guardvibe 3.6.0 → 3.8.0

package/CHANGELOG.md

@@ -5,6 +5,28 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.8.0] - 2026-06-07
+
+### Fixed — auth-coverage no longer crashes on (and now understands) Clerk/Next.js middleware (441 rules / 37 tools)
+- **Crash fix:** the Next.js/Clerk catch-all `config.matcher` contains `]` inside character classes (e.g. `[^?]`), which truncated the old matcher parser and then made `matcherToRegex` throw "Unterminated character class" — so `auth_coverage` errored out on essentially every Clerk app. The matcher array is now parsed string-aware (brackets/commas/escapes inside a pattern are preserved) and matcher-to-regex never throws (it tries path-style and regex-style forms, skipping any it can't compile).
+- **Precision:** when the middleware uses Clerk's `createRouteMatcher([...])`, those patterns are used as the precise protected-route set (a sensitive route outside the list is correctly still reported unprotected) instead of the broad `config.matcher` run-scope.
+- **Fewer false negatives:** a recognizably non-auth middleware (next-intl / i18n / analytics) with a catch-all matcher no longer marks routes as protected. Default remains lenient for everything else, so custom auth middleware still counts.
+- New exported `parseProtectedRouteMatchers`; verified on the corpus (5 real middleware files, 0 crashes). No rule or tool changes (441 / 37).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
+## [3.7.0] - 2026-06-07
+
+### Added — 3 fresh CVE rules from daily intel (438 → 441 rules / 37 tools)
+- The freshness moat in action — June 2026 advisories (past typical model training cutoffs) for mainstream stack libraries, surfaced via `npm run intel`:
+- **VG1085** — DOMPurify XSS via `<selectedcontent>` re-clone (CVE-2026-47423). Only `dompurify` 3.4.4 is affected; 3.4.5 fixes it.
+- **VG1086** — React Router 7 multi-CVE cluster (CVE-2026-33245 RSC `javascript:` XSS, CVE-2026-42211 turbo-stream deserialization → unauth RCE, CVE-2026-42342 + CVE-2026-34077 DoS): `react-router` 7.0.0–7.14.x (fixed 7.15.0) and `@remix-run/server-runtime` 2.10.0–2.17.4 (fixed 2.17.5).
+- **VG1087** — Better Auth device-authorization approval bypass (CVE-2026-45337): `better-auth` 1.6.0–1.6.10 (fixed 1.6.11).
+- **0-FP semver:** patterns only match the genuinely-vulnerable pins — a caret/tilde range that resolves to the fixed patch is NOT flagged (DOMPurify/Better Auth exact-only; React Router exact/tilde, not caret). Validated against the corpus: **0 false positives** across all `package.json` files. 22 new version-range unit tests.
+- Counts updated everywhere (consistency guard enforces 441); CVE-rule count 67 → 70.
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.6.0] - 2026-06-07
 
 ### Fixed — VG120 SSRF false-positive narrowing (sustain 0-FP) (438 rules / 37 tools)

package/README.md

@@ -9,12 +9,12 @@
 > **Security infrastructure your AI can't be.**
 > No matter how good your coding agent gets, it can't know the CVE published after its training cutoff, it can't deterministically guarantee the same check every run, it can't hold your whole repo in context, and it can't objectively review its own code. GuardVibe does all four — the deterministic, post-cutoff-current, whole-repo, author-independent verification layer for AI-written code.
 
-- **🗓️ Knows what your AI doesn't.** CVE rules refreshed **daily** from GHSA / OSV.dev / CISA KEV — GuardVibe flags vulnerable dependencies published *after* your model's training cutoff. (67 CVE rules, `npm run intel` daily triage.)
+- **🗓️ Knows what your AI doesn't.** CVE rules refreshed **daily** from GHSA / OSV.dev / CISA KEV — GuardVibe flags vulnerable dependencies published *after* your model's training cutoff. (70 CVE rules, `npm run intel` daily triage.)
 - **🎯 Deterministic, not probabilistic.** Same code = same result, every run (content-hashed). Your AI guesses; GuardVibe doesn't.
 - **🗺️ Sees the whole repo.** Cross-file taint + auth-coverage across every route — catches the unprotected endpoint your agent's narrow context missed.
 - **🔍 An independent second pair of eyes.** The thing that wrote the code can't review itself. GuardVibe is the outside checker on AI-written code — in the loop *while* your AI codes (real-time edit hook), not after.
 
