Authentication and project scope
Customer access is isolated by owner, and customer-created AI tokens are restricted to one selected project. Admin and customer sessions use separate boundaries.
Secrets and stored data
Saved project secret values use AES-256-GCM envelopes and are redacted from logs and AI context. This field-level layer does not encrypt every record in the JSON store.
Runtime guardrails
Jobs run in disposable Docker workspaces with memory, CPU, PID, log, and result-size limits. Result collection rejects linked and out-of-workspace paths.
Guarded AI changes
Approvals bind the customer, token, project, action, payload, expiry, and one-use state so a different request cannot reuse an approval.
Current limitations
Vibosome still uses single-host JSON persistence, operator access is not split into granular staff roles, and automated off-host backup and independent incident monitoring remain planned work.