guardvibe 3.3.0 → 3.5.0

package/CHANGELOG.md

@@ -5,6 +5,28 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.5.0] - 2026-06-07
+
+### Added — agent-native structured output (`guardvibe.agent.v1`) (438 rules / 37 tools)
+- **New `agent` output format** that returns one stable, documented contract per finding so a coding agent can act on data instead of parsing prose: `{ id, name, severity, owasp, file, line, confidence, autoFixable, exactEdit, manualFix, verify }`.
+- **`exactEdit`** is the structured line edit when the finding is auto-applicable (from `fix_code`); **`confidence`** is surfaced per finding; **`verify`** is a deterministic, runnable step (`guardvibe check … --format json`, expect the rule absent) so the agent can *prove* the fix landed.
+- Exposed via CLI `guardvibe check <file> --format agent` and the MCP `scan_file` tool (`format: "agent"`). New module `src/tools/agent-output.ts` (`buildAgentReport`); deterministic, no new dependency.
+- This unifies what was scattered across `fix_code`, `scan_file` and per-finding confidence into a single agent contract; complements `secure_this` (auto-apply loop) with a structured manual-fix path.
+- No rule or tool changes (438 / 37).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
+## [3.4.0] - 2026-06-07
+
+### Added — dependency reachability: is the vulnerable package actually imported? (438 rules / 37 tools)
+- **The dependency scan now annotates each vulnerable package with reachability** — whether it is actually imported/required anywhere in your source. A flagged dependency you never import is far lower priority than one your code calls into; this turns the daily-CVE freshness signal into a *prioritized*, actionable one.
+- **Annotate, never suppress:** findings are labeled `reachable: true/false` (and `[imported in source]` / `[not directly imported — likely unreachable]` in the audit), but nothing is dropped — a package can still be reached transitively or via dynamic/framework loading, so there are no new false negatives.
+- New module `src/tools/reachability.ts`: `packageRoot` (specifier → installable name, scoped-package aware), `extractImportedPackages` (import/require/dynamic-import/re-export forms), `collectImportedPackages` (source-tree walk, node_modules excluded), `analyzeReachability`. Import-level (package granularity).
+- Surfaced in `scan_dependencies` (per-package `reachable` + `reachabilityStatus`, summary `reachableVulnerable`) and the `audit` dependency section (`N of M directly imported in source`).
+- No rule or tool changes (438 / 37).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.3.0] - 2026-06-07
 
 ### Added — diff-aware scanning: block what you just wrote, not the backlog (438 rules / 37 tools)

package/README.md

@@ -219,7 +219,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `-
 | `check_project` | Scan multiple files with security scoring (A-F) |
 | `scan_directory` | Scan a project directory from disk |
 | `scan_staged` | Pre-commit scan of git-staged files |
-| `scan_dependencies` | Check all dependencies for known CVEs (OSV) |
+| `scan_dependencies` | Check all dependencies for known CVEs (OSV) — annotates each vulnerable package with **reachability** (is it actually imported in your source?) |
 | `scan_secrets` | Detect leaked secrets, API keys, tokens |
 | `check_dependencies` | Check individual packages against OSV |
 | `check_package_health` | Typosquat detection, maintenance status, adoption metrics |
@@ -330,7 +330,9 @@ npx guardvibe-scan                   # Scan staged files (for pre-commit)
 npx guardvibe-scan --format sarif --output results.sarif  # CI mode
 
 # Options (all scan commands)
-#   --format markdown|json|sarif|buddy
+#   --format markdown|json|sarif|buddy|agent
+#       agent = guardvibe.agent.v1 — per finding: { id, severity, confidence, exactEdit, manualFix, verify }
+#       so an AI agent can apply the exact edit and run the verify step to prove the fix
 #   --output <file>     Write results to file
 #   --fail-on <level>   Exit 1 on findings: critical|high|medium|low|none
 #   --full              Bypass response-size caps (50 JSON / 30 markdown / 200-file taint)

package/build/cli/args.js

@@ -1,7 +1,7 @@
 /**
  * CLI argument parsing utilities
  */
-const VALID_FORMATS = new Set(["markdown", "json", "sarif", "buddy"]);
+const VALID_FORMATS = new Set(["markdown", "json", "sarif", "buddy", "agent"]);
 export function getStringFlag(flags, key) {
     const val = flags[key];
     if (val === undefined || val === true)

