This release adds 1 notable feature for engineering teams evaluating rollout.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryScore formula caps for critical and high severities are now applied uniformly across all entry points.
Full changelog
- Score formula consistency fix: severity caps (1+ critical → max C/60, 1+ high → max B/75) are now applied uniformly across scan-directory, check-project, and full-audit. Previously these caps only ran in check-project, so the same code could score differently depending on the entry point.
- New opt-in exponential density decay via `.guardviberc` `scoring.densityModel: "exponential"` — for projects that want resolution past density 5 (linear pegs to 0; exponential keeps single-digit scores so "kinda bad" and "catastrophic" remain distinguishable). Default stays linear, no CI threshold shifts unless explicitly enabled.
- Baseline total findings unchanged; some grades drop where the cap was previously missing on the scan-directory path. Tests 1362/1362 pass.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About goklab/guardvibe
Security MCP for vibe coding with 330 rules and 29 tools. Purpose-built for AI-generated code — scans Next.js, Supabase, Clerk, Stripe, Prisma, Hono, GraphQL, and 25+ modules. Cross-file taint analysis, host security audit, auto-fix, SARIF export, pre-commit hook, and CVE version detection. Zero config, runs locally.
Related context
Beta — feedback welcome: [email protected]