AI-Native Platform to Secure Vibecoded Applications
Project description
🛡️ SecureVibes
AI-Native Security System for Vibecoded Applications
SecureVibes uses Claude's multi-agent architecture to autonomously find security vulnerabilities in your codebase. Four specialized AI agents work together to deliver comprehensive, context-aware security analysis with concrete evidence.
🚀 Quick Start
# Install for the latest release on PyPi (might not have all the latest changes in the code)
pip install securevibes
# NOTE: the package uploaded on PyPi might not have all the latest changes.
# I will try to release a new version of the package whenever there are significant changes/developments
# If you would rather use the version with the latest changes, you can do the following:
# Install for the latest version (might be buggy)
git clone https://github.com/anshumanbh/securevibes.git
cd securevibes
virtualenv env
. env/bin/activate
pip install -e packages/core
# Authenticate (choose one method)
# Method 1: Session-based (recommended)
# You could use your Claude subscription here, if you don't want to pay per API requests
claude # Run interactive CLI, then type: /login
# Method 2: API key
export ANTHROPIC_API_KEY="your-api-key-here"
# Scan your project
securevibes scan /path/to/code --streaming --debug
Get your API key from: https://console.anthropic.com/
🤖 Multi-Agent Architecture
SecureVibes orchestrates 4 specialized Claude agents:
- Assessment Agent - Maps codebase architecture and technology stack
- Threat Modeling Agent - Applies STRIDE methodology for realistic threats
- Code Review Agent - Uses security thinking framework to find vulnerabilities
- Report Generator - Compiles findings into actionable reports
Key Difference: Unlike traditional pattern-matching tools, SecureVibes agents understand your code's context, architecture, and business logic to find novel vulnerabilities that static analysis misses.
🎯 Common Use Cases
# Default: creates .securevibes/scan_report.md (markdown format)
securevibes scan .
# Real-time progress for large repos (recommended)
securevibes scan . --streaming
# Export JSON for CI/CD pipeline
securevibes scan . --format json --output security-report.json
# Custom markdown report (saved to .securevibes/custom_report.md)
securevibes scan . --format markdown --output custom_report.md
# Terminal table output (no file saved)
securevibes scan . --format table
# Focus on critical/high severity
securevibes scan . --severity high
# Fast scan with cheaper model
securevibes scan . --model haiku
# Quiet mode for automation
securevibes scan . --quiet
⚙️ Configuration
Control agent models and analysis depth via environment variables:
# Authenticate first (see Quick Start above)
# Then optionally customize:
# Customize agent models (default: sonnet)
export SECUREVIBES_CODE_REVIEW_MODEL="opus" # Max accuracy
export SECUREVIBES_THREAT_MODELING_MODEL="sonnet"
# Control analysis depth (default: 50)
export SECUREVIBES_MAX_TURNS=75 # Deeper analysis
Models: haiku (fast/cheap) | sonnet (balanced) | opus (thorough/expensive)
🐍 Python API
import asyncio
from securevibes import Scanner
async def main():
# Authentication is automatically handled by Claude Agent SDK via:
# - ANTHROPIC_API_KEY environment variable, or
# - Session token from `claude` CLI (run: claude, then /login)
scanner = Scanner(
model="sonnet", # Use shorthand: sonnet, haiku, opus
debug=True # Show agent narration for verbose output
)
result = await scanner.scan("/path/to/repo")
print(f"Found {len(result.issues)} vulnerabilities")
print(f"Cost: ${result.total_cost_usd:.4f}")
asyncio.run(main())
📚 Full Documentation
This is a quick reference for PyPI users. For comprehensive documentation, visit:
📖 Full Documentation on GitHub
Including:
- 🏗️ Architecture Deep Dive
- 🌊 Streaming Mode Guide - Real-time progress tracking
👤 Author
Built by @anshumanbh
🌟 Star the repo to follow development!
🙏 Acknowledgments
- Powered by Claude by Anthropic
- Built with Claude Agent SDK
- Inspired by traditional SAST tools, reimagined with AI
License: AGPL-3.0 | Requires: Python 3.10+
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file securevibes-0.2.0.tar.gz.
File metadata
- Download URL: securevibes-0.2.0.tar.gz
- Upload date:
- Size: 47.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
87588d396d1db6191bf0196fc7fd9dcd1982e61e3d4c65b2d8af8bff0a2a5d50
|
|
| MD5 |
4cd0d9297c2b133ee44c3941ecdede10
|
|
| BLAKE2b-256 |
1b95f22fd1fdc01a5917ece6c9aaaa14f1529f50054232f2242ad80866cf5b36
|
File details
Details for the file securevibes-0.2.0-py3-none-any.whl.
File metadata
- Download URL: securevibes-0.2.0-py3-none-any.whl
- Upload date:
- Size: 34.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.8
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
41d96a1cab7694fb9996094c4a1a67a23dd83356f2685fe2110a33aac7903bb4
|
|
| MD5 |
5cda0c79c6238c1b3d1f91e43f92965f
|
|
| BLAKE2b-256 |
c5951fafa9f989afff95ce1e7ffed9a0494e75ad2564164e3c7d70fce17cbca1
|
