VibeGuard

<p align="center"> <img src="./image/logo.jpg" alt="VibeGuard" width="720"><br><br> <span>Uses just 1% memory while protecting 99% of your personal privacy.</span><br><br> <a href="LICENSE"><img alt="License" src="https://img.shields.io/github/license/inkdust2021/VibeGuard"></a> <a href="go.mod"><img alt="Go Version" src="https://img.shields.io/github/go-mod/go-version/inkdust2021/VibeGuard"></a> <a href="https://github.com/inkdust2021/VibeGuard/actions/workflows/ghcr.yml"><img alt="GHCR Build" src="https://img.shields.io/github/actions/workflow/status/inkdust2021/VibeGuard/ghcr.yml?label=ghcr"></a> <a href="https://ghcr.io/inkdust2021/vibeguard"><img alt="GHCR Image" src="https://img.shields.io/badge/ghcr.io-inkdust2021%2Fvibeguard-2ea44f?logo=docker&logoColor=white"></a> <a href="https://github.com/inkdust2021/VibeGuard/stargazers"><img alt="Stars" src="https://img.shields.io/github/stars/inkdust2021/VibeGuard?style=social"></a> <br> English | <a href="README.zh-CN.md">中文</a> </p>

Installation

# Mac/Linux
curl -fsSL https://vibeguard.top/install | bash

# Windows
powershell -NoProfile -ExecutionPolicy Bypass -Command "irm https://vibeguard.top/install.ps1 | iex"

Introduction

VibeGuard is a lightweight MITM HTTPS proxy for protecting sensitive data when vibecoding. It aims to be out-of-the-box and minimize disruption, and it can also integrate optional NER.

Privacy statement: VibeGuard matches/redacts locally. It does not upload your raw sensitive content to any VibeGuard-controlled server or third-party analytics service; only redacted content is forwarded to your configured upstream AI API.

Key Features

• Matching rules: rule lists (official + third-party) + keywords (exact string match) + optional named entity recognition (NER).
• Rule lists: upload/subscribe to .vgrules lists (remote subscriptions only require a URL). See docs/README.md.
• Safe by default: only scans text-like request bodies (e.g., application/json) with a 10MB limit.
• Admin UI: configure rules/certificates/sessions at /manager/, review per-request redaction hits (Audit), and tail backend debug logs at #/logs.
• Admin auth: the admin UI/API is protected by a password (set on first visit to /manager/).
• At-rest encryption (keywords): keyword/exclude values are stored encrypted in ~/.vibeguard/config.yaml using a key derived from the local CA private key (admin UI still shows plaintext). If you regenerate the CA, old encrypted values cannot be decrypted and must be reconfigured.
• Secret files (optional): import secrets from local files (e.g. .env) via patterns.secret_files and redact them automatically.
• Two interception modes: proxy.intercept_mode: global or targets.
• Hot reload: rule/target updates from the admin UI take effect without restarting.

Architecture

flowchart LR
  C[Client: Codex / Claude / IDE] -->|HTTPS| P[Proxy: MITM TLS]
  P -->|Text-like bodies only| PIPE[Redaction pipeline]
  PIPE -->|Placeholders| UP[Upstream AI API]
  UP -->|JSON/SSE| R[Restore engine]
  R -->|Restore originals| C

  subgraph DET[Detectors]
    KW[Keywords<br/>Aho-Corasick]
    RL[Rule lists: .vgrules]
    NER[NER: external Presidio]
  end
  KW --> PIPE
  RL --> PIPE
  NER --> PIPE

  subgraph RULES[Rule sources]
    DEF[Default rules<br/>built-in]
    LOCAL[Local rules<br/>~/.vibeguard/rules/local]
    SUB[Remote subscriptions<br/>auto update]
    CACHE[Subscription cache<br/>~/.vibeguard/rules/subscriptions]
  end
  DEF --> RL
  LOCAL --> RL
  SUB --> CACHE
  CACHE --> RL

  UI[Admin UI /manager/] --> CFG["Config (hot reload)"]
  UI --> LOCAL
  UI --> SUB
  CFG --> PIPE
  CFG --> P

  PIPE <--> SES[Session store: TTL + WAL]
  R <--> SES

  P --> AUD[Audit]
  UI --> AUD

Screenshot

Admin UI Security

• First visit to http://127.0.0.1:28657/manager/ will ask you to set an admin password.
• The password is stored as a bcrypt hash in ~/.vibeguard/admin_auth.json (permissions: 0600).
• Forgot it? Stop VibeGuard, delete ~/.vibeguard/admin_auth.json, then refresh /manager/ to set a new one.

