Early Bird $20

Multi-User by Default,
Not by Accident

Identity-first architecture that resolves, validates, and enforces user boundaries at the request layer — before memory or context is ever touched.

Four Trust Modes

Choose the isolation profile that matches your deployment model.

🔒

Strict

Rejects any request that cannot be resolved to a verified user identity. Zero ambiguity, zero bleed.

reject unverified
🛡️

Required

Requires identity headers on every request. Fails gracefully with clear error messaging when missing.

require headers
⚠️

Quarantine

Accepts unknown users but isolates them into a sandboxed memory space with no cross-access.

sandbox unknown
🔓

Legacy

Permissive mode for single-user setups or migration paths. Identity checks are advisory only.

advisory only

Identity Flow

Every request follows the same three-phase pipeline before memory or context is accessed.

1

Resolve

Read user identity from headers, bearer mappings, or trusted integration metadata at the request layer.

2

Validate

Apply the active trust mode policy. Reject, quarantine, or accept based on identity confidence.

3

Enforce

Bind context trimming, memory retrieval, and all write operations to the validated user scope.

Hard User Boundaries

Memory queries are filtered by resolved identity before ranking or injection. No user ever sees another user's facts, preferences, or conversation history.

  • Per-user memory scoping at the query layer
  • Identity-bound fact extraction and storage
  • Cross-user read/write prevention by default
  • Audit trail with identity attribution on every write
user:alice
alice_memory.db
user:bob
bob_memory.db
user:carol
carol_memory.db

Safe Shared Clients

Open WebUI and SillyTavern sessions can run concurrently on the same proxy without cross-user contamination. Identity resolution is automatic per-client.

  • Concurrent OWUI sessions with isolated memory
  • SillyTavern multi-user with header-based identity
  • No code changes required in chat clients
  • HMAC-signed identity for high-security deployments
Open WebUI
alice (active) bob (active) dave (idle)
SillyTavern
carol (active) eve (active)
✓ 0 cross-user violations • 5 active sessions

Operator Controls

Full visibility and configuration from the dashboard, API, or TUI.

📊

Dashboard Review

Inspect per-user memory stores, identity resolution logs, and trust-mode activity from the web dashboard. Audit who wrote what and when.

⚙️

Token Settings

Configure per-user token budgets, context trimming thresholds, and soft/hard zones. Tune memory injection depth per trust level.

🔧

Edge-Case Config

Handle bearer mapping overrides, fallback identity resolution, quarantine-to-strict promotion, and custom HMAC signing keys.

Built for Growth

Whether you are onboarding 10 users or 10,000, the same identity-first architecture keeps context trimming and memory behavior deterministic per user.

View Pricing See All Features →