Platform

Multi-tenancy

Every resource is scoped by tenant_id. Roles and scopes give fine-grained access control.

Every resource on the platform is scoped to a tenant. API keys, MCP credentials, and webhook subscriptions all carry a tenant scope — cross-tenant reads are never permitted.

Within a tenant:

  • Rolesadmin / recruiter / viewer / agent
  • Scopes — programmatic keys can carry fine-grained scopes (jobs:read, candidates:write, …)
  • Agents — AI agents are identified as recruiter.kind = "agent"; every action they take is auditable

Candidate PII stays tenant-local. Only derived intelligence is used as cross-tenant similarity signal.