AI wrote it. vibetrace sees what it actually does.
You're vibe coding. AI is writing your project.
It installs packages, modifies files, runs commands.
You have no idea what's actually happening.
vibetrace fixes that.
AI modifies auth.js
β vibetrace: "3 modules affected. Risk: HIGH. Stop and review."
AI runs rm -rf node_modules
β vibetrace: "BLOCKED. Dangerous command detected."
App crashes after AI patch
β vibetrace: "Here's the prompt. Paste it to your AI."
AI fix β another fix β another fix β project structure collapse
Git tracks changes. SonarQube checks quality.
But nothing watches AI changes in real time and tells you when to stop.
vibetrace does.
Not for humans to read. For AI to understand.
New project:
npm install -g vibetrace
cd your-project
vibetrace init
vibetrace watch --intent="Build auth system"Existing project (3~5 years old):
npm install -g vibetrace
cd your-project
vibetrace scan # current state β health score, risk files
vibetrace hotspot # files AI should review first
vibetrace watch # start tracking from hereExisting project
β
vibetrace scan β health score, risk files, unused deps
β
vibetrace hotspot β files ranked by change freq + risk + deps
β
vibetrace watch β auto diff+risk on every file change
β
AI Intention Tracker β "fix login" but modified webpack? flagged
β
Diff Analysis β what changed, which lines, change type
β
Impact Graph β which modules are affected
β
Risk Scoring β LOW / MED / HIGH
β
Shell Wrapper β auto-intercept npm/node commands
β
Command Guard β blocks dangerous commands
β
Project Score β completeness / stability / AI confidence
β
Prompt Builder β error + stack trace β AI-ready prompt
β
Growth Tracker β AI% vs me% over time
β
History β project evolution log
ββ Extension βββββββββββββββββββββββββββββββββββββ
MCP Server β Claude Desktop / Cursor integration
should_proceed β agent stops when risk HIGH
vibetrace scanββββββββββββββββββββββββββββββββββββββββββββββββββββ
vibetrace β Project Scan
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
Files scanned : 234
Total lines : 48,291
Packages used : 87
Test files : 12
Code health : 71%
Stability : 63%
Test coverage : 22%
Dep health : 84%
β unhandled promise: 47
β possible null access: 31
β Unused dependencies: 12
High risk files:
β src/auth/login.js
β src/payment/stripe.js
β src/db/query.js
Next: vibetrace hotspot (find files to review first)
vibetrace watch (start tracking changes)
ββββββββββββββββββββββββββββββββββββββββββββββββββββ
vibetrace hotspotββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
vibetrace β Hotspot Analysis
Files AI should review first before modifying
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
File Changes Deps Risk
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
src/auth/login.js 47 12 HIGH
β authentication Β· changed 47x Β· 5 stability issues
src/api/user.js 38 9 HIGH
src/db/query.js 29 15 MED
src/middleware/auth.js 21 8 MED
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β 2 high-risk files β review before AI modification
Next: vibetrace watch (start tracking changes)
vibetrace watch
vibetrace watch --intent="Fix login bug" [HIGH] src/auth/login.js 7 lines changed
β critical: authentication
β affects: session.js, user.js
β Intent Mismatch Detected
Intent : "Fix login bug"
Modified: webpack.config.js (build config)
β AI modified build config while intent was "Fix login bug"
vibetrace diff src/auth.jsβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
vibetrace β AI Diff Analysis
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
File: src/auth.js
Changed lines: 7
Change type: null safety fix, error handling added
~ [81] return data.profile.name
[81] return data.profile?.name
Impact:
β src/middleware/session.js
β src/api/user.js
AI Change Risk: HIGH
Β· critical path: authentication
Β· 3 modules affected
β AI modified critical module β recommend review
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
vibetrace run-cmd "npm install axios" # LOW β allowed
vibetrace run-cmd "rm -rf node_modules" # HIGH β BLOCKED
vibetrace run-cmd "git push --force" # HIGH β BLOCKED
vibetrace cmdlog # execution history
vibetrace setup-wrapper # auto-intercept npm/node β npm install axios LOW
β rm -rf node_modules HIGH (blocked)
β git reset --hard MED
vibetrace score API completeness ββββββββββββββββββββ 75%
Architecture ββββββββββββββββββββ 83%
Dependency health ββββββββββββββββββββ 68%
Runtime stability ββββββββββββββββββββ 81%
Test coverage ββββββββββββββββββββ 68%
completeness ββββββββββββββββββββ 79%
stability ββββββββββββββββββββ 74%
AI confidence ββββββββββββββββββββ 76%
Overall project health: 76%
vibetrace promptβββββββββββββββββββββββββββββββββββββββββββββββββββββ
vibetrace β AI-Ready Prompt
Copy and paste this to your AI assistant:
βββββββββββββββββββββββββββββββββββββββββββββββββββββ
I encountered an error in my Node.js project.
