VibeCLI

AI-powered coding assistant for the terminal.

VibeCLI provides two interaction modes: a rich Terminal UI (TUI) powered by Ratatui, and a REPL mode for quick, scriptable use. It also runs as an HTTP daemon (--serve) that powers VibeUI, VibeMobile, and the new native VibeWatch clients.

What’s new in 0.5.5

• Native watch clients — Apple Watch (SwiftUI) and Wear OS (Compose) pair against /watch/* routes. See watchOS and Wear OS guides.
• Zero-config connectivity — when --serve is running, VibeCLI advertises _vibecli._tcp.local. via mDNS, detects a Tailscale Funnel, and can auto-start an ngrok tunnel. See Connectivity.
• URL-only pairing — /pair --url-only and /pair --show-bearer remove the QR dependency; works against simulators.
• P-256 ECDSA device pairing — Ed25519 is deprecated in favor of secp256r1 for Apple Secure Enclave compatibility. All clients (VibeMobile, VibeWatch) use P-256.
• Google-Docs-style transcript sync — ID-based message reconciliation eliminates the prior 80/512-char truncation cap.
• Apple-Handoff-style continuity — /watch handoff advertises active sessions to paired devices in real time.
• CI produces watch artifacts — VibeCodyWatch-watchOS.app.zip, VibeCodyWear-wearos.apk, VibeCodyWear-wearos.aab alongside the usual binaries.

Installation

Prerequisites

• Rust stable (≥ 1.75) — install via rustup
• git (for Git integration features)
• Ollama (optional, for local AI — ollama.ai)

Build from Source

git clone https://github.com/TuringWorks/vibecody.git
cd vibecody

cargo build --release -p vibecli

# Optional: install to PATH
cp target/release/vibecli /usr/local/bin/

Usage

TUI Mode (Recommended)

vibecli --tui
vibecli --tui --provider claude
vibecli --tui --provider openai --model gpt-4o

REPL Mode

vibecli
vibecli --provider gemini

Command-Line Arguments

TUI Commands

Once inside the TUI, type messages naturally or use slash commands:

REPL Commands

In REPL mode, the following slash commands are available:

Session & Context

Profiles & Memory

Code Intelligence

Project & Workspace

Agents & Teams

DevOps & Deployment

Security & Compliance

Git & Version Control

Plugins & Extensions

Scheduling & Reminders

Issue Tracking

Handoffs & Collaboration

Batch & QA

Legacy Migration

App Builder & Context

Quantum Computing

Autonomous Research

AI/ML & Routing

Documentation & Integration

Sketch & Design

Company Management

Wizards

Safety: By default, all shell command execution requires user confirmation (y/N). Disable this with require_approval_for_commands = false in config.

Workflow Examples

Chat with AI

> /chat explain how the ropey crate works
> What are the time complexities for common rope operations?

Once a conversation is started, you can type freely without /chat.

Generate Code

> /generate a Rust function that parses TOML from a string and returns a HashMap
Save to file? (y/N or filename): parser.rs
Yes Saved to: parser.rs

Apply AI Changes to a File

> /apply src/main.rs add proper error handling using anyhow

Proposed changes:
--- a/src/main.rs
+++ b/src/main.rs
...

Yes Apply these changes? (y/N): y
Yes Changes applied to: src/main.rs

AI-Suggested Command

> /exec list all Rust files modified in the last 7 days
Suggested command: find . -name "*.rs" -mtime -7
Warning:  Execute this command? (y/N): y

Project Initialization

Scan a project to auto-detect its type, build system, and test framework:

> /init
Scanning project...

Project: my-web-app
Architecture: full-stack application
Languages: TypeScript, Rust
Frameworks: React, Vite, Axum, Tokio
Package managers: pnpm, cargo

Build commands:
  pnpm run build
  cargo build --workspace

Test commands:
  pnpm run test (Vitest)
  cargo test --workspace (cargo test)

Entry points: src/App.tsx, src/main.rs
Expected env vars: DATABASE_URL, API_KEY, JWT_SECRET

Yes Project profile cached to .vibecli/project-profile.json
   This context will be auto-injected into every agent session.

After running /init, the agent automatically understands your project structure in every conversation.

