Persistent memory, automatic guardrails, and 27 skills for non-developers building with Claude — from first idea to shipped, and everything that breaks in between.
Claude can build. What it can't do — on its own — is remember what it decided last session, know which parts of your app are fragile, or stop before it overwrites something that can't be undone. vibe-coder-kit fills those gaps — and it's designed for people who aren't developers.
It works in three ways:
- Remembers —
.vibe/persists project context between sessions. Claude starts every conversation knowing what's fragile, what was decided, what not to touch. - Protects — Hooks fire silently on every session: dangerous commands blocked before they run, packages explained before install, scope enforced so Claude doesn't wander into code you said to leave alone. vibe-safe runs 66 security checks on every commit without Claude.
- Guides — 27 skills covering the full lifecycle: validating an idea before writing a line of code, keeping a session focused while building, and recovering a broken production deploy when things go wrong.
| Situation | Without | With |
|---|---|---|
| Starting a new session | Re-explain the project every time | Claude reads .vibe/ — already knows the stack, what's fragile, and what changed last session |
| New feature idea | Claude starts coding | /vibe-skeptic asks if it's worth building. /vibe-think locks down scope before a line is written. |
| Planning | Flat task list for the next hour | /vibe-plan: 3–5 phases, each with a checkpoint and a step you can actually click to verify |
Running rm -rf or DROP TABLE |
Executes immediately | Blocked. Claude names exactly what gets destroyed and asks to confirm. |
npm install some-package |
Installs silently | Claude explains what the package does, confirms the name, and flags if it's obscure |
| Feature is built | Ships with the gaps Claude skipped | /vibe-guardian reads the actual code — finds missing auth checks, unhandled errors, edge cases |
| Something breaks | Claude tries fix after fix until you stop it | /vibe-oops: three options — fix it, undo it, escalate. Stops after 3 attempts to reassess. |
| A bug took 2 hours to find | Same bug is possible next session | Root cause written to .vibe/bugs.md — next time, Claude already knows why it happened |
In Claude Code, run these two commands:
/plugin marketplace add googlarz/vibe-coder-kit
/plugin install vibe-coder-kit@vibe-coder-kit
That's it. The hooks and all 27 skills are now active everywhere. It doesn't touch your app — it only changes how Claude behaves during sessions.
Then, inside any project you want Claude to remember:
/vibe-coder-kit:vibe-init
This writes a CLAUDE.md behavioral baseline and creates the .vibe/ memory directory for that project. Run it once per project.
Prefer a manual install? (no plugin)
If you'd rather not use the plugin system, clone and run the installer instead:
git clone https://github.com/googlarz/vibe-coder-kit ~/.vibe-coder-kit
bash ~/.vibe-coder-kit/install.sh # global: hooks + skills
bash ~/.vibe-coder-kit/install.sh --project # run inside a project: CLAUDE.md + .vibe/Use one method or the other — not both. Installing the plugin and running install.sh registers the hooks twice, so they'll fire twice per session.
Every project gets a .vibe/ directory. Claude writes to it during sessions and reads from it at the start of each new one.
.vibe/
├── project.md what you're building, your stack, deployment platform
├── sessions.md what changed each session, what to test manually
├── decisions.md why you chose X over Y — so it doesn't get re-litigated
├── debt.md shortcuts taken, fragile things, "ask a developer about this"
├── bugs.md root causes of past bugs — same thing doesn't get debugged twice
├── gotchas.md unexpected library/service behaviors that cost time to find
└── conventions.md naming and structural rules that should stay consistent
No re-explaining the project at the start of every session. No rebuilding context. The history, the debt, the bugs — already there.
Everything in .vibe/ stays on your machine — Claude reads it locally at the start of each session and it's never sent anywhere.
Should you commit .vibe/? /vibe-init asks when you set up the project. Commit it to travel with the code (useful for teams or backup). Add it to .gitignore to keep it private. Either works.
No invocation needed. These run on every session.
| Hook | When | What it does |
|---|---|---|
| Session start | Every new conversation | Reads .vibe/project.md and .vibe/sessions.md. Surfaces recent history. Asks what you're working on today and what NOT to touch. Warns if a production environment is detected. |
| Before bash commands | Any shell command | Blocks database wipes, file deletions, and git history rewrites — explains why before stopping. Enforces scope (areas you said not to touch today). Explains every package before installing it. Requires confirmation before anything that can't be undone. |
| Session stop | When Claude finishes | Runs vibe-safe scan if installed. Surfaces findings before the final response. Reminds Claude to write to .vibe/sessions.md. |
Claude suggests these at the right moment — you don't need to memorize the list. It watches the conversation and will say "this looks like a good moment for /vibe-coder-kit:vibe-guardian" before you'd think to ask. You can also invoke any skill directly by name whenever you want.
Skill names after plugin install are prefixed with the plugin name: /vibe-coder-kit:vibe-skeptic, /vibe-coder-kit:vibe-plan, etc. With the manual install they're shorter: /vibe-skeptic, /vibe-plan. The tables below show the base name — add the prefix if you installed via plugin.
