VibeCheck AI — Stop Hallucinations, Ship With Proof

Vibecheck-AI

46 installs

The #1 AI code verification platform. Catches phantom APIs, ghost routes, fake features, credential leaks, and silent failures that ESLint, TypeScript, and code review miss. 14 detection engines. One-click fix. Works with Cursor, Copilot, Claude, Windsurf. No config. No API keys. Free.

Installation

Launch VS Code Quick Open (Ctrl+P), paste the following command, and press enter.

Copied to clipboard

More Info

Your AI writes code that compiles.
VibeCheck proves it actually works.

14 detection engines find the hallucinations, phantom APIs, ghost routes, credential leaks, and silent failures that ESLint, TypeScript, and code review miss — then fix them in one click.

VibeCheck scanning AI-generated code in real time

The problem

Every AI coding tool — Cursor, Copilot, Claude, Windsurf, ChatGPT — produces code that compiles, passes lint, and looks correct. Then it breaks in production.

These aren't edge cases. They're the default:

  fetch('/api/payments/confirm')          →  Endpoint never implemented. 404 in prod.
  catch (err) { }                         →  Error silently swallowed. Data lost.
  { revenue: 99999 }                      →  Hardcoded mock. Dashboard lies to users.
  STRIPE_SECRET_KEY in client bundle      →  Credential leaked to every browser.
  <button onClick={handleSubmit}>         →  Handler is empty. Feature doesn't work.

Your linter says it's fine. TypeScript says it's fine. PR review says it's fine.

Your users find the bugs.

The fix: one keystroke

⌘ ⇧ V / Ctrl Shift V

That's it. 14 engines run in parallel. Every finding gets a severity, a file location, and a fix.

Scanning workspace...

  ✗  GRD-001  Ghost endpoint /api/payments/confirm       — never implemented
  ✗  SEC-003  STRIPE_SECRET_KEY in client bundle          — credential leak
  ✗  HAL-007  Silent catch in processPayment()            — error swallowed
  ✗  HAL-012  Hardcoded mock { revenue: 99999 }           — fake data in prod path

  Ship Score: 34/100 → NO SHIP

  Applying 4 fixes...

  Ship Score: 100/100 → SHIP ✓

No config files. No setup wizard. No onboarding flow. Install → scan → fix → ship.

Staying compatible with the API

Signed-in Free plan daily scan checks call VibeCheck’s API. Use this extension at 24.x or newer so scan quota and usage recording keep working. Older marketplace builds may receive SCAN_CLIENT_UPGRADE_REQUIRED from the API until you update the extension.

14 detection engines

Every engine is purpose-built for a specific failure mode that traditional tools miss. These map to the engines registered by the CLI FileRunner (workspace engines + baseline registry).

#	Engine	What it catches
1	Undefined env vars	`process.env` references not backed by your env / truthpack
2	Ghost routes	`fetch` and client calls to API paths with no handler
3	Phantom dependencies	Imports of packages not declared or not resolvable
4	API hallucinations	SDK or API usage that does not exist for your stack
5	Hardcoded secrets	Keys, tokens, and passwords committed to source
6	Security vulnerabilities	Injection, XSS, SSRF, weak crypto, and related OWASP-style issues
7	Fake features	Placeholder flags, empty handlers, mock data in prod paths
8	Version mismatches	APIs used in ways incompatible with installed package versions
9	Logic gaps	Contradictory or impossible control flow
10	Error-handling gaps	Swallowed errors, risky `try`/`catch` shape, unchecked async results
11	Incomplete implementation	Stubs, empty bodies, and unfinished paths
12	Type contracts	Types asserted vs actual JSON/API shape mismatches
13	Security patterns	Unprotected routes, CSRF, JWT misuse, redirects, CSP gaps
14	Performance anti-patterns	N+1 queries, sync I/O in async paths, fetch-in-render, and similar

Agent Firewall

VibeCheck intercepts AI edits as they happen — before they reach your files.

Mode	What happens
Observe	Every AI change is logged, fingerprinted, and scored. Drift and hallucinations get flagged in real time.
Enforce	Changes that fail verification are blocked before save. Your codebase stays clean.

Works with Cursor, Copilot, Claude, Windsurf, Cline, Continue, Codeium, Supermaven, Amazon Q, and every other tool that writes to disk.

Toggle from the sidebar. One click.

Agent Firewall intercepting AI edits in real time

Fix everything in one click

Every finding includes a fix. Choose your speed:

Inline fix — hover any underlined finding → click the lightbulb → done.

AI Auto-Fix — for complex multi-file issues, an LLM generates a context-aware repair that understands your codebase, not just the error message. Runs locally via Ollama (free) or via Anthropic/OpenAI APIs.

Bulk heal — fix every finding in the entire project in one pass. Watch the score go from red to green.

VibeCheck one-click fix in action

Beyond scanning: a full intelligence platform

Atlas — 3D Codebase Visualization

Atlas 3D codebase visualization

See your entire codebase as an interactive 3D graph. Every module, every symbol, every call-graph edge. Click to explore. Drag to rotate. Five built-in analysis modes:

Impact Prophecy — blast radius of any function change
Code GPS — trace execution paths with animated particles
Time Travel — git-powered churn heatmap over time
Fog of War — knowledge gaps and bus-factor risks
Code Archaeologist — full git history of any symbol

Context Engine

Reads your codebase DNA and generates perfectly tailored IDE rules for Cursor, Windsurf, Claude Code, GitHub Copilot, Cline, and Codex CLI. Your AI coding tools finally understand your architecture, conventions, and boundaries — automatically.

