Guardvibe MCP Server

GuardVibe

Security infrastructure your AI can't be. No matter how good your coding agent gets, it can't know the CVE published after its training cutoff, it can't deterministically guarantee the same check every run, it can't hold your whole repo in context, and it can't objectively review its own code. GuardVibe does all four — the deterministic, post-cutoff-current, whole-repo, author-independent verification layer for AI-written code.

• 🗓️ Knows what your AI doesn't. CVE rules refreshed daily from GHSA / OSV.dev / CISA KEV — GuardVibe flags vulnerable dependencies published after your model's training cutoff. (71 CVE rules, npm run intel daily triage.)
• 🎯 Deterministic, not probabilistic. Same code = same result, every run (content-hashed). Your AI guesses; GuardVibe doesn't.
• 🗺️ Sees the whole repo. Cross-file taint + auth-coverage across every route — catches the unprotected endpoint your agent's narrow context missed.
• 🔍 An independent second pair of eyes. The thing that wrote the code can't review itself. GuardVibe is the outside checker on AI-written code — in the loop while your AI codes (real-time edit hook), not after.
• ⬅️ NEW: Starts before the first line of code. Every scanner on earth — including your agent reviewing itself — acts after the code exists. secure_prompt acts before: it analyzes the coding prompt itself, detects the stack and attack surfaces it implies, and embeds severity-ranked GuardVibe requirements into the prompt your AI executes. The vulnerability is prevented, not caught. Deterministic, zero LLM calls — and if the prompt is already secure, it passes through untouched.

The security MCP built for vibe coding. 450 security rules, 39 tools covering the entire AI-generated code journey — from the prompt itself to production deployment.

Works with Claude Code, Cursor, Gemini CLI, Codex, VS Code (Copilot), Windsurf, and any MCP-compatible coding agent.

Why a tool, when your AI is so good?

"More rules" was never the moat — a strong model already knows most security rules by heart. What it can't do is be deterministic, know the CVE published after its training cutoff, hold your whole repo in context, or objectively review the code it just wrote. Those four gaps are structural; they don't close as models improve. GuardVibe is the layer that fills them — running while your AI codes, not in a separate audit later. And since v3.19, it runs before your AI codes too: secure_prompt rewrites the task itself so the security requirements are in the prompt, not in the post-mortem.

Why GuardVibe

Most security tools are built for enterprise security teams. GuardVibe is built for you — the developer using AI to build and ship web apps fast.

• 450 security rules, 39 tools purpose-built for the stacks AI agents generate
• Zero setup friction — npx guardvibe and you're scanning
• No account required — runs 100% locally, no API keys, no cloud
• Understands your stack — not generic SAST, but rules that know Next.js, Supabase, Stripe, Clerk, and the tools you actually use
• CVE version intelligence — detects 71 known vulnerable package versions in package.json, refreshed every day from GHSA / OSV.dev / CISA KEV
• AI agent & MCP security — detects MCP server vulnerabilities, tool-description prompt injection (OWASP MCP Top 10), model-controlled sandbox-disable flags, excessive AI permissions, indirect prompt injection
• Auto-fix suggestions — fix_code tool returns concrete patches and structured edits the AI agent can apply mechanically. Coverage: hardcoded credentials → env-var migration; public-prefix LLM keys (NEXT_PUBLIC_/VITE_/EXPO_PUBLIC_/REACT_APP_) → prefix removal; CORS wildcards → env allowlist; dangerouslyAllowBrowser flags → drop; sandbox bypass flags (unsafe/noSandbox/allowEval) → drop; agent loops → add maxSteps; raw-HTML React props → <ReactMarkdown>; missing auth checks → insert auth guard; SQL injection → parameterized queries; missing rate limiters / CSRF / security headers → snippet templates.
• Pre-commit hook — block insecure code before it reaches your repo
• CI/CD ready — GitHub Actions workflow with SARIF upload to Security tab
• Agent-friendly output — JSON format for AI agents, Markdown for humans, SARIF for CI/CD
• Plugin system — extend with community or premium rule packs

