VibeBI — Technology: Medallion Warehouse + Agentic Semantic Layer

1 · Overview

VibeBI is an on-premise enterprise analytics platform that turns a raw warehouse into a governed, self-service BI service. It is built on three product surfaces that share contracts but keep responsibilities separate:

VibeBI Desktop — the power-user and administration surface: BI Agent (reports), DG Agent (data governance), Explorer, Store, certification and access screens.
VibeBI Web — a lightweight, read-only consumer surface for discovering and opening governed report share links.
VibeBI Server — the headless on-prem control plane: identity, access control, report store, scheduling, audit, warehouse broker, and LLM gateway.

VibeBI ships with its own embedded agent engine. The agent does most of the drafting; human stewards and IT custodians approve and execute through certification gates — they are never the bottleneck.

Design stance. Live warehouse truth lives in tools and services, never in static prompt snapshots. The agent grounds every answer in live semantics and read-only gold queries.

2 · Architecture

The platform separates the agent runtime (on the user's laptop) from the control plane (on-prem server). Warehouse and LLM credentials never reach end-user devices.

flowchart LR
  subgraph client["User laptop"]
    DT["VibeBI Desktop"]
    SC["Agent sidecar :4580
VibeBI agent engine"]
    DT --> SC
  end
  subgraph server["On-prem server :8080"]
    AUTH["Auth / SSO"]
    BRK["Warehouse broker
read-only SQL"]
    GW["LLM gateway"]
    STORE["Report store
Postgres + object store"]
    ACL["Access control"]
  end
  CH[("Warehouse (EDW)
bronze · silver · gold")]
  WEB["VibeBI Web viewer"]
  SC --> AUTH
  SC --> BRK
  SC --> GW
  BRK --> CH
  DT --> STORE
  WEB --> AUTH
  WEB --> STORE
  STORE --> ACL

Component	Port	Responsibility
Agent sidecar	4580	Runs the embedded agent, streams turns to desktop
Platform server	8080	Settings, governance, broker, gateway, store, audit
Warehouse (EDW)	—	Bronze landing, silver views, gold views

3 · The Alchemist (medallion)

VibeBI's scope starts at bronze — post-ingestion. It promotes data through a governed medallion: bronze → silver → gold + semantics. The single hard rule: gold is never built directly from bronze; certified silver views must exist first.

flowchart LR
  B["Bronze
source-shaped landing
source__entity"] --> S["Silver
silver_<domain>
conformed views"]
  S --> G["Gold
gold_<domain>
facts & dims"]
  G --> SEM["Semantics
entities · grain · tags"]
  SEM --> CR["Create / Web
published gold only"]

Layer	Pattern	Object	Built by
Bronze	`bronze_<source>`	Source tables	Ingestion / IT
Silver	`silver_<domain>`	`CREATE VIEW`	Agent drafts · steward approves
Gold	`gold_<domain>`	`CREATE VIEW`	Agent drafts · steward publishes
Semantics	`vibebi_semantic`	Metadata	Silver-sourced manifests

Stage 1 (Bronze → Silver) covers profiling, data-quality analysis, conformation, and domain/classification proposals. Stage 2 (Silver → Gold) covers entity resolution, manifest and gold-view drafting, validation, and repair loops. Physical database names are deployment configuration, not hard-coded in binaries.

4 · Semantic layer

The semantic layer is what makes reports durable. Instead of binding dashboards to physical tables, VibeBI exposes entities, grains, mappings, certified metrics, and gold-model metadata through a single contract.

Certified metrics — steward-approved measures with expression, grain, and gold binding. One definition, reused everywhere.
Business glossary — Company / Team / Personal scoped terms with definitions and aliases, injected into agent sessions.
Field tags — every exposed field carries ≥ 1 data domain and a classification level.

Because reports read the semantic layer, an upstream schema change is absorbed in the silver→gold mapping — downstream reports keep working without a rewrite.

# Agent discovery contract
GetSemantics      # entities, tables, grains, mappings, certified metrics
QueryVibeBIGold  # read-only SQL against published gold for real answers

5 · Agent engine

VibeBI runs a purpose-built embedded agent runtime — not a general chatbot. Two agent roles drive the product:

Agent	Surface	Does
DG Agent	Data Governance	Profiles bronze, drafts silver/gold views and semantic manifests, proposes domain/classification tags
BI Agent	BI / Create	Plans, grounds in live semantics, queries gold, and builds governed report artifacts

6 · Governance model

Access control uses two orthogonal planes, defined by the client and enforced on every field, query, report, and share.

Plane A — Data Domains (business topic)

Business-owned topic areas (Revenue, Supply Chain, HR Compensation), with optional sub-domains. Each domain has an owner who approves access requests — the business accountable party, not the technical table builder.

Plane B — Sensitivity tiers

Tier	Name	Typical use
0	Open	General internal visibility is acceptable
1	Standard	Everyday business use across teams
2	Sensitive	Limited audience, stronger controls
3	Guarded	Strict need-to-know, maximum protection

Roles (RACI)

Data Domain owner — who may access a domain; approves access requests; co-signs sensitive publishes.
Data steward — what data means: definitions, grain, metrics, manifest approval, DQ certification.
Data custodian (IT) — how pipelines run: DDL execution, performance, backups, break-glass.

7 · Derived report access

This is the core access rule, and it has no bypass:

Derived access. A user may build, view, or share a report only if they hold effective access to every data domain and classification used by every field in that report.

Report-level grants (roles, share links) can only narrow access — never widen it beyond underlying data entitlements. A gold model built from multiple silver tables inherits the union of their domain tags, so the owners of all inherited domains become the approvers.

Action	Enforcement point
Create / build	Broker denies un-entitled gold queries; publish blocked if manifest incomplete
Preview / render	Server recomputes entitlement vs report manifest
Store listing	Only fully-accessible reports appear (or show locked with reason)
Share link	Resolver checks viewer entitlement against report manifest

8 · Deployment

100% on-premise is our edge — VibeBI runs entirely inside your network, with warehouse credentials and model keys that never leave it. The pilot is a single-VM Docker Compose install; production hardens to an HA cluster without product redesign.

On-premise is the default, not the only option. The same architecture deploys to the cloud of your choice — public, private, hybrid, or multi-cloud — so you can place the control plane and warehouse wherever your data-residency and operations strategy requires.

Create agents run on user laptops (~100 concurrent creators).
Web viewer serves casual consumers on PC and mobile (~500 concurrent).
Production ships compiled artifacts — no source in runtime images, no source maps in prod.
Reports are stored as .report.ts + generated HTML, rendered through ACL-gated APIs.

9 · Security invariants

Five non-negotiables hold across every deployment:

Warehouse credentials never on client devices — all gold/semantics flow through the server broker.
LLM keys never on client devices — server gateway or short-lived minted tokens only.
Share links are capability URLs — opaque id + SSO/ACL + short-lived render token, not static HTML paths.
Report access is derived from data entitlements — no standalone report permission can bypass domain + classification grants.
Production deploys compiled artifacts — no src/ in runtime images.

10 · Technology stack

Layer	Technology
Runtime	Bun (server + sidecar), Tauri (desktop shell)
Agent engine	Purpose-built embedded VibeBI agent runtime
Warehouse	Warehouse-agnostic — most SQL warehouses (ClickHouse used in the demo)
Control-plane store	PostgreSQL (settings, governance, metadata) + object store
Identity	OIDC / SAML SSO
Reports	`.report.ts` + generated HTML, ACL-gated render APIs
Packaging	Docker Compose (pilot) → HA cluster (production)

Try it now →

How VibeBI works.