guardvibe 3.7.0 → 3.9.0

package/CHANGELOG.md

@@ -5,6 +5,26 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.9.0] - 2026-06-07
+
+### Changed — diff-aware is now the default across every gating surface (441 rules / 37 tools)
+- FAZ 2a made `guardvibe diff` diff-aware; this extends it to the surfaces that actually gate commits and PRs:
+- **Pre-commit (`scan_staged` / `guardvibe-scan`)** now reports only findings on **newly-staged lines** by default — the hook blocks what you just wrote, not pre-existing debt in a file you touched. Opt out with `--all-lines` (CLI) or `diff_aware:false` (MCP).
+- **`scan_changed_files` (MCP)** now reports only findings on **newly-added lines** vs the base by default (`diff_aware:false` for whole changed files).
+- **Transparent, never silent:** both report how many pre-existing findings on unchanged lines were hidden (`preExistingHidden`; a note in the pre-commit markdown). Reuses the FAZ 2a git-free hunk parser and `getAddedLinesStaged`/`getAddedLinesForDiff`. Verified end-to-end in a temp repo. No rule or tool changes (441 / 37).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
+## [3.8.0] - 2026-06-07
+
+### Fixed — auth-coverage no longer crashes on (and now understands) Clerk/Next.js middleware (441 rules / 37 tools)
+- **Crash fix:** the Next.js/Clerk catch-all `config.matcher` contains `]` inside character classes (e.g. `[^?]`), which truncated the old matcher parser and then made `matcherToRegex` throw "Unterminated character class" — so `auth_coverage` errored out on essentially every Clerk app. The matcher array is now parsed string-aware (brackets/commas/escapes inside a pattern are preserved) and matcher-to-regex never throws (it tries path-style and regex-style forms, skipping any it can't compile).
+- **Precision:** when the middleware uses Clerk's `createRouteMatcher([...])`, those patterns are used as the precise protected-route set (a sensitive route outside the list is correctly still reported unprotected) instead of the broad `config.matcher` run-scope.
+- **Fewer false negatives:** a recognizably non-auth middleware (next-intl / i18n / analytics) with a catch-all matcher no longer marks routes as protected. Default remains lenient for everything else, so custom auth middleware still counts.
+- New exported `parseProtectedRouteMatchers`; verified on the corpus (5 real middleware files, 0 crashes). No rule or tool changes (441 / 37).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.7.0] - 2026-06-07
 
 ### Added — 3 fresh CVE rules from daily intel (438 → 441 rules / 37 tools)

package/README.md

@@ -218,7 +218,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `-
 | `check_code` | Analyze a code snippet for security issues |
 | `check_project` | Scan multiple files with security scoring (A-F) |
 | `scan_directory` | Scan a project directory from disk |
-| `scan_staged` | Pre-commit scan of git-staged files |
+| `scan_staged` | Pre-commit scan of git-staged files — **diff-aware** (blocks only newly-staged lines; `diff_aware:false` for whole files) |
 | `scan_dependencies` | Check all dependencies for known CVEs (OSV) — annotates each vulnerable package with **reachability** (is it actually imported in your source?) |
 | `scan_secrets` | Detect leaked secrets, API keys, tokens |
 | `check_dependencies` | Check individual packages against OSV |
@@ -240,7 +240,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `-
 | `repo_security_posture` | Assess overall repository security posture and map sensitive areas |
 | `explain_remediation` | Get detailed remediation guidance with exploit scenarios and fix strategies |
 | `scan_file` | Real-time single-file scan — designed for post-edit hooks |
-| `scan_changed_files` | Scan only git-changed files — for PRs and incremental CI |
+| `scan_changed_files` | Scan only git-changed files — for PRs and incremental CI; **diff-aware** (only newly-added lines; `diff_aware:false` for whole files) |
 | `security_stats` | Cumulative security dashboard — scans, fixes, grade trend over time |
 | `guardvibe_doctor` | **Host security audit** — CVE-2025-59536, CVE-2026-21852, MCP config, env scanner |
 | `audit_mcp_config` | Audit MCP server configurations for hook injection, file:// abuse, sensitive paths |

package/build/cli/scan.js

@@ -26,7 +26,7 @@ export async function runScan() {
     }
     else {
         const { scanStaged } = await import("../tools/scan-staged.js");
-        result = scanStaged(process.cwd(), format === "json" ? "json" : "markdown");
+        result = scanStaged(process.cwd(), format === "json" ? "json" : "markdown", undefined, { diffAware: flags["all-lines"] !== true });
     }
     if (outputFile) {
         safeWriteOutput(outputFile, result);