Uninstall

macOS/Linux:

curl -fsSL https://vibeguard.top/uninstall | bash
curl -fsSL https://vibeguard.top/uninstall | bash -s -- --purge
curl -fsSL https://vibeguard.top/uninstall | bash -s -- --docker
curl -fsSL https://vibeguard.top/uninstall | bash -s -- --docker --docker-volume

Note: --docker-volume removes the vibeguard-data Docker volume (container config + CA will be lost).

Windows (PowerShell):

powershell -NoProfile -ExecutionPolicy Bypass -Command "& ([ScriptBlock]::Create((irm https://vibeguard.top/uninstall.ps1)))"
powershell -NoProfile -ExecutionPolicy Bypass -Command "& ([ScriptBlock]::Create((irm https://vibeguard.top/uninstall.ps1))) -Purge"

The uninstallers try to remove the trusted CA (“VibeGuard CA”) automatically. If it fails (e.g., permissions), remove it manually.

Configuration

• Global: ~/.vibeguard/config.yaml
• Project override: .vibeguard.yaml
• Override path: VIBEGUARD_CONFIG=/path/to/config.yaml

Example: redact secrets from .env (prevents accidental exfiltration; it does not stop your client from reading files):

patterns:
  secret_files:
    - path: .env
      format: dotenv
      enabled: true

Usage

Use it in your coding CLI (does not affect your current terminal):

vibeguard claude [args...]  # replace with: codex / opencode / qwen / gemini

Use it for a specific command (does not affect your current terminal):

vibeguard run <command> [args...]

Use it in an IDE/other apps:

Set proxy to http://127.0.0.1:28657

CLI Commands

Global flag:

• -c, --config PATH: config file (default ~/.vibeguard/config.yaml).

Start proxy (background by default)

vibeguard start [--foreground] [-c PATH]

• Default: prefers an installed autostart service; otherwise starts a background process.
• --foreground: run in foreground (debugging / service ExecStart).
• If --config is set, it runs in foreground (to avoid ambiguity).

Stop proxy (background service/process)

vibeguard stop [-c PATH]

Enable proxy only for Code Agents (does not affect your current terminal)

vibeguard opencode/claude/codex... [args...]

Enable proxy only for a command (does not affect your current terminal)

vibeguard run <command> [args...]

Init wizard (not needed if using install script)

vibeguard init [-c PATH]

Interactive config + CA generation.

Trust CA certificate (not needed if using install script)

vibeguard trust --mode system|user|auto [-c PATH]

Installs the generated CA into a trust store. (May require sudo/Administrator.)

Test a redaction rule

vibeguard test [pattern] [text] [-c PATH]

pattern is treated as a keyword (exact substring match).

Example:

vibeguard test "test123" "Please repeat the word I just said, and remove its first letter."

Version

vibeguard version

Shell completion

vibeguard completion bash|zsh|fish|powershell [--no-descriptions]

Help

vibeguard --help
vibeguard help [command]
vibeguard [command] --help

How to Verify It Works (Vibecoding)

1. Start the proxy: vibeguard start (the installer can do this automatically).
2. Launch your tool via VibeGuard (vibeguard codex/claude/...) or set your IDE/app proxy URL to http://127.0.0.1:28657.
3. In /manager/, check the Audit panel: each request shows whether redaction was attempted and how many matches were replaced.

Development & Self-check

go test ./...
go vet ./...
gofmt -w .

Included officially

VibeGuard is officially integrated by:

• OpenCode: https://github.com/inkdust2021/opencode-vibeguard

Star History