# Vercel Agentic Stack operating map for deepsec-skill

Last checked: 2026-07-07.

This is the live map for using `deepsec-skill` inside the Vercel Agentic Stack. It is intentionally direct: what is real today, what is beta, what is a good operating pattern, and what should not be oversold.

`deepsec-skill.dev` is the operator homebase for the defensive security loop around Vercel's `deepsec`: build the thing, scan the exact change, validate the finding, and only then ship. It is not the upstream scanner and it should not be described as if it were. It records the wrapper layer around the scanner plus the current Vercel agent and container primitives that make that loop safer to run.

## The current stack

| Layer | What it does | Status on 2026-07-07 | How deepsec-skill uses it |
| --- | --- | --- | --- |
| Vercel Agent Stack | Vercel's public framing for production-grade agents: models, workflows, tools, identity, delivery, and observability. | Announced by Vercel on 2026-06-17. | Gives this site the map: agent work needs model routing, durable execution, isolated compute, scoped identity, and release gates. |
| Vercel Agent | Dashboard agent for project questions, code review, investigations, and approved actions. | Public beta for Pro and Enterprise teams; gradual rollout. | Useful companion to `deepsec`, not a replacement. Agent can review PRs and validate generated patches; `deepsec-skill` keeps security-review evidence and authorization discipline explicit. |
| Vercel AI Gateway | Single endpoint for hundreds of models with budgets, usage monitoring, load balancing, fallbacks, API-key auth, OIDC auth, and BYOK. | Available on all plans, with provider terms still applying. | Good control plane for agent model spend. The honest rule: do not hardcode stale model claims without checking the current model list. |
| Vercel Sandbox | Isolated Firecracker microVMs with their own filesystem and network. Current docs list `node26`, `node24`, `node22`, and `python3.13`; default runtime is `node24`. | Current Vercel docs, last checked 2026-07-07. | The right place to run risky scanner or agent work when shell access should not touch a laptop or long-lived CI runner. |
| Vercel Container Registry (VCR) | Project-scoped OCI image registry at `vcr.vercel.com`; supports Docker Registry HTTP API v2 and Docker-compatible push, pull, and tag workflows. | Beta; highlighted at Ship 2026 with Dockerfile support and docs last updated 2026-06-30. | Makes scanner runners reproducible: package Node, Vercel CLI, `deepsec`, approved tools, and policy defaults into a VCR image, then use that image for Sandbox or Functions workflows. |
| Vercel Workflows | Durable JavaScript, TypeScript, and Python workflows that can pause, resume, and maintain state. | Current Vercel docs. | Good fit for multi-step gates: build, scan, process, revalidate, export, wait for approval, deploy. |
| eve | Vercel's agent framework; docs describe Workflows for state, Sandbox for code isolation, AI Gateway for model routing, Connect for external service credentials, and Observability for runs. | Public Vercel docs; evolving framework surface. | A future-friendly shape for packaging longer-lived security agents. Do not claim `deepsec-skill` is an eve app until it is. |
| Better Auth + agent identity | Better Auth is joining Vercel to accelerate open-source auth and agent workflows. Better Auth's post calls out scoped, revocable access for agents acting on users' behalf. | Announced 2026-07-07. | Relevant identity direction. It does not automatically solve scanner authorization today; `deepsec-skill` still treats authorization as an explicit gate. |
| deepsec | Vercel Labs security harness powered by coding agents. Vercel's announcement describes static analysis, agent investigation, revalidation, enrichment, and severity-rated findings. | Open-source repo under `vercel-labs/deepsec`; Apache-2.0. | The scanner. `deepsec-skill` is the operating standard and prompt discipline around it. |

## What this site will stay honest about

- Public beta means public beta. Vercel Agent, eve, Connect, and newly announced agent-identity surfaces should be described with their current availability and source links.
- A release gate is not a proof of zero vulnerabilities. It is a disciplined way to block net-new validated findings before production.
- `deepsec` is powerful because it behaves like an agent with shell access. That is exactly why authorization, isolation, and scope are non-negotiable.
- `deepsec-skill` is not the original `deepsec` project. The scanner belongs to Vercel; this project is the public wrapper, operating standard, and release pattern around it.
- AI Gateway can make model access observable and governable, but it does not eliminate model cost. Cost still depends on scope, candidates, prompts, model choice, and retries.
- Sandbox isolation reduces blast radius. It does not remove the need to control credentials, network egress, artifacts, and cleanup.
- VCR gives repeatable agent and backend images, but it is still a registry. Tags can move, image contents become supply-chain inputs, and high-assurance gates should record the full image reference or digest.
- Better Auth joining Vercel is important for the agent-identity direction. It is not the same as saying every Vercel agent already has perfect scoped identity everywhere.

## The preferred pre-ship loop

1. Pull the exact Vercel environment for the branch.
2. Build with Vercel CLI.
3. Run the cheap `deepsec scan` first when doing broad review.
4. For pull requests, run `deepsec process --diff` against the merge base.
5. Run agent work in Vercel Sandbox when the runner should be disposable.
6. Use a VCR runner image when repeatability matters: `vcr.vercel.com/team-slug/project-slug/deepsec-runner:<tag>`.
7. Authenticate image pushes with OIDC when `VERCEL_OIDC_TOKEN` is available; otherwise use a scoped Vercel token and the owning team ID.
8. Prefer Docker Buildx with zstd compression for images pushed to VCR.
9. Route model usage through AI Gateway when the team needs budget, usage, and provider control.
10. Revalidate high-impact findings before blocking.
11. Export a small release decision packet.
12. Deploy the prebuilt Vercel artifact only after there are no net-new validated findings.

## What belongs on deepsec-skill.dev

This site should be the current public notebook for:

- the `deepsec-skill` operating standard
- Vercel Agentic Stack release-gate patterns
- source-backed notes on `deepsec`, Vercel Agent, AI Gateway, Sandbox, VCR, Workflows, eve, and agent identity
- honest limitations and status labels
- examples that a working engineering team can actually run

It is also the public technical surface behind [MHC Information Services](https://www.mhcis.com/): govern the AI, prove it stays controlled, defend the systems, and build the software underneath as one accountable practice.

## Source notes

- Vercel Agent Stack: https://vercel.com/blog/agent-stack
- Vercel Agent docs: https://vercel.com/docs/agent
- Vercel AI Gateway docs: https://vercel.com/docs/ai-gateway
- Vercel Sandbox docs: https://vercel.com/docs/sandbox
- Vercel Container Registry docs: https://vercel.com/docs/container-registry
- Vercel Container Registry limits and pricing: https://vercel.com/docs/container-registry/limits-and-pricing
- Vercel Sandbox images: https://vercel.com/docs/sandbox/concepts/images
- Vercel Functions container images: https://vercel.com/docs/functions/container-images
- Vercel Workflows docs: https://vercel.com/docs/workflows
- Vercel eve docs: https://vercel.com/docs/eve
- Vercel Ship 2026 recap: https://vercel.com/blog/vercel-ship-2026-recap
- Vercel acquires Better Auth: https://vercel.com/blog/vercel-acquires-better-auth
- Better Auth joins Vercel: https://better-auth.com/blog/better-auth-joins-vercel
- Vercel deepsec announcement: https://vercel.com/blog/introducing-deepsec-find-and-fix-vulnerabilities-in-your-code-base
- Upstream deepsec repo: https://github.com/vercel-labs/deepsec
