SkillAgentSearch skills...

Codevibes

CodeVibes is an intelligent AI-powered code analysis tool that scans your GitHub repositories to uncover security vulnerabilities, bugs and performance bottlenecks, and code quality issues — then translates them into actionable insights and a measurable Vibe Score that helps you continuously improve your codebase.

GenerateConvertImprove

Install / Use

/learn @danish296/Codevibes
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

CodeVibes 🌊

AI Code Review for Developers Who Can't Afford CodeRabbit.

License Status Stack AI

CodeVibes is an intelligent code analysis tool that scans your GitHub repositories using AI to identify Security Vulnerabilities, Bugs & Performance Issues, and Code Quality improvements—giving you a quantifiable Vibe Score and actionable insights.

📸 See it in Action

Dashboard & Pre-Analysis

| Dashboard | Pre-Analysis View | |-----------|-------------------| | Dashboard | Pre-Analysis |

Analysis in Progress

| Execution | Repo Selection | |-----------|----------------| | Execution | Repo |

Post-Analysis Results

| Post-Analysis | Detailed Stats | |---------------|----------------| | Post-Analysis | Stats |

Report & Insights

| Report Insights | |-----------------| | Report Insights |

🏗️ System Architecture

graph TB
    subgraph "Frontend (React + Vite)"
        UI[🖥️ AnalyzePage]
        Store[📦 Zustand Store]
        API_Client[🔗 API Client]
    end

    subgraph "Backend (Express + Node.js)"
        Server[⚙️ Express Server]
        Auth[🔐 Auth Controller]
        Analysis[🔍 Analysis Controller]
        History[📜 History Controller]
        
        subgraph "Services"
            GH_Service[📂 GitHub Service]
            AI_Service[🧠 DeepSeek Service]
        end
        
        DB[(💾 SQLite DB)]
    end

    subgraph "External APIs"
        GitHub[🐙 GitHub API]
        DeepSeek[🤖 DeepSeek AI]
    end

    UI --> Store
    Store --> API_Client
    API_Client -->|REST API| Server
    
    Server --> Auth
    Server --> Analysis
    Server --> History
    
    Analysis --> GH_Service
    Analysis --> AI_Service
    History --> DB
    Auth --> DB
    
    GH_Service -->|Fetch Files| GitHub
    AI_Service -->|Stream Analysis| DeepSeek

🔄 Analysis Workflow

Here's how CodeVibes processes your repository:

sequenceDiagram
    participant User
    participant Frontend
    participant Backend
    participant GitHub
    participant AI

    User->>Frontend: 1. Paste Repo URL
    Frontend->>Backend: 2. POST /api/analyze
    
    Backend->>GitHub: 3. Fetch file tree
    GitHub-->>Backend: File list
    
    Backend->>Backend: 4. Categorize files by priority
    
    loop For each Priority Level (P1→P2→P3)
        Backend->>GitHub: 5a. Fetch file contents
        GitHub-->>Backend: File content
        Backend->>AI: 5b. Stream analysis request
        AI-->>Backend: 5c. JSON issues (streamed)
        Backend-->>Frontend: 5d. SSE: Live updates
        Frontend-->>User: 5e. Display issues in real-time
    end
    
    Backend->>Backend: 6. Calculate Vibe Score
    Backend-->>Frontend: 7. Final report
    Frontend-->>User: 8. Show complete analysis

🎯 Priority-Based Scanning

CodeVibes uses a three-tier priority system to analyze files in order of importance:

graph LR
    subgraph "P1: Security (🛡️ First)"
        A1[".env files"]
        A2["auth.*, jwt.*"]
        A3["*password*, *secret*"]
        A4["config files"]
    end
    
    subgraph "P2: Core Logic (🧠 Second)"
        B1["controllers/"]
        B2["services/"]
        B3["models/"]
        B4["main.*, app.*"]
    end
    
    subgraph "P3: Quality (💎 Third)"
        C1["tests/"]
        C2["utils/"]
        C3["helpers/"]
        C4["Other files"]
    end
    
    A1 --> B1
    A2 --> B2
    A3 --> B3
    A4 --> B4
    
    B1 --> C1
    B2 --> C2
    B3 --> C3
    B4 --> C4

| Priority | Focus | Severity Levels | Example Detections | |----------|-------|-----------------|-------------------| +| P1 | Security | CRITICAL, HIGH, MEDIUM, LOW | Hardcoded secrets, SQL injection, XSS, Auth bypass | +| P2 | Bugs & Performance | HIGH, MEDIUM, LOW | N+1 queries, Race conditions, Memory leaks | +| P3 | Code Quality | MEDIUM, LOW | DRY violations, Complexity, Maintainability |

✨ Key Features

🛡️ Security Analysis (P1)

  • Secret Detection: AWS keys, GitHub tokens, Stripe keys, JWTs
  • Injection Attacks: SQL, NoSQL, Command, Code injection
  • Auth Issues: Missing JWT verification, IDOR, Session misconfig
  • XSS/CSRF: Dangerous innerHTML, Missing CSRF tokens

🧠 Bug & Performance Detection (P2)

  • Logic Errors: Null access, Off-by-one, Type coercion bugs
  • Performance: N+1 queries, O(n²) algorithms, Memory leaks
  • Async Issues: Unhandled promises, Race conditions
  • Data Integrity: Missing transactions, Concurrent updates

