed.summary[level] ?? 0) > 0);
+        }
+        if (parsed.findings) {
+            return parsed.findings.some((f) => failLevels.includes(f.severity));
+        }
+    }
+    catch { /* not JSON, try markdown tags */ }
+    // Markdown format: check for [SEVERITY] tags
+    const tags = failLevels.map(l => `[${l.toUpperCase()}]`);
+    return tags.some(tag => result.includes(tag));
+}

package/build/cli/ci.d.ts

@@ -0,0 +1,5 @@
+/**
+ * CLI: guardvibe ci <provider>
+ * Generates CI/CD workflow configurations.
+ */
+export declare function runCi(args: string[]): void;

package/build/cli/ci.js

@@ -0,0 +1,67 @@
+/**
+ * CLI: guardvibe ci <provider>
+ * Generates CI/CD workflow configurations.
+ */
+import { writeFileSync, mkdirSync, existsSync } from "fs";
+import { join } from "path";
+const GITHUB_ACTIONS_WORKFLOW = `name: GuardVibe Security Scan
+
+on:
+  pull_request:
+    branches: [main, master]
+  push:
+    branches: [main, master]
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  security-scan:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+
+      - name: Run GuardVibe security scan
+        run: npx -y guardvibe-scan --format sarif --output guardvibe-results.sarif
+
+      - name: Upload SARIF to GitHub Security
+        if: always()
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: guardvibe-results.sarif
+          category: guardvibe
+`;
+function generateGitHubActions() {
+    const workflowDir = join(process.cwd(), ".github", "workflows");
+    if (!existsSync(workflowDir)) {
+        mkdirSync(workflowDir, { recursive: true });
+    }
+    const workflowPath = join(workflowDir, "guardvibe.yml");
+    if (existsSync(workflowPath)) {
+        console.log("  [OK] .github/workflows/guardvibe.yml already exists.");
+        return;
+    }
+    writeFileSync(workflowPath, GITHUB_ACTIONS_WORKFLOW, "utf-8");
+    console.log("  [OK] Created .github/workflows/guardvibe.yml");
+    console.log("  [OK] SARIF results will appear in GitHub Security tab.");
+}
+export function runCi(args) {
+    const provider = args[0]?.toLowerCase();
+    console.log(`\n  GuardVibe CI/CD Setup\n`);
+    if (provider === "github") {
+        generateGitHubActions();
+    }
+    else {
+        console.error("  [ERR] Unknown CI provider. Usage: npx guardvibe ci github");
+        process.exit(1);
+    }
+    console.log();
+}

package/build/cli/doctor.d.ts

@@ -0,0 +1,5 @@
+/**
+ * CLI: guardvibe doctor
+ * Host hardening audit from terminal with host-specific remediation.
+ */
+export declare function runDoctor(args: string[]): Promise<void>;

package/build/cli/doctor.js

@@ -0,0 +1,35 @@
+/**
+ * CLI: guardvibe doctor
+ * Host hardening audit from terminal with host-specific remediation.
+ */
+import { writeFileSync, existsSync, mkdirSync } from "fs";
+import { resolve, dirname } from "path";
+import { parseArgs, shouldFail, validateFormat, getOutputPath, getStringFlag } from "./args.js";
+import { doctor } from "../tools/doctor.js";
+export async function runDoctor(args) {
+    const { flags, positional } = parseArgs(args);
+    const targetPath = resolve(positional[0] ?? ".");
+    const scope = (getStringFlag(flags, "scope") ?? "project");
+    const format = validateFormat(flags);
+    const outputFile = getOutputPath(flags);
+    if (!["project", "host", "full"].includes(scope)) {
+        console.error(`  [ERR] Invalid scope "${scope}". Use: project, host, or full`);
+        process.exit(1);
+    }
+    const formatArg = format === "json" ? "json" : "markdown";
+    const result = doctor(targetPath, scope, formatArg);
+    if (outputFile) {
+        const dir = dirname(outputFile);
+        if (!existsSync(dir)) {
+            mkdirSync(dir, { recursive: true });
+        }
+        writeFileSync(outputFile, result, "utf-8");
+        console.log(`  [OK] Results written to ${outputFile}`);
+    }
+    else {
+        console.log(result);
+    }
+    const failOn = getStringFlag(flags, "fail-on") ?? "high";
+    if (shouldFail(result, failOn))
+        process.exit(1);
+}