package/build/cli/scan.js

@@ -206,9 +206,17 @@ export async function runFileCheck(filePath, flags) {
         process.exit(1);
     }
     const format = validateFormat(flags);
-    const formatArg = format === "json" ? "json" : format === "buddy" ? "buddy" : "markdown";
     const findings = analyzeFileSecurity(content, language, undefined, resolved, undefined);
-    const result = renderFindings(findings, language, undefined, formatArg, resolved);
+    let result;
+    if (format === "agent") {
+        // Agent-native contract: finding + exact-edit + confidence + verify step.
+        const { buildAgentReport } = await import("../tools/agent-output.js");
+        result = JSON.stringify(buildAgentReport(findings, content, language, resolved));
+    }
+    else {
+        const formatArg = format === "json" ? "json" : format === "buddy" ? "buddy" : "markdown";
+        result = renderFindings(findings, language, undefined, formatArg, resolved);
+    }
     const outputFile = getOutputPath(flags);
     if (outputFile) {
         safeWriteOutput(outputFile, result);

package/build/cli.js

@@ -44,7 +44,8 @@ function printUsage() {
     npx guardvibe-scan --format sarif --output results.sarif
 
   Options:
-    --format <type>       Output format: markdown (default), json, sarif, buddy
+    --format <type>       Output format: markdown (default), json, sarif, buddy, agent
+                          agent = guardvibe.agent.v1 (finding + exact edit + confidence + verify)
     --output <file>       Write results to file instead of stdout
     --fail-on <level>     Exit 1 when findings at this level or above exist
                           critical (default) | high | medium | low | none

package/build/index.js

@@ -42,6 +42,7 @@ import { formatHostFindings, redactSecrets } from "./server/types.js";
 import { verifyFix } from "./tools/verify-fix.js";
 import { fixCode as fixCodeTool } from "./tools/fix-code.js";
 import { secureThis } from "./tools/secure-this.js";
+import { buildAgentReport } from "./tools/agent-output.js";
 import { analyzeAuthCoverage, formatAuthCoverage } from "./tools/auth-coverage.js";
 import { buildDeepScanPrompt, parseDeepScanResult, formatDeepScanFindings, callLLM } from "./tools/deep-scan.js";
 import { runFullAudit, formatAuditResult } from "./tools/full-audit.js";
@@ -506,9 +507,9 @@ server.tool("explain_remediation", "Pass a GuardVibe rule ID (e.g. VG154) to get
 });
 // Tool 23: Quick file scan — returns structured findings, not raw file contents.
 // guardvibe-ignore VG880
-server.tool("scan_file", "Scan a single file on disk by path for security vulnerabilities. Pass a file path — the tool reads the file itself. For inline code snippets, use check_code instead. Example: scan_file({file_path: 'src/api/route.ts'})", {
+server.tool("scan_file", "Scan a single file on disk by path for security vulnerabilities. Pass a file path — the tool reads the file itself. For inline code snippets, use check_code instead. The 'agent' format returns the structured guardvibe.agent.v1 contract (finding + exact edit + confidence + verify step). Example: scan_file({file_path: 'src/api/route.ts', format: 'agent'})", {
     file_path: z.string().describe("Absolute or relative path to the file to scan"),
-    format: z.enum(["markdown", "json"]).default("json").describe("Output format"),
+    format: z.enum(["markdown", "json", "agent"]).default("json").describe("Output format. 'agent' = machine-actionable guardvibe.agent.v1 (exact edits + confidence + verify)"),
 }, async ({ file_path, format }) => {
     const { readFileSync, existsSync } = await import("fs");
     const { resolve, extname, basename, dirname } = await import("path");
@@ -529,6 +530,11 @@ server.tool("scan_file", "Scan a single file on disk by path for security vulner
     }
     const rules = getRules();
     const findings = analyzeFileSecurity(content, language, undefined, resolved, dirname(resolved), rules);
+    if (format === "agent") {
+        const cwdA = dirname(resolved);
+        recordScan(cwdA, { toolName: "scan_file", filesScanned: 1, findings: findings.map(f => ({ severity: f.rule.severity, ruleId: f.rule.id })) });
+        return { content: [{ type: "text", text: JSON.stringify(buildAgentReport(findings, content, language, resolved, rules)) }] };
+    }
     const result = renderFindings(findings, language, undefined, format, resolved);
     const cwd = dirname(resolved);
     recordScan(cwd, { toolName: "scan_file", filesScanned: 1, findings: findings.map(f => ({ severity: f.rule.severity, ruleId: f.rule.id })) });

