guardvibe 3.0.19 → 3.0.22

package/README.md

@@ -6,7 +6,7 @@
 [![npm provenance](https://img.shields.io/badge/provenance-verified-brightgreen)](https://www.npmjs.com/package/guardvibe)
 [![codecov](https://codecov.io/gh/goklab/guardvibe/graph/badge.svg)](https://codecov.io/gh/goklab/guardvibe)
 
-**The security MCP built for vibe coding.** 335 security rules, 34 tools covering the entire AI-generated code journey — from first line to production deployment.
+**The security MCP built for vibe coding.** 335 security rules, 36 tools covering the entire AI-generated code journey — from first line to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -14,7 +14,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **335 security rules, 34 tools** purpose-built for the stacks AI agents generate
+- **335 security rules, 36 tools** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -26,6 +26,15 @@ Most security tools are built for enterprise security teams. GuardVibe is built
 - **Agent-friendly output** — JSON format for AI agents, Markdown for humans, SARIF for CI/CD
 - **Plugin system** — extend with community or premium rule packs
 
+## New in v3
+
+- **Inline suppress** — `// guardvibe-ignore VG001` silences individual findings per-line
+- **CLI-first approach** — `npx guardvibe audit`, `npx guardvibe scan`, `npx guardvibe doctor` all work standalone without MCP
+- **Embedded remediation plan** — `remediation_plan` generates a section-by-section fix checklist after every audit
+- **Score reflects all sections** — security score now factors code, dependencies, config, secrets, auth coverage, and taint analysis
+- **Gitignored secrets excluded** — files matched by `.gitignore` are automatically skipped during secret scanning
+- **Taint sanitizer recognition** — dataflow analysis recognizes common sanitizers (DOMPurify, escape functions, parameterized queries) and stops propagation
+
 ## How GuardVibe Compares
 
 GuardVibe is purpose-built for the AI coding workflow. Traditional tools are excellent for enterprise CI/CD pipelines — GuardVibe fills a different gap.
@@ -183,7 +192,7 @@ Maps security findings to SOC2, PCI-DSS, HIPAA, GDPR, ISO27001, and EU AI Act (E
 ### Supply Chain
 Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 
-## Tools (33 MCP tools)
+## Tools (36 MCP tools)
 
 | Tool | What it does |
 |------|-------------|
@@ -221,10 +230,12 @@ Malicious postinstall scripts, unpinned GitHub Actions, typosquat detection
 | `auth_coverage` | **Auth coverage map** — enumerate routes, parse middleware matchers, detect auth guards, report coverage % |
 | `deep_scan` | **LLM-powered deep analysis** — IDOR, business logic, race conditions, privilege escalation (requires API key) |
 | `full_audit` | **Single source of truth** — runs ALL checks in one call, returns PASS/FAIL/WARN verdict + score + coverage % + deterministic result hash |
+| `remediation_plan` | **Remediation plan** — generates section-by-section fix checklist after audit |
+| `verify_remediation` | **Remediation verification** — compares before/after audit, flags skipped sections |
 
 All scanning tools support `format: "json"` for machine-readable output.
 
-## Security Rules (335 rules across 25 modules)
+## Security Rules (341 rules across 25 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|

