Skip to main content

Multi-Tenant SaaS Foundation

The foundation for running AMFS as a hosted service. Every API request is authenticated, authorized, scoped, and audited.

Account Isolation

Hard isolation between tenants using Postgres Row-Level Security. Company A cannot see Company B’s data, even if there’s a bug in application code.

RBAC

Three roles with graduated permissions:
RoleCan do
AdminFull account management, user invites, key management, all memory ops
DeveloperCreate/revoke API keys, read/write memory, view audit logs
UserRead memory within scoped paths

Scoped API Keys

Each agent/tool gets its own key with entity-path permissions: 
amfs_sk_live_...  →  checkout-service/**  [READ_WRITE]
                     shared/patterns/*     [READ]
Agents can only access memory within their permitted scope — this is permissioned inference enforced at both the application and database level.

HTTP API-Based Tenant Isolation

All external agent access (MCP clients, SDKs, REST calls) is routed through the AMFS HTTP API using AMFS_HTTP_URL + AMFS_API_KEY. The API resolves the tenant, enforces entity-path scopes, sets the Postgres RLS context, and logs the operation — agents never touch the database directly. MCP clients connect transparently via the HttpAdapter, which converts memory operations into authenticated HTTP requests.

Audit Logging

Every state-changing operation is recorded in an append-only audit log with actor, action, resource, and IP address.

Rate Limiting

Per-key sliding-window rate limiting (RPM) with admin bypass. Response headers (X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset) let clients adapt.

Usage Quotas

Tiered limits on entries, API keys, users, and decision traces. Hard-capped at the database level, with external billing integration (Stripe, etc.) for metering. Three tiers: Starter, Team, Enterprise (unlimited).