package/build/tools/agent-output.d.ts

@@ -0,0 +1,44 @@
+/**
+ * Agent-native structured output (FAZ 4).
+ *
+ * Coding agents act on data, not prose. This builds one stable, documented
+ * contract per finding so an agent can: read severity + confidence, apply the
+ * exact edit deterministically when one exists, and run a verify step to prove
+ * the issue is gone. It unifies what was scattered across fix_code (edits),
+ * scan_file (suggested_fixes) and the finding's own confidence into a single
+ * `guardvibe.agent.v1` shape.
+ *
+ * No new dependency, fully deterministic (same findings + code → same report).
+ */
+import type { Finding } from "./check-code.js";
+import { type StructuredEdit } from "./fix-code.js";
+import type { SecurityRule } from "../data/rules/types.js";
+export interface AgentFinding {
+    id: string;
+    name: string;
+    severity: string;
+    owasp?: string;
+    file: string;
+    line: number;
+    confidence: "high" | "medium" | "low";
+    autoFixable: boolean;
+    exactEdit: StructuredEdit | null;
+    manualFix: string;
+    /** A deterministic, runnable step that proves the finding is resolved. */
+    verify: {
+        command: string;
+        expect: string;
+    };
+}
+export interface AgentReport {
+    schema: "guardvibe.agent.v1";
+    file: string;
+    total: number;
+    autoFixable: number;
+    findings: AgentFinding[];
+}
+/**
+ * Normalize a file's findings into the agent-native contract. `fixCode` is run
+ * once to attach exact edits to the findings that have one.
+ */
+export declare function buildAgentReport(findings: Finding[], code: string, language: string, filePath: string, rules?: SecurityRule[]): AgentReport;

package/build/tools/agent-output.js

@@ -0,0 +1,45 @@
+import { fixCode } from "./fix-code.js";
+/**
+ * Normalize a file's findings into the agent-native contract. `fixCode` is run
+ * once to attach exact edits to the findings that have one.
+ */
+export function buildAgentReport(findings, code, language, filePath, rules) {
+    // Map ruleId+line → structured edit (only auto-applicable rules yield one).
+    const edits = new Map();
+    if (findings.length > 0) {
+        try {
+            const parsed = JSON.parse(fixCode(code, language, undefined, filePath, "json", rules));
+            for (const fx of parsed.fixes ?? []) {
+                if (fx.edit)
+                    edits.set(`${fx.ruleId}:${fx.line}`, fx.edit);
+            }
+        }
+        catch { /* fixCode is best-effort; findings still report without edits */ }
+    }
+    const agentFindings = findings.map(f => {
+        const exactEdit = edits.get(`${f.rule.id}:${f.line}`) ?? null;
+        return {
+            id: f.rule.id,
+            name: f.rule.name,
+            severity: f.rule.severity,
+            owasp: f.rule.owasp,
+            file: filePath,
+            line: f.line,
+            confidence: f.confidence,
+            autoFixable: !!exactEdit,
+            exactEdit,
+            manualFix: f.rule.fix,
+            verify: {
+                command: `npx guardvibe check ${filePath} --format json`,
+                expect: `${f.rule.id} no longer reported at ${filePath}:${f.line}`,
+            },
+        };
+    });
+    return {
+        schema: "guardvibe.agent.v1",
+        file: filePath,
+        total: agentFindings.length,
+        autoFixable: agentFindings.filter(f => f.autoFixable).length,
+        findings: agentFindings,
+    };
+}