New in v3.1.x

• Daily threat-intel pipeline — rule set tracks GHSA / OSV.dev / CISA KEV every day. Latest shipments (v3.1.24 → v3.1.26) added VG1069 node-ipc protestware detection, VG1070 CI npm provenance / --ignore-scripts hardening, VG1071 axios proxy-auth redirect credential leak, VG1072 hono setCookie attribute injection, VG1073 drizzle sql.raw interpolation, VG1074 Miasma @redhat-cloud-services namespace compromise IOC (RHSB-2026-006), and VG1075 Session messenger exfil endpoint IOC (filev2.getsession.org). The hono override floor is pinned to ^4.12.21. Earlier in the v3.1.2x line: Next.js May 2026 13-advisory cluster, Drizzle ORM SQL identifier injection (CVE-2026-39356), Clerk clerkFrontendApiProxy SSRF (CVE-2026-34076), tRPC experimental_nextAppDirCaller prototype pollution (CVE-2025-68130), MikroORM SQL injection, angular-expressions filter RCE, @tanstack/* Mini Shai-Hulud supply-chain attack, Kysely JSON-path traversal, @nyariv/sandboxjs sandbox escape, OpenClaude dangerouslyDisableSandbox model-controlled flag, Strapi content-type builder SQL injection, LangSmith untrusted prompt-manifest deserialization, and more
• OWASP MCP Top 10 alignment — VG1068 flags MCP / AI tool definitions whose description, instructions, or systemPrompt fields carry prompt-injection markers (ignore previous instructions, you are now, jailbreak mode, system prompt:, override safety, …); pair with VG1063 which catches dangerouslyDisableSandbox: true in agent runtimes
• Inline suppress — // guardvibe-ignore VG001 silences individual findings per-line
• CLI-first approach — npx guardvibe audit, npx guardvibe scan, npx guardvibe doctor all work standalone without MCP
• Embedded remediation plan — remediation_plan generates a section-by-section fix checklist after every audit
• Score reflects all sections — security score now factors code, dependencies, config, secrets, auth coverage, and taint analysis
• Gitignored secrets excluded — files matched by .gitignore are automatically skipped during secret scanning
• Taint sanitizer recognition — dataflow analysis recognizes common sanitizers (DOMPurify, escape functions, parameterized queries) and stops propagation

How GuardVibe Compares

GuardVibe is purpose-built for the AI coding workflow. Traditional tools are excellent for enterprise CI/CD pipelines — GuardVibe fills a different gap.

When to use GuardVibe: You're building with AI agents and want security scanning integrated into your coding workflow — no dashboard, no account, no CI setup.

When to use traditional tools: You need deep AST analysis, enterprise dashboards, org-wide policy enforcement, or coverage across hundreds of languages.

Quick Start

Claude Code

npx guardvibe init claude

Creates .mcp.json MCP config (pinned to current version), .claude/settings.json auto-scan hooks, and CLAUDE.md security rules. Restart Claude Code after setup.

Cursor

npx guardvibe init cursor

Creates .cursor/mcp.json and .cursorrules with security rules. Restart Cursor after setup.

Gemini CLI

npx guardvibe init gemini

Creates ~/.gemini/settings.json MCP config and GEMINI.md security rules.

Codex (OpenAI)

codex mcp add guardvibe -- npx -y guardvibe

VS Code (GitHub Copilot)

Create .vscode/mcp.json in your project:

{
  "servers": {
    "guardvibe": {
      "command": "npx",
      "args": ["-y", "guardvibe"]
    }
  }
}

Note: VS Code uses "servers", not "mcpServers".