package/build/cli/hook.d.ts

@@ -0,0 +1,5 @@
+/**
+ * CLI: guardvibe hook install|uninstall
+ * Manages pre-commit security hooks.
+ */
+export declare function runHook(args: string[]): void;

package/build/cli/hook.js

@@ -0,0 +1,90 @@
+/**
+ * CLI: guardvibe hook install|uninstall
+ * Manages pre-commit security hooks.
+ */
+import { readFileSync, writeFileSync, mkdirSync, existsSync, chmodSync, unlinkSync } from "fs";
+import { join } from "path";
+const HOOK_SCRIPT = `#!/bin/sh
+# GuardVibe pre-commit security hook
+# Installed by: npx guardvibe hook install
+
+echo "🔒 GuardVibe: scanning staged files..."
+
+# Run guardvibe scan on staged files
+RESULT=$(npx -y guardvibe-scan 2>&1)
+EXIT_CODE=$?
+
+if [ $EXIT_CODE -ne 0 ]; then
+  echo ""
+  echo "$RESULT"
+  echo ""
+  echo "❌ GuardVibe: security issues found. Fix them or commit with --no-verify to skip."
+  exit 1
+fi
+
+echo "✅ GuardVibe: all checks passed."
+`;
+function installHook() {
+    const gitDir = join(process.cwd(), ".git");
+    if (!existsSync(gitDir)) {
+        console.error("  [ERR] Not a git repository. Run this from your project root.");
+        process.exit(1);
+    }
+    const hooksDir = join(gitDir, "hooks");
+    if (!existsSync(hooksDir)) {
+        mkdirSync(hooksDir, { recursive: true });
+    }
+    const hookPath = join(hooksDir, "pre-commit");
+    if (existsSync(hookPath)) {
+        const existing = readFileSync(hookPath, "utf-8");
+        if (existing.includes("GuardVibe")) {
+            console.log("  [OK] GuardVibe pre-commit hook already installed.");
+            return;
+        }
+        writeFileSync(hookPath, existing + "\n" + HOOK_SCRIPT, "utf-8");
+        console.log("  [OK] GuardVibe added to existing pre-commit hook.");
+    }
+    else {
+        writeFileSync(hookPath, HOOK_SCRIPT, "utf-8");
+        chmodSync(hookPath, 0o755);
+        console.log("  [OK] Pre-commit hook installed at .git/hooks/pre-commit");
+    }
+}
+function uninstallHook() {
+    const hookPath = join(process.cwd(), ".git", "hooks", "pre-commit");
+    if (!existsSync(hookPath)) {
+        console.log("  [OK] No pre-commit hook found.");
+        return;
+    }
+    const content = readFileSync(hookPath, "utf-8");
+    if (!content.includes("GuardVibe")) {
+        console.log("  [OK] Pre-commit hook exists but doesn't contain GuardVibe.");
+        return;
+    }
+    const cleaned = content
+        .replace(/\n?# GuardVibe pre-commit security hook[\s\S]*?GuardVibe: all checks passed[."]*\n?/g, "")
+        .trim();
+    if (!cleaned || cleaned === "#!/bin/sh") {
+        unlinkSync(hookPath);
+        console.log("  [OK] Pre-commit hook removed.");
+    }
+    else {
+        writeFileSync(hookPath, cleaned + "\n", "utf-8");
+        console.log("  [OK] GuardVibe removed from pre-commit hook (other hooks preserved).");
+    }
+}
+export function runHook(args) {
+    const action = args[0]?.toLowerCase();
+    console.log(`\n  GuardVibe Pre-Commit Hook\n`);
+    if (action === "install") {
+        installHook();
+    }
+    else if (action === "uninstall") {
+        uninstallHook();
+    }
+    else {
+        console.error("  [ERR] Unknown action. Usage: npx guardvibe hook install|uninstall");
+        process.exit(1);
+    }
+    console.log();
+}

package/build/cli/init.d.ts

@@ -0,0 +1,5 @@
+/**
+ * CLI: guardvibe init <platform>
+ * Sets up MCP server configuration for AI coding hosts.
+ */
+export declare function runInit(args: string[]): void;