Security infrastructure
your AI can't be
The security MCP for vibe coding. It catches the CVE published after your model's cutoff, runs deterministically, sees your whole repo, and reviews what your AI can't. 450 rules, zero setup, 100% local.
Four gaps that don't close as models improve
“More rules” was never the moat — a strong model already knows most security rules by heart. What it can't do is be deterministic, know the CVE published after its cutoff, hold your whole repo in context, or objectively review the code it just wrote. Those four gaps are structural. GuardVibe fills them.
Knows what your AI doesn't
CVE rules refreshed daily from GHSA / OSV.dev / CISA KEV — GuardVibe flags vulnerable dependencies published after your model's training cutoff. 77 CVE rules, daily triage.
post-cutoff currentDeterministic, not probabilistic
Same code = same result, every run (content-hashed). Your AI guesses; GuardVibe doesn't. full_audit returns a deterministic result hash you can diff in CI.
deterministicSees the whole repo
Cross-file taint analysis + auth-coverage across every route — catches the unprotected endpoint your agent's narrow context missed.
whole-repo awareAn independent second pair of eyes
The thing that wrote the code can't review itself. GuardVibe is the outside checker on AI-written code — in the loop while your AI codes, not after.
author-independentSecurity that starts before the first line of code
Every scanner on earth acts after the code exists. secure_prompt acts before: it reads the coding prompt itself, detects the stack and attack surfaces it implies, and embeds severity-ranked security requirements into the prompt your AI executes. The vulnerability is prevented, not caught — deterministic, zero LLM calls.
add login to my appAdd login to my app, with these
security requirements:
- [VG001] Use env vars or a secrets
manager — never hardcode credentials.
- [VG1008] Verify admin privileges before
allowing role elevation.
- [VG105] Specify allowed algorithms
explicitly in jwt.verify().
Before implementing, confirm: which
framework/stack, and which auth provider?Already specific and security-aware → passes through untouched. Do no harm first.
Intent is clear but constraints are missing → inject requirements only.
Vague and security-relevant → inject requirements + surface clarifying questions.
Why we built GuardVibe
We're GokLab. We've been vibe coding for over a year — shipping real products with Claude Code, Cursor, and other AI agents.
In that time, we noticed a pattern: every project we scanned had recurring security holes. Hardcoded keys. Broken auth flows. Missing input validation. SQL injection patterns the AI kept regenerating in slightly different forms. Generic SAST tools didn't catch them — they were built for traditional codebases, not for the way AI agents actually write code.
So we built GuardVibe. Stack-aware rules. MCP-native, so it works with any AI agent — not locked to one platform. 100% local, no accounts, no API keys.
Then a coding agent was compromised in a supply-chain incident. People started asking:
“How do I trust the code my AI just wrote?”
GuardVibe was already there.
32K+ organic installs and counting. Zero marketing. Zero tweets. Just developers searching npm for “vibe coding security” and finding it.
This is the security layer vibe coding needed. Built by a team that lives the problem every day.
$ npm stats guardvibe
total dl 31,896
last 30d 10,508
marketing 0
accounts req 0
→ ~350 organic installs/dayTimeline
- 1 yr+started vibe coding daily
- earlynoticed AI regenerates the same vulns
- v1first GuardVibe release shipped
- incidentcoding-agent supply-chain compromise — demand spiked
- nowv3.25.0, 32K+ installs, 450 rules
From the prompt to production
Install
30 secondsPick your platform. No accounts, no API keys, no config files.
Secure the prompt
shift leftsecure_prompt analyzes the task before code is written and embeds security requirements into the prompt your AI executes. Vulnerabilities prevented, not caught.
// secure_prompt → LIGHT_MOD (3 requirements added)Code with AI
you write codeWrite code with your AI assistant as usual. Claude Code, Cursor, Gemini CLI, VS Code, Codex, or Windsurf — your choice.
// Your AI assistant writes code as usualAuto-scan
backgroundGuardVibe scans every file in the background via real-time edit hooks. No manual triggers — your agent calls the tools for you.
// GuardVibe: scanning 47 files...Fix & ship
grade AFindings surface with severity, location, and auto-fix patches. secure_this applies only fixes that verifiably land. Pre-commit + CI gate the rest.
Grade: A (97/100) — 0 vulnerabilitiesEverything you need for secure AI development
Shift-Left Prompt Security
secure_prompt embeds severity-ranked security requirements into the coding prompt before your AI writes a line. Deterministic, zero LLM calls — and it leaves already-secure prompts untouched.
MCP-Native
Runs inside your AI agent via Model Context Protocol. No separate tool, no context switching — 39 security tools your agent calls automatically.
Auto-Fix & Close the Loop
fix_code returns concrete patches; secure_this applies only the fixes that re-verify clean, rolling back any that regress — and returns a definition-of-done gate.
Daily CVE Intelligence
77 CVE rules refreshed every day from GHSA / OSV.dev / CISA KEV. Catches vulnerable dependency versions published after your model's training cutoff.
Stack-Aware
450 rules across 25 modules covering Next.js, Supabase, Clerk, Stripe, Prisma, Drizzle, tRPC, Hono, GraphQL, Convex, Turso, and more.
