Skip to main content

CLI Documentation

Complete reference for the Vibgrate Command Line Interface. Learn about commands, configuration, extended scanners, CI integration, and more.

Quick Start

# Run without installing anything
npx @vibgrate/cli scan

# Pin a version or see every command
npx @vibgrate/cli@latest --help

no install·Nothing is installed globally — ideal for CI or a one-off scan.

Overview

Commands

vg ask

Ask the code map a question using hybrid lexical + structural + semantic search. Returns a budget-bounded context block ready to paste into any AI assistant — fully offline after first use.

Read more

vg baseline

Create drift baseline snapshots for delta comparison and fitness functions.

Read more

vg benchmark

A reproducible benchmark of build time, memory, and token reduction on your own repository — honest estimates you can rerun, not marketing numbers.

Read more

vg bisect

Pinpoint the commit where a dependency crossed a version line — when a fix was adopted, or never was — and gate CI on it.

Read more

vg build

Build or update the code map incrementally. Maps source code into a graph artifact that powers all downstream queries — vg show, vg ask, vg impact, and more.

Read more

vg bundle

Build a self-contained, air-gapped bundle — parser grammars, your code map, and the library catalog — so Vibgrate runs with no network at all.

Read more

vg drift

What is outdated across your dependencies. Offline by default (inventory plus installed versions); --online queries the registry for the latest, and --fail-on gates CI on version or standards violations.

Read more

vg dsn create

Generate HMAC-signed DSN tokens for authenticating dashboard uploads.

Read more

vg embed

Precompute the semantic index so the next vg ask is instant. Local ONNX model downloaded once into a shared cache — fully offline after first run.

Read more

vg export

Export the code map in various formats: JSON, GraphML, Graphviz DOT, Neo4j Cypher, Markdown, HTML, CycloneDX SBOM, or SPDX.

Read more

vg facts

Deterministic open facts for a node — contract, invariant, characterization. Epistemic-typed: declared/static through to observed/derived.

Read more

vg fix

Analyse drift and get ranked, risk-tiered upgrade plans — safe, balanced, and full — scored on real-world exploitability. Read-only until you choose to apply.

Read more

vg guide

Cited, relevant standards and practices for a node in your code map — a free pack of guidance attached to the symbol you name.

Read more

vg impact

What breaks if you change a node? Deterministic structural blast radius using reverse reachability and decay confidence. With --tests, surfaces exactly the tests to run before shipping.

Read more

vg init

Initialize Vibgrate in your project. Creates the .vibgrate directory and config file.

Read more

vg install / vg uninstall

Add Vibgrate AI Context to your AI assistant — skill, MCP wiring, and advisory nudge. Idempotent and repo-local. Supports Claude, Cursor, Windsurf, VS Code, Codex, and Gemini.

Read more

vg lib

Version-correct library docs pinned to your lockfile — from the hosted catalog or local ingestion. The Free Dev Docs Library, served offline to any AI assistant.

Read more

vg login

Sign the CLI into your Vibgrate workspace from the browser — no DSN to copy or paste.

Read more

vg logout

Sign the CLI out of your Vibgrate workspace by clearing the stored login credential.

Read more

vg map / vg hubs / vg areas / vg oddities

Map-level insights: overview, most-depended-on hubs, natural code groupings (communities), and surprising cross-area links (architectural smells).

Read more

vg models

The local model fleet — Ollama, LM Studio, and gguf files discovered on your machine, entirely offline. See which models are available to power semantic search.

Read more

vg path

Show how node A connects to node B — the shortest path in the call graph.

Read more

vg push

Upload scan results to Vibgrate Cloud for team visibility and trend analysis.

Read more

vg report

Generate human-readable reports from scan artifacts in Markdown, text, or JSON.

Read more

vg savings

A local, privacy-safe report of the tokens and cost saved by querying the code map instead of re-reading files, estimated against a grep baseline over a window you choose.

Read more

vg sbom

Export CycloneDX or SPDX SBOMs, compare dependency deltas, and generate OpenVEX documents.

Read more

vg scan

The primary CLI command. Scan for upgrade drift with multiple output formats and quality gates.

Read more

vg scan --vulns

Detect known vulnerabilities in installed dependencies against the OSV database — online or air-gapped — with severity, CVSS, the fixing version, and git attribution.

Read more

vg serve

Start Vibgrate AI Context — the local, offline MCP server that serves your code map, drift, and version-correct library docs to any AI assistant. No account, nothing uploaded.

Read more

vg share

Make the code map committable and auto-updating for your team. Installs a pre-commit hook, deterministic merge driver, and .gitignore.

Read more

vg show

Explain a single code node: what it is, what it calls, and what calls it. The richest single-node view with callers, callees, and structural metadata.

Read more

vg status

Graph freshness, node/edge counts, staleness, and resolver rungs used. Compares the committed graph against the current working tree.

Read more

vg tests

Which tests cover a node via call or coverage linkage. --missing shows untested nodes nearby. --run prints (or --exec runs) the minimal command to exercise exactly those tests.

Read more

vg tree

The call tree rooted at a node — callees by default, callers with --callers. Depth-bounded and cycle-safe.

Read more

vg unknowns

What the code map cannot resolve, ranked by blast radius — so you can see exactly where the graph is incomplete and how much depends on those gaps.

Read more

vg update

Check for and install CLI updates.

Read more

vg why

Trace a dependency through git history — who added it, every version since, and any open vulnerabilities it carries.

Read more

Configuration

Scanners

Extended Scanners Overview

Beyond core drift scoring — platform matrix, dependency graph, security posture, and more.

Read more

Platform Matrix Scanner

Collect platform and architecture signals that predict where builds will break.

Read more

Dependency Risk Scanner

Risk classification for deprecated packages, native modules, and platform-specific dependencies.

Read more

Dependency Graph Scanner

Lockfile analysis for duplicate packages, phantom dependencies, and workspace graphs.

Read more

Tooling Inventory Scanner

Map your full technology stack by detecting packages across categories.

Read more

Build & Deploy Scanner

Detect CI/CD systems, containerization, and infrastructure-as-code.

Read more

TypeScript Modernity Scanner

Analyze tsconfig.json for strictness, module system, and ESM readiness.

Read more

Breaking Change Exposure Scanner

Flag packages and patterns known to cause upgrade pain.

Read more

File Hotspots Scanner

Lightweight complexity analysis using filesystem metadata only.

Read more

Security Posture Scanner

Structural security hygiene — lockfiles, .gitignore coverage, audit counts.

Read more

Security Scanners Scanner

Local security scanner orchestration and readiness analysis.

Read more

Service Dependencies Scanner

Map external service and platform dependencies by detecting SDK packages.

Read more

Architecture Layers Scanner

Classify source files into architectural layers and detect project archetypes.

Read more

Code Quality Scanner

Fast AST-based quality checks for cyclomatic complexity and upgrade friction hotspots.

Read more

OWASP Category Mapping

Map security findings into OWASP Top 10 categories for triage.

Read more

CI Integration

Reference

All Documentation Pages (68)