How it Works
Use AI analyst roles to create governed, documented software changes.
Key Concept
Vibe Assurance doesn't automatically intercept your development workflow. You need to explicitly invoke AI roles to get governance documentation. Simply asking Claude to "add dark mode to the settings page" will add the feature, but won't create a Change Request or any governance artifacts.
This won't create governance docs:
"Add dark mode to the settings page"
To get proper governance, you invoke Vibe's AI analyst roles. Each role has a specific job and creates specific artifacts.
The Governance Workflow
Here's the typical flow for implementing a governed feature:
Create a Strategic Plan (Optional)
For larger features, ask the Technical Strategist to create a plan that breaks work into multiple CRs.
"Use the Vibe Technical Strategist to plan a complete dark mode system with theme persistence and system preference detection."
This creates a PLAN artifact with a roadmap of CRs (e.g., CR-2026-001 through CR-2026-003).
Plan a Change Request
Ask the Implementation Planner to create the CR documentation.
"Use the Vibe Implementation Planner to create a CR for adding a dark mode toggle to the settings page."
This creates a CR artifact with: change-request.md, implementation-plan.md, rollback-plan.md, and impact-analysis.md.
Implement the CR
Ask the Implementation Engineer to implement a specific CR.
"Use the Vibe Implementation Engineer to implement CR-2026-001."
The engineer follows the implementation plan and makes the code changes.
Test the CR
Ask the Test Engineer to verify the implementation.
"Use the Vibe Test Engineer to test CR-2026-001."
The test engineer runs tests and adds a verification-report.md to the CR.
Commit to Production
After any manual testing, ask the Commit Officer to push.
"Use the Vibe Commit Officer to push CR-2026-001 to main."
The commit officer creates a proper commit message referencing the CR.
Quick Examples
Simple Feature (Single CR)
For quick changes, you can skip the strategic plan and go straight to planning:
"Use the Vibe Implementation Planner to create a CR for adding a logout button to the dashboard, then implement it."
Claude will create the CR documentation, then implement, test, and can commit when you're ready.
Security Vulnerability Fix
"Run the Vibe Security Auditor on my codebase."
The Security Auditor scans your code, creates a security report, and adds vulnerabilities to the register. You can then ask:
"Use Vibe to create a CR to fix VUL-001 and implement it."
Working from a Plan
If you have an existing strategic plan:
"Show my active Vibe plans and implement the next pending CR."
AI Analyst Roles
Each role has a specific purpose:
Security & Risk
Security Security Auditor
Scans code for OWASP vulnerabilities, generates security reports, populates vulnerability register.
Security Risk Auditor
Assesses operational and technical risks, calculates scores based on likelihood and impact.
Security Remediation Analyst
Creates fix guidance for vulnerabilities with code recommendations.
Planning & Strategy
Planning Technical Strategist
Creates strategic plans with multiple CRs for larger initiatives.
Planning Implementation Planner
Creates CR documentation: change request, implementation plan, rollback plan.
Planning Test Analyst
Creates test plans covering unit, integration, and acceptance criteria.
Implementation & Delivery
Implementation Implementation Engineer
Executes code changes according to approved implementation plans.
Implementation Test Engineer
Runs tests, performs verification, creates test reports.
Implementation Commit Officer
Validates commits, ensures CR references, pushes to production.
Local-Only Development
If you don't have separate dev/test/prod environments, the workflow still works. The Commit Officer will commit to your main branch (or whatever branch you specify). All governance artifacts are stored in Vibe Assurance's cloud, giving you an audit trail even for local development.
Tip: Check Your Context
Ask Claude to "show my Vibe context" anytime to see your current governance state: active CRs, open risks, vulnerabilities, and the next available CR ID.