Diffs read like a receipt. Code runs like a story. VibeCheck orders the tour by the codebase's actual execution path, not whatever order git printed.
Understand AI-written code before you ship it.
vibecheck turns fresh agent edits into a short handoff: reading order,
security scan, caller search, before-merge checklist, red team review, and optional quiz.
Your AI just shipped a plot twist.
One prompt later, your repo has new routes, helpers, env vars, and a migration with a suspiciously confident name. `vibecheck` turns that surprise diff into a quick field guide: where to start, what to skip, what might bite, and what to verify next.
Secrets, auth gaps, unsafe inputs, data deletion, wildcard CORS, and shell/file access get called out with line references. Routine churn stays quiet.
"What could break" only appears when VibeCheck finds real callers, importers, tests, routes, env vars, or deleted/renamed files that connect to the diff.
Instead of generic advice, you get specific checks from the diff: run this test, verify this env var, inspect this migration, confirm this permission.
Add --redteam when a change touches auth, payments, permissions, jobs, database writes, public input, or anything attackers enjoy.
Quiz mode asks three tiny, targeted questions about the exact diff. If you can answer them, you understand it. If not, you found the next thing to inspect.
Install once. Run after every agent session.
Use `npx` for a project install, add `--global` for common skill locations on this machine. No keys, daemon, or runtime dependencies.
No dependencies, keys, daemon, or package manager required.
Claude Code, Cursor, Windsurf, Copilot, Codex CLI, or any compatible skill runner.
Get a short handoff, real risks, caller impact, and the follow-up questions worth asking.