Install the Vibgrate CLI on macOS and Linux
Step-by-step instructions for installing the Vibgrate CLI on macOS and Linux, including Node-based and curl installer options, plus how to confirm the install works.
Comprehensive documentation and guides for the Vibgrate CLI — installation, commands, CI integration, configuration, and more.
Step-by-step instructions for installing the Vibgrate CLI on macOS and Linux, including Node-based and curl installer options, plus how to confirm the install works.
How to install the Vibgrate CLI on Windows using npm or the PowerShell installer, then verify that the vg command works in PowerShell and Windows Terminal.
Install the Vibgrate CLI globally or per-project with npm, understand the difference, and confirm the vg command runs your first scan.
Install the Vibgrate CLI using pnpm, yarn, or bun, both globally and as a project dev dependency, then run your first drift scan.
Try the Vibgrate CLI without installing anything by running it through npx. Learn the exact command, when to use it, and its tradeoffs versus a global install.
Install the Vibgrate CLI without a Node package manager using the curl shell installer, then verify the vg command and run your first scan.
Scan a Go module for upgrade drift with the Vibgrate CLI, understand the DriftScore it reports, and set up a baseline so you can track drift over time.
Scan a Rust crate or workspace for upgrade drift with the Vibgrate CLI, read the DriftScore, and capture a baseline for tracking drift over time.
Scan a Composer-based PHP project for upgrade drift with the Vibgrate CLI, understand the DriftScore, and create a baseline to track drift over time.
Scan a Bundler-based Ruby project for upgrade drift with the Vibgrate CLI, read the DriftScore, and capture a baseline to track drift over time.
A guided first scan with the Vibgrate CLI: run the bare command, read the findings and DriftScore, then try structured output and a quality gate.
After your first scan, learn what the DriftScore means, how to read its 0-100 range, and what actions to take based on the result.
Sign the Vibgrate CLI into your workspace from the browser with vg login, confirm you are authenticated, and sign out with vg logout when needed.
Keep the Vibgrate CLI current using the built-in updater or your package manager, then confirm the new version is active.
Cleanly remove the Vibgrate CLI: sign out, uninstall the binary with your package manager, and remove project artifacts you no longer need.
Confirm the Vibgrate CLI is correctly installed: check the version, run a quick scan, and resolve common command-not-found issues.
Set up continuous drift detection in under 10 minutes. Quick-start templates for GitHub Actions, Azure DevOps, GitLab CI, and generic pipelines.
Install the Vibgrate CLI, run your first scan, and understand your DriftScore in under five minutes. This guide covers installation on every major platform and walks through the essential first-scan workflow.
A step-by-step guide to scanning Node.js and TypeScript projects with the Vibgrate CLI — from a single package.json to complex monorepos with multiple workspaces.
Scan .NET solutions and projects for upgrade drift — runtime version lag, NuGet package drift, target framework analysis, and more.
Scan Python projects for dependency drift using requirements.txt, pyproject.toml, and other Python manifests with the Vibgrate CLI.
Scan Java and JVM projects for dependency drift — Maven, Gradle, and Spring Boot projects are all supported by the Vibgrate CLI.
Get three ranked upgrade plans — Low-risk, Balanced, and Full — scored on real-world exploitability (CISA KEV and FIRST EPSS), so the dangerous upgrade rises to the top. Read-only until you choose to apply.
Detect known vulnerabilities in your installed dependencies against the OSV database, online or air-gapped, with severity, CVSS, the fixing version, and git attribution.
Trace any dependency through git history: who added it, every version since, and any open vulnerabilities it carries — across npm, Python, Go, Rust, Ruby, PHP, Dart, Elixir, and .NET projects.
Pinpoint the commit where a dependency reached a version or semver range — when a fix was adopted, or never was — and gate CI on it, across npm, Python, Go, Rust, Ruby, PHP, Dart, Elixir, and .NET projects.
A step-by-step walkthrough of running vg init to set up Vibgrate in a repository, what the .vibgrate directory contains, and how to verify the setup with a first scan.
Learn how vg init --baseline both sets up Vibgrate and captures a starting drift snapshot in a single command, and when this is the right way to onboard a repository.
Capture a known-good snapshot of your project's drift state with vg baseline so future scans can report change as a delta and power fitness functions.
Walk through vg login to connect the CLI to your Vibgrate workspace from the browser, with no DSN to copy or paste, then verify and push results.
Use vg logout to clear the stored login credential and disconnect the CLI from your Vibgrate workspace, and learn when signing out is the right move.
Keep the CLI current with vg update to check for and install the latest version, why staying updated matters, and how to confirm your installed version.