package/build/tools/full-audit.js

@@ -248,7 +248,7 @@ export async function runFullAudit(path, options) {
         }
         if (existsSync(manifestPath)) {
             try {
-                const depsJson = await scanDependencies(manifestPath, "json");
+                const depsJson = await scanDependencies(manifestPath, "json", { root: projectRoot });
                 const parsed = safeJsonParse(depsJson);
                 if (!parsed) {
                     // scanDependencies returned a markdown error (OSV API unreachable, parse failed, etc).
@@ -259,9 +259,15 @@ export async function runFullAudit(path, options) {
                 }
                 if (parsed) {
                     const vulnPackages = parsed.summary?.vulnerable ?? 0;
+                    const reachableVulnerable = parsed.summary?.reachableVulnerable;
                     const depFindings = [];
                     let depCritical = 0, depHigh = 0, depMedium = 0;
                     for (const pkg of parsed.packages ?? []) {
+                        const pkgRec = pkg;
+                        const reachable = pkgRec.reachable;
+                        const reachNote = reachable === false
+                            ? " [not directly imported — likely unreachable]"
+                            : reachable === true ? " [imported in source]" : "";
                         for (const v of pkg.vulnerabilities ?? []) {
                             const vuln2 = v;
                             const sev = (vuln2.severity ?? "high");
@@ -276,17 +282,20 @@ export async function runFullAudit(path, options) {
                                 severity: sev,
                                 file: "package.json",
                                 line: 0,
-                                name: `${pkg.name ?? "unknown"}: ${(vuln2.id ?? "CVE")}`,
-                                description: (vuln2.summary ?? vuln2.details ?? ""),
-                                fix: `Run: npm update ${pkg.name ?? ""}`,
+                                name: `${pkgRec.name ?? "unknown"}: ${(vuln2.id ?? "CVE")}`,
+                                description: `${(vuln2.summary ?? vuln2.details ?? "")}${reachNote}`,
+                                fix: `Run: npm update ${pkgRec.name ?? ""}`,
                             });
                             allFindings.push({ ruleId: `DEP:${vuln2.id ?? "CVE"}`, severity: sev, file: "package.json", line: 0 });
                         }
                     }
                     const counts = { findings: depFindings.length, critical: depCritical, high: depHigh, medium: depMedium };
+                    const reachText = typeof reachableVulnerable === "number" && vulnPackages > 0
+                        ? ` (${reachableVulnerable} of ${vulnPackages} directly imported in source)`
+                        : "";
                     const detailText = depFindings.length === 0
                         ? "No known CVEs"
-                        : `${depFindings.length} CVE(s) across ${vulnPackages} vulnerable package(s)`;
+                        : `${depFindings.length} CVE(s) across ${vulnPackages} vulnerable package(s)${reachText}`;
                     sections.push({ name: "dependencies", status: "ok", ...counts, details: detailText, sectionFindings: depFindings });
                 }
             }

package/build/tools/reachability.d.ts

@@ -0,0 +1,19 @@
+/** The installable package name behind a module specifier, or null if not a bare package. */
+export declare function packageRoot(specifier: string): string | null;
+/** All bare package roots imported/required/re-exported in a file's source. */
+export declare function extractImportedPackages(code: string): Set<string>;
+/** Walk a source tree and collect every imported package root (node_modules excluded). */
+export declare function collectImportedPackages(root: string, opts?: {
+    maxFiles?: number;
+}): Set<string>;
+export type ReachabilityStatus = "imported" | "not_imported";
+export interface ReachabilityResult {
+    reachable: boolean;
+    status: ReachabilityStatus;
+}
+/**
+ * Annotate each package name with whether it is imported anywhere under `root`.
+ * Pass `importedOverride` (a precomputed set) to avoid a filesystem walk (used in tests
+ * and to share one walk across many packages).
+ */
+export declare function analyzeReachability(packageNames: string[], root: string, importedOverride?: Set<string>): Map<string, ReachabilityResult>;

