{"id":47730446,"url":"https://github.com/goklab/guardvibe","last_synced_at":"2026-06-07T07:00:50.269Z","repository":{"id":348078962,"uuid":"1196217050","full_name":"goklab/guardvibe","owner":"goklab","description":"Security MCP for vibe coding. 429 rules, 36 tools, CLI + doctor. Host security, auth coverage mapping, LLM-powered deep scan (IDOR/business logic), taint analysis, and CVE/supply-chain IOC detection for Next.js, Supabase, Clerk, Stripe, Prisma, Drizzle, Hono, GraphQL, AI SDK, MCP, and the AI-native stack.","archived":false,"fork":false,"pushed_at":"2026-06-06T10:35:05.000Z","size":1467,"stargazers_count":1,"open_issues_count":7,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-06T11:05:52.001Z","etag":null,"topics":["ai-security","claude","clerk","cursor","cve","drizzle","hono","mcp","mcp-server","nextjs","owasp","prisma","prompt-injection","sast","security","stripe","supabase","typescript","vercel","vibe-coding"],"latest_commit_sha":null,"homepage":"https://guardvibe.dev","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/goklab.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":"NOTICE","maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-03-30T13:38:50.000Z","updated_at":"2026-06-06T10:35:08.000Z","dependencies_parsed_at":"2026-06-06T11:02:15.258Z","dependency_job_id":null,"html_url":"https://github.com/goklab/guardvibe","commit_stats":null,"previous_names":["goklab/guardvibe"],"tags_count":142,"template":false,"template_full_name":null,"purl":"pkg:github/goklab/guardvibe","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goklab%2Fguardvibe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goklab%2Fguardvibe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goklab%2Fguardvibe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goklab%2Fguardvibe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/goklab","download_url":"https://codeload.github.com/goklab/guardvibe/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/goklab%2Fguardvibe/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34011812,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-07T02:00:07.652Z","response_time":124,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-security","claude","clerk","cursor","cve","drizzle","hono","mcp","mcp-server","nextjs","owasp","prisma","prompt-injection","sast","security","stripe","supabase","typescript","vercel","vibe-coding"],"created_at":"2026-04-02T21:26:07.790Z","updated_at":"2026-06-07T07:00:50.262Z","avatar_url":"https://github.com/goklab.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GuardVibe\n\n[![npm version](https://img.shields.io/npm/v/guardvibe)](https://www.npmjs.com/package/guardvibe)\n[![License: Apache-2.0](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)\n[![Node.js CI](https://github.com/goklab/guardvibe/actions/workflows/ci.yml/badge.svg)](https://github.com/goklab/guardvibe/actions/workflows/ci.yml)\n[![npm provenance](https://img.shields.io/badge/provenance-verified-brightgreen)](https://www.npmjs.com/package/guardvibe)\n[![codecov](https://codecov.io/gh/goklab/guardvibe/graph/badge.svg)](https://codecov.io/gh/goklab/guardvibe)\n\n**The security MCP built for vibe coding.** 433 security rules, 36 tools covering the entire AI-generated code journey — from first line to production deployment.\n\nWorks with **Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf**, and any MCP-compatible coding agent.\n\n## Why GuardVibe\n\nMost security tools are built for enterprise security teams. GuardVibe is built for **you** — the developer using AI to build and ship web apps fast.\n\n- **433 security rules, 36 tools** purpose-built for the stacks AI agents generate\n- **Zero setup friction** — `npx guardvibe` and you're scanning\n- **No account required** — runs 100% locally, no API keys, no cloud\n- **Understands your stack** — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use\n- **CVE version intelligence** — detects 67 known vulnerable package versions in package.json, refreshed every day from GHSA / OSV.dev / CISA KEV\n- **AI agent \u0026 MCP security** — detects MCP server vulnerabilities, tool-description prompt injection (OWASP MCP Top 10), model-controlled sandbox-disable flags, excessive AI permissions, indirect prompt injection\n- **Auto-fix suggestions** — `fix_code` tool returns concrete patches and structured edits the AI agent can apply mechanically. Coverage: hardcoded credentials → env-var migration; public-prefix LLM keys (`NEXT_PUBLIC_/VITE_/EXPO_PUBLIC_/REACT_APP_`) → prefix removal; CORS wildcards → env allowlist; `dangerouslyAllowBrowser` flags → drop; sandbox bypass flags (`unsafe`/`noSandbox`/`allowEval`) → drop; agent loops → add `maxSteps`; raw-HTML React props → `\u003cReactMarkdown\u003e`; missing auth checks → insert auth guard; SQL injection → parameterized queries; missing rate limiters / CSRF / security headers → snippet templates.