guardvibe 3.1.1 → 3.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -1
- package/build/cli/init.js +30 -3
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -64,7 +64,7 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
|
|
|
64
64
|
npx guardvibe init claude
|
|
65
65
|
```
|
|
66
66
|
|
|
67
|
-
Creates `.
|
|
67
|
+
Creates `.mcp.json` MCP config (pinned to current version), `.claude/settings.json` auto-scan hooks, and `CLAUDE.md` security rules. Restart Claude Code after setup.
|
|
68
68
|
|
|
69
69
|
### Cursor
|
|
70
70
|
|
|
@@ -286,6 +286,13 @@ npx guardvibe doctor --scope host # + shell profiles, global MCP configs
|
|
|
286
286
|
npx guardvibe doctor --scope full # + home dir configs
|
|
287
287
|
npx guardvibe doctor --format json # JSON output
|
|
288
288
|
|
|
289
|
+
# LLM-powered deep scan (IDOR, business logic, race conditions, auth bypass)
|
|
290
|
+
npx guardvibe deep-scan <file> # Default: Haiku 4.5, all focus areas
|
|
291
|
+
npx guardvibe deep-scan <file> --focus idor # Narrow to IDOR
|
|
292
|
+
npx guardvibe deep-scan <file> --model sonnet # Deeper analysis (more expensive)
|
|
293
|
+
npx guardvibe deep-scan <file> --max-bytes 5000 # Truncate input for cost control
|
|
294
|
+
# Requires ANTHROPIC_API_KEY or OPENAI_API_KEY env var
|
|
295
|
+
|
|
289
296
|
# Setup
|
|
290
297
|
npx guardvibe init <platform> # Setup MCP server (claude, cursor, gemini, all)
|
|
291
298
|
npx guardvibe hook install # Install pre-commit hook
|
package/build/cli/init.js
CHANGED
|
@@ -14,6 +14,18 @@ const GUARDVIBE_MCP_CONFIG = {
|
|
|
14
14
|
command: "npx",
|
|
15
15
|
args: ["-y", `guardvibe@${pkg.version}`],
|
|
16
16
|
};
|
|
17
|
+
/** Extract a pinned version from an existing MCP server config (`{ args: ["-y", "guardvibe@X.Y.Z"] }`). */
|
|
18
|
+
function extractPinnedVersion(config) {
|
|
19
|
+
const args = config?.args;
|
|
20
|
+
if (!Array.isArray(args))
|
|
21
|
+
return null;
|
|
22
|
+
for (const arg of args) {
|
|
23
|
+
if (typeof arg === "string" && arg.startsWith("guardvibe@")) {
|
|
24
|
+
return arg.slice("guardvibe@".length);
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
return null;
|
|
28
|
+
}
|
|
17
29
|
const platforms = {
|
|
18
30
|
claude: {
|
|
19
31
|
path: join(process.cwd(), ".mcp.json"),
|
|
@@ -177,12 +189,27 @@ function setupPlatform(name) {
|
|
|
177
189
|
if (!existing.mcpServers) {
|
|
178
190
|
existing.mcpServers = {};
|
|
179
191
|
}
|
|
180
|
-
|
|
181
|
-
|
|
192
|
+
const servers = existing.mcpServers;
|
|
193
|
+
if (servers["guardvibe"]) {
|
|
194
|
+
const existingPin = extractPinnedVersion(servers["guardvibe"]);
|
|
195
|
+
if (existingPin && existingPin !== pkg.version) {
|
|
196
|
+
servers["guardvibe"] = GUARDVIBE_MCP_CONFIG;
|
|
197
|
+
writeJsonFile(platform.path, existing);
|
|
198
|
+
console.log(` [OK] Upgraded GuardVibe pin in ${platform.description} (${existingPin} → ${pkg.version})`);
|
|
199
|
+
}
|
|
200
|
+
else if (!existingPin) {
|
|
201
|
+
// Existing config has no pin (legacy unpinned form) — overwrite to pin.
|
|
202
|
+
servers["guardvibe"] = GUARDVIBE_MCP_CONFIG;
|
|
203
|
+
writeJsonFile(platform.path, existing);
|
|
204
|
+
console.log(` [OK] Pinned GuardVibe in ${platform.description} (was unpinned → ${pkg.version})`);
|
|
205
|
+
}
|
|
206
|
+
else {
|
|
207
|
+
console.log(` [OK] GuardVibe already up-to-date in ${platform.description} (v${pkg.version})`);
|
|
208
|
+
}
|
|
182
209
|
setupSecurityGuide(name);
|
|
183
210
|
return true;
|
|
184
211
|
}
|
|
185
|
-
|
|
212
|
+
servers["guardvibe"] = GUARDVIBE_MCP_CONFIG;
|
|
186
213
|
writeJsonFile(platform.path, existing);
|
|
187
214
|
}
|
|
188
215
|
else {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "3.1.
|
|
3
|
+
"version": "3.1.2",
|
|
4
4
|
"mcpName": "io.github.goklab/guardvibe",
|
|
5
5
|
"description": "Security MCP for vibe coding. 390 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis, +25 AI-native rules (MCP supply-chain, RAG/vector poisoning, agent loop DoS, public-prefix LLM keys, sandbox bypass). Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
|
|
6
6
|
"type": "module",
|