An agentic medallion Alchemist, a governed semantic layer, and a two-plane access model — running entirely on your premises. This is the architecture under the magic.
VibeBI is an on-premise enterprise analytics platform that turns a raw warehouse into a governed, self-service BI service. It is built on three product surfaces that share contracts but keep responsibilities separate:
VibeBI ships with its own embedded agent engine. The agent does most of the drafting; human stewards and IT custodians approve and execute through certification gates — they are never the bottleneck.
The platform separates the agent runtime (on the user's laptop) from the control plane (on-prem server). Warehouse and LLM credentials never reach end-user devices.
flowchart LR
subgraph client["User laptop"]
DT["VibeBI Desktop"]
SC["Agent sidecar :4580
VibeBI agent engine"]
DT --> SC
end
subgraph server["On-prem server :8080"]
AUTH["Auth / SSO"]
BRK["Warehouse broker
read-only SQL"]
GW["LLM gateway"]
STORE["Report store
Postgres + object store"]
ACL["Access control"]
end
CH[("Warehouse (EDW)
bronze · silver · gold")]
WEB["VibeBI Web viewer"]
SC --> AUTH
SC --> BRK
SC --> GW
BRK --> CH
DT --> STORE
WEB --> AUTH
WEB --> STORE
STORE --> ACL
| Component | Port | Responsibility |
|---|---|---|
| Agent sidecar | 4580 | Runs the embedded agent, streams turns to desktop |
| Platform server | 8080 | Settings, governance, broker, gateway, store, audit |
| Warehouse (EDW) | — | Bronze landing, silver views, gold views |
VibeBI's scope starts at bronze — post-ingestion. It promotes data through a governed medallion: bronze → silver → gold + semantics. The single hard rule: gold is never built directly from bronze; certified silver views must exist first.
flowchart LR B["Bronze
source-shaped landing
source__entity"] --> S["Silver
silver_<domain>
conformed views"] S --> G["Gold
gold_<domain>
facts & dims"] G --> SEM["Semantics
entities · grain · tags"] SEM --> CR["Create / Web
published gold only"]
| Layer | Pattern | Object | Built by |
|---|---|---|---|
| Bronze | bronze_<source> | Source tables | Ingestion / IT |
| Silver | silver_<domain> | CREATE VIEW | Agent drafts · steward approves |
| Gold | gold_<domain> | CREATE VIEW | Agent drafts · steward publishes |
| Semantics | vibebi_semantic | Metadata | Silver-sourced manifests |
Stage 1 (Bronze → Silver) covers profiling, data-quality analysis, conformation, and domain/classification proposals. Stage 2 (Silver → Gold) covers entity resolution, manifest and gold-view drafting, validation, and repair loops. Physical database names are deployment configuration, not hard-coded in binaries.
The semantic layer is what makes reports durable. Instead of binding dashboards to physical tables, VibeBI exposes entities, grains, mappings, certified metrics, and gold-model metadata through a single contract.
Because reports read the semantic layer, an upstream schema change is absorbed in the silver→gold mapping — downstream reports keep working without a rewrite.
# Agent discovery contract
GetSemantics # entities, tables, grains, mappings, certified metrics
QueryVibeBIGold # read-only SQL against published gold for real answers
Gold is not a one-shot publish. VibeBI captures demand signals from every BI agent turn — user questions, sparse/null metrics from live probes, query errors, join gaps, and entities the assistant could not answer — and turns them into steward-reviewed improvements to business drivers, manifests, and joins.
flowchart LR BI["BI Agent turns
chat + gold/silver probes"] --> SIG["Learning signals
catalog backlog"] SIG --> PROC["Process backlog
drivers · joins · hints"] PROC --> STW["Steward review
Gold → BI Learning tab"] STW --> GOLD["Approve drivers
publish manifests · build gold"] GOLD --> SEM["Updated semantics
fewer gaps next turn"] SEM --> BI
Stewards stay in control. Proposals create bi_learning business drivers in proposed status until approved. Manifest rebuilds for sparse metrics return to draft until re-published. Stewards can process step-by-step or run a full pipeline (process → approve → publish → build gold) from the desktop.
