withvibe
Sign in
Back home
Security & data ownership

Your code never leaves your infrastructure.

Most AI coding tools send your code to their servers. WithVibe doesn't. It's self-hosted and source-available, so your repositories, prompts, and data stay on infrastructure you control — and every change is reviewed before it reaches production.

Self-hosted by design

WithVibe runs on your own infrastructure. We don't host your repositories, and a self-hosted deployment doesn't send your code, prompts, or usage back to us. There's no third-party data processor in the loop because there's no third party.

Self-host docs

Every environment is isolated

Each env runs as its own Docker Compose project on its own network. One env can't resolve or reach another's services by name — env A's database is invisible to env B. In subdomain mode, Traefik is the only thing that bridges across envs, and only to services you explicitly expose.

How isolation works

You own the AI keys

Bring your own LLM keys — personal, workspace, or server. The agent calls the model provider you choose with the key you control, straight from your infrastructure. Your code and prompts go to your AI vendor under your account, not through ours.

Models & API keys

The agent gate is a security control

Every change — no matter who proposed it — passes a parallel review before it merges to main. A dedicated security agent inspects the diff; if it flags a problem, the gate fails and the change is blocked. Speed for anyone, with a consistent check in front of production.

The agent gate

Your VCS is the record

Changes flow through normal git — a commit and a pull request against main. Who proposed what, what the diff was, and when it merged all live in your version control history, exactly like any other change your team ships.

What you own

  • Code and data stay on your infrastructure
  • No phone-home: self-hosted deployments don't report back to WithVibe
  • Bring your own LLM keys — your AI vendor, your account
  • Per-env network isolation by default
  • Full source under the Elastic License 2.0 — audit it yourself

Being straight about scope

WithVibe doesn't hold a SOC 2 or ISO certification today — and we're not going to claim one. With the self-hosted model, your deployment runs inside your own environment, under your own controls and compliance program. You decide where it runs, which model providers it talks to, and who has access.

Reviewing WithVibe for your team? Talk to us — we're happy to walk your security team through the architecture, or read the source yourself.

Talk to our teamSelf-host docs