Skip to main content

Multi-tenant Guardian fleet

One platform. N tenants. N policy hashes. One ledger partition per tenant.

If you're a platform serving multiple customers (or multiple BUs), you typically want each tenant on its own Guardian — different rubrics, different retention policies, different escalation chains.

1 — Provision the tenant

curl https://api.trinitite.ai/v1/organizations \
  -H "Authorization: Bearer $TRINITITE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Acme Corp",
    "ledger_partition": "acme",
    "default_guardian": "acme-baseline",
    "retention_days": {"ops": 90, "security": 395, "audit": 2555}
  }'

2 — Train a tenant-specific Guardian

curl https://api.trinitite.ai/v1/policies \
  -H "Authorization: Bearer $TRINITITE_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "acme-pii-and-tone",
    "source_documents": ["s3://acme-policies/handbook.pdf"],
    "auto_generate_tests": true,
    "auto_train": true
  }'

Returns a policy_id. Poll GET /v1/finalization-pipelines/:id until status = ready. The trained adapter is now available as a Guardian for the Acme tenant.

3 — Per-call tenant routing

Every governed call carries a tenant tag (via API key, subdomain, or header). Trinitite routes to the right Guardian via LoRA hot-swap on the same model server:

curl https://api.trinitite.ai/v1/proxy/chat/completions \
  -H "Authorization: Bearer $TRINITITE_API_KEY_FOR_ACME" \
  -H "X-Trinitite-Guardian: acme-pii-and-tone" \
  ...

The hot-swap is sub-millisecond — you can mix HIPAA, SOC 2, and a custom Acme policy in the same batch on the same node. See Architecture > LoRA architecture.

4 — Per-tenant ledger reads

curl "$TRINITITE_BASE/v1/logs?ledger_partition=acme&since=24h" \
  -H "Authorization: Bearer $TRINITITE_API_KEY"

Acme's auditors only ever see Acme's events. The Merkle proofs validate independently within each partition.

5 — Per-tenant SLAs

Per-tenant configs include retention, latency targets, breaker thresholds, and on-call routing. Configure once via POST /v1/organizations/:id/settings; surface to your customers via the Reports endpoint.

What's next

Architecture — LoRA hot-swap details.

Enterprise Reporting — per-tenant report personas.

SLA & Limits — what you can promise customers.

Last updated on