security · 7 min read
Namespace Boundaries and Multi-Tenant Limits in SyndicateClaw
How namespace and ownership controls work today, and why current SyndicateClaw scope is single-domain rather than full multi-tenant isolation.
Published 2026-03-22 · AI Syndicate
Scope note: SyndicateClaw is self-hosted and currently targeted at single-domain environments. Multi-tenant guarantees are not part of the current release scope.
SyndicateClaw includes namespace and ownership controls, but those controls should be interpreted within the current deployment scope: one trust boundary operated by one organization.
The current product position is explicit:
- Self-hosted only - Single-domain environments are in-scope - Full multi-tenant guarantees are out-of-scope for the current release
What the system enforces today
Namespace and ownership fields are enforced in request and data paths. In practice, this means actor context determines what workflow runs, approvals, and memory records are returned. Cross-owner lookups typically return HTTP 404 to avoid resource enumeration.
This behavior reduces accidental cross-actor exposure inside one operator domain, and it supports governance workflows where teams need separation of responsibilities.
What this does not claim
These controls are not presented as complete tenant isolation for shared multi-customer infrastructure. They do not replace infrastructure-level tenant boundaries, dedicated key hierarchies, or per-tenant data stores.
The website and product pages therefore treat tenant isolation as a known limitation for the current release, not as a shipped guarantee.
Operational guidance
If you need hard multi-tenant isolation, treat current namespace controls as an intermediate control and add deployment-level isolation before onboarding independent tenants.
For current in-scope operation, use one trust boundary with strict operator control over:
- PostgreSQL access - application secret material - Redis and background worker runtime - policy and approval administration
This framing keeps public claims aligned with implemented behavior and avoids overstating current isolation guarantees.
Frequently asked questions
What is namespace isolation in multi-tenant AI platforms?
Namespace isolation scopes data and execution context, but in current SyndicateClaw positioning it is treated as an internal boundary control within a single operator domain, not a full multi-tenant guarantee.
Why do multi-tenant AI platforms need namespace isolation?
Shared multi-tenant platforms need namespace isolation plus infrastructure-level controls. SyndicateClaw currently documents single-domain deployment scope and does not position itself as multi-tenant ready.
What is owner-enforced access control?
Owner-enforced access checks actor/resource ownership in API and repository paths. Non-matching lookups typically return HTTP 404, which reduces resource enumeration.
Why are namespace columns NOT NULL in the database?
NOT NULL namespace columns prevent null-scope records and reduce bypass classes tied to missing scope values.
How do quotas work in multi-tenant AI deployments?
Quota enforcement is not presented as a current tenant-isolation guarantee in this release scope.
Key takeaway: SyndicateClaw currently provides namespace and ownership controls inside a single deployment boundary. Those controls help separation, but they are not presented as full multi-tenant isolation guarantees.