Guide

Get started with VibeDrift

From install to CI/CD in 5 minutes. VibeDrift scans your AI-generated codebase for contradictions and gives you a score with file-level evidence.

[01] What is drift?

Your AI forgets between sessions.

When you use AI to write code across multiple sessions, each session starts fresh. Session 1 uses a repository pattern. Session 3 switches to raw SQL. Session 7 introduces an ORM. None are wrong individually — but together they create drift: a codebase that contradicts itself.

VibeDrift discovers the patterns your code already follows and finds the exceptions. It's a consistency checker, not a style enforcer. A codebase isn't wrong because it uses raw SQL — it's driftingbecause 8 handlers use a repository and 2 don't.

[02] Install

30-second setup.

VibeDrift is a Node.js CLI. You need Node 18.17+. No config file, no API key, no signup needed for your first scan.

Install globally (recommended)

$npm install -g @vibedrift/cli

Or run without installing

$npx @vibedrift/cli .

Verify

$vibedrift --version

Stay on the latest

VibeDrift is in early stages — new detectors and calibration improvements land most weeks. The latest version is always the one with the sharpest drift detection. The CLI will nudge you when an update is available; update with vibedrift update or npm i -g @vibedrift/cli@latest.

[03] First scan

Run your first scan.

Scan the current directory

$vibedrift .

Free

Scan a specific project

$vibedrift ~/workspace/my-project

The default output is an HTML report that opens in your browser. As of v0.6.0 you get two independent scalars: a Vibe Drift Score (max 80) measuring cross-file pattern consistency, and a Hygiene Score (max 100) for generic quality findings. The drift score is the headline — hygiene does not affect it.

Scanning 55 files · 6,151 LOC · Go

✓ Static analysis .................. 0.8s

✓ Cross-file drift ................. 0.4s

✓ Code DNA ......................... 0.03s

Vibe Drift Score: 58/80 (C) · Hygiene: 82/100

Report: ./vibedrift-report.html

Other formats

$vibedrift . --format terminal

$vibedrift . --json > report.json

$vibedrift . --output report.html

Run it alongside your AI session:

One-time sign-in (required for watch mode, free)

$vibedrift login

Free

Watch mode — rescan on change, refresh .vibedrift/ context

$vibedrift watch

While the watcher is running, every time your agent edits a file, VibeDrift refreshes .vibedrift/context.md, fix-plan.md, and patterns.json so the next AI turn sees up-to-date peer context. Zero network calls. Requires a free account — watch emits full finding details continuously, same gate as the one-shot full report.

[04] Sign in

Unlock deep scans & dashboard.

Free scans run locally with no account. Sign in to unlock deep scans, the dashboard, and scan history.

Browser-based sign in (like GitHub CLI)

$vibedrift login

1. CLI shows a one-time code in your terminal

2. Browser opens → sign in with Google or email

3. CLI picks up the token automatically

No password ever touches the terminal.

Check your status

$vibedrift status

Account: you@example.com

Plan: Pro

Deep: unlimited

Token: vd_live_...abc (valid)

For CI/CD (no browser available)

$export VIBEDRIFT_TOKEN=vd_live_xxxxx

[05] Deep scans

AI-powered analysis.

Deep scans add cloud AI on top of the local scan. The CLI sends function snippets only (not full files, never git history) to the VibeDrift API.

$vibedrift . --deep

$5/scan

What deep scan adds:

· AI finds semantic duplicates that look different but do the same thing

· AI detects when function names don't match their behavior

· AI validates ambiguous findings (confirmed vs disputed)

· AI generates a summary with actionable recommendations

· Anomaly detection catches patterns static analysis misses

🎁

Every account gets 3 free deep scans per month — no card required. Try the full AI pipeline before deciding to upgrade. Sign up free →

Privacy: Only function snippets (max 60 lines each) are sent. Never full files, git history, or env vars. Processed in memory, never stored.

Local-only mode: Use --local-only to skip ALL network calls even when logged in — no scan log, no beacon, no deep analysis, no fix-prompt synthesis. Useful for:

· Air-gapped or restricted environments with no outbound internet

· Scanning sensitive codebases where zero egress is a requirement

· Offline development (airplane, train, no WiFi)

· Quick local iterations where upload latency isn't wanted

$vibedrift . --local-only

Free

Telemetry: When logged in, VibeDrift sends a lightweight anonymous beacon per scan (language, file count, scan time — no code, no file paths). Opt out anytime:

$vibedrift telemetry disable

Free

Not-logged-in scans make zero network calls by default — no opt-out needed.