package/build/data/rules/advanced-security.js

@@ -304,7 +304,7 @@ export const advancedSecurityRules = [
         severity: "medium",
         owasp: "A04:2025 Insecure Design",
         description: "Regular expression contains nested quantifiers ((a+)+), overlapping alternation with quantifiers (([a-z]+)*), or other patterns that cause catastrophic backtracking. Attackers can send crafted input to freeze the event loop.",
-        pattern: /\/(?:[^/\\]|\\.)*(?:\([^)]*[+*][^)]*\)[+*]|\(\?:[^)]*[+*][^)]*\)[+*]|\[[^\]]*\][+*][^/]*[+*])(?:[^/\\]|\\.)*\//g,
+        pattern: /\/(?:[^/\\]|\\.)*(?:\([^)]*[+*][^)]*\)\s*[+*]|\(\?:[^)]*[+*][^)]*\)\s*[+*])(?:[^/\\]|\\.)*\//g,
         languages: ["javascript", "typescript"],
         fix: "Rewrite the regex to avoid nested quantifiers. Use atomic groups or possessive quantifiers if available, or use the 'safe-regex' library to validate patterns.",
         fixCode: '// BAD: catastrophic backtracking\nconst re = /(a+)+$/;\n\n// GOOD: no nested quantifiers\nconst re = /a+$/;\n\n// GOOD: validate with safe-regex\nimport safe from "safe-regex";\nif (!safe(pattern)) throw new Error("Unsafe regex");',
@@ -330,7 +330,7 @@ export const advancedSecurityRules = [
         severity: "medium",
         owasp: "A01:2025 Broken Access Control",
         description: "POST/PUT/PATCH/DELETE route handler performs database mutations without CSRF token verification. Cross-site requests from malicious pages can trick authenticated users into performing unwanted actions.",
-        pattern: /export\s+(?:async\s+)?function\s+(?:POST|PUT|PATCH|DELETE)\s*\([^)]*\)\s*\{(?:(?!csrf|csrfToken|CSRF|x-csrf|verifyCsrf|validateCsrf|anti.?forgery|requireAdmin|requireAuth|checkAuth|withAuth|protectRoute|authenticate|x-csrf-protection)[\s\S]){10,}?(?:\.create\s*\(|\.update\s*\(|\.delete\s*\(|\.insert\s*\(|\.upsert\s*\()/g,
+        pattern: /export\s+(?:async\s+)?function\s+(?:POST|PUT|PATCH|DELETE)\s*\([^)]*\)\s*\{(?:(?!csrf|csrfToken|CSRF|x-csrf|verifyCsrf|validateCsrf|anti.?forgery|requireAdmin|requireAuth|checkAuth|withAuth|protectRoute|authenticate|x-csrf-protection|getAuth|currentUser|clerkClient|createServerClient|createServerSupabaseClient|getServerSession|getSession|auth\(\)|getToken|verifyToken|clerkMiddleware)[\s\S]){10,}?(?:\.create\s*\(|\.update\s*\(|\.delete\s*\(|\.insert\s*\(|\.upsert\s*\()/g,
         languages: ["javascript", "typescript"],
         fix: "Add CSRF token verification to state-changing endpoints.",
         fixCode: '// Verify CSRF token from header\nexport async function POST(req: Request) {\n  const csrfToken = req.headers.get("x-csrf-token");\n  if (!verifyCsrfToken(csrfToken)) {\n    return new Response("CSRF validation failed", { status: 403 });\n  }\n}',
@@ -356,7 +356,7 @@ export const advancedSecurityRules = [
         severity: "high",
         owasp: "A04:2025 Insecure Design",
         description: "Rate limiting catch block returns a permissive result (limited: false, success: true) when the rate limit backend (Redis) fails. If Redis goes down, all rate limits are disabled.",
-        pattern: /catch\s*\([^)]*\)\s*\{[\s\S]{0,200}?(?:limited\s*:\s*false|success\s*:\s*true|allowed\s*:\s*true|return\s+(?:false|null|undefined)\s*;?\s*\})/g,
+        pattern: /(?:rateLimit|rateLimiter|limiter|Ratelimit)[\s\S]{0,500}?catch\s*\([^)]*\)\s*\{[\s\S]{0,200}?(?:limited\s*:\s*false|success\s*:\s*true|allowed\s*:\s*true)/g,
         languages: ["javascript", "typescript"],
         fix: "Fail closed: when the rate limiter backend is unavailable, deny the request.",
         fixCode: '// BAD: fail-open\ncatch (error) { return { limited: false }; }\n\n// GOOD: fail-closed\ncatch (error) {\n  console.error("Rate limiter unavailable:", error);\n  return { limited: true };\n}',

