@cybedefend/vibedefend

v1.2.4

Published

a day ago

VibeDefend — one-shot installer for CybeDefend's MCP server and Claude Code / Cursor / Codex / Windsurf hooks (for AI coding agents).

Downloads

2,070

0High
0Medium
0Low

julienzammit-cybedefend

florentinledy

cybedefend vibedefend vibe-coding mcp model-context-protocol claude-code cursor codex windsurf security business-rules ai-coding-agent hooks

`@cybedefend/vibedefend`

VibeDefend — one-shot installer that connects your AI coding agent to CybeDefend. Each time the agent edits code, the right business and security rules for the change land in its context. Each time you commit work, a quick gap analysis catches the rules you never wrote down.

Install

npx -y @cybedefend/vibedefend@latest install

Works on macOS, Linux, and Windows (PowerShell, cmd, bash, zsh, fish, Git Bash — pick any). Requires Node 18.17 or later — most users already have it because Claude Code / Cursor / Codex ship with a bundled Node.

The installer is fully interactive: pick a region, pick which agents to wire (auto-detected), confirm. That's it.

Prefer a global install?

npm  install -g @cybedefend/vibedefend && vibedefend install
# or pnpm / yarn — same package

Supported agents

VibeDefend auto-detects and wires whichever of these you have installed.

| Capability | Claude Code | Cursor | OpenAI Codex | Windsurf | VS Code Copilot | |---|:---:|:---:|:---:|:---:|:---:| | MCP server install | ✅ | ✅ | ✅ | ✅ | ✅ | | Business + Security Rules (injected pre-edit) | ✅ | ✅ | ✅ | ⚠️ writes only | ✅ | | Action Guards (hard block on deny) | ✅ all tools | ✅ all tools | ✅ all tools | ⚠️ writes + MCP fallback¹ | ❌ not yet wired | | Session Start (loads doctrine + proposals inbox) | ✅ | ✅ | ✅ | ⚠️ proxied² | ✅ | | Session Review (end-of-session gap analysis) | ✅ | ✅ | ✅ | ✅ | ✅ | | PreCompact (long-session gap analysis) | ✅ | ✅ | ❌ no event | ❌ no event | ✅ | | Doctrine backstop (per-prompt reminder) | ✅ | ❌ | ✱ via MCP³ | ❌ | ❌ | | Min version | latest | ≥ 1.7 | latest | latest | ≥ 1.110 |

Legend — ✅ supported · ⚠️ supported with caveats · ❌ not exposed by the agent · ✱ alternate mechanism

¹ Windsurf's pre_write_code hook hard-blocks on file writes only. For non-write tool calls (Read / Bash / WebFetch) the installer drops a snippet into .windsurfrules instructing the agent to call cybe_guards_check via MCP before sensitive actions — soft enforcement that relies on the model following its rules file.

² Windsurf has no native SessionStart event. We wire pre_user_prompt, which fires on every turn. The hook is idempotent and cheap (one GET to the proposals endpoint, returns "0 pending" once the inbox is empty), so the per-turn cost is negligible.

³ Codex follows the doctrine via the MCP server's Server.instructions field on each session, removing the need for a per-prompt reminder hook.

Codex setup gotcha: Codex 0.131+ requires you to approve each hook via the /hooks panel inside Codex before they fire. After running vibedefend install, open Codex, run /hooks, and trust the cybedefend entries — until you do that the panel will show Installed N / Active 0.

Unchecked agents stay untouched. Re-run vibedefend install later to toggle any on or off.

Commands

vibedefend install            Set up MCP + hooks (interactive)
vibedefend update             Refresh hooks to the latest version
vibedefend update --self      Upgrade the CLI itself
vibedefend status             Read-only install report
vibedefend doctor             Diagnose and repair common issues
vibedefend login              (Re-)authenticate against the CybeDefend API
vibedefend uninstall          Remove every VibeDefend-installed file
vibedefend --help             Full help

After install you have one tiny file to drop in each repo you want monitored — a .cybedefend/config.json with your project UUID:

{ "projectId": "<your-cybedefend-project-uuid>" }

You can grab the UUID from the project page on the EU dashboard (eu.cybedefend.com) or the US dashboard (us.cybedefend.com).

Updating

At install you're asked "Enable automatic background updates? (recommended)". Leave it on and you never have to update by hand: the SessionStart hook checks npm at most once a day and, when a newer version is out, upgrades @cybedefend/vibedefend in the background — the next session picks it up via the self-resolving runner shim. Opt out (or pin a version / locked-down env) and you instead get a one-line nudge.

To update manually at any time:

vibedefend update     # upgrades the binary if newer, then refreshes hooks

(vibedefend update --self upgrades only the binary, without touching hooks.)

One-time bootstrap for installs older than 1.2.0: those versions shipped a frozen copy of the hook runner with no update logic, so vibedefend update alone cannot upgrade the binary — do it explicitly first:

npm i -g @cybedefend/vibedefend@latest   # or: vibedefend update --self
vibedefend update                         # render the self-resolving shim

After that, updates are hands-off (or one vibedefend update) as above.

Uninstalling

vibedefend uninstall
# Then drop the global package if you installed it:
npm uninstall -g @cybedefend/vibedefend

Sibling: `cybedefend-cli`

cybedefend-cli is the platform CLI (scan, list vulnerabilities, manage projects from your terminal or CI). VibeDefend handles the AI-agent integration side; the two are complementary and unaware of each other.

Documentation

Full documentation, configuration reference, and troubleshooting at docs.cybedefend.com.

Support

Bug reports / feature requests: [email protected]
Email: [email protected]
Status: status.cybedefend.com

Published

Vulnerabilities

Links

Maintainers

Keywords

Readme