guardvibe 3.23.0 → 3.24.0

package/CHANGELOG.md

@@ -5,6 +5,14 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.24.0] - 2026-06-23
+
+### Added — 1 rule from daily intel: Clerk 4.x auth() IDOR version-pin (449 → 450 rules)
+- **VG1096 — @clerk/nextjs 4.x auth()/getAuth() IDOR (CVE-2024-22206 / GHSA-q6w5-jg5q-47vg, critical).** @clerk/nextjs 4.7.0–4.29.2 misattributes a request to the wrong session in auth() (App Router) / getAuth() (Pages Router) — an IDOR / privilege escalation. Fixed in 4.29.3. Fills the legacy 4.x version-space that the 1.x/2.x middleware-bypass pin (VG925) and 6.x/7.x has() bypass pin (VG1045) do not cover. 0-FP semver: caret on 4.x and tilde within 4.29 resolve to the fix → only exact/= pins (and tilde within 4.7–4.28) flagged; 4.0–4.6 not affected. CVE version-pin rule count 76 → 77. 9 tests.
+- **Verified already-covered (no action) from the 2026-06-23 brief:** the install-time dropper signature (Miasma/Mastra/node-gyp) — supply-chain.ts already ships "Install Script Downloads and Executes Remote Code", "Malicious postinstall Script", "Obfuscated Payload in Install Script", plus VG1074 (Miasma IOC) and the CI `--ignore-scripts` rule; axios user-controlled-URL SSRF — covered more precisely by the host-position-aware taint SSRF sink + VG120; Clerk CVE-2026-42349 (has() bypass = VG1045) and CVE-2026-41248 (middleware bypass = VG925); Next.js RSC cluster (VG1047); React/Next RSC RCE (CVE-2025-55182). The brief's GV-CLERK-MIDDLEWARE-BYPASS behavioral suggestion was not added — bare clerkMiddleware() is the allow-by-default safe pattern, so the regex is FP-prone, and the CVE is already version-pinned.
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.23.0] - 2026-06-19
 
 ### Added — MCP/agent unauth endpoint rule + full CORS-credentials coverage from daily intel (448 → 449 rules)

package/README.md

@@ -15,7 +15,7 @@
 - **🔍 An independent second pair of eyes.** The thing that wrote the code can't review itself. GuardVibe is the outside checker on AI-written code — in the loop *while* your AI codes (real-time edit hook), not after.
 - **⬅️ NEW: Starts before the first line of code.** Every scanner on earth — including your agent reviewing itself — acts *after* the code exists. [`secure_prompt`](#prompt-level-security-shift-left) acts *before*: it analyzes the coding prompt itself, detects the stack and attack surfaces it implies, and embeds severity-ranked GuardVibe requirements into the prompt your AI executes. The vulnerability is prevented, not caught. Deterministic, zero LLM calls — and if the prompt is already secure, it passes through untouched.
 
-**The security MCP built for vibe coding.** 449 security rules, 39 tools covering the entire AI-generated code journey — from the prompt itself to production deployment.
+**The security MCP built for vibe coding.** 450 security rules, 39 tools covering the entire AI-generated code journey — from the prompt itself to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -27,7 +27,7 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **449 security rules, 39 tools** purpose-built for the stacks AI agents generate
+- **450 security rules, 39 tools** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
@@ -65,7 +65,7 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
 | CVE version detection | 71 packages, refreshed daily | Extensive | Extensive |
 | Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |
 | SARIF CI/CD export | Yes | Yes | Limited |
-| Rule count | 449 (focused, 68 AI-native) | 5000+ (broad) | N/A |
+| Rule count | 450 (focused, 68 AI-native) | 5000+ (broad) | N/A |
 
 **When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.
 
@@ -302,7 +302,7 @@ The offline tier is also a `full_audit` section (online never runs inside the au
 { "slopscan": { "online": true, "allow": ["@myorg/internal-pkg"] } }
 ```
 
-## Security Rules (449 rules across 25 modules)
+## Security Rules (450 rules across 25 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|

package/build/data/rules/cve-versions.js

@@ -889,4 +889,16 @@ export const cveVersionRules = [
         fixCode: '// package.json\n"@hono/node-server": "^1.19.13"  // or latest',
         compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.2", "HIPAA:§164.312(a)"],
     },
+    {
+        id: "VG1096",
+        name: "Clerk Next.js 4.x auth()/getAuth() IDOR (CVE-2024-22206 / GHSA-q6w5-jg5q-47vg)",
+        severity: "critical",
+        owasp: "A01:2025 Broken Access Control",
+        description: "@clerk/nextjs versions 4.7.0 through 4.29.2 contain a logic flaw in auth() (App Router) and getAuth() (Pages Router) that lets a request be attributed to the wrong session — an IDOR / privilege-escalation where an authenticated user can act as, or read data belonging to, another user. Fixed in 4.29.3. This is the legacy 4.x line; the 1.x/2.x middleware-bypass (VG925) and 6.x/7.x has() bypass (VG1045) pins do not cover the 4.x version-space, so this rule fills it. 0-FP semver: a caret range on 4.x resolves to the fixed 4.29.3+, and a tilde within 4.29 resolves to 4.29.3, so only exact/= pins (and tilde within 4.7–4.28) are flagged; 4.0–4.6 are not affected.",
+        pattern: /["']@clerk\/nextjs["']\s*:\s*["'](?:(?:~|=)?\s*4\.(?:[7-9]|1\d|2[0-8])\.\d+|=?\s*4\.29\.[0-2](?!\d))["']/g,
+        languages: ["json"],
+        fix: "Upgrade @clerk/nextjs to 4.29.3 or later (or migrate to the current 6.x/7.x line): npm install @clerk/nextjs@latest. As defence-in-depth, re-verify the resolved userId/orgId inside protected route handlers rather than trusting a single auth() call.",
+        fixCode: '// package.json\n"@clerk/nextjs": "^4.29.3"  // legacy 4.x; prefer migrating to ^6 / ^7\n\n// Defence-in-depth — bind the action to the authed user, never a client-supplied id\nimport { auth } from "@clerk/nextjs/server";\nexport async function GET() {\n  const { userId } = await auth();\n  if (!userId) return new Response("Unauthorized", { status: 401 });\n  const data = await db.record.findFirst({ where: { ownerId: userId } });\n}',
+        compliance: ["SOC2:CC6.1", "PCI-DSS:Req6.5.10", "HIPAA:§164.312(a)"],
+    },
 ];

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "guardvibe",
-  "version": "3.23.0",
+  "version": "3.24.0",
   "mcpName": "io.github.goklab/guardvibe",
-  "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 449 rules, 39 tools, CLI + doctor. Prompt-level shift-left security (secure_prompt — embed security requirements BEFORE code generation), host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 76 CVE rules refreshed daily from GHSA/OSV/CISA KEV — js-cookie cookie-attribute injection, PostCSS </style> stringify XSS, Axios proxy prototype-pollution gadget, Vite dev-server RCE, React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
+  "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 450 rules, 39 tools, CLI + doctor. Prompt-level shift-left security (secure_prompt — embed security requirements BEFORE code generation), host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 77 CVE rules refreshed daily from GHSA/OSV/CISA KEV — js-cookie cookie-attribute injection, PostCSS </style> stringify XSS, Axios proxy prototype-pollution gadget, Vite dev-server RCE, React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",