Multi-Tenancy
LeanCore implements complete tenant isolation using a schema-per-organization architecture.
How It Works
Every organization registered in LeanCore gets its own dedicated database schema. This provides:
- Physical data separation -- each organization's data is in its own schema
- No cross-contamination -- queries are scoped to the active tenant
- Independent scaling -- each organization's data grows independently
- Simplified compliance -- data residency is straightforward
Schema Structure
| Schema | Purpose |
|---|---|
| Main Schema | Platform-wide data: organizations, users, model rates, global config |
| Tenant Schemas | Per-organization data: specialists, chats, knowledge, billing, tasks |
How Tenant Context Works
- Every API request includes organization context (via header or JWT)
- The system resolves the correct tenant schema
- All database queries are automatically scoped to that schema
- No additional filtering or scoping is needed in application code
What Lives Where
Main Schema (Shared)
- Organization registry
- User accounts
- AI model rate cards
- Platform configuration
Tenant Schema (Per-Organization)
- Specialists and their configurations
- Chat sessions and messages
- Knowledge base entries
- Billing usage and credit ledger
- Tasks and projects
- Workspaces and artifacts
- Contact directory
- MCP tool routing data
Security Implications
- A request authenticated for Organization A can never access Organization B's data
- Specialists from different organizations cannot share tools or knowledge
- Billing is tracked independently per organization
- All credentials are encrypted per-tenant using AES-GCM