-**The security MCP built for vibe coding.** 438 security rules, 37 tools covering the entire AI-generated code journey — from first line to production deployment.
+**The security MCP built for vibe coding.** 441 security rules, 37 tools covering the entire AI-generated code journey — from first line to production deployment.
 
 Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.
 
@@ -26,11 +26,11 @@ Works with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf
 
 Most security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.
 
-- **438 security rules, 37 tools** purpose-built for the stacks AI agents generate
+- **441 security rules, 37 tools** purpose-built for the stacks AI agents generate
 - **Zero setup friction** — `npx guardvibe` and you're scanning
 - **No account required** — runs 100% locally, no API keys, no cloud
 - **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
-- **CVE version intelligence** — detects 67 known vulnerable package versions in package.json, refreshed every day from GHSA / OSV.dev / CISA KEV
+- **CVE version intelligence** — detects 70 known vulnerable package versions in package.json, refreshed every day from GHSA / OSV.dev / CISA KEV
 - **AI agent & MCP security** — detects MCP server vulnerabilities, tool-description prompt injection (OWASP MCP Top 10), model-controlled sandbox-disable flags, excessive AI permissions, indirect prompt injection
 - **Auto-fix suggestions** — `fix_code` tool returns concrete patches and structured edits the AI agent can apply mechanically. Coverage: hardcoded credentials → env-var migration; public-prefix LLM keys (`NEXT_PUBLIC_/VITE_/EXPO_PUBLIC_/REACT_APP_`) → prefix removal; CORS wildcards → env allowlist; `dangerouslyAllowBrowser` flags → drop; sandbox bypass flags (`unsafe`/`noSandbox`/`allowEval`) → drop; agent loops → add `maxSteps`; raw-HTML React props → `<ReactMarkdown>`; missing auth checks → insert auth guard; SQL injection → parameterized queries; missing rate limiters / CSRF / security headers → snippet templates.
 - **Pre-commit hook** — block insecure code before it reaches your repo
@@ -61,10 +61,10 @@ GuardVibe is purpose-built for the AI coding workflow. Traditional tools are exc
 | AI/LLM security (prompt injection, MCP, tool abuse) | 68 rules | Experimental/None | None |
 | AI host security (CVE-2025-59536, CVE-2026-21852) | `guardvibe doctor` | Not supported | Not supported |
 | Auto-fix suggestions for AI agents | `fix_code` tool | CLI autofix | Not supported |
-| CVE version detection | 67 packages, refreshed daily | Extensive | Extensive |
+| CVE version detection | 70 packages, refreshed daily | Extensive | Extensive |
 | Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |
 | SARIF CI/CD export | Yes | Yes | Limited |
-| Rule count | 438 (focused, 68 AI-native) | 5000+ (broad) | N/A |
+| Rule count | 441 (focused, 68 AI-native) | 5000+ (broad) | N/A |
 
 **When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.
 
@@ -188,7 +188,7 @@ React Native, Expo — AsyncStorage secrets, deep link token exposure, hardcoded
 ### Firebase
 Firestore security rules, Firebase Admin SDK exposure, storage rules, custom token validation
 
-### CVE Version Intelligence (67 CVEs, refreshed daily)
+### CVE Version Intelligence (70 CVEs, refreshed daily)
 **Frameworks:** Next.js (CVE-2024-34351, CVE-2024-46982, CVE-2025-29927, CVE-2026-23869, CVE-2026-44573 / 44574 / 44575 / 44578 / 44579 / 45109 May 2026 cluster), React + react-server-dom-* (CVE-2025-55182, CVE-2026-23870), Express, Hono pre-4.12.18 cluster, @vitejs/plugin-rsc, Strapi content-type-builder (CVE-2026-22599)
 **Auth:** Clerk middleware bypass (GHSA-vqx2), Clerk `has()` org/billing/reverification bypass (GHSA-w24r), Clerk `clerkFrontendApiProxy` SSRF (CVE-2026-34076), NextAuth.js (2 CVEs), jsonwebtoken
 **ORMs / SQL:** Drizzle SQL identifier injection (CVE-2026-39356) + Drizzle `sql.raw` interpolation (VG1073), MikroORM SQL injection (CVE-2026-44680), Prisma raw-query call-form, Kysely JSON-path traversal (CVE-2026-44635)
@@ -255,7 +255,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `-
 
 All scanning tools support `format: "json"` for machine-readable output.
 