Agent-Per-Branch Workflow

Run agent tasks in isolated git branches with automatic PR creation:

> /branch-agent create add JWT auth middleware
Creating branch agent for: add JWT auth middleware
  1. Create a feature branch from current HEAD
  2. Run the agent autonomously on the branch
  3. Auto-commit changes with descriptive messages
  4. Push and create a PR on completion

Always-On Channel Daemon

Start a persistent daemon that listens on Slack/Discord/GitHub and auto-responds:

# Start daemon (listens for messages, routes through automation rules)
vibecli --channel-daemon slack

# Or manage from the REPL
> /daemon start
> /daemon status
> /daemon channels

Data Analysis

Load and query data files directly:

> /data load sales.csv
Loading data from: sales.csv

> /data query "SELECT region, SUM(amount) FROM sales GROUP BY region"
> /data viz bar    # Generate bar chart
> /data summary    # Statistical summary

Agentic CI/CD

Auto-fix failed builds and generate tests:

> /agentic fix-build
Auto-fixing build failures...
  Reads CI logs, identifies errors, generates patches.

> /agentic gen-tests src/auth.rs
Generating tests for: src/auth.rs

Git Context Awareness

VibeCLI automatically injects Git context into AI conversations:

• Current branch — detected from the working directory
• Modified/staged files — summarized from git status
• Current diff — full patch injected as system context

This gives the AI complete awareness of what you are working on without any extra prompting.

Syntax Highlighting

Code blocks in AI responses are highlighted in the terminal using syntect. Supported languages include Rust, Python, TypeScript, JavaScript, Go, TOML, YAML, JSON, Markdown, and more.

Configuration

VibeCLI reads from ~/.vibecli/config.toml. See the Configuration Guide for full details.

Minimal working config (Ollama):

[ollama]
enabled = true
api_url = "http://localhost:11434"
model = "qwen2.5-coder:7b"

CI / Non-Interactive Mode

VibeCLI can run agent tasks headlessly — no prompts, no TUI:

# Run an agent task and get a JSON report on stdout
vibecli --exec "add error handling to src/lib.rs" --full-auto

# Write a Markdown report to a file
vibecli --exec "fix all clippy warnings" --full-auto \
        --output-format markdown --output report.md

# Stream progress to stderr while writing JSON to stdout
vibecli --exec "add docstrings to all public functions" \
        --auto-edit --output-format verbose

Exit codes: 0 = success, 1 = partial, 2 = failed, 3 = approval required.

@ Context Types

VibeCLI supports inline context injection using @ references in chat messages:

Example:

> /chat @jira:AUTH-456 explain this ticket and suggest an implementation plan
> /chat @github:torvalds/linux#1234 summarize this issue

Multimodal Input (Vision)

Claude and GPT-4o providers support image attachments. Use [path/to/image.png] syntax in /chat:

> /chat [screenshot.png] what error is shown in this screenshot?
> /chat [diagram.jpg] [schema.png] explain this database design

Images are base64-encoded and sent with the message. Non-vision providers fall back to text-only.

Trace / Audit Log

Every agent session is recorded to ~/.vibecli/traces/<timestamp>.jsonl. Browse with:

> /trace                   # list recent sessions
> /trace view 1740000000   # show detailed timeline

Each entry records: step, tool, input summary, output, duration, and approval source (user / auto / ci-auto / rejected).

MCP Integration

Model Context Protocol servers expose additional tools to the agent. Configure in ~/.vibecli/config.toml:

[[mcp_servers]]
name = "github"
command = "npx"
args = ["@modelcontextprotocol/server-github"]

[[mcp_servers]]
name = "postgres"
command = "npx"
args = ["@modelcontextprotocol/server-postgres", "postgresql://localhost/mydb"]

Then in the REPL:

> /mcp list                # show configured servers
> /mcp tools github        # list tools from the github server

Code Review Agent

Run structured code reviews from the CLI:

vibecli review                       # review uncommitted changes
vibecli --review --staged               # review staged changes only
vibecli --review --branch main..HEAD    # review branch diff
vibecli --review --pr 42                # review a GitHub PR
vibecli --review --focus security,perf  # limit review focus

Output is a structured ReviewReport with issues (severity: info/warning/critical), suggestions, and a numeric score.

Use --pr to post the review directly to a GitHub PR as a comment (via gh CLI).

Server Mode (vibecli serve)

Run VibeCLI as a long-lived HTTP daemon for the VS Code extension and Agent SDK:

vibecli --serve --port 7878

Security: All authenticated routes require a Bearer <token> header and are rate-limited to 60 requests per 60 seconds. Request bodies are limited to 1 MB. Responses include CSP, X-Frame-Options, and other security headers.

Endpoints:

Counsel (Multi-LLM Deliberation)

Counsel enables structured multi-round debates between multiple AI providers, each assigned a distinct role. A moderator synthesizes the final consensus.

