Review your entire codebase without uploading code to VibeRails servers. AI analysis requires internet connectivity to reach your configured AI provider, but no code ever passes through VibeRails infrastructure.
Not every organisation can upload source code to a third-party cloud service. For teams in finance, healthcare, defence, and government, sending code to a vendor's cloud infrastructure may violate regulatory requirements or internal security policies. Compliance frameworks like SOC 2, HIPAA, ITAR, and FedRAMP impose strict controls on where sensitive data – including proprietary source code – can be processed and stored.
Even outside regulated industries, intellectual property protection is a legitimate concern. Startups building novel technology, companies with trade-secret algorithms, and any team working on competitive-advantage code want to minimise the number of third parties that handle their source. The fewer systems that touch your code, the smaller your attack surface.
Traditional code review tools largely ignore this concern. Most operate as cloud-hosted SaaS platforms that require you to grant repository access, push code to their servers, or integrate through webhooks that transmit file contents on every commit. If your security posture does not permit that, you are left with manual review or basic linters that run locally but lack the depth of AI-powered analysis.
The standard architecture for AI code review tools follows a familiar pattern: you connect your repository, the tool pulls your code to its cloud infrastructure, runs analysis on its servers, and returns results through a web dashboard. Your code transits through – and is often stored on – systems you do not control. Some tools offer self-hosted options, but these typically require significant infrastructure investment and ongoing maintenance.
VibeRails takes a fundamentally different approach. It is a desktop Electron application that runs on your machine with no VibeRails cloud service. There is no repository integration that pulls code to remote servers, and no web dashboard hosted on someone else's infrastructure. The application launches locally, reads your project files from disk, and stores all review results as local JSON files.
The AI analysis itself is powered through a bring-your-own-key (BYOK) model. VibeRails orchestrates locally installed CLI tools – Claude Code, Codex CLI – that you have already configured with your own API credentials. When AI analysis runs, the code goes directly from your machine to the AI provider you already trust and have a relationship with. It never passes through VibeRails servers, because VibeRails does not operate servers that handle customer code.
The VibeRails desktop app is self-contained for most workflows. Once installed, the core functionality – project management, triage workflows, report generation – requires no network connectivity. Here is what happens entirely on your machine:
The application is designed so that the network-dependent operations (AI analysis) are clearly separated from the network-independent operations (everything else). You can triage a review, export reports, and manage sessions on a machine that has no internet access at all, as long as the AI analysis step was completed earlier on a connected machine or the review data files are transferred in.
Once a review has been completed, the entire body of findings is available offline. This means teams in secure environments can run AI analysis on a connected workstation, then transfer the review data to restricted machines where developers triage and act on findings without any network exposure.
There is one step in the workflow that requires network access: running the AI analysis itself. The AI CLI tools that VibeRails orchestrates – Claude Code and Codex CLI – need to reach their respective API endpoints to perform the code review. This is the same connectivity requirement you already accepted when you subscribed to those AI services.
The critical distinction is where the code goes during this step. With VibeRails, your source code is transmitted directly from your machine to the AI provider (Anthropic or OpenAI) using the API credentials you configured. It does not route through any VibeRails infrastructure. VibeRails never sees, stores, or processes your code on its own servers – because it does not have servers that handle customer code.
For teams that cannot send code to any external API, fully local AI code review is now a
realistic option. Open-weight models have reached near-SOTA coding performance, and the Claude
Code CLI natively supports redirecting to local model servers via ANTHROPIC_BASE_URL.
See the local AI code review guide for
step-by-step setup instructions with Ollama and vLLM.
Download VibeRails and run a full-codebase review without uploading your code to a VibeRails cloud service. The free tier includes 5 issues per review – enough to evaluate the workflow in your environment. Pro plans start at $19/month, or $299 for a lifetime licence per developer, or $19/month if you prefer flexibility.
Tell us about your team and rollout goals. We will reply with a concrete launch plan.