FAQ from VibeKit
What makes VibeKit “privacy-first”?
VibeKit treats privacy as a foundational constraint—not an afterthought. All sandboxed executions occur in memory-isolated, network-restricted containers with no persistent storage, no telemetry exfiltration by default, and opt-in-only logging. Code, dependencies, and credentials never leave the sandbox boundary unless explicitly authorized via secure, auditable channels (e.g., signed GitHub webhooks).
Which sandbox providers are supported out of the box?
E2B is fully integrated and production-ready. Official adapters for Daytona and Modal are in active development and scheduled for Q4 2025. VibeKit’s pluggable runtime interface also allows teams to bring their own sandbox—whether Kubernetes-native, WebAssembly-based, or hardware-isolated—via a lightweight adapter SDK.
How does VibeKit ensure security and isolation?
VibeKit leverages OS-level primitives (namespaces, cgroups, seccomp-bpf) and sandbox-specific hardening (e.g., E2B’s unikernel isolation, Modal’s microVMs) to enforce strict process, filesystem, and network boundaries. Each agent session runs in a fresh, short-lived environment—destroyed immediately post-execution—with no shared state between invocations.
Can I use VibeKit offline or in air-gapped environments?
Yes. VibeKit’s core SDK is fully decoupled from cloud services. When paired with self-hosted sandbox runtimes (e.g., E2B Enterprise or Modal Self-Hosted), it enables fully offline, on-premises AI coding workflows—ideal for regulated industries and sovereign cloud deployments.