Published on GitHub MarketplaceView on GitHub Marketplace ↗
GitHub Action · Free to use

Gate every PR on
launch readiness.

Add VibeCheck to your CI pipeline. Every pull request gets a Vibe Score, a full report posted as a PR comment, and an automatic block if a CRITICAL or HIGH check fails.

Install from GitHub Marketplace →

Takes you to github.com/marketplace

Why we built this

Vibe coders ship fast. That is the point. But every PR is a potential launch — a new feature going live, a config change, a dependency bump. The problem is that none of your existing CI checks are asking the questions that matter at launch: Is the admin route protected? Is the AI key in the client bundle? Does the payment webhook verify signatures?

Lighthouse runs in your browser on demand. VibeCheck was built to run automatically, on every PR, against your staging deployment — before anyone merges anything. The goal is to make launch-readiness a default part of your workflow, not something you remember to check the night before going live.

The GitHub Action takes the same 168 checks available on the web app and runs them inside your CI pipeline. It posts the result as a PR comment so your whole team can see the score before merge, and it can block the PR if a check at the severity you care about fails.

How it works

01

PR is opened

A pull request is opened or updated against your main branch. Your CI workflow triggers.

02

VibeCheck runs

The action visits your staging URL with a headless browser and runs all 168 checks — auth, security, AI safety, SEO, mobile, performance.

03

Results posted

A Vibe Score is posted as a PR comment with a full breakdown. The step fails if a check at your configured severity is found.

Set it up in 3 steps

Run this on every PR, automatically, with no account required.

1

Create the workflow file

Create .github/workflows/vibecheck.yml in your repo.

.github/workflows/vibecheck.yml
name: VibeCheck

on:
  pull_request:
    branches: [main]

jobs:
  vibecheck:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: write

    steps:
      - uses: actions/checkout@v4

      - name: Run VibeCheck
        uses: Sathappan/vibecheck-action@v1
        with:
          url: https://your-staging-app.vercel.app
          fail_below: 60
          block_on: CRITICAL,HIGH
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2

Set your staging URL

Replace https://your-staging-app.vercel.app with your actual preview deployment URL.

If you use Vercel, the preview URL is available as ${{ steps.deploy.outputs.url }} from the Vercel GitHub Action. Railway and Fly.io have similar outputs from their own actions.

The URL must be publicly reachable — VibeCheck visits it with a headless browser, just like a real user would.

3

Push and open a PR

Commit the workflow file, push to your branch, and open a pull request. The action runs automatically. No account required, no API key to set up — just GITHUB_TOKEN, which GitHub provides automatically in every workflow.

What the PR comment looks like

Every PR gets a comment automatically posted by the action with the full audit result.

VC
vibecheck-botcommented just now
87
Vibe Score — Almost there
VibeCheck · 168 checks · 4 min 12 sec
View full report →
2
blockers
5
failures
11
warnings
150
passing
Blockers — merge blocked
CRITICAL
Admin route not server-protected
/admin returns 200 without auth check
auth-018
HIGH
OpenAI key exposed in client bundle
sk-proj-... pattern found in 972-abc.js
ai-003
▸ 3 more failures, 11 warnings — view full report
Powered by VibeCheck · vibecheck.builtthisweekend.comfail_below: 60 · block_on: CRITICAL,HIGH

All inputs

Configure the action with these parameters in your workflow file.

InputRequiredDefaultDescription
urlYesStaging URL to audit. Must be publicly reachable.
fail_belowNo60Fail the step if Vibe Score is below this value (0–100).
block_onNoCRITICAL,HIGHComma-separated severities that block the PR when a FAIL is found.
privacyNoprivateAudit visibility: private or public.
comment_modeNoupdatePR comment behavior: update (edit existing), new, or off.
auth_login_urlNoLogin URL for an authenticated second pass.
auth_usernameNoTest account email for the authenticated pass.
auth_passwordNoTest account password. Use a GitHub secret.

Testing behind a login

If your app has a dashboard or protected flows you want to audit, pass test credentials to run a second authenticated pass. Create a throwaway test account in your app, store the password as a GitHub secret, and add the auth inputs.

authenticated pass example
- name: Run VibeCheck
  uses: Sathappan/vibecheck-action@v1
  with:
    url: https://your-staging-app.vercel.app
    auth_login_url: https://your-staging-app.vercel.app/login
    auth_username: test@yourapp.com
    auth_password: ${{ secrets.TEST_ACCOUNT_PASSWORD }}
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Credentials are used once per audit run and never stored in the audit record.

Useful links

VibeCheck on GitHub Marketplace

Install the action, read the full changelog, and see all version tags.

github.com/marketplace

GitHub Actions documentation

Official docs covering workflows, triggers, jobs, steps, and secrets.

docs.github.com/en/actions

GitHub Actions quickstart

Create your first workflow in five minutes — good starting point if this is new to you.

docs.github.com

Using secrets in GitHub Actions

How to store your test credentials and tokens securely so they are never in your code.

docs.github.com

GitHub Marketplace — all actions

Browse the full catalog of GitHub Actions to combine with VibeCheck in your workflow.

github.com/marketplace

Ready to ship with a safety net?

Five minutes to set up. Runs on every PR forever.

Install from GitHub Marketplace →Try the web app first

GitHub Marketplace link opens github.com in a new tab