Vibe Owl

Vibe Owl is a local-first code security assistant for vibe coders in VS Code, Cursor, and compatible editors.

It helps you catch hardcoded secrets, risky code patterns, git leaks, and dependency risks before commit/push/deploy through fast preflight checks and actionable fixes.

Local-Only Guarantee

• No Vibe Owl backend calls
• No API key required
• No cloud scan processing
• Checks run on the developer machine only

Core Capabilities

• Live secret scanning on open/change/save
• Current-file and workspace-wide scanning
• Diagnostics + quick fixes in editor
• Current-file scan includes lightweight code-risk heuristics (eval, command injection patterns, insecure HTTP, weak crypto)
• Language-aware env extraction quick fix (JS/TS, Python, Go, Java, C#, Ruby, PHP, Shell, Rust, Swift)
• Project allowlist with reasoned suppressions
• Local false-positive trainer with conservative learning
• Git safety hooks (pre-commit and pre-push)
• Advanced git history secret scanning
• Diff risk preview with staged + non-staged fallback
• Dependency risk guard
• Multi-manifest dependency risk checks (npm, Python, Go, Rust, Java/Gradle, Swift Package Manager)
• .env safety audit and .env.example sync
• Cross-language env reference detection for hygiene checks
• Clipboard secret guard (warn/block)
• CLI install safety (warn/block)
• Host health checks (macOS-focused)
• Preflight check (local commit/push/deploy readiness check)
• Baseline-based new-risk alerts
• Policy bundles for team security posture presets
• Top-level General Health Score with initial full audit and immediate actions
• Safe Cleanup module with local backup + revert (no git required)

Sidebar Model

• Simple mode: core protections with streamlined UI, plus Preflight Check
• Advanced mode: full security operations surface with deeper controls
• General Health Score appears near the top and can run a full initial audit
• Preflight Check is a separate ship gate and can run at any time (with or without staged changes)
• After first successful audit, the action switches to re-run mode and stays persisted across editor restarts
• Section-level On/Off toggles are available for major modules (Code Safety, Git Safety, Security Ops, System & CLI Safety, Safe Cleanup)
• Safe Cleanup is positioned near the end of the sidebar and supports one-click revert from local backup snapshots
• Existing sections continue to show module-specific details without duplicating high-level status

Commands

• Vibe Owl: Scan Current File
• Vibe Owl: Toggle Code Safety
• Vibe Owl: Scan Workspace for Secrets
• Vibe Owl: Run Safe Code Cleanup
• Vibe Owl: Revert Last Cleanup
• Vibe Owl: Toggle Safe Cleanup
• Vibe Owl: Open Allowlist File
• Vibe Owl: Run Host Security Health Check
• Vibe Owl: Open Host Health Report
• Vibe Owl: Open The 10 Commandments for Vibe Coders
• Vibe Owl: Check CLI Install Command Safety
• Vibe Owl: Toggle CLI Safety
• Vibe Owl: Install Git Safety Hooks
• Vibe Owl: Uninstall Git Safety Hooks
• Vibe Owl: Toggle Git Safety
• Vibe Owl: Set Operation Mode
• Vibe Owl: Scan Git History for Secrets
• Vibe Owl: Preview Staged Diff Risk
• Vibe Owl: Open Key Rotation Playbooks
• Vibe Owl: Update Rotation Checklist
• Vibe Owl: Run Post-Rotation Rescan
• Vibe Owl: Run .env Safety Audit
• Vibe Owl: Sync .env.example from code usage
• Vibe Owl: Run Dependency Risk Guard
• Vibe Owl: Check Clipboard Safety
• Vibe Owl: Toggle Clipboard Safety
• Vibe Owl: Run Preflight Check
• Vibe Owl: Re-run Workspace Health Audit (Legacy Alias)
• Vibe Owl: Run Workspace Health Audit
• Vibe Owl: Check New Risk Alerts
• Vibe Owl: Set Current Findings as Baseline
• Vibe Owl: Open False-Positive Trainer Data
• Vibe Owl: Reset False-Positive Trainer Data
• Vibe Owl: Apply Security Policy Bundle

Settings

• vibeOwl.enableLiveScan
• vibeOwl.scanOnSave
• vibeOwl.maxFileSizeKb
• vibeOwl.excludeGlobs
• vibeOwl.minimumSeverityToReport
• vibeOwl.allowlistFile
• vibeOwl.mascotImagePath
• vibeOwl.cliSafety.enable
• vibeOwl.cliSafety.mode
• vibeOwl.cliSafety.checkOnPaste
• vibeOwl.clipboardSafety.enable
• vibeOwl.clipboardSafety.mode
• vibeOwl.clipboardSafety.checkIntervalSeconds
• vibeOwl.gitSafety.enable
• vibeOwl.gitSafety.mode
• vibeOwl.gitSafety.enablePrePush
• vibeOwl.operationMode
• vibeOwl.cleanup.enable
• vibeOwl.advanced.gitHistoryCommitDepth
• vibeOwl.advanced.stagedPreviewMaxLines
• vibeOwl.advanced.gitHistoryRange
• vibeOwl.trustScore.historyLimit (used for Health Score trend history)
• vibeOwl.falsePositiveTrainer.enable
• vibeOwl.falsePositiveTrainer.file
• vibeOwl.falsePositiveTrainer.suppressLowAfter
• vibeOwl.falsePositiveTrainer.suppressMediumAfter

Note: vibeOwl.cliSafety.checkOnPaste depends on terminal shell integration support from the host editor build. Use manual CLI checks when shell integration is unavailable.

Known Limitations

• Detection is heuristic-based and can produce false positives or false negatives.
• Dependency manifest checks are broader than before but still lightweight for some ecosystems and edge-case formats.
• Env-hygiene parsing supports common language patterns; custom wrappers/helpers may not be detected automatically.
• Quick-fix extraction does not auto-insert missing imports/usings in every language context.
• Host health checks are currently macOS-focused.
• Safe Cleanup currently applies low-risk text normalization only (line endings, trailing whitespace, final newline) and does not refactor logic.
• Vibe Owl is local-only by design and does not provide centralized team dashboards or cloud policy enforcement.

License

Vibe Owl is proprietary software.

• Commercial use is restricted.
• All commercial rights are reserved by Marcel Iseli.
• See LICENSE for full terms.