guardvibe 3.0.12 → 3.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/tools/full-audit.js +12 -2
- package/package.json +1 -1
|
@@ -139,8 +139,9 @@ export async function runFullAudit(path, options) {
|
|
|
139
139
|
filesScanned = parsed.metadata?.filesScanned ?? 0;
|
|
140
140
|
filesSkipped = parsed.metadata?.filesSkipped ?? 0;
|
|
141
141
|
score = parsed.summary?.score ?? 100;
|
|
142
|
-
|
|
143
|
-
|
|
142
|
+
const codeGrade = parsed.summary?.grade ?? "A";
|
|
143
|
+
const codeScore = parsed.summary?.score ?? 100;
|
|
144
|
+
sections.push({ name: "code", status: "ok", ...counts, details: `Code ${codeGrade} (${codeScore}/100)` });
|
|
144
145
|
for (const f of parsed.findings ?? []) {
|
|
145
146
|
allFindings.push({ ruleId: f.id ?? "unknown", severity: f.severity, file: f.file ?? "", line: f.line ?? 0 });
|
|
146
147
|
}
|
|
@@ -254,6 +255,15 @@ export async function runFullAudit(path, options) {
|
|
|
254
255
|
const totalMedium = sections.reduce((s, sec) => s + sec.medium, 0);
|
|
255
256
|
const totalFindings = sections.reduce((s, sec) => s + sec.findings, 0);
|
|
256
257
|
const rulesApplied = rules.length > 0 ? rules.length : 335;
|
|
258
|
+
// Adjust score to reflect ALL sections, not just code
|
|
259
|
+
// Each critical finding deducts 5 points, high deducts 3, medium deducts 1
|
|
260
|
+
// Score from code scan is the baseline, other sections reduce it further
|
|
261
|
+
const nonCodeCritical = totalCritical - (sections.find(s => s.name === "code")?.critical ?? 0);
|
|
262
|
+
const nonCodeHigh = totalHigh - (sections.find(s => s.name === "code")?.high ?? 0);
|
|
263
|
+
const nonCodeMedium = totalMedium - (sections.find(s => s.name === "code")?.medium ?? 0);
|
|
264
|
+
const deduction = (nonCodeCritical * 5) + (nonCodeHigh * 3) + (nonCodeMedium * 1);
|
|
265
|
+
score = Math.max(0, score - deduction);
|
|
266
|
+
grade = score >= 90 ? "A" : score >= 75 ? "B" : score >= 50 ? "C" : score >= 25 ? "D" : "F";
|
|
257
267
|
const verdict = computeVerdict(totalCritical, totalHigh, totalMedium);
|
|
258
268
|
const coverage = computeCoverage(filesScanned, filesSkipped, rulesApplied);
|
|
259
269
|
const resultHash = computeResultHash(allFindings);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "3.0.
|
|
3
|
+
"version": "3.0.14",
|
|
4
4
|
"mcpName": "io.github.goklab/guardvibe",
|
|
5
5
|
"description": "Security MCP for vibe coding. 335 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
|
|
6
6
|
"type": "module",
|