Skip to main content

Platform

Six tenant tiers. One auth model. Every suite runs on it.

Cavaridge™ is multi-tenant from the database up: a single tenants table, RLS on every tenant-scoped row, tenantGuard middleware on every route, and a TenantProvider on every UI surface. Adding a suite never means adding a vendor.

See pricingCavaridge AI flagship

The architecture

  • Universal Tenant Model (UTM)

    Six tenant types — platform, MSP, client, site, prospect, individual — implemented in @cavaridge/auth. RLS at the DB; middleware at the API; TenantProvider in the UI.

  • 10-role RBAC

    Platform Admin, MSP Admin, MSP Tech, Client Admin, Client Viewer, Prospect, Individual Owner, Team Admin, Team Member, Team Viewer — enforced at DB (RLS), API (middleware), and UI.

  • Internal LLM gateway

    Every LLM call routes through Cavaridge AI's internal gateway → OpenRouter. No app-level keys. Per-tenant spend caps, provider failover, and routing across 300+ models.

  • Pulse observability

    Every product action emits a Pulse event. One stream powers reporting, alerting, churn signals, and the embedded operator dashboard.

  • Supabase + RLS

    Single production project (us-west-2). Every tenant-scoped table carries a tenant_id FK to the shared tenants table. RLS enforced via auth.tenant_visible().

  • Railway-deployed

    One service per app, Doppler-injected secrets, BullMQ + Redis queues, Langfuse-instrumented LLM observability.

Built to be agent-driven

  • MCP-native

    Every Cavaridge suite exposes its tools over MCP. Connect Cavaridge to Claude, ChatGPT, Cursor, or Cline as a server — your team's AI workflows drive Cavaridge directly.

  • Shared agent runtime

    DocAnalysis, Compliance, ReportGen, DataExtract, Research, RiskScore, CostAnalysis — agents are parameterized, never forked per app.

  • Public API + SDKs

    OpenAPI 3.1 single source of truth. SDKs in TypeScript, Python, Go. OAuth 2.1 + per-tenant API keys. Versioning follows Stripe's dated convention.