Skip to content

v1.0.0

Latest

Choose a tag to compare

@theMiddleBlue theMiddleBlue released this 01 Jul 14:08

First tagged release of VibeGate: a host-agnostic pre-write security hook for AI coding assistants (Claude Code, Codex).

What it does

Intercepts every file write/edit, scans the new code with Semgrep, and either lets it through, warns, or blocks the write, depending on the risk. No LLM involved in the analysis: fast, deterministic, and free of hallucination risk.

Language coverage

Python, JavaScript/TypeScript, Go, Java, PHP, and Ruby.

Detection categories

19 technical categories, including the blocking ones: EXEC_INPUT, DB_QUERY, NOSQL_QUERY, TEMPLATE_INJECTION (SSTI), INSECURE_DESERIALIZATION, PATH_TRAVERSAL, XXE, XSS_SINK, and FILE_UPLOAD, plus warning-level categories like SSRF, OPEN_REDIRECT, and MASS_ASSIGNMENT.

Other highlights

  • Full-file reconstruction for Edit/MultiEdit in Claude Code, so a source and a sink introduced across separate edits are still connected
  • vibegate-ignore comment marker to suppress accepted false positives
  • CI validates every Semgrep rule and runs the full test suite on every push/PR
  • MIT licensed

See the README for install instructions and a full walkthrough.