guardvibe 3.12.0 → 3.14.0

package/CHANGELOG.md

@@ -5,6 +5,24 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.14.0] - 2026-06-08
+
+### Added — intel maintenance: Vite / launch-editor dev-server RCE (441 → 442 rules / 37 tools)
+- **VG1088** — vite < 5.4.9 (and the `launch-editor` < 2.9.0 it bundles) dev-server command injection on Windows (CVE-2024-52011 / GHSA-c27g-q93r-2cwf). Surfaced by `npm run intel` as the one remaining mainstream-stack gap; drafted via the S3-1 scaffold pipeline.
+- **0-FP semver:** exact/`=` pins only (a caret/tilde resolves to the fixed line). Validated on the corpus: **1 true positive** (dub pins `"vite": "5.2.9"`), **0 false positives**. 8 new version-range tests.
+- Counts updated everywhere (consistency guard enforces 442); CVE-rule count 70 → 71.
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
+## [3.13.0] - 2026-06-07
+
+### Added — Season 3 S3-3: PR-native, author-independent review (441 rules / 37 tools)
+- **`guardvibe ci github --pr`** generates a `.github/workflows/guardvibe-pr-review.yml` that, on every pull request, runs a **diff-aware** scan (only the issues the PR newly introduced) and posts them as **inline review comments** on the exact file + line — the moat made visible where AI-written code lands: whole-repo aware, independent of the author, in the loop.
+- Uses `actions/github-script` to create the PR review (no extra runtime dependency), with `pull-requests: write` and a graceful fallback to a summary comment if inline review can't be posted. Pinned + auto-upgraded like the existing scan workflow.
+- Completes Season 3 (S3-1 autonomous/prioritized intel, S3-2 proof-carrying fixes, S3-3 PR-native review). New exported `buildGithubPrReviewWorkflow`; 6 tests. No rule or tool changes (441 / 37).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.12.0] - 2026-06-07
 
 ### Added — Season 3 S3-2: proof-carrying fixes (441 rules / 37 tools)

package/README.md

@@ -9,12 +9,12 @@
 > **Security infrastructure your AI can't be.**
 > No matter how good your coding agent gets, it can't know the CVE published after its training cutoff, it can't deterministically guarantee the same check every run, it can't hold your whole repo in context, and it can't objectively review its own code. GuardVibe does all four — the deterministic, post-cutoff-current, whole-repo, author-independent verification layer for AI-written code.
 
-- **🗓️ Knows what your AI doesn't.** CVE rules refreshed **daily** from GHSA / OSV.dev / CISA KEV — GuardVibe flags vulnerable dependencies published *after* your model's training cutoff. (70 CVE rules, `npm run intel` daily triage.)
+- **🗓️ Knows what your AI doesn't.** CVE rules refreshed **daily** from GHSA / OSV.dev / CISA KEV — GuardVibe flags vulnerable dependencies published *after* your model's training cutoff. (71 CVE rules, `npm run intel` daily triage.)
 - **🎯 Deterministic, not probabilistic.** Same code = same result, every run (content-hashed). Your AI guesses; GuardVibe doesn't.
 - **🗺️ Sees the whole repo.** Cross-file taint + auth-coverage across every route — catches the unprotected endpoint your agent's narrow context missed.
 - **🔍 An independent second pair of eyes.** The thing that wrote the code can't review itself. GuardVibe is the outside checker on AI-written code — in the loop *while* your AI codes (real-time edit hook), not after.
 
