This release includes 3 breaking changes for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryTruncated scan_directory output to max 50 findings and removed fixCode for large projects.
Full changelog
v2.9.2 — MCP Output Truncation
Büyük projelerde scan_directory çıktısının Claude Code token limitini aşması sorununu düzeltti.
Problem
343K+ karakter çıktı → "exceeds maximum allowed tokens" hatası → tool sonucu tamamen kayboluyordu.
Çözüm
- scan_directory JSON: Max 50 finding (severity sıralı),
fixCodekaldırıldı - scan_directory Markdown: Max 30 detaylı finding,
descriptionvefixCodekaldırıldı - check_project: Max 30 detaylı finding
- compliance_report: Max 50 finding
- Tüm truncated çıktılarda
scan_fileyönlendirmesi var
Özet (grade, score, severity count, top 5 action items) her zaman tam döner — sadece per-finding detay kısılıyor.
334 rules, 31 tools, 23 CVEs
Breaking Changes
- `scan_directory` JSON now limited to max 50 findings (severity‑sorted) and removes `fixCode` field
- `scan_directory` Markdown now limited to max 30 detailed findings and removes `description` and `fixCode` fields
- `check_project` output limited to max 30 detailed findings
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About goklab/guardvibe
Security MCP for vibe coding with 330 rules and 29 tools. Purpose-built for AI-generated code — scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 25+ modules. Cross-file taint analysis, host security audit, auto-fix, SARIF export, pre-commit hook, and CVE version detection. Zero config, runs locally.
Related context
Beta — feedback welcome: [email protected]