GuardVibe
v3.25.0 · 450 rules · 39 tools

Security infrastructure
your AI can't be

The security MCP for vibe coding. It catches the CVE published after your model's cutoff, runs deterministically, sees your whole repo, and reviews what your AI can't. 450 rules, zero setup, 100% local.

$npx guardvibe init
32K+ installsApache-2.0 licensed100% local
Why a tool, when your AI is so good?

Four gaps that don't close as models improve

“More rules” was never the moat — a strong model already knows most security rules by heart. What it can't do is be deterministic, know the CVE published after its cutoff, hold your whole repo in context, or objectively review the code it just wrote. Those four gaps are structural. GuardVibe fills them.

Knows what your AI doesn't

CVE rules refreshed daily from GHSA / OSV.dev / CISA KEV — GuardVibe flags vulnerable dependencies published after your model's training cutoff. 77 CVE rules, daily triage.

post-cutoff current

Deterministic, not probabilistic

Same code = same result, every run (content-hashed). Your AI guesses; GuardVibe doesn't. full_audit returns a deterministic result hash you can diff in CI.

deterministic

Sees the whole repo

Cross-file taint analysis + auth-coverage across every route — catches the unprotected endpoint your agent's narrow context missed.

whole-repo aware

An independent second pair of eyes

The thing that wrote the code can't review itself. GuardVibe is the outside checker on AI-written code — in the loop while your AI codes, not after.

author-independent
New — Shift Left

Security that starts before the first line of code

Every scanner on earth acts after the code exists. secure_prompt acts before: it reads the coding prompt itself, detects the stack and attack surfaces it implies, and embeds severity-ranked security requirements into the prompt your AI executes. The vulnerability is prevented, not caught — deterministic, zero LLM calls.

What the user typed
add login to my app
What the AI executes
Add login to my app, with these
security requirements:
- [VG001] Use env vars or a secrets
  manager — never hardcode credentials.
- [VG1008] Verify admin privileges before
  allowing role elevation.
- [VG105] Specify allowed algorithms
  explicitly in jwt.verify().

Before implementing, confirm: which
framework/stack, and which auth provider?
NO_MOD

Already specific and security-aware → passes through untouched. Do no harm first.

LIGHT_MOD

Intent is clear but constraints are missing → inject requirements only.

HEAVY_MOD

Vague and security-relevant → inject requirements + surface clarifying questions.

Origin Story

Why we built GuardVibe

We're GokLab. We've been vibe coding for over a year — shipping real products with Claude Code, Cursor, and other AI agents.

In that time, we noticed a pattern: every project we scanned had recurring security holes. Hardcoded keys. Broken auth flows. Missing input validation. SQL injection patterns the AI kept regenerating in slightly different forms. Generic SAST tools didn't catch them — they were built for traditional codebases, not for the way AI agents actually write code.

So we built GuardVibe. Stack-aware rules. MCP-native, so it works with any AI agent — not locked to one platform. 100% local, no accounts, no API keys.

Then a coding agent was compromised in a supply-chain incident. People started asking:

“How do I trust the code my AI just wrote?”

GuardVibe was already there.

32K+ organic installs and counting. Zero marketing. Zero tweets. Just developers searching npm for “vibe coding security” and finding it.

This is the security layer vibe coding needed. Built by a team that lives the problem every day.

— GokLab@goklab_com
Star on GitHub
npm-stats
$ npm stats guardvibe

  total dl       31,896
  last 30d       10,508
  marketing      0
  accounts req   0

→ ~350 organic installs/day

Timeline

  1. 1 yr+started vibe coding daily
  2. earlynoticed AI regenerates the same vulns
  3. v1first GuardVibe release shipped
  4. incidentcoding-agent supply-chain compromise — demand spiked
  5. nowv3.25.0, 32K+ installs, 450 rules
450
Security Rules
39
MCP Tools
68
AI-Native Rules
77
CVEs (daily)
25
Rule Modules
0
Config Required
How it works

From the prompt to production

01

Install

30 seconds

Pick your platform. No accounts, no API keys, no config files.

