Your agents can build anything. Your cloud’s IAM can’t keep up.
You run Claude Code across GitHub, Vercel, Supabase, and more. But cloud permissions weren’t designed for autonomous agents — they’re too coarse, different everywhere, and one leaked PAT nukes everything. Vaubaan is one MCP endpoint, one risk model, and zero cloud tokens in agent context.
Cloud IAM breaks at agent scale
You’ve moved past “can AI code?” The new bottleneck: giving a fleet of agents safe access to your infrastructure without spending a week on IAM per cloud.
10 clouds, 10 security models
GitHub has org/repo permissions. Vercel has team roles. Supabase has service keys. Each cloud has a different IAM model, none designed for autonomous agents. You spend days understanding each one — before writing a single line of agent config.
One token, unbounded blast
Your agent holds a PAT that can read every repo, merge to main, deploy to prod, and subscribe to paid add-ons. The "Allow / Deny" dialog doesn't scale when a fleet generates hundreds of calls per hour.
No delegation, no trail
Your orchestrator spins up 5 sub-agents with the same credentials. One merges the wrong PR. Another drops a staging table. Who authorized what? When? You're grepping 5 cloud audit logs, correlating timestamps by hand.
Think in risks, not permissions
Instead of mapping tool × resource × action matrices across clouds, you check a box. ~15 risks per provider. Done in 30 seconds.
Each risk carries a 6D severity vector: reversibility, blast radius, data sensitivity, cost, visibility, persistence. The UI sorts by severity — scan in 30 seconds.
// GitHub Fine-grained PAT
{
"repositories": ["acme/website"],
"permissions": {
"contents": "write",
"pull_requests": "write",
"metadata": "read",
"actions": "none",
"administration": "none"
// 18 more fields...
}
}
// Now do Vercel. Now Supabase.
// Now Railway. Now Stripe.
// Now figure out which combo
// lets the agent deploy previews
// but not prod. Per cloud.Agents delegate to agents. The envelope only shrinks.
Any vbn_live_* token can mint children via POST /api/v1/tokens/mint. Each child gets a strict subset of the parent’s risks. TTL is monotonically decreasing. Max depth is 5.
└─ Orchestrator (8 risks · TTL 4h)
├─ Coder (3 risks: read-code, feature-branch, create-pr · TTL 1h)
│ └─ PR bot (1 risk: create-pr · single-use)
└─ Infra agent (4 risks: deploy-preview, read-logs, env-vars · TTL 1h)
A child can never hold a risk its parent doesn’t. Escalation is out-of-band — the child asks the parent, not the gateway.
Revoke a parent token — every descendant is cascade-deleted. One click, full cleanup.
Every audit entry records the full delegation_chain from root to leaf. Forensics traces who authorized what, at every level.
The agent never sees a cloud credential
Your agent authenticates with a vbn_live_* token. For every allowed call, Vaubaan mints a JIT upstream token (GitHub installation token, Vercel OAuth token, etc.), uses it once, and drops it. The agent’s context never contains a real cloud secret.
vbn_live_*Four steps to your first audited call
Connect providers
GitHub App install, Vercel OAuth, Supabase PAT. Upstream credentials stay in Vaubaan. The agent never sees them.
Bind resources
Pin each project to specific repos, Vercel projects, Supabase refs. Everything else is invisible to the agent.
Accept risks
Tick a checklist of ~15 human-readable risks per provider. Get a vbn_live_* token. 30 seconds.
Ship your agent
Paste the token in mcp.json. Every call: classify risks, check envelope, JIT-mint upstream token, forward, audit.
One security model. 11 providers.
You learn one risk model, one token format, one audit schema. We handle the per-cloud complexity behind the proxy.
Building multi-agent systems?
Read the agent-facing reference — written for LLMs. How to authenticate, delegate to sub-agents, handle denials, and escalate. Drop it in your agent’s context.
Stop reverse-engineering IAM docs. Start shipping agents.
Free during private beta. No credit card.
Start free