AI-powered Python security scanner โ 13 vuln types, AINA L3 causal chains, 100% recall
Project description
๐ก๏ธ aina-vibeguard
AI-powered Python security scanner โ 13 vulnerability types, AINA L3 causal chain analysis, 100% recall on 30 golden cases.
What it detects
| # | Vulnerability | Free | Pro | Premium |
|---|---|---|---|---|
| 1 | SQL Injection | โ | โ | โ |
| 2 | Command Injection | โ | โ | โ |
| 3 | Hardcoded Secrets | โ | โ | โ |
| 4 | Path Traversal | โ | โ | โ |
| 5 | SSRF | โ | โ | โ |
| 6 | XSS | โ | โ | โ |
| 7 | Insecure Deserialization | โ | โ | โ |
| 8 | Weak Crypto (MD5/SHA1) | โ | โ | โ |
| 9 | Open Redirect | โ | โ | โ |
| 10 | Template Injection | โ | โ | โ |
| 11 | Cross-function Taint (5-hop) | โ | โ | โ |
| 12 | IDOR / CSRF / Mass Assignment | โ | โ | โ |
| 13 | Sensitive Data Leak | โ | โ | โ |
30/30 golden test recall (100%) ยท AINA L3 causal chains trace attack paths from source to sink.
Install
pip install aina-vibeguard
Zero dependencies. Pure Python 3.9+.
Quick start
# 1. Set your API key (get one at vibeguard.dev)
aina-vibeguard config --key vg_pro_YOUR_KEY
# 2. Scan a file
aina-vibeguard scan myapp/views.py
# 3. Full output with L3 causal chains
aina-vibeguard scan myapp/views.py --verbose
# 4. [Premium] Scan entire project
aina-vibeguard scan-project ./myproject
No API key? Use a free key with 50 scans/day:
aina-vibeguard config --key vg_free_demo0001
Example output
๐ [PRO] views.py
๐ด BLOCKED blocks=2 warns=1
scan_id: 8f3a1b2c-...
hash: A3F9C2B1D4E5F6A7... โ
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
KIND SEVERITY LINE DETAIL
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
๐ด SQL_INJECTION BLOCK 42 f-string in execute()
๐ด COMMAND_INJECTION BLOCK 87 subprocess with shell=True + user input
๐ก HARDCODED_SECRET WARN 15 API_KEY = "sk-..."
๐ง AINA L3 Causal Chains (2):
โข user_input โ string_concat โ execute() โ database_read
โข user_input โ shell_interpolation โ subprocess.run โ OS_command
Tier comparison
| Feature | Free | Pro ($19/mo) | Premium ($49/mo) |
|---|---|---|---|
| Scans per day | 50 | 500 | Unlimited |
| Max file size | 100 KB | 500 KB | 1 MB (ZIP) |
| 10 base vuln types | โ | โ | โ |
| Full issue details | โ | โ | โ |
| AINA L3 causal chains | โ | โ | โ |
| Senior code analysis | โ | โ | โ |
| Scan history (90 days) | โ | โ | โ |
| PDF certificate | โ | โ | โ |
| Cross-function taint | โ | โ | โ |
| IDOR / CSRF detection | โ | โ | โ |
| Sensitive data leak | โ | โ | โ |
| Project ZIP scan | โ | โ | โ |
๐ซ Early Bird: First 100 Pro / 50 Premium slots at launch price.
โ aina-vibeguard slots to check availability.
Hash proof
Every Pro/Premium scan returns a tamper-proof hash you can verify client-side:
import hashlib, json
scan_id = "8f3a1b2c-..."
blocks = 2
block_types = {"SQL_INJECTION": 1, "COMMAND_INJECTION": 1}
payload = f"{scan_id}|{blocks}|{json.dumps(block_types, sort_keys=True)}"
result_hash = hashlib.sha256(payload.encode()).hexdigest()[:32].upper()
# โ A3F9C2B1D4E5F6A7...
CI/CD integration
# .github/workflows/security.yml
- name: VibeGuard scan
run: |
pip install aina-vibeguard
aina-vibeguard scan src/app.py
env:
VIBEGUARD_API_KEY: ${{ secrets.VIBEGUARD_API_KEY }}
Exit code 1 if any BLOCK-severity issues are found โ fails the pipeline automatically.
False positive feedback
aina-vibeguard feedback <scan_id> SQL_INJECTION --note "Parameterized query, safe"
Feedback is stored in the AINA L3 causal database and reduces future false positives.
Commands
| Command | Description |
|---|---|
config --key KEY |
Save API key locally |
scan FILE |
Scan a Python file |
scan-project DIR |
[Premium] Scan project directory |
status |
API status + tier info |
slots |
Early bird slot availability |
history |
Recent scan history |
feedback SCAN_ID KIND |
Report false positive |
docs |
Export learned patterns |
How it works
VibeGuard is a cloud-native SAST (Static Application Security Testing) tool. Your code is sent to the VibeGuard API which runs:
- Structural analysis โ AST-based pattern matching for 13 vulnerability types
- AINA L3 causal chains โ Knowledge graph traversal traces taint from source to sink
- Senior code analysis โ GOD_OBJECT, N+1 queries, DEEP_NESTING detection
- [Premium] Inter-procedural taint โ 5-hop cross-function data flow
The API runs on Railway with a PostgreSQL-backed key store and self-improving causal database.
Privacy
- Code snippets are processed server-side for analysis and not stored permanently
- Scan metadata (hash, block counts) is stored 90 days for Pro/Premium history
- No training on your code
Get a key
- Free โ
vg_free_demo0001(public demo, 50 scans/day shared) - Pro / Premium โ vibeguard.dev/pricing
License
MIT ยฉ 2026 AINA Sovereign
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file aina_vibeguard-1.9.2.tar.gz.
File metadata
- Download URL: aina_vibeguard-1.9.2.tar.gz
- Upload date:
- Size: 10.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e076d1baefd4e564f1a1abebe592eba5d151b8ef0a3f23ae7d14feb7c1d752d7
|
|
| MD5 |
e45afd473055516a365efbb6f11882ae
|
|
| BLAKE2b-256 |
0b23b358a9793d9a2ed19a6ac2334eebbf9944c738c4f65e718485ea2dce2750
|
File details
Details for the file aina_vibeguard-1.9.2-py3-none-any.whl.
File metadata
- Download URL: aina_vibeguard-1.9.2-py3-none-any.whl
- Upload date:
- Size: 11.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
48f968b787b5aa19094e6607ea1a10afe4f97a8c9b33070d4f9f86c5a660e32f
|
|
| MD5 |
d083e8d10b50f81f9bda5874c4248108
|
|
| BLAKE2b-256 |
d97431d640bc7cd5f86836d0f1779173bacca372bad429c356d5663aaa1ab889
|