-**The security MCP built for vibe coding.** 441 security rules, 37 tools covering the entire AI-generated code journey — from first line to production deployment.
+**The security MCP built for vibe coding.** 442 security rules, 37 tools covering the entire AI-generated code journey — from first line to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -26,11 +26,11 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **441 security rules, 37 tools** purpose-built for the stacks AI agents generate
+- **442 security rules, 37 tools** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
-- **CVE version intelligence** — detects 70 known vulnerable package versions in package.json, refreshed every day from GHSA / OSV.dev / CISA KEV
+- **CVE version intelligence** — detects 71 known vulnerable package versions in package.json, refreshed every day from GHSA / OSV.dev / CISA KEV
 - **AI agent & MCP security** — detects MCP server vulnerabilities, tool-description prompt injection (OWASP MCP Top 10), model-controlled sandbox-disable flags, excessive AI permissions, indirect prompt injection
 - **Auto-fix suggestions** — `fix_code` tool returns concrete patches and structured edits the AI agent can apply mechanically. Coverage: hardcoded credentials → env-var migration; public-prefix LLM keys (`NEXT_PUBLIC_/VITE_/EXPO_PUBLIC_/REACT_APP_`) → prefix removal; CORS wildcards → env allowlist; `dangerouslyAllowBrowser` flags → drop; sandbox bypass flags (`unsafe`/`noSandbox`/`allowEval`) → drop; agent loops → add `maxSteps`; raw-HTML React props → `<ReactMarkdown>`; missing auth checks → insert auth guard; SQL injection → parameterized queries; missing rate limiters / CSRF / security headers → snippet templates.
 - **Pre-commit hook** — block insecure code before it reaches your repo
@@ -61,10 +61,10 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
 | AI/LLM security (prompt injection, MCP, tool abuse) | 68 rules | Experimental/None | None |
 | AI host security (CVE-2025-59536, CVE-2026-21852) | `guardvibe doctor` | Not supported | Not supported |
 | Auto-fix suggestions for AI agents | `fix_code` tool | CLI autofix | Not supported |
-| CVE version detection | 70 packages, refreshed daily | Extensive | Extensive |
+| CVE version detection | 71 packages, refreshed daily | Extensive | Extensive |
 | Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |
 | SARIF CI/CD export | Yes | Yes | Limited |
-| Rule count | 441 (focused, 68 AI-native) | 5000+ (broad) | N/A |
+| Rule count | 442 (focused, 68 AI-native) | 5000+ (broad) | N/A |
 
 **When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.
 
@@ -150,7 +150,8 @@ npx guardvibe hook uninstall # Remove hook
 ### CI/CD (GitHub Actions)
 
 ```bash
-npx guardvibe ci github      # Generates .github/workflows/guardvibe.yml
+npx guardvibe ci github          # Generates .github/workflows/guardvibe.yml (SARIF scan)
+npx guardvibe ci github --pr     # + a diff-aware PR review workflow that posts inline comments
 ```
 
 ## What GuardVibe Scans
@@ -188,7 +189,7 @@ React Native, Expo — AsyncStorage secrets, deep link token exposure, hardcoded
 ### Firebase
 Firestore security rules, Firebase Admin SDK exposure, storage rules, custom token validation
 
-### CVE Version Intelligence (70 CVEs, refreshed daily)
+### CVE Version Intelligence (71 CVEs, refreshed daily)
 **Frameworks:** Next.js (CVE-2024-34351, CVE-2024-46982, CVE-2025-29927, CVE-2026-23869, CVE-2026-44573 / 44574 / 44575 / 44578 / 44579 / 45109 May 2026 cluster), React + react-server-dom-* (CVE-2025-55182, CVE-2026-23870), Express, Hono pre-4.12.18 cluster, @vitejs/plugin-rsc, Strapi content-type-builder (CVE-2026-22599)
 **Auth:** Clerk middleware bypass (GHSA-vqx2), Clerk `has()` org/billing/reverification bypass (GHSA-w24r), Clerk `clerkFrontendApiProxy` SSRF (CVE-2026-34076), NextAuth.js (2 CVEs), jsonwebtoken
 **ORMs / SQL:** Drizzle SQL identifier injection (CVE-2026-39356) + Drizzle `sql.raw` interpolation (VG1073), MikroORM SQL injection (CVE-2026-44680), Prisma raw-query call-form, Kysely JSON-path traversal (CVE-2026-44635)
@@ -255,7 +256,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `-
 
 All scanning tools support `format: "json"` for machine-readable output.
 
