1pre-write
Block unsafe code
Catch secrets, injections, broken auth, unsafe LLM patterns, and risky dependencies before generated code lands.
11 detectors
Loading VibeLint...
AI agent security for builders
Secure every action your AI agents take.
VibeLint checks code writes, tool calls, and workflow actions before they become risk. Block unsafe generated code, gate sensitive actions, and keep a searchable audit trail across IDEs, MCP tools, and agent builders.
Loading...See how it works
Designed forIDEsMCP toolsworkflow agentsagent frameworks
Agent control plane
Code writes, tool calls, approvals, and audit logs
1,284
actions checked
37
blocked risks
4
pending approvals
live agent actions
v1 security layerCursor -> write auth.ts
src/auth/session.ts
JWT accepted without signature verification
Claude Code -> modify billing route
app/api/billing/route.ts
High-impact payment action requires approval
n8n -> send customer email
crm.workflow.send
External message approved before sending
LangGraph -> query database
readonly.customer_lookup
Read-only action allowed and recorded
permission loop
1check permission
2run if allowed
3log action
4require approval if risky
policy preview
if action == "delete" then block
if risk_score >= 5 then approval
always log with redacted payloads
Works where your agents already run
VibeLint is the security layer around the tools you already use.
Not another agent builder. VibeLint gives agents built in IDEs, workflow builders, and frameworks a shared permission check, audit log, and approval path.
Where VibeLint fits best first
Simple HTTP or SDK flow: check permission, run if allowed, log action, require approval when risky.
The shift
AI moved from suggesting to acting.
VibeLint secures that new action layer. It treats generated code, tool calls, and workflow automation as one surface that needs permission checks, blocking, approvals, and logs.
Unsafe file writesOver-broad tool accessSilent workflow actionsSecrets in generated codeUnreviewed production changesNo audit trail
!
Without a control layer
Agents can touch real systems. They edit files, call APIs, run workflows, send messages, query databases, and operate with whatever credentials you give them.
The risky action looks normal. A generated auth helper can skip verification. A workflow agent can email customers. A framework agent can query more data than intended.
Review happens too late. Traditional scanners and pull request checks see the result after the action already happened. VibeLint adds the check at action time.
ok
With VibeLint
Every action gets a decision. Allow low-risk actions, block dangerous ones, and gate sensitive operations behind approval.
Code writes stay protected. A code write is treated as an agent action, so secrets, injection risks, and broken auth are still blocked before they land.
Teams get evidence. Search action logs, review permission decisions, and understand what each agent attempted before risk spreads.
Platform
One security loop for code writes and agent actions.
VibeLint does not split AI code security from agent security. It treats both as actions that can be checked, blocked, approved, and logged.
2pre-action
Check permissions
Ask VibeLint before an agent calls a tool, writes a file, changes billing, sends a message, or touches data.
allow / block / gate
3audit
Log every action
Record agent identity, tool, action, status, risk score, reasoning summary, and redacted payload metadata.
searchable trail
4human-in-loop
Require approval
Route sensitive actions to approval so agents keep moving on safe work and pause before high-impact changes.
24h approval window
Generated code is still protected
Pre-write checks remain the first action gate.
- const token = "sk_live_abc123";
- jwt.decode(session, { verify_signature: false })
+ const token = process.env.STRIPE_SECRET_KEY;
+ jwt.verify(session, PUBLIC_KEY, { algorithms: ["RS256"] })
Tool calls get policy decisions
Use the same loop for agents outside your IDE.
toolactiondecision
linearcreate_issueallow
striperefund_paymentapproval
shellrm -rf ./uploadsblock
How it works
Three layers of protection. Each one easy to understand.
Protect what agents write, keep a record of what they do, and control what they are allowed to do next.
First line of defense
Stop insecure AI-generated code before it reaches your project.
VibeLint connects to your coding agent through MCP and checks the code it creates or edits. You get the risk, the exact location, and a safer fix while the code is still being written.
Works inside your AI coding IDE
Cursor
Claude Code
Codex
Antigravity
Windsurf- 01
Connect your IDE
Add VibeLint as an MCP server using the ready-to-copy setup in your dashboard.
- 02
Your agent writes code
Keep using Cursor, Claude Code, Codex, Antigravity, or Windsurf like you normally do.
- 03
VibeLint checks it first
Generated code is scanned locally. Safe code continues; risky code is flagged or blocked with a clear fix.
What a finding looks like
A few examples from the current security coverage.
Hardcoded secret
payments.ts:12
const key = "sk_live_••••"
Move this secret to an environment variable.
SQL injection
users.py:38
db.execute(f"SELECT * FROM users WHERE id={id}")
Use a parameterized query for untrusted input.