[06] AI agent context

Live peer-pattern context for your AI agent.

VibeDrift's headline feature isn't the scan report — it's the .vibedrift/ folder it writes alongside your CLAUDE.md. Commit it. Your AI coding agent reads it automatically on every new turn and knows exactly which pattern to match.

Without this, every AI session starts cold — it sees the file in front of it but not the 8 sibling files that follow your dominant pattern. So it drifts. The .vibedrift/ folder closes that gap.

.vibedrift/

├── context.mdProject summary, dominant patterns, open drifts

├── fix-plan.mdTop 10 drifts with copy-paste AI prompts

├── fix-prompts.mdPer-finding prompt — one drift at a time

└── patterns.jsonMachine-readable pattern data for tooling

One-shot — after a refactor:

Write once

$vibedrift . --write-context

Free

Continuous — alongside your AI session:

Rescan and refresh on every file change

$vibedrift watch

Free

Point it at your project while Cursor or Claude Code is working. Every save triggers a local rescan (zero network) and the context files update before the agent's next turn.

Commit it to git. Reference it in CLAUDE.md so every AI session picks it up:

# CLAUDE.md
See .vibedrift/context.md for the current dominant patterns.
Match them when generating new code.

Both --write-context and vibedrift watch need a one-time vibedrift login — the .vibedrift/ files carry the full finding surface, same gate as the HTML report.

[07] What it detects

Six types of drift.

VibeDrift finds cross-file contradictions that no linter catches. Click each type to see an example.

01Architectural Contradictions▸

The AI chose three different data access patterns across your handlers.

userService.tsUserRepository.findById(id)

orderService.tsdb.query('SELECT * FROM...')

productService.tsprisma.product.findUnique()

02Security Gaps▸

03Hidden Duplicates▸

04Naming Inconsistency▸

05Phantom Scaffolding▸

06Implementation Gaps▸

[08] How analysis works

Four layers, progressive depth.

Layers 1-3 run locally on your machine (free, no data sent). Layer 4 adds cloud AI.

Static Analysis

13 analyzers: naming, imports, error handling, complexity, dependencies, security patterns. ~0.8s.

localfree

Cross-File Drift

Compares files against each other. Finds dominant patterns. Flags deviations. 8 consistency detectors. ~0.4s.

localfree

Code DNA

Structural fingerprinting. Hash-based duplicate detection. Operation sequence analysis. Taint tracking. ~0.03s.

localfree

Deep Scan (AI)

UniXcoder embeddings for semantic duplicates. Intent mismatch detection. Claude validation. AI summary. ~3s.

$5/scan

A free scan catches ~70% of issues with local analysis. Deep scan adds AI for the remaining 30%.

[09] Reading the report

Understanding your score.

Score grades:

A90-100Highly consistent, minimal drift

B75-89Good shape, a few areas to clean up

C50-74Notable drift — review the findings

D25-49Significant issues across categories

F0-24Heavy drift — sessions weren't coordinated

Five scoring categories:

Architectural Consistency

Data access, DI, error handling, import patterns, cross-file drift

Security Posture

Auth coverage, injection risks, hardcoded secrets, taint flows

Redundancy

Duplicates, dead code, TODO density, Code DNA fingerprints

Intent Clarity

Complexity, unclear naming, commented-out code, documentation

Dependency Health

Phantom/missing deps, env vars, version management

Report sections: Overall score → Category radar → Drift findings (with code evidence) → Per-file rankings (worst to best). Start fixing from the bottom.

[10] Dashboard

Track your progress.

When logged in, every scan is saved to vibedrift.ai/dashboard. You get:

· Score timeline — see if fixes actually improve your score

· Scan detail — full report embedded, shareable link

· Project grouping — scans auto-grouped by git remote URL

· Export — download as JSON, CSV, or DOCX

· API tokens — create and manage CI/CD tokens

· Billing — manage plan, buy credits, view usage

[11] CI/CD setup

GitHub Actions.

Set VIBEDRIFT_TOKEN as a repo secret, then add this workflow:

name: VibeDrift
on: [pull_request]

jobs:
  drift-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: npx @vibedrift/cli . \
          --deep --json \
          --fail-on-score 70
        env:
          VIBEDRIFT_TOKEN: ${{ secrets.VIBEDRIFT_TOKEN }}

--fail-on-score 70 exits with code 1 if the score drops below the threshold, failing the PR check.

