guardvibe 2.4.5 → 2.7.3

package/build/tools/doctor.js

@@ -0,0 +1,123 @@
+import { readFileSync, existsSync } from "fs";
+import { join, resolve } from "path";
+import { formatHostFindings, redactSecrets } from "../server/types.js";
+import { auditMcpConfig } from "./audit-mcp-config.js";
+import { scanHostConfig } from "./scan-host-config.js";
+import { enrichAllRemediations } from "../cli/remediation.js";
+/**
+ * guardvibe_doctor — Unified host hardening scanner
+ *
+ * Orchestrates multiple analyzers to provide a comprehensive
+ * security assessment of AI coding host configuration.
+ *
+ * Analyzers:
+ * 1. MCP Config (audit_mcp_config) — hooks, servers, tool access
+ * 2. Host Environment (scan_host_config) — base URL hijack, env sniffing
+ * 3. Permissions (inline) — allowedTools wildcards, sensitive paths
+ * 4. File Transport (inline) — file:// references, path traversal
+ */
+export function doctor(projectPath, scope = "project", format = "markdown") {
+    const root = resolve(projectPath);
+    const doctorConfig = loadDoctorConfig(root);
+    const allFindings = [];
+    const allScanned = [];
+    const allSkipped = [];
+    // ── Analyzer 1: MCP Config ──────────────────────────────────────
+    const mcpResult = auditMcpConfig(root, doctorConfig);
+    allFindings.push(...mcpResult.findings);
+    allScanned.push(...mcpResult.scannedFiles);
+    allSkipped.push(...mcpResult.skippedFiles);
+    // ── Analyzer 2: Host Environment ────────────────────────────────
+    const hostResult = scanHostConfig(root, scope, doctorConfig);
+    allFindings.push(...hostResult.findings);
+    allScanned.push(...hostResult.scannedFiles);
+    allSkipped.push(...hostResult.skippedFiles);
+    // ── Analyzer 3: Permissions (inline scan) ───────────────────────
+    scanPermissions(root, doctorConfig, allFindings, allScanned, allSkipped);
+    // ── Host-Specific Remediation Enrichment ─────────────────────────
+    enrichAllRemediations(allFindings);
+    // ── Output ──────────────────────────────────────────────────────
+    const title = `GuardVibe Doctor — Host Security Audit (scope: ${scope})`;
+    const output = formatHostFindings(allFindings, allScanned, allSkipped, format, title);
+    return redactSecrets(output);
+}
+/**
+ * Load doctor-specific config from .guardviberc
+ */
+function loadDoctorConfig(root) {
+    const configPath = findConfigFileUp(root, ".guardviberc");
+    if (!configPath)
+        return {};
+    try {
+        const content = readFileSync(configPath, "utf-8");
+        const parsed = JSON.parse(content);
+        return parsed.doctor ?? {};
+    }
+    catch {
+        return {};
+    }
+}
+function findConfigFileUp(startDir, filename) {
+    let current = startDir;
+    const fsRoot = resolve("/");
+    while (true) {
+        const candidate = join(current, filename);
+        if (existsSync(candidate))
+            return candidate;
+        const parent = resolve(current, "..");
+        if (parent === current || current === fsRoot)
+            break;
+        current = parent;
+    }
+    return null;
+}
+/**
+ * Inline permissions analyzer — checks for overly permissive
+ * configurations that don't fit in other analyzers.
+ */
+function scanPermissions(root, _doctorConfig, findings, scannedFiles, _skippedFiles) {
+    // Check .claude.json for permissive patterns
+    const claudeJson = join(root, ".claude.json");
+    if (existsSync(claudeJson)) {
+        if (!scannedFiles.includes(claudeJson))
+            scannedFiles.push(claudeJson);
+        try {
+            const content = readFileSync(claudeJson, "utf-8");
+            const parsed = JSON.parse(content);
+            // Check for allowedTools with dangerous patterns
+            if (Array.isArray(parsed.permissions?.allow)) {
+                for (const perm of parsed.permissions.allow) {
+                    if (typeof perm === "string" && /^(?:Bash|Edit|Write)\(.*\*.*\)$/i.test(perm)) {
+                        findings.push({
+                            ruleId: "VG893",
+                            severity: "medium",
+                            trustState: "unknown",
+                            verdict: "risky",
+                            confidence: "medium",
+                            source: "core",
+                            file: claudeJson,
+                            description: `Broad permission pattern "${perm}" — may grant unintended access`,
+                            remediation: "Replace broad wildcard permissions with specific, scoped patterns.",
+                        });
+                    }
+                }
+            }
+            // Check for deny list being empty when allow list is broad
+            if (Array.isArray(parsed.permissions?.allow) && parsed.permissions.allow.length > 10
+                && (!parsed.permissions?.deny || parsed.permissions.deny.length === 0)) {
+                findings.push({
+                    ruleId: "VG885",
+                    severity: "low",
+                    trustState: "unknown",
+                    verdict: "observed",
+                    confidence: "low",
+                    source: "core",
+                    file: claudeJson,
+                    description: "Large allow list with no deny list — consider adding explicit denials for sensitive operations",
+                    remediation: "Add a deny list to explicitly block dangerous operations (e.g., rm -rf, git push --force).",
+                });
+            }
+        }
+        catch { /* invalid JSON already caught by MCP config scanner */ }
+    }
+}

