Vectorlab is a working, offline demonstration of the controls a real vector-management platform needs to be both secure and open — secure enough for sensitive embeddings, open enough that researchers can actually play.
What's real here
- Real encryption. Your passphrase is stretched with PBKDF2 (250 000 iterations, SHA-256) into an AES-GCM 256 key. Every item is encrypted with a fresh IV.
- Real embeddings. A deterministic, local feature-hashing embedder converts text into 128-dimensional unit vectors. No model download, no network — but you'll see real semantic neighbours form clusters on the map.
- Real policy engine. The role-based matrix on the Policy page is the same code that gates every read, write, promotion, and sign-off in the app.
- Real audit chain. Each log entry hashes (SHA-256) the previous entry plus the new payload. The Audit page verifies that the chain has not been tampered with.
- Real PCA. The 2D map runs principal-component analysis over your live vectors with power iteration. Add an item and the whole space re-projects.
What's a demo
- Roles are picked from a dropdown — there is no identity provider, because nothing leaves your browser.
- The embedder is intentionally light. A production system would call a real embedding model (locally or via an API you control).
Why it exists
Vector stores keep showing up next to the most sensitive data in an org — RAG memory, support transcripts, model evals — but the control plane around them is usually two checkboxes. Vectorlab is a self-contained sketch of what the control plane could feel like if it took its job seriously.
No telemetry. No network calls. No third-party scripts. View source if you'd like to verify.