Participant Roles

Usage

> /counsel new "Should we migrate from REST to GraphQL?"
Session created: abc123

> /counsel run abc123
Round 1: Expert (Claude), Devil's Advocate (GPT-4o), Pragmatist (Gemini)
... responses from each participant ...

> /counsel inject abc123 "What about the migration cost for existing clients?"
> /counsel run abc123
Round 2: ... responses incorporating user feedback ...

> /counsel synthesize abc123
=== Moderator Synthesis ===
Consensus: ...
Disagreements: ...
Recommendations: ...

Sessions are persisted at ~/.vibecli/counsel/sessions.json.

SuperBrain (Multi-Provider Routing)

SuperBrain intelligently routes queries to the best provider or combines responses from multiple providers.

Modes

Usage

> /superbrain "Write a binary search in Rust"
[SmartRouter → code category → Claude]
... response ...

> /superbrain consensus "What's the best database for time-series data?"
[Consensus → all providers → synthesis]
... combined response ...

> /superbrain chain "Design a microservices architecture for an e-commerce platform"
[ChainRelay → Model 1 → Model 2 → Model 3 (refined)]
... progressively refined response ...

Web Client

VibeCLI can serve a self-contained browser-based UI when running in server mode. No CDN dependencies — fully air-gap safe.

vibecli --serve --port 7878
# Open http://localhost:7878 in your browser

Features:

• Chat and Agent modes with SSE streaming
• Markdown rendering with syntax highlighting
• Dark/light theme toggle
• File upload support (configurable)
• Responsive mobile-friendly design
• Keyboard shortcuts (Enter to send, Shift+Enter for newline)

Hooks System

Hooks execute on agent events. Configure in ~/.vibecli/hooks.toml or .vibecli/hooks.toml:

[[hooks]]
event = "PreToolUse"
pattern = "bash"
handler = { type = "command", command = "echo 'Running shell command' >> /tmp/hooks.log" }

Events: SessionStart, PreToolUse, PostToolUse, Stop, TaskCompleted, SubagentStart.

Plan Mode

Generate execution plans without running tools:

> /plan refactor the auth module to use JWT tokens

Execution Plan:
  1. Read current auth module (auth.rs)
  2. Add JWT dependency to Cargo.toml
  3. Implement JWT token generation
  4. Update auth middleware
  5. Write tests

Yes Execute this plan? (y/N):

Code Complete Workflow

Guide application development through 8 structured stages inspired by Steve McConnell’s Code Complete. Each stage has an AI-generated checklist that serves as a quality gate before advancing.

The 8 Stages

Usage

> /workflow new my_app Build a REST API for user management

Yes Workflow 'my_app' created with 8 stages (Code Complete methodology)
   Current stage: Requirements
   Use /workflow generate my_app to AI-generate a checklist for the current stage.

> /workflow generate my_app

Generating Requirements checklist for 'my_app'...
Yes Generated 10 checklist items:
   [ ] 1: Define core user CRUD endpoints (GET, POST, PUT, DELETE)
   [ ] 2: Specify authentication method (JWT vs session)
   ...

> /workflow check my_app 1
Yes Toggled item 1 in 'my_app'

> /workflow show my_app

Workflow: my_app  [12% complete]
   Build a REST API for user management

   ▶ 1. Requirements (1/10)
   ○ 2. Architecture
   ○ 3. Design
   ...

> /workflow advance my_app
Yes Advanced to stage: Architecture

Workflows are stored as markdown files in .vibecli/workflows/ with YAML front-matter. The stage advancement gate requires ≥80% checklist completion in VibeUI.

Red Team Security Testing

Run autonomous penetration tests against applications you build with VibeCody. The red team module executes a 5-stage pipeline: Recon → Analysis → Exploitation → Validation → Report.

5-Stage Pipeline

Attack Vectors

15 built-in attack vectors covering OWASP Top 10: SQL injection, XSS, SSRF, IDOR, path traversal, auth bypass, command injection, mass assignment, open redirect, XXE, insecure deserialization, NoSQL injection, template injection, CSRF, and cleartext transmission.

Usage

# Non-interactive scan (CI mode)
vibecli --redteam http://localhost:3000

# With auth config and scope restrictions
vibecli --redteam http://localhost:3000 --redteam-config auth.yaml

# Generate report from a previous session
vibecli --redteam-report <session-id>

# Interactive REPL
> /redteam scan http://localhost:3000
> /redteam list
> /redteam show <session-id>
> /redteam report <session-id>
> /redteam config

Sessions are persisted as JSON at ~/.vibecli/redteam/. Findings include CVSS severity scores, PoC payloads, and remediation guidance.

