Security sidecar
for vibe-coded apps

Name: VibeWarden
Author: VibeWarden

TLS, auth, rate limiting, WAF, and AI-readable logs. One binary, one config file. Zero-to-secure in minutes.

You vibe, we warden. Security is no longer your burden.

curl -sS https://vibewarden.dev/install.sh | sh

Read the Docs Try the Prompt Generator

Everything you need, nothing you don't

Production-grade security from a single binary. No nginx, no certbot, no duct tape.

Automatic TLS

HTTPS certificates from Let's Encrypt, auto-renewed. Zero configuration needed.

Auth & Access Control

JWT, API keys, OAuth2, and Ory Kratos sessions. Per-route scope rules control who can access what.

Rate Limiting

Token bucket rate limiting per IP, user, or API key. Stop abuse before it starts.

WAF

Custom pattern-based detection for SQLi, XSS, path traversal, and command injection. Block or detect mode.

AI-Readable Logs

Structured events with schemas, summaries, and payloads. Your AI agent can parse them.

Prompt Injection Detection

Request inspection for common prompt injection patterns. Protect LLM-powered endpoints from manipulation.

Egress Proxy

Control and audit outbound traffic. Allowlist external APIs, block data exfiltration.

Security Headers

CSP, HSTS, X-Frame-Options, and more. Harden every response automatically.

Secrets Management

OpenBao-backed secrets injection. API keys, database credentials, and dynamic Postgres passwords — fetched, cached, and rotated automatically.

Up and running in three steps

From zero to production-grade security in under five minutes.

Install

A single command. No dependencies, no package managers.

curl -sS https://vibewarden.dev/install.sh | sh

Configure

One YAML file. Human-readable, AI-configurable.

# vibewarden.yaml
upstream: http://localhost:3000
tls:
  auto: true
  domain: myapp.dev
auth:
  type: api-key
rate_limit:
  requests: 100
  window: 60s

Run

Start the sidecar. That's it. You're secure.

vibew dev
# Listening on https://myapp.dev
# TLS certificate ready
# WAF rules loaded
# Rate limiter active

Stop duct-taping your security

Replace a fragile stack of tools with a single binary that just works.

Before VibeWarden

nginx config files you copy from Stack Overflow
certbot cron jobs that silently break
fail2ban rules you never test
Hand-rolled auth middleware
Logs you can't search or parse

After VibeWarden

One binary, one config file
TLS certificates auto-renewed
WAF + rate limiting out of the box
Auth built in, configurable in YAML
Structured logs your AI agent can read

Ready to stop worrying about security?

Get VibeWarden running in front of your app in under five minutes.


            curl -sS https://vibewarden.dev/install.sh | sh

            vibew init --upstream 3000 --auth --rate-limit

            vibew dev

Get Started Read the Docs

Security sidecar for vibe-coded apps