\n- **Pre-commit hook** — block insecure code before it reaches your repo\n- **CI/CD ready** — GitHub Actions workflow with SARIF upload to Security tab\n- **Agent-friendly output** — JSON format for AI agents, Markdown for humans, SARIF for CI/CD\n- **Plugin system** — extend with community or premium rule packs\n\n## New in v3.1.x\n\n- **Daily threat-intel pipeline** — rule set tracks GHSA / OSV.dev / CISA KEV every day. Latest shipments (v3.1.24 → v3.1.26) added `VG1069` node-ipc protestware detection, `VG1070` CI `npm` provenance / `--ignore-scripts` hardening, `VG1071` axios proxy-auth redirect credential leak, `VG1072` hono `setCookie` attribute injection, `VG1073` drizzle `sql.raw` interpolation, `VG1074` Miasma `@redhat-cloud-services` namespace compromise IOC (RHSB-2026-006), and `VG1075` Session messenger exfil endpoint IOC (`filev2.getsession.org`). The hono override floor is pinned to `^4.12.21`. Earlier in the v3.1.2x line: Next.js May 2026 13-advisory cluster, Drizzle ORM SQL identifier injection (CVE-2026-39356), Clerk `clerkFrontendApiProxy` SSRF (CVE-2026-34076), tRPC `experimental_nextAppDirCaller` prototype pollution (CVE-2025-68130), MikroORM SQL injection, angular-expressions filter RCE, `@tanstack/*` Mini Shai-Hulud supply-chain attack, Kysely JSON-path traversal, `@nyariv/sandboxjs` sandbox escape, OpenClaude `dangerouslyDisableSandbox` model-controlled flag, Strapi content-type builder SQL injection, LangSmith untrusted prompt-manifest deserialization, and more\n- **OWASP MCP Top 10 alignment** — `VG1068` flags MCP / AI tool definitions whose `description`, `instructions`, or `systemPrompt` fields carry prompt-injection markers (`ignore previous instructions`, `you are now`, `jailbreak mode`, `system prompt:`, `override safety`, …); pair with `VG1063` which catches `dangerouslyDisableSandbox: true` in agent runtimes\n- **Inline suppress** — `// guardvibe-ignore VG001` silences individual findings per-line\n- **CLI-first approach** — `npx guardvibe audit`, `npx guardvibe scan`, `npx guardvibe doctor` all work standalone without MCP\n- **Embedded remediation plan** — `remediation_plan` generates a section-by-section fix checklist after every audit\n- **Score reflects all sections** — security score now factors code, dependencies, config, secrets, auth coverage, and taint analysis\n- **Gitignored secrets excluded** — files matched by `.gitignore` are automatically skipped during secret scanning\n- **Taint sanitizer recognition** — dataflow analysis recognizes common sanitizers (DOMPurify, escape functions, parameterized queries) and stops propagation\n\n## How GuardVibe Compares\n\nGuardVibe is purpose-built for the AI coding workflow. Traditional tools are excellent for enterprise CI/CD pipelines — GuardVibe fills a different gap.\n\n| Capability | GuardVibe | Traditional SAST | Dependency Scanners |\n|-----------|-----------|-----------------|-------------------|\n| Runs inside AI agents (MCP) | Native | Not supported | Not supported |\n| Zero config setup | `npx guardvibe` | Account + config required | Built-in (limited) |\n| Vibecoding stack rules (Next.js, Supabase, Clerk, tRPC, Hono) | 100+ dedicated | Generic patterns | Not applicable |\n| AI/LLM security (prompt injection, MCP, tool abuse) | 68 rules | Experimental/None | None |\n| AI host security (CVE-2025-59536, CVE-2026-21852) | `guardvibe doctor` | Not supported | Not supported |\n| Auto-fix suggestions for AI agents | `fix_code` tool | CLI autofix | Not supported |\n| CVE version detection | 67 packages, refreshed daily | Extensive | Extensive |\n| Compliance mapping (SOC2, PCI-DSS, HIPAA) | Built-in | Paid tier | None |\n| SARIF CI/CD export | Yes | Yes | Limited |\n| Rule count | 433 (focused, 68 AI-native) | 5000+ (broad) | N/A |\n\n**When to use GuardVibe:** You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.\n\n**When to use traditional tools:** You need deep AST analysis, enterprise dashboards, org-wide policy enforcement, or coverage across hundreds of languages.