guardvibe 3.10.0 → 3.12.0

package/CHANGELOG.md

@@ -5,6 +5,24 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.12.0] - 2026-06-07
+
+### Added — Season 3 S3-2: proof-carrying fixes (441 rules / 37 tools)
+- **`secure_this` now returns a `proofTest`** when it applies fixes — a runnable regression test that proves the resolved findings stay fixed, using GuardVibe's deterministic scan as the oracle: it **fails on the vulnerable code and passes on the fixed code**. It's an honest scan-based proof (not an exploit test), and a real CI regression guard: drop it in the suite and the build breaks if the vuln is reintroduced.
+- **CLI:** `guardvibe secure-this <file>` shows the proof test in markdown; `--emit-proof [path]` writes it (default `<file>.guardvibe.test.ts`). **MCP:** the `secure_this` result carries `proofTest` so agents can drop it into the project.
+- Generated only when fixes were applied (nothing to prove for already-clean or non-auto-fixable code). New `node:test`-based template; 4 new tests. No rule or tool changes (441 / 37).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
+## [3.11.0] - 2026-06-07
+
+### Changed — S3-1 (cont.): reachability-weighted dependency prioritization (441 rules / 37 tools)
+- The audit's dependency section now **prioritizes** findings: severity first, then **imported (reachable) packages ahead of unused ones** within the same tier — so the agent fixes what its code actually calls into first. Severity is never altered (an unreachable dep can still be exploitable), so no false negatives are introduced.
+- Each dependency `SectionFinding` now carries a structured `reachable` field (agent-consumable), in addition to the existing in-description annotation and the section's "N of M directly imported" count.
+- New exported pure helper `sortDepFindings` (severity-rank + reachable-first), unit-tested. No rule or tool changes (441 / 37). Completes S3-1.
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.10.0] - 2026-06-07
 
 ### Added — Season 3 S3-1: autonomous, prioritized threat intel (441 rules / 37 tools)

package/build/cli/secure-this.js

@@ -56,6 +56,9 @@ function renderMarkdown(r, file, wrote) {
         lines.push(`> Wrote ${r.applied.length} verified fix(es) to ${file}.`, "");
     }
     lines.push(`**Definition of done:** ${r.definitionOfDone.passed ? "PASSED ✅" : "FAILED ❌"} — ${r.definitionOfDone.message}`);
+    if (r.proofTest) {
+        lines.push("", "## Regression proof test", "Run on the fixed file to prove it stays fixed (`--emit-proof <path>` to save it):", "", "```ts", r.proofTest.trimEnd(), "```");
+    }
     return lines.join("\n");
 }
 export async function runSecureThis(args) {
@@ -81,6 +84,13 @@ export async function runSecureThis(args) {
     if (write && result.changed) {
         writeFileSync(resolved, result.fixedCode, "utf-8");
     }
+    // --emit-proof [path]: write the regression proof test (default: <file>.guardvibe.test.ts).
+    const emitProof = flags["emit-proof"];
+    if (emitProof && result.proofTest) {
+        const proofPath = typeof emitProof === "string" ? resolve(emitProof) : `${resolved}.guardvibe.test.ts`;
+        writeFileSync(proofPath, result.proofTest, "utf-8");
+        console.log(`  [OK] Proof test written to ${proofPath}`);
+    }
     const format = flags.format === "json" ? "json" : "markdown";
     if (format === "json") {
         console.log(JSON.stringify({ ...result, file: resolved, wrote: write && result.changed }));

package/build/index.js

@@ -319,7 +319,7 @@ server.tool("fix_code", "Pass vulnerable code as a string and get fix suggestion
     };
 });
 // Tool 37: secure_this — close the loop (scan → apply verified fix → re-verify)
-server.tool("secure_this", "Close the loop on vulnerabilities in code: scan, apply only the fixes that VERIFIABLY land (each candidate edit is re-scanned and rolled back if it fails to resolve the issue or introduces a new one), and return the verified code plus a definition-of-done gate. Prefer this over fix_code+verify_fix when you want a guarantee the fix landed — not just a suggestion. Returns { status: clean|secured|partial|no_autofix, fixedCode, applied[], remaining[], definitionOfDone:{passed,message} }. Write fixedCode to disk, then require definitionOfDone.passed before claiming the task complete; anything in remaining[] needs a manual fix. Example: secure_this({code: '...', language: 'typescript'})", {
+server.tool("secure_this", "Close the loop on vulnerabilities in code: scan, apply only the fixes that VERIFIABLY land (each candidate edit is re-scanned and rolled back if it fails to resolve the issue or introduces a new one), and return the verified code plus a definition-of-done gate. Prefer this over fix_code+verify_fix when you want a guarantee the fix landed — not just a suggestion. Returns { status: clean|secured|partial|no_autofix, fixedCode, applied[], remaining[], definitionOfDone:{passed,message}, proofTest }. Write fixedCode to disk, then require definitionOfDone.passed before claiming the task complete; anything in remaining[] needs a manual fix. When fixes were applied, proofTest is a runnable regression test (GuardVibe-as-oracle) you can drop into the project to guard against regressions. Example: secure_this({code: '...', language: 'typescript'})", {
     code: z.string().describe("The code to scan and secure"),
     language: z
         .enum(["javascript", "typescript", "python", "go", "dockerfile", "html", "sql", "shell", "yaml", "terraform", "firestore"])