Windsurf

Add to ~/.codeium/windsurf/mcp_config.json:

{
  "mcpServers": {
    "guardvibe": {
      "command": "npx",
      "args": ["-y", "guardvibe"]
    }
  }
}

All platforms at once

npx guardvibe init all       # Claude + Cursor + Gemini

Pre-commit hook

npx guardvibe hook install   # Blocks commits with critical/high findings
npx guardvibe hook uninstall # Remove hook

CI/CD (GitHub Actions)

npx guardvibe ci github          # Generates .github/workflows/guardvibe.yml (SARIF scan)
npx guardvibe ci github --pr     # + a diff-aware PR review workflow that posts inline comments

What GuardVibe Scans

Application Code

Next.js App Router, Server Actions, Server Components, React, Express, Hono, tRPC, GraphQL, FastAPI, Go

Authentication & Authorization

Clerk, Auth.js (NextAuth), Supabase Auth, OAuth/OIDC (state parameter, PKCE) — middleware checks, secret exposure, session handling, SSR cookie auth, admin method protection

Database & ORM

Supabase (RLS, anon vs service role), Prisma (raw query injection, CVEs), Drizzle (SQL injection — including CVE-2026-39356 identifier-injection), MikroORM (CVE-2026-44680 runtime-identifier injection), Kysely (CVE-2026-44635 JSON-path traversal), Turso/LibSQL (client exposure, SQL injection), Convex (auth bypass, internal function exposure)

Payments

Stripe (webhook signatures, replay protection, secret keys), Polar.sh, LemonSqueezy

Third-Party Services

Resend (email HTML injection), Upstash Redis, Pinecone, PostHog, Google Analytics (PII tracking), Uploadthing (auth, file type/size)

AI / LLM Security

Prompt injection detection, LLM output sinks, system prompt leaks, MCP server SSRF/path traversal/command injection, MCP tool description prompt-injection markers (OWASP MCP Top 10 alignment, VG1068), model-controlled sandbox-disable flags (dangerouslyDisableSandbox, VG1063), AI agent unrestricted shell/database access, dangerouslyAllowBrowser, missing maxTokens, agent loop without maxSteps, AI API key client exposure, indirect prompt injection via external data, RAG/vector poisoning, public-prefix LLM key leaks (NEXT_PUBLIC_*, VITE_*, EXPO_PUBLIC_*)

AI Host Security

guardvibe doctor — unified host hardening scanner detecting CVE-2025-59536 (hook injection via .claude/settings.json), CVE-2026-21852 (API key exfiltration via ANTHROPIC_BASE_URL override), MCP config audit, environment scanner, permission analysis. Supports Claude, Cursor, VS Code, Gemini, Windsurf. Host-specific remediation with platform-tailored fix steps.

OWASP API Security

BOLA/IDOR (Broken Object Level Authorization), mass assignment (spread request body, Object.assign), missing pagination, rate limiting, admin endpoint authorization, verbose error leaks

Modern Stack

Zod .passthrough() mass assignment, z.any() bypass, file upload validation, server-only import guard, webhook replay protection, CSP headers, unsafe-inline/unsafe-eval detection, cron endpoint auth

Mobile

React Native, Expo — AsyncStorage secrets, deep link token exposure, hardcoded API URLs, ATS configuration

Firebase

Firestore security rules, Firebase Admin SDK exposure, storage rules, custom token validation

CVE Version Intelligence (71 CVEs, refreshed daily)

