Multi-Tenancy

CID222 provides complete tenant isolation, allowing you to serve multiple customers, teams, or departments from a single deployment with separate configurations and credentials.

Tenant Model

Each tenant in CID222 represents an isolated environment with:

Separate authentication credentials
Independent LLM provider configurations
Custom content filtering rules
Isolated session and detection data
Individual rate limits and quotas

Data Isolation

All data is strictly isolated at the tenant level:

Database Level — Tenant ID is included in all queries as a mandatory filter
API Level — Requests can only access their own tenant's resources
Logging Level — Audit trails are segregated by tenant

Cross-tenant data access is architecturally impossible—tenant isolation is enforced at the database query level, not just the application level.

Tenant Groups

For organizations managing multiple tenants, Tenant Groups provide shared resources:

Shared Credentials — A single LLM API key can be shared across multiple tenants
Aggregated Quotas — Pool token limits across a group
Centralized Billing — Single invoice for all tenants in a group

Tenant Group Structure

{
  "tenant_group": {
    "id": "group_enterprise",
    "name": "Enterprise Account",
    "tenants": [
      "tenant_marketing",
      "tenant_sales",
      "tenant_support"
    ],
    "shared_credentials": [
      {
        "provider": "openai",
        "models": ["gpt-4", "gpt-3.5-turbo"]
      }
    ],
    "total_quota": {
      "tokens_per_month": 10000000
    }
  }
}

Credential Resolution

When a tenant makes a request, CID222 resolves credentials using a two-tier system:

Tenant-Specific — First, check for credentials assigned directly to the tenant
Tenant Group — If not found, check the tenant's group for shared credentials

This allows flexible configurations where some tenants use shared resources while others have dedicated API keys.

Configuration Inheritance

Filter rules and policies can be set at multiple levels:

Level	Scope	Priority
System Default	All tenants	Lowest
Tenant Group	Group members	Medium
Tenant	Single tenant	Highest

Use Cases

SaaS Providers

If you're building an AI-powered SaaS product, each of your customers can be a separate tenant:

Customers can't see each other's data
Different pricing tiers map to different rate limits
Custom filtering rules per customer needs

Enterprise Departments

For enterprise deployments, each department can be a tenant within a group:

IT maintains central control via the tenant group
Departments have customized filtering for their use cases
Shared cost allocation via group billing

Development Environments

Use separate tenants for development, staging, and production:

Different API keys prevent accidental production access
Relaxed filtering in development for testing
Separate quotas prevent dev from consuming production limits