ship-safe 5.0.1 → 6.1.0

package/cli/agents/index.js

@@ -23,6 +23,10 @@ export { MCPSecurityAgent } from './mcp-security-agent.js';
 export { AgenticSecurityAgent } from './agentic-security-agent.js';
 export { RAGSecurityAgent } from './rag-security-agent.js';
 export { PIIComplianceAgent } from './pii-compliance-agent.js';
+export { VibeCodingAgent } from './vibe-coding-agent.js';
+export { ExceptionHandlerAgent } from './exception-handler-agent.js';
+export { AgentConfigScanner } from './agent-config-scanner.js';
+export { ABOMGenerator } from './abom-generator.js';
 export { VerifierAgent } from './verifier-agent.js';
 export { DeepAnalyzer } from './deep-analyzer.js';
 export { ScoringEngine, GRADES, CATEGORIES } from './scoring-engine.js';
@@ -31,7 +35,7 @@ export { PolicyEngine } from './policy-engine.js';
 export { HTMLReporter } from './html-reporter.js';
 
 /**
- * Create a fully configured orchestrator with all 15 scanning agents.
+ * Create a fully configured orchestrator with all 16 scanning agents.
  * (VerifierAgent and DeepAnalyzer run as post-processors, not in the agent pool.)
  */
 import { Orchestrator as OrchestratorClass } from './orchestrator.js';
@@ -50,6 +54,9 @@ import { MCPSecurityAgent as MCPSecurityAgentClass } from './mcp-security-agent.
 import { AgenticSecurityAgent as AgenticSecurityAgentClass } from './agentic-security-agent.js';
 import { RAGSecurityAgent as RAGSecurityAgentClass } from './rag-security-agent.js';
 import { PIIComplianceAgent as PIIComplianceAgentClass } from './pii-compliance-agent.js';
+import { VibeCodingAgent as VibeCodingAgentClass } from './vibe-coding-agent.js';
+import { ExceptionHandlerAgent as ExceptionHandlerAgentClass } from './exception-handler-agent.js';
+import { AgentConfigScanner as AgentConfigScannerClass } from './agent-config-scanner.js';
 
 export function buildOrchestrator() {
   const orchestrator = new OrchestratorClass();
@@ -69,6 +76,9 @@ export function buildOrchestrator() {
     new AgenticSecurityAgentClass(),
     new RAGSecurityAgentClass(),
     new PIIComplianceAgentClass(),
+    new VibeCodingAgentClass(),
+    new ExceptionHandlerAgentClass(),
+    new AgentConfigScannerClass(),
   ]);
   return orchestrator;
 }

package/cli/agents/mcp-security-agent.js

@@ -16,7 +16,9 @@
  * Maps to: OWASP Agentic AI ASI02 (Tool Misuse), ASI03 (Privilege Abuse)
  */
 
+import fs from 'fs';
 import path from 'path';
+import os from 'os';
 import { BaseAgent } from './base-agent.js';
 
 // =============================================================================
@@ -230,8 +232,26 @@ const MCP_CONFIG_FILES = [
   'mcp-config.json',
   'claude_desktop_config.json',
   '.cursor/mcp.json',
+  '.vscode/mcp.json',
 ];
 
+// Well-known official MCP server packages
+const OFFICIAL_MCP_SERVERS = new Set([
+  '@modelcontextprotocol/server-filesystem',
+  '@modelcontextprotocol/server-github',
+  '@modelcontextprotocol/server-gitlab',
+  '@modelcontextprotocol/server-google-maps',
+  '@modelcontextprotocol/server-memory',
+  '@modelcontextprotocol/server-postgres',
+  '@modelcontextprotocol/server-puppeteer',
+  '@modelcontextprotocol/server-slack',
+  '@modelcontextprotocol/server-sqlite',
+  '@modelcontextprotocol/server-brave-search',
+  '@modelcontextprotocol/server-fetch',
+  '@modelcontextprotocol/server-everything',
+  '@modelcontextprotocol/server-sequential-thinking',
+]);
+
 // =============================================================================
 // MCP SECURITY AGENT
 // =============================================================================
@@ -281,6 +301,15 @@ export class MCPSecurityAgent extends BaseAgent {
       findings = findings.concat(this._checkServerAuth(file));
     }
 