-## Security Rules (441 rules across 25 modules)
+## Security Rules (442 rules across 25 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|
@@ -274,7 +275,7 @@ All scanning tools support `format: "json"` for machine-readable output.
 | AI / LLM Security | 16 | Prompt injection, MCP SSRF, excessive agency, indirect injection |
 | **AI Host Security** | **10** | **CVE-2025-59536 hook injection, CVE-2026-21852 base URL hijack, MCP config audit** |
 | **AI Tool Runtime** | **4** | **MCP tool output sanitization, obfuscated descriptions, safety bypass** |
-| CVE Version Intelligence | 30 | Known vulnerable versions in package.json — incl. React Router 7 cluster (CVE-2026-33245/42211/42342), DOMPurify XSS (CVE-2026-47423), Better Auth bypass (CVE-2026-45337), Axios supply-chain backdoor, Clerk middleware bypass (GHSA-vqx2) |
+| CVE Version Intelligence | 31 | Known vulnerable versions in package.json — incl. Vite dev-server cmd injection (CVE-2024-52011), React Router 7 cluster (CVE-2026-33245/42211/42342), DOMPurify XSS (CVE-2026-47423), Better Auth bypass (CVE-2026-45337), Axios supply-chain backdoor |
 | Shell / Bash | 5 | Pipe to bash, chmod 777, rm -rf, sudo password |
 | SQL | 4 | DROP/DELETE without WHERE, stacked queries, GRANT ALL |
 | Supply Chain | 16 | Malicious install scripts, lockfile integrity, dependency confusion, typosquat detection |

package/build/cli/ci.d.ts

@@ -2,4 +2,11 @@
  * CLI: guardvibe ci <provider>
  * Generates CI/CD workflow configurations.
  */
+/**
+ * PR-native, author-independent review workflow: on each PR, run a DIFF-AWARE scan
+ * (only issues newly introduced by the PR) and post them as inline review comments
+ * via actions/github-script — no extra runtime dependency. The moat made visible
+ * exactly where AI-written code lands.
+ */
+export declare function buildGithubPrReviewWorkflow(version: string): string;
 export declare function runCi(args: string[]): void;

package/build/cli/ci.js

@@ -45,6 +45,78 @@ jobs:
           category: guardvibe
 `;
 }
+/**
+ * PR-native, author-independent review workflow: on each PR, run a DIFF-AWARE scan
+ * (only issues newly introduced by the PR) and post them as inline review comments
+ * via actions/github-script — no extra runtime dependency. The moat made visible
+ * exactly where AI-written code lands.
+ */
+export function buildGithubPrReviewWorkflow(version) {
+    return `name: GuardVibe PR Review
+# Pinned to guardvibe@${version}. Re-run \`npx guardvibe ci github --pr\` to upgrade.
+# Diff-aware: comments only on issues this PR newly introduced (not pre-existing debt).
+
+on:
+  pull_request:
+    branches: [main, master]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  guardvibe-pr-review:
+    name: GuardVibe PR Review
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "22"
+
+      - name: GuardVibe diff-aware scan (newly-introduced issues only)
+        run: |
+          git fetch --no-tags --depth=1 origin "\${{ github.base_ref }}"
+          npx -y guardvibe@${version} diff "origin/\${{ github.base_ref }}" --format json --output gv-diff.json || true
+
+      - name: Post findings as PR review comments
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            let data;
+            try { data = JSON.parse(fs.readFileSync('gv-diff.json', 'utf8')); } catch (e) { return; }
+            const findings = (data.findings || []).filter(f => f.line > 0);
+            if (!findings.length) return;
+            const comments = findings.map(f => ({
+              path: f.file,
+              line: f.line,
+              body: '**GuardVibe ' + String(f.severity).toUpperCase() + ': ' + f.name + '** (' + f.id + ')\\n\\n' + (f.fix || '')
+            }));
+            const summary = 'GuardVibe found ' + findings.length + ' newly-introduced issue(s) in this PR.';
+            try {
+              await github.rest.pulls.createReview({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: context.issue.number,
+                event: 'COMMENT',
+                body: summary,
+                comments
+              });
+            } catch (e) {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                body: summary + ' (inline review unavailable: ' + e.message + ')'
+              });
+            }
+`;
+}
 /** Extract a pinned guardvibe version from a generated workflow YAML, or "latest"/null for legacy/unrecognized forms. */
 function extractPinnedVersionFromWorkflow(content) {
     const pinned = content.match(/guardvibe@(\d+\.\d+\.\d+(?:-[\w.]+)?)/);
@@ -85,14 +157,43 @@ function generateGitHubActions() {
     console.log(`  [OK] Created .github/workflows/guardvibe.yml (pinned to v${pkg.version}).`);
     console.log("  [OK] SARIF results will appear in GitHub Security tab.");
 }
+function generateGitHubPrReview() {
+    const workflowDir = join(process.cwd(), ".github", "workflows");
+    if (!existsSync(workflowDir))
+        mkdirSync(workflowDir, { recursive: true });
+    const workflowPath = join(workflowDir, "guardvibe-pr-review.yml");
+    const fresh = buildGithubPrReviewWorkflow(pkg.version);
+    if (existsSync(workflowPath)) {
+        const existingPin = extractPinnedVersionFromWorkflow(readFileSync(workflowPath, "utf-8"));
+        if (existingPin === pkg.version) {
+            console.log(`  [OK] .github/workflows/guardvibe-pr-review.yml already up-to-date (pinned to v${pkg.version}).`);
+            return;
+        }
+        if (existingPin) {
+            writeFileSync(workflowPath, fresh, "utf-8");
+            console.log(`  [OK] Updated .github/workflows/guardvibe-pr-review.yml (${existingPin} → ${pkg.version}).`);
+            return;
+        }
+        console.log("  [OK] .github/workflows/guardvibe-pr-review.yml exists with custom contents — leaving as-is.");
+        return;
+    }
+    writeFileSync(workflowPath, fresh, "utf-8");
+    console.log(`  [OK] Created .github/workflows/guardvibe-pr-review.yml (pinned to v${pkg.version}).`);
+    console.log("  [OK] PRs will get inline, diff-aware GuardVibe review comments.");
+}
 export function runCi(args) {
     const provider = args[0]?.toLowerCase();
+    const wantPr = args.includes("--pr");
     console.log(`\n  GuardVibe CI/CD Setup\n`);
     if (provider === "github") {
         generateGitHubActions();
+        if (wantPr)
+            generateGitHubPrReview();
+        else
+            console.log("  [tip] Add --pr to also generate a diff-aware PR review workflow (inline comments).");
     }
     else {
-        console.error("  [ERR] Unknown CI provider. Usage: npx guardvibe ci github");
+        console.error("  [ERR] Unknown CI provider. Usage: npx guardvibe ci github [--pr]");
         process.exit(1);
     }
     console.log();