package/build/index.js

@@ -238,12 +238,13 @@ server.tool("scan_secrets", "Scan files and directories for leaked secrets, API
     return { content: [{ type: "text", text: results }] };
 });
 // Tool 8: Scan git-staged files before committing
-server.tool("scan_staged", "Scan git-staged files for security vulnerabilities before committing. Run this before every commit to catch issues early. No input needed — automatically reads staged files.", {
+server.tool("scan_staged", "Scan git-staged files for security vulnerabilities before committing. Run this before every commit to catch issues early. No input needed — automatically reads staged files. Diff-aware by default: reports only issues on newly-staged lines (set diff_aware:false for whole staged files).", {
     format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
-}, async ({ format }) => {
+    diff_aware: z.boolean().default(true).describe("Report only findings on newly-staged lines (true, default) vs. all lines in staged files (false)"),
+}, async ({ format, diff_aware }) => {
     const rules = getRules();
     const cwd = process.cwd();
-    const results = scanStaged(cwd, format, rules);
+    const results = scanStaged(cwd, format, rules, { diffAware: diff_aware });
     let findingCount = 0;
     try {
         const parsed = JSON.parse(results);
@@ -556,15 +557,17 @@ server.tool("scan_file", "Scan a single file on disk by path for security vulner
     return { content: [{ type: "text", text: mergeStatsIntoOutput(result, summary, format) }] };
 });
 // Tool 24: Scan changed files only — for incremental CI/CD and PR workflows
-server.tool("scan_changed_files", "Scan only files that have changed since a given git ref (branch, commit, or HEAD~N). Ideal for PR checks, pre-push hooks, and incremental CI. Returns findings only for modified/added files.", {
+server.tool("scan_changed_files", "Scan only files that have changed since a given git ref (branch, commit, or HEAD~N). Ideal for PR checks, pre-push hooks, and incremental CI. Diff-aware by default: returns only findings on newly-added lines (set diff_aware:false for whole changed files).", {
     path: z.string().default(".").describe("Repository root path"),
     base: z.string().default("HEAD~1").describe("Git ref to diff against (e.g. 'main', 'HEAD~3', commit SHA)"),
     format: z.enum(["markdown", "json"]).default("markdown").describe("Output format"),
-}, async ({ path: repoPath, base, format }) => {
+    diff_aware: z.boolean().default(true).describe("Report only newly-introduced findings on added lines (true, default) vs. all findings in changed files (false)"),
+}, async ({ path: repoPath, base, format, diff_aware }) => {
     const { execFileSync } = await import("child_process");
     const { readFileSync, existsSync } = await import("fs");
     const { resolve, extname, basename } = await import("path");
     const { EXTENSION_MAP, CONFIG_FILE_MAP } = await import("./utils/constants.js");
+    const { getAddedLinesForDiff, filterToAddedLines } = await import("./tools/diff-aware.js");
     const root = resolve(repoPath);
     let changedFiles;
     try {
@@ -582,6 +585,7 @@ server.tool("scan_changed_files", "Scan only files that have changed since a giv
     }
     const rules = getRules();
     const allFindings = [];
+    let preExistingHidden = 0;
     for (const relPath of changedFiles) {
         const fullPath = resolve(root, relPath);
         if (!existsSync(fullPath))
@@ -596,7 +600,13 @@ server.tool("scan_changed_files", "Scan only files that have changed since a giv
             continue;
         try {
             const content = readFileSync(fullPath, "utf-8");
-            const findings = analyzeFileSecurity(content, language, undefined, fullPath, root, rules);
+            let findings = analyzeFileSecurity(content, language, undefined, fullPath, root, rules);
+            if (diff_aware) {
+                const added = getAddedLinesForDiff(base, relPath, root);
+                const kept = filterToAddedLines(findings, added);
+                preExistingHidden += findings.length - kept.length;
+                findings = kept;
+            }
             for (const f of findings) {
                 allFindings.push({
                     file: relPath, id: f.rule.id, name: f.rule.name,
@@ -615,7 +625,7 @@ server.tool("scan_changed_files", "Scan only files that have changed since a giv
         const high = allFindings.filter(f => f.severity === "high").length;
         const medium = allFindings.filter(f => f.severity === "medium").length;
         return { content: [{ type: "text", text: mergeStatsIntoOutput(JSON.stringify({
-                        summary: { total: allFindings.length, critical, high, medium, low: 0, blocked: critical > 0 || high > 0, changedFiles: changedFiles.length },
+                        summary: { total: allFindings.length, critical, high, medium, low: 0, blocked: critical > 0 || high > 0, changedFiles: changedFiles.length, diffAware: diff_aware, preExistingHidden },
                         findings: allFindings,
                     }), statsSummary, format) }] };
     }