-## Security Rules (438 rules across 25 modules)
+## Security Rules (441 rules across 25 modules)
 
 | Category | Rules | Coverage |
 |----------|-------|----------|
@@ -274,7 +274,7 @@ All scanning tools support `format: "json"` for machine-readable output.
 | AI / LLM Security | 16 | Prompt injection, MCP SSRF, excessive agency, indirect injection |
 | **AI Host Security** | **10** | **CVE-2025-59536 hook injection, CVE-2026-21852 base URL hijack, MCP config audit** |
 | **AI Tool Runtime** | **4** | **MCP tool output sanitization, obfuscated descriptions, safety bypass** |
-| CVE Version Intelligence | 27 | Known vulnerable versions in package.json — incl. Axios supply-chain backdoor, Clerk middleware bypass (GHSA-vqx2), Next.js RSC DoS (CVE-2026-23869), Hono CRLF (CVE-2026-29086) |
+| CVE Version Intelligence | 30 | Known vulnerable versions in package.json — incl. React Router 7 cluster (CVE-2026-33245/42211/42342), DOMPurify XSS (CVE-2026-47423), Better Auth bypass (CVE-2026-45337), Axios supply-chain backdoor, Clerk middleware bypass (GHSA-vqx2) |
 | Shell / Bash | 5 | Pipe to bash, chmod 777, rm -rf, sudo password |
 | SQL | 4 | DROP/DELETE without WHERE, stacked queries, GRANT ALL |
 | Supply Chain | 16 | Malicious install scripts, lockfile integrity, dependency confusion, typosquat detection |