A step-by-step guide to exporting a CycloneDX Software Bill of Materials from your project using vg sbom export, including the output file and what to do with it.
A step-by-step guide to building a code graph with vg build, including incremental updates, what the build produces, and how to confirm it worked before running queries.
Use vg show to explain any code node — what it is, what it calls, and what calls it. Learn how to read its callers, callees, and structural metadata.
Use vg ask to query the code graph in natural language and get a budget-bounded context block ready to paste into any AI assistant — fully offline after the first use.
Use vg impact to see what breaks if you change a node — a deterministic structural blast radius from reverse reachability with decay confidence — so you can plan changes safely.
Use the --tests flag on vg impact to surface exactly the tests to run before shipping a change, turning a structural blast radius into a focused, runnable test list.
Use vg path to show how node A connects to node B — the shortest path through the call graph — so you can trace exactly how two parts of your code relate.
Use vg tree to walk the call tree rooted at a node — callees by default — with depth-bounded, cycle-safe traversal so you can understand how code fans out.
Use vg hubs to surface the most-depended-on nodes in your codebase — the functions, classes, and modules that everything else relies on. Learn why hubs matter for risk, refactoring, and onboarding.
Use vg oddities to surface surprising cross-area links — the connections that violate your intended architecture. Learn how Vibgrate Graph flags these smells and how to triage them.
Use vg areas to reveal the natural groupings in your codebase — clusters of nodes that work closely together. Learn how communities help you understand modularity and plan refactors.
Use vg map to get a structural overview of your repository — the high-level shape of your code map in one command. Learn what the overview shows and how to drill in from there.
Use vg lib to access version-correct library docs pinned to your lockfile — the Free Dev Docs Library, served offline to any AI assistant. Learn how it keeps docs aligned with the versions you actually run.
Use vg export with --format and --out to write your code map to JSON, GraphML, Graphviz DOT, Neo4j Cypher, Markdown, HTML, or SBOM. Learn how to move the graph into other tools.
Use vg embed to precompute the semantic index so your next vg ask is instant. Learn how the local ONNX model works, why it is fully offline, and when to run it.
Use vg share to make the code map committable and auto-updating. It installs a pre-commit hook, a deterministic merge driver, and .gitignore entries so the graph stays fresh in version control.
Use vg status to see graph freshness, node and edge counts, staleness, and the resolver rungs used. Learn how it compares the committed graph against your working tree.
Use vg facts to produce deterministic facts for a node — contract, invariant, and characterization — typed by how they were derived, from declared/static to observed. Learn how facts ground AI assistants.
Use vg tests to see which tests cover a node, --missing to find untested nodes nearby, and --run or --exec to get and run the minimal test command. Learn to target exactly the tests that matter.
Use vg install to add Vibgrate AI Context to your AI assistant — skill, MCP wiring, and an advisory nudge. It is idempotent and repo-local, supporting Claude, Cursor, Windsurf, VS Code, Codex, and Gemini.
Use vg lib to see which libraries Vibgrate can serve version-correct documentation for, resolved against your project's lockfile. A quick reference for the command and what it shows.
Run vg serve to launch Vibgrate AI Context, the local, offline MCP server that feeds your code map, drift, and version-correct library docs to any AI assistant. A practical command guide.
Everything you need to know about the vg init command: creating the .vibgrate directory, generating a default config file, and optionally establishing your first baseline.
The primary CLI command. Scan your project for upgrade drift, generate reports in multiple formats, enforce quality gates, and optionally push results to the dashboard.
Establish a drift baseline snapshot for delta comparison. Baselines are the foundation of drift fitness functions and CI regression gates.
Generate Markdown, text, or JSON reports from existing scan artifacts. Perfect for sharing drift status with stakeholders who do not use the CLI.
Export CycloneDX or SPDX SBOMs from scan artifacts, compare dependency deltas between two scans, and generate OpenVEX exploitability statements for supply-chain governance.
Upload scan results to the Vibgrate Cloud API for team visibility, portfolio tracking, and historical trend analysis.
Generate HMAC-signed DSN tokens for authenticating scan uploads to Vibgrate Cloud. Supports US and EU data residency regions.
Check for and install Vibgrate CLI updates. Supports npm, pnpm, yarn, and bun package managers.
How Vibgrate measures vulnerability exposure over time — who introduced each issue, how long you have been exposed, and whether remediation keeps pace with per-severity SLAs.
Understand what a Vibgrate scan tells you. Learn how to read the DriftScore, the findings summary, and the exit code so you can act on results with confidence.
Learn what a drift budget is, how the --drift-budget flag turns DriftScore into a pass/fail gate, and how it complements baselines and worsening checks.