package/build/tools/reachability.js

@@ -0,0 +1,122 @@
+// guardvibe-ignore — defines import-detection regexes; the `require(...)`/`import(...)`
+// string literals here are detector patterns, not vulnerable code.
+/**
+ * Dependency reachability — is a vulnerable package actually used by YOUR code?
+ *
+ * A vulnerable version in package.json is only exploitable from your app if the
+ * package is actually imported/required somewhere in source. Flagging every
+ * advisory regardless drowns the real ones in transitive noise. Reachability
+ * answers "do you import this?" so a flagged-but-unimported dependency can be
+ * deprioritized.
+ *
+ * IMPORTANT — annotate, never suppress: a package can still be reached
+ * transitively or via dynamic/framework loading, so we LABEL findings
+ * (reachable: true/false) and never drop them. This keeps the freshness moat
+ * honest (no false negatives) while cutting the noise.
+ *
+ * This is import-level (package granularity), not call-graph/function level.
+ */
+import { readdirSync, statSync, readFileSync } from "fs";
+import { join, extname } from "path";
+const CODE_EXT = new Set([".js", ".jsx", ".mjs", ".cjs", ".ts", ".tsx", ".mts", ".cts"]);
+const SKIP_DIR = new Set([
+    "node_modules", ".git", ".next", "dist", "build", "out", "coverage",
+    ".turbo", "vendor", ".vercel", ".cache", ".svelte-kit",
+]);
+/** The installable package name behind a module specifier, or null if not a bare package. */
+export function packageRoot(specifier) {
+    if (!specifier)
+        return null;
+    if (specifier.startsWith(".") || specifier.startsWith("/"))
+        return null; // relative / absolute
+    if (specifier.startsWith("node:"))
+        return null; // node builtin
+    const parts = specifier.split("/");
+    if (specifier.startsWith("@")) {
+        if (parts.length < 2 || !parts[1])
+            return null; // incomplete scoped specifier
+        return `${parts[0]}/${parts[1]}`;
+    }
+    return parts[0];
+}
+const IMPORT_FROM = /(?:import|export)\b[^'"]*?\bfrom\s+['"]([^'"]+)['"]/g;
+const BARE_IMPORT = /\bimport\s+['"]([^'"]+)['"]/g;
+const REQUIRE_CALL = /\brequire\s*\(\s*['"]([^'"]+)['"]\s*\)/g;
+const DYNAMIC_IMPORT = /\bimport\s*\(\s*['"]([^'"]+)['"]\s*\)/g;
+/** All bare package roots imported/required/re-exported in a file's source. */
+export function extractImportedPackages(code) {
+    const out = new Set();
+    const add = (spec) => {
+        const root = packageRoot(spec);
+        if (root)
+            out.add(root);
+    };
+    for (const re of [IMPORT_FROM, BARE_IMPORT, REQUIRE_CALL, DYNAMIC_IMPORT]) {
+        re.lastIndex = 0;
+        for (const m of code.matchAll(re))
+            add(m[1]);
+    }
+    return out;
+}
+/** Walk a source tree and collect every imported package root (node_modules excluded). */
+export function collectImportedPackages(root, opts = {}) {
+    const found = new Set();
+    const maxFiles = opts.maxFiles ?? 20_000;
+    let count = 0;
+    const walk = (dir) => {
+        if (count >= maxFiles)
+            return;
+        let entries;
+        try {
+            entries = readdirSync(dir);
+        }
+        catch {
+            return;
+        }
+        for (const e of entries) {
+            if (count >= maxFiles)
+                return;
+            if (SKIP_DIR.has(e))
+                continue;
+            const p = join(dir, e);
+            let st;
+            try {
+                st = statSync(p);
+            }
+            catch {
+                continue;
+            }
+            if (st.isDirectory()) {
+                walk(p);
+            }
+            else if (CODE_EXT.has(extname(e).toLowerCase()) && st.size < 1_000_000) {
+                count++;
+                let code;
+                try {
+                    code = readFileSync(p, "utf-8");
+                }
+                catch {
+                    continue;
+                }
+                for (const pkg of extractImportedPackages(code))
+                    found.add(pkg);
+            }
+        }
+    };
+    walk(root);
+    return found;
+}
+/**
+ * Annotate each package name with whether it is imported anywhere under `root`.
+ * Pass `importedOverride` (a precomputed set) to avoid a filesystem walk (used in tests
+ * and to share one walk across many packages).
+ */
+export function analyzeReachability(packageNames, root, importedOverride) {
+    const imported = importedOverride ?? collectImportedPackages(root);
+    const out = new Map();
+    for (const name of packageNames) {
+        const reachable = imported.has(name);
+        out.set(name, { reachable, status: reachable ? "imported" : "not_imported" });
+    }
+    return out;
+}

