Documentation

Claude (MCP Server)

Add VibeScan to Claude Desktop by editing your MCP config:

{
  "mcpServers": {
    "vibescan": {
      "type": "http",
      "url": "http://localhost:3002/mcp",
      "headers": {
        "Authorization": "Bearer vsk_YOUR_API_KEY"
      }
    }
  }
}

Replace YOUR_API_KEY with your key from /app/keys or from your welcome email. Restart Claude Desktop after saving.

Tools: scan_code, scan_repo, get_scan_results, get_finding, list_findings, get_usage_info, create_upload_slot, scan_uploaded_artifact.

ChatGPT (Custom GPT)

1. Open GPT Editor → Create new GPT
2. Name: VibeScan Security Scanner
3. Actions → Import OpenAPI from http://localhost:3001/docs/openapi.yaml
4. Auth: API Key (Bearer), paste your vsk_ key
5. Privacy policy: http://localhost:4321/security
6. Instructions: "When the user shares code, call createScan. Explain each finding with severity, what's wrong, and a copy-pasteable fix."

Direct API

Scan code:

curl -X POST http://localhost:3001/api/v1/scans \
  -H "Authorization: Bearer vsk_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"code": "const password = \"hunter2\";"}'

Scan a GitHub repo:

curl -X POST http://localhost:3001/api/v1/repo \
  -H "Authorization: Bearer vsk_YOUR_KEY" \
  -H "Content-Type: application/json" \
  -d '{"repoUrl": "https://github.com/user/repo"}'

Check usage:

curl http://localhost:3001/api/v1/usage \
  -H "Authorization: Bearer vsk_YOUR_KEY"

Getting an API Key

Free: Sign in via GitHub/Google at /app/keys. Create a key. No card needed.

Paid: Choose a plan on the pricing page. After checkout, your key is emailed.

Self-serve: Manage keys (create, revoke, rotate) anytime at /app/keys.