package/build/data/rules/cve-versions.js

@@ -781,4 +781,40 @@ export const cveVersionRules = [
         fixCode: '// package.json\n"tinymce": "^8.5.1"  // or "^7.9.3" for v7\n\n// Sanitize editor output before persisting/rendering\nimport DOMPurify from "isomorphic-dompurify";\n' + 'const clean = DOMPurify.sanitize(editorHtml);',
         compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.7"],
     },
+    {
+        id: "VG1085",
+        name: "DOMPurify XSS via selectedcontent re-clone (CVE-2026-47423 / GHSA-87xg-pxx2-7hvx)",
+        severity: "high",
+        owasp: "A02:2025 Injection",
+        description: "dompurify 3.4.4 can be bypassed via a `<selectedcontent>` re-clone, allowing crafted markup to survive sanitization and execute as XSS. DOMPurify is the go-to HTML sanitizer for user-generated content, so a vulnerable pin silently reopens the exact XSS hole it was added to close. Only 3.4.4 is affected; 3.4.5 fixes it (a caret/tilde range resolves to the fixed patch and is not flagged).",
+        pattern: /["']dompurify["']\s*:\s*["']=?3\.4\.4["']/g,
+        languages: ["json"],
+        fix: "Upgrade dompurify to 3.4.5+: npm install dompurify@latest. Keep sanitizing on the server side too — never trust client-only sanitization for stored content.",
+        fixCode: '// package.json\n"dompurify": "^3.4.5"  // or latest',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.7"],
+    },
+    {
+        id: "VG1086",
+        name: "React Router 7 multi-CVE cluster — XSS / deserialization RCE / DoS (CVE-2026-33245 / 42211 / 42342 / 34077)",
+        severity: "high",
+        owasp: "A08:2025 Software and Data Integrity Failures",
+        description: "react-router 7.0.0–7.14.x (and @remix-run/server-runtime 2.10.0–2.17.4) ship a cluster of server-side vulnerabilities: XSS via `javascript:` targets in RSC redirect handling, unauthenticated RCE via the vendored turbo-stream v2 TYPE_ERROR deserialization (arbitrary constructor invocation), and two denial-of-service vectors (unbounded path expansion in the `__manifest` endpoint and reflected input in single-fetch). React Router 7 powers a large share of modern React/Remix apps. Fixed across the 7.13.2–7.15.0 line (use 7.15.0+) and @remix-run/server-runtime 2.17.5+. Exact and tilde pins in the affected range are flagged; a caret range resolves to a fixed release.",
+        pattern: /(?:["']react-router["']\s*:\s*["'](?:=|~)?7\.(?:[0-9]|1[0-4])\.\d+["']|["']@remix-run\/server-runtime["']\s*:\s*["'](?:=|~)?2\.(?:1[0-6]\.\d+|17\.[0-4])["'])/g,
+        languages: ["json"],
+        fix: "Upgrade react-router to 7.15.0+ (npm install react-router@latest) and @remix-run/server-runtime to 2.17.5+. After upgrading, reject non-http(s) redirect targets and keep request size/path limits in front of the app.",
+        fixCode: '// package.json\n"react-router": "^7.15.0"\n// or, for Remix:\n"@remix-run/server-runtime": "^2.17.5"',
+        compliance: ["SOC2:CC7.1", "PCI-DSS:Req6.5.1"],
+    },
+    {
+        id: "VG1087",
+        name: "Better Auth device-authorization approval bypass (CVE-2026-45337 / GHSA-cq3f-vc6p-68fh)",
+        severity: "high",
+        owasp: "A07:2025 Identification and Authentication Failures",
+        description: "better-auth 1.6.0–1.6.10 lets the device-authorization approve/deny endpoints accept ANY authenticated session while a user code is pending, so an attacker who gets a victim signed in can have their own device-login flow approved against the victim's account. Better Auth is increasingly common in Next.js / AI-app stacks. Fixed in 1.6.11 (a caret/tilde range resolves to the fixed patch and is not flagged).",
+        pattern: /["']better-auth["']\s*:\s*["']=?1\.6\.(?:[0-9]|10)["']/g,
+        languages: ["json"],
+        fix: "Upgrade better-auth to 1.6.11+: npm install better-auth@latest. Verify device-authorization approval is bound to the session that initiated the user code.",
+        fixCode: '// package.json\n"better-auth": "^1.6.11"  // or latest',
+        compliance: ["SOC2:CC6.6", "PCI-DSS:Req6.5.10"],
+    },
 ];

package/build/tools/auth-coverage.d.ts

@@ -18,11 +18,14 @@ export interface FileEntry {
  * Enumerate all routes from a set of app directory files.
  */
 export declare function enumerateRoutes(files: FileEntry[]): RouteInfo[];
+export declare function parseMiddlewareMatchers(content: string): string[];
 /**
- * Parse Next.js middleware config.matcher from middleware file content.
- * Returns array of matcher patterns.
+ * Clerk-style protect lists: `createRouteMatcher([...])`. When present these are the
+ * precise routes the middleware enforces auth on — more accurate than config.matcher
+ * (which only says where the middleware *runs*), so a sensitive route outside the
+ * protect list is correctly still reported as unprotected.
  */
-export declare function parseMiddlewareMatchers(content: string): string[];
+export declare function parseProtectedRouteMatchers(content: string): string[];
 /**
  * Check if a route URL path matches any of the middleware matchers.
  * Empty matchers = middleware covers all routes.