+    // ── 4. Check MCP configs for typosquatting & over-permissioned servers ─
+    for (const file of configFiles) {
+      findings = findings.concat(this._checkMcpTyposquatting(file));
+      findings = findings.concat(this._checkOverPermissioned(file));
+    }
+
+    // ── 5. Detect shadow MCP configs (not in version control) ───────────
+    findings = findings.concat(this._detectShadowMcpConfigs(rootPath));
+
     return findings;
   }
 
@@ -353,6 +382,159 @@ export class MCPSecurityAgent extends BaseAgent {
 
     return findings;
   }
+
+  /**
+   * Detect possible typosquatted MCP server names in config.
+   */
+  _checkMcpTyposquatting(filePath) {
+    const content = this.readFile(filePath);
+    if (!content) return [];
+    const findings = [];
+
+    try {
+      const config = JSON.parse(content);
+      const servers = config.mcpServers || config.servers || {};
+
+      for (const [name, server] of Object.entries(servers)) {
+        const cmd = server.command || '';
+        const args = (server.args || []).join(' ');
+        const fullCmd = `${cmd} ${args}`;
+
+        // Check if server uses an npx package that looks like a typosquat of official ones
+        const npxMatch = fullCmd.match(/npx\s+(?:-[^\s]+\s+)*([^\s]+)/);
+        if (npxMatch) {
+          const pkg = npxMatch[1];
+          for (const official of OFFICIAL_MCP_SERVERS) {
+            const distance = this._levenshtein(pkg, official);
+            if (distance > 0 && distance <= 3 && pkg !== official) {
+              findings.push({
+                file: filePath, line: 1, column: 0,
+                severity: 'critical',
+                category: this.category,
+                rule: 'MCP_TYPOSQUAT_SERVER',
+                title: `MCP: Possible Typosquatted Server "${pkg}"`,
+                description: `MCP server package "${pkg}" is ${distance} char(s) from official "${official}". Could be a supply chain attack.`,
+                matched: pkg,
+                confidence: 'medium',
+                cwe: 'CWE-494',
+                owasp: 'A08:2021',
+                fix: `Verify this is the correct package. Did you mean "${official}"?`,
+              });
+            }
+          }
+        }
+      }
+    } catch { /* not valid JSON */ }
+
+    return findings;
+  }
+
+  /**
+   * Check for over-permissioned MCP servers (filesystem access to / or ~).
+   */
+  _checkOverPermissioned(filePath) {
+    const content = this.readFile(filePath);
+    if (!content) return [];
+    const findings = [];
+
+    try {
+      const config = JSON.parse(content);
+      const servers = config.mcpServers || config.servers || {};
+
+      for (const [name, server] of Object.entries(servers)) {
+        const args = server.args || [];
+        const argsStr = args.join(' ');
+
+        // Check for root/home filesystem access
+        if (/(?:^\/\s|['" ]\/['"]?\s|\/Users\/|\/home\/|\\Users\\|C:\\)/.test(argsStr)) {
+          const hasWideAccess = args.some(a =>
+            a === '/' || a === '~' || a === '%USERPROFILE%' ||
+            /^\/(?:Users|home)\/[^/]+$/.test(a) ||
+            /^[A-Z]:\\(?:Users\\)?[^\\]*$/.test(a)
+          );
+          if (hasWideAccess) {
+            findings.push({
+              file: filePath, line: 1, column: 0,
+              severity: 'high',
+              category: this.category,
+              rule: 'MCP_OVER_PERMISSIONED',
+              title: `MCP: Server "${name}" Has Broad Filesystem Access`,
+              description: `MCP server "${name}" has access to a wide directory scope. A prompt injection attack could read or modify sensitive files.`,
+              matched: argsStr.slice(0, 200),
+              confidence: 'high',
+              cwe: 'CWE-269',
+              owasp: 'A01:2021',
+              fix: 'Restrict filesystem access to the minimum required directory: e.g., the project folder only.',
+            });
+          }
+        }
+      }
+    } catch { /* not valid JSON */ }
+
+    return findings;
+  }
+
+  /**
+   * Detect shadow MCP configs that exist but aren't in .gitignore or git.
+   */
+  _detectShadowMcpConfigs(rootPath) {
+    const findings = [];
+    const home = os.homedir();
+
+    // Check common locations for MCP configs outside version control
+    const homeConfigs = [
+      path.join(home, '.cursor', 'mcp.json'),
+      path.join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json'),
+      path.join(home, 'AppData', 'Roaming', 'Claude', 'claude_desktop_config.json'),
+    ];
+
+    for (const configPath of homeConfigs) {
+      try {
+        if (fs.existsSync(configPath)) {
+          const content = fs.readFileSync(configPath, 'utf-8');
+          const config = JSON.parse(content);
+          const servers = config.mcpServers || config.servers || {};
+          const serverCount = Object.keys(servers).length;
+
+          if (serverCount > 0) {
+            findings.push({
+              file: configPath, line: 1, column: 0,
+              severity: 'medium',
+              category: this.category,
+              rule: 'MCP_SHADOW_CONFIG',
+              title: `MCP: ${serverCount} Shadow Server(s) in User Config`,
+              description: `Found ${serverCount} MCP server(s) configured outside the project in ${configPath}. These operate outside your project's security controls.`,
+              matched: Object.keys(servers).join(', '),
+              confidence: 'medium',
+              cwe: 'CWE-269',
+              owasp: 'A05:2021',
+              fix: 'Review shadow MCP servers. Move project-specific servers to the project mcp.json and track in version control.',
+            });
+          }
+        }
+      } catch { /* skip */ }
+    }
+
+    return findings;
+  }
+
+  /**
+   * Simple Levenshtein distance for typosquatting detection.
+   */
+  _levenshtein(a, b) {
+    const m = a.length, n = b.length;
+    const dp = Array.from({ length: m + 1 }, () => Array(n + 1).fill(0));
+    for (let i = 0; i <= m; i++) dp[i][0] = i;
+    for (let j = 0; j <= n; j++) dp[0][j] = j;
+    for (let i = 1; i <= m; i++) {
+      for (let j = 1; j <= n; j++) {
+        dp[i][j] = a[i-1] === b[j-1]
+          ? dp[i-1][j-1]
+          : 1 + Math.min(dp[i-1][j], dp[i][j-1], dp[i-1][j-1]);
+      }
+    }
+    return dp[m][n];
+  }
 }
 