package/build/data/rules/cve-versions.js

@@ -277,4 +277,52 @@ export const cveVersionRules = [
         fixCode: '// package.json\n"defu": "^6.1.5"  // or latest',
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.2"],
     },
+    {
+        id: "VG923",
+        name: "Axios Backdoor Versions (Supply Chain Attack March 2026)",
+        severity: "critical",
+        owasp: "A03:2025 Software Supply Chain Failures",
+        description: "Axios versions 1.14.1 and 0.30.4 were published via a compromised maintainer account in March 2026. These versions contain a backdoor that exfiltrates environment variables (API keys, database URLs, secrets) to an attacker-controlled server on every HTTP request. The malicious payload was hidden in the 'plain-crypto-js' transitive dependency. Any project pinned to these exact versions is actively compromised.",
+        pattern: /["']axios["']\s*:\s*["'](?:\^|~|>=?)?\s*(?:1\.14\.1|0\.30\.4)["']/g,
+        languages: ["json"],
+        fix: "IMMEDIATELY upgrade Axios. Rotate ALL secrets and API keys that were accessible to the compromised environment. Check npm audit and verify lockfile integrity hashes.",
+        fixCode: '// COMPROMISED — remove immediately:\n// "axios": "1.14.1"  ← backdoor\n// "axios": "0.30.4"  ← backdoor\n\n// Safe — upgrade to latest:\n"axios": "^1.7.9"\n\n// Post-incident: rotate ALL exposed secrets\n// - API keys, database URLs, JWT secrets\n// - Check: npm audit && npm ls plain-crypto-js',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.2", "PCI-DSS:Req6.5.10"],
+    },
+    {
+        id: "VG924",
+        name: "Hono setCookie Header Injection (CVE-2026-29086)",
+        severity: "high",
+        owasp: "A02:2025 Injection",
+        description: "Hono versions before 4.12.4 are vulnerable to Set-Cookie header injection via setCookie(). Attackers can inject CRLF characters into cookie values to add arbitrary HTTP headers or forge additional Set-Cookie headers, enabling session fixation and cross-site attacks.",
+        pattern: /["']hono["']\s*:\s*["'](?:\^|~|>=?)?\s*(?:[0-3]\.\d+\.\d+|4\.(?:[0-9]|1[01])\.\d+|4\.12\.[0-3])["']/g,
+        languages: ["json"],
+        fix: "Upgrade Hono to 4.12.4 or later: npm install hono@latest",
+        fixCode: '// package.json — upgrade to patched version\n"hono": "^4.12.4"  // or latest\n\n// If you cannot upgrade, sanitize cookie values:\nfunction safeCookieValue(v: string) {\n  return v.replace(/[\\r\\n]/g, "");\n}\ncookie(c, "session", safeCookieValue(token));',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.2"],
+    },
+    {
+        id: "VG925",
+        name: "Clerk SDK Middleware Route Protection Bypass (GHSA-vqx2-fgx2-5wq9)",
+        severity: "high",
+        owasp: "A01:2025 Broken Access Control",
+        description: "Official Clerk SDKs (@clerk/nextjs, @clerk/nuxt, @clerk/astro) versions 1.1.0 to <1.13.28 and 2.0.0 to <2.2.2 are vulnerable to middleware-based route protection bypass. createRouteMatcher can be bypassed by crafted requests, allowing attackers to skip middleware gating and reach protected handlers. Sessions are not compromised, but routes guarded only by middleware become exposed. Upgrade to 1.13.28+ or 2.2.2+.",
+        pattern: /["']@clerk\/(?:nextjs|nuxt|astro)["']\s*:\s*["'](?:\^|~|>=?)?\s*(?:1\.(?:[1-9]|1[0-2])\.\d+|1\.13\.(?:[0-9]|1[0-9]|2[0-7])|2\.[01]\.\d+|2\.2\.[01])["']/g,
+        languages: ["json"],
+        fix: "Upgrade @clerk/nextjs, @clerk/nuxt, or @clerk/astro to 1.13.28+ or 2.2.2+. Add defence-in-depth: re-check auth inside protected route handlers instead of relying solely on middleware.",
+        fixCode: '// package.json\n"@clerk/nextjs": "^2.2.2"  // or latest (^1.13.28 for v1)\n\n// Defence-in-depth — also verify auth inside the route, not just middleware:\nimport { auth } from "@clerk/nextjs/server";\nexport async function GET() {\n  const { userId } = await auth();\n  if (!userId) return new Response("Unauthorized", { status: 401 });\n  // ...\n}',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.2", "HIPAA:§164.312(a)"],
+    },
+    {
+        id: "VG926",
+        name: "Next.js / React Server Components DoS (CVE-2026-23869)",
+        severity: "high",
+        owasp: "A06:2025 Vulnerable Components",
+        description: "Next.js versions before 16.2.3 and React versions before 19.2.5 are vulnerable to a DoS in the React Flight protocol when deserializing Server Functions payloads. Crafted HTTP requests to Server Function endpoints cause up to a minute of CPU exhaustion per request before throwing, enabling remote unauthenticated DoS on any app that exposes RSC Server Actions. Affects react-server-dom-webpack, react-server-dom-turbopack and react-server-dom-parcel.",
+        pattern: /["'](?:next|react|react-dom)["']\s*:\s*["'](?:\^|~|>=?)?\s*(?:16\.[01]\.\d+|16\.2\.[012]|19\.2\.[0-4])["']/g,
+        languages: ["json"],
+        fix: "Upgrade Next.js to 16.2.3+ and React to 19.2.5+. Apply rate limiting on Server Action / RSC POST endpoints to mitigate abuse while rolling out the patch.",
+        fixCode: '// package.json\n"next": "^16.2.3",\n"react": "^19.2.5",\n"react-dom": "^19.2.5"\n\n// Rate-limit Server Actions until patched (example: middleware.ts)\n// Throttle POST requests to RSC endpoints by IP',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.2"],
+    },
 ];

