VibeShift is an intelligent security agent that integrates with AI coding assistants to analyze generated code, identify vulnerabilities, and facilitate remediation before insecure code enters your codebase. It uses the Model Context Protocol (MCP) to seamlessly fit into your existing AI coding workflow, creating an automated security feedback loop for AI-assisted development.
pip install mcp[cli]
)patchright install
)Clone the repository:
git clone https://github.com/GroundNG/VibeShift
cd VibeShift
Create a virtual environment:
python -m venv venv
source venv/bin/activate # Linux/macOS
# venv\Scripts\activate # Windows
Install dependencies:
pip install -r requirements.txt
Install Playwright browsers:
patchright install --with-deps
.env.example
to .env
in the project root directoryLLM_API_KEY="YOUR_LLM_API_KEY"
Add this to your MCP config:
{
"mcpServers": {
"VibeShift":{
"command": "uv",
"args": ["--directory","path/to/cloned_repo", "run", "mcp_server.py"]
}
}
}
Interact with VibeShift through your MCP-enabled AI coding assistant using natural language commands.
Automatic Mode: VibeShift analyzes code snippets as they're generated by the AI
Manual Commands:
"VibeShift, analyze this function for security vulnerabilities."
"Ask VibeShift to check the Python code Copilot just wrote for SQL injection."
"Secure the generated code with VibeShift before committing."
Record a test: go to https://practicetestautomation.com/practice-test-login/, type 'student' into the username field, type 'Password123' into the password field, click the submit button, and verify the text 'Congratulations student' is visible.
The agent performs these actions automatically and saves a test file in the output/
directory.
Run the regression test `output/test_practice_test_login_20231105_103000.json`
VibeShift executes the steps and reports test results with details.
Discover potential test steps starting from https://practicetestautomation.com/practice/
The agent crawls the site, analyzes pages, and suggests test steps for each page discovered.
List the available recorded web tests.
Returns a list of test files found in the output/
directory.
output/
directoryoutput/execution_result_....json
output/discovery_results_....json
There are two ways to add an MCP server to Cursor. The most common way is to add the server globally in the ~/.cursor/mcp.json
file so that it is available in all of your projects.
If you only need the server in a single project, you can add it to the project instead by creating or adding it to the .cursor/mcp.json
file.
To add a global MCP server go to Cursor Settings > MCP and click "Add new global MCP server".
When you click that button the ~/.cursor/mcp.json
file will be opened and you can add your server like this:
{
"mcpServers": {
"cursor-rules-mcp": {
"command": "npx",
"args": [
"-y",
"cursor-rules-mcp"
]
}
}
}
To add an MCP server to a project you can create a new .cursor/mcp.json
file or add it to the existing one. This will look exactly the same as the global MCP server example above.
Once the server is installed, you might need to head back to Settings > MCP and click the refresh button.
The Cursor agent will then be able to see the available tools the added MCP server has available and will call them when it needs to.
You can also explictly ask the agent to use the tool by mentioning the tool name and describing what the function does.