{"id":50493792,"url":"https://github.com/asmuelle/cargo-vibecode","last_synced_at":"2026-06-02T05:03:32.737Z","repository":{"id":355870038,"uuid":"1229838589","full_name":"asmuelle/cargo-vibecode","owner":"asmuelle","description":"cargo vibe coding","archived":false,"fork":false,"pushed_at":"2026-05-21T21:46:13.000Z","size":63,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-22T06:58:00.024Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/asmuelle.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":"AGENTS.md","dco":null,"cla":null}},"created_at":"2026-05-05T12:36:33.000Z","updated_at":"2026-05-21T21:46:16.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/asmuelle/cargo-vibecode","commit_stats":null,"previous_names":["asmuelle/cargo-vibe","asmuelle/cargo-vibecode"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/asmuelle/cargo-vibecode","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asmuelle%2Fcargo-vibecode","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asmuelle%2Fcargo-vibecode/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asmuelle%2Fcargo-vibecode/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asmuelle%2Fcargo-vibecode/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/asmuelle","download_url":"https://codeload.github.com/asmuelle/cargo-vibecode/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/asmuelle%2Fcargo-vibecode/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33806995,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-02T02:00:07.132Z","response_time":109,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-06-02T05:03:28.774Z","updated_at":"2026-06-02T05:03:32.728Z","avatar_url":"https://github.com/asmuelle.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# cargo-vibecode\n\n[![CI](https://github.com/asmuelle/cargo-vibecode/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/asmuelle/cargo-vibecode/actions/workflows/ci.yml)\n[![Release](https://github.com/asmuelle/cargo-vibecode/actions/workflows/release.yml/badge.svg)](https://github.com/asmuelle/cargo-vibecode/actions/workflows/release.yml)\n[![License: MIT OR Apache-2.0](https://img.shields.io/badge/license-MIT%20OR%20Apache--2.0-blue.svg)](#license)\n[![Rust edition](https://img.shields.io/badge/rust-2024%20%7C%201.95%2B-orange.svg)](https://doc.rust-lang.org/edition-guide/rust-2024/index.html)\n\nRepository for the `cargo-vibe` CLI orchestrator. The installed Cargo subcommand remains `cargo vibe`.\n\n```\ncargo vibe check ──► runs diff-risk + cargo-impact + spec-drift, aggregates results\ncargo vibe fix   ──► context → LLM → risk veto → impact verify → drift check → retry\ncargo vibe risk  ──► semantic risk scoring (delegates to diff-risk)\ncargo vibe impact──► blast-radius analysis (delegates to cargo-impact)\ncargo vibe drift ──► spec coherence check (delegates to spec-drift)\ncargo vibe context──► token-budgeted context assembly (delegates to cargo-context)\n```\n\n## The Problem\n\nAI-assisted Rust development has four failure modes:\n\n1. **LLM generates dangerous code** — `unsafe` blocks, auth bypasses, serde wire breaks\n2. **LLM doesn't know what to test** — runs all 5,000 tests instead of 12\n3. **Documentation rots silently** — README says `fn old()` but code has `fn new()`\n4. **Context quality determines output quality** — dumping all files wastes tokens and attention\n\nFour tools solve these individually. `cargo-vibecode` packages the `cargo-vibe` orchestrator that runs them as a single workflow.\n\n## Installation\n\nFrom a released tag:\n\n```bash\ncargo install --git https://github.com/asmuelle/cargo-vibecode --tag v0.2.0 cargo-vibe\n```\n\nFrom a local checkout:\n\n```bash\ncargo install --path .