package/build/data/rules/database.js

@@ -135,4 +135,16 @@ export const databaseRules = [
         fixCode: 'import { z } from "zod";\n\n// Validate input before query\nconst schema = z.object({ id: z.string().regex(/^[a-f0-9]{24}$/) });\nconst { id } = schema.parse(req.body);\n\n// Safe query — no raw operators from user input\nconst user = await db.collection("users").findOne({ _id: new ObjectId(id) });',
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
     },
+    {
+        id: "VG1011",
+        name: "Drizzle sql.identifier() / .as() with User Input",
+        severity: "critical",
+        owasp: "A02:2025 Injection",
+        description: "Drizzle ORM's sql.identifier() and .as() accept raw strings for table/column names and aliases. Unlike sql`` tagged templates (which parameterize values), these functions interpolate directly into the SQL string. If user input reaches sql.identifier() or .as(), attackers can inject arbitrary SQL fragments — including UNION SELECT, subqueries, or DDL statements — bypassing ORM-level protections entirely.",
+        pattern: /(?:sql\.identifier|\.as)\s*\(\s*(?!["'`])[^)]*(?:req\.|params\.|query\.|body\.|input|args|user|ctx\.|formData|searchParams)/gi,
+        languages: ["javascript", "typescript"],
+        fix: "Never pass user input to sql.identifier() or .as(). Use a strict allowlist of valid table/column names and validate against it.",
+        fixCode: 'import { sql } from "drizzle-orm";\n\n// BAD: user input in identifier\nconst col = req.query.sortBy;\ndb.select().from(sql.identifier(col)); // SQL injection!\n\n// GOOD: allowlist valid identifiers\nconst ALLOWED_COLUMNS = ["name", "email", "created_at"] as const;\nconst col = ALLOWED_COLUMNS.find(c => c === req.query.sortBy);\nif (!col) throw new Error("Invalid column");\ndb.select().from(users).orderBy(users[col]);',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
 ];