Frameworks: Next.js (CVE-2024-34351, CVE-2024-46982, CVE-2025-29927, CVE-2026-23869, CVE-2026-44573 / 44574 / 44575 / 44578 / 44579 / 45109 May 2026 cluster), React + react-server-dom-* (CVE-2025-55182, CVE-2026-23870), Express, Hono pre-4.12.18 cluster, @vitejs/plugin-rsc, Strapi content-type-builder (CVE-2026-22599) Auth: Clerk middleware bypass (GHSA-vqx2), Clerk has() org/billing/reverification bypass (GHSA-w24r), Clerk clerkFrontendApiProxy SSRF (CVE-2026-34076), NextAuth.js (2 CVEs), jsonwebtoken ORMs / SQL: Drizzle SQL identifier injection (CVE-2026-39356) + Drizzle sql.raw interpolation (VG1073), MikroORM SQL injection (CVE-2026-44680), Prisma raw-query call-form, Kysely JSON-path traversal (CVE-2026-44635) AI ecosystem: @anthropic-ai/sdk (CVE-2026-34451 + memory tool path escape), Vercel AI SDK file-type bypass (CVE-2025-48985), LangSmith untrusted prompt manifest (CVE-2026-45134), OpenClaude sandbox bypass (CVE-2026-42074), @nyariv/sandboxjs Function.caller escape (CVE-2026-43898) HTTP / parsing: Axios pre-1.15.2 cluster (SSRF + prototype-pollution + DoS + CRLF) + axios proxy-auth redirect leak (VG1071), Hono setCookie attribute injection (VG1072, override pinned ^4.12.21), fast-uri path traversal + host confusion (CVE-2026-6321 / 6322), fast-xml-parser CDATA injection, xmldom CDATA, protobuf.js multi-CVE cluster, undici (2 CVEs), ws Tools / supply chain: node-ipc protestware (VG1069), Miasma @redhat-cloud-services namespace compromise IOC (VG1074), Session messenger exfil endpoint IOC (VG1075), @tanstack/* Mini Shai-Hulud (84 malicious versions, May 2026), @wdio/browserstack-service command injection (CVE-2026-25244), @babel/plugin-transform-modules-systemjs arbitrary code (CVE-2026-44728), @opentelemetry exporter-prometheus DoS (CVE-2026-44902), systeminformation Linux cmd injection (CVE-2026-44724), velocityjs prototype pollution, defu, sharp, lodash, node-fetch, tar, xml2js, crypto-js, angular-expressions RCE, i18next-http-backend, vm2 sandbox breakouts

Deployment & Config

Vercel (vercel.json, cron secrets, headers), Next.js config, Docker, Docker Compose, Fly.io, Render, Netlify, Cloudflare

Infrastructure

Dockerfile security, GitHub Actions CI/CD, Terraform (S3, IAM, RDS, security groups)

Secrets & Environment

API keys (AWS, GitHub, Stripe, OpenAI, Resend, Turso), .env management, .gitignore coverage, high-entropy detection, NEXT_PUBLIC exposure

Compliance Control Mapping

Maps security findings to SOC2, PCI-DSS, HIPAA, GDPR, ISO27001, and EU AI Act (EUAIACT) controls. Identifies which code-level vulnerabilities are relevant to specific compliance requirements. Not a substitute for professional compliance audits.

Supply Chain

Malicious postinstall scripts, unpinned GitHub Actions, CI npm provenance / --ignore-scripts hardening (VG1070), typosquat detection, node-ipc protestware versions (VG1069), Miasma @redhat-cloud-services namespace compromise IOC (VG1074, RHSB-2026-006), Session messenger exfil endpoint IOC (VG1075, filev2.getsession.org), @tanstack/* Mini Shai-Hulud mass-malware versions (May 2026), @wdio/browserstack-service command injection via git branch names (CVE-2026-25244), lockfile poisoning patterns

Prompt-Level Security (Shift Left)

Most vulnerabilities in AI-generated code are born in the prompt: "add login to my app" says nothing about password hashing, session handling, or rate limiting — so the model picks defaults, and the defaults are where the CVEs live. secure_prompt moves the security gate to before code generation: it analyzes the raw prompt, detects the stack and attack surfaces it implies, matches them against GuardVibe's rule set, and returns a directive the host LLM uses to rewrite the prompt with security requirements embedded.

This is not a prompt beautifier. It is deterministic (no LLM, no network), it never restructures intent, and its first job is do no harm: a prompt that is already specific and security-aware gets verdict NO_MOD and passes through untouched.

• NO_MOD — prompt is already specific and security-aware → proceed with the original prompt unchanged
• LIGHT_MOD — intent is clear but security constraints are missing → inject requirements only
• HEAVY_MOD — prompt is vague and security-relevant → inject requirements + surface clarifying questions (never invent the answers)

Before (what the user typed):

add login to my app

After (what the host LLM executes, having applied the secure_prompt directive):

Add login to my app, with these security requirements:
- [VG001] Use environment variables or a secrets manager — never hardcode credentials.
- [VG1008] Always verify the caller has admin privileges before allowing role elevation.
- [VG105] Always specify allowed algorithms explicitly in jwt.verify().

