guardvibe 3.1.8 → 3.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/build/tools/auth-coverage.js +13 -4
- package/package.json +1 -1
|
@@ -9,9 +9,13 @@ const HTTP_METHODS = ["GET", "POST", "PUT", "DELETE", "PATCH", "HEAD", "OPTIONS"
|
|
|
9
9
|
* route groups, and file name.
|
|
10
10
|
*/
|
|
11
11
|
function filePathToUrlPath(filePath) {
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
12
|
+
// Strip everything up to and including the Next.js app directory.
|
|
13
|
+
// Covers: app/..., src/app/..., apps/<workspace>/app/..., apps/<workspace>/src/app/...,
|
|
14
|
+
// packages/<name>/app/... — common monorepo (Turborepo/pnpm) layouts where the
|
|
15
|
+
// route file lives under a workspace prefix that is not part of the URL.
|
|
16
|
+
let p = filePath.replace(/^.*?\/(?:src\/)?app\//, "");
|
|
17
|
+
// Fallback for simple non-monorepo paths.
|
|
18
|
+
p = p.replace(/^src\/app\//, "").replace(/^app\//, "");
|
|
15
19
|
// Remove file name (route.ts, page.tsx, layout.tsx)
|
|
16
20
|
p = p.replace(/\/(route|page|layout)\.(ts|tsx|js|jsx)$/, "");
|
|
17
21
|
// Remove route groups: (groupName)
|
|
@@ -80,7 +84,12 @@ export function enumerateRoutes(files) {
|
|
|
80
84
|
*/
|
|
81
85
|
export function parseMiddlewareMatchers(content) {
|
|
82
86
|
// Normalize literal escape sequences that AI assistants may pass
|
|
83
|
-
|
|
87
|
+
let normalized = content.replace(/\\n/g, "\n").replace(/\\t/g, "\t");
|
|
88
|
+
// Strip block + line comments before pulling the matcher array. Real-world
|
|
89
|
+
// middleware files carry JSDoc-style notes inline (dub's matcher block has
|
|
90
|
+
// four bullet points); split-on-comma was swallowing those bullets into the
|
|
91
|
+
// matcher list, breaking every downstream regex test.
|
|
92
|
+
normalized = normalized.replace(/\/\*[\s\S]*?\*\//g, "").replace(/\/\/.*$/gm, "");
|
|
84
93
|
const stringMatch = /matcher\s*:\s*"([^"]+)"/.exec(normalized);
|
|
85
94
|
if (stringMatch)
|
|
86
95
|
return [stringMatch[1]];
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "guardvibe",
|
|
3
|
-
"version": "3.1.
|
|
3
|
+
"version": "3.1.9",
|
|
4
4
|
"mcpName": "io.github.goklab/guardvibe",
|
|
5
5
|
"description": "Security MCP for vibe coding. 390 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis, +25 AI-native rules (MCP supply-chain, RAG/vector poisoning, agent loop DoS, public-prefix LLM keys, sandbox bypass). Plus Next.js, Supabase, Clerk, Stripe, Prisma, tRPC, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK, and the full AI-generated stack.",
|
|
6
6
|
"type": "module",
|