A plain-language introduction to the Software Bill of Materials (SBOM): what it lists, why regulators and customers ask for one, and how Vibgrate CLI produces one from your codebase.
Vibgrate's Dependency Risk scanner classifies risky packages — deprecated, native, or platform-specific. Learn what these findings mean and how they complement your SBOM.
How Vibgrate surfaces vulnerable dependencies through its security scanning and SBOM output, and how to feed CycloneDX SBOMs into vulnerability tooling and OpenVEX exploitability statements.
Your SBOM captures the licenses of every dependency. Learn how license information appears in Vibgrate's CycloneDX and SPDX output and how to use it for license compliance.
Learn what Vibgrate Graph is, what the code graph (code map) represents, and how it powers offline queries like vg show, vg ask, vg impact, vg path, and vg tree.
Learn how to read vg impact results — the reverse-reachability blast radius and decay confidence — so you can tell a contained change from a risky one and act accordingly.
Understand how incremental vg build keeps the code graph fast, why graph queries are offline and quick after the first build, and how to keep large-repo workflows snappy.
Vibgrate AI Context is the local, offline MCP server that serves your code map, drift, and version-correct library docs to any AI assistant. Learn what it does, why it exists, and how it differs from the hosted Vibgrate MCP.
The Free Dev Docs Library gives your AI assistant version-correct documentation pinned to your lockfile, served offline through Vibgrate AI Context. Learn what it covers and how it keeps AI answers accurate.
AI assistants hallucinate APIs because their training data is frozen and version-blind. Learn why version-correct documentation from the Free Dev Docs Library makes AI-assisted coding dramatically more accurate.
Vibgrate AI Context runs locally, needs no account, and uploads nothing. Learn exactly what stays on your machine and why the local context server is safe for sensitive codebases.
Learn what the Dependency Risk Scanner detects — deprecated packages, native modules, and platform-specific dependencies — why each class raises upgrade risk, and how to act on the findings before they block a release.
Understand how the Dependency Graph Scanner analyzes lockfiles to find duplicate packages, phantom dependencies, and workspace graph problems — and why these hidden issues make upgrades fragile.
See how the Tooling Inventory Scanner detects packages across categories to build a complete map of your stack — frameworks, build tools, test runners, and more — and why an accurate inventory is the foundation of upgrade planning.
Learn how the Build & Deploy Scanner detects your CI/CD systems, containerization, and infrastructure-as-code — and why understanding your delivery pipeline is essential to predicting where upgrades break in production.
Understand how the TypeScript Modernity Scanner reads tsconfig.json to assess strictness, module system, and ESM readiness — and why these settings determine how painful your next TypeScript or framework upgrade will be.
Learn how the Breaking Change Exposure Scanner flags packages and patterns known to cause upgrade pain, why early exposure data lowers migration risk, and how to plan around the findings.
Understand how the File Hotspots Scanner uses filesystem metadata alone to surface likely complexity hotspots, why a zero-parse signal is fast and privacy-friendly, and how to use the findings to focus effort.
Learn how the Security Posture Scanner checks structural security hygiene — lockfile presence, .gitignore coverage, and audit counts — why these basics predict supply-chain risk, and how to close the gaps.
Understand how the Security Scanners Scanner detects and assesses readiness of local security tools, why orchestration beats ad-hoc scanning, and how to use the findings to harden your pipeline.
Learn how the Service Dependencies Scanner detects SDK packages to map your external service and platform dependencies, why this map matters for resilience and upgrades, and how to act on it.
Understand how the Architecture Layers Scanner classifies source files into layers and detects project archetypes, why an explicit layer map reveals structural drift, and how to use it.
Learn how the Code Quality Scanner runs fast AST-based checks for cyclomatic complexity and upgrade-friction hotspots, why content-aware analysis catches what metadata misses, and how to act on findings.
Understand how Vibgrate maps security findings into OWASP Top 10 categories, why a shared taxonomy speeds triage and reporting, and how to use the mapping to prioritize fixes.
Learn how the Platform Matrix Scanner collects platform and architecture signals that predict build breakage, why cross-platform risk is easy to miss, and how to use the matrix to harden your pipeline.
See how Vibgrate's individual scanners contribute to one 0-100 DriftScore, why a single number aids prioritization without hiding detail, and how to drill from the score into the findings behind it.
Learn a practical method for reading scanner findings, prioritizing them by impact, and turning a scan into an action plan — so the DriftScore becomes work that ships rather than a number you ignore.
Learn what upgrade drift is, why it accumulates silently, and how Vibgrate CLI measures it so you can keep dependencies, runtimes, and tooling current without surprises.
Understand what a DriftScore of 0-100 means, how the risk bands map to action, and how to read a score in context rather than chasing a perfect zero.
