VVaubaan

Trust

Security at Vaubaan

The agent never sees the secret. Here's how we make that promise hold.

Last updated · 2026-05-26


1. Principles

  • No secret reaches the agent. Every upstream call is minted server-side by Vaubaan with a short-lived token. The agent only sees the result.
  • Default deny. Every MCP call goes through the policy engine before it is forwarded upstream. New tools and new resources are denied until explicitly bound.
  • Least privilege. Builtin roles (e.g. github:developer) scope writes to branches matching feature/*, fix/*, claude/*and forbid merges and deletes.
  • Full audit. Every call — allow or deny — is logged with bot id, tool name, target, and policy decision.

2. Token model

GitHub. We use the GitHub App install flow. We store only the installation_id. For each authorized call we build a 9-minute JWT signed with the App private key (stored in our infrastructure secrets manager, never in DB), exchange it for a 1-hour installation token, use it for the upstream call, and drop it from memory.

Vercel and Supabase. The org admin supplies a provider PAT through an authenticated channel. We encrypt it at rest with AES-256-GCM. The plaintext is held in memory only during the upstream call.

Access tokens. When an org member creates an access token, the API key is shown exactly once. We store only an argon2id hash for verification. Lost keys must be rotated.

3. Encryption

  • All traffic uses TLS 1.2+ (HSTS enabled on the gateway).
  • Data at rest in our managed Postgres is encrypted with AES-256 (provider-managed).
  • Provider tokens are individually encrypted with AES-256-GCM and authenticated using a per-row nonce.
  • Backups are encrypted and retained for 35 days max.

4. Isolation

  • Each organization is a separate tenant. Postgres Row-Level Security gates every cross-org read or write.
  • The audit log is partitioned by organization and never queried across orgs in the same request.
  • The gateway runs in stateless functions; no provider token is ever written to disk on the forwarder.

5. Audit & observability

Every MCP call appends one row to the org audit log: access token id, tool name, resolved upstream resource, policy decision, deny reason (if any), and timing. Org members can stream the log in the dashboard. Audit data is retained 90 days by default and is configurable per-org up to 2 years.

6. Access controls

  • Org membership is flat — every member has full RW. An owner is designated per-org and is protected against removal; transferring ownership requires an explicit action from the current owner.
  • Access token creation, provider connection, and role edits require org membership.
  • Internal access by Vaubaan staff to production is logged, scoped, and requires a documented ticket.

7. Incident response

We will notify affected customers without undue delay (and at the latest within 72 hours where required by GDPR) of any security incident involving their data. Our incident-response runbook covers detection, containment, eradication, recovery and post-mortem.

8. Responsible disclosure

Report a vulnerability to security@vaubaan.com. We commit to acknowledging within 2 business days, providing a remediation timeline within 7 days, and not pursuing legal action against good-faith researchers.

Security — Vaubaan