Before implementing, confirm: which framework/stack is this for, and which auth
provider should be used (e.g. Clerk, Auth.js/NextAuth, Supabase Auth, custom JWT)?

Same user intent — but the model now generates auth code with the guardrails stated up front, instead of GuardVibe catching the missing pieces after the fact.

Tools (39 MCP tools)

All scanning tools support format: "json" for machine-readable output.

Slopsquat / hallucinated-package detection

AI assistants invent package names — ~20% of AI-generated code references packages that don't exist, and attackers register those hallucinated names ("slopsquatting"). Commodity SCA scans known, published packages against vuln databases; it can't see a name that doesn't exist yet, was never installed, or was published yesterday. scan_hallucinated_packages / slopscan targets exactly that seam, at code-gen/PR time:

• Offline (deterministic, air-gapped): phantom_import (a package imported in source but absent from every package.json — a classic LLM tell) and typosquats of popular packages. Statement-anchored + comment/template-aware, so example imports in docs/strings are never miscounted.
• Online (opt-in, graceful degrade): npm-registry truth — nonexistent (404), brand-new + low-download (slopsquat-registration pattern), deprecated/unmaintained.

The offline tier is also a full_audit section (online never runs inside the audit, keeping the result hash deterministic). Allowlist intentional unpublished/workspace names via .guardviberc:

{ "slopscan": { "online": true, "allow": ["@myorg/internal-pkg"] } }

Security Rules (450 rules across 25 modules)

CLI Commands

# Scanning
npx guardvibe scan [path]            # Scan a directory for security issues
npx guardvibe scan . --format json   # JSON output for automation
npx guardvibe check <file>           # Scan a single file
npx guardvibe diff [base]            # Scan changed files — reports only newly-introduced issues
npx guardvibe diff [base] --all-lines # Include pre-existing findings in changed files too

# Close the loop — scan, apply verified fixes, re-verify
npx guardvibe secure-this <file>          # Dry run: show the fixes that would land + remaining manual work
npx guardvibe secure-this <file> --write  # Apply only the fixes that re-verify clean (rolled back on regression)
npx guardvibe secure-this <file> --format json

# Full security audit
npx guardvibe audit [path]           # Full audit with PASS/FAIL verdict + hash
npx guardvibe audit . --format json  # JSON output for CI pipelines
npx guardvibe audit --skip-deps      # Skip dependency CVE check
npx guardvibe audit --full           # Disable MCP-output truncation (full finding set)

# Host security audit
npx guardvibe doctor                 # Host hardening audit (project scope)
npx guardvibe doctor --scope host    # + shell profiles, global MCP configs
npx guardvibe doctor --scope full    # + home dir configs
npx guardvibe doctor --format json   # JSON output

# LLM-powered deep scan (IDOR, business logic, race conditions, auth bypass)
npx guardvibe deep-scan <file>                  # Default: Haiku 4.5, all focus areas
npx guardvibe deep-scan <file> --focus idor     # Narrow to IDOR
npx guardvibe deep-scan <file> --model sonnet   # Deeper analysis (more expensive)
npx guardvibe deep-scan <file> --max-bytes 5000 # Truncate input for cost control
# Requires ANTHROPIC_API_KEY or OPENAI_API_KEY env var

# Setup
npx guardvibe init <platform>       # Setup MCP server (claude, cursor, gemini, all)
npx guardvibe hook install           # Install pre-commit hook
npx guardvibe hook uninstall         # Remove pre-commit hook
npx guardvibe ci github              # Generate GitHub Actions workflow

# Pre-commit / CI
npx guardvibe-scan                   # Scan staged files (for pre-commit)
npx guardvibe-scan --format sarif --output results.sarif  # CI mode

# Options (all scan commands)
#   --format markdown|json|sarif|buddy|agent
#       agent = guardvibe.agent.v1 — per finding: { id, severity, confidence, exactEdit, manualFix, verify }
#       so an AI agent can apply the exact edit and run the verify step to prove the fix
#   --output <file>     Write results to file
#   --fail-on <level>   Exit 1 on findings: critical|high|medium|low|none
#   --full              Bypass response-size caps (50 JSON / 30 markdown / 200-file taint)

Plugin System

Extend GuardVibe with custom or community rule packs.

npm install guardvibe-rules-awesome

Plugins matching guardvibe-rules-*, @guardvibe/rules-*, or @guardvibe-pro/rules-* are discovered automatically.

