vibe-shield 1.0.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +51 -0
- package/dist/cli.js +14726 -255
- package/dist/hook.d.ts +7 -0
- package/dist/index.d.ts +2 -2
- package/dist/index.js +198 -32
- package/dist/mcp-server.d.ts +2 -0
- package/dist/mcp-server.js +14049 -0
- package/dist/prompter.d.ts +10 -2
- package/dist/scanner.d.ts +2 -2
- package/dist/types.d.ts +7 -0
- package/package.json +8 -4
package/README.md
CHANGED
|
@@ -38,6 +38,56 @@ Paste this output to Cursor or Claude Code and it will fix the issues for you.
|
|
|
38
38
|
|
|
39
39
|
Run `npx vibe-shield init` to create a `.cursorrules` file that reminds your AI agent to run security checks before completing tasks.
|
|
40
40
|
|
|
41
|
+
Or manually add this rule to your AI tool (Claude Code, Cursor, Antigravity, etc.):
|
|
42
|
+
|
|
43
|
+
```
|
|
44
|
+
# Vibe Shield Security Rules
|
|
45
|
+
|
|
46
|
+
Before marking a task as done, run `npx vibe-shield`. If issues are found, follow the [INSTRUCTION] provided in the output to fix them.
|
|
47
|
+
|
|
48
|
+
## Security Checklist
|
|
49
|
+
- [ ] No hardcoded secrets (API keys, passwords, tokens)
|
|
50
|
+
- [ ] No dangerous code execution (eval, shell injection)
|
|
51
|
+
- [ ] No SQL injection vulnerabilities (use parameterized queries)
|
|
52
|
+
- [ ] All secrets stored in environment variables
|
|
53
|
+
- [ ] HTTPS used for all external URLs
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
## Pre-commit hook
|
|
57
|
+
|
|
58
|
+
Block commits that have security issues:
|
|
59
|
+
|
|
60
|
+
```bash
|
|
61
|
+
npx vibe-shield hook # Install
|
|
62
|
+
npx vibe-shield hook --uninstall # Remove
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
The hook scans staged files before each commit. Bypass with `git commit --no-verify`.
|
|
66
|
+
|
|
67
|
+
## MCP Server
|
|
68
|
+
|
|
69
|
+
vibe-shield can run as an MCP server, allowing AI tools to call it directly.
|
|
70
|
+
|
|
71
|
+
Add to your MCP config (Claude Desktop, Cursor, Antigravity, etc.):
|
|
72
|
+
|
|
73
|
+
```json
|
|
74
|
+
{
|
|
75
|
+
"mcpServers": {
|
|
76
|
+
"vibe-shield": {
|
|
77
|
+
"command": "npx",
|
|
78
|
+
"args": ["vibe-shield", "mcp"]
|
|
79
|
+
}
|
|
80
|
+
}
|
|
81
|
+
}
|
|
82
|
+
```
|
|
83
|
+
|
|
84
|
+
Config file locations:
|
|
85
|
+
- **Claude Desktop**: `~/Library/Application Support/Claude/claude_desktop_config.json`
|
|
86
|
+
- **Cursor**: `.cursor/mcp.json` in your project
|
|
87
|
+
- **Antigravity**: `~/.gemini/antigravity/mcp_config.json`
|
|
88
|
+
|
|
89
|
+
After setup, your AI assistant can use the `vibe_shield_scan` tool to check for security issues.
|
|
90
|
+
|
|
41
91
|
## Development
|
|
42
92
|
|
|
43
93
|
```bash
|
|
@@ -49,3 +99,4 @@ bun run build
|
|
|
49
99
|
## License
|
|
50
100
|
|
|
51
101
|
MIT
|
|
102
|
+
|