vibe-check-cli 0.1.0__tar.gz

vibe_check_cli-0.1.0/.github/workflows/vibecheck.yml

@@ -0,0 +1,71 @@
+name: VibeCheck PR Check
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  pull-requests: write
+
+jobs:
+  vibecheck:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install VibeCheck
+        run: pip install vibe-check-cli
+
+      - name: Run VibeCheck Scan
+        env:
+          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+        run: vibe-check scan . --format markdown > vibecheck-report.md
+        continue-on-error: true
+
+      - name: Post PR Comment
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const fs = require('fs');
+            const report = fs.readFileSync('vibecheck-report.md', 'utf8');
+            const body = report.length > 65000
+              ? report.substring(0, 65000) + '\n\n... (truncated)'
+              : report;
+
+            // Find existing VibeCheck comment
+            const { data: comments } = await github.rest.issues.listComments({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+            });
+            const existing = comments.find(c =>
+              c.body.includes('🔍 VibeCheck Report')
+            );
+
+            if (existing) {
+              await github.rest.issues.updateComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                comment_id: existing.id,
+                body: body,
+              });
+            } else {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: context.issue.number,
+                body: body,
+              });
+            }
+
+      - name: Check Score Threshold
+        env:
+          GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+        run: vibe-check score . --exit-code --threshold 60

vibe_check_cli-0.1.0/.gitignore

@@ -0,0 +1,27 @@
+# Python
+__pycache__/
+*.py[cod]
+*.egg-info/
+*.egg
+dist/
+build/
+.eggs/
+
+# Environments
+.env
+.venv/
+*.env.local
+
+# IDE
+.vscode/
+.idea/
+*.swp
+
+# OS
+.DS_Store
+Thumbs.db
+
+# vibe-audit runtime
+.vibeaudit.yml
+
+/tests

vibe_check_cli-0.1.0/PKG-INFO

@@ -0,0 +1,71 @@
+Metadata-Version: 2.4
+Name: vibe-check-cli
+Version: 0.1.0
+Summary: 🎵 Security auditor for vibe-coded repos — 95% deterministic, 25x cheaper than competitors
+License-Expression: MIT
+Requires-Python: >=3.10
+Requires-Dist: aiohttp>=3.9.0
+Requires-Dist: python-dotenv>=1.0.0
+Requires-Dist: rich>=13.0
+Requires-Dist: typer>=0.9.0
+Provides-Extra: dev
+Requires-Dist: pytest-asyncio>=0.21; extra == 'dev'
+Requires-Dist: pytest>=7.0; extra == 'dev'
+Provides-Extra: llm
+Requires-Dist: anthropic>=0.40; extra == 'llm'
+Requires-Dist: google-genai>=1.0.0; extra == 'llm'
+Requires-Dist: openai>=1.0; extra == 'llm'
+Provides-Extra: scanning
+Requires-Dist: bandit>=1.7; extra == 'scanning'
+Requires-Dist: detect-secrets>=1.4; extra == 'scanning'
+Requires-Dist: pip-audit>=2.6; extra == 'scanning'
+Requires-Dist: semgrep>=1.50; extra == 'scanning'
+Description-Content-Type: text/markdown
+
+# 🎵 VibeCheck
+
+Security auditor for vibe-coded repos — 95% deterministic, 25x cheaper than competitors.
+
+## Installation
+
+```bash
+pip install vibe-check-cli
+```
+
+## Setup API Keys
+
+VibeCheck uses LLMs for intelligent compliance testing and hallucination detection.
+
+### Local Development
+
+You can simply create a `.env` file in the root of your repository where you run `vibe-check`. VibeCheck will automatically load it.
+
+```bash
+# .env
+GEMINI_API_KEY="your-api-key-here"
+```
+
+### GitHub Actions (Production / CI / CD)
+
+When running VibeCheck in GitHub Actions, pass the API key from your GitHub Repository Secrets as an environment variable to the step.
+
+```yaml
+- name: Run VibeCheck Scan
+  env:
+    GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+  run: vibe-check scan .
+```
+
+## Usage
+
+Run a full security scan on the current directory:
+
+```bash
+vibe-check scan .
+```
+
+Get a quick score:
+
+```bash
+vibe-check score .
+```