Writing a Plugin

A plugin is an npm package that exports a GuardVibePlugin object:

// index.ts
import type { GuardVibePlugin } from "guardvibe/plugins";

const plugin: GuardVibePlugin = {
  name: "my-rules",
  version: "1.0.0",
  description: "My custom security rules",
  rules: [
    {
      id: "CUSTOM001",
      name: "My Custom Rule",
      severity: "high",       // "critical" | "high" | "medium" | "low" | "info"
      owasp: "A01:2025 Broken Access Control",
      description: "What this rule detects and why it's dangerous",
      pattern: /vulnerable_pattern_here/g,   // RegExp with global flag
      languages: ["javascript", "typescript"], // which file types to scan
      fix: "How to fix the vulnerability",
      fixCode: "// Copy-paste secure code example",
      compliance: ["SOC2:CC6.1"],  // optional compliance mapping
    },
  ],
};

export default plugin;

Plugin Rule Schema

Loading Plugins

Plugins are loaded from three sources:

1. Auto-discovery: Any installed npm package matching guardvibe-rules-* or @guardvibe/rules-*
2. Config-specified: Packages listed in .guardviberc plugins array
3. Local paths: Relative paths in .guardviberc plugins array

// .guardviberc
{
  "plugins": [
    "guardvibe-rules-awesome",
    "./my-local-rules"
  ]
}

Configuration

Create a .guardviberc file in your project root:

{
  "rules": {
    "disable": ["VG030"],
    "severity": {
      "VG002": "medium"
    }
  },
  "scan": {
    "exclude": ["fixtures/", "coverage/"],
    "maxFileSize": 1048576
  },
  "plugins": ["guardvibe-rules-awesome"]
}

Inline Suppression

const key = process.env.API_KEY; // guardvibe-ignore VG001

// guardvibe-ignore-next-line VG002
app.get("/api/health", (req, res) => res.json({ ok: true }));

Supports //, #, and `` comment styles.

GuardVibe Scans Itself

We run GuardVibe on its own codebase as a pre-commit hook. Every commit is scanned before it reaches the repository — the same workflow GuardVibe enables for your projects.

How It Works

You write code with AI
    |
AI agent calls GuardVibe MCP tools
    |
GuardVibe scans locally (no cloud, no API)
    |
Returns findings with severity, OWASP mapping, and fix suggestions
    |
AI agent fixes issues before they reach production

Performance

Tested on real AI-built projects (837 files, Next.js + Supabase + Clerk):

• Scan time: ~1.2s (837 files)
• False positive rate: near zero — context-aware detection (React Native, Supabase client/server, static innerHTML, git-aware secrets)
• Detection rate: 100% on known vulnerability patterns
• Security score: A (99/100) on production projects

Troubleshooting

MCP connection issues

If your AI agent cannot connect to GuardVibe:

1. Restart your IDE/agent. MCP servers are started by the host application. After running npx guardvibe init, restart Claude Code, Cursor, or Gemini CLI for the config to take effect.
2. Check the config path. Run npx guardvibe init claude again and verify the output shows the correct config file location (.mcp.json in your project root for Claude Code, .cursor/mcp.json for Cursor).
3. Re-run init to upgrade. When upgrading GuardVibe, re-run npx guardvibe init claude — .mcp.json is pinned to a specific version (e.g. guardvibe@3.1.36) at init time for fast deterministic startup. As of v3.1.2 the re-run also rewrites stale pins automatically (Upgraded GuardVibe pin (3.1.27 → 3.1.28)); since v3.1.27 the PostToolUse hook command is pinned to the same version (was @latest) and re-run upgrades a stale hook too. The same applies to npx guardvibe hook install and npx guardvibe ci github (since v3.1.3) — both are version-pinned at install/generate time and re-run to upgrade.
4. Pre-3.1.1 users won't see the auto-update banner. GuardVibe started writing a once-per-day "newer version available" notice to stderr in v3.1.1. If your install predates that, you'll never see it — run npx -y guardvibe@latest init <host> once to bake in the latest pin and start receiving banners on subsequent sessions.
5. Verify Node.js version. GuardVibe requires Node.js >= 18.0.0. Check with node --version.
6. Check npx cache. If you upgraded GuardVibe and the old version is cached, run npx -y guardvibe@latest to force the latest version.

