Security model
The same rules apply everywhere you reach SuperOrgs: the app, the MCP server, and the streaming API.
Organization isolation
Every request resolves your organization from the verified token, never from anything in the request body. No tool, resource, or query can read another organization's data, because the org id is never an input you can set.
Access control
SuperOrgs is role-based. Every tool and resource runs the same permission checks as the app, including owner scope, so a person only sees what their role allows. If you cannot see an agent in the app, your assistant cannot see it either.
Tokens
MCP access is issued through OAuth with Clerk, using Dynamic Client Registration, and is scoped to your organization with your own permissions. Streaming tokens are per agent, prefixed sot_, stored only as a hash, and revocable at any time. Actions in SuperOrgs are recorded in an audit log.
Open source and self-hostable
SuperOrgs is open source. Run it on your own infrastructure with full control over your data, or use the managed hosting. See pricing for the difference.