[12] CLI reference

All commands.

Scanning

vibedrift [path]Free local scan

vibedrift [path] --deepAI-powered deep scan

Options

--format html|terminal|jsonOutput format (default: html)

--output <path>Output file path

--jsonShorthand for --format json

--fail-on-score <n>Exit 1 if score below n

--project-name <name>Override auto-detected project name

--privateAnonymize project name (privXXXXXXXXXXXX)

--no-codednaSkip Code DNA layer

--verboseShow per-layer timing

--include <glob>Include matching files only

--exclude <glob>Exclude matching files

Account

vibedrift loginAuthenticate via browser

vibedrift logoutRemove credentials

vibedrift statusShow account info

Utility

vibedrift doctorHealth check

vibedrift feedback [msg]Send feedback

vibedrift --versionShow CLI version

[13] Free vs Deep

What each scan includes.

CapabilityFreeDeep

Drift score (0-100)✓✓

5-category breakdown✓✓

Cross-file drift findings✓✓

Static analysis (13 detectors)✓✓

Code DNA fingerprinting✓✓

Per-file rankings✓✓

HTML report✓✓

CI fail-on-score✓✓

AI summary + recommendations—✓

AI semantic duplicate detection—✓

AI intent mismatch detection—✓

AI finding validation—✓

AI anomaly detection—✓

💡

Free catches ~70% of issues with local analysis. Deep adds AI for the remaining 30% — semantic duplicates, intent mismatches, and anomalies that pattern matching can't find.

[14] GitHub Action

Catch drift before merge.

The VibeDrift GitHub Action runs on every PR and posts a comment with the score delta + new drifts introduced. Optionally fails the check if the score drops below your threshold.

$# .github/workflows/vibedrift.yml

Free

name: VibeDrift
on: [pull_request]

permissions:
  pull-requests: write

jobs:
  drift-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: skhan75/vibedrift-actions@v1
        with:
          token: ${{ secrets.VIBEDRIFT_TOKEN }}
          fail-on-score: 70
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Setup:

· Sign up at vibedrift.ai/login (free, no card)

· Go to Dashboard → Settings → copy your API Token

· Add it as VIBEDRIFT_TOKEN in your repo's GitHub Secrets (Settings → Secrets)

· Add the workflow file above — done

What you get on every PR: a comment showing the score delta (↑ or ↓ vs main), new drifts introduced, consequence lines, and a link to the full report on your dashboard.

Deep scan on release branches: add deep: ${{ github.base_ref == 'main' }} to run AI analysis only on PRs targeting main. Free scans are unlimited; deep scans use your monthly budget.

Monorepo: set path: packages/api to scan a subdirectory.

Any CI pipeline (not just GitHub): The GitHub Action is a convenience wrapper. The CLI works in any CI system — just run npx @vibedrift/cli . --json --fail-on-score 70 with VIBEDRIFT_TOKEN set as an environment variable.

# GitLab CI
vibedrift:
  stage: test
  script:
    - npx @vibedrift/cli . --json --fail-on-score 70
  variables:
    VIBEDRIFT_TOKEN: $VIBEDRIFT_TOKEN

# CircleCI
- run:
    name: VibeDrift
    command: npx @vibedrift/cli . --json --fail-on-score 70

# Bitbucket Pipelines
- step:
    name: VibeDrift
    script:
      - npx @vibedrift/cli . --json --fail-on-score 70

# Jenkins
stage('VibeDrift') {
  sh 'npx @vibedrift/cli . --json --fail-on-score 70'
}

The --json flag outputs the full scan result as JSON (parseable by downstream tools). --fail-on-score N exits with code 1 when the score drops below your threshold — blocking the pipeline. Add --deep for AI analysis (uses scan budget).

Offline / air-gapped: use --local-only to skip all network calls. The scan runs fully locally with no dashboard upload and no telemetry.

[15] Pricing

Simple pricing.

· Free — $0, unlimited local scans, 3 deep scans/month

· Pro — $15/mo, 50 deep scans/month + CI/CD + dashboard

· Scale — $30/mo, 100 deep scans/mo + CI/CD + API

· Enterprise — custom, per-seat team billing + SSO/SAML + SLA

· Overage — $1/scan on any paid plan

View full pricing details →

Ready to scan?

$ npx @vibedrift/cli .