 export default MCPSecurityAgent;

package/cli/agents/pii-compliance-agent.js

@@ -39,7 +39,7 @@ const PATTERNS = [
   {
     rule: 'PII_IN_LOGGER',
     title: 'Privacy: PII in Structured Logger',
-    regex: /(?:logger|log|winston|pino|bunyan|morgan)\.(?:info|warn|error|debug|log)\s*\([\s\S]{0,200}(?:email|password|ssn|creditCard|credit_card|phoneNumber|phone_number|dateOfBirth|date_of_birth)/g,
+    regex: /(?:logger|winston|pino|bunyan|morgan)\.(?:info|warn|error|debug|log)\s*\([\s\S]{0,200}(?:[\.\[\(]email\b|password|ssn|creditCard|credit_card|phoneNumber|phone_number|dateOfBirth|date_of_birth)/g,
     severity: 'high',
     cwe: 'CWE-532',
     owasp: 'A09:2021',
@@ -62,7 +62,7 @@ const PATTERNS = [
   {
     rule: 'PII_IN_ERROR_RESPONSE',
     title: 'Privacy: PII in Error Response to Client',
-    regex: /(?:res\.(?:json|send|status)|response\.(?:json|send)|jsonify)\s*\(\s*(?:\{[\s\S]{0,200}(?:email|password|ssn|creditCard|phone|user|customer|patient)[\s\S]{0,100}\}|err|error)/g,
+    regex: /(?:res\.(?:json|send|status)|response\.(?:json|send)|jsonify)\s*\(\s*(?:\{[\s\S]{0,200}(?:email|password|ssn|creditCard|credit_card|phoneNumber|phone_number|patient|dateOfBirth|date_of_birth)[\s\S]{0,100}\}|err(?:or)?\.(?:stack|message))/g,
     severity: 'high',
     cwe: 'CWE-209',
     owasp: 'A01:2021',
@@ -151,7 +151,7 @@ const PATTERNS = [
   {
     rule: 'PII_EMAIL_HARDCODED',
     title: 'Privacy: Real Email Address Hardcoded',
-    regex: /['"][a-zA-Z0-9._%+-]+@(?!example\.com|test\.com|placeholder|fake|dummy)[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}['"]/g,
+    regex: /['"][a-zA-Z0-9._%+-]+@(?!example\.com|example\.org|test\.com|test\.org|testing\.com|localhost|placeholder|fake|dummy|mailinator\.com|noreply|no-reply|sample\.com)[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}['"]/g,
     severity: 'medium',
     cwe: 'CWE-312',
     owasp: 'A02:2021',
@@ -199,7 +199,7 @@ const PATTERNS = [
   {
     rule: 'PII_GEOLOCATION_STORAGE',
     title: 'Privacy: Precise Geolocation Stored',
-    regex: /(?:latitude|longitude|lat|lng|geolocation|geoip|geo_location)[\s\S]{0,100}(?:save|store|insert|create|update|write|database|db|mongo|prisma|sequelize)/gi,
+    regex: /(?:latitude|longitude|\blat\b|\blng\b|geolocation|geoip|geo_location)[\s\S]{0,100}(?:save|store|insert|create|update|write|database|db|mongo|prisma|sequelize)/gi,
     severity: 'medium',
     cwe: 'CWE-359',
     owasp: 'A01:2021',

package/cli/agents/scoring-engine.js

@@ -11,27 +11,34 @@
 
 import fs from 'fs';
 import path from 'path';
+import { getComplianceSummary } from '../utils/compliance-map.js';
 
 // =============================================================================
 // SCORING CONFIGURATION
 // =============================================================================
 
+// Weights aligned with OWASP Top 10 2025:
+//   A01 Broken Access Control (auth: 15), A02 Security Misconfiguration (config: 8),
+//   A03 Software Supply Chain Failures (supply-chain: 12, deps: 13),
+//   A05 Injection (injection: 15), A07 Auth Failures (secrets: 15),
+//   A10 Mishandling of Exceptional Conditions (→ injection category)
+//   + API Security (10), AI/LLM Security (12) — weights sum to 100
 const CATEGORIES = {
   secrets:       { weight: 15, label: 'Secrets',                deductions: { critical: 25, high: 15, medium: 5 } },
   injection:     { weight: 15, label: 'Code Vulnerabilities',   deductions: { critical: 20, high: 10, medium: 3 } },
-  deps:          { weight: 15, label: 'Dependencies',           deductions: { critical: 20, high: 10, medium: 5, moderate: 5 } },
+  deps:          { weight: 13, label: 'Dependencies',           deductions: { critical: 20, high: 10, medium: 5, moderate: 5 } },
   auth:          { weight: 15, label: 'Auth & Access Control',  deductions: { critical: 20, high: 10, medium: 3 } },
-  config:        { weight: 10, label: 'Configuration',          deductions: { critical: 15, high: 8,  medium: 3 } },
-  'supply-chain':{ weight: 10, label: 'Supply Chain',           deductions: { critical: 15, high: 8,  medium: 3 } },
+  config:        { weight: 8,  label: 'Configuration',          deductions: { critical: 15, high: 8,  medium: 3 } },
+  'supply-chain':{ weight: 12, label: 'Supply Chain',           deductions: { critical: 15, high: 8,  medium: 3 } },
   api:           { weight: 10, label: 'API Security',           deductions: { critical: 15, high: 8,  medium: 3 } },
-  llm:           { weight: 10, label: 'AI/LLM Security',       deductions: { critical: 15, high: 8,  medium: 3 } },
+  llm:           { weight: 12, label: 'AI/LLM Security',       deductions: { critical: 15, high: 8,  medium: 3 } },
 };
 
