guardvibe 2.7.3 → 2.7.4

package/build/cli/scan.js

@@ -5,6 +5,7 @@
 import { readFileSync, writeFileSync, existsSync, mkdirSync, statSync } from "fs";
 import { resolve, extname, basename, join, dirname } from "path";
 import { parseArgs, shouldFail, validateFormat, getOutputPath, getStringFlag } from "./args.js";
+import { securityBanner } from "../utils/banner.js";
 function safeWriteOutput(outputFile, result) {
     const dir = dirname(outputFile);
     if (!existsSync(dir)) {
@@ -137,6 +138,10 @@ export async function runDiffScan(base, flags) {
                 lines.push(`  Fix: ${f.fix}`);
             }
         }
+        const critical = allFindings.filter(f => f.severity === "critical").length;
+        const high = allFindings.filter(f => f.severity === "high").length;
+        const medium = allFindings.filter(f => f.severity === "medium").length;
+        lines.push(securityBanner({ total: allFindings.length, critical, high, medium, filesScanned: changedFiles.length, context: "Diff" }));
         result = lines.join("\n");
     }
     if (outputFile) {

package/build/server/types.js

@@ -1,3 +1,4 @@
+import { securityBanner, bannerFields } from "../utils/banner.js";
 // ── Secret Redaction ───────────────────────────────────────────────
 const SECRET_PATTERNS = [
     // Anthropic & OpenAI keys
@@ -86,10 +87,12 @@ export function formatHostFindings(findings, scannedFiles, skippedFiles, format,
         const medium = findings.filter(f => f.severity === "medium").length;
         const low = findings.filter(f => f.severity === "low").length;
         const info = findings.filter(f => f.severity === "info").length;
+        const { grade, score } = bannerFields({ total: findings.length, critical, high, medium, low, filesScanned: scannedFiles.length });
         return JSON.stringify({
             summary: {
                 total: findings.length,
                 critical, high, medium, low, info,
+                grade, score,
                 scannedFiles: scannedFiles.length,
                 skippedFiles: skippedFiles.length,
             },
@@ -126,5 +129,10 @@ export function formatHostFindings(findings, scannedFiles, skippedFiles, format,
         for (const f of skippedFiles)
             lines.push(`- \`${f}\``);
     }
+    const critical = findings.filter(f => f.severity === "critical").length;
+    const high = findings.filter(f => f.severity === "high").length;
+    const medium = findings.filter(f => f.severity === "medium").length;
+    const low = findings.filter(f => f.severity === "low").length;
+    lines.push(securityBanner({ total: findings.length, critical, high, medium, low, filesScanned: scannedFiles.length, context: "Host Security" }));
     return lines.join("\n");
 }

package/build/tools/check-code.js

@@ -2,6 +2,7 @@ import { basename } from "path";
 import { owaspRules } from "../data/rules/index.js";
 import { loadConfig } from "../utils/config.js";
 import { loadIgnoreFile, isIgnored } from "../utils/ignore.js";
+import { securityBanner } from "../utils/banner.js";
 function parseSuppressionsFromCode(lines) {
     const suppressions = [];
     const pattern = /(?:\/\/|#|<!--)\s*guardvibe-ignore(?:-next-line)?\s*(VG\d+)?\s*(?:-->)?/i;
@@ -441,6 +442,7 @@ function formatCleanReport(language, framework) {
         ``,
         `Tips for ${language}${ctx}:`,
         ...tips.map(t => `- ${t}`),
+        securityBanner({ total: 0, critical: 0, high: 0, medium: 0 }),
     ].join("\n");
 }
 function getLanguageTips(language, framework) {
@@ -549,6 +551,7 @@ function formatReport(findings, language, framework) {
             }
         }
     }
+    lines.push(securityBanner({ total: allFindings.length, critical: criticalCount, high: highCount, medium: mediumCount }));
     return lines.join("\n");
 }
 // ─── Buddy Format ────────────────────────────────────────────────

package/build/tools/scan-directory.js

@@ -6,6 +6,7 @@ import { analyzeCode } from "./check-code.js";
 import { loadConfig } from "../utils/config.js";
 import { DEFAULT_EXCLUDES, EXTENSION_MAP, CONFIG_FILE_MAP } from "../utils/constants.js";
 import { walkDirectory } from "../utils/walk-directory.js";
+import { securityBanner } from "../utils/banner.js";
 const require = createRequire(import.meta.url);
 const pkg = require("../../package.json");
 // GuardVibe version — used in scan metadata
@@ -240,5 +241,6 @@ export function scanDirectory(path, recursive = true, exclude = [], format = "ma
         for (const s of skippedFiles)
             lines.push(`- ${s}`);
     }
+    lines.push(securityBanner({ total: totalIssues, critical: totalCritical, high: totalHigh, medium: totalMedium, score, grade, filesScanned: metadata.filesScanned }));
     return lines.join("\n");
 }

