VibeShift

VibeShift is an MCP server that acts as an automated security engineer for AI-assisted coding workflows. It hooks into your MCP-enabled environment to analyze AI-generated or AI-modified code, run security checks, and provide remediation guidance directly to the AI coding assistant. Through its integrated tools (SAST via Semgrep, optional DAST primitives, and AI-driven feedback), VibeShift helps you detect vulnerabilities early in the development cycle and offers structured feedback so the AI assistant can propose fixes or automatically apply them. The server coordinates with the AI agent, performs scans on code blocks or entire files, and returns results including vulnerabilities, locations, and suggested remediations to the caller.

To use VibeShift, ensure your MCP environment is configured to invoke the server via the MCP transport. The MCP server exposes functions such as get_security_scan, record_test_flow, run_regression_test, discover_test_flows, and list_recorded_tests. Your AI Coding Agent can trigger these actions as part of the code generation or test workflow, and VibeShift will return verbose scan results and feedback suitable for display to the developer and for use by the AI agent to guide remediation.

Prerequisites:

• Python 3.10+ (or your preferred Python environment)
• MCP installed (e.g., pip install mcp[cli])
• Playwright and related browser tooling if you plan to run UI/tests via VibeShift

Installation steps:

1. Clone the repository: git clone https://github.com/GroundNG/VibeShift cd VibeShift

2. Create and activate a virtual environment (recommended): python -m venv venv source venv/bin/activate # Linux/macOS venv\Scripts\activate # Windows

3. Install Python dependencies: pip install -r requirements.txt

4. Install Playwright browsers (if you will use Playwright-based features): patchright install --with-deps

5. Ensure MCP is installed in your environment (as per prerequisites): pip install mcp[cli]

6. Configure your MCP server entry (example provided in the repository README) and start the MCP routing as appropriate for your environment.

Tips and common considerations:

• Environment variables: VibeShift relies on LLM access keys and possibly other API keys. Populate them in a .env file at the project root (e.g., LLM_API_KEY). The README suggests LLM integration; ensure keys are kept secure and not committed to source control.
• MCP integration: The provided MCP config uses uv to run the server from a cloned repository. Adjust the --directory path to point to your local copy of the VibeShift repository or deployment location.
• Semgrep and DAST: Ensure Semgrep rules are configured appropriately for your codebase. If enabling DAST primitives, make sure the target environment is safely isolated.
• Playwright dependencies: If you enable AI-assisted test recording or UI testing, ensure browsers and required dependencies are installed as described in prerequisites.
• Troubleshooting: If the MCP server fails to load, verify that the path to mcp_server.py is correct and that Python can import dependencies from requirements.txt. Check your .env for missing keys and ensure your MCP client is correctly routing calls to the server.