 // Fallback categories for findings that don't match a known category
 const FALLBACK_CATEGORY_MAP = {
   'secret': 'secrets',
   'vulnerability': 'injection',
-  'ssrf': 'injection',
+  'ssrf': 'injection',        // OWASP 2025: SSRF merged into A01 Broken Access Control
   'history': 'secrets',
   'cicd': 'config',
   'mobile': 'injection',
@@ -39,7 +46,10 @@ const FALLBACK_CATEGORY_MAP = {
   'mcp': 'llm',
   'agentic': 'llm',
   'rag': 'llm',
-  'recon': null, // skip recon findings
+  'vibe': 'injection',        // Vibe coding findings → Code Vulnerabilities
+  'exception': 'injection',   // OWASP A10:2025 — Mishandling of Exceptional Conditions
+  'agent-config': 'llm',      // Agent config security → AI/LLM category
+  'recon': null,               // skip recon findings
 };
 
 const GRADES = [
@@ -128,12 +138,21 @@ export class ScoringEngine {
     const score = Math.max(0, 100 - totalDeduction);
     const grade = GRADES.find(g => score >= g.min);
 
+    // ── Compliance mapping ─────────────────────────────────────────────────
+    let compliance;
+    try {
+      compliance = getComplianceSummary(findings);
+    } catch {
+      compliance = null;
+    }
+
     return {
       score,
       grade,
       categories: categoryResults,
       totalFindings: findings.length,
       totalDepVulns: depVulns.length,
+      compliance,
     };
   }
 

