What critical launch risks does your app have?
34 automated safety checks on auth, billing, admin, and architecture. Results in seconds. Zero login. One command.
Scan any GitHub repo
Paste a public GitHub repo URL. Get a safety report in minutes.
Or run it from your terminal
Trust Score — is your app safe to launch?
# Run safety scan (auth, billing, admin)
npx @vibecodiq/cli scan
Trust Score: 74 / 100 (Grade C)
Verdict: NOT READY FOR PRODUCTION
Breakdown:
Auth ███████░░░ 6/8 pass 1 fail
Billing █████░░░░░ 4/8 pass 2 fail
Admin ██░░░░░░░░ 1/4 pass 2 fail
6 issues found (4 critical, 2 important)
Full report: vibecodiq.com/r/abc123
The scan generates a Trust Score (0–100) with a letter grade based on how many safety checks your app passes across auth, billing, and admin layers.
Low to moderate risk
Elevated risk
High to critical risk
Public: Trust Score grade, module pass/fail counts, timestamp
Private: Vulnerability details, file paths, code snippets, fix prompts
Share the good parts. Keep the details private.
Based on covered scope. Not a certification.
AI Chaos Index — is your code structurally stable?
# Run architecture scan
npx @vibecodiq/cli scan --architecture
AI Chaos Index: 72 / 100
Risk Band: Unstable
Breakdown:
RC01 Architecture Drift ██████░░░░ 48
RC02 Dependency Corruption ███████░░░ 55
RC03 Structural Entropy ███░░░░░░░ 25
RC04 Test Infrastructure █████████░ 82
RC05 Deployment Safety ██████████ 100
Primary Risk Vector: RC04 — Test Infrastructure
Full report: vibecodiq.com/r/abc123
The architecture scan measures structural stability — how well your code is organized, how isolated modules are, and how likely AI-generated changes are to cause regressions. Scored 0–100 (higher = more chaos).
Clean architecture
Structural issues present
High regression risk
8 checks: Business logic isolation, domain boundaries, file size, cross-domain imports, CI/CD, tests
Key question: Will the next AI-generated change break something?
Based on 5 root causes of structural failure in AI-generated codebases.
Every finding comes with an AI fix prompt
Paste the fix prompt into Lovable, Cursor, or Bolt. Your AI builder applies the fix. Rescan to confirm.
Add server-side auth verification to all API routes.
In every file under app/api/, add this check at the
top of the handler function:
const supabase = createServerClient(cookies())
const { data: { user } } = await supabase.auth.getUser()
if (!user) return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
AI-fixable: Simple fixes (headers, config, validation) — high success rate
AI-fixable with validation: Complex fixes (RLS, role guards) — needs verification
Expert-only: Architecture issues (Stripe state, RBAC) — escalate to expert
Need expert eyes?
The free scan gives you automated findings. A Launch Readiness Assessment adds human review, prioritized findings, and a clear Fix or Rebuild recommendation.
Launch Readiness Assessment
$295
48h delivery
Limited-scope assessment. Not a certification. You decide whether to ship.
Works with your AI builder
Vibecodiq works with any AI coding tool. Scan your repo, get findings, paste fix prompts — your builder applies the fix.
Find out where you stand.
32 free safety checks on auth, billing, admin, and architecture. Results in seconds.
Static code analysis. May include false positives/negatives.