VibeShift

VibeShift is an intelligent security agent designed to integrate seamlessly with AI coding assistants (like Cursor, GitHub Copilot, Claude Code, etc.). It acts as your automated security engineer, analyzing code generated by AI, identifying vulnerabilities, and facilitating AI-driven remediation before insecure code makes it to your codebase. It leverages the MCP (Model Context Protocol) for smooth interaction within your existing AI coding environment.

Key Features:

• MCP Integration: Seamlessly integrates with Cursor/Windsurf/Github Copilot/Roo Code
• Automated Security Scanning: Triggers on AI code generation/modification to perform:
  • Static Code Analysis (SAST): Integrates tools like Semgrep to find vulnerabilities in source code.
  • Dynamic Analysis (DAST Primitives): Can invoke tools like Nuclei or ZAP for checks against running components (where applicable).
• AI-Assisted Test Recording: Generate Playwright-based test scripts from natural language descriptions (in automated mode).
• Deterministic Test Execution: Run recorded JSON test files reliably using Playwright.
• AI-Powered Test Discovery: Crawl websites and leverage any LLM (in openai compliant format) to suggest test steps for discovered pages.
• Regression Testing: Easily run existing test suites to catch regressions.
• Automated Feedback Loop: Execution results (including failures, screenshots, console logs) are returned, providing direct feedback to the AI assistant.
• Self Healing: Existing tests self heal in case of code changes. No need to manually update.
• UI tests: UI tests which aren't supported by playwright directly are also supported. For example, Check if the text is overflowing in the div
• Visual Regression Testing: Using traditional pixelmatch and vision LLM approach.

How it Works:

1. User: Prompts their AI coding assistant.
2. AI Coding Agent: Recognizes the intent and uses MCP to call the appropriate tool provided by the MCP Server.
3. MCP Server: Routes the request to the corresponding function.
4. VibeShift Agent: Performs security scans, records tests, executes tests, or discovers test flows.
5. Browser: Playwright drives the actual browser interaction.
6. Feedback Loop: Returns security reports and test results to the AI Coding Agent for developer feedback and automated fixes.