A practical look at the factors that increase or decrease your DriftScore, so you can prioritize the upgrades that move the number most and keep drift in check.
Understand the difference between a drift baseline and a drift budget, when to use each, and how they work together to stop regressions and cap absolute drift.
Learn how to treat drift as an architectural fitness function — an automated, objective check that your codebase keeps moving in the right direction over time.
Understand Vibgrate CLI's output formats — human-readable text, JSON, SARIF, and Markdown — and when to choose each for terminals, pipelines, code scanning, and reports.
Understand how Vibgrate CLI uses exit codes to signal pass, fail, and error so your scripts and CI pipelines can branch reliably on scan results.
Learn which languages and ecosystems Vibgrate scans and how it reads manifests and lockfiles to detect dependencies, runtimes, and drift across a polyglot codebase.
Understand how Vibgrate recognizes monorepos and workspaces, reads their package graphs, and scans multiple packages so drift is measured across the whole repository.
Learn the difference between direct and transitive dependencies, why both contribute to drift and risk, and how Vibgrate uses lockfiles to see the full tree.
Understand what an end-of-life runtime is, why it's one of the biggest drivers of drift and risk, and how Vibgrate surfaces unsupported language and platform versions.
Learn how deprecations and breaking changes accumulate as drift, the difference between the two, and how Vibgrate flags exposure before an upgrade bites you.
Understand why upgrade drift is also a security problem, how outdated dependencies and EOL runtimes expand your exposure, and how Vibgrate surfaces structural security signals.
Learn why a single DriftScore is less useful than a trend, and how baselines and Vibgrate Cloud let you track whether drift is improving or quietly creeping up.
Understand the difference between scanning for drift locally and in CI, when to use each, and how to combine them for fast feedback and reliable enforcement.
Learn what a code graph is, how Vibgrate Graph maps your source into nodes and edges, and why a structural model of your code powers offline queries and impact analysis.
Understand what version-correct AI context means, why pinning docs and code structure to your lockfile prevents AI hallucinations, and how Vibgrate AI Context serves it offline.
How Vibgrate sizes each scanned project into nano, micro, small or standard tiers, bills it as a fraction of a project, and rounds the total down to your billable projects.
A deep dive into how the Vibgrate DriftScore is calculated — the four weighted components, risk levels, and how to interpret your score.
Turn drift scoring into a formal quality gate. Learn how baselines, drift budgets, and worsening thresholds create fitness functions that prevent drift regression in CI.
Download an SBOM from Vibgrate Cloud wrapped in a signed attestation, so a consumer can prove it came from Vibgrate and has not been altered — and see its verified status in the dashboard.
Run the Vibgrate CLI inside a container with Docker, mount your project for scanning, and capture machine-readable output for pipelines.
Connect the CLI to Vibgrate Cloud: log in, run a scan, and push results so your team can see DriftScore trends over time in one workspace.
Learn the fastest way to scan a project for upgrade drift. Running bare vg scans the current directory and prints a DriftScore with no configuration required.
Point a Vibgrate scan at a specific folder without changing shells. Use the --cwd flag to scan a subdirectory or sibling project from anywhere.
Generate machine-readable JSON from a Vibgrate scan for scripting, dashboards, and custom tooling. Learn the --format json flag and how to combine it with --out.
Emit SARIF from a Vibgrate scan so drift findings appear in GitHub code scanning and other SARIF-aware tools. Learn the --format sarif flag and how to save it.
Choose human-readable scan output: the default table for terminals and Markdown for pull request comments and docs. Learn the --format options for readable reports.
Enforce a maximum acceptable DriftScore with --drift-budget. Learn how to set a budget so scans fail when drift exceeds the threshold you choose.
Keep generated code, vendored folders, and fixtures out of your drift results with the --exclude flag. Learn how to focus a Vibgrate scan on the code that matters.
Speed up pull request checks by scanning just what changed. Learn the --changed-only flag and when a focused scan is the right choice for fast feedback.
Save scan output as a build artifact with the --out flag. Learn how to write JSON, SARIF, or Markdown results to a named file for archiving and CI uploads.
Run Vibgrate across a monorepo. Learn how to scan the whole tree, target individual packages with --cwd, and exclude folders to keep results meaningful.
Focus a Vibgrate scan on one package or service. Learn how to use --cwd to target a package directory and get a DriftScore scoped to the code one team owns.
Compare a scan against a saved baseline to see what drift is new. Learn how to capture a baseline and pass it with --baseline for delta-based gates.
Make scans fast and predictable. Learn how caching speeds repeated scans, when to use --no-cache for a clean run, and how --changed-only keeps feedback quick.