package/cli/agents/vibe-coding-agent.js

@@ -0,0 +1,250 @@
+/**
+ * Vibe Coding Security Agent
+ * ============================
+ *
+ * Detects security vulnerabilities commonly introduced by
+ * AI-generated code (Cursor, Copilot, Claude Code, etc.).
+ *
+ * 45% of AI-generated code contains security vulnerabilities.
+ * This agent targets the most frequent patterns:
+ *
+ *   - Placeholder credentials left in code
+ *   - Missing input validation on AI-generated routes
+ *   - Overly permissive defaults (CORS *, DEBUG=True)
+ *   - Unprotected API endpoints (no auth middleware)
+ *   - TODO/FIXME security markers left behind
+ *   - Hardcoded localhost/development URLs in production code
+ *   - Incomplete error handling (empty catch blocks)
+ *   - AI-generated boilerplate with known insecure patterns
+ *
+ * Maps to: OWASP A01 (Broken Access Control), A05 (Security Misconfiguration)
+ */
+
+import path from 'path';
+import { BaseAgent, createFinding } from './base-agent.js';
+
+// =============================================================================
+// VIBE CODING PATTERNS
+// =============================================================================
+
+const PATTERNS = [
+  // ── Placeholder Credentials ───────────────────────────────────────────────
+  {
+    rule: 'VIBE_PLACEHOLDER_KEY',
+    title: 'Vibe Code: Placeholder API Key Left in Code',
+    regex: /(?:api[_-]?key|apikey|secret|token|password)\s*[:=]\s*['"](?:your[_-]?(?:api[_-]?)?key[_-]?here|sk[_-](?:test|live)[_-]x{5,}|xxx+|insert[_-]?(?:your[_-]?)?(?:key|token|secret)[_-]?here|change[_-]?me|replace[_-]?(?:this|me)|put[_-]?your[_-]?(?:key|token))['"]/gi,
+    severity: 'critical',
+    cwe: 'CWE-798',
+    owasp: 'A07:2021',
+    description: 'AI-generated placeholder credential left in code. These are commonly generated by Copilot/Cursor and forgotten before deploy.',
+    fix: 'Replace with environment variable: process.env.API_KEY or os.environ["API_KEY"]',
+  },
+  {
+    rule: 'VIBE_PLACEHOLDER_URL',
+    title: 'Vibe Code: Placeholder URL Left in Code',
+    regex: /['"]https?:\/\/(?:your[_-]?(?:domain|api|server|backend)|example\.com\/api|api\.example|placeholder)[^'"]*['"]/gi,
+    severity: 'medium',
+    cwe: 'CWE-1188',
+    owasp: 'A05:2021',
+    confidence: 'medium',
+    description: 'AI-generated placeholder URL left in code. May cause requests to fail or leak data to unintended endpoints.',
+    fix: 'Replace with environment variable for the API URL',
+  },
+
+  // ── Security TODO/FIXME Markers ───────────────────────────────────────────
+  {
+    rule: 'VIBE_TODO_AUTH',
+    title: 'Vibe Code: TODO — Add Authentication',
+    regex: /\/\/\s*(?:TODO|FIXME|HACK|XXX)\s*:?\s*(?:add|implement|fix|enable|require)\s+(?:auth(?:entication|orization)?|login|session|jwt|token|middleware|permission|rbac|access.?control)/gi,
+    severity: 'high',
+    cwe: 'CWE-306',
+    owasp: 'A01:2021',
+    description: 'Code has a TODO marker to add authentication/authorization. AI-generated code often ships without auth.',
