Multi-tenant storage for AI agents.
Hard-isolated files and commands per customer. Mint a scoped API key from your backend when a customer signs up — their agent gets its own filesystem, memory, and skills. No two tenants can ever read each other's files.
Tenant isolation
is non-negotiable.
Building an AI agent app means handing the LLM a tool that reads and writes files. The moment you have more than one customer, every command the agent runs is a potential leak. One mis-namespaced glob, one rogue grep -r /, and you have a cross-tenant data exposure.
Building isolation in your application layer means trusting prompt engineering against arbitrary tool calls. Building it at the filesystem layer means it doesn't matter what the agent runs — it can't see what it doesn't own.
One namespace per customer.
You hold a single admin key. When a customer signs up, you mint a scoped API key bound to a per-customer namespace. Pass it to their agent. TroveFiles handles isolation server-side — the namespace is a separate directory root that nothing outside the key can touch.
Provision per customer
One admin key on your backend mints scoped keys for each customer. Each scoped key sees only its own namespace.
from trove_sdk import TroveAdminClient, TroveClient
# Single admin key, kept on your backend
admin = TroveAdminClient(
api_key="trove-admin-...",
workspace_id="ws-abc123",
)
# When a customer signs up — mint a scoped key
def provision_customer(customer_id: str) -> str:
key = admin.create_key(
name=f"customer-{customer_id}",
namespace=f"customer-{customer_id}",
)
return key.api_key # store on your side, hand to that customer's agent
# Their agent gets a fully isolated workspace
trove = TroveClient(
api_key=provision_customer("acme"),
namespace="customer-acme",
)Revoke and audit
Revoke a key the moment a customer churns. List keys to audit which agents are active and when each was last used.
# Customer churns — revoke the key
admin.revoke_key(key_id="key_abc123")
# Or list keys for an audit
keys = admin.list_keys()
for k in keys:
print(k.name, k.namespace, k.created_at, k.last_used_at)Isolation, by design.
Namespace = directory root
Every scoped key resolves paths relative to its own root. There is no path that reaches another namespace.
Server-side enforcement
The agent's shell runs in a sandboxed runtime. Tricks like absolute paths, symlinks, and shell-escape commands cannot cross namespaces.
Per-key audit trail
Every exec and file operation is attributed to the key that performed it. Webhooks fire signed events with namespace metadata.
Instant revocation
Revoking a key takes effect immediately. In-flight commands using that key are terminated; subsequent calls reject with 401.
No shared filesystem state
There is no global path, no shared mount, no implicit cross-tenant cache. Two namespaces are as separate as two unrelated S3 buckets.
Webhook scoping
Webhook subscriptions can be filtered to a single namespace, so each tenant's events flow only to handlers you authorize.
Multi-tenant agent storage,
answered.
How is tenant isolation enforced in TroveFiles?
Each namespace is its own directory root. A scoped API key is bound to a single namespace at issue time and cannot read or write outside it — regardless of the commands the agent runs (cd, ../.., absolute paths, symlinks). Isolation is enforced server-side, not by the SDK.
Can a customer's agent escape its namespace with a clever shell command?
No. The runtime resolves every path relative to the namespace root. Attempts to navigate outside (e.g., `cat /etc/passwd`, `ln -s ../other-namespace`) fail at the filesystem layer. Each tenant's shell environment is sandboxed.
How do I provision a new customer?
Hold a single admin key on your backend. When a customer signs up, call admin.create_key(namespace="customer-X"). Store the returned key on your side and pass it to that customer's TroveClient. The customer's agent only ever sees its own namespace.
How do I handle churn or revocation?
Call admin.revoke_key(key_id) to invalidate the key immediately. The namespace itself can be retained (for audit) or deleted. List keys at any time with admin.list_keys() to audit which agents are active.
Can I rotate keys without downtime?
Yes. Mint a new key for the same namespace, swap it in your backend, then revoke the old one. Both keys are valid during the transition.
What about compliance — SOC 2, GDPR, HIPAA?
TroveFiles's isolation model is built for the multi-tenant compliance posture most SaaS apps need: namespace-level data segregation, per-key audit trails, and webhook-based event logs. Reach out for the latest compliance documentation and DPA.
Build a multi-tenant
AI agent app.
One admin key. One scoped key per customer. Hard isolation from the very first request.