@veris.works/vibecodecheck
v1.0.3
Published
Pre-launch site check for vibe-coded MVPs — SEO, AEO, GEO, AI crawler, security in one scan
Maintainers
Readme
vibecodecheck
Vibe-coded MVPs ship fast. Search engines and AI crawlers still need robots.txt, llms.txt, sitemap, security headers, and correct bot policies.
vibecodecheck scans a public URL for launch blockers across search, AI crawler access, answer-engine files, and safety boundaries.
One command. Structured evidence. Safer agent and launch workflows.
One-line result
vibecodecheck = pre-launch readiness check for search engines + AI crawlers + securityWhy this exists
Every MVP goes through the same painful cycle:
Problem What breaks
robots.txt missing Sitemap directive Bing misses your content
HEAD / returns 405 Bing crawler stops indexing
llms.txt missing Claude, ChatGPT cannot cite your content
GPTBot blocked ChatGPT never learns your site exists
.env exposed at /.env Credentials leak to anyone who looks
security.txt missing Security researchers cannot contact youThese are not hard to fix — but they are invisible until something breaks. vibecodecheck catches them before launch.
What it checks
Category Checks Max Score
─────────────────────────────────────────────────────────────────────────────────
Discoverability robots.txt, sitemap.xml, RSS/Atom feed 25
AI Crawler Access 13 crawler user agents: ClaudeBot, GPTBot, 25
ChatGPT-User, OAI-SearchBot, PerplexityBot,
Google-Extended, GrokBot, BraveBot, Amazonbot,
Bytespider, cohere-ai, meta-externalagent, Applebot
Answer Engine llms.txt, llms-full.txt, Schema.org JSON-LD, 20
Content AEO schema types, og:title, og:description
Technical SEO HTTPS, HEAD compatibility (Bing), security 15
headers, title/description, canonical, viewport,
og:image, twitter:card, noindex detection
Safety Boundary .env, .git/config, /admin, /graphql, OpenAPI/Swagger 15
exposure checks, bundle secret scan, security.txt
─────────────────────────────────────────────────────────────────────────────────
Total 100Usage
CLI
npx --yes [email protected]/vibecodecheck vibecodecheck https://your-mvp.com# Save markdown report
npx --yes [email protected]/vibecodecheck vibecodecheck https://your-mvp.com --md
# Save to specific file
npx --yes [email protected]/vibecodecheck vibecodecheck https://your-mvp.com --out=report.md
# JSON output (for CI pipelines)
npx --yes [email protected]/vibecodecheck vibecodecheck https://your-mvp.com --json
# CI gate — exit 1 if score < 70
npx --yes [email protected]/vibecodecheck vibecodecheck https://your-mvp.com --ci --min-score=70
# Generate missing files (robots.txt, llms.txt, security.txt) into ./public
npx --yes [email protected]/vibecodecheck vibecodecheck-fix https://your-mvp.com --out=public
# Dry-run: show what would be written without writing
npx --yes [email protected]/vibecodecheck vibecodecheck-fix https://your-mvp.com --dry-runExit code 1 when score < threshold. Default threshold: 40. Use --ci --min-score=N to set a custom gate.
MCP — Claude Desktop
Add to claude_desktop_config.json:
{
"mcpServers": {
"vibecodecheck": {
"command": "npx",
"args": ["--yes", "[email protected]/vibecodecheck", "vibecodecheck-mcp"]
}
}
}Then ask Claude: "Check if my site is ready to launch" — Claude calls check_site(url) and explains each finding.
MCP — Remote / Cloud Agents (codex-hermes, etc.)
npx --yes [email protected]/vibecodecheck vibecodecheck-mcp --port=3000Connect any MCP-compatible agent to http://localhost:3000. Uses StreamableHTTP transport.
Example output
VibecodeCheck scanning https://your-mvp.com ...
VibecodeCheck
https://your-mvp.com
Score: 83/100 B — mostly ready
Discoverability ██████████ 25/25
AI Crawler Access ██████████ 24/25
Answer Engine Content ████░░░░░░ 8/20
Technical SEO ██████████ 15/15
Safety Boundary ███████░░░ 11/15
❌ Issues (4)
• No Schema.org JSON-LD found
• FAQPage schema missing
• Article schema missing
• security.txt not found
⚠️ Warnings (1)
• llms-full.txt not found (optional)Score grades
90–100 A — launch ready
75–89 B — mostly ready
60–74 C — needs work
40–59 D — significant gaps
0–39 F — not ready to launchPractical scenarios
Before launch — catch the silent blockers
npx --yes [email protected]/vibecodecheck vibecodecheck https://my-mvp.comCatches missing llms.txt, blocked AI bots, no sitemap, exposed .env paths — before users or search engines notice.
In CI — gate on score
- name: Vibecodecheck
run: npx --yes [email protected]/vibecodecheck vibecodecheck https://staging.my-mvp.com --json
# exits 1 if score < 40With Claude Desktop — get fix instructions
Ask Claude: "Run vibecodecheck on https://my-mvp.com and tell me what to fix first."
Claude runs the audit and returns prioritized fix steps with explanations.
Architecture
vibecodecheck/
├── bin/vibecodecheck.js ← CLI entry (npx --yes [email protected]/vibecodecheck vibecodecheck)
├── mcp/server.js ← MCP server: stdio + HTTP (npx --yes [email protected]/vibecodecheck vibecodecheck-mcp)
├── src/
│ ├── audit.js ← orchestrator (parallel Promise.allSettled)
│ ├── checks/ ← 10 independent check modules
│ │ ├── aiBots.js ← 13 AI crawlers, UA simulation
│ │ ├── feed.js ← RSS/Atom feed detection
│ │ ├── headers.js ← HTTPS, HEAD, security headers
│ │ ├── llms.js ← llms.txt + llms-full.txt
│ │ ├── robots.js ← robots.txt + Sitemap directive
│ │ ├── schema.js ← Schema.org JSON-LD + OG tags
│ │ ├── securityTxt.js ← /.well-known/security.txt
│ │ ├── sensitivePaths.js ← .env, .git, /admin exposure
│ │ ├── seoMeta.js ← title, meta description, canonical, viewport
│ │ └── sitemap.js ← sitemap.xml / sitemap_index.xml
│ ├── reporters/
│ │ └── markdown.js ← console + markdown output
│ └── utils/
│ └── fetch.js ← fetchWithTimeout (10s, AbortController)Security boundary
- All fetch calls have a 10-second timeout (AbortController)
--out=restricted to current directory (no path traversal)- Localhost/private IP scans emit a warning
- No data is sent to any external service — all checks run client-side
Requirements
Node.js 18+
License
MIT — veris · [email protected]