package/build/tools/scan-host-config.d.ts

@@ -0,0 +1,10 @@
+import type { HostFinding, DoctorConfig, DoctorScope } from "../server/types.js";
+/**
+ * Scan host environment configuration for security issues.
+ * Checks .env files, shell profiles, and environment variables.
+ */
+export declare function scanHostConfig(projectPath: string, scope?: DoctorScope, doctorConfig?: DoctorConfig): {
+    findings: HostFinding[];
+    scannedFiles: string[];
+    skippedFiles: string[];
+};

package/build/tools/scan-host-config.js

@@ -0,0 +1,181 @@
+import { readFileSync, existsSync } from "fs";
+import { join, resolve } from "path";
+import { homedir } from "os";
+// Known legitimate base URLs
+const ANTHROPIC_HOSTS = ["api.anthropic.com"];
+const OPENAI_HOSTS = ["api.openai.com"];
+const BASE_URL_PATTERN = /(?:ANTHROPIC_BASE_URL|OPENAI_BASE_URL|ANTHROPIC_API_BASE|OPENAI_API_BASE)\s*=\s*['"]?(https?:\/\/[^\s'"#]+)/gi;
+const API_KEY_EXPORT = /export\s+(?:ANTHROPIC_API_KEY|OPENAI_API_KEY|ANTHROPIC_KEY|OPENAI_KEY)\s*=\s*['"]?([^\s'"]+)/gi;
+const ENV_SNIFF = /(?:echo|cat|printenv|env\s|set\s)[\s|]*(?:\$(?:ANTHROPIC|OPENAI|CLAUDE|API)_\w+|\$\{(?:ANTHROPIC|OPENAI|CLAUDE|API)_\w+\})/gi;
+/**
+ * Scan host environment configuration for security issues.
+ * Checks .env files, shell profiles, and environment variables.
+ */
+export function scanHostConfig(projectPath, scope = "project", doctorConfig) {
+    const findings = [];
+    const scannedFiles = [];
+    const skippedFiles = [];
+    const root = resolve(projectPath);
+    const home = homedir();
+    const trustedBaseUrls = new Set(doctorConfig?.trustedBaseUrls ?? []);
+    const ignorePaths = new Set(doctorConfig?.ignorePaths ?? []);
+    // Project-scope .env files
+    const envFiles = [
+        join(root, ".env"),
+        join(root, ".env.local"),
+        join(root, ".env.production"),
+        join(root, ".env.development"),
+    ];
+    for (const envFile of envFiles) {
+        const relPath = envFile.replace(root + "/", "");
+        if (ignorePaths.has(relPath) || ignorePaths.has(envFile)) {
+            skippedFiles.push(envFile);
+            continue;
+        }
+        scanEnvFile(envFile, findings, scannedFiles, skippedFiles, trustedBaseUrls);
+    }
+    // Host-scope: shell profiles
+    if (scope === "host" || scope === "full") {
+        const shellProfiles = [
+            join(home, ".bashrc"),
+            join(home, ".zshrc"),
+            join(home, ".profile"),
+            join(home, ".bash_profile"),
+            join(home, ".zprofile"),
+        ];
+        for (const profile of shellProfiles) {
+            scanShellProfile(profile, findings, scannedFiles, skippedFiles, trustedBaseUrls);
+        }
+    }
+    // Host-scope: global AI host configs
+    if (scope === "host" || scope === "full") {
+        const globalConfigs = [
+            { path: join(home, ".gemini", "settings.json"), host: "Gemini" },
+            { path: join(home, ".codeium", "windsurf", "mcp_config.json"), host: "Windsurf" },
+        ];
+        for (const { path: configPath } of globalConfigs) {
+            if (!existsSync(configPath)) {
+                skippedFiles.push(configPath);
+                continue;
+            }
+            scannedFiles.push(configPath);
+            try {
+                const content = readFileSync(configPath, "utf-8");
+                scanContentForBaseUrls(content, configPath, findings, trustedBaseUrls);
+            }
+            catch {
+                skippedFiles.push(configPath);
+            }
+        }
+    }
+    return { findings, scannedFiles, skippedFiles };
+}
+function scanEnvFile(filePath, findings, scannedFiles, skippedFiles, trustedBaseUrls) {
+    if (!existsSync(filePath)) {
+        skippedFiles.push(filePath);
+        return;
+    }
+    scannedFiles.push(filePath);
+    let content;
+    try {
+        content = readFileSync(filePath, "utf-8");
+    }
+    catch {
+        skippedFiles.push(filePath);
+        return;
+    }
+    scanContentForBaseUrls(content, filePath, findings, trustedBaseUrls);
+}
+function scanShellProfile(filePath, findings, scannedFiles, skippedFiles, trustedBaseUrls) {
+    if (!existsSync(filePath)) {
+        skippedFiles.push(filePath);
+        return;
+    }
+    scannedFiles.push(filePath);
+    let content;
+    try {
+        content = readFileSync(filePath, "utf-8");
+    }
+    catch {
+        skippedFiles.push(filePath);