\n\n## Quick Start\n\n### Claude Code\n\n```bash\nnpx guardvibe init claude\n```\n\nCreates `.mcp.json` MCP config (pinned to current version), `.claude/settings.json` auto-scan hooks, and `CLAUDE.md` security rules. Restart Claude Code after setup.\n\n### Cursor\n\n```bash\nnpx guardvibe init cursor\n```\n\nCreates `.cursor/mcp.json` and `.cursorrules` with security rules. Restart Cursor after setup.\n\n### Gemini CLI\n\n```bash\nnpx guardvibe init gemini\n```\n\nCreates `~/.gemini/settings.json` MCP config and `GEMINI.md` security rules.\n\n### Codex (OpenAI)\n\n```bash\ncodex mcp add guardvibe -- npx -y guardvibe\n```\n\n### VS Code (GitHub Copilot)\n\nCreate `.vscode/mcp.json` in your project:\n\n```json\n{\n  \"servers\": {\n    \"guardvibe\": {\n      \"command\": \"npx\",\n      \"args\": [\"-y\", \"guardvibe\"]\n    }\n  }\n}\n```\n\n\u003e **Note:** VS Code uses `\"servers\"`, not `\"mcpServers\"`.\n\n### Windsurf\n\nAdd to `~/.codeium/windsurf/mcp_config.json`:\n\n```json\n{\n  \"mcpServers\": {\n    \"guardvibe\": {\n      \"command\": \"npx\",\n      \"args\": [\"-y\", \"guardvibe\"]\n    }\n  }\n}\n```\n\n### All platforms at once\n\n```bash\nnpx guardvibe init all       # Claude + Cursor + Gemini\n```\n\n### Pre-commit hook\n\n```bash\nnpx guardvibe hook install   # Blocks commits with critical/high findings\nnpx guardvibe hook uninstall # Remove hook\n```\n\n### CI/CD (GitHub Actions)\n\n```bash\nnpx guardvibe ci github      # Generates .github/workflows/guardvibe.yml\n```\n\n## What GuardVibe Scans\n\n### Application Code\nNext.js App Router, Server Actions, Server Components, React, Express, Hono, tRPC, GraphQL, FastAPI, Go\n\n### Authentication \u0026 Authorization\nClerk, Auth.js (NextAuth), Supabase Auth, OAuth/OIDC (state parameter, PKCE) — middleware checks, secret exposure, session handling, SSR cookie auth, admin method protection\n\n### Database \u0026 ORM\nSupabase (RLS, anon vs service role), Prisma (raw query injection, CVEs), Drizzle (SQL injection — including CVE-2026-39356 identifier-injection), MikroORM (CVE-2026-44680 runtime-identifier injection), Kysely (CVE-2026-44635 JSON-path traversal), Turso/LibSQL (client exposure, SQL injection), Convex (auth bypass, internal function exposure)\n\n### Payments\nStripe (webhook signatures, replay protection, secret keys), Polar.sh, LemonSqueezy\n\n### Third-Party Services\nResend (email HTML injection), Upstash Redis, Pinecone, PostHog, Google Analytics (PII tracking), Uploadthing (auth, file type/size)\n\n### AI / LLM Security\nPrompt injection detection, LLM output sinks, system prompt leaks, MCP server SSRF/path traversal/command injection, **MCP tool description prompt-injection markers (OWASP MCP Top 10 alignment, VG1068)**, **model-controlled sandbox-disable flags (`dangerouslyDisableSandbox`, VG1063)**, AI agent unrestricted shell/database access, `dangerouslyAllowBrowser`, missing `maxTokens`, agent loop without `maxSteps`, AI API key client exposure, indirect prompt injection via external data, RAG/vector poisoning, public-prefix LLM key leaks (`NEXT_PUBLIC_*`, `VITE_*`, `EXPO_PUBLIC_*`)\n\n### AI Host Security\n`guardvibe doctor` — unified host hardening scanner detecting CVE-2025-59536 (hook injection via `.claude/settings.json`), CVE-2026-21852 (API key exfiltration via `ANTHROPIC_BASE_URL` override), MCP config audit, environment scanner, permission analysis. Supports Claude, Cursor, VS Code, Gemini, Windsurf. Host-specific remediation with platform-tailored fix steps.\n\n### OWASP API Security\nBOLA/IDOR (Broken Object Level Authorization), mass assignment (spread request body, Object.assign), missing pagination, rate limiting, admin endpoint authorization, verbose error leaks\n\n### Modern Stack\nZod `.passthrough()` mass assignment, `z.any()` bypass, file upload validation, `server-only` import guard, webhook replay protection, CSP headers, `unsafe-inline`/`unsafe-eval` detection, cron endpoint auth\n\n### Mobile\nReact Native, Expo — AsyncStorage secrets, deep link token exposure, hardcoded API URLs, ATS configuration\n\n### Firebase\nFirestore security rules, Firebase Admin SDK exposure, storage rules, custom token validation\n\n### CVE Version Intelligence (67 CVEs, refreshed daily)\n**Frameworks:** Next.js (CVE-2024-34351, CVE-2024-46982, CVE-2025-29927, CVE-2026-23869, CVE-2026-44573 / 44574 / 44575 / 44578 / 44579 / 45109 May 2026 cluster), React + react-server-dom-* (CVE-2025-55182, CVE-2026-23870), Express, Hono pre-4.12.18 