What “multi-tenant” means here
Most multi-tenant platforms put many tenants in one runtime and one database, separated by aworkspace_id column or row-level security. That works, but a single misconfigured query can leak across the boundary. gavAI does the opposite: each tenant gets dedicated infrastructure. A request that lands on acme.gavai.app cannot, by construction, touch any data that doesn’t belong to Acme — because the runtime handling that request has no credentials, no connection string, and no DNS handle for any other tenant.
The Acme runtime has Acme’s database connection string and only Acme’s. The Globex runtime has Globex’s. There is no shared data plane that a misconfigured query could traverse.
What’s isolated
What you can rely on
Tenants cannot cross-tenant read, write, or invoke capabilities against another workspace’s data. The runtime enforces this at the per-tenant boundary — a request arriving atacme.gavai.app can only touch the Acme database, Acme secrets, and Acme configuration.
How workspace identity shows up in the API
Every authenticated request operates in the context of one workspace. There are two ways the API knows which one. OAuth session tokens. Agst_… session token is bound to the workspace the user signed into. If you hold a session and need to act on a different workspace, call POST /v1/workspaces/{slug}/switch to re-scope the session.
Workspace-scoped API keys. A gak_live_… or gak_test_… key is bound to a single workspace at creation time. Machines and CI pipelines mint a key per workspace; the key cannot accidentally be used against another workspace because the binding is permanent.
The shape of the URL reflects the binding too: workspace-scoped endpoints live under /v1/workspaces/{slug}/…, and the slug in the URL must match the workspace the credential is bound to.