KNOWLEDGE BASE

How-to articles for the things you'll actually do.

Connect a repo. Write a guardrail. Wire up MCP across your team's IDEs. Tune a noisy rule. Each article is one task, end to end.

Getting started

Connecting your first repo Wire up GitHub or GitLab once. VibeReview reads your code in ephemeral compute, builds the threat model, and generates the starter guardrail set. Ten minutes start to finish. 6 min read
What VibeReview learns from your code (and what it doesn't store) Threat models, guardrails, and OWASP mappings persist. Raw code does not. Here is the line between derived artifacts and source. 5 min read

Guardrails

Writing a custom guardrail Guardrails are YAML files in a Git repo your team owns. Add a rule for your bank's tokenization gateway in five minutes. 8 min read

Threat modeling

Why threat models change every release A threat model frozen in time is a fiction. VibeReview refreshes it on every commit so the guardrails track the code instead of the diagram. 5 min read

Integrations

Cursor, Claude Code, Codex, Copilot: enabling the MCP One command installs the MCP server. Each IDE registers it differently. Here's the exact wiring per tool. 7 min read

Troubleshooting

When a guardrail keeps firing on the wrong line A guardrail fires on a path the threat model considers risky but you know is safe. Three options: tighten the rule, scope the file, or update the threat model. 6 min read