LLM-Powered Deep Scan
deep_scan finds IDOR, business-logic flaws, race conditions, and auth bypass. Defaults to Claude Haiku 4.5 (~cents/scan); pass model: 'sonnet' for deeper analysis.
Slopsquat Detection
scan_hallucinated_packages flags AI-invented phantom imports and typosquats fully offline, with an opt-in npm-registry truth tier — the seam commodity SCA can't see.
Auth Coverage Map
auth_coverage enumerates routes, parses middleware matchers, detects auth guards, and reports coverage % — surfacing the unprotected endpoint your agent missed.
Deterministic full_audit
One call runs every check and returns a PASS/FAIL/WARN verdict, score, coverage %, and a deterministic result hash you can diff across runs and gate CI on.
Pre-Commit & Diff-Aware
Block insecure code before it enters your repo. Staged scans are diff-aware — they gate on newly-added lines, not your whole legacy codebase.
CI/CD Ready
SARIF v2.1.0 export to the GitHub Security tab. Generate a scan workflow — or a diff-aware PR review that posts inline comments — with one command.
AI Host Security (doctor)
guardvibe doctor audits your IDE/MCP config for CVE-2025-59536 (hook injection) and CVE-2026-21852 (base-URL key exfiltration) across Claude, Cursor, VS Code, Gemini, and Windsurf.
Compliance Mapping
Map findings to SOC2, PCI-DSS, HIPAA, GDPR, ISO27001, and EU AI Act controls. Helps identify code issues relevant to compliance — not a substitute for professional audits.
Cross-File Taint Analysis
Track tainted data from user input to dangerous sinks across module boundaries, with sanitizer recognition (DOMPurify, escape functions, parameterized queries) to cut noise.
OWASP MCP Top 10
Detects tool-description prompt injection, model-controlled sandbox-disable flags (dangerouslyDisableSandbox), excessive AI agency, and indirect prompt injection via external data.
Plugin System
Extend GuardVibe with custom or community rule packs. Anything matching guardvibe-rules-* is discovered automatically.
Security Dashboard
security_stats tracks cumulative scans, fix rate, and grade trend over time. All data stored locally — no account, no cloud.
Inline Suppress
Per-line // guardvibe-ignore VG001 silences an accepted finding without disabling the rule project-wide. Audited and reviewable.
Stack-aware security rules
Dedicated rules for every framework and service in your stack. Not generic linting — real security patterns.
See it in action
Real scan output from a Next.js + Supabase project. Findings categorized by severity, with a deterministic result hash.
Works with every AI agent
One command to set up. GuardVibe registers as an MCP server and your AI agent gets 39 security tools automatically.
Registers as MCP server in Claude Code settings
Not your typical scanner
| Feature | GuardVibe | SAST Tools | Dep Scanners |
|---|---|---|---|
| Acts before code is written (shift-left) | |||
| Scans during development | |||
| MCP-native (AI agent integration) | |||
| CLI + MCP dual interface | |||
| Stack-specific rules (450) | |||
| Auto-fix + verified close-the-loop | |||
| Zero configuration | |||
| Slopsquat / hallucinated-package detection | |||
| LLM-powered deep scan (IDOR, logic) | |||
| Cross-file taint analysis | |||
| Auth coverage mapping | |||
| CI/CD integration | |||
| Compliance mapping (SOC2, GDPR, ...) | |||
| 100% local execution | |||
| CVE intelligence refreshed daily | |||
| AI host security audit (doctor) | |||
| Deterministic results (hash) |
GuardVibe fills the AI-coding gap — it isn't a replacement for deep enterprise AST analysis or org-wide policy platforms. Use both.
Catch real vulnerabilities
GuardVibe detects stack-specific security issues that generic linters miss.
// api/users/route.ts
export async function GET(req: Request) {
const { searchParams } = new URL(req.url);
const id = searchParams.get("id");
// SQL Injection — user input directly
// interpolated in query string
const user = await db.query(
`SELECT * FROM users WHERE id = '${id}'`
);
// XSS — unsanitized data in response
return new Response(
`<h1>${user.name}</h1>`
);
}// api/users/route.ts
export async function GET(req: Request) {
const { searchParams } = new URL(req.url);
const id = searchParams.get("id");
// Parameterized query prevents
// SQL injection
const user = await db.query(
"SELECT * FROM users WHERE id = $1",
[id]
);
// Return JSON instead of raw HTML
return Response.json({
name: user.name,
});
}GuardVibe scans itself
We run GuardVibe on its own codebase. GuardVibe caught a HIGH severity ReDoS vulnerability in its own policy-check.ts — a regex injection risk that was missed during code review.
$ guardvibe scan_directory src/
Files scanned: 64
Scan duration: 102ms
Grade: B (89/100)
[HIGH] ReDoS via User-Controlled RegExp (VG107)
File: src/tools/policy-check.ts:47
Fix: escape regex metacharacters before passing to RegExp constructorThe vulnerability was fixed in the same session. This is exactly the workflow GuardVibe enables: catch what humans miss, fix before it ships.
Open source. Always.
Apache 2.0 licensed. npm provenance verified. Only 3 dependencies.
Built by GokLab for the vibecoding community.
Search for "guardvibe" on the Gemini CLI Extensions page to find us.