package/build/cli.js

@@ -37,7 +37,7 @@ function printUsage() {
     npx guardvibe init <platform>    Setup MCP server configuration
     npx guardvibe hook install       Install pre-commit security hook
     npx guardvibe hook uninstall     Remove pre-commit security hook
-    npx guardvibe ci github          Generate GitHub Actions workflow
+    npx guardvibe ci github [--pr]   Generate GitHub Actions workflow (--pr: diff-aware PR review with inline comments)
 
   Scan CLI (used by pre-commit hook and CI):
     npx guardvibe-scan               Scan git-staged files

package/build/data/rules/cve-versions.js

@@ -817,4 +817,16 @@ export const cveVersionRules = [
         fixCode: '// package.json\n"better-auth": "^1.6.11"  // or latest',
         compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10"],
     },
+    {
+        id: "VG1088",
+        name: "Vite / launch-editor dev-server command injection on Windows (CVE-2024-52011 / GHSA-c27g-q93r-2cwf)",
+        severity: "high",
+        owasp: "A06:2025 Vulnerable and Outdated Components",
+        description: "vite < 5.4.9 (and the launch-editor < 2.9.0 it bundles) lets a crafted request to the running dev server inject a shell command on Windows. The dev server is commonly exposed on shared networks, so a vulnerable pin is a real RCE vector for developers/CI on Windows. Fixed in vite 5.4.9 / launch-editor 2.9.0. Only exact (or `=`) pins are flagged — a caret/tilde range resolves to a fixed release.",
+        pattern: /(?:["']vite["']\s*:\s*["']=?(?:[0-4]\.\d+\.\d+|5\.[0-3]\.\d+|5\.4\.[0-8])["']|["']launch-editor["']\s*:\s*["']=?(?:[01]\.\d+\.\d+|2\.[0-8]\.\d+)["'])/g,
+        languages: ["json"],
+        fix: "Upgrade vite to 5.4.9+ (or v6+): npm install -D vite@latest. If you depend on launch-editor directly, upgrade it to 2.9.0+. Never expose the dev server beyond localhost.",
+        fixCode: '// package.json\n"vite": "^5.4.9"  // or ^6',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
 ];

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "guardvibe",
-  "version": "3.12.0",
+  "version": "3.14.0",
   "mcpName": "io.github.goklab/guardvibe",
-  "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 441 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 70 CVE rules refreshed daily from GHSA/OSV/CISA KEV — React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
+  "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 442 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 71 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Vite dev-server RCE, React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",