guardvibe 3.0.50 → 3.0.51
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +6 -0
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -278,6 +278,7 @@ npx guardvibe diff [base] # Scan only changed files since git ref
|
|
|
278
278
|
npx guardvibe audit [path] # Full audit with PASS/FAIL verdict + hash
|
|
279
279
|
npx guardvibe audit . --format json # JSON output for CI pipelines
|
|
280
280
|
npx guardvibe audit --skip-deps # Skip dependency CVE check
|
|
281
|
+
npx guardvibe audit --full # Disable MCP-output truncation (full finding set)
|
|
281
282
|
|
|
282
283
|
# Host security audit
|
|
283
284
|
npx guardvibe doctor # Host hardening audit (project scope)
|
|
@@ -299,6 +300,7 @@ npx guardvibe-scan --format sarif --output results.sarif # CI mode
|
|
|
299
300
|
# --format markdown|json|sarif|buddy
|
|
300
301
|
# --output <file> Write results to file
|
|
301
302
|
# --fail-on <level> Exit 1 on findings: critical|high|medium|low|none
|
|
303
|
+
# --full Bypass response-size caps (50 JSON / 30 markdown / 200-file taint)
|
|
302
304
|
```
|
|
303
305
|
|
|
304
306
|
## Plugin System
|
|
@@ -514,6 +516,9 @@ Create a `.guardviberc` JSON file in your project root to customize GuardVibe be
|
|
|
514
516
|
}
|
|
515
517
|
],
|
|
516
518
|
"requiredControls": ["SOC2:CC6.1"]
|
|
519
|
+
},
|
|
520
|
+
"scoring": {
|
|
521
|
+
"densityModel": "exponential"
|
|
517
522
|
}
|
|
518
523
|
}
|
|
519
524
|
```
|
|
@@ -531,6 +536,7 @@ Create a `.guardviberc` JSON file in your project root to customize GuardVibe be
|
|
|
531
536
|
| `compliance.failOn` | `string` | `"high"` | Minimum severity that causes compliance failure |
|
|
532
537
|
| `compliance.exceptions` | `PolicyException[]` | `[]` | Approved exceptions with expiration dates |
|
|
533
538
|
| `compliance.requiredControls` | `string[]` | -- | Controls that must pass regardless of exceptions |
|
|
539
|
+
| `scoring.densityModel` | `"linear" \| "exponential"` | `"linear"` | Score decay curve. `linear` matches pre-v3.0.50 (cliff at density 5). `exponential` keeps resolution past density 5 — smoother decay for large repos. Severity caps (1+ critical → max C/60, 1+ high → max B/75) apply under both. |
|
|
534
540
|
|
|
535
541
|
## Security
|
|
536
542
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "3.0.
|
|
3
|
+
"version": "3.0.51",
|
|
4
4
|
"mcpName": "io.github.goklab/guardvibe",
|
|
5
5
|
"description": "Security MCP for vibe coding. 365 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
|
|
6
6
|
"type": "module",
|