\n```\n\nFor full coverage, install the individual tools:\n\n```bash\ncargo install cargo-context\ncargo install diff-risk\ncargo install cargo-impact\ncargo install spec-drift\n```\n\n`cargo vibe check` degrades gracefully when one of the companion tools is absent: it prints a warning and skips that tool. `cargo vibe fix` fails closed if `diff-risk` is unavailable, because the risk veto is the core safety gate for that workflow.\n\n## Commands\n\n### `cargo vibe check`\n\nRun all health checks against the current diff:\n\n```bash\ncargo vibe check --since HEAD --strict\n```\n\nOutput:\n```\ncargo-vibe: running health check against HEAD...\n  [1/3] diff-risk... passed\n  [2/3] cargo-impact... 3 finding(s)\n    🔴 test_reference tests/auth.rs:42  login() test references changed symbol\n    🟡 trait_impl src/handlers.rs:15  impl AuthHandler for App\n    🟡 doc_drift_link README.md:23  [login] references changed symbol\n  [3/3] spec-drift... 1 divergence(s)\n    ❌ symbol_absence README.md:10  `connect_db()` not found in code\n\n  Total: 4 finding(s) | Critical: 0 | High: 1\n```\n\nFormat options:\n```bash\ncargo vibe check --format json     # Machine-readable\ncargo vibe check --format sarif    # GitHub Code Scanning\n```\n\n### `cargo vibe fix`\n\nThe AI fix loop:\n\n```\n┌──────────┐    ┌──────────┐    ┌──────────┐    ┌──────────┐\n│ Context  │───►│ LLM      │───►│ Risk     │───►│ Verify   │\n│ Assembly │    │ Generate │    │ Check    │    │ Impact   │\n└──────────┘    └──────────┘    └──────────┘    └──────────┘\n                                                     │\n                                              ┌──────▼──────┐\n                                              │ Drift Check │\n                                              └──────┬──────┘\n                                                     │\n                                              ┌──────▼──────┐\n                                              │ Pass?  Yes──► Ship\n                                              │ No ────────► Retry\n                                              └─────────────┘\n```\n\nUsage:\n```bash\ncargo vibe fix --prompt \"Implement user authentication with JWT tokens\"\n```\n\nThe loop:\n1. Assembles context pack (compiler errors, diff, project map, entry points, related tests)\n2. Presents context + prompt for the user to paste into their LLM\n3. After user applies changes: runs `diff-risk` — rejects if score ≥ threshold (default 7.0)\n4. Runs `cargo-impact --fail-on high` — surfaces affected tests\n5. Runs `spec-drift --deny warning` — checks for doc/CI drift\n6. If all pass: done. If any fail: feeds failures back for retry (up to `--max-attempts`, default 3)\n\nThe generation step is automated in `v0.2.0` via standard programmatic client integrations (`LlmClient`), defaulting to Ollama or OpenAI/vLLM for local-first privacy while prompting with interactive unified diffs for confirmation.\n\nOptions:\n```bash\ncargo vibe fix \\\n  --prompt \"Refactor the auth module\" \\\n  --max-attempts 5 \\\n  --risk-threshold 6.0 \\\n  --since origin/main\n```\n\n### `cargo vibe risk`\n\nSemantic risk scoring (wraps `diff-risk`):\n\n```bash\ncargo vibe risk --since HEAD --threshold 7.0\n```\n\n### `cargo vibe impact`\n\nBlast-radius analysis (wraps `cargo-impact`):\n\n```bash\ncargo vibe impact --since HEAD --format json\ncargo vibe impact --test           # cargo-nextest filter expression\n```\n\n### `cargo vibe drift`\n\nSpec coherence check (wraps `spec-drift`):\n\n```bash\ncargo vibe drift --diff HEAD --format sarif\ncargo vibe drift --deny critical   # Only fail on critical divergences\n```\n\n### `cargo vibe context`\n\nToken-budgeted context assembly (wraps `cargo-context`):\n\n```bash\ncargo vibe context --preset fix --budget 32000\necho \"why does this test fail?