Data Isolation
Sontairo enforces strict data isolation between projects at both the API and database levels.How It Works
Every project-scoped resource has aprojectId field. When a project is selected:
- Server-side: API routes filter queries by
projectId, ensuring only matching resources are returned - Client-side: All fetch calls include the current
projectIdas a query parameter or in the request body - Mutations: Create, update, and delete operations verify the resource belongs to the current project
What’s Isolated
- Agents — Each agent belongs to one project
- Connectors — Connector instances are per-project
- Chat Conversations — Conversations and their messages are project-scoped
- Agent Memory — Memory entries are isolated per project
- Cron Jobs — Scheduled jobs belong to a specific project
- Runs — Task execution records are tied to the project they were initiated in
What’s Shared
Some resources are intentionally workspace-scoped:- Provider Keys — AI model API keys are shared across all projects
- Approvals — Approval requests are visible workspace-wide
- Billing — Subscriptions and usage are per workspace
- Audit Logs — Activity logs span the entire workspace