guardvibe 3.1.41 → 3.2.0

package/CHANGELOG.md

@@ -5,6 +5,23 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.0] - 2026-06-07
+
+### Added — `secure_this`: close the loop from "warns" to "guarantees the fix landed" (438 rules / 37 tools)
+- **New tool `secure_this`** (MCP + CLI `guardvibe secure-this <file>`). It scans a file, applies only the auto-fixes that **verifiably land**, and re-verifies — converting GuardVibe from a tool that *reports* findings into one that *guarantees the fix landed*.
+- **Verify-and-rollback loop:** every candidate edit from `fix_code` is applied to a copy and re-scanned; the edit is kept only if it (1) strictly reduces the finding set and (2) introduces no new finding. Any edit that fails either check is rolled back. The loop repeats until no further verified fix is available.
+- **Definition-of-done gate:** the result carries `definitionOfDone.passed` — the agent must pass it before claiming a task complete. `status` is `clean` / `secured` / `partial` / `no_autofix`; `applied[]` lists verified fixes, `remaining[]` lists findings that need a manual fix (with guidance).
+- **Deterministic:** same code in → same code out (fixes applied in a fixed line/rule order; verified by the deterministic `analyzeFileSecurity`).
+- **CLI:** `secure-this <file>` is dry-run by default (shows what would land + remaining manual work); `--write` applies only the verified fixes to disk; `--format json` for agents. Exit code gates a pre-commit hook / CI step (1 while real findings remain).
+- Tool count 36 → 37. No rule changes (438).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
+## [3.1.42] - 2026-06-07
+
+### Fixed — MCP registry description length (no rule-count change, 438 / 36)
+- The MCP registry caps `server.json` `description` at 100 characters; the v3.1.41 moat one-liner exceeded it and the registry publish was rejected (npm publish succeeded). Shortened the `server.json` description to a 94-char moat line that keeps the `438 rules, 36 tools` substring. The full moat copy remains in the README, the npm `package.json` description, and the GitHub About.
+
 ## [3.1.41] - 2026-06-07
 
 ### Changed — positioning: lead with the durable moat (no rule-count change, 438 / 36)

package/README.md

@@ -14,7 +14,7 @@
 - **🗺️ Sees the whole repo.** Cross-file taint + auth-coverage across every route — catches the unprotected endpoint your agent's narrow context missed.
 - **🔍 An independent second pair of eyes.** The thing that wrote the code can't review itself. GuardVibe is the outside checker on AI-written code — in the loop *while* your AI codes (real-time edit hook), not after.
 
-**The security MCP built for vibe coding.** 438 security rules, 36 tools covering the entire AI-generated code journey — from first line to production deployment.
+**The security MCP built for vibe coding.** 438 security rules, 37 tools covering the entire AI-generated code journey — from first line to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -26,7 +26,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **438 security rules, 36 tools** purpose-built for the stacks AI agents generate
+- **438 security rules, 37 tools** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -211,7 +211,7 @@ Maps security findings to SOC2, PCI-DSS, HIPAA, GDPR, ISO27001, and EU AI Act (E
 ### Supply Chain
 Malicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `--ignore-scripts` hardening (VG1070), typosquat detection, `node-ipc` protestware versions (VG1069), Miasma `@redhat-cloud-services` namespace compromise IOC (VG1074, RHSB-2026-006), Session messenger exfil endpoint IOC (VG1075, `filev2.getsession.org`), `@tanstack/*` Mini Shai-Hulud mass-malware versions (May 2026), `@wdio/browserstack-service` command injection via git branch names (CVE-2026-25244), lockfile poisoning patterns
 