$npx guardvibe init claude
02

Secure the prompt

shift left

secure_prompt analyzes the task before code is written and embeds security requirements into the prompt your AI executes. Vulnerabilities prevented, not caught.

// secure_prompt → LIGHT_MOD (3 requirements added)
03

Code with AI

you write code

Write code with your AI assistant as usual. Claude Code, Cursor, Gemini CLI, VS Code, Codex, or Windsurf — your choice.

// Your AI assistant writes code as usual
04

Auto-scan

background

GuardVibe scans every file in the background via real-time edit hooks. No manual triggers — your agent calls the tools for you.

// GuardVibe: scanning 47 files...
05

Fix & ship

grade A

Findings surface with severity, location, and auto-fix patches. secure_this applies only fixes that verifiably land. Pre-commit + CI gate the rest.

Grade: A (97/100) — 0 vulnerabilities
Features

Everything you need for secure AI development

Shift-Left Prompt Security

secure_prompt embeds severity-ranked security requirements into the coding prompt before your AI writes a line. Deterministic, zero LLM calls — and it leaves already-secure prompts untouched.

MCP-Native

Runs inside your AI agent via Model Context Protocol. No separate tool, no context switching — 39 security tools your agent calls automatically.

Auto-Fix & Close the Loop

fix_code returns concrete patches; secure_this applies only the fixes that re-verify clean, rolling back any that regress — and returns a definition-of-done gate.

Daily CVE Intelligence

77 CVE rules refreshed every day from GHSA / OSV.dev / CISA KEV. Catches vulnerable dependency versions published after your model's training cutoff.

Stack-Aware

450 rules across 25 modules covering Next.js, Supabase, Clerk, Stripe, Prisma, Drizzle, tRPC, Hono, GraphQL, Convex, Turso, and more.

LLM-Powered Deep Scan

deep_scan finds IDOR, business-logic flaws, race conditions, and auth bypass. Defaults to Claude Haiku 4.5 (~cents/scan); pass model: 'sonnet' for deeper analysis.

Slopsquat Detection

scan_hallucinated_packages flags AI-invented phantom imports and typosquats fully offline, with an opt-in npm-registry truth tier — the seam commodity SCA can't see.

Auth Coverage Map

auth_coverage enumerates routes, parses middleware matchers, detects auth guards, and reports coverage % — surfacing the unprotected endpoint your agent missed.

Deterministic full_audit

One call runs every check and returns a PASS/FAIL/WARN verdict, score, coverage %, and a deterministic result hash you can diff across runs and gate CI on.

Pre-Commit & Diff-Aware

Block insecure code before it enters your repo. Staged scans are diff-aware — they gate on newly-added lines, not your whole legacy codebase.

CI/CD Ready

SARIF v2.1.0 export to the GitHub Security tab. Generate a scan workflow — or a diff-aware PR review that posts inline comments — with one command.

AI Host Security (doctor)

guardvibe doctor audits your IDE/MCP config for CVE-2025-59536 (hook injection) and CVE-2026-21852 (base-URL key exfiltration) across Claude, Cursor, VS Code, Gemini, and Windsurf.

Compliance Mapping

Map findings to SOC2, PCI-DSS, HIPAA, GDPR, ISO27001, and EU AI Act controls. Helps identify code issues relevant to compliance — not a substitute for professional audits.

Cross-File Taint Analysis

Track tainted data from user input to dangerous sinks across module boundaries, with sanitizer recognition (DOMPurify, escape functions, parameterized queries) to cut noise.

OWASP MCP Top 10

Detects tool-description prompt injection, model-controlled sandbox-disable flags (dangerouslyDisableSandbox), excessive AI agency, and indirect prompt injection via external data.

