Submit a code diff, pick a risk class, and VibeVal screens the change for the artifacts IEC 62304 expects — test evidence, traceability, risk analysis — then drafts a CSA-style rationale and stamps a SHA-256 attestation of the screen. Your Quality Engineer still makes the call. They just stop burning review cycles on packages that were never ready.
FDA finalized CSA guidance in September 2025. Risk-based critical thinking replaces script-heavy documentation. The old tooling doesn't fit the new framework, and the new framework has no tooling. That's the gap.
Still 0 purpose-built CSA tools on the market. VibeVal is the first piece of that tooling: not automated judgment — a readiness screen that makes the human judgment cheaper.
One API call. A deterministic rule engine screens the package, an AI drafts the rationale, and a tamper-evident hash records the screen. The compliance verdict stays with your reviewer.
POST your code change with the IEC 62304 risk class (A, B, or C) and a short context.
Deterministic rules check the diff for the artifacts IEC 62304 expects at that risk class — tests, traceability IDs, risk analysis, formal verification. No AI in the verdict.
A CSA-style critical-thinking draft against IEC 62304 §5.5–5.7 — written to be edited and owned by your reviewer, not filed as-is.
A SHA-256 attestation records what was screened, when, and by which engine version. File it alongside your reviewer's assessment in the Design History File.
Real shape of the API. Submit on the left, response on the right. compliant means no required artifact is missing for the declared risk class — an artifact-completeness verdict, not a regulatory determination.
POST /v1/validate
Authorization: Bearer csa_...
{
"framework": "iec-62304",
"risk_class": "B",
"change_type": "modification",
"diff": "...",
"context": "Patient monitor refresh rate per REQ-042"
}
{
"compliant": true,
"findings": [],
"risk_assessment": {
"risk_class": "B",
"required_artifacts": [
"change_description",
"test_evidence",
"design_reference"
],
"missing_artifacts": []
},
"validation_rationale": "...",
"attestation": {
"timestamp": "2026-05-06T...",
"input_hash": "sha256:...",
"framework_version": "iec-62304-2015",
"engine_version": "1.0.0"
},
"rationale_status": "ready"
}
The expensive part of validation isn't the first review — it's the rework loop when a package reaches your reviewer missing test evidence or traceability. Put your team's numbers in.
Bounce rate and rework hours are your estimates — adjust them to your team's first-pass yield. VibeVal cost assumes every change is screened at list price ($0.50 A, $2 B, $5 C); mixed classes assume a 50/50 blend. Internal team assumes $100/hr fully loaded. Screening flags missing artifacts before review — it does not replace the review itself.
Pay per screen. No subscription, no quota expiration. The price scales with the artifact rigor IEC 62304 expects at that risk class.
Buy credits in fixed packs. Credits are dollars — each check deducts its list price.
Quality Engineers and Validation Engineers shipping software in regulated environments. VibeVal does the completeness pass so their review time goes to judgment, not checklist-chasing.
Software validation gaps don't stay internal. They surface as 483s, warning letters, and recalls.
No — and be suspicious of any tool that claims to. Validation under CSA is a human critical-thinking exercise, and it stays that way. VibeVal screens a change package for the artifacts that exercise needs, drafts the rationale your reviewer edits and owns, and attests what was screened. It makes the human judgment faster and better-fed. It does not replace it.
No. VibeVal is a screening tool that assists your validation process. The Quality Engineer remains responsible for the final assessment. The attestation hash is evidence of what you submitted and what the engine returned. It is not a guarantee of regulatory compliance.
IEC 62304:2015 today. ISO 13485 software lifecycle requirements and 21 CFR 820.30 design controls are next. Tell us what's blocking your team and we'll prioritize it.
Deterministic structural rules. We check whether the submitted diff includes the artifacts IEC 62304 requires for the declared risk class — test files for Class B and C, traceability identifiers (REQ-, SRS-, DESIGN-), risk analysis references for Class C, formal verification evidence for Class C. The rules can be reviewed and contested. The LLM only generates the rationale text, never the verdict.
Yes. The screen checks that the required artifacts are present, not that they're good. A test file can exist and still be inadequate; a traceability ID can be cited and still be wrong. That's exactly the judgment your reviewer is for — the screen just guarantees they never spend a cycle discovering an artifact is missing entirely.
The diff is sent to the rule engine and the rationale generator. We do not store the diff content. We store an SHA-256 hash of the inputs and result, and a usage record (timestamp, risk class, status code) for billing.
Because Quality Engineers can expense $20 of credits without procurement approval. Subscriptions need contracts. Per-use pricing also keeps the incentive aligned: we make money when you use the tool, not when you forget to cancel.
The rules engine and rationale generator are versioned. Every attestation records the engine version that ran. If guidance shifts, we update the engine and version-bump. Your historical attestations remain reproducible against the version they ran on.
Yes. The API is HTTP. A GitHub Action wrapper is on the roadmap; for now a few lines of curl in your pipeline run a check on every PR. The async rationale endpoint lets you gate CI on the deterministic verdict and fetch the rationale separately for the audit trail.
Those are quality management systems. They store documents, route signatures, and manage workflows. VibeVal screens a specific code change against IEC 62304's artifact requirements in seconds. The two are complementary. The attestation hash drops into your existing QMS as evidence of the screen.
Sign up, get an API key, screen your first change in under a minute.
Get started