Missing authorization
api/admin/route.ts:21
export async function DELETE(req)
Check the caller’s role before this action.
Secrets, injections, broken auth, AI risks, and more
See every covered risk with its Free or Pro + Max availability.
Use cases
Secure agents without changing where you build them.
VibeLint is deliberately not the builder. It is the security, permission, and audit layer around the agents your team already runs.
AI coding agents
Secure code writes from Codex, Claude Code, Antigravity, Windsurf, Cursor, and MCP-compatible IDEs.
block secretsgate file writesscan before save
Workflow agents
Add approval and audit trails around agents that send emails, update CRMs, trigger jobs, or call SaaS APIs.
approve sendslog tool callsblock risky automations
Developer frameworks
Wrap LangGraph, CrewAI, OpenAI Agents SDK, LlamaIndex, and custom runtimes with one permission pattern.
SDK-friendlyHTTP-firstredacted payloads
Enterprise platforms
Use VibeLint as the lightweight policy layer beside Copilot Studio, Bedrock Agents, Agentforce, and internal tools.
agent identitiesteam policiesaudit evidence
Privacy by design
Security evidence without exposing your code.
Source code stays local during scans
Only metadata syncs to the hosted dashboard
Agent payloads are redacted before logging
No need to replace your builder or observability stack
Pricing
Start with local protection. Upgrade to the agent control plane.
Free includes basic code security plus light agent visibility. Pro adds the full detector suite, permissions, approvals, and generous agent security. Max is for high-volume production agents.
Free
Local code protection
For developers who want VibeLint between their AI coding agent and their files.
$0forever
- Local MCP scanner
- Pre-write security checks
- Hard-coded secrets
- SQL and NoSQL injection
- Broken auth patterns
- CORS and framework misconfiguration
- Pre-commit hook
- Code remediation hints
Agent control plane
Pro
Permissions, logs, approvals
For builders and teams running agents across IDEs, workflows, and frameworks.
$19.99/month
Limited time only offer
$199one-time payment
Lifetime VibeLint Pro access.
- Everything in Free
- All 11 detectors
- Prompt injection detection
- LLM output execution detection
- Missing rate-limit detection
- Vulnerable dependency detection
- Agent identities and API keys
- Agent action logs
- Permission policies
- Approval requests
- Permission decision history
- Security score
Max
Production agent security
For high-volume teams running many agents, logs, rules, and approvals.
$49/month
- Everything in Pro
- 50 agents
- 250,000 action logs per month
- 250 permission policies
- 2,500 permission rules
- 2,500 pending approvals
- 90-day action log retention
- 90-day scan history retention
Teams and Enterprise plans are on the full pricing page.
Different layer
VibeLint complements the stack. It does not replace it.
Builders create agents. Observability tools trace behavior. Auth tools manage identities. VibeLint adds the missing security decision point around actions.
| Layer | Examples | What it does | Where VibeLint fits |
|---|---|---|---|
| Agent builders | n8n, Dify, Flowise, LangGraph, CrewAI | Build and orchestrate the agent | Checks actions before they run and records what happened |
| Observability tools | Langfuse, Braintrust, Phoenix, Helicone | Trace prompts, model calls, and evals | Adds permission decisions, approval state, and security risk scoring |
| Auth infrastructure | Auth0, Permit.io, Cerbos, Composio | Authenticate users, apps, and API access | Applies agent-specific policy to tool calls and workflow actions |
| Traditional scanners | SAST, dependency scanners, PR checks | Find code risk after code exists | Stops risky generated code and agent actions before they land |
FAQ
Questions builders ask before protecting AI agent work.
VibeLint is a security layer for AI-assisted development. It protects three surfaces: code security for generated code, agent logs for visibility, and permissions for actions that should be allowed, blocked, or approved first.
Code Security checks AI-generated or AI-edited code for issues like hardcoded secrets, injection risk, broken auth, unsafe config, prompt injection patterns, and risky execution paths before they become part of your project.
Agent Logs give you a searchable history of what each agent attempted: tool calls, file writes, API requests, status, timestamps, risk context, permission decisions, approval state, and redacted metadata.
You define agent identities and policies, then check permission before sensitive actions. VibeLint returns allow, block, or require approval, so safe work can continue while high-risk actions pause for review.
No. Those tools create or run the agent. VibeLint sits beside them as the control layer: scan generated code, check permissions before risky actions, and keep an audit trail of what happened.
No. Code scanning runs locally. Dashboard sync is focused on metadata such as issue type, severity, line number, project history, permission decisions, approval state, and redacted action context.
Start with the action layer
Secure what your AI agents write, run, and touch.
Create a free account, install VibeLint, and start with local code protection. Upgrade when you want agent identities, action logs, permission policies, and approvals.