guardvibe 3.8.0 → 3.10.0

package/CHANGELOG.md

@@ -5,6 +5,26 @@ All notable changes to GuardVibe are documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.10.0] - 2026-06-07
+
+### Added — Season 3 S3-1: autonomous, prioritized threat intel (441 rules / 37 tools)
+- **`npm run intel --scaffold`** now drafts a review-ready `cve-versions.ts` rule object **and** a version-range test stub for each uncovered advisory — turning "here's a gap" into "here's a rule + test to review." Drafts are printed only; nothing is auto-committed (the standing rule: never auto-commit untested rules).
+- **CISA KEV prioritization:** the intel gap report cross-references the CISA Known-Exploited-Vulnerabilities catalog and surfaces actively-exploited CVEs first (🔥 marker), so what's being exploited in the wild — past your model's training cutoff — rises to the top. Degrades gracefully if the catalog is unreachable.
+- New tested module `src/lib/cve-scaffold.ts`: `versionRangeRegex(introduced, fixed)` generalizes the hand-rolled 0-FP semver→regex work (single version / patch-range / minor-range / from-zero), and `scaffoldCveRule` emits the rule + test. Exact/`=` pins by default (a caret/tilde that resolves to the fix is left for the reviewer). The intel report (and `--json`) now also carries each gap's package + affected/fixed range + `kev` flag.
+- No rule or tool changes (441 / 37) — this drafts rules; humans + the gate still decide.
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
+## [3.9.0] - 2026-06-07
+
+### Changed — diff-aware is now the default across every gating surface (441 rules / 37 tools)
+- FAZ 2a made `guardvibe diff` diff-aware; this extends it to the surfaces that actually gate commits and PRs:
+- **Pre-commit (`scan_staged` / `guardvibe-scan`)** now reports only findings on **newly-staged lines** by default — the hook blocks what you just wrote, not pre-existing debt in a file you touched. Opt out with `--all-lines` (CLI) or `diff_aware:false` (MCP).
+- **`scan_changed_files` (MCP)** now reports only findings on **newly-added lines** vs the base by default (`diff_aware:false` for whole changed files).
+- **Transparent, never silent:** both report how many pre-existing findings on unchanged lines were hidden (`preExistingHidden`; a note in the pre-commit markdown). Reuses the FAZ 2a git-free hunk parser and `getAddedLinesStaged`/`getAddedLinesForDiff`. Verified end-to-end in a temp repo. No rule or tool changes (441 / 37).
+
+Gate green (build / lint / test / self-audit PASS / A / 0).
+
 ## [3.8.0] - 2026-06-07
 
 ### Fixed — auth-coverage no longer crashes on (and now understands) Clerk/Next.js middleware (441 rules / 37 tools)

package/README.md

@@ -218,7 +218,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `-
 | `check_code` | Analyze a code snippet for security issues |
 | `check_project` | Scan multiple files with security scoring (A-F) |
 | `scan_directory` | Scan a project directory from disk |
-| `scan_staged` | Pre-commit scan of git-staged files |
+| `scan_staged` | Pre-commit scan of git-staged files — **diff-aware** (blocks only newly-staged lines; `diff_aware:false` for whole files) |
 | `scan_dependencies` | Check all dependencies for known CVEs (OSV) — annotates each vulnerable package with **reachability** (is it actually imported in your source?) |
 | `scan_secrets` | Detect leaked secrets, API keys, tokens |
 | `check_dependencies` | Check individual packages against OSV |
@@ -240,7 +240,7 @@ Malicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `-
 | `repo_security_posture` | Assess overall repository security posture and map sensitive areas |
 | `explain_remediation` | Get detailed remediation guidance with exploit scenarios and fix strategies |
 | `scan_file` | Real-time single-file scan — designed for post-edit hooks |
-| `scan_changed_files` | Scan only git-changed files — for PRs and incremental CI |
+| `scan_changed_files` | Scan only git-changed files — for PRs and incremental CI; **diff-aware** (only newly-added lines; `diff_aware:false` for whole files) |
 | `security_stats` | Cumulative security dashboard — scans, fixes, grade trend over time |
 | `guardvibe_doctor` | **Host security audit** — CVE-2025-59536, CVE-2026-21852, MCP config, env scanner |
 | `audit_mcp_config` | Audit MCP server configurations for hook injection, file:// abuse, sensitive paths |

