guardvibe 3.0.35 → 3.0.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/build/tools/check-code.js +1 -1
  2. package/build/tools/full-audit.d.ts +4 -0
  3. package/build/tools/full-audit.js +14 -1
  4. package/build/tools/scan-directory.js +2 -1
  5. package/build/tools/scan-staged.js +1 -1
  6. package/package.json +1 -1
package/build/tools/check-code.js CHANGED
@@ -945,7 +945,7 @@ function formatBuddyOutput(findings, filePath) {
945
945
  score -= counts.medium * 3;
946
946
  score -= counts.low * 1;
947
947
  score = Math.max(0, Math.min(100, score));
948
- const grade = score >= 90 ? "A" : score >= 75 ? "B" : score >= 60 ? "C" : score >= 40 ? "D" : "F";
948
+ const grade = score >= 90 ? "A" : score >= 75 ? "B" : score >= 50 ? "C" : score >= 25 ? "D" : "F";
949
949
  const faces = {
950
950
  A: "\\[^_^]/",
951
951
  B: " [^_^]b",
package/build/tools/full-audit.d.ts CHANGED
@@ -40,6 +40,10 @@ export interface AuditSection {
40
40
  details: string;
41
41
  /** Individual findings for this section — enables AI to see exactly what to fix */
42
42
  sectionFindings?: SectionFinding[];
43
+ /** True when sectionFindings array is shorter than findings (response-size cap). Read findings for the real count. */
44
+ truncated?: boolean;
45
+ /** Hint message when truncated — tells the agent how to retrieve the rest */
46
+ truncationHint?: string;
43
47
  }
44
48
  export interface AuditResult {
45
49
  verdict: AuditVerdict;
package/build/tools/full-audit.js CHANGED
@@ -149,7 +149,20 @@ export async function runFullAudit(path, options) {
149
149
  name: f.name,
150
150
  fix: f.fix,
151
151
  }));
152
- sections.push({ name: "code", status: "ok", ...counts, details: `Code ${codeGrade} (${codeScore}/100)`, sectionFindings: codeSectionFindings });
152
+ const codeTruncated = (counts.findings ?? 0) > codeSectionFindings.length;
153
+ sections.push({
154
+ name: "code",
155
+ status: "ok",
156
+ ...counts,
157
+ details: `Code ${codeGrade} (${codeScore}/100)`,
158
+ sectionFindings: codeSectionFindings,
159
+ ...(codeTruncated
160
+ ? {
161
+ truncated: true,
162
+ truncationHint: `Showing top ${codeSectionFindings.length} of ${counts.findings} findings (sorted by severity). Call check_code on individual files for the rest, or use the CLI: npx guardvibe scan --format json.`,
163
+ }
164
+ : {}),
165
+ });
153
166
  for (const f of parsed.findings ?? []) {
154
167
  allFindings.push({ ruleId: f.id ?? "unknown", severity: f.severity, file: f.file ?? "", line: f.line ?? 0 });
155
168
  }
package/build/tools/scan-directory.js CHANGED
@@ -119,7 +119,8 @@ export function scanDirectory(path, recursive = true, exclude = [], format = "ma
119
119
  // density 0 = 100, uses log scale so medium findings don't dominate
120
120
  // density 0.5 ≈ 85 (B), density 2.0 ≈ 60 (C), density 5.0 ≈ 30 (D)
121
121
  const score = Math.max(0, Math.min(100, Math.round(100 - Math.min(density, 5) * 20)));
122
- const grade = score >= 90 ? "A" : score >= 75 ? "B" : score >= 60 ? "C" : score >= 40 ? "D" : "F";
122
+ // Grade boundaries match full-audit so the section sub-grade and overall verdict agree.
123
+ const grade = score >= 90 ? "A" : score >= 75 ? "B" : score >= 50 ? "C" : score >= 25 ? "D" : "F";
123
124
  // Baseline comparison
124
125
  let baselineDiff = null;
125
126
  let previousBaseline = null;
package/build/tools/scan-staged.js CHANGED
@@ -93,7 +93,7 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
93
93
  const weightedIssues = totalCritical * 10 + totalHigh * 3 + totalMedium * 1;
94
94
  const density = weightedIssues / Math.max(scannedCount, 1);
95
95
  const score = Math.max(0, Math.min(100, Math.round(100 - density * 20)));
96
- const grade = score >= 90 ? "A" : score >= 75 ? "B" : score >= 60 ? "C" : score >= 40 ? "D" : "F";
96
+ const grade = score >= 90 ? "A" : score >= 75 ? "B" : score >= 50 ? "C" : score >= 25 ? "D" : "F";
97
97
  if (format === "json") {
98
98
  return formatFindingsJson(allFindings, { grade, score });
99
99
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "guardvibe",
3
- "version": "3.0.35",
3
+ "version": "3.0.37",
4
4
  "mcpName": "io.github.goklab/guardvibe",
5
5
  "description": "Security MCP for vibe coding. 365 rules, 38 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
6
6
  "type": "module",