Authorization: Red team features require explicit user consent and target only user-controlled applications (localhost / staging).

Test Runner

Run project tests directly from the REPL with auto-detection of the test framework:

> /test

Running: cargo test
...
Yes Tests passed

> /test npm test -- --coverage

Running: npm test -- --coverage
...
Yes Tests passed

Framework Auto-Detection

If no framework is detected, provide a custom command: /test <command>.

In VibeUI, the Tests panel provides a richer experience with live streaming log output, per-test pass/fail results, expandable failure details, filter tabs (All / Failed / Passed), and a custom command input field.

Skills System

VibeCody ships with 568 skill files across 25+ categories covering finance, healthcare, security, cloud (AWS/Azure/GCP), data engineering, robotics, compliance, SRE, and more. Skills activate based on trigger keywords. Place custom .md files in .vibecli/skills/ or ~/.vibecli/skills/:

name: rust-testing
triggers: [test, testing, cargo test]
category: rust
tools_allowed: [read_file, write_file, bash]
Use `#[tokio::test]` for async tests...

Gateway Messaging

VibeCLI can act as a bot on 18 messaging platforms via the gateway system:

Telegram, Discord, Slack, Signal, Matrix, Twilio SMS, iMessage, WhatsApp, Teams, IRC, Twitch, WebChat, Nostr, QQ, Tlon (+ 3 original).

Configure gateways in ~/.vibecli/config.toml:

[[gateway]]
platform = "telegram"
bot_token = "..."
whitelist = ["@username"]

Session Resume

Resume a previous agent session:

vibecli --resume 1740000000

Restores the full message history, context, and trace from the JSONL log.

Admin Policy

Workspace administrators can restrict agent behavior via .vibecli/policy.toml:

[tools]
deny = ["bash"]
require_approval = ["write_file", "patch_file"]

[paths]
deny = ["*.env", "secrets/**"]

[limits]
max_steps = 10

OpenTelemetry

Export agent tracing spans to any OTLP collector:

[otel]
enabled = true
endpoint = "http://localhost:4318"
service_name = "vibecli"

Spans include session ID, task, tool name, and step metadata.

Project Structure

vibecli/
└── vibecli-cli/
    ├── skills/             # 568 skill files (25+ categories)
    └── src/
        ├── main.rs         # CLI argument parsing, command dispatch
        ├── config.rs       # Config loading/saving (TOML)
        ├── ci.rs           # Non-interactive CI mode (--exec)
        ├── review.rs       # Code review agent (vibecli review)
        ├── serve.rs        # HTTP daemon (vibecli serve)
        ├── otel_init.rs    # OpenTelemetry pipeline setup
        ├── diff_viewer.rs  # Renders unified diffs in terminal
        ├── syntax.rs       # Syntax highlighting for code blocks
        ├── repl.rs         # Rustyline helper (tab completion, hints)
        ├── redteam.rs      # Red team 5-stage pentest pipeline
        ├── bugbot.rs       # OWASP/CWE static scanner (15 patterns)
        ├── workflow.rs     # Code Complete 8-stage workflow
        ├── workflow_orchestration.rs  # Lessons + todo orchestration
        ├── gateway.rs      # 18-platform messaging gateway
        ├── transform.rs    # Code transforms (Python 2→3, Vue 2→3, etc.)
        ├── marketplace.rs  # Plugin marketplace
        ├── background_agents.rs  # Background agent definitions
        ├── session_store.rs     # SQLite session persistence
        ├── sandbox.rs      # Container sandbox (Docker/Podman)
        ├── voice.rs        # Voice input (Groq Whisper)
        ├── pairing.rs      # QR code device pairing
        ├── tailscale.rs    # Tailscale funnel
        ├── discovery.rs    # mDNS service discovery
        ├── scheduler.rs    # /remind and /schedule commands
        ├── counsel.rs      # Multi-LLM deliberation engine
        ├── superbrain.rs   # Multi-provider query routing and synthesis
        ├── web_client.rs   # Browser-based zero-install web client
        └── tui/
            ├── mod.rs      # TUI run loop and event handling
            ├── app.rs      # TUI application state machine
            ├── ui.rs       # Ratatui layout and widget rendering
            └── components/
                ├── diff_view.rs  # Multi-file diff viewer widget
                ├── vim_editor.rs # Vim-style modal editor (Normal/Insert/Visual/Command)
                └── diagnostics.rs # Cargo/eslint diagnostics panel

Dependencies