Get reliable scans on big codebases. Learn how to exclude heavy directories, scope to changed files, and control caching so large-repo scans stay fast and accurate.
Resolve common scan problems. Learn how to rule out stale caches with --no-cache, narrow scope with --cwd and --exclude, and read exit codes when a scan fails CI.
Understand the configuration that vg init writes, how to tune scanner toggles and exclusions, and why committing the config keeps your team and CI consistent.
Keep scans fast and focused by excluding generated, vendored, and irrelevant directories using configuration exclusions and the --exclude flag.
Use vg scan --baseline to compare the current state against a stored snapshot, report drift as a delta, and fail builds only when drift worsens.
Keep baselines meaningful over time: when to refresh after intentional upgrades, how to re-run vg baseline, and how to avoid masking real drift.
Make scans deterministic across machines and CI by pinning a specific Vibgrate CLI version, and learn how this interacts with vg update.
Give each repository its own committed Vibgrate configuration so thresholds, scanner toggles, and exclusions match that project, and stay consistent across the team.
Understand how CLI workspace settings connect local scans to a Vibgrate Cloud workspace via vg login or a DSN, and how that enables team trend analysis.
Diagnose and fix common authentication problems: failed uploads, expired or missing DSNs in CI, stale local credentials, and pushing to the wrong workspace.
Turn a Vibgrate CLI scan into a human-readable report you can read, review, or attach to a pull request. Learn how to produce Markdown, text, or JSON reports with vg report.
Produce a report that teammates, reviewers, and stakeholders can actually open. Learn which format to pick for each audience and how to attach reports to pull requests and chat.
Send your scan results to Vibgrate Cloud so your whole team sees DriftScore, findings, and trends on one dashboard. Learn the two ways to upload and how authentication works.
Get a repository showing up in Vibgrate Cloud by naming it consistently on upload. Learn how --repository-name groups scans under the right repo so trends stay coherent.
Generate an HMAC-signed DSN token so non-interactive environments can upload to Vibgrate Cloud. Learn how vg dsn create works and how to use --dsn safely in CI.
See how your DriftScore moves over time once you push scans to Vibgrate Cloud. Learn what builds a trend line and how to keep history continuous.
Roll many repositories up into a single portfolio view so leaders can compare DriftScore across the estate. Learn how consistent naming and pushing build the rollup.
Keep DriftScore data fresh by scanning and pushing on a schedule. Learn how to wire vg scan --push into scheduled CI jobs for continuous reporting.
Turn drift data into a one-glance summary leaders can act on. Learn how to combine vg report output with the Vibgrate Cloud dashboard for executive reporting.
Feed your own BI and analytics tools with machine-readable drift data. Learn how to export JSON from vg report and where to write it with --out.
Wire Vibgrate uploads into your CI so every build reports its DriftScore to Vibgrate Cloud. Learn the canonical scan-and-push pattern with DSN authentication.
Group related repositories under an application so drift rolls up to something the business recognizes. Learn how consistent repository naming feeds application views.
Read DriftScore as a moving signal rather than a snapshot. Learn what makes the number move, how baselines complement trends, and how to keep history reliable.
Give each team a focused view of the repositories they own. Learn how consistent naming and grouping turn pushed scans into per-team dashboards.
Understand how access to Vibgrate Cloud works and how the CLI authenticates against your workspace. Learn the difference between interactive login and DSN-based uploads.
Fix the most common reasons a push to Vibgrate Cloud fails — missing login, stale or wrong DSN, and inconsistent repository names. Step through the checks in order.
Automate SBOM generation on every build by adding vg sbom export to your CI pipeline, so a fresh, reproducible Software Bill of Materials is produced for each commit or release.
Learn how to generate a Software Bill of Materials and attach it to a tagged release so customers, auditors, and downstream tools can retrieve the exact component inventory for each version.
Use Vibgrate SBOMs as durable audit evidence. Learn how to produce, name, and retain Software Bills of Materials so they satisfy compliance reviews and customer security questionnaires.
Working in a monorepo? Learn strategies for producing Software Bills of Materials at the right granularity — per package or for the whole workspace — using Vibgrate CLI.
Understand how Vibgrate's source-level SBOM fits projects that ship as container images, what it covers, and how to combine it with image-layer SBOM tooling for full coverage.
Run drift scoring and SBOM export together so a single build produces both a DriftScore for upgrade risk and a Software Bill of Materials for supply-chain visibility.
Bring SBOMs, dependency-risk findings, security posture, and drift scoring together into a repeatable check that tells you whether your software supply chain is in good shape.
Send your scan results to Vibgrate Cloud for team visibility and trend tracking, and keep SBOM files as release artifacts — learn how the local SBOM and the hosted dashboard work together.
