guardvibe 2.5.0 → 2.7.4

package/build/tools/scan-staged.js

@@ -1,6 +1,7 @@
 import { execFileSync } from "child_process";
 import { extname, basename } from "path";
 import { analyzeCode, formatFindingsJson } from "./check-code.js";
+import { securityBanner } from "../utils/banner.js";
 const EXTENSION_MAP = {
     ".js": "javascript", ".jsx": "javascript", ".mjs": "javascript", ".cjs": "javascript",
     ".ts": "typescript", ".tsx": "typescript", ".mts": "typescript", ".cts": "typescript",
@@ -135,5 +136,6 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
     if (skippedFiles.length > 0) {
         lines.push("", `*Skipped ${skippedFiles.length} files with unsupported extensions.*`);
     }
+    lines.push(securityBanner({ total: totalIssues, critical: totalCritical, high: totalHigh, medium: totalMedium, score, grade, filesScanned: scannedCount, context: "Pre-Commit" }));
     return lines.join("\n");
 }

package/build/utils/banner.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Shared security summary banner — appended to the end of every CLI command output.
+ * Gives users an instant, human-readable security status in one line.
+ */
+export interface BannerInput {
+    /** Total findings count */
+    total: number;
+    critical: number;
+    high: number;
+    medium: number;
+    low?: number;
+    /** Numeric score 0-100 (optional — will be computed if not provided) */
+    score?: number;
+    /** Grade A-F (optional — will be computed from score) */
+    grade?: string;
+    /** Number of files scanned */
+    filesScanned?: number;
+    /** Context label for the banner (e.g., "Host Security", "Pre-Commit") */
+    context?: string;
+}
+/**
+ * Generate the summary banner line for terminal output.
+ *
+ * Examples:
+ *   🛡️ GuardVibe: A (95/100) — 0 critical, 0 high, 2 medium | 42 files scanned
+ *   🛡️ GuardVibe: F (12/100) — 5 critical, 3 high, 8 medium | 42 files scanned
+ *   🛡️ GuardVibe: Clean — no issues found | 6 files scanned
+ */
+export declare function securityBanner(input: BannerInput): string;
+/**
+ * Generate the JSON summary banner object — added to JSON output's summary.
+ */
+export declare function bannerFields(input: BannerInput): {
+    grade: string;
+    score: number;
+};

package/build/utils/banner.js

@@ -0,0 +1,66 @@
+/**
+ * Shared security summary banner — appended to the end of every CLI command output.
+ * Gives users an instant, human-readable security status in one line.
+ */
+/**
+ * Compute grade from score.
+ */
+function gradeFromScore(score) {
+    if (score >= 90)
+        return "A";
+    if (score >= 75)
+        return "B";
+    if (score >= 60)
+        return "C";
+    if (score >= 40)
+        return "D";
+    return "F";
+}
+/**
+ * Compute score from findings if not provided.
+ * Uses weighted density formula consistent with scan-directory.ts.
+ */
+function computeScore(input) {
+    if (input.score !== undefined)
+        return input.score;
+    const files = Math.max(input.filesScanned ?? 1, 1);
+    const weighted = input.critical * 15 + input.high * 5 + input.medium * 0.5;
+    const density = weighted / files;
+    return Math.max(0, Math.min(100, Math.round(100 - Math.min(density, 5) * 20)));
+}
+/**
+ * Generate the summary banner line for terminal output.
+ *
+ * Examples:
+ *   🛡️ GuardVibe: A (95/100) — 0 critical, 0 high, 2 medium | 42 files scanned
+ *   🛡️ GuardVibe: F (12/100) — 5 critical, 3 high, 8 medium | 42 files scanned
+ *   🛡️ GuardVibe: Clean — no issues found | 6 files scanned
+ */
+export function securityBanner(input) {
+    const score = computeScore(input);
+    const grade = input.grade ?? gradeFromScore(score);
+    const ctx = input.context ? ` ${input.context}:` : ":";
+    const filesPart = input.filesScanned !== undefined ? ` | ${input.filesScanned} files scanned` : "";
+    if (input.total === 0) {
+        return `\n🛡️ GuardVibe${ctx} Clean — no issues found${filesPart}`;
+    }
+    const parts = [];
+    if (input.critical > 0)
+        parts.push(`${input.critical} critical`);
+    if (input.high > 0)
+        parts.push(`${input.high} high`);
+    if (input.medium > 0)
+        parts.push(`${input.medium} medium`);
+    if ((input.low ?? 0) > 0)
+        parts.push(`${input.low} low`);
+    const breakdown = parts.join(", ");
+    return `\n🛡️ GuardVibe${ctx} ${grade} (${score}/100) — ${breakdown}${filesPart}`;
+}
+/**
+ * Generate the JSON summary banner object — added to JSON output's summary.
+ */
+export function bannerFields(input) {
+    const score = computeScore(input);
+    const grade = input.grade ?? gradeFromScore(score);
+    return { grade, score };
+}

package/package.json

@@ -1,12 +1,11 @@
 {
   "name": "guardvibe",
-  "version": "2.5.0",
+  "version": "2.7.4",
   "mcpName": "io.github.goklab/guardvibe",
-  "description": "Security MCP for vibe coding. 313 rules, 26 tools for Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
+  "description": "Security MCP for vibe coding. 330 rules, 29 tools, CLI + doctor. Host security: CVE-2025-59536 hook injection, CVE-2026-21852 base URL hijack, MCP config audit, AI host hardening. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",
-    "guardvibe-init": "build/cli.js",
     "guardvibe-scan": "build/cli.js"
   },
   "main": "./build/index.js",