back

elizaOS Cloud multi-tenant isolation

Postgres Row-Level Security policies + transparent encryption layer for character secrets. A forgotten WHERE in app code returns zero rows, not the wrong tenant's data.

// 01 · APPLICATION LAYER elizaOS Cloud — TypeScript runtime · Drizzle ORM developers write queries — no manual WHERE clause needed for isolation // 02 · SESSION CONTEXT INJECTED ON EVERY DB CONNECTION SET app.current_entity_id = '<current entity>' user · agent · world · delegated context — entity-level, not just user-level // 03 · POSTGRESQL — POLICIES ENFORCED ON EVERY ROW READ/WRITE PostgreSQL · entity-scoped RLS Row-Level Security policies CREATE POLICY tenant_isolation ON agent_data USING ( owner_id = current_setting( 'app.current_entity_id' )::uuid ); delegation rules built in: an agent reads its owner's data, scoped to that owner Transparent encryption layer character secrets · API keys · prompts encrypt on write decrypt on read bound to the same session context misqueried row → ciphertext, not plaintext // 04 · CONTRACT OF CORRECTNESS A forgotten filter in app code now returns zero rows — not the wrong tenant's data. Migration ran in three controlled phases (backfill → shadow → strict). No downtime.
elizaOS Cloud multi-tenant isolation — entity identity injected into the DB session, Postgres enforces RLS policies, transparent encryption layer protects character secrets. A forgotten WHERE in app code = zero rows visible.

stanislas andujar · standujar.dev