Fix the most common problems with vg sbom export — empty component lists, missing licenses, wrong output location, and format confusion — so you get a complete, correct SBOM.
Learn how to keep the Vibgrate code graph fresh as your code changes using incremental vg build runs, so vg show, vg ask, and vg impact always reflect current code.
Make code reviews faster and safer by using vg impact, vg show, and vg tree to understand blast radius, verify dependencies, and surface the tests a change should pass.
Help new team members learn a codebase quickly using vg ask, vg show, and vg tree to explore structure, follow entry points, and ask natural-language questions offline.
Plan and execute refactors with confidence using vg impact to map blast radius, vg tree to understand structure, and vg impact --tests to know what to run before shipping.
Build and query a code graph across a monorepo with vg build, then use vg path and vg impact to understand cross-package dependencies and the reach of shared code.
Fix common Vibgrate Graph issues — stale results, missing nodes, empty paths, and overwhelming trees — by rebuilding correctly and choosing the right query for the question.
A guide to every format vg export supports — JSON, GraphML, Graphviz DOT, Neo4j Cypher, Markdown, HTML, CycloneDX, and SPDX — with guidance on which to pick for visualization, databases, docs, and SBOMs.
A practical guide to making the Vibgrate Graph code map a shared team asset with vg share — committing it to version control, keeping it fresh automatically, and avoiding merge conflicts.
A guide to feeding deterministic, epistemic-typed facts to AI assistants so their suggestions are grounded in your real code — contracts, invariants, and characterizations served via Vibgrate AI Context.
A guide to using vg tests --missing to find untested nodes near your changes, then --run or --exec to run exactly the right tests — closing coverage gaps without running the whole suite.
A troubleshooting guide for common issues with vg export and vg share — stale output, missing code map, format and path mistakes, and committed maps that look out of date after a pull.
Resolve documentation for the exact version of a library your project depends on, using vg lib and the Free Dev Docs Library served through Vibgrate AI Context. A practical walkthrough.
Wire Vibgrate AI Context into Claude and Claude Code so the assistant can read your code map, drift, and version-correct library docs over MCP. Step-by-step using vg install and vg serve.
Set up Vibgrate AI Context in Cursor so its AI reads your code map, drift, and version-correct library docs over MCP. A step-by-step guide using vg install and vg serve.
Wire Vibgrate AI Context into VS Code so Copilot and MCP-aware extensions read your code map, drift, and version-correct library docs. Step-by-step using vg install and vg serve.
Set up Vibgrate AI Context as an MCP server in the Continue extension so its AI reads your code map, drift, and version-correct library docs. A step-by-step guide.
Add Vibgrate AI Context as an MCP server in the Zed editor so its assistant reads your code map, drift, and version-correct library docs. A step-by-step guide.
Vibgrate AI Context is a standard MCP server, so any MCP-compatible client can use it. Learn how to connect tools beyond the ones with built-in wiring, using vg serve.
Vibgrate AI Context serves more than docs — it feeds your code map and DriftScore to your AI assistant over MCP. Learn how to expose structural and drift context alongside version-correct docs.
Vibgrate AI Context runs fully offline after a one-time model download, making it suitable for air-gapped and disconnected environments. Learn how to prepare and run it without network access.
Version-correct docs are only correct if they track your dependencies. Learn how the Free Dev Docs Library stays aligned with your lockfile and how to refresh it as you upgrade.
Bring version-correct docs and code-map context into AI-assisted code review with Vibgrate AI Context. Learn how grounded context catches version-mismatched suggestions before they merge.
A transparent guide to Vibgrate's privacy-first architecture — what data is collected, what is never collected, and how to use privacy modes.
Import Vibgrate's core TypeScript types for programmatic use — build custom tools, dashboards, and integrations on top of the scan artifact schema.
Run full drift analysis without any network connectivity using downloaded package manifests. Perfect for secure, restricted, or air-gapped environments.
A comprehensive guide to all extended scanners in the Vibgrate CLI — platform matrix, dependency risk, security posture, architecture layers, code quality, and more.
A guide to all four output formats supported by the Vibgrate CLI — when to use each, what they contain, and how to integrate them into your workflows.
Complete reference for the Vibgrate configuration file — thresholds, scanner toggles, exclude patterns, and all supported config formats.
Turn a Vibgrate scan into a quality gate with --fail-on. Learn how to fail the build when findings reach a chosen severity so risky drift blocks merges.
Keep CI logs clean with the --quiet flag. Learn how quiet mode suppresses extra console output so pipelines show only what matters and exit codes drive decisions.
