io.github.goklab/guardvibe

MCPcommunity
v3.19.0io.github.goklabUnknownUpdated 22d agonpmGitHub

Deterministic security layer your AI can't be. 442 rules, 38 tools, CLI + doctor + host audit.

Security infrastructure your AI can't be. No matter how good your coding agent gets, it can't know the CVE published after its training cutoff, it can't deterministically guarantee the same check every run, it can't hold your whole repo in context, and it can't objectively review its own code. GuardVibe does all four — the deterministic, post-cutoff-current, whole-repo, author-independent…

Automatically indexed from public sources. Not yet verified by the developer on Forge.Claim this listing →
22d agoLast update
Package
Authorio.github.goklab
LicenseUnknown
Version3.19.0
Sourcemcp-registry
Trust Status
A
95/100Trusted
Listed in Forge index+10/10
Publisher identity verified+0/25
Publisher: run `forge publish` from the package repo to claim ownership
Ed25519 publish signature+0/10
Included automatically when the publisher runs `forge publish`
Domain verification+0/5
Publisher: host /.well-known/forge.json on the package homepage with { "publisher": "<github-login>" }
CVE scan · clean+30/30
Static analysis · clean+20/20
npm provenance (Sigstore)+5/5
Paste into Claude Code, Cursor, or any AI assistant to fix all gaps
StatusCommunity-indexed
PublisherUnverified
SignatureUnsigned
Domain
Provenance✓ Sigstore-verified · cf01cb4
Dependencies60 resolved+ · none vulnerable
Tool surface40 tools · 1 privileged
Security scan✓ Cleanv3.19.0 · 20d ago
EvalsNone
IndexedJun 13, 2026

Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.

About

Security infrastructure your AI can't be. No matter how good your coding agent gets, it can't know the CVE published after its training cutoff, it can't deterministically guarantee the same check every run, it can't hold your whole repo in context, and it can't objectively review its own code. GuardVibe does all four — the deterministic, post-cutoff-current, whole-repo, author-independent verification layer for AI-written code. 🗓️ Knows what your AI doesn't. CVE rules refreshed daily from GHSA…

Keywords
mcp