Starting without thinking it through is how scope explodes and time disappears.
| Skill | When to run | What you get |
|---|---|---|
/vibe-skeptic |
New idea, before writing any code | An honest conversation about whether it's worth building. Green light, or a concrete experiment to validate first. |
/vibe-think |
Idea passes the skeptic test | Five questions, concrete scope, explicit "not building" list, biggest risk named. |
/vibe-plan |
Scope is confirmed | 3–5 phases, each with a checkpoint and a user-observable verify step. |
Keep the session focused and catch gaps before they ship.
| Skill | When to run | What you get |
|---|---|---|
/vibe-scope |
Start of any session | What we're touching today and what NOT to touch. Checkpoint created. Scope written so the hook enforces it automatically. |
/vibe-test |
Feature is built | Happy path, failure paths, edge cases, regression check. One verdict at the end. |
/vibe-guardian |
Anything touching user data, auth, or external services | Reads the actual code, finds the gaps Claude skipped: error handling, auth enforcement, edge cases, data assumptions. Critical findings come with fixes. |
/vibe-auth |
Auth system needs a security audit | Seven checks: login inputs, session expiry, protected routes, authorization (user A can't see user B's data), password reset, password storage, logout. |
Something broke, something was exposed, or something's about to go dangerously wrong.
| Skill | When to run | What you get |
|---|---|---|
/vibe-oops |
Something is broken right now | Diagnosis in plain English. Three options: fix it, undo it, escalate. No more than 3 fix attempts before stopping to reassess. |
/vibe-debug |
Bug exists but the cause isn't obvious | Reproduce first, narrow where it lives, form a hypothesis, fix the root cause — not the symptom. |
/vibe-stuck |
Tried the same thing twice and it still doesn't work | Stops the loop. Names what's known vs. assumed. Picks a different path. |
/vibe-env |
Works locally but not in production | Six-point audit: secrets, config, .gitignore, hardcoded values, platform-specific behavior. |
/vibe-log |
Got an error message you don't understand | Translates it to plain English. Finds the cause. Proposes one fix. |
/vibe-rollback |
Something broke in production and needs fixing now | Detects your deployment platform and gives the exact rollback steps. |
/vibe-secret |
An API key, password, or token may have been exposed | Rotate first, then scrub git history, then audit what was at risk. In that order. |
/vibe-db |
Database migration, data inspection, or schema change | Verifies which environment you're in. Reads before writing. Backs up before anything destructive. |
Getting to production, keeping it healthy, managing the project over time.
| Skill | When to run | What you get |
|---|---|---|
/vibe-check |
Before pushing | Runs vibe-safe (66 checks) if installed, or a built-in scan otherwise. Every finding in plain English with a concrete fix. Clear verdict: safe to push or not. |
/vibe-git |
After /vibe-check passes | Branch check, meaningful commit message, uploaded to GitHub, optional PR description. |
/vibe-launch |
Before going live | Six checks: secrets, deployment, core flow, monitoring, contact info, rollback plan. |
/vibe-monitor |
App is live but there's no way to know when it breaks | Sets up Sentry (errors) and UptimeRobot (uptime). You find out before your users do. |
/vibe-health |
Sessions feel messy or the same things keep breaking | Debt level, momentum, safety signals, honest "do you need a real developer?" assessment. |
/vibe-handoff |
Bringing in a developer | Escalation document with everything they need to understand the project and take over. |
/vibe-onboard |
Someone new is joining | First-hour guide: setup steps, what's fragile, what not to touch. |
/vibe-docs |
README is missing or out of date | Writes the public README from actual project files — nothing invented. |
/vibe-explain |
Session is wrapping up | What was built, what to test before closing the tab, one thing to watch. Three sentences. |
/vibe-perf |
Something feels slow | Measures the actual bottleneck. Fixes the biggest one. Verifies improvement with numbers. |
/vibe-upgrade |
Upgrading a dependency | One package at a time. Checkpoint before each. Failed upgrades written to debt.md. |
/vibe-clean |
Project is stable and you want to reduce known risk | Picks one documented debt item, fixes it properly, writes a test to keep it fixed. |
vibe-coder-kit pairs with vibe-safe: a shell script that runs 66 security checks on every commit without Claude. It catches what behavioral contracts can't — the credential that slipped into the wrong file, the SQL query built from user input, the JWT that never expires.
| vibe-coder-kit | vibe-safe |
|---|---|
| Claude interprets context | Shell script — no LLM |
| Guards scope and intentions | Checks actual code and git state |
| Runs during conversation | Runs on every commit |
| Explains in plain English | Cites exact file:line |
When vibe-safe is installed, /vibe-check runs it and translates every finding to plain English. The session stop hook surfaces findings before Claude writes its final response. Git commit is blocked until STOP-level findings are resolved.
The manual install.sh offers to install vibe-safe for you. With the plugin, install it once separately:
git clone https://github.com/googlarz/vibe-safe ~/.claude/skills/vibe-safePlugin install: run /plugin in Claude Code — vibe-coder-kit should appear as installed. Skills are available as /vibe-coder-kit:vibe-*. Start a new session in a project that has a .vibe/ directory; Claude should greet you with the project context it remembers.
Manual install: the installer drops a checker script:
bash ~/.claude/vibe-coder-kit/verify.sh
bash ~/.claude/vibe-coder-kit/verify.sh --project # also check the current projectIt confirms all hooks are registered in Claude Code settings. With --project, it also verifies CLAUDE.md and all seven .vibe/ template files are in place.
- Claude Code
- bash
- git (checkpoints and vibe-safe don't work without it)
- Python 3 — only for the manual
install.sh. The plugin doesn't need it.