Guide

Get started with VibeDrift

From install to CI/CD in 5 minutes. VibeDrift scans your AI-generated codebase for contradictions and gives you a score with file-level evidence.

[01] What is drift?

Your AI forgets between sessions.

When you use AI to write code across multiple sessions, each session starts fresh. Session 1 uses a repository pattern. Session 3 switches to raw SQL. Session 7 introduces an ORM. None are wrong individually — but together they create drift: a codebase that contradicts itself.

VibeDrift discovers the patterns your code already follows and finds the exceptions. It's a consistency checker, not a style enforcer. A codebase isn't wrong because it uses raw SQL — it's driftingbecause 8 handlers use a repository and 2 don't.

[02] Install

30-second setup.

VibeDrift is a Node.js CLI. You need Node 18.17+. No config file, no API key, no signup needed for your first scan.

Install globally (recommended)

$npm install -g @vibedrift/cli

Or run without installing

$npx @vibedrift/cli .

Verify

$vibedrift --version

[03] First scan

Run your first scan.

Scan the current directory

$vibedrift .

Free

Scan a specific project

$vibedrift ~/workspace/my-project

The default output is an HTML report that opens in your browser. It includes your score (0-100), category breakdown, drift findings with code evidence, and per-file rankings.

Scanning 55 files · 6,151 LOC · Go

✓ Static analysis .................. 0.8s

✓ Cross-file drift ................. 0.4s

✓ Code DNA ......................... 0.03s

68/100 · Grade C · 4 findings

Report: ./vibedrift-report.html

Other formats

$vibedrift . --format terminal

$vibedrift . --json > report.json

$vibedrift . --output report.html

[04] Sign in

Unlock deep scans & dashboard.

Free scans run locally with no account. Sign in to unlock deep scans, the dashboard, and scan history.

Browser-based sign in (like GitHub CLI)

$vibedrift login

1. CLI shows a one-time code in your terminal

2. Browser opens → sign in with Google or email

3. CLI picks up the token automatically

No password ever touches the terminal.

Check your status

$vibedrift status

Account: you@example.com

Plan: Pro

Deep: unlimited

Token: vd_live_...abc (valid)

For CI/CD (no browser available)

$export VIBEDRIFT_TOKEN=vd_live_xxxxx

[05] Deep scans

AI-powered analysis.

Deep scans add cloud AI on top of the local scan. The CLI sends function snippets only (not full files, never git history) to the VibeDrift API.

$vibedrift . --deep

$5/scan

What deep scan adds:

· AI finds semantic duplicates that look different but do the same thing

· AI detects when function names don't match their behavior

· AI validates ambiguous findings (confirmed vs disputed)

· AI generates a summary with actionable recommendations

· Anomaly detection catches patterns static analysis misses

🎁

Every account gets 1 free deep scan on signup. Try the full AI pipeline before deciding to upgrade. Sign up free →

Privacy: Only function snippets (max 60 lines each) are sent. Never full files, git history, or env vars. Processed in memory, never stored.

[06] What it detects

Five types of drift.

VibeDrift finds cross-file contradictions that no linter catches. Click each type to see an example.

01Architectural Contradictions▸

The AI chose three different data access patterns across your handlers.

userService.tsUserRepository.findById(id)

orderService.tsdb.query('SELECT * FROM...')

productService.tsprisma.product.findUnique()

02Security Gaps▸

03Hidden Duplicates▸

04Naming Inconsistency▸

05Phantom Scaffolding▸

[07] How analysis works

Four layers, progressive depth.

Layers 1-3 run locally on your machine (free, no data sent). Layer 4 adds cloud AI.

Static Analysis

13 analyzers: naming, imports, error handling, complexity, dependencies, security patterns. ~0.8s.

localfree

Cross-File Drift

Compares files against each other. Finds dominant patterns. Flags deviations. 8 consistency detectors. ~0.4s.

localfree

Code DNA

Structural fingerprinting. Hash-based duplicate detection. Operation sequence analysis. Taint tracking. ~0.03s.

localfree

Deep Scan (AI)

UniXcoder embeddings for semantic duplicates. Intent mismatch detection. Claude validation. AI summary. ~3s.