## Environment
- Node: v20.10.0
- OS: win32
- Command: npm run dev
## Error
Module not found: Can't resolve 'core-js-pure'
## Stack Trace
at Object.<anonymous> (src/app.js:12:1)
at Module._compile (node:internal/modules/cjs/loader:1376)
## Recent AI Changes
- File: src/service.js
- Changed lines: 12
- Change type: dependency change
- Risk level: MED
## High Risk Files
- src/auth/login.js [HIGH] deps: 12
- src/api/user.js [HIGH] deps: 9
## Request
Please identify the root cause and provide the exact fix.
βββββββββββββββββββββββββββββββββββββββββββββββββββββ
vibetrace growth AI ββββββββββββββββββββ 61%
Me ββββββββββββββββββββ 39%
Weekly progress
week 8 AI: 89% me: 11%
week 9 AI: 71% me: 29% β
week 10 AI: 61% me: 39% β
β Getting there. Keep reviewing AI changes.
vibetrace mcpConnect Claude Desktop / Cursor to vibetrace:
{
"mcpServers": {
"vibetrace": {
"url": "http://localhost:3741"
}
}
}| Tool | Description |
|---|---|
analyze_diff |
Analyze AI code changes, get risk level |
should_proceed |
Returns proceed: false when risk is HIGH β agent stops |
execute_command |
Run terminal command with safety guard |
evaluate_project |
Get full project quality scores |
get_history |
Project evolution history |
get_growth |
AI vs manual code ratio |
record_step |
Add evolution step |
AI agent about to modify auth.js
β calls should_proceed
β { "proceed": false, "risk": "HIGH", "reason": "critical path: authentication" }
β agent stops and asks user for confirmation
# ββ Existing project (start here) ββββββββββββββββββ
vibetrace scan Scan entire project β health score, risk files
vibetrace hotspot Files AI should review first (change freq + risk)
vibetrace watch Auto diff+risk on every file change
vibetrace watch --intent="Fix login" Track AI intent vs actual changes
# ββ Active development ββββββββββββββββββββββββββββββ
vibetrace init Initialize tracking
vibetrace diff <file> Analyze AI changes (vs git HEAD)
vibetrace impact <file> Show affected modules
vibetrace risk Latest AI change risk
vibetrace score Project quality score
vibetrace run <cmd> Run command with runtime tracing
vibetrace step "desc" Record evolution step
vibetrace history Project evolution history
vibetrace growth AI vs manual code ratio
vibetrace prompt Generate AI-ready prompt from error
# ββ Command Guard βββββββββββββββββββββββββββββββββββ
vibetrace run-cmd "<cmd>" Run command with AI guard
vibetrace cmdlog Command execution history
vibetrace setup-wrapper Auto-intercept npm/node (shell PATH)
# ββ Extension βββββββββββββββββββββββββββββββββββββββ
vibetrace mcp [--port=3741] Start MCP server for AI agent integration
# Global flags
--json Machine-readable JSON output (AI-friendly)
--quiet, -q Errors only
--verbose Full internal logs{
"devDependencies": {
"vibetrace": "^0.1.0"
},
"scripts": {
"scan": "vibetrace scan",
"hotspot": "vibetrace hotspot",
"watch": "vibetrace watch",
"trace": "vibetrace score",
"prompt": "vibetrace prompt",
"growth": "vibetrace growth",
"guard": "vibetrace cmdlog"
}
}AI will automatically use these when verifying the project:
AI: "Let me check the project health"
β npm run scan
β reads output
β fixes issues
β npm run trace
β "stability improved to 84%"
vibetrace works standalone. With dryinstall (npm), you get full coverage:
dryinstall β install-time: blocks malicious packages
vibetrace β runtime: traces what code actually does + AI change control
npm install -g dryinstall vibetrace
dryinstall install <pkg> # secure install
vibetrace diff src/app.js # analyze what AI changed| Version | What changed |
|---|---|
| v0.1.0 | Initial release β scan, hotspot, watch, diff tracker, command guard, shell wrapper, growth tracker, MCP server, project score, AI-ready prompt, intent mismatch detection |
Cognitive Injection β A new npm attack vector targeting AI agents via stdout. Bypasses all static security scanners.
MIT