package/build/tools/full-audit.d.ts

@@ -29,7 +29,16 @@ export interface SectionFinding {
     name?: string;
     description?: string;
     fix?: string;
+    /** Dependency findings: is the vulnerable package actually imported in source? */
+    reachable?: boolean;
 }
+/**
+ * Order dependency findings by severity first, then surface reachable (imported)
+ * packages ahead of unreachable ones within the same tier — so the agent fixes
+ * what its code actually calls into first. Severity is never altered (an
+ * unreachable dep can still be exploitable), so this introduces no false negatives.
+ */
+export declare function sortDepFindings(findings: SectionFinding[]): SectionFinding[];
 export interface AuditSection {
     name: string;
     status: "ok" | "error" | "skipped";

package/build/tools/full-audit.js

@@ -21,6 +21,17 @@ import { loadConfig } from "../utils/config.js";
 import { isExcludedFilename } from "../utils/constants.js";
 const _require = createRequire(import.meta.url);
 const _pkg = _require("../../package.json");
+const DEP_SEV_RANK = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+/**
+ * Order dependency findings by severity first, then surface reachable (imported)
+ * packages ahead of unreachable ones within the same tier — so the agent fixes
+ * what its code actually calls into first. Severity is never altered (an
+ * unreachable dep can still be exploitable), so this introduces no false negatives.
+ */
+export function sortDepFindings(findings) {
+    return [...findings].sort((a, b) => (DEP_SEV_RANK[a.severity] ?? 9) - (DEP_SEV_RANK[b.severity] ?? 9) ||
+        (Number(b.reachable === true) - Number(a.reachable === true)));
+}
 // --- Core Logic ---
 /**
  * Compute verdict: PASS (0 critical + 0 high), WARN (high > 0), FAIL (critical > 0)
@@ -285,10 +296,14 @@ export async function runFullAudit(path, options) {
                                 name: `${pkgRec.name ?? "unknown"}: ${(vuln2.id ?? "CVE")}`,
                                 description: `${(vuln2.summary ?? vuln2.details ?? "")}${reachNote}`,
                                 fix: `Run: npm update ${pkgRec.name ?? ""}`,
+                                reachable,
                             });
                             allFindings.push({ ruleId: `DEP:${vuln2.id ?? "CVE"}`, severity: sev, file: "package.json", line: 0 });
                         }
                     }
+                    // Prioritize: severity first, then imported-and-vulnerable ahead of unused.
+                    depFindings.sort((a, b) => (DEP_SEV_RANK[a.severity] ?? 9) - (DEP_SEV_RANK[b.severity] ?? 9) ||
+                        (Number(b.reachable === true) - Number(a.reachable === true)));
                     const counts = { findings: depFindings.length, critical: depCritical, high: depHigh, medium: depMedium };
                     const reachText = typeof reachableVulnerable === "number" && vulnPackages > 0
                         ? ` (${reachableVulnerable} of ${vulnPackages} directly imported in source)`

package/build/tools/secure-this.d.ts

@@ -31,6 +31,12 @@ export interface SecureThisResult {
         passed: boolean;
         message: string;
     };
+    /**
+     * A runnable regression test that proves the resolved findings stay fixed.
+     * Deterministic scan-based proof (GuardVibe is the oracle): run on the vulnerable
+     * code it fails, on the fixed code it passes. Present only when fixes were applied.
+     */
+    proofTest?: string;
 }
 export interface SecureThisOptions {
     framework?: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.10.0",
+  "version": "3.12.0",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 441 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 70 CVE rules refreshed daily from GHSA/OSV/CISA KEV — React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",