package/build/tools/auth-coverage.d.ts

@@ -18,11 +18,14 @@ export interface FileEntry {
  * Enumerate all routes from a set of app directory files.
  */
 export declare function enumerateRoutes(files: FileEntry[]): RouteInfo[];
+export declare function parseMiddlewareMatchers(content: string): string[];
 /**
- * Parse Next.js middleware config.matcher from middleware file content.
- * Returns array of matcher patterns.
+ * Clerk-style protect lists: `createRouteMatcher([...])`. When present these are the
+ * precise routes the middleware enforces auth on — more accurate than config.matcher
+ * (which only says where the middleware *runs*), so a sensitive route outside the
+ * protect list is correctly still reported as unprotected.
  */
-export declare function parseMiddlewareMatchers(content: string): string[];
+export declare function parseProtectedRouteMatchers(content: string): string[];
 /**
  * Check if a route URL path matches any of the middleware matchers.
  * Empty matchers = middleware covers all routes.

package/build/tools/auth-coverage.js

@@ -82,35 +82,108 @@ export function enumerateRoutes(files) {
  * Parse Next.js middleware config.matcher from middleware file content.
  * Returns array of matcher patterns.
  */
+function stripComments(content) {
+    return content
+        .replace(/\\n/g, "\n").replace(/\\t/g, "\t")
+        .replace(/\/\*[\s\S]*?\*\//g, "")
+        .replace(/\/\/.*$/gm, "");
+}
+/** Inner text of the array starting at `[` at `openIdx`, scanning string-aware so
+ *  a `]` inside a string literal (e.g. the catch-all `[^?]`) doesn't end it early. */
+function bracketInner(s, openIdx) {
+    let depth = 0;
+    for (let i = openIdx; i < s.length; i++) {
+        const ch = s[i];
+        if (ch === '"' || ch === "'" || ch === "`") {
+            const q = ch;
+            i++;
+            while (i < s.length && s[i] !== q) {
+                if (s[i] === "\\")
+                    i++;
+                i++;
+            }
+        }
+        else if (ch === "[") {
+            depth++;
+        }
+        else if (ch === "]") {
+            depth--;
+            if (depth === 0)
+                return s.slice(openIdx + 1, i);
+        }
+    }
+    return null;
+}
+/** A matcher written in JS source escapes regex backslashes (`\\.`); collapse one
+ *  level so the extracted pattern is a usable regex (`\.`). */
+function unescapeMatcher(s) {
+    return s.replace(/\\\\/g, "\\");
+}
+/** Every quoted string literal inside a region (handles `]`, `,`, escapes within). */
+function extractStringLiterals(region) {
+    const out = [];
+    const re = /(["'`])((?:\\.|(?!\1)[\s\S])*?)\1/g;
+    let m;
+    while ((m = re.exec(region)) !== null)
+        out.push(unescapeMatcher(m[2]));
+    return out;
+}
 export function parseMiddlewareMatchers(content) {
-    // Normalize literal escape sequences that AI assistants may pass
-    let normalized = content.replace(/\\n/g, "\n").replace(/\\t/g, "\t");
-    // Strip block + line comments before pulling the matcher array. Real-world
-    // middleware files carry JSDoc-style notes inline (dub's matcher block has
-    // four bullet points); split-on-comma was swallowing those bullets into the
-    // matcher list, breaking every downstream regex test.
-    normalized = normalized.replace(/\/\*[\s\S]*?\*\//g, "").replace(/\/\/.*$/gm, "");
-    const stringMatch = /matcher\s*:\s*"([^"]+)"/.exec(normalized);
-    if (stringMatch)
-        return [stringMatch[1]];
-    const arrayMatch = /matcher\s*:\s*\[([^\]]+)\]/.exec(normalized);
-    if (arrayMatch) {
-        return arrayMatch[1]
-            .split(",")
-            .map(s => s.trim().replace(/^["']|["']$/g, ""))
-            .filter(Boolean);
+    const normalized = stripComments(content);
+    // Array form: matcher: [ ... ] — bound the array string-aware so a catch-all
+    // pattern containing `]`/`,` (e.g. Clerk's `[^?]`) isn't truncated.
+    const arrM = /matcher\s*:\s*\[/.exec(normalized);
+    if (arrM) {
+        const openIdx = normalized.indexOf("[", arrM.index);
+        const inner = bracketInner(normalized, openIdx);
+        if (inner !== null) {
+            const lits = extractStringLiterals(inner);
+            if (lits.length)
+                return lits;
+        }
     }
+    // String form: matcher: "..."
+    const strM = /matcher\s*:\s*(["'`])((?:\\.|(?!\1).)*)\1/.exec(normalized);
+    if (strM)
+        return [unescapeMatcher(strM[2])];
     return [];
 }
 /**
- * Convert a Next.js matcher pattern to a regex.