Push scan results from automated pipelines without an interactive browser by using a DSN token, so vg push works headlessly in CI.
A guide to running vg status in continuous integration to keep the committed code map fresh — detecting staleness, gating on freshness, and rebuilding when the graph drifts from the working tree.
Add Vibgrate drift scanning to a Jenkins declarative pipeline. Learn how to install the CLI on an agent, run a scan, fail the build on regressions, and archive the report artifact.
Wire the Vibgrate CLI into a CircleCI job. Learn how to run a scan in a Node executor, set a quality gate, and persist the report as a build artifact.
Configure bitbucket-pipelines.yml to run Vibgrate drift scans on every push and pull request. Learn how to set a quality gate and keep the report as an artifact.
Set up .travis.yml to run Vibgrate drift scans in a Node environment. Learn how to fail builds on regressions and produce a report artifact.
Add a Vibgrate drift scan step to a Drone pipeline using a Node container. Learn how to apply a quality gate and surface the DriftScore on every build.
Add a Vibgrate drift scan step to a Buildkite pipeline running on self-hosted agents. Learn how to gate builds and upload the report as a Buildkite artifact.
Add a command-line build step that runs Vibgrate drift scanning in TeamCity. Learn how to fail builds on regressions and keep the report as a build artifact.
Add a Run step to a Harness CI pipeline that executes Vibgrate drift scanning. Learn how to gate the build and push results to Vibgrate Cloud.
Add a Vibgrate drift scan step to a Woodpecker CI pipeline using a Node container. Learn how to gate builds and generate a report.
Run Vibgrate drift scanning as a step in an Argo Workflows template on Kubernetes. Learn how to source the repository, gate the run, and capture the report.
Define a Tekton Task that runs Vibgrate drift scanning on a cloned workspace. Learn how to gate the pipeline run and emit the report.
Use --drift-budget to fail a pull request build when the DriftScore exceeds an allowed ceiling. Learn how to choose a budget and tighten it over time.
Produce a SARIF file with --format sarif and upload it to your platform's code scanning dashboard. Learn the scan command and how findings appear inline.
Turn a Vibgrate drift scan into a required status check so pull requests cannot merge while drift exceeds your gate. Learn the scan setup and the branch-protection side.
Run a full Vibgrate drift scan on a nightly schedule to track trend without slowing pull requests. Learn the scan command and how to push results for trend analysis.
Generate a Markdown drift report in CI and post it as a pull request comment so reviewers see the DriftScore inline. Learn the scan command and the posting pattern.
Use --changed-only to scan just the files touched in a pull request, keeping PR pipelines fast while reserving full scans for scheduled runs.
Persist the Vibgrate cache between CI runs to speed up repeat scans. Learn what to cache, how to key it, and when to bypass the cache.
Run parallel Vibgrate scans across a monorepo by fanning out a CI matrix over packages. Learn how to scope each scan and aggregate the DriftScores.
Use --push to upload CI scan results to Vibgrate Cloud for team visibility and trend analysis. Learn how to configure a DSN secret and run the push safely.
Use --fail-on to fail a build when findings reach a chosen severity. Learn how the flag maps to exit codes and how it complements a drift budget.
Set up Vibgrate in GitHub Actions for continuous drift detection, SARIF integration with Code Scanning, and automated dashboard uploads.
Set up Vibgrate in Azure DevOps Pipelines for continuous drift detection, SARIF artifact publishing, and drift budget enforcement.
Set up Vibgrate in GitLab CI/CD for continuous drift detection, SAST report integration, and drift budget enforcement.
Use Vibgrate in any CI system — Jenkins, CircleCI, Bitbucket Pipelines, or custom build scripts. The CLI requires no login, produces standard outputs, and works entirely offline.
Learn where environment variables fit in a Vibgrate workflow, especially for supplying secrets like a DSN to vg push in CI without committing them.
Understand how command-line flags, the committed configuration file, and environment-provided values combine, so you can predict exactly what a scan will do.
Open a Vibgrate-generated CycloneDX or SPDX file and understand its structure — components, versions, licenses, and identifiers — so you can review and use it with confidence.
Vibgrate CLI exports CycloneDX and SPDX SBOMs and can generate OpenVEX documents. Learn what each format is for and how to choose the right one for your use case.
Learn how to choose the two endpoints for vg path using --pick-a and --pick-b so you trace the connection between exactly the nodes you mean.
Flip vg tree to show callers instead of callees with --callers, and control how deep it traverses with --depth, to focus the call tree on exactly what you need.
Common issues when running Vibgrate AI Context (vg serve) and how to fix them — from clients not seeing tools to stale context, slow first runs, and offline library gaps.