+    fix: 'Implement authentication before deploying. This TODO indicates a known security gap.',
+  },
+  {
+    rule: 'VIBE_TODO_VALIDATION',
+    title: 'Vibe Code: TODO — Add Input Validation',
+    regex: /\/\/\s*(?:TODO|FIXME|HACK|XXX)\s*:?\s*(?:add|implement|fix|enable)\s+(?:valid(?:ation|ate)|sanitiz(?:e|ation)|escap(?:e|ing)|input.?check|type.?check)/gi,
+    severity: 'high',
+    cwe: 'CWE-20',
+    owasp: 'A03:2021',
+    description: 'Code has a TODO marker to add input validation. AI-generated endpoints frequently skip validation.',
+    fix: 'Implement input validation before deploying. Unvalidated input leads to injection attacks.',
+  },
+  {
+    rule: 'VIBE_TODO_SECURITY',
+    title: 'Vibe Code: TODO — Security Fix Needed',
+    regex: /\/\/\s*(?:TODO|FIXME|HACK|XXX)\s*:?\s*(?:add|implement|fix|enable|remove)\s+(?:security|encrypt(?:ion)?|hash(?:ing)?|rate.?limit|csrf|xss|cors|https|ssl|tls|firewall)/gi,
+    severity: 'high',
+    cwe: 'CWE-693',
+    owasp: 'A05:2021',
+    description: 'Security-related TODO left in code. This marks a known vulnerability the developer intended to fix.',
+    fix: 'Address this security TODO before deploying to production.',
+  },
+
+  // ── Missing Auth on Routes ────────────────────────────────────────────────
+  {
+    rule: 'VIBE_UNPROTECTED_DELETE',
+    title: 'Vibe Code: DELETE Endpoint Without Auth Check',
+    regex: /(?:app|router)\.(?:delete)\s*\(\s*['"][^'"]+['"]\s*,\s*(?:async\s+)?\(?(?:req|request|ctx)\b/g,
+    severity: 'high',
+    cwe: 'CWE-306',
+    owasp: 'A01:2021',
+    confidence: 'medium',
+    description: 'DELETE endpoint defined without visible auth middleware. AI often generates CRUD routes without access control.',
+    fix: 'Add authentication middleware: router.delete("/resource/:id", authMiddleware, handler)',
+  },
+  {
+    rule: 'VIBE_UNPROTECTED_ADMIN',
+    title: 'Vibe Code: Admin Route Without Auth Middleware',
+    regex: /(?:app|router)\.(?:get|post|put|patch|delete)\s*\(\s*['"]\/admin[^'"]*['"]\s*,\s*(?:async\s+)?\(?(?:req|request|ctx)\b/g,
+    severity: 'critical',
+    cwe: 'CWE-306',
+    owasp: 'A01:2021',
+    confidence: 'medium',
+    description: 'Admin route defined without visible auth middleware. AI-generated admin panels often lack access control.',
+    fix: 'Add auth + admin role check: router.get("/admin", authMiddleware, requireAdmin, handler)',
+  },
+
+  // ── Insecure Defaults ─────────────────────────────────────────────────────
+  {
+    rule: 'VIBE_WILDCARD_CORS',
+    title: 'Vibe Code: CORS Allow All Origins',
+    regex: /cors\s*\(\s*\{?\s*(?:origin\s*:\s*(?:true|['"]?\*['"]?)|(?:origin\s*:\s*\[?\s*['"]?\*['"]?))/g,
+    severity: 'high',
+    cwe: 'CWE-942',
+    owasp: 'A05:2021',
+    description: 'CORS configured to allow all origins. AI tools frequently generate cors({ origin: "*" }) or cors({ origin: true }) as defaults.',
+    fix: 'Restrict to specific origins: cors({ origin: ["https://yourdomain.com"] })',
+  },
+  {
+    rule: 'VIBE_DEBUG_PRODUCTION',
