I Ran My Own Security Audit Tool Against My Own Codebase. It Caught a Bug I'd Shipped to Main.

Dogfooding your own security tool is the most honest unit test there is. I ran VibeScan against the codebase that built VibeScan. It caught a real token leak I had shipped. Here is what it found, why it mattered, and what happened next.