deepsec-skill.dev / agentic stack
Vercel Agentic Stack operating map for deepsec-skill
A current, source-backed map for using deepsec-skill with Vercel Agent, AI Gateway, Sandbox, VCR, Workflows, eve, Better Auth, and Vercel's deepsec.
This is the live map for using deepsec-skill inside the Vercel Agentic Stack. It is intentionally direct: what is real today, what is beta, what is a good operating pattern, and what should not be oversold.
deepsec-skill.dev is the operator homebase for the defensive security loop around Vercel's deepsec: build the thing, scan the exact change, validate the finding, and only then ship. It is not the upstream scanner and it should not be described as if it were. It records the wrapper layer around the scanner plus the current Vercel agent and container primitives that make that loop safer to run.
The current stack
| Layer | What it does | Status on 2026-07-07 | How deepsec-skill uses it |
|---|---|---|---|
| Vercel Agent Stack | Vercel's public framing for production-grade agents: models, workflows, tools, identity, delivery, and observability. | announced Vercel blog, 2026-06-17. | Gives this site the map: agent work needs model routing, durable execution, isolated compute, scoped identity, and release gates. |
| Vercel Agent | Dashboard agent for project questions, code review, investigations, and approved actions. | public beta Pro and Enterprise teams; gradual rollout. | Useful companion to deepsec, not a replacement. Agent can review PRs and validate generated patches; deepsec-skill keeps security-review evidence and authorization discipline explicit. |
| AI Gateway | Single endpoint for hundreds of models with budgets, usage monitoring, load balancing, fallbacks, API-key auth, OIDC auth, and BYOK. | available All plans; provider terms still apply. | Good control plane for agent model spend. The honest rule: do not hardcode stale model claims without checking the current model list. |
| Vercel Sandbox | Isolated Firecracker microVMs with their own filesystem and network. | current docs Docs list node26, node24, node22, and python3.13; default runtime is node24. |
The right place to run risky scanner or agent work when shell access should not touch a laptop or long-lived CI runner. |
| Vercel Container Registry (VCR) | Project-scoped OCI image registry at vcr.vercel.com; supports Docker Registry HTTP API v2 and Docker-compatible push, pull, and tag workflows. |
beta Highlighted at Ship 2026 with Dockerfile support and docs last updated 2026-06-30. | Makes scanner runners reproducible: package Node, Vercel CLI, deepsec, approved tools, and policy defaults into a VCR image, then use that image for Sandbox or Functions workflows. |
| Vercel Workflows | Durable JavaScript, TypeScript, and Python workflows that can pause, resume, and maintain state. | current docs | Good fit for multi-step gates: build, scan, process, revalidate, export, wait for approval, deploy. |
| eve | Vercel's agent framework; docs describe Workflows for state, Sandbox for code isolation, AI Gateway for model routing, Connect for external service credentials, and Observability for runs. | evolving Public Vercel docs. | A future-friendly shape for packaging longer-lived security agents. Do not claim deepsec-skill is an eve app until it is. |
| Better Auth + agent identity | Better Auth is joining Vercel to accelerate open-source auth and agent workflows. | announced 2026-07-07. | Relevant identity direction. It does not automatically solve scanner authorization today; deepsec-skill still treats authorization as an explicit gate. |
| deepsec | Vercel Labs security harness powered by coding agents. | open source Apache-2.0 under vercel-labs/deepsec. |
The scanner. deepsec-skill is the operating standard and prompt discipline around it. |
What this site will stay honest about
- Public beta means public beta. Vercel Agent, eve, Connect, and newly announced agent-identity surfaces should be described with their current availability and source links.
- A release gate is not a proof of zero vulnerabilities. It is a disciplined way to block net-new validated findings before production.
deepsecis powerful because it behaves like an agent with shell access. That is exactly why authorization, isolation, and scope are non-negotiable.deepsec-skillis not the originaldeepsecproject. The scanner belongs to Vercel; this project is the public wrapper, operating standard, and release pattern around it.- AI Gateway can make model access observable and governable, but it does not eliminate model cost. Cost still depends on scope, candidates, prompts, model choice, and retries.
- Sandbox isolation reduces blast radius. It does not remove the need to control credentials, network egress, artifacts, and cleanup.
- VCR gives repeatable agent and backend images, but it is still a registry. Tags can move, image contents become supply-chain inputs, and high-assurance gates should record the full image reference or digest.
- Better Auth joining Vercel is important for the agent-identity direction. It is not the same as saying every Vercel agent already has perfect scoped identity everywhere.
The preferred pre-ship loop
- Pull the exact Vercel environment for the branch.
- Build with Vercel CLI.
- Run the cheap
deepsec scanfirst when doing broad review. - For pull requests, run
deepsec process --diffagainst the merge base. - Run agent work in Vercel Sandbox when the runner should be disposable.
- Use a VCR runner image when repeatability matters:
vcr.vercel.com/team-slug/project-slug/deepsec-runner:<tag>. - Authenticate image pushes with OIDC when
VERCEL_OIDC_TOKENis available; otherwise use a scoped Vercel token and the owning team ID. - Prefer Docker Buildx with zstd compression for images pushed to VCR.
- Route model usage through AI Gateway when the team needs budget, usage, and provider control.
- Revalidate high-impact findings before blocking.
- Export a small release decision packet.
- Deploy the prebuilt Vercel artifact only after there are no net-new validated findings.
What belongs on deepsec-skill.dev
This site should be the current public notebook for:
- the
deepsec-skilloperating standard - Vercel Agentic Stack release-gate patterns
- source-backed notes on
deepsec, Vercel Agent, AI Gateway, Sandbox, VCR, Workflows, eve, and agent identity - honest limitations and status labels
- examples that a working engineering team can actually run
It is also the public technical surface behind MHC Information Services: govern the AI, prove it stays controlled, defend the systems, and build the software underneath as one accountable practice.
Source notes
- Vercel Agent Stack: https://vercel.com/blog/agent-stack
- Vercel Agent docs: https://vercel.com/docs/agent
- Vercel AI Gateway docs: https://vercel.com/docs/ai-gateway
- Vercel Sandbox docs: https://vercel.com/docs/sandbox
- Vercel Container Registry docs: https://vercel.com/docs/container-registry
- Vercel Container Registry limits and pricing: https://vercel.com/docs/container-registry/limits-and-pricing
- Vercel Sandbox images: https://vercel.com/docs/sandbox/concepts/images
- Vercel Functions container images: https://vercel.com/docs/functions/container-images
- Vercel Workflows docs: https://vercel.com/docs/workflows
- Vercel eve docs: https://vercel.com/docs/eve
- Vercel Ship 2026 recap: https://vercel.com/blog/vercel-ship-2026-recap
- Vercel acquires Better Auth: https://vercel.com/blog/vercel-acquires-better-auth
- Better Auth joins Vercel: https://better-auth.com/blog/better-auth-joins-vercel
- Vercel deepsec announcement: https://vercel.com/blog/introducing-deepsec-find-and-fix-vulnerabilities-in-your-code-base
- Upstream deepsec repo: https://github.com/vercel-labs/deepsec