@maiife-ai-pub/vibecop
v0.1.3
Published
AI-native code quality CLI — catch architectural antipatterns introduced by AI coding tools
Maintainers
Readme
vibecop
AI-native code quality CLI — catch architectural antipatterns introduced by AI coding tools.
vibecop catches the patterns that traditional linters miss: reinvented stdlib utilities, hardcoded LLM model versions, N+1 queries, god functions, and known CVEs.
Install
npm install -g @maiife-ai-pub/vibecop
# or run without install
npx @maiife-ai-pub/vibecop scan .Commands
vibecop scan [path]
Scan a directory for issues.
vibecop scan . # scan current directory
vibecop scan src/ --severity P2 # only P2 and above
vibecop scan . --format json # structured JSON output
vibecop scan . --format agent # AI-agent-optimised JSON (for hooks)Options:
--format <terminal|json|agent>— output format (default: terminal)--severity <P1|P2|P3|P4>— minimum severity to report (default: P4)--exit-zero— always exit 0 even with findings
vibecop init
Auto-detect your AI coding environment and install hooks.
vibecop init # interactive
vibecop init --yes # skip confirmationSupported environments: Claude Code, Cursor, Aider, Windsurf
vibecop serve
Start an MCP server (stdio transport) for use with Claude Code, Continue.dev, Amazon Q, or any MCP-compatible tool.
vibecop serveMCP tools exposed:
vibecop_scan— scan a directoryvibecop_check— scan a single filevibecop_explain— explain a finding rule
What it detects
| Category | Rule | Severity | |---|---|---| | Security | Known CVE in dependency | P1–P2 | | Security | Hardcoded secrets (API keys, passwords, tokens) | P1 | | Security | SQL injection, XSS, eval(), path traversal | P2 | | Infrastructure | Dockerfile running as root | P2 | | Quality | N+1 database/API query in loop | P2 | | Quality | God function (>80 lines) | P3 | | Quality | Hardcoded LLM model version | P3 | | Quality | Reinvented stdlib (structuredClone, crypto.randomUUID, etc.) | P3–P4 |
Claude Code hook setup (manual)
Add to ~/.claude/settings.json:
{
"hooks": {
"PostToolUse": [
{
"matcher": "Write|Edit|MultiEdit",
"hooks": [
{ "type": "command", "command": "vibecop scan --agent ." }
]
}
]
}
}Or run vibecop init to set this up automatically.
Full architecture review
vibecop provides a hygiene score (deterministic, offline). For the full Architecture Integrity Index (0–100, AI-native detectors, Judge narrative, trends dashboard), see vibecop.maiife.ai.
License
Apache-2.0