package/build/cli/scan.js

@@ -26,7 +26,7 @@ export async function runScan() {
     }
     else {
         const { scanStaged } = await import("../tools/scan-staged.js");
-        result = scanStaged(process.cwd(), format === "json" ? "json" : "markdown");
+        result = scanStaged(process.cwd(), format === "json" ? "json" : "markdown", undefined, { diffAware: flags["all-lines"] !== true });
     }
     if (outputFile) {
         safeWriteOutput(outputFile, result);

package/build/index.js

@@ -238,12 +238,13 @@ server.tool("scan_secrets", "Scan files and directories for leaked secrets, API
     return { content: [{ type: "text", text: results }] };
 });
 // Tool 8: Scan git-staged files before committing
-server.tool("scan_staged", "Scan git-staged files for security vulnerabilities before committing. Run this before every commit to catch issues early. No input needed — automatically reads staged files.", {
+server.tool("scan_staged", "Scan git-staged files for security vulnerabilities before committing. Run this before every commit to catch issues early. No input needed — automatically reads staged files. Diff-aware by default: reports only issues on newly-staged lines (set diff_aware:false for whole staged files).", {
     format: z.enum(["markdown", "json"]).default("markdown").describe("Output format: markdown (human) or json (machine-readable for agents)"),
-}, async ({ format }) => {
+    diff_aware: z.boolean().default(true).describe("Report only findings on newly-staged lines (true, default) vs. all lines in staged files (false)"),
+}, async ({ format, diff_aware }) => {
     const rules = getRules();
     const cwd = process.cwd();
-    const results = scanStaged(cwd, format, rules);
+    const results = scanStaged(cwd, format, rules, { diffAware: diff_aware });
     let findingCount = 0;
     try {
         const parsed = JSON.parse(results);
@@ -556,15 +557,17 @@ server.tool("scan_file", "Scan a single file on disk by path for security vulner
     return { content: [{ type: "text", text: mergeStatsIntoOutput(result, summary, format) }] };
 });
 // Tool 24: Scan changed files only — for incremental CI/CD and PR workflows
-server.tool("scan_changed_files", "Scan only files that have changed since a given git ref (branch, commit, or HEAD~N). Ideal for PR checks, pre-push hooks, and incremental CI. Returns findings only for modified/added files.", {
+server.tool("scan_changed_files", "Scan only files that have changed since a given git ref (branch, commit, or HEAD~N). Ideal for PR checks, pre-push hooks, and incremental CI. Diff-aware by default: returns only findings on newly-added lines (set diff_aware:false for whole changed files).", {
     path: z.string().default(".").describe("Repository root path"),
     base: z.string().default("HEAD~1").describe("Git ref to diff against (e.g. 'main', 'HEAD~3', commit SHA)"),
     format: z.enum(["markdown", "json"]).default("markdown").describe("Output format"),
-}, async ({ path: repoPath, base, format }) => {
+    diff_aware: z.boolean().default(true).describe("Report only newly-introduced findings on added lines (true, default) vs. all findings in changed files (false)"),
+}, async ({ path: repoPath, base, format, diff_aware }) => {
     const { execFileSync } = await import("child_process");
     const { readFileSync, existsSync } = await import("fs");
     const { resolve, extname, basename } = await import("path");
     const { EXTENSION_MAP, CONFIG_FILE_MAP } = await import("./utils/constants.js");
+    const { getAddedLinesForDiff, filterToAddedLines } = await import("./tools/diff-aware.js");
     const root = resolve(repoPath);
     let changedFiles;
     try {
@@ -582,6 +585,7 @@ server.tool("scan_changed_files", "Scan only files that have changed since a giv
     }
     const rules = getRules();
     const allFindings = [];
+    let preExistingHidden = 0;
     for (const relPath of changedFiles) {
         const fullPath = resolve(root, relPath);
         if (!existsSync(fullPath))
@@ -596,7 +600,13 @@ server.tool("scan_changed_files", "Scan only files that have changed since a giv
             continue;
         try {
             const content = readFileSync(fullPath, "utf-8");
-            const findings = analyzeFileSecurity(content, language, undefined, fullPath, root, rules);
+            let findings = analyzeFileSecurity(content, language, undefined, fullPath, root, rules);
+            if (diff_aware) {
+                const added = getAddedLinesForDiff(base, relPath, root);
+                const kept = filterToAddedLines(findings, added);
+                preExistingHidden += findings.length - kept.length;
+                findings = kept;
+            }
             for (const f of findings) {
                 allFindings.push({
                     file: relPath, id: f.rule.id, name: f.rule.name,
@@ -615,7 +625,7 @@ server.tool("scan_changed_files", "Scan only files that have changed since a giv
         const high = allFindings.filter(f => f.severity === "high").length;
         const medium = allFindings.filter(f => f.severity === "medium").length;
         return { content: [{ type: "text", text: mergeStatsIntoOutput(JSON.stringify({
-                        summary: { total: allFindings.length, critical, high, medium, low: 0, blocked: critical > 0 || high > 0, changedFiles: changedFiles.length },
+                        summary: { total: allFindings.length, critical, high, medium, low: 0, blocked: critical > 0 || high > 0, changedFiles: changedFiles.length, diffAware: diff_aware, preExistingHidden },
                         findings: allFindings,
                     }), statsSummary, format) }] };
     }

