Reference
Security
How Chelar protects your data and ensures tenant isolation.
Data Isolation
Each tenant runs in a dedicated Docker container with:
- Network isolation — containers cannot communicate with each other.
- Filesystem isolation — per-tenant directories with POSIX permissions and unique UIDs.
- Encryption — all tenant data is encrypted at rest with AES-256-GCM client-side encryption on JuiceFS.
Authentication
- Dashboard access — OAuth via GitHub or Google, managed by NextAuth.
- Gateway access — your assistant's native dashboard is protected by Caddy
forward_auth, validating your session cookie. - API keys — AI provider keys are stored encrypted in your isolated data directory. Chelar never reads or proxies them.
What Chelar Can and Cannot Access
| Data | Chelar Access |
|---|---|
| Container status, logs | Yes (operational) |
| Channel connection status | Yes (operational) |
| Chat messages and history | No |
| AI provider API keys (encrypted) | No |
| Session data and memory | No |
The Go API queries your gateway with a read-only scope (operator.read) — it cannot access chat sessions, history, or agent execution.
Reporting Vulnerabilities
If you discover a security vulnerability, please report it responsibly by emailing security@chelar.ai.