$5/scan

A free scan catches ~70% of issues with local analysis. Deep scan adds AI for the remaining 30%.

[08] Reading the report

Understanding your score.

Score grades:

A90-100Highly consistent, minimal drift

B75-89Good shape, a few areas to clean up

C50-74Notable drift — review the findings

D25-49Significant issues across categories

F0-24Heavy drift — sessions weren't coordinated

Five scoring categories:

Architectural Consistency

Data access, DI, error handling, import patterns, cross-file drift

Security Posture

Auth coverage, injection risks, hardcoded secrets, taint flows

Redundancy

Duplicates, dead code, TODO density, Code DNA fingerprints

Intent Clarity

Complexity, unclear naming, commented-out code, documentation

Dependency Health

Phantom/missing deps, env vars, version management

Report sections: Overall score → Category radar → Drift findings (with code evidence) → Per-file rankings (worst to best). Start fixing from the bottom.

[09] Dashboard

Track your progress.

When logged in, every scan is saved to vibedrift.ai/dashboard. You get:

· Score timeline — see if fixes actually improve your score

· Scan detail — full report embedded, shareable link

· Project grouping — scans auto-grouped by git remote URL

· Export — download as JSON, CSV, or DOCX

· API tokens — create and manage CI/CD tokens

· Billing — manage plan, buy credits, view usage

[10] CI/CD setup

GitHub Actions.

Set VIBEDRIFT_TOKEN as a repo secret, then add this workflow:

name: VibeDrift
on: [pull_request]

jobs:
  drift-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npx @vibedrift/cli . \
          --deep --json \
          --fail-on-score 70
        env:
          VIBEDRIFT_TOKEN: ${{ secrets.VIBEDRIFT_TOKEN }}

--fail-on-score 70 exits with code 1 if the score drops below the threshold, failing the PR check.

[11] CLI reference

All commands.

Scanning

vibedrift [path]Free local scan

vibedrift [path] --deepAI-powered deep scan

Options

--format html|terminal|jsonOutput format (default: html)

--output <path>Output file path

--jsonShorthand for --format json

--fail-on-score <n>Exit 1 if score below n

--project-name <name>Override auto-detected project name

--privateAnonymize project name (privXXXXXXXXXXXX)

--no-codednaSkip Code DNA layer

--verboseShow per-layer timing

--include <glob>Include matching files only

--exclude <glob>Exclude matching files

Account

vibedrift loginAuthenticate via browser

vibedrift logoutRemove credentials

vibedrift statusShow account info

Utility

vibedrift doctorHealth check

vibedrift feedback [msg]Send feedback

vibedrift --versionShow CLI version

[12] Free vs Deep

What each scan includes.

CapabilityFreeDeep

Drift score (0-100)✓✓

5-category breakdown✓✓

Cross-file drift findings✓✓

Static analysis (13 detectors)✓✓

Code DNA fingerprinting✓✓

Per-file rankings✓✓

HTML report✓✓

CI fail-on-score✓✓

AI summary + recommendations—✓

AI semantic duplicate detection—✓

AI intent mismatch detection—✓

AI finding validation—✓

AI anomaly detection—✓

💡

Free catches ~70% of issues with local analysis. Deep adds AI for the remaining 30% — semantic duplicates, intent mismatches, and anomalies that pattern matching can't find.

[13] Pricing

Simple pricing.

· Free — $0, unlimited local scans, 3 deep scans/month

· Pro — $15/mo, 50 deep scans/month + CI/CD + dashboard

· Scale — $30/mo, 100 deep scans/mo + CI/CD + API

· Enterprise — custom, per-seat team billing + SSO/SAML + SLA

· Overage — $1/scan on any paid plan

View full pricing details →

Ready to scan?

$ npx @vibedrift/cli .