Architecture rules (16 types)
Dependency graph analysis
Codebase health scoring
One-click multi-IDE export

Provenance Tracker

Know exactly which AI tool wrote each line of code. Real-time edit classification: human typing, AI completion, AI chat insert, paste, refactor. Per-file and per-line attribution with git-level accuracy.

Detected tools: Copilot, Cursor, Windsurf, Cline, Continue, Codeium, Supermaven, Amazon Q, and more.

ISL Studio

A conversational code generation environment. Describe what you want to build in natural language → get verified, production-ready code with a live preview sandbox. Every generated file is automatically gated against your quality standards.

Chat-driven generation
Live browser preview
Automatic quality gating
Multi-framework support

Test Gap Analysis

Finds the holes in your test suite that manual review misses:

Functions with zero coverage
Tests that only cover the happy path
Stale tests that haven't been updated with the code
Orphaned test files testing deleted code

Vibe Flow — AI-Driven Methodology

10 specialized AI agents and 26 workflows that guide your entire development lifecycle. From sprint planning to code review to deployment — each agent brings domain expertise to your process.

Quick trigger codes for instant access
Context-aware suggestions
Squad coordination

Ship with cryptographic proof

Ship Check scores your project 0–100 and produces a signed proof bundle.

Score	Verdict	Meaning
80–100	SHIP	All checks pass. Safe to deploy.
50–79	WARN	Non-critical issues found. Review before deploying.
0–49	BLOCK	Critical issues detected. Do not deploy.

The proof bundle at .vibecheck/proof.json is a tamper-evident record of every check that ran, every finding, and the final verdict. Use it in CI to gate deployments automatically.

Ship Check verdict with trust score

Install in 10 seconds

VS Code / Windsurf / Cursor:

Open Extensions → Search "VibeCheck AI" → Click Install
Open any project
Press ⌘⇧V

CLI:

npx @vibecheck-ai/cli scan .

CI/CD:

# .github/workflows/vibecheck.yml
name: VibeCheck
on: [pull_request]
jobs:
  verify:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npx vibecheck-ai ship --ci

MCP Server (for AI agents):

npx @vibecheck-ai/mcp

Free vs Paid

Core detection is free forever. No account. No time limits. No feature walls on scanning.

	Free	Vibecoder $9.99/mo	Developer $29.99/mo	Engineer $59.99/mo
14-engine scanning	Unlimited	Unlimited	Unlimited	Unlimited
Inline diagnostics & one-click fix	✓	✓	✓	✓
Agent Firewall (observe + enforce)	✓	✓	✓	✓
File & folder locking	✓	✓	✓	✓
Security Heatmap	✓	✓	✓	✓
Atlas — codebase visualization	✓	✓	✓	✓
Report export (HTML, MD, JSON, SARIF)	✓	✓	✓	✓
Production Polish (80+ rules)		✓	✓	✓
AI Auto-Fix		✓	✓	✓
CommitShield		✓	✓	✓
Reality Mode		✓	✓	✓
Context Engine			✓	✓
ISL Studio & Ship Check			✓	✓
Test Gap & Architecture Rules			✓	✓
Deep Scan & Drift Detection			✓	✓
Compliance Audit (SOC2, HIPAA, PCI)				✓
Policy Engine				✓
SDK Generator				✓

Works with every AI coding tool

Cursor · GitHub Copilot · Claude · ChatGPT · Windsurf · Bolt · Cline · Aider · Continue · Codeium · Supermaven · Amazon Q

Language support

TypeScript · JavaScript · React · Vue · Svelte · Next.js · Python · Go · Rust

Privacy & Security

All scanning runs locally on your machine
Zero code is transmitted — ever
Cloud features are opt-in and require explicit setup
Works fully offline and in air-gapped environments
Auth credentials use VS Code's encrypted SecretStorage API
Open source — read every line

Keyboard shortcuts

Mac	Windows / Linux	Action
⌘⇧V	CtrlShiftV	Scan current file
⌘⇧A	CtrlShiftA	Quick Actions menu
⌘⇧F	CtrlShiftF	Auto-Fix at cursor
⌘⇧D	CtrlShiftD	Open Dashboard
⌘⇧R	CtrlShiftR	Reality Mode
⌘⇧H	CtrlShiftH	Security Heatmap

Troubleshooting

Scan timeout on large projects — Add large directories to vibecheck.ignorePaths in Settings, or create a .vibecheckignore file.

Findings not appearing — Open the Problems panel (⌘⇧M) and check the "vibecheck" filter.

Reality Mode connection failure — Ensure your app is running and vibecheck.realityMode.baseUrl points to it.

Agent Firewall not detecting AI edits — Make sure the AI extension is listed in your IDE's extensions. VibeCheck auto-detects Copilot, Cursor, Windsurf, Cline, Continue, Codeium, and Supermaven.

Sidebar blank or script errors after git pull — The sidebar bundle is generated, not hand-edited. Source lives under media/sidebar/ (entry media/sidebar/index.ts). Run pnpm run build:webview in this package (or pnpm run compile / pnpm run watch, which run build:webview first). Output is dist/sidebar/index.js (gitignored). Do not edit that file directly; changes will be lost on the next build.

Available on 4 surfaces

Surface	Install	Use case
VS Code Extension	Marketplace or `.vsix`	Interactive scanning, sidebar dashboard, inline fixes
CLI	`npm i -g @vibecheck-ai/cli`	CI/CD pipelines, terminal workflows, scripting
MCP Server	`npx @vibecheck-ai/mcp`	AI agent integration (Cursor, Claude, etc.)
GitHub Action	`vibecheck-ai/action@v2`	Pull request verification, deployment gating

Build with AI. Ship with proof.

Website · Documentation · Discord · GitHub