Authentication
Sign-in uses JWT access/refresh tokens and OAuth with HMAC-signed state to reduce replay risk.
- Access and refresh tokens
- Google/GitHub OAuth
- Redis nonce for callbacks
When assistants can remember information, call APIs, and connect devices, security belongs in the request flow: authentication, authorization, tool boundaries, tenant isolation, and operational observability.

Assistant Core is designed for multi-tenant environments where each assistant has its own data, users, devices, and tools.
Sign-in uses JWT access/refresh tokens and OAuth with HMAC-signed state to reduce replay risk.
Permissions are enforced by role, assistant profile, and capability before admin UI is shown or APIs are called.
Assistant context is resolved by domain and assistant ID so data and configuration do not mix across tenants.
Tools and MCP are managed as separate capabilities to limit the actions an assistant can perform.
Smart devices are linked through activation sessions and owner binding instead of open access to the runtime.
Traces, logs, and dashboards help detect errors, abuse, or unusual behavior across chat, voice, and tool execution.
Every request should identify assistant, user, permissions, tool boundary, and accessible data before entering the runtime.
Domain or assistant ID maps to the current assistant with cache and invalidation.
Admin requests use JWT/OAuth; devices use activation and a dedicated channel.
UI and APIs check capabilities such as devices, knowledge base, tools, MCP, or settings.
Conversations, tool calls, errors, and feedback are recorded for operations and audit.
Explore next
Yes. Capabilities and roles apply per assistant, so a user can have different permissions across different assistants.
They can be if left uncontrolled. That is why Tool/MCP has its own boundary: only assistants with the right permissions and configuration can call connected tools.
Devices do not automatically belong to an assistant. They need an activation session, lookup code, and owner binding before they can use the runtime.