Tag: security

Stop Exposing Your API Keys: How I Built a Five-Layer AI Proxy That Lets Users Call LLMs Without the Security Nightmare

A deep dive into Vibe's AI proxy architecture — server-side key management for Gemini and OpenAI, per-user credit deduction, rate limiting, provider abstraction, and why your frontend should never touch an LLM directly.

I Deleted Every Password From My Database. Here's Why My Users Are Safer Than Yours.

How I built passwordless authentication with magic link tokens, GitHub/Google/LinkedIn OAuth via Arctic with PKCE, JWT httpOnly cookies, and Elysia.js middleware — and why the password era needs to end.

HMAC-Signed Vibe-to-Vibe Calls: How We Stopped Micro-Apps from Impersonating Each Other

Inside the HMAC-signed request protocol that secures inter-app communication on the Vibe platform — where every micro-app runs in its own Cloudflare Worker sandbox and no one trusts anyone.

Layered Authorization in Elysia.js: Why Your Middleware Is Doing Too Much

How we built composable authorization layers using Elysia's derive() and scoped middleware — replacing a monolithic auth check with elegant derive chains that narrow permissions at every step.

We Use Subdomains as Security Boundaries. No Kubernetes. No Containers. Just Directories.

Inside Vibe's multi-tenancy architecture where every user's micro-app gets its own subdomain, filesystem, derived secret key, and SQLite database — all on a single server process.