Getting Started with vibeward

vibeward is a prevention-first AI code security tool. It plugs into your AI coding workflow via an MCP server and checks security context before code is generated — not after.

Quick Start

Get up and running in under 2 minutes.

Before you begin

vibeward requires an account and org membership — the CLI cannot issue a token without one. New org? Join the waitlist. Already have an invite code? .

Install the CLI

bash

npm install -g @vibeward/cli

Run setup

bash

vibeward setup

Verify your session

bash

vibeward status

Install the CLI

vibeward ships as a standard npm package. Install it globally so the vibeward command is available anywhere.

bash

npm install -g @vibeward/cli

Or run without installing (one-off):

bash

npx vibeward setup

Verify installation:

bash

vibeward --help

Available commands

vibeward setup — Login and install Vibeward MCP support
vibeward status — Check login status
vibeward uninstall — Rollback latest install

Setup & Login

vibeward setup runs a browser-based auth flow, then installs MCP support. No passwords are stored in the CLI.

Run setup

bash

vibeward setup

The CLI opens your browser automatically.

Sign in on the web

You'll land on the vibeward login page. Sign in with your email. A one-time code is generated for your device.

Example one-time code displayed in browser

A7K2-X9PQ

Paste the code back in your terminal

Copy the code shown in your browser and paste it when the CLI prompts you. Setup then continues with MCP installation prompts.

terminal output

✔ Browser opened. Paste the one-time code below:
> A7K2-X9PQ
✔ Logged in as you@company.com

Browser doesn't open automatically?

Set these environment variables before running vibeward setup:

shell

export VIBEWARD_CODE_LOGIN_URL="https://vibeward.dev/cli-login"
export VIBEWARD_CODE_EXCHANGE_URL="https://vibeward.dev/api/auth/cli/exchange"

Join Your Organization

vibeward is team-based. Every user must belong to an organization before accessing the dashboard or running scans.

Path A — New org (no org yet)

Join the waitlist at vibeward.dev. Once approved, we'll email you an org token — this is not an individual invite code, it's used to register your organization. After registering, you can generate invite codes from the dashboard to onboard your team members.

Joining an existing org

Path B — Already have an invite code?

Ask your org admin for an invite code, then follow the steps below to join and complete onboarding.

Go to the join page

After logging in you'll be redirected to /join automatically if you're not yet part of an org.

Or navigate directly: vibeward.dev/join

Enter your invite code

Paste the code you received. Click Verify to confirm which organization it belongs to, then click Join Organization.

Invite Code field

vw_abc123xyz...

Verify

You will be joining: Acme Corp

Complete onboarding

After joining you'll be prompted to set your display name. Once done, you're taken straight to the dashboard.

Don't have an invite code yet?

Apply for early access on the waitlist. We review applications daily and reach out with codes within 1–2 business days.

Install MCP Support

The vibeward setup command wires the vibeward MCP server into your AI coding tools (Codex, Cursor, Claude, Copilot) so security context is injected before code generation.

bash

vibeward setup

Common setup options:

bash

vibeward setup --scope project --method copy
vibeward setup --agents cursor,claude
vibeward setup --scope global --method symlink

To rollback:

bash

vibeward uninstall
vibeward uninstall --scope global

What gets installed

MCP server entry in your AI tool's config
Automatic ticket context fetcher (Jira, Linear, ClickUp)
Security policy injector tied to your org's settings

Activate per agent

Claude (Claude Code)

The CLI auto-registers the MCP server. If claude is not in your PATH, run manually:

bash

claude mcp add --transport https --scope local security-api https://vibeward.dev/mcp \
  --header "Authorization: Bearer <your-token>"

Your token is in .claude/settings.json → mcpServers.vibeward.headers.Authorization. Verify with: claude mcp list

Cursor

Config is written to .cursor/mcp.json. Open Cursor → Settings → MCP Tools and enable the vibeward server.

Codex (OpenAI Codex CLI)

Config is written to .codex/config.toml (project) or ~/.codex/config.toml (global). The Codex CLI reads this file automatically — no extra step needed.

GitHub Copilot

.github/copilot-instructions.md — context for Copilot Chat
.vscode/mcp.json — MCP server registration for VS Code

Reload your VS Code window to activate.

The Dashboard

Once logged in and part of an org, your dashboard is at vibeward.dev/dashboard.

Usage Stats

See how many security scans have run in the last 30 days, violations caught, secrets detected, and average response time.

Team

View all members in your organization with their roles. Admins can invite new members and manage access.

Invites (Admin only)

Generate and copy invite codes to share with new team members. Each code can have a max-use limit.

Integrations

Connect your project management tools — Jira, Linear, ClickUp. vibeward pulls ticket context from these to enrich security analysis. Admins can add and configure integrations from dashboard → Integrations.

Tickets

Browse synced tickets from your connected provider. vibeward attaches security requirements to each ticket before your AI tool sees it.

← Back to home Go to dashboard →