@vibecheckai/cli

v3.3.0

Published

3 hours ago

Vibecheck CLI - Ship with confidence. One verdict: SHIP | WARN | BLOCK.

0High
0Medium
0Low

vibecheckai

vibecheck security cli scanning vulnerabilities secrets sbom osv cve devsecops sast supply-chain

vibecheck CLI v3.1.8

Ship with confidence. One verdict: SHIP | WARN | BLOCK

The CLI that catches AI hallucinations before they ship. Dead routes, fake data, missing auth, exposed secrets — vibecheck blocks it all in CI.

Installation

npm install -g @vibecheckai/cli
# or
npx @vibecheckai/cli ship

Quick Start

# 1. Setup your project
vibecheck init --local

# 2. Scan for issues
vibecheck scan

# 3. Get ship verdict
vibecheck ship

# 4. Full proof loop (PRO tier)
vibecheck prove

# 5. Runtime verification
vibecheck reality --url http://localhost:3000

Commands

Setup Commands

| Command | Tier | Description | |---------|------|-------------| | vibecheck init | FREE | Project setup (--local or --connect) | | vibecheck doctor | FREE | Environment diagnostics | | vibecheck watch | FREE | Continuous mode - re-runs on changes |

Proof Loop

| Command | Tier | Description | |---------|------|-------------| | vibecheck scan | FREE | Static analysis - routes, secrets, contracts | | vibecheck ship | FREE | Verdict engine - SHIP / WARN / BLOCK | | vibecheck reality | FREE* | Browser-based runtime verification | | vibecheck prove | PRO | Full loop: scan → reality → ship → fix | | vibecheck fix | FREE* | AI-powered auto-fix (plan-only on FREE) | | vibecheck report | FREE | Generate HTML/MD/SARIF reports |

Quality & Checkpoints

| Command | Tier | Description | |---------|------|-------------| | vibecheck polish | FREE | Production polish analyzer (0-100 score) | | vibecheck checkpoint | FREE* | Compare baseline vs current, hallucination scoring |

Truth System (AI Guardrails)

| Command | Tier | Description | |---------|------|-------------| | vibecheck context | FREE | Generate .cursorrules, .windsurf/rules, MDC | | vibecheck guard | FREE | Validate AI claims against truth |

Automation

| Command | Tier | Description | |---------|------|-------------| | vibecheck mcp | STARTER | Start MCP server for AI IDEs | | vibecheck ai-test | PRO | AI autonomous test |

Account

| Command | Tier | Description | |---------|------|-------------| | vibecheck login | FREE | Authenticate with API key | | vibecheck logout | FREE | Remove stored credentials | | vibecheck whoami | FREE | Show current user and plan |

*Commands marked with * have limited functionality on FREE tier

Pricing

| Tier | Price | Features | |------|-------|----------| | FREE | $0 | init --local, scan, ship (static), doctor, polish, report (HTML/MD), context, guard, checkpoint (basic) | | STARTER | $39/mo | + init --connect, scan --autofix, report (SARIF/CSV), mcp, reality (basic) | | PRO | $99/mo | + prove, fix --apply, checkpoint (hallucination), reality (advanced), ai-test |

What It Catches

Dead Routes - Client calls API that doesn't exist → BLOCK
Ghost Auth - Sensitive endpoint without auth → BLOCK
Exposed Secrets - API keys in code → BLOCK
Fake Success - Success UI without API confirmation → BLOCK
Env Gaps - Used env vars not in .env.example → WARN
Stripe Violations - Unverified webhooks → BLOCK
Owner Mode Bypass - Debug flags in production → BLOCK

Ship Verdict

╔═════════════════════════════════════════════════════════════════╗
║  🟢  SHIP IT!  Your code is production-ready.                   ║
╚═════════════════════════════════════════════════════════════════╝

Exit codes: 0 = SHIP, 1 = WARN, 2 = BLOCK, 3 = Feature not allowed, 4 = Unknown command

MCP Server

Connect vibecheck to AI coding agents (Cursor, Windsurf, Claude):

{
  "mcpServers": {
    "vibecheck": {
      "command": "npx",
      "args": ["@vibecheckai/cli", "mcp"]
    }
  }
}

Configuration

Create .vibecheck/config.json:

{
  "strict": false,
  "fastifyEntry": "src/server.ts",
  "exclude": ["**/test/**", "**/*.spec.ts"]
}

License

Documentation · Discord · GitHub