+    title: 'Vibe Code: Debug Mode Enabled',
+    regex: /(?:DEBUG|debug)\s*[:=]\s*(?:true|True|1|['"]true['"])\s*(?:,|\n|$|;)/g,
+    severity: 'high',
+    cwe: 'CWE-489',
+    owasp: 'A05:2021',
+    confidence: 'medium',
+    description: 'Debug mode is enabled. AI-generated configs often leave DEBUG=True from development.',
+    fix: 'Set DEBUG=False for production. Use environment variable: DEBUG=os.environ.get("DEBUG", "False")',
+  },
+  // TLS disabled detection is handled by AuthBypassAgent (NODE_TLS_REJECT_UNAUTHORIZED)
+  // and ConfigAuditor — not duplicated here to avoid false positives on regex definitions.
+
+  // ── Hardcoded Development URLs ────────────────────────────────────────────
+  {
+    rule: 'VIBE_HARDCODED_LOCALHOST',
+    title: 'Vibe Code: Hardcoded localhost URL in Production Code',
+    regex: /(?:fetch|axios|http|request|api|endpoint|baseURL|base_url|API_URL|BACKEND_URL)\s*[:=(]\s*['"]https?:\/\/(?:localhost|127\.0\.0\.1|0\.0\.0\.0):\d+[^'"]*['"]/gi,
+    severity: 'medium',
+    cwe: 'CWE-1188',
+    owasp: 'A05:2021',
+    confidence: 'medium',
+    description: 'Hardcoded localhost URL found. AI-generated code often hardcodes development URLs that break in production.',
+    fix: 'Use environment variable: process.env.API_URL || "http://localhost:3000"',
+  },
+
+  // Empty catch blocks and except: pass are handled by ExceptionHandlerAgent (OWASP A10:2025)
+
+  // ── AI-Generated Insecure Patterns ────────────────────────────────────────
+  {
+    rule: 'VIBE_EVAL_INPUT',
+    title: 'Vibe Code: eval() with Variable Input',
+    regex: /\beval\s*\(\s*(?:req\.|request\.|body\.|params\.|query\.|input|data|payload|args|user)/g,
+    severity: 'critical',
+    cwe: 'CWE-95',
+    owasp: 'A03:2021',
+    description: 'eval() called with user-controlled input. AI sometimes generates eval() for "dynamic" functionality.',
+    fix: 'Never use eval() with user input. Use a safe parser or allowlist of operations.',
+  },
+  {
+    rule: 'VIBE_INNER_HTML',
+    title: 'Vibe Code: innerHTML with Variable',
+    regex: /\.innerHTML\s*=\s*(?!['"]<)[^;]+(?:req|request|input|data|user|response|result|body|params|query|payload)/g,
+    severity: 'high',
+    cwe: 'CWE-79',
+    owasp: 'A03:2021',
+    description: 'innerHTML set with dynamic content. AI-generated frontend code often skips XSS sanitization.',
+    fix: 'Use textContent for plain text, or sanitize with DOMPurify: el.innerHTML = DOMPurify.sanitize(html)',
+  },
+  {
+    rule: 'VIBE_NO_PARAMETERIZED_QUERY',
+    title: 'Vibe Code: String Concatenation in SQL',
+    regex: /(?:query|execute|raw|exec)\s*\(\s*(?:`[^`]*\$\{|['"][^'"]*['"]\s*\+\s*(?:req|request|body|params|query|input|user|data))/g,
+    severity: 'critical',
+    cwe: 'CWE-89',
+    owasp: 'A03:2021',
+    description: 'SQL query built with string concatenation/interpolation. AI-generated database code frequently lacks parameterization.',
+    fix: 'Use parameterized queries: db.query("SELECT * FROM users WHERE id = $1", [userId])',
+  },
+
