Support & Help Center

Does Vigile send my code to external servers?

Yes — content you submit is sent to the Vigile API for analysis. It is not shared with third parties and is retained only within your scan history window: session-only for Free, 7 days for Pro, 30 days for Pro+. We do not use your submissions to train models or build profiles.

Is the scanner open source?

Yes. The core CLI scanner is MIT-licensed and publicly auditable at github.com/Vigile-ai/vigile-scan. You can review detection logic, contribute improvements, or run it offline in air-gapped environments.

What data does Vigile collect about me?

We collect your email address, a hashed password, scan submissions, usage counts for quota enforcement, and a Stripe customer ID if you subscribe. We never store plaintext passwords or payment card details. See the full Privacy Policy.

How do you handle vulnerability disclosures?

If you discover a security vulnerability in Vigile itself, please email security@vigile.dev rather than opening a public GitHub issue. We follow responsible disclosure practices and aim to respond within 4 hours on weekdays.

What is MCP and why does Vigile scan it?

MCP (Model Context Protocol) is an open standard for connecting AI agents to external tools and data. Because MCP servers can execute code and access systems on your behalf, a malicious or compromised server is a supply chain risk — similar to a malicious npm package. Vigile scans MCP servers and agent skills before you install them.

Can I use Vigile in a CI/CD pipeline?

Yes. npx vigile-scan exits with a non-zero code when threats are detected, making it compatible with any CI system (GitHub Actions, GitLab CI, Jenkins, etc.). See the CLI documentation for integration examples.

How often are threat signatures updated?

Continuously. The Vigile threat registry is updated as new attack patterns, poisoned skills, and malicious MCP servers are identified — by our team and the open source community. The CLI always fetches the latest signatures at scan time.

What if I get a false positive?

Email support@vigile.dev with the scan ID or the content that triggered the false positive. We review all reports and update detection rules accordingly. You can also open a GitHub Issue if you prefer a public discussion.

What's included in the free tier?

The free tier includes a limited number of scans per month, session-only scan history, and access to the browser-based scanner and CLI. See the pricing page for a full comparison.

How do I upgrade from Free to Pro?

Visit the pricing page and click the Upgrade button for the plan you want. You'll be taken to a secure Stripe checkout. Upgrades take effect immediately.

Can I cancel my subscription anytime?

Yes, no contracts. Go to your account page and click “Manage Subscription” to cancel. You'll retain access through the end of your current billing period.

Do you offer refunds?

We offer a 7-day refund window on the first charge for new subscriptions. Email support@vigile.dev with your account email and we'll process it promptly.