- * Handles :path* and :param patterns.
+ * Clerk-style protect lists: `createRouteMatcher([...])`. When present these are the
+ * precise routes the middleware enforces auth on — more accurate than config.matcher
+ * (which only says where the middleware *runs*), so a sensitive route outside the
+ * protect list is correctly still reported as unprotected.
+ */
+export function parseProtectedRouteMatchers(content) {
+    const normalized = stripComments(content);
+    const out = [];
+    const callRe = /createRouteMatcher\s*\(\s*\[/g;
+    let m;
+    while ((m = callRe.exec(normalized)) !== null) {
+        const openIdx = normalized.indexOf("[", m.index);
+        const inner = bracketInner(normalized, openIdx);
+        if (inner !== null)
+            out.push(...extractStringLiterals(inner));
+    }
+    return out;
+}
+/**
+ * Convert a Next.js matcher to a regex. Path-style matchers (`/x/:id`, `/y/:path*`)
+ * get token conversion; regex-style matchers (Clerk catch-all, `(.*)`, char classes)
+ * are used raw. Tries the likely form first, falls back to the other, and NEVER throws
+ * on a malformed pattern (returns null, which callers skip).
  */
 function matcherToRegex(pattern) {
-    const regexStr = pattern
-        .replace(/\/:[\w]+\*/g, "(?:/.*)?")
-        .replace(/:[\w]+/g, "[^/]+");
-    return new RegExp("^" + regexStr + "$");
+    const pathConvert = (p) => p.replace(/\/:[\w]+\*/g, "(?:/.*)?").replace(/:[\w]+/g, "[^/]+");
+    const looksRegex = /[(|]|\.\*|\\[dwsDWS]|\[\^?/.test(pattern);
+    const candidates = looksRegex ? [pattern, pathConvert(pattern)] : [pathConvert(pattern), pattern];
+    for (const c of candidates) {
+        try {
+            return new RegExp("^" + c + "$");
+        }
+        catch { /* try next form */ }
+    }
+    return null;
 }
 /**
  * Check if a route URL path matches any of the middleware matchers.
@@ -121,7 +194,7 @@ export function routeMatchesMatcher(urlPath, matchers) {
         return true;
     for (const pattern of matchers) {
         const regex = matcherToRegex(pattern);
-        if (regex.test(urlPath))
+        if (regex && regex.test(urlPath))
             return true;
     }
     return false;
@@ -154,8 +227,19 @@ function hasAuthGuard(code) {
  */
 export function analyzeAuthCoverage(routeFiles, middlewareContent, layoutFiles, authExceptions) {
     const routes = enumerateRoutes(routeFiles);
-    const matchers = parseMiddlewareMatchers(middlewareContent);
     const hasMiddleware = middlewareContent.length > 0;
+    // Default-lenient: a middleware with a matcher counts as protection — EXCEPT when it
+    // is recognizably a non-auth middleware (i18n / analytics) with no auth signal, which
+    // must not mark routes protected (that would hide genuinely unprotected routes).
+    const hasAuthSignal = hasAuthGuard(middlewareContent) ||
+        /\b(?:clerkMiddleware|authMiddleware|withAuth|createRouteMatcher|NextAuth|auth0|betterAuth|supabaseMiddleware|updateSession|createServerClient|getToken)\b/.test(middlewareContent) ||
+        /auth\s*\.\s*protect\s*\(/.test(middlewareContent);
+    const isNonAuthMiddleware = /\b(?:next-intl|createI18nMiddleware|next-international|paraglide|@vercel\/analytics|posthog)\b/.test(middlewareContent)
+        || /from\s+["']next-intl\/middleware["']/.test(middlewareContent);
+    const middlewareCountsAsAuth = hasMiddleware && (hasAuthSignal || !isNonAuthMiddleware);
+    // Prefer the precise Clerk protect list; fall back to where the (auth) middleware runs.
+    const protectMatchers = parseProtectedRouteMatchers(middlewareContent);
+    const coverageMatchers = protectMatchers.length ? protectMatchers : parseMiddlewareMatchers(middlewareContent);
     // Map file content by path for auth detection
     const contentByPath = new Map();
     for (const f of routeFiles)
@@ -167,9 +251,9 @@ export function analyzeAuthCoverage(routeFiles, middlewareContent, layoutFiles,
         route.hasAuthGuard = hasAuthGuard(content);
         if (route.hasAuthGuard)
             route.protectionSource = "auth-guard";
-        // Middleware coverage
-        if (hasMiddleware) {
-            route.middlewareCovered = routeMatchesMatcher(route.urlPath, matchers);
+        // Middleware coverage (skipped for recognizably non-auth middleware)
+        if (middlewareCountsAsAuth) {
+            route.middlewareCovered = routeMatchesMatcher(route.urlPath, coverageMatchers);
             if (route.middlewareCovered) {
                 middlewareCoveredCount++;
                 if (route.protectionSource === "none")