package/build/tools/auth-coverage.js

@@ -82,35 +82,108 @@ export function enumerateRoutes(files) {
  * Parse Next.js middleware config.matcher from middleware file content.
  * Returns array of matcher patterns.
  */
+function stripComments(content) {
+    return content
+        .replace(/\\n/g, "\n").replace(/\\t/g, "\t")
+        .replace(/\/\*[\s\S]*?\*\//g, "")
+        .replace(/\/\/.*$/gm, "");
+}
+/** Inner text of the array starting at `[` at `openIdx`, scanning string-aware so
+ *  a `]` inside a string literal (e.g. the catch-all `[^?]`) doesn't end it early. */
+function bracketInner(s, openIdx) {
+    let depth = 0;
+    for (let i = openIdx; i < s.length; i++) {
+        const ch = s[i];
+        if (ch === '"' || ch === "'" || ch === "`") {
+            const q = ch;
+            i++;
+            while (i < s.length && s[i] !== q) {
+                if (s[i] === "\\")
+                    i++;
+                i++;
+            }
+        }
+        else if (ch === "[") {
+            depth++;
+        }
+        else if (ch === "]") {
+            depth--;
+            if (depth === 0)
+                return s.slice(openIdx + 1, i);
+        }
+    }
+    return null;
+}
+/** A matcher written in JS source escapes regex backslashes (`\\.`); collapse one
+ *  level so the extracted pattern is a usable regex (`\.`). */
+function unescapeMatcher(s) {
+    return s.replace(/\\\\/g, "\\");
+}
+/** Every quoted string literal inside a region (handles `]`, `,`, escapes within). */
+function extractStringLiterals(region) {
+    const out = [];
+    const re = /(["'`])((?:\\.|(?!\1)[\s\S])*?)\1/g;
+    let m;
+    while ((m = re.exec(region)) !== null)
+        out.push(unescapeMatcher(m[2]));
+    return out;
+}
 export function parseMiddlewareMatchers(content) {
-    // Normalize literal escape sequences that AI assistants may pass
-    let normalized = content.replace(/\\n/g, "\n").replace(/\\t/g, "\t");
-    // Strip block + line comments before pulling the matcher array. Real-world
-    // middleware files carry JSDoc-style notes inline (dub's matcher block has
-    // four bullet points); split-on-comma was swallowing those bullets into the
-    // matcher list, breaking every downstream regex test.
-    normalized = normalized.replace(/\/\*[\s\S]*?\*\//g, "").replace(/\/\/.*$/gm, "");
-    const stringMatch = /matcher\s*:\s*"([^"]+)"/.exec(normalized);
-    if (stringMatch)
-        return [stringMatch[1]];
-    const arrayMatch = /matcher\s*:\s*\[([^\]]+)\]/.exec(normalized);
-    if (arrayMatch) {
-        return arrayMatch[1]
-            .split(",")
-            .map(s => s.trim().replace(/^["']|["']$/g, ""))
-            .filter(Boolean);
+    const normalized = stripComments(content);
+    // Array form: matcher: [ ... ] — bound the array string-aware so a catch-all
+    // pattern containing `]`/`,` (e.g. Clerk's `[^?]`) isn't truncated.
+    const arrM = /matcher\s*:\s*\[/.exec(normalized);
+    if (arrM) {
+        const openIdx = normalized.indexOf("[", arrM.index);
+        const inner = bracketInner(normalized, openIdx);
+        if (inner !== null) {
+            const lits = extractStringLiterals(inner);
+            if (lits.length)
+                return lits;
+        }
     }
+    // String form: matcher: "..."
+    const strM = /matcher\s*:\s*(["'`])((?:\\.|(?!\1).)*)\1/.exec(normalized);
+    if (strM)
+        return [unescapeMatcher(strM[2])];
     return [];
 }
 /**
- * Convert a Next.js matcher pattern to a regex.
- * Handles :path* and :param patterns.
+ * Clerk-style protect lists: `createRouteMatcher([...])`. When present these are the
+ * precise routes the middleware enforces auth on — more accurate than config.matcher
+ * (which only says where the middleware *runs*), so a sensitive route outside the
+ * protect list is correctly still reported as unprotected.
+ */
+export function parseProtectedRouteMatchers(content) {
+    const normalized = stripComments(content);
+    const out = [];
+    const callRe = /createRouteMatcher\s*\(\s*\[/g;
+    let m;
+    while ((m = callRe.exec(normalized)) !== null) {
+        const openIdx = normalized.indexOf("[", m.index);
+        const inner = bracketInner(normalized, openIdx);
+        if (inner !== null)
+            out.push(...extractStringLiterals(inner));
+    }
+    return out;
+}
+/**