Node.js version requirements

GuardVibe requires Node.js >= 18.0.0. Earlier versions will fail with syntax errors or missing APIs. Node.js 22 LTS is recommended.

False positives

If a rule triggers on safe code:

• Inline suppression: Add // guardvibe-ignore VG001 on the same line, or // guardvibe-ignore-next-line VG001 on the line above. Supports //, #, and `` comment styles.
• Config exclusion: Add the rule ID to rules.disable in .guardviberc:

  { "rules": { "disable": ["VG030"] } }
  

• Path exclusion: Add directories to scan.exclude in .guardviberc:

  { "scan": { "exclude": ["fixtures/", "test-data/"] } }
  

Pre-commit hook issues

• Hook not running: Verify the hook file exists at .git/hooks/pre-commit and is executable (chmod +x .git/hooks/pre-commit).
• Hook blocking valid commits: Use git commit --no-verify to skip the hook temporarily, then investigate the findings.
• Removing the hook: Run npx guardvibe hook uninstall.

Security Model

GuardVibe is designed for use on sensitive and proprietary codebases:

• 100% local execution. All scanning happens on your machine. No code, findings, or metadata are sent to any server.
• No accounts, no API keys, no telemetry. There is no signup, no cloud dashboard, and no usage tracking of any kind.
• One optional network call. The scan_dependencies and check_dependencies tools query the OSV API to check for known CVEs. This is opt-in -- you only call it when you explicitly use those tools. No other tool makes network requests.
• Safe for air-gapped environments. All code analysis rules run entirely offline. Only dependency vulnerability checks require network access.

Configuration (.guardviberc)

Create a .guardviberc JSON file in your project root to customize GuardVibe behavior.

Full example

{
  "rules": {
    "disable": ["VG030", "VG045"],
    "severity": {
      "VG002": "medium",
      "VG010": "low"
    }
  },
  "scan": {
    "exclude": ["fixtures/", "coverage/", "dist/", "vendor/"],
    "maxFileSize": 1048576
  },
  "plugins": [
    "guardvibe-rules-awesome",
    "./my-local-rules"
  ],
  "compliance": {
    "frameworks": ["SOC2", "HIPAA"],
    "failOn": "high",
    "exceptions": [
      {
        "ruleId": "VG030",
        "reason": "Accepted risk per security review 2026-03",
        "approvedBy": "security-team",
        "expiresAt": "2026-12-31",
        "files": ["src/legacy/**"]
      }
    ],
    "requiredControls": ["SOC2:CC6.1"]
  },
  "scoring": {
    "densityModel": "exponential"
  }
}

Configuration fields

Security

GuardVibe takes supply chain security seriously:

• npm provenance — every published version is cryptographically signed via Sigstore, linking the package to this exact GitHub repo and commit. Verify with npm audit signatures
• 2FA enabled — npm account protected with two-factor authentication
• Branch protection — force push disabled on main, admin enforcement enabled
• Tag protection — version tags (v*) cannot be deleted or force-pushed
• Minimal CI permissions — GitHub Actions workflows use permissions: contents: read only
• Minimal, fully-audited runtime dependencies — only the MCP SDK, Zod, and the TypeScript compiler (used for AST-based dataflow analysis). All three are widely-audited, zero-sub-dependency packages — no native bindings, no obscure transitive deps

To report a vulnerability, please email info@goklab.com or open a GitHub issue.

License

Apache 2.0 — open source, patent-safe, enterprise-ready. Built by GokLab.