+        return;
+    }
+    // Check for base URL overrides
+    scanContentForBaseUrls(content, filePath, findings, trustedBaseUrls);
+    // Check for env variable sniffing patterns
+    ENV_SNIFF.lastIndex = 0;
+    let match;
+    while ((match = ENV_SNIFF.exec(content)) !== null) {
+        const lineNum = content.slice(0, match.index).split("\n").length;
+        findings.push({
+            ruleId: "VG882",
+            severity: "medium",
+            trustState: "suspicious",
+            verdict: "risky",
+            confidence: "low",
+            source: "core",
+            file: filePath,
+            line: lineNum,
+            description: "Shell profile reads/outputs AI API environment variables — potential credential sniffing",
+            remediation: "Review why shell profile accesses AI API keys. Remove if not intentional.",
+        });
+    }
+    // Check for API key exports (hardcoded in profile)
+    API_KEY_EXPORT.lastIndex = 0;
+    while ((match = API_KEY_EXPORT.exec(content)) !== null) {
+        const lineNum = content.slice(0, match.index).split("\n").length;
+        findings.push({
+            ruleId: "VG882",
+            severity: "high",
+            trustState: "suspicious",
+            verdict: "risky",
+            confidence: "high",
+            source: "core",
+            file: filePath,
+            line: lineNum,
+            description: "API key exported in shell profile — key is visible in process environment and shell history",
+            remediation: "Move API keys to a secure secrets manager or .env file (not tracked by git). Remove from shell profile.",
+        });
+    }
+}
+function scanContentForBaseUrls(content, file, findings, trustedBaseUrls) {
+    BASE_URL_PATTERN.lastIndex = 0;
+    let match;
+    while ((match = BASE_URL_PATTERN.exec(content)) !== null) {
+        const url = match[1];
+        const lineNum = content.slice(0, match.index).split("\n").length;
+        // Check if trusted
+        if (trustedBaseUrls.has(url)) {
+            continue;
+        }
+        // Determine which provider
+        const envVar = match[0].split("=")[0].trim();
+        const isAnthropic = /ANTHROPIC/i.test(envVar);
+        const isOpenai = /OPENAI/i.test(envVar);
+        let hostname;
+        try {
+            hostname = new URL(url).hostname;
+        }
+        catch {
+            hostname = url;
+        }
+        const legitimateHosts = isAnthropic ? ANTHROPIC_HOSTS : isOpenai ? OPENAI_HOSTS : [];
+        const isLegitimate = legitimateHosts.some(h => hostname === h || hostname.endsWith(`.${h}`));
+        if (isLegitimate)
+            continue;
+        const isLocalhost = /^(?:localhost|127\.0\.0\.1|0\.0\.0\.0|::1)/.test(hostname);
+        findings.push({
+            ruleId: isAnthropic ? "VG882" : "VG883",
+            severity: isLocalhost ? "medium" : "high",
+            trustState: isLocalhost ? "unknown" : "suspicious",
+            verdict: isLocalhost ? "observed" : "risky",
+            confidence: isLocalhost ? "medium" : "medium",
+            source: "core",
+            file,
+            line: lineNum,
+            description: `${envVar} set to non-official domain (${hostname}) — API traffic redirection${isAnthropic ? " (CVE-2026-21852)" : ""}`,
+            remediation: `Remove the ${envVar} override, or add "${url}" to trustedBaseUrls in .guardviberc if it's a legitimate corporate proxy.`,
+            patchPreview: `# .guardviberc\n{ "doctor": { "trustedBaseUrls": ["${url}"] } }`,
+        });
+    }
+}

package/package.json

@@ -1,12 +1,11 @@
 {
   "name": "guardvibe",
-  "version": "2.4.5",
+  "version": "2.7.3",
   "mcpName": "io.github.goklab/guardvibe",
-  "description": "Security MCP for vibe coding. 313 rules, 25 tools for Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
+  "description": "Security MCP for vibe coding. 330 rules, 29 tools, CLI + doctor. Host security: CVE-2025-59536 hook injection, CVE-2026-21852 base URL hijack, MCP config audit, AI host hardening. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",
-    "guardvibe-init": "build/cli.js",
     "guardvibe-scan": "build/cli.js"
   },
   "main": "./build/index.js",
@@ -109,7 +108,7 @@
     "zod": "^3.25.0"
   },
   "devDependencies": {
-    "@types/node": "^22.0.0",
+    "@types/node": "^25.5.2",
     "c8": "^11.0.0",
     "eslint": "^10.2.0",
     "tsx": "^4.21.0",