cluster, @vitejs/plugin-rsc, Strapi content-type-builder (CVE-2026-22599)\n**Auth:** Clerk middleware bypass (GHSA-vqx2), Clerk `has()` org/billing/reverification bypass (GHSA-w24r), Clerk `clerkFrontendApiProxy` SSRF (CVE-2026-34076), NextAuth.js (2 CVEs), jsonwebtoken\n**ORMs / SQL:** Drizzle SQL identifier injection (CVE-2026-39356) + Drizzle `sql.raw` interpolation (VG1073), MikroORM SQL injection (CVE-2026-44680), Prisma raw-query call-form, Kysely JSON-path traversal (CVE-2026-44635)\n**AI ecosystem:** @anthropic-ai/sdk (CVE-2026-34451 + memory tool path escape), Vercel AI SDK file-type bypass (CVE-2025-48985), LangSmith untrusted prompt manifest (CVE-2026-45134), OpenClaude sandbox bypass (CVE-2026-42074), @nyariv/sandboxjs Function.caller escape (CVE-2026-43898)\n**HTTP / parsing:** Axios pre-1.15.2 cluster (SSRF + prototype-pollution + DoS + CRLF) + axios proxy-auth redirect leak (VG1071), Hono `setCookie` attribute injection (VG1072, override pinned `^4.12.21`), fast-uri path traversal + host confusion (CVE-2026-6321 / 6322), fast-xml-parser CDATA injection, xmldom CDATA, protobuf.js multi-CVE cluster, undici (2 CVEs), ws\n**Tools / supply chain:** node-ipc protestware (VG1069), Miasma `@redhat-cloud-services` namespace compromise IOC (VG1074), Session messenger exfil endpoint IOC (VG1075), @tanstack/* Mini Shai-Hulud (84 malicious versions, May 2026), @wdio/browserstack-service command injection (CVE-2026-25244), @babel/plugin-transform-modules-systemjs arbitrary code (CVE-2026-44728), @opentelemetry exporter-prometheus DoS (CVE-2026-44902), systeminformation Linux cmd injection (CVE-2026-44724), velocityjs prototype pollution, defu, sharp, lodash, node-fetch, tar, xml2js, crypto-js, angular-expressions RCE, i18next-http-backend, vm2 sandbox breakouts\n\n### Deployment \u0026 Config\nVercel (vercel.json, cron secrets, headers), Next.js config, Docker, Docker Compose, Fly.io, Render, Netlify, Cloudflare\n\n### Infrastructure\nDockerfile security, GitHub Actions CI/CD, Terraform (S3, IAM, RDS, security groups)\n\n### Secrets \u0026 Environment\nAPI keys (AWS, GitHub, Stripe, OpenAI, Resend, Turso), .env management, .gitignore coverage, high-entropy detection, NEXT_PUBLIC exposure\n\n### Compliance Control Mapping\nMaps security findings to SOC2, PCI-DSS, HIPAA, GDPR, ISO27001, and EU AI Act (EUAIACT) controls. Identifies which code-level vulnerabilities are relevant to specific compliance requirements. **Not a substitute for professional compliance audits.**\n\n### Supply Chain\nMalicious postinstall scripts, unpinned GitHub Actions, CI `npm` provenance / `--ignore-scripts` hardening (VG1070), typosquat detection, `node-ipc` protestware versions (VG1069), Miasma `@redhat-cloud-services` namespace compromise IOC (VG1074, RHSB-2026-006), Session messenger exfil endpoint IOC (VG1075, `filev2.getsession.org`), `@tanstack/*` Mini Shai-Hulud mass-malware versions (May 2026), `@wdio/browserstack-service` command injection via git branch names (CVE-2026-25244), lockfile poisoning patterns\n\n## Tools (36 MCP tools)\n\n| Tool | What it does |\n|------|-------------|\n| `check_code` | Analyze a code snippet for security issues |\n| `check_project` | Scan multiple files with security scoring (A-F) |\n| `scan_directory` | Scan a project directory from disk |\n| `scan_staged` | Pre-commit scan of git-staged files |\n| `scan_dependencies` | Check all dependencies for known CVEs (OSV) |\n| `scan_secrets` | Detect leaked secrets, API keys, tokens |\n| `check_dependencies` | Check individual packages against OSV |\n| `check_package_health` | Typosquat detection, maintenance status, adoption metrics |\n| `compliance_report` | Map security findings to compliance controls (SOC2, PCI-DSS, HIPAA, GDPR, ISO27001, EU AI Act) |\n| `export_sarif` | SARIF v2.1.0 export for CI/CD integration |\n| `get_security_docs` | Security best practices and guides |\n| `fix_code` | **Auto-fix suggestions** with concrete patches for AI agents |\n| `audit_config` | Audit project configuration files for cross-file security misconfigurations |\n| `generate_policy` | Detect project stack and generate tailored security policies (CSP, CORS, RLS) |\n| `review_pr` | Review PR diff for security issues with severity gating |\n| `scan_secrets_history` | Scan git history for leaked secrets (active and removed) |\n| `policy_check` | Check project against compliance policies defined in .guardviberc |\n| `analyze_dataflow` | Track tainted data flows