-## Tools (36 MCP tools)
+## Tools (37 MCP tools)
 
 | Tool | What it does |
 |------|-------------|
@@ -227,6 +227,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `-
 | `export_sarif` | SARIF v2.1.0 export for CI/CD integration |
 | `get_security_docs` | Security best practices and guides |
 | `fix_code` | **Auto-fix suggestions** with concrete patches for AI agents |
+| `secure_this` | **Close the loop** — scan, apply only the fixes that verifiably land (each re-scanned, rolled back on regression), return the verified code + a definition-of-done gate |
 | `audit_config` | Audit project configuration files for cross-file security misconfigurations |
 | `generate_policy` | Detect project stack and generate tailored security policies (CSP, CORS, RLS) |
 | `review_pr` | Review PR diff for security issues with severity gating |
@@ -293,6 +294,11 @@ npx guardvibe scan . --format json   # JSON output for automation
 npx guardvibe check <file>           # Scan a single file
 npx guardvibe diff [base]            # Scan only changed files since git ref
 
+# Close the loop — scan, apply verified fixes, re-verify
+npx guardvibe secure-this <file>          # Dry run: show the fixes that would land + remaining manual work
+npx guardvibe secure-this <file> --write  # Apply only the fixes that re-verify clean (rolled back on regression)
+npx guardvibe secure-this <file> --format json
+
 # Full security audit
 npx guardvibe audit [path]           # Full audit with PASS/FAIL verdict + hash
 npx guardvibe audit . --format json  # JSON output for CI pipelines

package/build/cli/secure-this.d.ts

@@ -0,0 +1 @@
+export declare function runSecureThis(args: string[]): Promise<void>;

package/build/cli/secure-this.js

@@ -0,0 +1,96 @@
+/**
+ * CLI: guardvibe secure-this <file> [--write] [--format json]
+ *
+ * Closes the loop: scans the file, applies only the fixes that verifiably land
+ * (each re-scanned, rolled back on regression), and reports a definition-of-done
+ * gate. Dry-run by default; `--write` applies the verified fixes to disk.
+ *
+ * Exit code: 0 when the file is (or was made) clean; 1 while real findings remain
+ * — so it can gate a pre-commit hook or CI step.
+ */
+import { readFileSync, writeFileSync, existsSync } from "fs";
+import { resolve, extname, basename } from "path";
+import { parseArgs } from "./args.js";
+import { secureThis } from "../tools/secure-this.js";
+import { EXTENSION_MAP, CONFIG_FILE_MAP } from "../utils/constants.js";
+function detectLanguage(resolvedPath) {
+    const ext = extname(resolvedPath).toLowerCase();
+    let language = EXTENSION_MAP[ext];
+    if (!language && basename(resolvedPath).startsWith("Dockerfile"))
+        language = "dockerfile";
+    if (!language)
+        language = CONFIG_FILE_MAP[basename(resolvedPath)];
+    return language;
+}
+function renderMarkdown(r, file, wrote) {
+    const badge = {