Learn how to control which scanners run and narrow a scan to what you care about, why focusing improves signal and speed, and how to keep configuration consistent across your team and CI.
Understand how scanner results are presented — text, JSON, SARIF, and Markdown — why each format suits a different audience, and how to choose the right one for humans, machines, and CI.
A reference for the flags that apply across Vibgrate CLI commands, including path selection, output control, and quiet mode. Learn what each common flag does and when to reach for it.
Understand how environment-level configuration interacts with the Vibgrate CLI, including offline mode, proxy settings, and credentials, and how environment context flows into scans and uploads.
A detailed reference for the Vibgrate configuration file created by vg init. Learn where config lives, what it controls, and how scanner toggles, thresholds, and exclusions shape every scan.
Learn how to produce and consume JSON output from the Vibgrate CLI for scripting and dashboards. Understand how JSON relates to the other output formats and how to write it to a file.
Learn how to emit SARIF from Vibgrate scans and feed it into code-scanning surfaces such as GitHub code scanning. Understand when SARIF is the right format and how to write it to a file.
A reference for the language ecosystems Vibgrate scans for upgrade drift, including Node.js, .NET, Python, Java, Go, Rust, PHP, and Ruby. Learn how manifests and lockfiles drive results.
Plain-language definitions for the terms you will meet using the Vibgrate CLI, including DriftScore, baseline, code map, Vibgrate AI Context, and SBOM. A quick reference for new and returning users.
A compact, copy-friendly list of every Vibgrate CLI command grouped by purpose: scanning, baselines and reports, uploads, and the Vibgrate Graph code-map commands. Real commands only.
Configure the Vibgrate CLI for proxied networks and air-gapped environments. Learn how offline mode works, how to bypass caches, and how local code-map queries stay fully offline after first use.
Fix common problems installing or running the Vibgrate CLI, including the vg binary not being found, version mismatches, and trying the CLI without installing. Practical, command-first guidance.
Resolve authentication problems with the Vibgrate CLI, from the browser login flow to DSN tokens for CI. Learn how to re-authenticate, clear stale credentials, and authenticate non-interactively.
Speed up slow Vibgrate scans with concurrency tuning, exclusions, scoping, and cache control. Learn which knobs to turn first on large or monorepo codebases.
Understand why a Vibgrate step fails in CI and how to fix it, separating intentional drift-gate failures from real errors. Learn to read exit codes, gates, and authentication problems.
Fix the case where a Vibgrate scan finds no projects. Learn how detection works, how exclusions and working directory affect it, and how to confirm the CLI is scanning the right tree.
Fix problems building or querying the Vibgrate code map. Learn how to check freshness, rebuild incrementally, precompute the semantic index, and confirm queries work offline.
A guide to the categories of problems the Vibgrate CLI reports and how to act on each, from command not found and detection issues to gate failures and upload errors. Includes how to read exit codes.
Quick answers to the most common questions about the Vibgrate CLI: how to scan, whether you need an account, how to try it without installing, what DriftScore means, and how to work offline.
A quick reference for all CLI exit codes — use these to control pipeline flow and interpret scan results programmatically.
Manage your plan, see scan and usage credits, and handle your subscription.
Software supply-chain intelligence — SBOM coverage, components, provenance, and attestations.
Connect GitHub, GitLab, Bitbucket, or Azure DevOps, bind repositories, and manage drift badges.
Create and manage MCP and CLI access tokens, scoped per workspace with read or write grants.
Your application inventory — ownership, environments, drift, and how each app was discovered.
Your governance inbox — review what needs sign-off, see the impact, and approve or reject.
A living map of services, components, dependencies, and architectural health across your estate.
An immutable log of who changed what, when, and why — with retention and export controls.
Package health, vulnerabilities, licenses, and upgrade opportunities across your estate.
Set how much drift each part of the estate may carry, and track consumption and breaches over time.
The headline view of modernization across your whole estate — drift, risk, and open vulnerabilities at a glance.
Connect a repository, run your first scan, and learn how to read the results.
Send Vibgrate events to your own tools with webhooks, and monitor delivery health.
Plan and track upgrades across your portfolio — prioritize, run migrations, and forecast outcomes.
Define rules, enforce standards, track violations and exceptions, and produce audit-ready evidence.
Turn findings into completed fixes — convert risk into projects and tasks with measurable outcomes.
Source-code inventory with drift scores, scan coverage, and which repositories map to which applications.
The single source of truth for risk posture, vulnerabilities, controls, and compliance evidence.
The operational heartbeat — scan runs, outcomes, and drift trends in near real-time.
Manage who has access to your workspace, and what they can do.
Automate repeatable governance and remediation work with templates, pipelines, and execution tracking.