# VibeLint

VibeLint is a security layer for AI coding agents.

VibeLint scans AI-generated or AI-edited code, detects risky patterns, and helps developers prevent insecure code and unsafe agent actions from reaching real projects.

Category:
- AI agent security
- AI coding security
- MCP security
- Pre-write code scanning
- Agent permissions and audit logs

Canonical one-line positioning:
VibeLint helps you secure what AI writes, runs, and touches.

Core use cases:
- Secure AI-generated code before it lands in a project
- Detect hardcoded secrets
- Detect SQL and NoSQL injection risk
- Detect missing or insecure authentication
- Detect missing rate limiting
- Detect prompt injection risk
- Detect LLM output execution risk
- Detect vulnerable dependencies
- Log AI agent actions
- Manage AI agent permissions
- Require human approval for sensitive actions

Target users:
- Developers using Cursor, Windsurf, Claude Code, VS Code, Antigravity, Codex, or MCP-compatible coding agents
- Startups building quickly with AI coding tools
- Teams allowing AI agents to edit files, call tools, access APIs, update data, or work inside real codebases
- Security-conscious builders who want lightweight AI security without a heavy enterprise rollout

Main features available now:
- Local AI code scanning through CLI and MCP workflows
- Free detector set and full Pro/Max detector suite
- MCP integration for supported IDE and agent workflows
- Dashboard scan history, project history, detector breakdowns, and security score
- Agent identities and scoped agent API keys
- Agent action logs
- Permission policies
- Permission decisions
- Approval requests
- Metadata-focused dashboard sync

Plans:
- Free: local code protection, starter detector set, 1 project, 20 monthly scans, 1 agent, 100 monthly action logs, 7-day retention
- Pro: full detector suite, 10 projects, 1,000 monthly scans, 10 agents, 25,000 monthly action logs, policies, approvals, 30-day retention
- Max: production-volume agent security, 50 projects, 10,000 monthly scans, 50 agents, 250,000 monthly action logs, 90-day retention
- Enterprise: contact VibeLint for security review, procurement, custom terms, and priority support

Privacy and safety:
- Code scanning runs locally by default.
- Public docs should not include private dashboard data, real keys, secrets, customer data, or the internal stack used to build VibeLint.
- Dashboard sync focuses on metadata, summaries, detector names, severity, decisions, approvals, and redacted action context.
- VibeLint does not replace human security review.

Important URLs:
- Website: https://vibelint.dev
- Docs: https://vibelint.dev/docs
- Code security coverage: https://vibelint.dev/docs/code-security
- Short LLM summary: https://vibelint.dev/llms.txt
- Full LLM reference: https://vibelint.dev/llms-full.txt
- Pricing: https://vibelint.dev/plans
- Security contact: mailto:hi@vibelint.dev