Multi-Tenant Isolation
Workjet is a multi-tenant platform where each organization operates in complete isolation. Data, configuration, and access controls are separated at every layer of the stack, ensuring that one organization's data is never accessible to another.
Isolation Layers
Data Isolation
Every data record in Workjet includes a tenantId field. All database queries
are scoped by tenant ID, enforced at the application layer:
- Users: User accounts belong to a specific organization
- Skills: Skills are scoped to the creating tenant (unless published publicly)
- Automations: Engines and assistants belong to a single tenant
- Audit logs: Logs are partitioned by tenant in R2 storage
- DLP policies: Policies are configured per-tenant
Configuration Isolation
Each tenant has its own independent configuration:
- Model routing rules: Each organization defines its own tier-to-model mappings
- DLP policies: Pattern selection and actions are per-tenant
- Rate limits: Per-user limits are scoped within the tenant
- Budget caps: Monthly spending limits are per-tenant
- Provider API keys: Each organization uses its own AI provider keys
Access Control Isolation
- API keys: Each key is tied to a specific tenant and can only access that tenant's resources
- Sessions: Login sessions are scoped to the user's organization
- Role permissions: Roles (owner, admin, member) apply within a single organization
- MCP connectors: Connector configurations are stored locally on each user's device
How Isolation is Enforced
Query-Level Enforcement
Every database query includes a WHERE tenantId = ? clause. This is enforced
at the ORM/query builder level, not left to individual endpoint handlers. The tenant ID
is extracted from the authenticated session or API key and injected into every query
automatically.
API Key Scoping
When an API key is created, it is associated with the tenant that created it. When a request arrives with an API key, the gateway resolves the tenant from the key hash and scopes all subsequent operations to that tenant.
Storage Partitioning
Audit logs in R2 are stored with tenant-scoped prefixes:
audit/{tenantId}/{year}/{month}/{day}/{logId}.jsonThis ensures that even at the storage level, one tenant's logs are physically separated from another's.
Enterprise option: Organizations on the Enterprise plan can deploy a dedicated gateway instance for complete infrastructure isolation, running on their own Cloudflare account.
Cross-Tenant Sharing
The only data that crosses tenant boundaries is publicly published skills in the Marketplace. When a skill is published:
- Only the skill metadata (name, description, system prompt) is visible
- Installing a skill creates a copy in the installer's tenant
- The copy is independent — no ongoing access to the original tenant's data
- The original author can unpublish at any time
Next Steps
- Learn about encryption at rest and in transit
- Review the security architecture overview
- Set up access controls for your organization