> ## Documentation Index
> Fetch the complete documentation index at: https://docs.fabric.bulldogtechnologies.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security

> Multi-tenant isolation, encrypted credentials, OAuth handling, and end-to-end observability.

## Multi-tenant architecture

<Info>
  Every user belongs to a tenant, and all data — connections, ingested content, graph nodes, chat sessions, observations — is scoped to that tenant via a `tenant_id` column that's enforced on every query path. **Tenants cannot access each other's data.**
</Info>

Project-level isolation layers on top: within a tenant, data is further scoped to projects so teams can keep separate knowledge bases within the same org.

## Authentication

<CardGroup cols={2}>
  <Card title="Email + password" icon="key">
    JWT-based sessions, stored server-side and invalidated on logout.
  </Card>

  <Card title="Google OAuth" icon="google">
    Single-click sign-in. Google credentials never stored; Fabric issues its own session token after Google verifies identity.
  </Card>

  <Card title="API keys" icon="terminal">
    Tenant- and project-scoped. Issued under your account for programmatic access.
  </Card>

  <Card title="Email verification" icon="envelope-circle-check">
    Required for new accounts (configurable). Admin-enabled dev mode allows local development without auth.
  </Card>
</CardGroup>

## Credential storage

### OAuth tokens (Gmail, Drive, Slack, Fireflies)

Stored encrypted at rest. Refreshed automatically before expiry. Revoking access in the provider's interface immediately stops Fabric from syncing that connector.

### Database and IMAP credentials

Stored with **per-tenant AES-256 encryption**. Used only during sync and query execution. Never logged, never transmitted to third parties.

### Secret injection in production

<Steps>
  <Step title="Source of truth: AWS SSM Parameter Store">
    Secrets live in SSM as SecureString parameters at `/copilot/fabric/{env}/secrets/*`.
  </Step>

  <Step title="Pulled at container start">
    `backend/scripts/start.sh` runs `aws ssm get-parameter` for each secret before starting uvicorn, injecting into the container env.
  </Step>

  <Step title="Never in images">
    Secrets are not baked into Docker images, not committed to git, not present in CloudFormation templates.
  </Step>
</Steps>

## Data residency

<Warning>
  **All data is stored on your own infrastructure.** Fabric does not transmit your ingested content to external services, with one exception: the LLM used for knowledge extraction, observation extraction, and chat.
</Warning>

You configure which LLM endpoint to use — Anthropic, OpenAI, a private deployment, or a local model. The LLM endpoint is the only place your content leaves your infra, and you control it.

## API security

<AccordionGroup>
  <Accordion title="Token validation on every request" icon="shield-check">
    All endpoints require a valid session token or API key except the auth endpoints themselves. Tokens are validated on every request. Admin endpoints additionally require the admin role on the token claims.
  </Accordion>

  <Accordion title="Configurable CORS" icon="globe">
    Per deployment. For production, restrict allowed origins to your frontend domain.
  </Accordion>

  <Accordion title="Rate limiting" icon="gauge">
    Applied at the ALB in AWS deployments. Self-hosted deployments should add their own rate limiting at the reverse proxy layer.
  </Accordion>

  <Accordion title="Tenant enforcement at the SQL layer" icon="database">
    The `tenant_id` column appears in the WHERE clause of every production query that reads or writes tenant-scoped data. There's no "global" query path.
  </Accordion>
</AccordionGroup>

## Observability as a security feature

<Info>
  Langfuse traces every LLM call, embedding operation, and tool invocation — with `tenant_id` and `project_id` on every span. You can audit what the agent did, what data it saw, and what it cost.
</Info>

Most competitors are black boxes. Fabric is inspectable.

Structured logs include tenant context on every entry. In production these go to CloudWatch with retention policies; in dev, stdout.

## What Fabric doesn't do (yet)

<CardGroup cols={2}>
  <Card title="SOC 2 / HIPAA" icon="certificate">
    Not certified today.
  </Card>

  <Card title="Per-document ACLs" icon="user-lock">
    Tenant-level isolation today; sub-tenant ACLs on the roadmap.
  </Card>

  <Card title="Enterprise SSO" icon="building-lock">
    Google OAuth today; SAML and Okta on the roadmap.
  </Card>

  <Card title="Audit log API" icon="file-shield">
    Request logs exist; a dedicated audit export endpoint is on the roadmap.
  </Card>
</CardGroup>

On the roadmap as the enterprise surface expands.