+  // ── Missing Rate Limiting ─────────────────────────────────────────────────
+  {
+    rule: 'VIBE_NO_RATE_LIMIT',
+    title: 'Vibe Code: Auth Endpoint Without Rate Limiting',
+    regex: /(?:app|router)\.post\s*\(\s*['"]\/(?:login|signin|sign-in|register|signup|sign-up|forgot-password|reset-password|auth\/login)['"]\s*,\s*(?:async\s+)?\(?(?:req|request|ctx)\b/g,
+    severity: 'high',
+    cwe: 'CWE-307',
+    owasp: 'A07:2021',
+    confidence: 'medium',
+    description: 'Authentication endpoint without visible rate limiting. AI-generated auth routes rarely include brute-force protection.',
+    fix: 'Add rate limiting: app.post("/login", rateLimit({ windowMs: 15*60*1000, max: 5 }), handler)',
+  },
+
+  // ── Insecure File Operations ──────────────────────────────────────────────
+  {
+    rule: 'VIBE_PATH_TRAVERSAL',
+    title: 'Vibe Code: User Input in File Path',
+    regex: /(?:readFile|writeFile|createReadStream|createWriteStream|open|access)\s*\(\s*(?:req\.|request\.|body\.|params\.|query\.|`[^`]*\$\{(?:req|request|params|query|body))/g,
+    severity: 'critical',
+    cwe: 'CWE-22',
+    owasp: 'A01:2021',
+    description: 'File operation uses user-controlled input without path validation. AI-generated file serving code often allows path traversal.',
+    fix: 'Validate and sanitize the path: path.resolve(baseDir, path.basename(userInput))',
+  },
+
+  // ── Exposed Secrets in Client Code ────────────────────────────────────────
+  {
+    rule: 'VIBE_SECRET_IN_FRONTEND',
+    title: 'Vibe Code: Secret Key in Frontend/Client Code',
+    regex: /(?:NEXT_PUBLIC_|REACT_APP_|VITE_|NUXT_PUBLIC_|EXPO_PUBLIC_)(?:SECRET|PRIVATE|API_SECRET|DATABASE_URL|DB_PASSWORD|JWT_SECRET|STRIPE_SECRET)/gi,
+    severity: 'critical',
+    cwe: 'CWE-200',
+    owasp: 'A01:2021',
+    description: 'Secret exposed via public environment variable prefix. AI tools often use NEXT_PUBLIC_/REACT_APP_ for all env vars.',
+    fix: 'Remove the public prefix. Server-side secrets must NOT use NEXT_PUBLIC_, REACT_APP_, or VITE_ prefixes.',
+  },
+];
+
+// =============================================================================
+// VIBE CODING AGENT CLASS
+// =============================================================================
+
+export class VibeCodingAgent extends BaseAgent {
+  constructor() {
+    super(
+      'VibeCodingAgent',
+      'Detects security vulnerabilities commonly introduced by AI-generated code',
+      'injection', // maps to Code Vulnerabilities in scoring
+    );
+  }
+
+  async analyze(context) {
+    const files = this.getFilesToScan(context);
+    const findings = [];
+
+    for (const file of files) {
+      const ext = path.extname(file).toLowerCase();
+      // Only scan source code files
+      if (!['.js', '.jsx', '.ts', '.tsx', '.mjs', '.cjs',
+            '.py', '.rb', '.go', '.java', '.rs', '.php',
+            '.vue', '.svelte', '.astro'].includes(ext)) continue;
+
+      const results = this.scanFileWithPatterns(file, PATTERNS);
+      findings.push(...results);
+    }
+
+    return findings;
+  }
+}