package/build/tools/scan-dependencies.d.ts

@@ -1 +1,7 @@
-export declare function scanDependencies(manifestPath: string, format?: "markdown" | "json"): Promise<string>;
+export interface ScanDependenciesOptions {
+    /** Source root to scan for imports (defaults to the manifest's directory). */
+    root?: string;
+    /** Annotate each vulnerable package with whether it is imported in source. Default true. */
+    reachability?: boolean;
+}
+export declare function scanDependencies(manifestPath: string, format?: "markdown" | "json", opts?: ScanDependenciesOptions): Promise<string>;

package/build/tools/scan-dependencies.js

@@ -1,8 +1,9 @@
 import { readFileSync } from "fs";
-import { basename } from "path";
+import { basename, dirname } from "path";
 import { parseManifest } from "../utils/manifest-parser.js";
 import { queryOsvBatch, formatVulnerability, normalizeSeverity } from "../utils/osv-client.js";
-export async function scanDependencies(manifestPath, format = "markdown") {
+import { analyzeReachability } from "./reachability.js";
+export async function scanDependencies(manifestPath, format = "markdown", opts = {}) {
     let content;
     try {
         content = readFileSync(manifestPath, "utf-8");
@@ -42,6 +43,20 @@ export async function scanDependencies(manifestPath, format = "markdown") {
     }
     let totalVulns = 0;
     const criticalPackages = [];
+    // --- Reachability: is each vulnerable package actually imported in YOUR source? ---
+    // Annotate only (never suppress) — a package may still be reached transitively.
+    const vulnerableNames = packages
+        .filter(p => (vulnResults.get(`${p.name}@${p.version}`) || []).length > 0)
+        .map(p => p.name);
+    let reach = null;
+    if (opts.reachability !== false && vulnerableNames.length > 0) {
+        try {
+            reach = analyzeReachability(vulnerableNames, opts.root ?? dirname(manifestPath));
+        }
+        catch {
+            reach = null;
+        }
+    }
     // Build per-package vulnerability data
     const pkgResults = [];
     for (const pkg of packages) {
@@ -51,8 +66,11 @@ export async function scanDependencies(manifestPath, format = "markdown") {
             continue;
         totalVulns += vulns.length;
         criticalPackages.push(key);
+        const r = reach?.get(pkg.name);
         pkgResults.push({
             name: pkg.name, version: pkg.version, ecosystem: pkg.ecosystem,
+            reachable: r?.reachable,
+            reachabilityStatus: r?.status,
             vulnerabilities: vulns.map(v => ({
                 id: v.id, severity: normalizeSeverity(v), summary: v.summary,
                 fixedIn: (v.affected ?? []).flatMap((a) => (a.ranges ?? []).flatMap((r) => r.events.filter((e) => e.fixed).map((e) => e.fixed))).join(", ") || undefined,
@@ -60,6 +78,11 @@ export async function scanDependencies(manifestPath, format = "markdown") {
             })),
         });
         lines.push(`## ${key} (${pkg.ecosystem}) — ${vulns.length} vulnerabilities`, ``);
+        if (r) {
+            lines.push(r.reachable
+                ? `_Reachability: imported in your source._`
+                : `_Reachability: not directly imported — likely unreachable (may still be used transitively)._`, ``);
+        }
         for (const vuln of vulns) {
             lines.push(formatVulnerability(vuln), ``);
         }
@@ -78,6 +101,7 @@ export async function scanDependencies(manifestPath, format = "markdown") {
                 vulnerable: criticalPackages.length,
                 vulnerablePackages: criticalPackages.length,
                 totalAdvisories: totalVulns,
+                ...(reach ? { reachableVulnerable: [...reach.values()].filter(x => x.reachable).length } : {}),
                 ...sevCounts,
             },
             packages: pkgResults,
@@ -91,6 +115,10 @@ export async function scanDependencies(manifestPath, format = "markdown") {
         lines.push(`**${totalVulns} vulnerabilities** found in ${criticalPackages.length} packages:`, ``);
         for (const pkg of criticalPackages)
             lines.push(`- ${pkg}`);
+        if (reach) {
+            const reachableCount = [...reach.values()].filter(x => x.reachable).length;
+            lines.push(``, `**Reachability:** ${reachableCount} of ${reach.size} vulnerable package(s) are directly imported in your source — prioritize those.`);
+        }
         lines.push(``, `**Action:** Update affected packages to their fixed versions.`);
     }
     return lines.join("\n");

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.3.0",
+  "version": "3.5.0",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 438 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 67 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",