# GlanceVibe AI Assistant Optimization Guide (llms.txt) This file provides a structured overview of the GlanceVibe ecosystem for AI Coding Assistants (Cursor, Codex, Gemini, etc.). ## About GlanceVibe GlanceVibe is a high-performance Static Application Security Testing (SAST) tool for JavaScript and TypeScript. It uses AST (Abstract Syntax Tree) patterns to detect 43+ security vulnerabilities with high precision and low false positives. ## Core Commands (glancevibecli) - `glancevibe auth --login`: Authenticate the CLI with your account. - `glancevibe scan [targets...]`: Scan the project or specific files. - `glancevibe deps`: Scan npm dependencies for known vulnerabilities. - `glancevibe history`: View scan history for the current project. - `glancevibe trends`: Visualize security trends over time. - `glancevibe status`: Check account tier and remaining scan quota. - `glancevibe list-rules`: List all active security rules. - `glancevibe explain `: Get detailed information and fix examples for a rule (e.g., `GV-001`). ## Security Rules Reference (43+ Rules) | ID | Name | Severity | Category | Tier | | :--- | :--- | :--- | :--- | :--- | | GV-001 | SQL Injection | CRITICAL | Injection | Base | | GV-002 | Command Injection | CRITICAL | Injection | Base | | GV-003 | Dangerous Eval | CRITICAL | Injection | Base | | GV-004 | SSRF | CRITICAL | Injection | Premium | | GV-005 | NoSQL Injection | CRITICAL | Injection | Premium | | GV-006 | Unsafe Deserialization | CRITICAL | Injection | Premium | | GV-007 | JWT Algorithm None | CRITICAL | Auth | Premium | | GV-008 | Cross-Site Scripting (XSS) | HIGH | XSS | Base | | GV-009 | Hardcoded Secrets | HIGH | Secrets | Base | | GV-010 | Path Traversal | HIGH | Injection | Base | | GV-011 | Prototype Pollution | HIGH | Injection | Premium | | GV-012 | Weak Cryptography | HIGH | Crypto | Premium | | GV-013 | Missing Input Sanitization| MEDIUM | Validation | Premium | | GV-014 | Sensitive Data in Storage | HIGH | Storage | Premium | | GV-015 | Unrestricted File Upload | HIGH | Upload | Premium | | GV-016 | Missing Auth Middleware | HIGH | Auth | Premium | | GV-017 | Missing CSRF Protection | HIGH | Auth | Premium | | GV-018 | Client-side Only Auth | HIGH | Auth | Premium | | GV-019 | Insecure Randomness | HIGH | Crypto | Premium | | GV-020 | Prompt Injection | HIGH | LLM | Premium | | GV-021 | Vulnerable Dependencies | MEDIUM | Deps | Base | | GV-022 | Open Redirect | MEDIUM | Redirect | Premium | | GV-023 | ReDoS | MEDIUM | Regex | Premium | | GV-024 | Sensitive Data Logging | MEDIUM | Logging | Premium | | GV-025 | CORS Misconfiguration | MEDIUM | Cors | Premium | | GV-026 | Insecure Cookies | MEDIUM | Cookies | Premium | | GV-027 | Missing Error Handling | MEDIUM | Error | Premium | | GV-028 | Timing Attack | MEDIUM | Crypto | Premium | | GV-029 | Missing Security Headers | MEDIUM | Headers | Premium | | GV-030 | Sensitive Files Exposed | MEDIUM | Gitignore | Base | | GV-031 | Debug Endpoints | MEDIUM | Debug | Premium | | GV-032 | No Rate Limiting | MEDIUM | Ratelimit | Premium | | GV-033 | Verbose Error Messages | MEDIUM | Error | Premium | | GV-034 | Host Header Injection | MEDIUM | Injection | Premium | | GV-035 | Quantity Not Validated | MEDIUM | Validation | Premium | | GV-036 | System Prompt Leakage | HIGH | LLM | Base | | GV-037 | Unsafe URL Schemes | HIGH | XSS | Base | | GV-038 | Unsafe postMessage Origin | HIGH | Web | Base | | GV-040 | GraphQL Introspection | MEDIUM | API | Premium | | GV-041 | GraphQL Query DoS | MEDIUM | API | Premium | | GV-042 | Mass Assignment | HIGH | Validation | Premium | | GV-046 | IDOR Pattern | HIGH | Auth | Premium | | GV-047 | In-Memory Rate Limiting | LOW | Ratelimit | Premium | ## AI Assistant Usage Instructions When an AI assistant needs to scan a project for security issues, it should: 1. Ensure `glancevibe` is installed. 2. Run `glancevibe scan --format json` to get machine-readable results. 3. Use `glancevibe explain ` to understand specific findings. 4. Apply the provided `fix.code` suggestions to the user's files.