Architecture
Understanding how VibeGuard analyzes your code at lightning speed without heavy native binaries.
Advanced AST Taint Engine
VibeGuard doesn't just use simple regex or word-matching. It features a lightweight, lightning-fast Abstract Syntax Tree (AST) Taint Analyzer.
If the AI takes an unsafe payload on line 2, passes it into a variable on line 5, and executes it on line 12... VibeGuard traces the data flow and catches the vulnerability!
(And the best part? It uses 100% JavaScript APIs. No heavy native C++ dependencies required!)
High-Level Flow
┌──────────────────────────────────────────────────────────────┐
│ VIBEGUARD CLI │
│ ┌────────────┐ ┌────────────┐ ┌────────────────────────┐ │
│ │ Commands │ │ Core │ │ Utilities │ │
│ │ scan │──│ Scanner │──│ Config (.vibeguard.yml)│ │
│ │ init │ │ ├── AST │ │ Files (glob, filters) │ │
│ │ badge │ │ ├── SQL │ │ Output (text, JSON, │ │
│ │ hook │ │ └── Auth │ │ SARIF, badge) │ │
│ │ fix │ │ └── Secrets│ │ │ │
│ └────────────┘ └────────────┘ └────────────────────────┘ │
└──────────────────────────────────────────────────────────────┘Tech Stack
| Layer | Technology |
|---|---|
| Language | TypeScript 5.x (ES2022) |
| Bundler | tsup (ESM, single-file) |
| Testing | Vitest + V8 Coverage (100% Core coverage) |
| Config Validation | Zod |
| Terminal Styling | Chalk & Inquirer |
| File Globbing | Globby |
| AST Engine | TypeScript Compiler API |