Open source · MIT License

Ship AI apps
without blind spots.

One command scans any web app for broken flows, security holes, and auth gaps. No config. No signup. Just results.

See how it works View on GitHub
vibe-gate
$npx vibe-gatehttps://your-app.com
✓ PASS Page Health 99% — Loaded in 94ms
✓ PASS Console Errors 100% — 0 errors found
⚠ WARN Security Headers 63% — 4 missing headers
✓ PASS Secrets Exposure 100% — none found
✓ PASS Auth Coverage 100% — all routes protected
Grade: A · Score: 91%
Looking good! Fix 4 security headers to reach 100%.
$ npx vibe-gate https://your-app.com

Works with Vercel · Netlify · Railway · any deployed URL

Process

Three steps to a full report

No setup. No learning curve. Point it at your app, get actionable findings in seconds.

01

Run the command

npx vibe-gate https://your-app.com — Playwright launches and scans your live app automatically.

02

Get your grade

Color-coded A–F grade across 5 categories. Each check shows pass/warn/fail with specific, named findings.

03

Fix and ship

Plain-English recommendations tell you exactly what to fix. No jargon, no vague warnings, no false positives.

Coverage

15+ checks, 5 categories

Every scan gives you a complete picture of your app's health — from load time to auth gaps.

99%

Page Health

Load success, HTTP status, render time, and title detection.

🪲
100%

Console Errors

JS errors, 404s, and API failures caught from the browser console.

🔒
63%

Security Headers

CSP, HSTS, X-Frame-Options — checks 6 critical security headers.

🗝️
100%

Secrets Detection

Scans for exposed API keys, tokens, and credentials in your app's source. Catches the kind of leaks that get devs fired.

🛡️
100%

Auth Coverage

Detects unprotected routes, missing login pages, and auth gaps before your users — or attackers — do.

📁

Local Code Scan

Run vibe-gate scan . to check your local project for issues before you deploy. Catch problems at the source.

$ vibe-gate scan .
 
No secrets in /src
HTTPS enforced
Missing Content-Security-Policy
No exposed .env files
 
Grade: B+ · Score: 84%
Pricing

CLI is free forever

CLI is free forever. Pro and Growth plans unlock the full dashboard experience.

Free
$0/mo
For solo developers and indie hackers.
  • CLI access via npx vibe-gate
  • GitHub Actions support
  • Unlimited scans
  • Community support
Get Started Free
Pro
$9/mo
For professional developers and small teams.
  • Everything in Free
  • Hosted dashboard
  • Scheduled scans (daily)
  • Slack alerts
  • 90-day scan history
  • 10 projects
Buy Now — $9/mo
Growth
$29/mo
For growing teams shipping AI-generated code.
  • Everything in Pro
  • 50 projects
  • 5 team seats
  • SSO / SAML
  • 1-year scan history
  • Priority support
Buy Now — $29/mo
FAQ

Questions?

Everything you need to know. Can't find an answer? Email us.

Vibe Gate runs your URL in a headless Playwright browser and checks 5 categories: page health (does it load?), console errors (broken JS/API calls), security headers (CSP, HSTS, etc.), secrets exposure (leaked API keys), and auth coverage (unprotected routes). Each category gets a score, weighted by severity.
No. npx vibe-gate runs directly from npm. It downloads Playwright on first run (one-time ~30MB), then works offline. You can also install globally with npm install -g vibe-gate.
Yes. Point it at any URL Playwright can reach — localhost, staging, production. For local dev servers use vibe-gate http://localhost:3000. The scan . command checks your local filesystem directly.
Those tools require CI/CD pipelines, Git integration, and developer expertise. Vibe Gate works on any deployed app with one command — no pipeline, no config, no jargon. It's built for the new class of builders shipping with AI coding tools.
Yes. The CLI exits with code 1 if the grade is below your threshold (--threshold B). Use it in GitHub Actions to gate PRs from AI-generated code. A vibe-gate scan GitHub Action workflow is included in the repo.

Run it on your app right now.

No signup. No commitment. One command.

$ npx vibe-gate https://your-app.com
View on GitHub