Contact: π @RaccoonStampede Β· @Prosperous727
VECTOR is a browser-based research tool that runs entirely client-side. The artifact version has no server, no database, and no authentication layer. The Vercel deployment adds a backend proxy route β the security scope expands in that configuration.
In scope:
- API key handling (how keys are stored and transmitted)
localStorage/window.storageusage (vector_config, vector_data keys)- XSS vectors in the React render layer
- Prompt injection via Custom Rails or pipe injection content
- Vercel proxy route security (if deploying externally)
Out of scope (artifact version):
- Server-side vulnerabilities (no server)
- Authentication bypass (no authentication)
- Server-side data breaches (no user data stored server-side)
VECTOR requires an API key (Anthropic, OpenAI, or Grok) to make API calls. The key is:
- Stored only in React state (in-memory) during the session by default
- Optionally saved to
localStorageasvector_api_keyif the user explicitly saves it - Never logged, exported, or transmitted anywhere except directly to the provider endpoint or your Vercel proxy route
- Cleared on session reset
Recommendation: Use a restricted API key with a spending limit for any browser-based tool.
VECTOR persists the following keys to localStorage (Vercel) or window.storage (artifact):
| Key | Contents |
|---|---|
vector_config |
Settings, feature toggles, math constants, ΞΊ mode choice, Advanced tab state |
vector_data |
Coherence scores, event log, error log, corrections, RAG cache, Kalman state, bookmarks |
vector_fb |
AutoTune feedback profiles β learned parameter adjustments per context type |
vector_dp |
Display preferences β theme, font size, compact mode |
vector_pinned |
Pinned document contents β user-uploaded files (stored locally only, never transmitted) |
vector_mem |
Session memory summaries β compressed conversation history (stored locally only) |
vector_api_key |
API key β stored locally if user saves it, transmitted only to chosen provider |
vector_provider |
Provider selection (anthropic/openai/grok) |
vector_frontier |
Meta-Harness frontier β best known config per context type |
vector_evolution |
Meta-Harness evolution summary β JSONL of proposed/scored candidates |
vector_notes_flush |
Research notes scratch buffer (uncontrolled textarea flush) |
VECTOR also writes per-session archival keys using these prefixes:
| Prefix | Purpose |
|---|---|
vector_chat_* |
Archived chat transcripts |
vector_events_* |
Archived event logs |
vector_session_* |
Archived session metrics |
vector_evolution_* |
Archived per-session evolution entries |
None of these keys contain personal data beyond what the user explicitly provides. Pinned document contents are stored locally in your browser only β never sent to any server.
Custom Rails (Advanced tab): User-defined text injected into every system prompt. Intentional and disclosed β users write this themselves. If building on top of VECTOR and accepting Custom Rails input from untrusted sources, sanitize before it reaches the system prompt.
Pipe injection: VECTOR automatically injects coherence state into system prompts. This content is generated by the tool itself (scores, variance, directives) and does not include user conversation content.
VECTOR discloses its framework constants at first run via a mode selection modal. Users choose between Hudson Framework (ΞΊ=0.444) or Standard Mode (ΞΊ=0.500), or can skip to Standard Mode directly. Both choices are fully supported. No security concern β noted here for completeness.
If deploying VECTOR on Vercel with the backend proxy route:
- The proxy route (
pages/api/proxy.ts) forwards the user's API key directly β it is never stored server-side - Rate limiting on the proxy route is strongly recommended for public deployments
- No Vercel environment variables are required β users supply their own keys
- Do not expose the proxy endpoint publicly without considering rate limit abuse
Report security issues privately before opening a public issue.
Contact via π DM: @RaccoonStampede or @Prosperous727
Please include: description of the vulnerability, steps to reproduce, potential impact, and suggested fix if you have one.
We will acknowledge within 48 hours and aim to patch within 7 days for critical issues.
This is an experimental R&D tool. We make no security guarantees beyond reasonable care in the areas listed above. See LICENSE for the full disclaimer and limitation of liability.