npm - @vibecheck-ai/mcp - Versions diffs - 23.2.0 → 24.0.0 - Mend

@vibecheck-ai/mcp 23.2.0 → 24.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+MIT License
+Copyright (c) 2026 VibeCheck
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 <br />
-<img src="https://github.com/guardiavault-oss/Vibecheck/raw/HEAD/packages/vscode-extension/images/vibecheck_logo_transparent_2x.png" alt="VibeCheck MCP Server" width="80" />
+<img src="https://github.com/vibecheck-oss/vibecheck/raw/HEAD/packages/vscode-extension/images/vibecheck_logo_transparent_2x.png" alt="VibeCheck MCP Server" width="80" />
 <br />
@@ -10,7 +10,7 @@
 ### Give your AI agent a trust layer.
-The Model Context Protocol server that lets Cursor, Claude, Windsurf, and any MCP-compatible AI agent scan code for hallucinations, compute trust scores, and gate deployments — using the same 17-engine pipeline as the CLI and VS Code extension.
+The Model Context Protocol server that lets Cursor, Claude, Windsurf, and any MCP-compatible AI agent scan code for hallucinations, compute trust scores, and gate deployments — using the same 14-engine pipeline as the CLI and VS Code extension.
 <br />
@@ -21,7 +21,7 @@ The Model Context Protocol server that lets Cursor, Claude, Windsurf, and any MC
 <br />
 <p align="center">
-  <img src="https://github.com/guardiavault-oss/Vibecheck/raw/HEAD/docs/assets/cli-scan-demo.gif" alt="VibeCheck MCP Server running inside Cursor" width="820" />
+  <img src="https://github.com/vibecheck-oss/vibecheck/raw/HEAD/docs/assets/cli-scan-demo.gif" alt="VibeCheck MCP Server running inside Cursor" width="820" />
 </p>
 <br />
@@ -36,6 +36,10 @@ The **Model Context Protocol (MCP)** is the open standard that connects AI codin
 **Your AI agent writes the code. VibeCheck verifies it didn't hallucinate.**
+### API compatibility
+Billable scan tools that sync usage to VibeCheck’s API require **`@vibecheck-ai/mcp` 24.x or newer**. Older MCP builds are rejected at the API with `SCAN_CLIENT_UPGRADE_REQUIRED`. Update your MCP config to `npx -y @vibecheck-ai/mcp@latest` (or the matching published version).
 <br />
 ### How it works
@@ -46,7 +50,7 @@ The **Model Context Protocol (MCP)** is the open standard that connects AI codin
 │   Windsurf / Cline│     tool calls       │  Server            │
 │   Any MCP client  │                      │                    │
 └──────────────────┘                      │  ┌──────────────┐  │
-                                          │  │ 17 Detection  │  │
+                                          │  │ 14 Detection  │  │
                                           │  │ Engines       │  │
                                           │  └──────────────┘  │
                                           │  ┌──────────────┐  │
@@ -124,7 +128,7 @@ The server communicates over **stdio** using the MCP protocol. No HTTP. No ports
 <br />
 <p align="center">
-  <img src="https://github.com/guardiavault-oss/Vibecheck/raw/HEAD/docs/assets/mcp-setup.png" alt="MCP server configuration in Cursor" width="720" />
+  <img src="https://github.com/vibecheck-oss/vibecheck/raw/HEAD/docs/assets/mcp-setup.png" alt="MCP server configuration in Cursor" width="720" />
 </p>
 <br />
@@ -192,7 +196,7 @@ The agent calls `vibecheck_roast` for an opinionated, brutally honest assessment
 <br />
 <p align="center">
-  <img src="https://github.com/guardiavault-oss/Vibecheck/raw/HEAD/docs/assets/mcp-agent-scan.png" alt="AI agent using vibecheck_scan tool" width="720" />
+  <img src="https://github.com/vibecheck-oss/vibecheck/raw/HEAD/docs/assets/mcp-agent-scan.png" alt="AI agent using vibecheck_scan tool" width="720" />
 </p>
 <br />