| Signal | Typical outcome |
|---|---|
| Recurring user questions | Append business questions or LLM-clustered bi_learning driver proposals |
| Sparse / null metrics in probes | Manifest rebuild hints; optional auto-rebuild (draft) |
| Query / join failures | Relationship hints; manifest join enrichment |
| Uncovered entities | New driver proposals for gold gaps |
The BI agent receives a compact learning gaps section on later turns (sparse measures, uncovered entities, pending drivers) so it answers honestly instead of re-probing known-null columns. The DG agent uses the same backlog when regenerating business drivers.
WarehouseGovernance actions (list_gold_learning, process_gold_learning, run_gold_learning_pipeline), and platform HTTP routes share one server implementation — no shadow UI-only pipeline.VibeBI runs a purpose-built embedded agent runtime — not a general chatbot. Two agent roles drive the product:
| Agent | Surface | Does |
|---|---|---|
| DG Agent | Data Governance | Profiles bronze, drafts silver/gold views and semantic manifests, proposes domain/classification tags |
| BI Agent | BI / Create | Plans, grounds in live semantics, queries gold, and builds governed report artifacts |
Access control uses two orthogonal planes, defined by the client and enforced on every field, query, report, and share.
Business-owned topic areas (Revenue, Supply Chain, HR Compensation), with optional sub-domains. Each domain has an owner who approves access requests — the business accountable party, not the technical table builder.
| Tier | Name | Typical use |
|---|---|---|
| 0 | Open | General internal visibility is acceptable |
| 1 | Standard | Everyday business use across teams |
| 2 | Sensitive | Limited audience, stronger controls |
| 3 | Guarded | Strict need-to-know, maximum protection |
This is the core access rule, and it has no bypass:
Report-level grants (roles, share links) can only narrow access — never widen it beyond underlying data entitlements. A gold model built from multiple silver tables inherits the union of their domain tags, so the owners of all inherited domains become the approvers.
| Action | Enforcement point |
|---|---|
| Create / build | Broker denies un-entitled gold queries; publish blocked if manifest incomplete |
| Preview / render | Server recomputes entitlement vs report manifest |
| Store listing | Only fully-accessible reports appear (or show locked with reason) |
| Share link | Resolver checks viewer entitlement against report manifest |
100% on-premise is our edge — VibeBI runs entirely inside your network, with warehouse credentials and model keys that never leave it. The pilot is a single-VM Docker Compose install; production hardens to an HA cluster without product redesign.
On-premise is the default, not the only option. The same architecture deploys to the cloud of your choice — public, private, hybrid, or multi-cloud — so you can place the control plane and warehouse wherever your data-residency and operations strategy requires.
The server is intentionally lean — a lightweight binary that runs comfortably on commodity hardware. All agentic compute — profiling, semantic extraction, model generation, report drafting — runs distributed on each user's desktop client, not on the server. The server handles only governance, brokering, and serving, so server-side resource requirements stay minimal even as your user base grows.
For data-sensitive clients, VibeBI supports a fully air-gapped deployment: 100% on-premise, zero internet dependency, running against an in-house LLM. No data, no queries, and no metadata ever leave your network. The entire system — server, desktop client, and LLM — operates as a sealed loop inside your perimeter.
.report.ts + generated HTML, rendered through ACL-gated APIs.Five non-negotiables hold across every deployment:
src/ in runtime images.| Layer | Technology |
|---|---|
| Runtime | Bun (server + sidecar), Rust (desktop shell) |
| Agent engine | Purpose-built embedded VibeBI agent runtime |
| Warehouse | Warehouse-agnostic — most SQL warehouses (ClickHouse used in the demo) |
| Control-plane store | PostgreSQL (settings, governance, metadata) + object store |
| Identity | OIDC / SAML SSO |
| Reports | .report.ts + generated HTML, ACL-gated render APIs |
| Packaging | Docker Compose (pilot) → HA cluster (production) |
Download the desktop app, the server, and the SimEDW sample data — and have a talking warehouse before your coffee gets cold.