+        clean: "CLEAN ✅", secured: "SECURED ✅", partial: "PARTIAL ⚠️", no_autofix: "NO AUTO-FIX ❌",
+    };
+    const lines = [
+        `# GuardVibe secure_this — ${file}`,
+        "",
+        `**Status:** ${badge[r.status] ?? r.status}`,
+        `**Findings:** ${r.initialFindings} → ${r.finalFindings}`,
+        "",
+    ];
+    if (r.applied.length) {
+        lines.push(`## Applied & verified (${r.applied.length})`, "");
+        for (const a of r.applied) {
+            lines.push(`- **${a.ruleId}** (${a.severity}) line ${a.line}: ${a.ruleName}`);
+        }
+        lines.push("");
+    }
+    if (r.remaining.length) {
+        lines.push(`## Remaining — manual fix required (${r.remaining.length})`, "");
+        for (const f of r.remaining) {
+            lines.push(`- **${f.ruleId}** (${f.severity}) line ${f.line}: ${f.name}`);
+            if (f.fix)
+                lines.push(`  - Fix: ${f.fix}`);
+        }
+        lines.push("");
+    }
+    if (r.changed && !wrote) {
+        lines.push("> Dry run — re-run with `--write` to apply the verified fixes above.", "");
+    }
+    else if (wrote && r.changed) {
+        lines.push(`> Wrote ${r.applied.length} verified fix(es) to ${file}.`, "");
+    }
+    lines.push(`**Definition of done:** ${r.definitionOfDone.passed ? "PASSED ✅" : "FAILED ❌"} — ${r.definitionOfDone.message}`);
+    return lines.join("\n");
+}
+export async function runSecureThis(args) {
+    const { flags, positional } = parseArgs(args);
+    const filePath = positional[0];
+    if (!filePath) {
+        console.error("  [ERR] Please specify a file: npx guardvibe secure-this src/app/api/route.ts [--write]");
+        process.exit(1);
+    }
+    const resolved = resolve(filePath);
+    if (!existsSync(resolved)) {
+        console.error(`  [ERR] File not found: ${resolved}`);
+        process.exit(1);
+    }
+    const language = detectLanguage(resolved);
+    if (!language) {
+        console.error(`  [ERR] Unsupported file type: ${extname(resolved) || basename(resolved)}`);
+        process.exit(1);
+    }
+    const content = readFileSync(resolved, "utf-8");
+    const result = secureThis(content, language, { filePath: resolved });
+    const write = flags.write === true || flags.apply === true;
+    if (write && result.changed) {
+        writeFileSync(resolved, result.fixedCode, "utf-8");
+    }
+    const format = flags.format === "json" ? "json" : "markdown";
+    if (format === "json") {
+        console.log(JSON.stringify({ ...result, file: resolved, wrote: write && result.changed }));
+    }
+    else {
+        console.log(renderMarkdown(result, resolved, write && result.changed));
+    }
+    // Exit code gates a pre-commit hook / CI step.
+    // --write: pass iff the file ended clean. Dry-run: pass only if nothing to fix.
+    const ok = write ? result.definitionOfDone.passed : result.status === "clean";
+    if (!ok)
+        process.exit(1);
+}