💎 Code Quality Review (P3)

  • Readability: Naming, Complexity analysis
  • DRY Violations: Duplicated code patterns
  • Modern Practices: Deprecated APIs, Better alternatives
  • Testability: Hard-to-test code patterns

📊 Vibe Score

A calculated 0-100 score based on:

  • Issue count and severity
  • Files scanned vs issues found ratio
  • Security issue weight (higher penalty)

🛠️ Tech Stack

| Layer | Technology | Purpose | |-------|------------|---------| | Frontend | React 18 + Vite | Fast, modern UI | | | TailwindCSS | Utility-first styling | | | Zustand | State management | | | Lucide Icons | Consistent iconography | | Backend | Node.js + Express | API server | | | Better-SQLite3 | Local database | | | tsx | TypeScript execution | | AI | DeepSeek API | Code analysis | | Integration | Octokit | GitHub API client |

🚀 Getting Started

Prerequisites

  • Node.js v18+
  • DeepSeek API Key (Get free key)
  • GitHub Token (optional, for private repos)

Quick Start

# 1. Clone the repository
git clone https://github.com/danish296/codevibes.git
cd codevibes

# 2. Install all dependencies
npm install
cd codevibes-backend && npm install && cd ..

# 3. Configure backend environment
cp codevibes-backend/.env.example codevibes-backend/.env
# Edit .env with your DeepSeek API key

# 4. Start both servers (use two terminals)
# Terminal 1: Backend
cd codevibes-backend && npm run dev

# Terminal 2: Frontend
npm run dev

Environment Variables

Create codevibes-backend/.env:

# Required
PORT=3001
DEEPSEEK_API_KEY=sk-your-deepseek-key

# Optional
GITHUB_TOKEN=ghp-your-github-token
DB_PATH=./data/codevibes.db
DEEPSEEK_MODEL=deepseek-chat  # or deepseek-reasoner
ALLOWED_ORIGINS=http://localhost:8080

📂 Project Structure

codevibes/
├── src/                          # React Frontend
│   ├── components/
│   │   ├── layout/              # Header, Footer, Sidebar
│   │   └── ui/                  # UI primitives (Button, Card, etc.)
│   ├── pages/
│   │   ├── HomePage.tsx         # Landing page
│   │   ├── AnalyzePage.tsx      # Main analysis interface
│   │   └── SetupPage.tsx        # API key configuration
│   ├── lib/
│   │   └── api.ts               # Backend API client
│   └── store/
│       └── analysisStore.ts     # Zustand state
│
├── codevibes-backend/            # Express Backend
│   ├── src/
│   │   ├── controllers/
│   │   │   ├── analysisController.ts
│   │   │   ├── historyController.ts
│   │   │   └── githubController.ts
│   │   ├── services/
│   │   │   ├── deepseekService.ts  # AI prompts & streaming
│   │   │   └── githubService.ts    # Repo fetching
│   │   ├── utils/
│   │   │   ├── database.ts         # SQLite setup
│   │   │   └── logger.ts           # Winston logging
│   │   └── server.ts               # Express app
│   └── data/                       # SQLite database storage
│
├── public/screenshots/             # App screenshots
└── README.md                       # You are here!

🔌 API Reference

Analysis Endpoints

| Endpoint | Method | Description | |----------|--------|-------------| | /api/analyze | POST | Start new analysis | | /api/analyze/stream | GET | SSE stream for live updates |

History Endpoints

| Endpoint | Method | Description | |----------|--------|-------------| | /api/history | GET | List past analyses | | /api/history | POST | Save analysis result | | /api/history/:id | DELETE | Delete analysis |

GitHub Endpoints

| Endpoint | Method | Description | |----------|--------|-------------| | /api/github/repos | GET | List user's repos | | /api/github/validate | POST | Check repo access |

🎨 Vibe Score Calculation

function calculateVibeScore(issues: Issue[]): number {
  const weights = {
    CRITICAL: 25,
    HIGH: 15,
    MEDIUM: 5,
    LOW: 1
  };
  
  let penalty = issues.reduce((sum, issue) => 
    sum + weights[issue.severity], 0);
  
  return Math.max(0, 100 - penalty);
}

| Score Range | Label | Color | |-------------|-------|-------| | 90-100 | Excellent | 🟢 Green | | 70-89 | Good | 🟡 Yellow | | 50-69 | Needs Work | 🟠 Orange | | 0-49 | Critical | 🔴 Red |

📝 Changelog

[v1.0.0] - 2026-01-07

⚡ Performance Optimizations

  • Parallel file fetching: 5 concurrent requests instead of sequential (3-5x faster)
  • GitHub Tree API caching: Reduced API calls by 80%
  • Lazy categorization: Defer P2/P3 processing until needed (60% faster initial scan)

🐛 Bug Fixes

  • Fixed history not saving: Corrected SQL parameter mismatch (duplicate cost parameter)
  • Fixed timer issues:
    • Timer now restarts when continuing to next priority level
    • Timer now stops on analysis errors
    • Timer displays correctly when loading from history
  • Fixed DeepSeek response truncation: Increased max_tokens f

danish296

View profile

View on GitHub
GitHub Stars58
CategoryDevelopment
Updated9d ago
Forks11
danish296/codevibes

Languages

TypeScript

Security Score

95/100

Audited on Mar 22, 2026

No findings