\" | cargo vibe context --stdin\n```\n\n## Configuration\n\nAll tools read `.cargo-vibe.toml` from the project root:\n\n```toml\n[vibe]\n# Global settings applied to all tools\nthreshold = 7.0             # Default risk threshold\ntoken_budget = 32000        # Default context budget\ntokenizer = \"cl100k\"        # gpt-4, claude\nscrub = true                # Enable secret scrubbing\n\n[diff_risk]\nenabled = true\nthreshold = 8.0             # Tool-specific override\nextra_args = [\"--strict\"]\n\n[cargo_impact]\nenabled = true\nextra_args = [\"--confidence-min\", \"0.7\"]\n\n[spec_drift]\nenabled = true\n\n[cargo_context]\nenabled = true\n```\n\nTool-specific config files (`.cargo-context/config.yaml`, `cargo-impact.toml`, `spec-drift.toml`) continue to work independently.\n\nYou can also pass an explicit config path:\n\n```bash\ncargo vibe --config ./ci/cargo-vibe.toml check --strict --since origin/main\n```\n\nThe top-level config controls orchestration behavior: `enabled = false` skips a tool, `extra_args` are appended to the subprocess invocation, `[diff_risk].threshold` overrides `[vibe].threshold`, and `[vibe].token_budget` is used by `cargo vibe context` when `--budget` is omitted.\n\n## CI Integration\n\n### GitHub Actions\n\n```yaml\n- name: Vibe Check\n  run: |\n    cargo vibe check --since origin/main --strict --format sarif\n  continue-on-error: true\n\n- name: Upload SARIF\n  uses: github/codeql-action/upload-sarif@v3\n  with:\n    sarif_file: vibe-results.sarif\n```\n\nFor the `cargo-vibe` repository itself, the internal git-tag release gate is:\n\n```bash\ncargo fmt --all --check\ncargo clippy --all-targets --all-features -- -D warnings\ncargo test --all-features\ncargo install --path . --locked\n```\n\nThis `v0.2.0` release resolves `ai-tools-core` from the `asmuelle/ai-tools-core` `v0.2.0` git tag. A crates.io release additionally requires publishing `ai-tools-core` to crates.io and changing the dependency to the registry version before running `cargo package` / `cargo publish --dry-run`.\n\n### Pre-commit Hook\n\n```bash\n#!/bin/sh\n# .git/hooks/pre-commit\ncargo vibe check --since HEAD --strict || exit 1\n```\n\n## Architecture\n\n```\ncargo-vibecode\n└── cargo-vibe (orchestrator)\n    ├── ai-tools-core (shared types)\n    │     ├── finding    — Finding, Severity, Confidence, Location\n    │     ├── sarif      — SARIF v2.1.0 renderer\n    │     ├── scrub      — Secret scrubbing pipeline\n    │     ├── git_utils  — diff, blame, changed files\n    │     ├── cargo_utils— metadata, workspace discovery\n    │     └── config     — .cargo-vibe.toml parser\n    │\n    ├── diff-risk ─────── risk scoring (regex detectors + custom DSL)\n    ├── cargo-impact ──── blast-radius analysis (syn + rust-analyzer)\n    ├── spec-drift ────── spec coherence (docs/examples/tests/CI)\n    └── cargo-context ─── context assembly (token-budgeted packs)\n```\n\nEach tool is independently usable. `cargo-vibecode` adds orchestration, feedback loops, and unified reporting through the `cargo-vibe` CLI.\n\n## Exit Codes\n\n| Code | Meaning |\n|------|---------|\n| 0 | All checks passed (or no blocking findings) |\n| 1 | Threshold exceeded — findings exist at or above the configured severity |\n| 2 | Tool error — config parse failure, missing dependency, I/O error |\n\nNote: `cargo vibe check` treats missing companion tools as skipped checks, not tool errors. Wrapper commands such as `cargo vibe risk`, `cargo vibe impact`, `cargo vibe drift`, and `cargo vibe context` return code 2 when their required subprocess cannot be started. `cargo vibe fix` also returns code 2 when `diff-risk` is unavailable.\n\n## Dependencies\n\n| Crate | Why |\n|-------|-----|\n| `clap` | CLI argument parsing with subcommands |\n| `anyhow` | Error handling |\n| `serde` / `serde_json` | SARIF and JSON output |\n| `ai-tools-core` | Shared types, utils, and config |\n\n## License\n\nMIT OR Apache-2.0\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasmuelle%2Fcargo-vibecode","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fasmuelle%2Fcargo-vibecode","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fasmuelle%2Fcargo-vibecode/lists"}