When Standard Privacy Is Not Enough
Vibgrate's default privacy model is already strong: no source code reading, no secret scanning, no environment variable access, no git history access, and no network transmission unless explicitly requested.
But some environments have stricter requirements:
- Financial services firms where any tool that writes files to disk triggers a compliance review.
- Healthcare environments where data minimisation policies apply to all tooling, not just production systems.
- Government projects where information classification extends to development metadata.
- Pre-acquisition due diligence where you need a drift assessment of a codebase you do not own and must minimise your footprint.
For these scenarios, Vibgrate provides --max-privacy.
What --max-privacy Does
vibgrate scan . --max-privacy
This single flag enables a hardened profile that combines several restrictions:
1. No Local Artifact Writes
The .vibgrate/scan_result.json file is not written to disk. The scan produces output to stdout (or to a specified --out file if you choose), but no residual files are left behind.
This is equivalent to --no-local-artifacts, but --max-privacy applies it automatically.
2. High-Context Scanners Disabled
Some extended scanners collect detailed metadata that, while never reading source code, produce structured intelligence about your codebase's architecture and usage patterns:
- Architecture Layer Mapping: Classifies files into architectural layers with tech stack and service attribution. Suppressed in max privacy mode.
- Code Quality Metrics: AST-based complexity analysis. Suppressed in max privacy mode.
- UI-Purpose Evidence: Optional scanner that extracts UI component usage patterns. Suppressed in max privacy mode.
With these scanners disabled, the scan produces a drift score, dependency analysis, and core findings — but not the detailed structural analysis that some governance policies might classify as sensitive development metadata.
3. Core Drift Analysis Still Runs
Max privacy mode does not cripple the scan. You still get:
- The full Upgrade Drift Score (0–100)
- Runtime, framework, dependency, and EOL risk components
- Per-project detection and scoring for Node.js, .NET, Python, and Java
- Actionable findings with severity levels
- Priority Actions for what to fix first
The core analysis — which reads only manifests and queries public registries — runs without restriction under max privacy mode.
Combining with Offline Mode
For the most restrictive environments, combine --max-privacy with --offline:
vibgrate scan . --offline --package-manifest ./latest-packages.zip --max-privacy --format json --out scan.json
This produces:
- No network calls (offline)
- No local artifact files (max privacy)
- No high-context scanners (max privacy)
- Full drift scoring (from the package manifest)
- Output only to the specified file (
--out scan.json)
The scan footprint is minimal: it reads your manifests, computes the score from the local package manifest, writes the result to the specified output file, and leaves no other trace.
The --no-local-artifacts Flag
If you want to suppress artifact writes but keep all scanners enabled, use --no-local-artifacts instead:
vibgrate scan . --no-local-artifacts
This prevents .vibgrate/*.json files from being written to disk while leaving the full scanner suite active. It is a lighter-touch privacy option for teams that want complete analysis but minimal filesystem impact.
Layered Privacy Controls
Vibgrate's privacy model is layered, so you can choose the level that matches your governance requirements:
| Level | Flags | What You Get |
|---|---|---|
| Standard | (default) | Full analysis, local artifacts, registry queries |
| No artifacts | --no-local-artifacts | Full analysis, no .vibgrate/ files |
| Offline | --offline | Full analysis, no network calls |
| Max privacy | --max-privacy | Core drift analysis only, no artifacts, no high-context scanners |
| Maximum restriction | --offline --max-privacy --package-manifest file | Core drift analysis, no artifacts, no scanners, no network, output to specified file only |
Each level is additive — you compose the privacy profile that fits your environment.
Trust Through Transparency
Vibgrate publishes exactly what it reads, what it does not read, and what it writes — in its documentation and in every scan's metadata. The deterministic nature of the scan means the same inputs always produce the same outputs, making the tool auditable.
The Vibgrate Drift Intelligence Engine is built on the principle that powerful analysis does not require invasive access. Max privacy mode is the proof: a complete drift score, actionable findings, and priority actions — from nothing more than your manifests and a version lookup.
Scan with confidence. Sign up at dash.vibgrate.com to start using Vibgrate in your most sensitive environments — with privacy controls that match your governance requirements.