package/build/data/rules/modern-stack.js

@@ -527,7 +527,7 @@ export const modernStackRules = [
         severity: "critical",
         owasp: "A03:2025 Injection",
         description: "User input is interpolated into a Supabase .or() filter string via template literal or concatenation. This is equivalent to SQL injection for PostgREST — attackers can modify filter logic to access unauthorized data.",
-        pattern: /\.or\s*\(\s*(?:`[^`]*\$\{)|\.or\s*\(\s*\w+\s*\)|["'][^"']*["']\s*\+\s*\w+(?:Id|Name|Term|Input)\b[\s\S]{0,100}?\.or\s*\(/gi,
+        pattern: /\.or\s*\(\s*(?:`[^`]*\$\{(?!(?:sfv|sanitize|escape|validate|encodeURIComponent)\s*\())|\.or\s*\(\s*\w+\s*\)|["'][^"']*["']\s*\+\s*\w+(?:Id|Name|Term|Input)\b[\s\S]{0,100}?\.or\s*\(/gi,
         languages: ["javascript", "typescript"],
         fix: "Never interpolate user input into .or() strings. Use separate .eq() filters or build the filter from validated enum values.",
         fixCode: '// BAD: filter injection\n.or(`sender_id.eq.${userId},receiver_id.eq.${userId}`)\n\n// GOOD: use server-verified auth ID\nconst { data: { user } } = await supabase.auth.getUser();\n.or(`sender_id.eq.${user.id},receiver_id.eq.${user.id}`)\n\n// BEST: use RLS policies instead of client-side filtering',
@@ -581,4 +581,16 @@ export const modernStackRules = [
         fixCode: '// BAD: pattern injection\n.ilike("name", `%${query}%`)\n\n// GOOD: escape special characters\nfunction escapeLike(s: string) {\n  return s.replace(/[%_\\\\]/g, "\\\\$&");\n}\n.ilike("name", `%${escapeLike(query)}%`)',
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
     },
+    {
+        id: "VG1010",
+        name: "React Server Action Without Input Validation (React2Shell Risk)",
+        severity: "critical",
+        owasp: "A02:2025 Injection",
+        description: 'Server Action in a "use server" file accepts arguments and passes them to database operations, file system calls, or shell commands without schema validation. CVE-2025-55182 (React2Shell) exploits the React Flight protocol to send crafted payloads to Server Actions — any unvalidated action argument is a direct RCE/injection vector. CVSS 10.0.',
+        pattern: /["']use server["'][\s\S]{0,3000}?export\s+async\s+function\s+\w+\s*\([^)]+\)(?![\s\S]{0,500}?(?:\.parse\s*\(|\.safeParse\s*\(|valibot|superstruct|arktype|yup\.\w+\.validate|assertIs))[\s\S]{0,500}?(?:prisma|db\.|sql`|supabase|exec|spawn|readFile|writeFile|fetch\()/g,
+        languages: ["javascript", "typescript"],
+        fix: 'Validate ALL Server Action arguments with zod or a schema library at the top of every "use server" function. Never trust the deserialized payload.',
+        fixCode: '// BAD: unvalidated Server Action argument\n"use server";\nexport async function updateUser(data: any) {\n  await prisma.user.update({ where: { id: data.id }, data });\n}\n\n// GOOD: validate with zod before any operation\n"use server";\nimport { z } from "zod";\nconst schema = z.object({ id: z.string().uuid(), name: z.string().max(100) });\nexport async function updateUser(raw: unknown) {\n  const data = schema.parse(raw);\n  await prisma.user.update({ where: { id: data.id }, data: { name: data.name } });\n}',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.2", "PCI-DSS:Req6.5.1"],
+    },
 ];

package/build/index.js

@@ -884,7 +884,7 @@ server.tool("deep_scan", "LLM-powered deep security analysis for vulnerabilities
     return { content: [{ type: "text", text: output }] };
 });
 // Tool 33: Full audit — single source of truth
-server.tool("full_audit", "Single command that runs ALL checks: code scan (335 rules), secret detection, dependency CVEs, config audit, taint analysis, and auth coverage. Returns PASS/FAIL/WARN verdict with deterministic hash. IMPORTANT: If verdict is FAIL or WARN, you MUST call remediation_plan next to get a section-by-section fix checklist — do NOT skip any section. After fixing, call verify_remediation to confirm ALL sections are addressed. Example: full_audit({path: '.'})", {
+server.tool("full_audit", "Single command that runs ALL checks: code scan (341 rules), secret detection, dependency CVEs, config audit, taint analysis, and auth coverage. Returns PASS/FAIL/WARN verdict with deterministic hash. IMPORTANT: If verdict is FAIL or WARN, you MUST call remediation_plan next to get a section-by-section fix checklist — do NOT skip any section. After fixing, call verify_remediation to confirm ALL sections are addressed. Example: full_audit({path: '.'})", {
     path: z.string().default(".").describe("Project root directory"),
     format: z.enum(["markdown", "json"]).default("markdown").describe("Output format"),
     skipDeps: z.boolean().default(false).describe("Skip dependency vulnerability check"),

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "guardvibe",
-  "version": "3.0.19",
+  "version": "3.0.22",
   "mcpName": "io.github.goklab/guardvibe",
-  "description": "Security MCP for vibe coding. 335 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
+  "description": "Security MCP for vibe coding. 341 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",