Skip to main content
Security & trust

Security for assistants with voice, memory, tools, and devices.

When assistants can remember information, call APIs, and connect devices, security belongs in the request flow: authentication, authorization, tool boundaries, tenant isolation, and operational observability.

JWT, OAuth, and Redis noncePer-assistant RBACTool/MCP and device boundary
Assistant Core security diagram covering authentication, RBAC, tenant isolation, TLS, Tool/MCP boundary, and device activation
TLS 1.3
Encrypted HTTP, WebSocket, and MQTT connections
RBAC
Role and assistant-scoped permissions
Tenant-safe
Isolated data, domains, and device binding

Core security layers

Assistant Core is designed for multi-tenant environments where each assistant has its own data, users, devices, and tools.

Authentication

Sign-in uses JWT access/refresh tokens and OAuth with HMAC-signed state to reduce replay risk.

  • Access and refresh tokens
  • Google/GitHub OAuth
  • Redis nonce for callbacks

Authorization & RBAC

Permissions are enforced by role, assistant profile, and capability before admin UI is shown or APIs are called.

  • Per-assistant permissions
  • Capability-aware admin UI
  • Scoped JWT claims

Tenant isolation

Assistant context is resolved by domain and assistant ID so data and configuration do not mix across tenants.

  • Domain-to-assistant resolution
  • Cache with invalidation
  • Assistant data separation

Tool/MCP boundary

Tools and MCP are managed as separate capabilities to limit the actions an assistant can perform.

  • Tool registry per assistant
  • MCP server and endpoint control
  • Action result boundary

Device activation

Smart devices are linked through activation sessions and owner binding instead of open access to the runtime.

  • 6-character activation code
  • Bind device to user
  • Track device state

Observability

Traces, logs, and dashboards help detect errors, abuse, or unusual behavior across chat, voice, and tool execution.

  • Request logging
  • LLM tracing
  • Feedback and error metrics
Security & trust

Request-level security flow

Every request should identify assistant, user, permissions, tool boundary, and accessible data before entering the runtime.

01

Resolve assistant context

Domain or assistant ID maps to the current assistant with cache and invalidation.

02

Authenticate user or device

Admin requests use JWT/OAuth; devices use activation and a dedicated channel.

03

Authorize capability

UI and APIs check capabilities such as devices, knowledge base, tools, MCP, or settings.

04

Log, trace, and review

Conversations, tool calls, errors, and feedback are recorded for operations and audit.

Does Assistant Core support per-assistant permissions?

Yes. Capabilities and roles apply per assistant, so a user can have different permissions across different assistants.

Are Tool/MCP integrations a security risk?

They can be if left uncontrolled. That is why Tool/MCP has its own boundary: only assistants with the right permissions and configuration can call connected tools.

How are smart devices protected?

Devices do not automatically belong to an assistant. They need an activation session, lookup code, and owner binding before they can use the runtime.