+ * Convert a Next.js matcher to a regex. Path-style matchers (`/x/:id`, `/y/:path*`)
+ * get token conversion; regex-style matchers (Clerk catch-all, `(.*)`, char classes)
+ * are used raw. Tries the likely form first, falls back to the other, and NEVER throws
+ * on a malformed pattern (returns null, which callers skip).
  */
 function matcherToRegex(pattern) {
-    const regexStr = pattern
-        .replace(/\/:[\w]+\*/g, "(?:/.*)?")
-        .replace(/:[\w]+/g, "[^/]+");
-    return new RegExp("^" + regexStr + "$");
+    const pathConvert = (p) => p.replace(/\/:[\w]+\*/g, "(?:/.*)?").replace(/:[\w]+/g, "[^/]+");
+    const looksRegex = /[(|]|\.\*|\\[dwsDWS]|\[\^?/.test(pattern);
+    const candidates = looksRegex ? [pattern, pathConvert(pattern)] : [pathConvert(pattern), pattern];
+    for (const c of candidates) {
+        try {
+            return new RegExp("^" + c + "$");
+        }
+        catch { /* try next form */ }
+    }
+    return null;
 }
 /**
  * Check if a route URL path matches any of the middleware matchers.
@@ -121,7 +194,7 @@ export function routeMatchesMatcher(urlPath, matchers) {
         return true;
     for (const pattern of matchers) {
         const regex = matcherToRegex(pattern);
-        if (regex.test(urlPath))
+        if (regex && regex.test(urlPath))
             return true;
     }
     return false;
@@ -154,8 +227,19 @@ function hasAuthGuard(code) {
  */
 export function analyzeAuthCoverage(routeFiles, middlewareContent, layoutFiles, authExceptions) {
     const routes = enumerateRoutes(routeFiles);
-    const matchers = parseMiddlewareMatchers(middlewareContent);
     const hasMiddleware = middlewareContent.length > 0;
+    // Default-lenient: a middleware with a matcher counts as protection — EXCEPT when it
+    // is recognizably a non-auth middleware (i18n / analytics) with no auth signal, which
+    // must not mark routes protected (that would hide genuinely unprotected routes).
+    const hasAuthSignal = hasAuthGuard(middlewareContent) ||
+        /\b(?:clerkMiddleware|authMiddleware|withAuth|createRouteMatcher|NextAuth|auth0|betterAuth|supabaseMiddleware|updateSession|createServerClient|getToken)\b/.test(middlewareContent) ||
+        /auth\s*\.\s*protect\s*\(/.test(middlewareContent);
+    const isNonAuthMiddleware = /\b(?:next-intl|createI18nMiddleware|next-international|paraglide|@vercel\/analytics|posthog)\b/.test(middlewareContent)
+        || /from\s+["']next-intl\/middleware["']/.test(middlewareContent);
+    const middlewareCountsAsAuth = hasMiddleware && (hasAuthSignal || !isNonAuthMiddleware);
+    // Prefer the precise Clerk protect list; fall back to where the (auth) middleware runs.
+    const protectMatchers = parseProtectedRouteMatchers(middlewareContent);
+    const coverageMatchers = protectMatchers.length ? protectMatchers : parseMiddlewareMatchers(middlewareContent);
     // Map file content by path for auth detection
     const contentByPath = new Map();
     for (const f of routeFiles)
@@ -167,9 +251,9 @@ export function analyzeAuthCoverage(routeFiles, middlewareContent, layoutFiles,
         route.hasAuthGuard = hasAuthGuard(content);
         if (route.hasAuthGuard)
             route.protectionSource = "auth-guard";
-        // Middleware coverage
-        if (hasMiddleware) {
-            route.middlewareCovered = routeMatchesMatcher(route.urlPath, matchers);
+        // Middleware coverage (skipped for recognizably non-auth middleware)
+        if (middlewareCountsAsAuth) {
+            route.middlewareCovered = routeMatchesMatcher(route.urlPath, coverageMatchers);
             if (route.middlewareCovered) {
                 middlewareCoveredCount++;
                 if (route.protectionSource === "none")

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "guardvibe",
-  "version": "3.6.0",
+  "version": "3.8.0",
   "mcpName": "io.github.goklab/guardvibe",
-  "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 438 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 67 CVE rules refreshed daily from GHSA/OSV/CISA KEV — Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
+  "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 441 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 70 CVE rules refreshed daily from GHSA/OSV/CISA KEV — React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",
   "bin": {
     "guardvibe": "build/cli.js",