FixVibe

// docs / quickstart

Quickstart

Sign up, run your first scan, read the report. The Free tier is real โ€” no credit card required to evaluate.

1. Create an account

Visit /sign-in and choose Google, GitHub, or magic-link email. New accounts start on the Free plan, which includes 3 scans per month and passive scans only. You can upgrade later from Account โ†’ Billing.

2. Run a scan

01

Pick a target

From the dashboard click New scan, paste a URL, and submit. FixVibe normalises bare hostnames (example.com โ†’ https://example.com) and rejects internal addresses (RFC 1918, link-local, AWS metadata).

02

Wait ~20 seconds

A passive scan maps the app, checks shipped responses and configuration for high-confidence security signals, and prepares the report. Live progress streams via the dashboard; you do not need to refresh.

03

Read the report

The report opens automatically when complete. Free plan users see only the highest-severity finding in full (title, description, evidence, remediation); other findings are stripped to severity-only stubs server-side (DOM inspection reveals nothing). The Hobby plan and higher (Pro, Unlimited) unlock every finding plus the AI fix-prompt copy button on each one.

3. Run an active scan (optional, Hobby plan and higher)

Active scans perform bounded, non-destructive verification against domains you own. Add and verify a domain at Dashboard โ†’ Domains, authorize active testing for that domain, then start an Active scan from New scan โ†’ Active mode or through REST/MCP where your plan allows it.

4. Use the REST API

Mint a bearer token at Account โ†’ API tokens. Plaintext is shown once; paste it into your CI / Cursor / curl.

curl
# Start a passive scan
curl -X POST https://fixvibe.app/api/v1/scans \
  -H "Authorization: Bearer fxv_..." \
  -H "content-type: application/json" \
  -d '{"target":"https://staging.example.com"}'

Full reference at /docs/api.

5. Plug FixVibe into your AI agent (MCP)

FixVibe ships an MCP server at /api/mcp with seven tools, two resources, and a /fixvibe-fix slash command for templated remediation prompts. Wire it into Claude Desktop / Cursor / Continue โ€” see /docs/mcp.

Where to go next

  • Scan types โ€” passive vs active vs GitHub repo scans, the attestation flow.
  • Domains โ€” verify a domain, schedule re-scans, enable live threat monitoring.
  • Quotas & limits โ€” per-tier caps, API rate limits, retention policies.

Stuck?

Email support@fixvibe.app with the scan id and what you expected vs what you saw. The Hobby plan gets standard support, the Pro plan gets priority support, and the Unlimited plan includes dedicated support.

Quickstart โ€” Docs ยท FixVibe