How V1be Check decides

These rules are read from the source. Changing them is a UX change, not just a config tweak.

Verdict thresholds

  • Any critical finding in security, auth, or payments Blocked.
  • Ship Score ≥ 90 and no manual checks → Launch Cleared.
  • Ship Score ≥ 75 Demo Ready (upgrades to Launch Cleared when manual checks are resolved).
  • Ship Score ≥ 50 Demo Ready.
  • Below that → Needs Work.

Category weights

  • security: 25%
  • auth: 20%
  • database: 15%
  • payments: 15%
  • deployment: 10%
  • ux: 10%
  • business: 5%
  • accessibility: 0%
  • compliance: 0%

Per-severity deductions

Severitysecurityauthdatabasepaymentsdeploymentuxbusinessaccessibilitycompliance
critical505040453025204540
major202015201510101816
minor555553355
info000000000

Blocking categories

A critical finding in one of these categories triggers a Blocked verdict regardless of overall Ship Score: security, auth, payments.

Confidence

Every finding carries a confidence — high, medium, or low. Secret-shaped strings that are public by design (a Supabase anon key, a Stripe publishable key, a NEXT_PUBLIC_* URL) or that live in test fixtures and examples are demoted to low confidence rather than flagged as leaks. A low-confidence critical never forces a Blocked verdict on its own — it still costs score and shows up, but it won't cry wolf.

Dismissing a false positive

If a finding is wrong for your project, you can suppress it so it stays dismissed across scans — it won't be persisted or affect the verdict:

  • Add a .vibecheckignore file at the repo root with gitignore-style path globs (e.g. src/generated/, *.test.ts).
  • Add an inline comment on or above the line: // vibe-check-disable-line, // vibe-check-disable-next-line, or // vibe-check-disable-file for the whole file.
  • Add a rule id to scope it to one rule: // vibe-check-disable-next-line secrets.regex. Omit the id to suppress every rule at that location.
How the verdict works · V1be Check