package/build/tools/scan-staged.d.ts

@@ -1,2 +1,4 @@
 import type { SecurityRule } from "../data/rules/types.js";
-export declare function scanStaged(cwd?: string, format?: "markdown" | "json", rules?: SecurityRule[]): string;
+export declare function scanStaged(cwd?: string, format?: "markdown" | "json", rules?: SecurityRule[], opts?: {
+    diffAware?: boolean;
+}): string;

package/build/tools/scan-staged.js

@@ -2,6 +2,7 @@ import { execFileSync } from "child_process";
 import { extname, basename } from "path";
 import { formatFindingsJson } from "./check-code.js";
 import { analyzeFileSecurity } from "./file-security.js";
+import { getAddedLinesStaged, filterToAddedLines } from "./diff-aware.js";
 import { securityBanner } from "../utils/banner.js";
 const EXTENSION_MAP = {
     ".js": "javascript", ".jsx": "javascript", ".mjs": "javascript", ".cjs": "javascript",
@@ -58,7 +59,10 @@ function detectLanguage(filePath) {
         return configLang;
     return null;
 }
-export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
+export function scanStaged(cwd = process.cwd(), format = "markdown", rules, opts = {}) {
+    // Diff-aware by default: the pre-commit gate blocks issues on lines you just
+    // staged, not pre-existing debt in files you happened to touch. --all-lines opts out.
+    const diffAware = opts.diffAware !== false;
     const stagedFiles = getStagedFiles(cwd);
     if (stagedFiles.length === 0) {
         return [
@@ -69,6 +73,7 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
     }
     const results = [];
     const skippedFiles = [];
+    let preExistingHidden = 0;
     for (const filePath of stagedFiles) {
         const language = detectLanguage(filePath);
         if (!language) {
@@ -80,7 +85,13 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
             skippedFiles.push(filePath);
             continue;
         }
-        const findings = analyzeFileSecurity(content, language, undefined, filePath, cwd, rules);
+        let findings = analyzeFileSecurity(content, language, undefined, filePath, cwd, rules);
+        if (diffAware) {
+            const added = getAddedLinesStaged(filePath, cwd);
+            const kept = filterToAddedLines(findings, added);
+            preExistingHidden += findings.length - kept.length;
+            findings = kept;
+        }
         if (findings.length > 0) {
             results.push({ path: filePath, findings });
         }
@@ -102,10 +113,14 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
         "# GuardVibe Pre-Commit Report",
         "",
         `Staged files scanned: ${scannedCount}`,
+        `Mode: ${diffAware ? "newly-staged lines only" : "all lines"}`,
         `Total issues: ${totalIssues}`,
         `Security Score: ${grade} (${score}/100)`,
         "",
     ];
+    if (diffAware && preExistingHidden > 0) {
+        lines.push(`> ${preExistingHidden} pre-existing finding(s) on unchanged lines hidden — re-run with \`--all-lines\` to see them.`, "");
+    }
     if (totalIssues > 0) {
         lines.push("## Summary", "", "| Severity | Count |", "|----------|-------|");
         if (totalCritical > 0)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.7.0",
+  "version": "3.9.0",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 441 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 70 CVE rules refreshed daily from GHSA/OSV/CISA KEV — React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",