{"id":50897354,"url":"https://github.com/surelle-ha/vindicter","last_synced_at":"2026-06-16T01:04:05.311Z","repository":{"id":361059329,"uuid":"1238734149","full_name":"surelle-ha/vindicter","owner":"surelle-ha","description":"Vindicter is a local-first security workspace for scanning projects, tracking vulnerability findings, and exporting security review reports. The desktop app stores project state in each project folder, reads the local codebase, and uses the Codex CLI for read-only security analysis.","archived":false,"fork":false,"pushed_at":"2026-06-04T03:52:06.000Z","size":25709,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-04T05:06:18.901Z","etag":null,"topics":["security"],"latest_commit_sha":null,"homepage":"https://vindicter.xyz","language":"Vue","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/surelle-ha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":".github/CONTRIBUTING.md","funding":".github/FUNDING.yml","license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"ko_fi":"surelle","thanks_dev":"gh/surelle-ha"}},"created_at":"2026-05-14T11:59:13.000Z","updated_at":"2026-06-04T03:52:10.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/surelle-ha/vindicter","commit_stats":null,"previous_names":["surelle-ha/vindicta","surelle-ha/vindicter"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/surelle-ha/vindicter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/surelle-ha%2Fvindicter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/surelle-ha%2Fvindicter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/surelle-ha%2Fvindicter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/surelle-ha%2Fvindicter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/surelle-ha","download_url":"https://codeload.github.com/surelle-ha/vindicter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/surelle-ha%2Fvindicter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34386323,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-15T02:00:07.085Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["security"],"created_at":"2026-06-16T01:04:04.610Z","updated_at":"2026-06-16T01:04:05.301Z","avatar_url":"https://github.com/surelle-ha.png","language":"Vue","funding_links":["https://ko-fi.com/surelle","https://thanks.dev/gh/surelle-ha"],"categories":[],"sub_categories":[],"readme":"# Vindicter\n\nVindicter is a local-first AI-powered security platform for scanning projects, tracking vulnerability findings, and exporting security review reports. The desktop app stores all state in its own data store, reads the local codebase, and uses Claude or Codex CLI for security analysis.\n\n## Screenshots\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003cimg src=\"docs/snapshots/0_1_0_001.png\" alt=\"Academy — Security Bootcamp lesson grid\" width=\"400\"/\u003e\u003cbr/\u003e\u003csub\u003e\u003cb\u003eAcademy\u003c/b\u003e — Security Bootcamp with weekly lesson tracks\u003c/sub\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003cimg src=\"docs/snapshots/0_1_0_002.png\" alt=\"Home dashboard\" width=\"400\"/\u003e\u003cbr/\u003e\u003csub\u003e\u003cb\u003eHome\u003c/b\u003e — Project overview, quick actions, and news feed\u003c/sub\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003cimg src=\"docs/snapshots/0_1_0_003.png\" alt=\"MCP Server\" width=\"400\"/\u003e\u003cbr/\u003e\u003csub\u003e\u003cb\u003eMCP Server\u003c/b\u003e — Expose Vindicter tools to AI agents via Model Context Protocol\u003c/sub\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003cimg src=\"docs/snapshots/0_1_0_004.png\" alt=\"Security Findings workspace\" width=\"400\"/\u003e\u003cbr/\u003e\u003csub\u003e\u003cb\u003eWorkspace\u003c/b\u003e — Security findings with severity triage and evidence\u003c/sub\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd\u003e\u003cimg src=\"docs/snapshots/0_1_0_005.png\" alt=\"Penetration Testing\" width=\"400\"/\u003e\u003cbr/\u003e\u003csub\u003e\u003cb\u003ePentest\u003c/b\u003e — Red Team / Blue Team / Purple Team mode with AI-driven agent\u003c/sub\u003e\u003c/td\u003e\n    \u003ctd\u003e\u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n## What It Does\n\n- Registers local projects and keeps all security state in the app's own data store (never in the project directory).\n- Runs AI vulnerability scans with structured findings, evidence, severity, and recommendations.\n- Tracks remediation items as first-class security findings.\n- Inspects dependency manifests, likely secret patterns, and security-relevant configuration signals.\n- Exports professional DOCX security review reports.\n- Provides a built-in Security Academy for learning penetration testing and web security.\n- Exposes an MCP server for AI agent integration.\n- Provides a local Settings page for configuring AI tools, WSL profiles, and app preferences.\n\n## Monorepo Layout\n\n```text\napps/\n  desktop/       Nuxt 4 + Tauri 2 desktop app\n  web-landing/   Nuxt landing page (vindicter.xyz)\n  web-dashboard/ Nuxt dashboard app (dashboard.vindicter.xyz)\n  web-marketing/ Nuxt internal comms app (marketing.vindicta.xyz, firewall/API-backed)\n  api/           NestJS + Fastify REST API\n```\n\n## Desktop App\n\nThe desktop app is built with Nuxt 4, Vue 3, Pinia, Tailwind CSS, lucide icons, and Tauri 2. It is intentionally local-first:\n\n- All app preferences and security data are stored through the Tauri Store plugin with localStorage fallback.\n- No project-directory files are created or modified by Vindicter — your project files remain untouched.\n- Filesystem, dialog, shell, and store access are controlled by Tauri capabilities.\n- Claude and Codex CLIs are launched through Tauri shell allowlisted commands.\n\nPrimary project tabs are Overview, Scanner, Findings, Dependencies, Secrets, Reports, History, and Settings.\n\n## AI Workflow\n\nVindicter calls Claude or Codex through composables in `apps/desktop/app/composables/`.\n\nThe app runs AI tools in read-only mode for security analysis. Chain-of-thought is not exposed; Vindicter shows user-facing activity logs, structured reports, findings, evidence, and recommendations.\n\n## Data Storage\n\nAll Vindicter data is stored exclusively within the app:\n\n- App preferences and project registry: Tauri Store plugin (`.bin` files in the system app data directory)\n- Security findings, scans, and remediation items: Tauri Store plugin, keyed by project ID\n- No JSON files are written to your project directories\n\n## Development\n\nInstall dependencies:\n\n```bash\npnpm install\n```\n\nRun the desktop app in a browser shell:\n\n```bash\npnpm --filter @vindicter/desktop dev\n```\n\nRun the Tauri desktop app:\n\n```bash\npnpm desktop:dev\n```\n\nRun the web apps:\n\n```bash\npnpm web-landing:dev\npnpm web-dashboard:dev\npnpm web-marketing:dev\n```\n\nBuild the desktop frontend:\n\n```bash\npnpm --filter @vindicter/desktop build\n```\n\nBuild the Tauri desktop app:\n\n```bash\npnpm --filter @vindicter/desktop tauri:build\n```\n\n## Notes\n\n- Prefer local project data and existing stores/composables over new global state.\n- Keep Tauri shell commands allowlisted and narrow.\n- Do not embed production secrets in source or bundled app assets.\n- Generated artifacts such as Nuxt output and Tauri targets should not be hand-edited.\n- When changing AI prompts, keep outputs structured and user-facing.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsurelle-ha%2Fvindicter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsurelle-ha%2Fvindicter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsurelle-ha%2Fvindicter/lists"}