Skip to content

Security

Built around tenant boundaries and reviewability.

ZhaiBro is a B2B SaaS support operations system, not a generic chatbot or financial product. Customer-facing replies are not sent automatically.

Workspace isolation

Tenant-owned database tables include workspace_id, and server-side queries derive access from verified ZhaiBro sessions, workspace membership, or the workspace attached to a hashed API key.

  • Workspace-scoped accounts use session-based authentication with revocable HttpOnly cookies.
  • Role-based access is enforced from server-side workspace membership.
  • Workspace-scoped queries are handled on the server side.
  • Client-supplied workspace identifiers are not trusted by themselves.
  • Developer API responses are derived from the workspace bound to the API credential.

Secret handling

Model calls run from the Go API or worker. Browser clients never receive provider secrets, OAuth tokens, Stripe secrets, or Bedrock credentials.

  • OAuth tokens are encrypted before storage.
  • API keys are stored only as hashes and the plaintext value is shown once.
  • Raw secrets are not returned in browser responses or normal application logs.

Audit metadata

AI drafts store provider, model, token estimates, citations, status, reviewer state, and usage events for review and future reporting.

  • Human-reviewed support drafts remain internal until a user approves how to use them.
  • Draft approval and API key lifecycle actions are recorded as audit events.
  • Usage events attach to the workspace that performed the action.
  • Support replies stay inside the workspace for human review.