vibe_check_cli-0.1.0/README.md

@@ -0,0 +1,47 @@
+# 🎵 VibeCheck
+
+Security auditor for vibe-coded repos — 95% deterministic, 25x cheaper than competitors.
+
+## Installation
+
+```bash
+pip install vibe-check-cli
+```
+
+## Setup API Keys
+
+VibeCheck uses LLMs for intelligent compliance testing and hallucination detection.
+
+### Local Development
+
+You can simply create a `.env` file in the root of your repository where you run `vibe-check`. VibeCheck will automatically load it.
+
+```bash
+# .env
+GEMINI_API_KEY="your-api-key-here"
+```
+
+### GitHub Actions (Production / CI / CD)
+
+When running VibeCheck in GitHub Actions, pass the API key from your GitHub Repository Secrets as an environment variable to the step.
+
+```yaml
+- name: Run VibeCheck Scan
+  env:
+    GEMINI_API_KEY: ${{ secrets.GEMINI_API_KEY }}
+  run: vibe-check scan .
+```
+
+## Usage
+
+Run a full security scan on the current directory:
+
+```bash
+vibe-check scan .
+```
+
+Get a quick score:
+
+```bash
+vibe-check score .
+```

vibe_check_cli-0.1.0/hooks/pre-push

@@ -0,0 +1,20 @@
+#!/bin/sh
+# VibeAudit pre-push hook
+# Runs a fast scan and blocks push if critical/high findings exist
+
+echo "🎵 Running VibeAudit pre-push check..."
+
+vibe-check scan . --mode fast --severity critical,high --exit-code --threshold 60
+
+EXIT_CODE=$?
+
+if [ $EXIT_CODE -ne 0 ]; then
+    echo ""
+    echo "❌ Push blocked by VibeAudit — critical/high findings detected."
+    echo "   Run 'vibe-check scan .' for the full report."
+    echo ""
+    exit 1
+fi
+
+echo "✅ VibeAudit passed — push allowed."
+exit 0

vibe_check_cli-0.1.0/pyproject.toml

@@ -0,0 +1,40 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "vibe-check-cli"
+version = "0.1.0"
+description = "🎵 Security auditor for vibe-coded repos — 95% deterministic, 25x cheaper than competitors"
+readme = "README.md"
+requires-python = ">=3.10"
+license = "MIT"
+dependencies = [
+    "typer>=0.9.0",
+    "rich>=13.0",
+    "aiohttp>=3.9.0",
+    "python-dotenv>=1.0.0",
+]
+
+[project.optional-dependencies]
+llm = [
+    "google-genai>=1.0.0",
+    "openai>=1.0",
+    "anthropic>=0.40",
+]
+scanning = [
+    "detect-secrets>=1.4",
+    "bandit>=1.7",
+    "semgrep>=1.50",
+    "pip-audit>=2.6",
+]
+dev = [
+    "pytest>=7.0",
+    "pytest-asyncio>=0.21",
+]
+
+[project.scripts]
+vibe-check = "vibe_check.cli:app"
+
+[tool.hatch.build.targets.wheel]
+packages = ["vibe_check"]

vibe_check_cli-0.1.0/vibe_check/__init__.py

@@ -0,0 +1,3 @@
+"""vibe-check: Security auditor for vibe-coded repos."""
+
+__version__ = "0.1.0"

vibe_check_cli-0.1.0/vibe_check/analyzers/__init__.py

@@ -0,0 +1,3 @@
+from vibe_check.analyzers.base import BaseAnalyzer
+
+__all__ = ["BaseAnalyzer"]

vibe_check_cli-0.1.0/vibe_check/analyzers/base.py

@@ -0,0 +1,40 @@
+"""Base analyzer — SHARED contract, frozen at minute 0."""
+
+from __future__ import annotations
+
+import abc
+from typing import List
+
+from vibe_check.models.finding import Finding
+
+
+class BaseAnalyzer(abc.ABC):
+    """Abstract base class for all vibe-check analyzers."""
+
+    @property
+    @abc.abstractmethod
+    def name(self) -> str:
+        """Human-readable analyzer name (e.g. 'secrets', 'sast')."""
+        ...
+
+    @property
+    @abc.abstractmethod
+    def tier(self) -> int:
+        """Execution tier / layer number (1-5). Lower = runs first conceptually."""
+        ...
+
+    @abc.abstractmethod
+    async def analyze(self, repo_path: str, config: dict | None = None) -> List[Finding]:
+        """Run analysis on the repo at *repo_path* and return findings.
+
+        Args:
+            repo_path: Absolute path to the repository root.
+            config: Optional config dict (from .vibecheck.yml or CLI flags).
+
+        Returns:
+            List of Finding instances.
+        """
+        ...
+
+    def __repr__(self) -> str:
+        return f"<{self.__class__.__name__} name={self.name!r} tier={self.tier}>"