from user input to dangerous sinks |\n| `analyze_cross_file_dataflow` | **Cross-file taint analysis** — track tainted data across module boundaries |\n| `check_command` | Analyze shell commands for security risks before execution |\n| `scan_config_change` | Compare config file versions to detect security downgrades |\n| `repo_security_posture` | Assess overall repository security posture and map sensitive areas |\n| `explain_remediation` | Get detailed remediation guidance with exploit scenarios and fix strategies |\n| `scan_file` | Real-time single-file scan — designed for post-edit hooks |\n| `scan_changed_files` | Scan only git-changed files — for PRs and incremental CI |\n| `security_stats` | Cumulative security dashboard — scans, fixes, grade trend over time |\n| `guardvibe_doctor` | **Host security audit** — CVE-2025-59536, CVE-2026-21852, MCP config, env scanner |\n| `audit_mcp_config` | Audit MCP server configurations for hook injection, file:// abuse, sensitive paths |\n| `scan_host_config` | Scan shell profiles, .env files for base URL hijack and credential sniffing |\n| `verify_fix` | Verify a security fix was applied correctly — returns fixed/still_vulnerable/new_issues |\n| `security_workflow` | Get recommended tool workflow for your current task (writing, pre-commit, PR review, etc.) |\n| `auth_coverage` | **Auth coverage map** — enumerate routes, parse middleware matchers, detect auth guards, report coverage % |\n| `deep_scan` | **LLM-powered deep analysis** — IDOR, business logic, race conditions, auth bypass. Defaults to Claude Haiku 4.5 (~cents/scan). Pass `model: 'sonnet'` for deeper analysis. CLI: `npx guardvibe deep-scan \u003cfile\u003e --focus idor` |\n| `full_audit` | **Single source of truth** — runs ALL checks in one call, returns PASS/FAIL/WARN verdict + score + coverage % + deterministic result hash |\n| `remediation_plan` | **Remediation plan** — generates section-by-section fix checklist after audit |\n| `verify_remediation` | **Remediation verification** — compares before/after audit, flags skipped sections |\n\nAll scanning tools support `format: \"json\"` for machine-readable output.\n\n## Security Rules (433 rules across 25 modules)\n\n| Category | Rules | Coverage |\n|----------|-------|----------|\n| Core OWASP | 38 | SQL injection, XSS, CSRF, command injection, CORS, SSRF, hardcoded secrets |\n| Next.js App Router | 17 | Server Actions, secret exposure, auth bypass, CSP, redirects |\n| Auth (Clerk / Auth.js / Supabase Auth) | 16 | Middleware, secret keys, session storage, role checks, SSR cookies |\n| Database (Supabase / Prisma / Drizzle) | 12 | Raw queries, client exposure, service role leaks, NoSQL injection, Drizzle identifier injection (CVE-2026-39356) |\n| OWASP API Security | 10 | BOLA/IDOR, mass assignment, pagination, rate limiting, error leaks |\n| Modern Stack | 40 | Zod, tRPC, Hono, GraphQL, Uploadthing, Turso, Convex, OAuth, CSP, webhooks, AI SDK, React Server Action validation (React2Shell) |\n| Deployment Config | 21 | Vercel, Next.js config, Docker Compose, Fly, Render, Netlify, Cloudflare, K8s secrets |\n| Payments (Stripe / Polar / Lemon) | 9 | Webhook signatures, key exposure, price manipulation |\n| Services (Resend / Upstash / Pinecone / PostHog) | 11 | API key leaks, PII tracking, email injection |\n| Web Security | 15 | Webhooks, CSP, .env safety, AI key exposure, cookie handling |\n| React Native / Expo | 10 | AsyncStorage secrets, deep links, ATS, hardcoded URLs |\n| Firebase | 7 | Firestore rules, admin SDK, storage, custom tokens |\n| AI / LLM Security | 16 | Prompt injection, MCP SSRF, excessive agency, indirect injection |\n| **AI Host Security** | **10** | **CVE-2025-59536 hook injection, CVE-2026-21852 base URL hijack, MCP config audit** |\n| **AI Tool Runtime** | **4** | **MCP tool output sanitization, obfuscated descriptions, safety bypass** |\n| CVE Version Intelligence | 27 | Known vulnerable versions in package.json — incl. Axios supply-chain backdoor, Clerk middleware bypass (GHSA-vqx2), Next.js RSC DoS (CVE-2026-23869), Hono CRLF (CVE-2026-29086) |\n| Shell / Bash | 5 | Pipe to bash, chmod 777, rm -rf, sudo password |\n| SQL | 4 | DROP/DELETE without WHERE, stacked queries, GRANT ALL |\n| Supply Chain | 16 | Malicious install scripts, lockfile integrity, dependency confusion, typosquat detection |\n| Go | 6 | SQL injection, command injection, template escaping |\n| Dockerfile | 7 | Root user, secrets in ENV, untagged images, non-root