package/build/tools/scan-staged.js

@@ -1,6 +1,7 @@
 import { execFileSync } from "child_process";
 import { extname, basename } from "path";
 import { analyzeCode, formatFindingsJson } from "./check-code.js";
+import { securityBanner } from "../utils/banner.js";
 const EXTENSION_MAP = {
     ".js": "javascript", ".jsx": "javascript", ".mjs": "javascript", ".cjs": "javascript",
     ".ts": "typescript", ".tsx": "typescript", ".mts": "typescript", ".cts": "typescript",
@@ -135,5 +136,6 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
     if (skippedFiles.length > 0) {
         lines.push("", `*Skipped ${skippedFiles.length} files with unsupported extensions.*`);
     }
+    lines.push(securityBanner({ total: totalIssues, critical: totalCritical, high: totalHigh, medium: totalMedium, score, grade, filesScanned: scannedCount, context: "Pre-Commit" }));
     return lines.join("\n");
 }

package/build/utils/banner.d.ts

@@ -0,0 +1,36 @@
+/**
+ * Shared security summary banner — appended to the end of every CLI command output.
+ * Gives users an instant, human-readable security status in one line.
+ */
+export interface BannerInput {
+    /** Total findings count */
+    total: number;
+    critical: number;
+    high: number;
+    medium: number;
+    low?: number;
+    /** Numeric score 0-100 (optional — will be computed if not provided) */
+    score?: number;
+    /** Grade A-F (optional — will be computed from score) */
+    grade?: string;
+    /** Number of files scanned */
+    filesScanned?: number;
+    /** Context label for the banner (e.g., "Host Security", "Pre-Commit") */
+    context?: string;
+}
+/**
+ * Generate the summary banner line for terminal output.
+ *
+ * Examples:
+ *   🛡️ GuardVibe: A (95/100) — 0 critical, 0 high, 2 medium | 42 files scanned
+ *   🛡️ GuardVibe: F (12/100) — 5 critical, 3 high, 8 medium | 42 files scanned
+ *   🛡️ GuardVibe: Clean — no issues found | 6 files scanned
+ */
+export declare function securityBanner(input: BannerInput): string;
+/**
+ * Generate the JSON summary banner object — added to JSON output's summary.
+ */
+export declare function bannerFields(input: BannerInput): {
+    grade: string;
+    score: number;
+};

package/build/utils/banner.js

@@ -0,0 +1,66 @@
+/**
+ * Shared security summary banner — appended to the end of every CLI command output.
+ * Gives users an instant, human-readable security status in one line.
+ */
+/**
+ * Compute grade from score.
+ */
+function gradeFromScore(score) {
+    if (score >= 90)
+        return "A";
+    if (score >= 75)
+        return "B";
+    if (score >= 60)
+        return "C";
+    if (score >= 40)
+        return "D";
+    return "F";
+}
+/**
+ * Compute score from findings if not provided.
+ * Uses weighted density formula consistent with scan-directory.ts.
+ */
+function computeScore(input) {
+    if (input.score !== undefined)
+        return input.score;
+    const files = Math.max(input.filesScanned ?? 1, 1);
+    const weighted = input.critical * 15 + input.high * 5 + input.medium * 0.5;
+    const density = weighted / files;
+    return Math.max(0, Math.min(100, Math.round(100 - Math.min(density, 5) * 20)));
+}
+/**
+ * Generate the summary banner line for terminal output.
+ *
+ * Examples:
+ *   🛡️ GuardVibe: A (95/100) — 0 critical, 0 high, 2 medium | 42 files scanned
+ *   🛡️ GuardVibe: F (12/100) — 5 critical, 3 high, 8 medium | 42 files scanned
+ *   🛡️ GuardVibe: Clean — no issues found | 6 files scanned
+ */
+export function securityBanner(input) {
+    const score = computeScore(input);
+    const grade = input.grade ?? gradeFromScore(score);
+    const ctx = input.context ? ` ${input.context}:` : ":";
+    const filesPart = input.filesScanned !== undefined ? ` | ${input.filesScanned} files scanned` : "";
+    if (input.total === 0) {
+        return `\n🛡️ GuardVibe${ctx} Clean — no issues found${filesPart}`;
+    }
+    const parts = [];
+    if (input.critical > 0)
+        parts.push(`${input.critical} critical`);
+    if (input.high > 0)
+        parts.push(`${input.high} high`);
+    if (input.medium > 0)
+        parts.push(`${input.medium} medium`);
+    if ((input.low ?? 0) > 0)
+        parts.push(`${input.low} low`);
+    const breakdown = parts.join(", ");
+    return `\n🛡️ GuardVibe${ctx} ${grade} (${score}/100) — ${breakdown}${filesPart}`;
+}
+/**
+ * Generate the JSON summary banner object — added to JSON output's summary.
+ */
+export function bannerFields(input) {
+    const score = computeScore(input);
+    const grade = input.grade ?? gradeFromScore(score);
+    return { grade, score };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "2.7.3",
+  "version": "2.7.4",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security MCP for vibe coding. 330 rules, 29 tools, CLI + doctor. Host security: CVE-2025-59536 hook injection, CVE-2026-21852 base URL hijack, MCP config audit, AI host hardening. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",