Vibosome

Vibosome security

Project isolation, encrypted secrets and guarded automation

How Vibosome protects accounts and projects with scoped access, encrypted project secrets, guarded AI changes, runtime limits, request controls and backups.

Authentication and project scope

Customer access is isolated by owner, and customer-created AI tokens are restricted to one selected project. Admin and customer sessions use separate boundaries.

Secrets and stored data

Saved project secret values use AES-256-GCM envelopes and are redacted from logs and AI context. This field-level layer does not encrypt every record in the JSON store.

Runtime guardrails

Jobs run in disposable Docker workspaces with memory, CPU, PID, log, and result-size limits. Result collection rejects linked and out-of-workspace paths.

Guarded AI changes

Approvals bind the customer, token, project, action, payload, expiry, and one-use state so a different request cannot reuse an approval.

Current limitations

Vibosome still uses single-host JSON persistence, operator access is not split into granular staff roles, and automated off-host backup and independent incident monitoring remain planned work.