package/build/lib/cve-scaffold.d.ts

@@ -0,0 +1,38 @@
+/**
+ * CVE rule scaffolding (Season 3, S3-1).
+ *
+ * Turns a "package X is vulnerable in [introduced, fixed)" advisory into a
+ * review-ready `cve-versions.ts` rule object + a version-range test stub, so the
+ * daily intel pipeline drafts rules instead of just reporting gaps. The output is
+ * a DRAFT for human review + the normal gate/corpus validation — never
+ * auto-committed (the hard-won "never auto-commit untested rules" rule stands).
+ *
+ * 0-FP-leaning by default: the generated pin matcher only accepts exact / `=`
+ * pins (a `^`/`~` range usually resolves to the fixed patch and is left for the
+ * reviewer to add where the range spans minors). Pure + deterministic.
+ */
+/**
+ * Regex fragment matching a semver version string in [introduced, fixed).
+ * Handles the shapes CVE advisories use: single version, a patch range within a
+ * minor, a minor range within a major, and from-zero. Multi-major ranges get a
+ * best-effort pattern (flagged for review by the scaffold).
+ */
+export declare function versionRangeRegex(introduced: string, fixed: string): string;
+export interface AdvisoryInput {
+    ruleId: string;
+    pkg: string;
+    introduced: string;
+    fixed: string;
+    cve?: string;
+    ghsa?: string;
+    severity: string;
+    summary: string;
+}
+/**
+ * Build a review-ready cve-versions.ts rule object + a matching test stub for an
+ * advisory. Returns source strings to paste (after review) — NOT auto-applied.
+ */
+export declare function scaffoldCveRule(a: AdvisoryInput): {
+    rule: string;
+    test: string;
+};