@@ -201,29 +205,26 @@ The agent calls `vibecheck_roast` for an opinionated, brutally honest assessment
 <br />
-## 17 Detection Engines
+## 14 Detection Engines
-The same engines that power the CLI and VS Code extension:
+The same engines that power the CLI and VS Code extension (CLI `FileRunner` registration order):
 | # | Engine | What it catches |
 |:---:|:---|:---|
-| 1 | **Ghost Routes** | API calls to endpoints that were never implemented |
-| 2 | **Dead UI** | Buttons, forms, and links wired to empty handlers |
-| 3 | **Phantom Imports** | Packages referenced but never installed |
-| 4 | **Silent Failures** | Try/catch blocks that swallow errors |
-| 5 | **Hardcoded Mocks** | Test data left in production paths |
-| 6 | **Credential Leaks** | API keys, tokens, secrets in source |
-| 7 | **Env Drift** | Missing `.env` variable references |
-| 8 | **Auth Gaps** | Nonexistent auth providers |
-| 9 | **Type Holes** | `@ts-ignore`, `any` casts hiding bugs |
-| 10 | **Console Pollution** | Debug logs in production bundles |
-| 11 | **Version Hallucinations** | Wrong API for installed version |
-| 12 | **Slopsquatting** | Typosquat package names |
-| 13 | **Architectural Drift** | Structural pattern violations |
-| 14 | **Dependency Vulnerabilities** | Known CVEs |
-| 15 | **Performance Anti-patterns** | Sync I/O in async paths |
-| 16 | **Accessibility Violations** | Missing ARIA, keyboard traps |
-| 17 | **Contract Drift** | Code diverged from spec |
+| 1 | **Undefined env vars** | `process.env` references not backed by your env / truthpack |
+| 2 | **Ghost routes** | Client calls to API paths with no handler |
+| 3 | **Phantom dependencies** | Imports of packages not declared or not resolvable |
+| 4 | **API hallucinations** | SDK or API usage that does not exist for your stack |
+| 5 | **Hardcoded secrets** | Keys, tokens, and passwords committed to source |
+| 6 | **Security vulnerabilities** | Injection, XSS, SSRF, weak crypto, and related OWASP-style issues |
+| 7 | **Fake features** | Placeholder flags, empty handlers, mock data in prod paths |
+| 8 | **Version mismatches** | APIs incompatible with installed package versions |
+| 9 | **Logic gaps** | Contradictory or impossible control flow |
+| 10 | **Error-handling gaps** | Swallowed errors, risky `try`/`catch` shape, unchecked async results |
+| 11 | **Incomplete implementation** | Stubs, empty bodies, unfinished paths |
+| 12 | **Type contracts** | Types asserted vs actual JSON/API shape mismatches |
+| 13 | **Security patterns** | Unprotected routes, CSRF, JWT misuse, redirects, CSP gaps |
+| 14 | **Performance anti-patterns** | N+1 queries, sync I/O in async paths, fetch-in-render, and similar |
 <br />
@@ -289,7 +290,7 @@ The MCP server includes enterprise-grade reliability features:
 - **Zero code is transmitted** — ever
 - The MCP server communicates via **stdio only** — no network ports opened
 - Works **fully offline** and in air-gapped environments
-- [Open source](https://github.com/guardiavault-oss/Vibecheck) — read every line
+- [Open source](https://github.com/vibecheck-oss/vibecheck) — read every line
 <br />
@@ -303,7 +304,7 @@ The MCP server includes enterprise-grade reliability features:
 <br />
-[Website](https://vibecheckai.dev) &nbsp;&nbsp;·&nbsp;&nbsp; [Documentation](https://docs.vibecheckai.dev) &nbsp;&nbsp;·&nbsp;&nbsp; [Discord](https://discord.gg/vibecheck) &nbsp;&nbsp;·&nbsp;&nbsp; [GitHub](https://github.com/guardiavault-oss/Vibecheck)
+[Website](https://vibecheckai.dev) &nbsp;&nbsp;·&nbsp;&nbsp; [Documentation](https://docs.vibecheckai.dev) &nbsp;&nbsp;·&nbsp;&nbsp; [Discord](https://discord.gg/vibecheck) &nbsp;&nbsp;·&nbsp;&nbsp; [GitHub](https://github.com/vibecheck-oss/vibecheck)
 <br />