user |\n| CI/CD (GitHub Actions) | 7 | Secrets interpolation, unpinned actions, write-all permissions |\n| Terraform | 6 | Public S3, open security groups, IAM wildcards |\n| Advanced Security | 21 | ReDoS, CRLF injection, race conditions, XXE, brute force, audit logging |\n| Other Services | 5 | AWS, GCP, MongoDB, Convex, Sentry, Twilio |\n\n## CLI Commands\n\n```bash\n# Scanning\nnpx guardvibe scan [path]            # Scan a directory for security issues\nnpx guardvibe scan . --format json   # JSON output for automation\nnpx guardvibe check \u003cfile\u003e           # Scan a single file\nnpx guardvibe diff [base]            # Scan only changed files since git ref\n\n# Full security audit\nnpx guardvibe audit [path]           # Full audit with PASS/FAIL verdict + hash\nnpx guardvibe audit . --format json  # JSON output for CI pipelines\nnpx guardvibe audit --skip-deps      # Skip dependency CVE check\nnpx guardvibe audit --full           # Disable MCP-output truncation (full finding set)\n\n# Host security audit\nnpx guardvibe doctor                 # Host hardening audit (project scope)\nnpx guardvibe doctor --scope host    # + shell profiles, global MCP configs\nnpx guardvibe doctor --scope full    # + home dir configs\nnpx guardvibe doctor --format json   # JSON output\n\n# LLM-powered deep scan (IDOR, business logic, race conditions, auth bypass)\nnpx guardvibe deep-scan \u003cfile\u003e                  # Default: Haiku 4.5, all focus areas\nnpx guardvibe deep-scan \u003cfile\u003e --focus idor     # Narrow to IDOR\nnpx guardvibe deep-scan \u003cfile\u003e --model sonnet   # Deeper analysis (more expensive)\nnpx guardvibe deep-scan \u003cfile\u003e --max-bytes 5000 # Truncate input for cost control\n# Requires ANTHROPIC_API_KEY or OPENAI_API_KEY env var\n\n# Setup\nnpx guardvibe init \u003cplatform\u003e       # Setup MCP server (claude, cursor, gemini, all)\nnpx guardvibe hook install           # Install pre-commit hook\nnpx guardvibe hook uninstall         # Remove pre-commit hook\nnpx guardvibe ci github              # Generate GitHub Actions workflow\n\n# Pre-commit / CI\nnpx guardvibe-scan                   # Scan staged files (for pre-commit)\nnpx guardvibe-scan --format sarif --output results.sarif  # CI mode\n\n# Options (all scan commands)\n#   --format markdown|json|sarif|buddy\n#   --output \u003cfile\u003e     Write results to file\n#   --fail-on \u003clevel\u003e   Exit 1 on findings: critical|high|medium|low|none\n#   --full              Bypass response-size caps (50 JSON / 30 markdown / 200-file taint)\n```\n\n## Plugin System\n\nExtend GuardVibe with custom or community rule packs.\n\n```bash\nnpm install guardvibe-rules-awesome\n```\n\nPlugins matching `guardvibe-rules-*`, `@guardvibe/rules-*`, or `@guardvibe-pro/rules-*` are discovered automatically.\n\n### Writing a Plugin\n\nA plugin is an npm package that exports a `GuardVibePlugin` object:\n\n```typescript\n// index.ts\nimport type { GuardVibePlugin } from \"guardvibe/plugins\";\n\nconst plugin: GuardVibePlugin = {\n  name: \"my-rules\",\n  version: \"1.0.0\",\n  description: \"My custom security rules\",\n  rules: [\n    {\n      id: \"CUSTOM001\",\n      name: \"My Custom Rule\",\n      severity: \"high\",       // \"critical\" | \"high\" | \"medium\" | \"low\" | \"info\"\n      owasp: \"A01:2025 Broken Access Control\",\n      description: \"What this rule detects and why it's dangerous\",\n      pattern: /vulnerable_pattern_here/g,   // RegExp with global flag\n      languages: [\"javascript\", \"typescript\"], // which file types to scan\n      fix: \"How to fix the vulnerability\",\n      fixCode: \"// Copy-paste secure code example\",\n      compliance: [\"SOC2:CC6.1\"],  // optional compliance mapping\n    },\n  ],\n};\n\nexport default plugin;\n```\n\n### Plugin Rule Schema\n\n| Field | Type | Required | Description |\n|-------|------|----------|-------------|\n| `id` | string | Yes | Unique rule ID (e.g., \"CUSTOM001\") |\n| `name` | string | Yes | Human-readable rule name |\n| `severity` | string | Yes | `critical`, `high`, `medium`, `low`, or `info` |\n| `owasp` | string | Yes | OWASP category mapping |\n| `description` | string | Yes | What the rule detects |\n| `pattern` | RegExp | Yes | Regex pattern to match vulnerable code (use `/g` flag) |\n| `languages` | string[] | Yes | File types to scan |\n| `fix` | string | Yes | How to fix the issue |\n| `fixCode` | string | No | Copy-paste secure code example |\n| `compliance` | string[] | No | SOC2/PCI-DSS/HIPAA control IDs |\n\n### Loading Plugins\n\nPlugins are loaded from three sources:\n\n1. **Auto-discovery:** Any installed npm package matching `guardvibe-rules-*` or `@guardvibe/rules-*`\n2. **Config-specified:** Packages listed in `.guardviberc` `plugins` array\n3. **Local paths:** Relative paths in `.guardviberc` `plugins` array\n\n```json\n// .guardviberc\n{\n  \"plugins\": [\n    \"guardvibe-rules-awesome\",\n    \"./my-local-rules\"\n  ]\n}\n```\n\n## Configuration\n\nCreate a `.guardviberc` file in your project root:\n\n```json\n{\n  \"rules\": {\n    \"disable\": [\"VG030\"],\n    \"severity\": {\n      \"VG002\": \"medium\"\n    }\n  },\n  \"scan\": {\n    \"exclude\": [\"fixtures/\", \"coverage/\"],\n    \"maxFileSize\": 1048576\n  },\n  \"plugins\": [\"guardvibe-rules-awesome\"]\n}\n```\n\n## Inline Suppression\n\n```javascript\nconst key = process.env.API_KEY; // guardvibe-ignore VG001\n\n// guardvibe-ignore-next-line VG002\napp.get(\"/api/health\", (req, res) =\u003e res.json({ ok: true }));\n```\n\nSupports `//`, `#`, and `\u003c!-- --\u003e` comment styles.\n\n## GuardVibe Scans Itself\n\nWe run GuardVibe on its own codebase as a pre-commit hook. Every commit is scanned before it reaches the repository — the same workflow GuardVibe enables for your projects.\n\n## How It Works\n\n```\nYou write code with AI\n    |\nAI agent calls GuardVibe MCP tools\n    |\nGuardVibe scans locally (no cloud, no API)\n    |\nReturns findings with severity, OWASP mapping, and fix suggestions\n    |\nAI agent fixes issues before they reach production\n```\n\n## Performance\n\nTested on real AI-built projects (837 files, Next.js + Supabase + Clerk):\n\n- Scan time: **~1.2s** (837 files)\n- False positive rate: **near zero** — context-aware detection (React Native, Supabase client/server, static innerHTML, git-aware secrets)\n- Detection rate: **100%** on known vulnerability patterns\n- Security score: **A (99/100)** on production projects\n\n## Troubleshooting\n\n### MCP connection issues\n\nIf your AI agent cannot connect to GuardVibe:\n\n1. **Restart your IDE/agent.** MCP servers are started by the host application. After running `npx guardvibe init`, restart Claude Code, Cursor, or Gemini CLI for the config to take effect.\n2. **Check the config path.** Run `npx guardvibe init claude` again and verify the output shows the correct config file location (`.mcp.json` in your project root for Claude Code, `.cursor/mcp.json` for Cursor).\n3. **Re-run `init` to upgrade.** When upgrading GuardVibe, re-run `npx guardvibe init claude` — `.mcp.json` is pinned to a specific version (e.g. `guardvibe@3.1.33`) at init time for fast deterministic startup. As of v3.1.2 the re-run also rewrites stale pins automatically (`Upgraded GuardVibe pin (3.1.27 → 3.1.28)`); since v3.1.27 the PostToolUse hook command is pinned to the same version (was `@latest`) and re-run upgrades a stale hook too. The same applies to `npx guardvibe hook install` and `npx guardvibe ci github` (since v3.1.3) — both are version-pinned at install/generate time and re-run to upgrade.\n4. **Pre-3.1.1 users won't see the auto-update banner.** GuardVibe started writing a once-per-day \"newer version available\" notice to stderr in v3.1.1. If your install predates that, you'll never see it — run `npx -y guardvibe@latest init \u003chost\u003e` once to bake in the latest pin and start receiving banners on subsequent sessions.\n5. **Verify Node.js version.** GuardVibe requires Node.js \u003e= 18.0.0. Check with `node --version`.\n6. **Check npx cache.** If you upgraded GuardVibe and the old version is cached, run `npx -y guardvibe@latest` to force the latest version.\n\n### Node.js version requirements\n\nGuardVibe requires **Node.js \u003e= 18.0.0**. Earlier versions will fail with syntax errors or missing APIs. Node.js 22 LTS is recommended.\n\n### False positives\n\nIf a rule triggers on safe code:\n\n- **Inline suppression:** Add `// guardvibe-ignore VG001` on the same line, or `// guardvibe-ignore-next-line VG001` on the line above. Supports `//`, `#`, and `\u003c!-- --\u003e` comment styles.\n- **Config exclusion:** Add the rule ID to `rules.disable` in `.guardviberc`:\n  ```json\n  { \"rules\": { \"disable\": [\"VG030\"] } }\n  ```\n- **Path exclusion:** Add directories to `scan.exclude` in `.guardviberc`:\n  ```json\n  { \"scan\": { \"exclude\": [\"fixtures/\", \"test-data/\"] } }\n  ```\n\n### Pre-commit hook issues\n\n- **Hook not running:** Verify the hook file exists at `.git/hooks/pre-commit` and is executable (`chmod +x .git/hooks/pre-commit`).