package/build/lib/cve-scaffold.js

@@ -0,0 +1,110 @@
+// guardvibe-ignore — builds CVE-rule regex *strings* from semver ranges; the
+// `["']`/`\s*` fragments here are detector-pattern templates, not vulnerable code.
+/**
+ * CVE rule scaffolding (Season 3, S3-1).
+ *
+ * Turns a "package X is vulnerable in [introduced, fixed)" advisory into a
+ * review-ready `cve-versions.ts` rule object + a version-range test stub, so the
+ * daily intel pipeline drafts rules instead of just reporting gaps. The output is
+ * a DRAFT for human review + the normal gate/corpus validation — never
+ * auto-committed (the hard-won "never auto-commit untested rules" rule stands).
+ *
+ * 0-FP-leaning by default: the generated pin matcher only accepts exact / `=`
+ * pins (a `^`/`~` range usually resolves to the fixed patch and is left for the
+ * reviewer to add where the range spans minors). Pure + deterministic.
+ */
+function parseVer(v) {
+    if (!v || v === "0")
+        return [0, 0, 0];
+    const m = v.match(/^(\d+)(?:\.(\d+))?(?:\.(\d+))?/);
+    if (!m)
+        return [0, 0, 0];
+    return [Number(m[1] || 0), Number(m[2] || 0), Number(m[3] || 0)];
+}
+/** Regex fragment matching integers in [min, max] (enumerated for the small ranges CVEs use). */
+function numRange(min, max) {
+    if (max < min)
+        return "(?!)"; // never matches (empty range)
+    if (min === max)
+        return String(min);
+    if (max - min <= 40) {
+        const alts = [];
+        for (let n = min; n <= max; n++)
+            alts.push(String(n));
+        return "(?:" + alts.join("|") + ")";
+    }
+    return "\\d+"; // unexpected for a CVE range — fall back to any
+}
+/**
+ * Regex fragment matching a semver version string in [introduced, fixed).
+ * Handles the shapes CVE advisories use: single version, a patch range within a
+ * minor, a minor range within a major, and from-zero. Multi-major ranges get a
+ * best-effort pattern (flagged for review by the scaffold).
+ */
+export function versionRangeRegex(introduced, fixed) {
+    const [iM, im, ip] = parseVer(introduced);
+    const [fM, fm, fp] = parseVer(fixed);
+    const alts = [];
+    if (iM === fM) {
+        if (im === fm) {
+            // Same minor: patches ip .. fp-1
+            alts.push(`${iM}\\.${im}\\.${numRange(ip, fp - 1)}`);
+        }
+        else {
+            if (ip === 0) {
+                // Introduced minor starts at .0 → folds into the full-minor sweep im..fm-1
+                alts.push(`${iM}\\.${numRange(im, fm - 1)}\\.\\d+`);
+            }
+            else {
+                // ip > 0: approximate the introduced minor as full (reviewer tightens)
+                alts.push(`${iM}\\.${im}\\.\\d+`);
+                if (fm - 1 >= im + 1)
+                    alts.push(`${iM}\\.${numRange(im + 1, fm - 1)}\\.\\d+`);
+            }
+            if (fp > 0)
+                alts.push(`${iM}\\.${fm}\\.${numRange(0, fp - 1)}`);
+        }
+    }
+    else {
+        // Multi-major (rare): majors iM..fM-1 in full, then the start of the fixed major.
+        alts.push(`${numRange(iM, fM - 1)}\\.\\d+\\.\\d+`);
+        if (fm > 0)
+            alts.push(`${fM}\\.${numRange(0, fm - 1)}\\.\\d+`);
+        if (fp > 0)
+            alts.push(`${fM}\\.${fm}\\.${numRange(0, fp - 1)}`);
+    }
+    const parts = alts.filter(Boolean);
+    return parts.length === 1 ? parts[0] : "(?:" + parts.join("|") + ")";
+}
+/** Escape a package name for use inside a regex literal. */
+function escapePkg(pkg) {
+    return pkg.replace(/[.*+?^${}()|[\]\\/]/g, "\\$&");
+}
+/**
+ * Build a review-ready cve-versions.ts rule object + a matching test stub for an
+ * advisory. Returns source strings to paste (after review) — NOT auto-applied.
+ */
+export function scaffoldCveRule(a) {
+    const frag = versionRangeRegex(a.introduced, a.fixed);
+    const ids = [a.cve, a.ghsa].filter(Boolean).join(" / ");
+    const pattern = `/["']${escapePkg(a.pkg)}["']\\s*:\\s*["']=?${frag}["']/g`;
+    const safeSummary = a.summary.replace(/"/g, "'").replace(/\s+/g, " ").trim();
+    const rule = `  {
+    id: "${a.ruleId}",
+    name: "${a.pkg} vulnerability${ids ? ` (${ids})` : ""}",
+    severity: "${a.severity}",
+    owasp: "A06:2025 Vulnerable and Outdated Components",
+    description:
+      "${safeSummary} Affected: ${a.pkg} ${a.introduced}–<${a.fixed}; fixed in ${a.fixed}. REVIEW: confirm the affected range, and add ~/^ prefixes only where they don't resolve to the fix, before merging.",
+    pattern:
+      ${pattern},
+    languages: ["json"],
+    fix: "Upgrade ${a.pkg} to ${a.fixed}+: npm install ${a.pkg}@latest.",
+    compliance: ["SOC2:CC7.1"],
+  },`;
+    const test = `  describe("${a.ruleId} - ${a.pkg} (${ids})", () => {
+    it("detects affected ${a.pkg}", () => testRule("${a.ruleId}", '"${a.pkg}": "${a.introduced}"', true));
+    it("ignores fixed ${a.pkg}", () => testRule("${a.ruleId}", '"${a.pkg}": "${a.fixed}"', false));
+  });`;
+    return { rule, test };
+}

