vibe-security-ai 1.0.0

A professional CLI tool for security analysis using Claude 4

🔍 Vibe Check - AI-Powered Security Analysis CLI

A professional command-line tool that leverages Claude 4 Sonnet to perform comprehensive security analysis on your code. Get detailed security reports with actionable recommendations to improve your code's security posture.

✨ Features

• 🤖 AI-Powered Analysis: Uses Claude 4 Sonnet for intelligent security vulnerability detection
• 📊 Comprehensive Reports: Generates detailed markdown reports with risk assessments
• 🎯 Multi-Language Support: Analyzes 20+ programming languages
• 🚀 Professional CLI: Beautiful, rich terminal interface with progress indicators
• ⚡ Fast & Efficient: Quick analysis with detailed feedback
• 🔧 Flexible Output: Custom output paths and automatic naming
• 📋 Structured Analysis: Executive summaries, detailed findings, and remediation roadmaps
• 🔒 Privacy-Focused: Local report generation with secure API communication

🚀 Quick Start

Installation

pip install vibe-check

Setup

Configure your Anthropic API key (Get one here):

vibe-check --setup

Analyze Your Code

vibe-check path/to/your/code.py

That's it! Your security report will be generated in the security_reports/ folder.

📦 Installation Options

Option 1: PyPI (Recommended)

pip install vibe-check

Option 2: Development Installation

git clone https://github.com/colesmcintosh/vibe-check.git
cd vibe-check
pip install -e .

⚙️ Configuration

API Key Setup

Choose your preferred method:

Interactive Setup (Recommended)

vibe-check --setup

Environment Variable

export ANTHROPIC_API_KEY="your_api_key_here"

.env File

echo "ANTHROPIC_API_KEY=your_api_key_here" > .env

🎯 Usage

Basic Commands

# Analyze a file
vibe-check app.py

# Custom output location
vibe-check app.js --output custom_report.md
vibe-check app.js -o custom_report.md

# Specify API key directly
vibe-check script.php --api-key sk-your-key-here

# Get help
vibe-check --help

# Check version
vibe-check --version

Real-World Examples

# Web application security audit
vibe-check src/auth/login.py

# Frontend component analysis
vibe-check components/UserProfile.tsx

# API endpoint security check
vibe-check api/routes/users.js

# Database query analysis
vibe-check models/user.sql

# Shell script security review
vibe-check scripts/deploy.sh

🔧 Supported Languages

Vibe Check analyzes these file types:

Category	Extensions
Web Frontend	.js, .ts, .jsx, .tsx, .html, .css, .scss, .vue, .svelte
Backend	.py, .java, .c, .cpp, .cs, .php, .rb, .go, .rs, .swift
Mobile	.kt, .scala, .dart, .m, .mm
Scripts	.sh, .bash, .zsh, .sql, .pl, .lua
Other	.r, .nim, .zig

Note: Any text file can be analyzed, with confirmation for unrecognized extensions.

📊 Report Structure

Each security analysis includes:

📋 Executive Summary

• Overall security posture assessment
• Risk level classification (Critical/High/Medium/Low)
• Summary of findings by severity

🔍 Detailed Security Findings

Critical Issues 🚨

• Immediate security threats requiring urgent attention
• Potential for data breaches or system compromise

High Priority ⚠️

• Important vulnerabilities to address soon
• Significant security risks

Medium Priority 📝

• Issues for next development cycle
• Security improvements and hardening

Low Priority 💡

• Best practice recommendations
• Code quality and maintainability improvements

📊 Analysis Details

For each finding:

• Clear vulnerability description
• Exact code location (file and line numbers)
• Risk assessment and impact analysis
• Step-by-step remediation instructions
• Code examples showing fixes

✅ Security Recommendations

• Industry best practices
• Prevention strategies
• Compliance considerations (OWASP, CWE)
• Prioritized action plan

🖥️ CLI Output Examples

Successful Analysis

🔍 VIBE CHECK
Security Analysis Tool powered by Claude 4

📁 Analyzing: src/auth/login.py
📄 Report will be saved to: security_reports/login_security_report.md

🔎 Analyzing code for security vulnerabilities...

✅ Analysis complete!
📊 Security report saved to: security_reports/login_security_report.md
⏱️  Analysis took: 2.34 seconds
🔍 Found: 2 Critical, 1 High, 3 Medium, 2 Low priority issues

Sample Report Header

# Security Analysis Report

**File Analyzed:** `src/auth/login.py`
**Analysis Date:** 2024-01-15 14:30:22
**Analysis Duration:** 2.34 seconds
**Tool:** Vibe Check

---

## 🎯 Executive Summary

**Security Posture:** HIGH RISK ⚠️
**Total Issues Found:** 8
- 🚨 Critical: 2
- ⚠️ High: 1  
- 📝 Medium: 3
- 💡 Low: 2

This analysis identified several critical security vulnerabilities...

🛠️ Troubleshooting

Common Issues

Issue	Solution
"Anthropic API key not found"	Run vibe-check --setup or set ANTHROPIC_API_KEY environment variable
"File not found"	Check file path and permissions
"API Error"	Verify internet connection and API key validity
"Permission denied"	Check file read permissions and output directory write access

Getting Help

# Show detailed help
vibe-check --help

# Check version
vibe-check --version

# Test your setup
vibe-check --setup

🏗️ Development

Project Structure

vibe-check/
├── vibe_check/
│   ├── __init__.py      # Package metadata
│   └── cli.py           # Main CLI application
├── pyproject.toml       # Modern Python packaging
├── requirements.txt     # Dependencies
├── README.md           # This file
├── LICENSE             # MIT License
├── CHANGELOG.md        # Version history
└── PUBLISHING.md       # Publishing guide

Dependencies

• click (>=8.1.0,<9.0.0): CLI framework
• anthropic (>=0.34.0,<1.0.0): Claude API client
• rich (>=13.0.0,<14.0.0): Terminal formatting

Building from Source

# Clone repository
git clone https://github.com/colesmcintosh/vibe-check.git
cd vibe-check

# Install in development mode
pip install -e .

# Run tests
python test_package.py

# Build package
python -m build

🔒 Security & Privacy

• Secure Communication: All API calls use HTTPS encryption
• No Data Storage: Your code is not stored by the tool or Anthropic
• Local Reports: All analysis reports are saved locally only
• API Privacy: Review Anthropic's Privacy Policy for API data handling
• Open Source: Full source code available for security review

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🤝 Contributing

Contributions are welcome! Here are some areas for improvement:

• 🌐 Additional programming language support
• 📋 Custom security rule definitions
• 🔄 CI/CD pipeline integrations
• 📁 Batch file processing
• ⚙️ Configuration file support
• 🎨 Custom report templates

How to Contribute

1. Fork the repository
2. Create a feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

📞 Support

• 🐛 Bug Reports: GitHub Issues
• 📖 Documentation: GitHub Repository
• 💬 Questions: Open a GitHub Discussion

🏷️ Version History

See CHANGELOG.md for detailed version history.

🙏 Acknowledgments

• Built with Claude 4 by Anthropic
• CLI framework powered by Click
• Beautiful terminal output via Rich

---

Made with ❤️ for secure coding practices

Vibe Check - Because security shouldn't be an afterthought 🛡️