package/build/cli.js

@@ -29,6 +29,7 @@ function printUsage() {
     npx guardvibe audit [path]       Full security audit with PASS/FAIL verdict
     npx guardvibe explain <ruleId>   Get detailed remediation guidance for a rule
     npx guardvibe fix <file>         Get security fix suggestions for a file
+    npx guardvibe secure-this <file> Scan, apply verified fixes, re-verify (--write to apply)
     npx guardvibe check-cmd "<cmd>"  Check if a shell command is safe to execute
     npx guardvibe auth-coverage [path]  Auth coverage analysis (Next.js routes)
     npx guardvibe compliance [path]     Compliance report (--framework SOC2|GDPR|...)
@@ -145,6 +146,10 @@ async function main() {
         const { runFix } = await import("./cli/fix.js");
         await runFix(subArgs);
     }
+    else if (command === "secure-this" || command === "secure_this") {
+        const { runSecureThis } = await import("./cli/secure-this.js");
+        await runSecureThis(subArgs);
+    }
     else if (command === "check-cmd") {
         const { runCheckCmd } = await import("./cli/check-cmd.js");
         await runCheckCmd(subArgs);

package/build/index.js

@@ -41,6 +41,7 @@ import { doctor } from "./tools/doctor.js";
 import { formatHostFindings, redactSecrets } from "./server/types.js";
 import { verifyFix } from "./tools/verify-fix.js";
 import { fixCode as fixCodeTool } from "./tools/fix-code.js";
+import { secureThis } from "./tools/secure-this.js";
 import { analyzeAuthCoverage, formatAuthCoverage } from "./tools/auth-coverage.js";
 import { buildDeepScanPrompt, parseDeepScanResult, formatDeepScanFindings, callLLM } from "./tools/deep-scan.js";
 import { runFullAudit, formatAuditResult } from "./tools/full-audit.js";
@@ -315,6 +316,25 @@ server.tool("fix_code", "Pass vulnerable code as a string and get fix suggestion
         content: [{ type: "text", text: results }],
     };
 });
+// Tool 37: secure_this — close the loop (scan → apply verified fix → re-verify)
+server.tool("secure_this", "Close the loop on vulnerabilities in code: scan, apply only the fixes that VERIFIABLY land (each candidate edit is re-scanned and rolled back if it fails to resolve the issue or introduces a new one), and return the verified code plus a definition-of-done gate. Prefer this over fix_code+verify_fix when you want a guarantee the fix landed — not just a suggestion. Returns { status: clean|secured|partial|no_autofix, fixedCode, applied[], remaining[], definitionOfDone:{passed,message} }. Write fixedCode to disk, then require definitionOfDone.passed before claiming the task complete; anything in remaining[] needs a manual fix. Example: secure_this({code: '...', language: 'typescript'})", {
+    code: z.string().describe("The code to scan and secure"),
+    language: z
+        .enum(["javascript", "typescript", "python", "go", "dockerfile", "html", "sql", "shell", "yaml", "terraform", "firestore"])
+        .describe("Programming language of the code"),
+    framework: z.string().optional().describe("Framework context (e.g. express, nextjs, react)"),
+    filePath: z.string().optional().describe("File path for context-aware analysis (the file is NOT written; apply fixedCode yourself)"),
+}, async ({ code, language, framework, filePath }) => {
+    const rules = getRules();
+    const result = secureThis(code, language, { framework, filePath, rules });
+    if (result.applied.length > 0) {
+        try {
+            recordFix(process.cwd(), result.applied.length);
+        }
+        catch { /* stats best-effort */ }
+    }
+    return { content: [{ type: "text", text: JSON.stringify(result) }] };
+});
 // Tool 13: Cross-file configuration security audit
 server.tool("audit_config", "Audit application config files (next.config, middleware, .env, vercel.json) for cross-file security gaps: missing headers, unprotected routes, exposed secrets. NOT the same as guardvibe_doctor which checks AI host security (MCP configs, hooks). Example: audit_config({path: '.'})", {
     path: z.string().describe("Project root directory to audit"),

package/build/tools/secure-this.d.ts

@@ -0,0 +1,47 @@
+import type { SecurityRule } from "../data/rules/types.js";
+export interface AppliedFix {
+    ruleId: string;
+    ruleName: string;
+    severity: string;
+    line: number;
+    before: string;
+    after: string;
+}
+export interface RemainingFinding {
+    ruleId: string;
+    name: string;
+    severity: string;
+    line: number;
+    reason: "no_autofix" | "fix_rejected";
+    fix: string;
+    fixCode?: string;
+}
+export type SecureThisStatus = "clean" | "secured" | "partial" | "no_autofix";
+export interface SecureThisResult {
+    status: SecureThisStatus;
+    changed: boolean;
+    initialFindings: number;
+    finalFindings: number;
+    resolved: string[];
+    applied: AppliedFix[];
+    remaining: RemainingFinding[];
+    passes: number;
+    fixedCode: string;
+    definitionOfDone: {
+        passed: boolean;
+        message: string;
+    };
+}
+export interface SecureThisOptions {
+    framework?: string;
+    filePath?: string;
+    configDir?: string;
+    rules?: SecurityRule[];
+    /** Hard backstop on apply passes (each accepted edit removes >=1 finding). */
+    maxPasses?: number;
+}
+/**
+ * Scan a file, apply only the fixes that verifiably land, and report a
+ * definition-of-done gate.
+ */
+export declare function secureThis(code: string, language: string, opts?: SecureThisOptions): SecureThisResult;

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "guardvibe",
-  "version": "3.1.41",
+  "version": "3.2.0",
   "mcpName": "io.github.goklab/guardvibe",
-  "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 438 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 67 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
+  "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 438 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 67 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",