\n- **Hook blocking valid commits:** Use `git commit --no-verify` to skip the hook temporarily, then investigate the findings.\n- **Removing the hook:** Run `npx guardvibe hook uninstall`.\n\n## Security Model\n\nGuardVibe is designed for use on sensitive and proprietary codebases:\n\n- **100% local execution.** All scanning happens on your machine. No code, findings, or metadata are sent to any server.\n- **No accounts, no API keys, no telemetry.** There is no signup, no cloud dashboard, and no usage tracking of any kind.\n- **One optional network call.** The `scan_dependencies` and `check_dependencies` tools query the [OSV API](https://osv.dev/) to check for known CVEs. This is opt-in -- you only call it when you explicitly use those tools. No other tool makes network requests.\n- **Safe for air-gapped environments.** All code analysis rules run entirely offline. Only dependency vulnerability checks require network access.\n\n## Configuration (.guardviberc)\n\nCreate a `.guardviberc` JSON file in your project root to customize GuardVibe behavior.\n\n### Full example\n\n```json\n{\n  \"rules\": {\n    \"disable\": [\"VG030\", \"VG045\"],\n    \"severity\": {\n      \"VG002\": \"medium\",\n      \"VG010\": \"low\"\n    }\n  },\n  \"scan\": {\n    \"exclude\": [\"fixtures/\", \"coverage/\", \"dist/\", \"vendor/\"],\n    \"maxFileSize\": 1048576\n  },\n  \"plugins\": [\n    \"guardvibe-rules-awesome\",\n    \"./my-local-rules\"\n  ],\n  \"compliance\": {\n    \"frameworks\": [\"SOC2\", \"HIPAA\"],\n    \"failOn\": \"high\",\n    \"exceptions\": [\n      {\n        \"ruleId\": \"VG030\",\n        \"reason\": \"Accepted risk per security review 2026-03\",\n        \"approvedBy\": \"security-team\",\n        \"expiresAt\": \"2026-12-31\",\n        \"files\": [\"src/legacy/**\"]\n      }\n    ],\n    \"requiredControls\": [\"SOC2:CC6.1\"]\n  },\n  \"scoring\": {\n    \"densityModel\": \"exponential\"\n  }\n}\n```\n\n### Configuration fields\n\n| Field | Type | Default | Description |\n|-------|------|---------|-------------|\n| `rules.disable` | `string[]` | `[]` | Rule IDs to skip during scanning |\n| `rules.severity` | `Record\u003cstring, string\u003e` | `{}` | Override severity for specific rules |\n| `scan.exclude` | `string[]` | `[]` | Glob patterns for directories/files to skip |\n| `scan.maxFileSize` | `number` | `512000` | Maximum file size in bytes (files larger than this are skipped) |\n| `plugins` | `string[]` | `[]` | npm package names or local paths to load as plugins |\n| `compliance.frameworks` | `string[]` | -- | Compliance frameworks to map against (`SOC2`, `PCI-DSS`, `HIPAA`, `GDPR`, `ISO27001`) |\n| `compliance.failOn` | `string` | `\"high\"` | Minimum severity that causes compliance failure |\n| `compliance.exceptions` | `PolicyException[]` | `[]` | Approved exceptions with expiration dates |\n| `compliance.requiredControls` | `string[]` | -- | Controls that must pass regardless of exceptions |\n| `scoring.densityModel` | `\"linear\" \\| \"exponential\"` | `\"linear\"` | Score decay curve. `linear` matches pre-v3.0.50 (cliff at density 5). `exponential` keeps resolution past density 5 — smoother decay for large repos. Severity caps (1+ critical → max C/60, 1+ high → max B/75) apply under both. |\n\n## Security\n\nGuardVibe takes supply chain security seriously:\n\n- **npm provenance** — every published version is cryptographically signed via Sigstore, linking the package to this exact GitHub repo and commit. Verify with `npm audit signatures`\n- **2FA enabled** — npm account protected with two-factor authentication\n- **Branch protection** — force push disabled on main, admin enforcement enabled\n- **Tag protection** — version tags (`v*`) cannot be deleted or force-pushed\n- **Minimal CI permissions** — GitHub Actions workflows use `permissions: contents: read` only\n- **Zero runtime dependencies** — only MCP SDK and Zod (both widely audited)\n\nTo report a vulnerability, please email info@goklab.com or open a GitHub issue.\n\n## License\n\nApache 2.0 — open source, patent-safe, enterprise-ready. Built by [GokLab](https://github.com/goklab).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoklab%2Fguardvibe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoklab%2Fguardvibe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoklab%2Fguardvibe/lists"}