Plugin System

Extend GuardVibe with custom or community rule packs. Anything matching guardvibe-rules-* is discovered automatically.

Security Dashboard

security_stats tracks cumulative scans, fix rate, and grade trend over time. All data stored locally — no account, no cloud.

Inline Suppress

Per-line // guardvibe-ignore VG001 silences an accepted finding without disabling the rule project-wide. Audited and reviewable.

Ecosystem

Stack-aware security rules

Dedicated rules for every framework and service in your stack. Not generic linting — real security patterns.

Next.js
Supabase
Clerk
Auth.js
Stripe
Polar.sh
LemonSqueezy
Prisma
Drizzle
MikroORM
Kysely
tRPC
Hono
GraphQL
Turso
Convex
Firebase
Uploadthing
React Native
Expo
Docker
Terraform
GitHub Actions
Cloudflare
Resend
Upstash
Pinecone
PostHog
AI SDK
Live Demo

See it in action

Real scan output from a Next.js + Supabase project. Findings categorized by severity, with a deterministic result hash.

guardvibe — ~/my-project
Integrations

Works with every AI agent

One command to set up. GuardVibe registers as an MCP server and your AI agent gets 39 security tools automatically.

Registers as MCP server in Claude Code settings

$npx guardvibe init claude
Comparison

Not your typical scanner

FeatureGuardVibeSAST ToolsDep Scanners
Acts before code is written (shift-left)
Scans during development
MCP-native (AI agent integration)
CLI + MCP dual interface
Stack-specific rules (450)
Auto-fix + verified close-the-loop
Zero configuration
Slopsquat / hallucinated-package detection
LLM-powered deep scan (IDOR, logic)
Cross-file taint analysis
Auth coverage mapping
CI/CD integration
Compliance mapping (SOC2, GDPR, ...)
100% local execution
CVE intelligence refreshed daily
AI host security audit (doctor)
Deterministic results (hash)

GuardVibe fills the AI-coding gap — it isn't a replacement for deep enterprise AST analysis or org-wide policy platforms. Use both.

Before / After

Catch real vulnerabilities

GuardVibe detects stack-specific security issues that generic linters miss.

Vulnerable
// api/users/route.ts
export async function GET(req: Request) {
  const { searchParams } = new URL(req.url);
  const id = searchParams.get("id");

  // SQL Injection — user input directly
  // interpolated in query string
  const user = await db.query(
    `SELECT * FROM users WHERE id = '${id}'`
  );

  // XSS — unsanitized data in response
  return new Response(
    `<h1>${user.name}</h1>`
  );
}
Fixed by GuardVibe
// api/users/route.ts
export async function GET(req: Request) {
  const { searchParams } = new URL(req.url);
  const id = searchParams.get("id");

  // Parameterized query prevents
  // SQL injection
  const user = await db.query(
    "SELECT * FROM users WHERE id = $1",
    [id]
  );

  // Return JSON instead of raw HTML
  return Response.json({
    name: user.name,
  });
}
Dogfooding

GuardVibe scans itself

We run GuardVibe on its own codebase. GuardVibe caught a HIGH severity ReDoS vulnerability in its own policy-check.ts — a regex injection risk that was missed during code review.

guardvibe — ~/guardvibe
$ guardvibe scan_directory src/
  Files scanned: 64
  Scan duration: 102ms
  Grade: B (89/100)

  [HIGH] ReDoS via User-Controlled RegExp (VG107)
    File: src/tools/policy-check.ts:47
    Fix: escape regex metacharacters before passing to RegExp constructor

The vulnerability was fixed in the same session. This is exactly the workflow GuardVibe enables: catch what humans miss, fix before it ships.

Open source. Always.

Apache 2.0 licensed. npm provenance verified. Only 3 dependencies.

Built by GokLab for the vibecoding community.

Search for "guardvibe" on the Gemini CLI Extensions page to find us.