package/build/tools/scan-staged.d.ts

@@ -1,2 +1,4 @@
 import type { SecurityRule } from "../data/rules/types.js";
-export declare function scanStaged(cwd?: string, format?: "markdown" | "json", rules?: SecurityRule[]): string;
+export declare function scanStaged(cwd?: string, format?: "markdown" | "json", rules?: SecurityRule[], opts?: {
+    diffAware?: boolean;
+}): string;

package/build/tools/scan-staged.js

@@ -2,6 +2,7 @@ import { execFileSync } from "child_process";
 import { extname, basename } from "path";
 import { formatFindingsJson } from "./check-code.js";
 import { analyzeFileSecurity } from "./file-security.js";
+import { getAddedLinesStaged, filterToAddedLines } from "./diff-aware.js";
 import { securityBanner } from "../utils/banner.js";
 const EXTENSION_MAP = {
     ".js": "javascript", ".jsx": "javascript", ".mjs": "javascript", ".cjs": "javascript",
@@ -58,7 +59,10 @@ function detectLanguage(filePath) {
         return configLang;
     return null;
 }
-export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
+export function scanStaged(cwd = process.cwd(), format = "markdown", rules, opts = {}) {
+    // Diff-aware by default: the pre-commit gate blocks issues on lines you just
+    // staged, not pre-existing debt in files you happened to touch. --all-lines opts out.
+    const diffAware = opts.diffAware !== false;
     const stagedFiles = getStagedFiles(cwd);
     if (stagedFiles.length === 0) {
         return [
@@ -69,6 +73,7 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
     }
     const results = [];
     const skippedFiles = [];
+    let preExistingHidden = 0;
     for (const filePath of stagedFiles) {
         const language = detectLanguage(filePath);
         if (!language) {
@@ -80,7 +85,13 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
             skippedFiles.push(filePath);
             continue;
         }
-        const findings = analyzeFileSecurity(content, language, undefined, filePath, cwd, rules);
+        let findings = analyzeFileSecurity(content, language, undefined, filePath, cwd, rules);
+        if (diffAware) {
+            const added = getAddedLinesStaged(filePath, cwd);
+            const kept = filterToAddedLines(findings, added);
+            preExistingHidden += findings.length - kept.length;
+            findings = kept;
+        }
         if (findings.length > 0) {
             results.push({ path: filePath, findings });
         }
@@ -102,10 +113,14 @@ export function scanStaged(cwd = process.cwd(), format = "markdown", rules) {
         "# GuardVibe Pre-Commit Report",
         "",
         `Staged files scanned: ${scannedCount}`,
+        `Mode: ${diffAware ? "newly-staged lines only" : "all lines"}`,
         `Total issues: ${totalIssues}`,
         `Security Score: ${grade} (${score}/100)`,
         "",
     ];
+    if (diffAware && preExistingHidden > 0) {
+        lines.push(`> ${preExistingHidden} pre-existing finding(s) on unchanged lines hidden — re-run with \`--all-lines\` to see them.`, "");
+    }
     if (totalIssues > 0) {
         lines.push("## Summary", "", "| Severity | Count |", "|----------|-------|");
         if (totalCritical > 0)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "guardvibe",
-  "version": "3.8.0",
+  "version": "3.10.0",
   "mcpName": "io.github.goklab/guardvibe",
   "description": "Security infrastructure your AI can't be — deterministic, current past your model's training cutoff, whole-repo-aware, author-independent. Security MCP for vibe coding. 441 rules, 37 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis. 70 CVE rules refreshed daily from GHSA/OSV/CISA KEV — React Router 7 cluster, DOMPurify XSS, Better Auth bypass, Miasma @redhat-cloud-services compromise, Next.js May 2026 13-advisory cluster, Drizzle/MikroORM/Kysely SQL injection, Axios proxy-auth redirect leak, Hono setCookie attribute injection, Clerk SSRF, tRPC prototype pollution, @tanstack supply-chain, node-ipc protestware, OpenClaude sandbox bypass, plus the full AI-generated stack (Supabase, Stripe, Prisma, Hono, GraphQL, Convex, Turso, Uploadthing, AI SDK). 68 AI-native rules including OWASP MCP Top 10 tool-description prompt injection (VG1068), model-controlled sandbox-disable flag detection (VG1063), Session messenger exfil endpoint IOC (VG1075), and CI/CD supply-chain hardening (VG1070 npm --expect-provenance / --ignore-scripts enforcement).",
   "type": "module",