Governed by architecture, not just policy.
Frege's security posture comes from how the system is built: tenant isolation, explicit access relationships, encrypted credentials, supervised runtimes, and versioned auditability.
Tenant isolation
Frege uses PostgreSQL row-level security to scope tenant data access at the database layer. Requests that operate in a tenant context run inside a transaction configured for that tenant, reducing the risk of accidental cross-tenant access in application code.
Fine-grained authorization
Frege uses Ory Keto to govern access to tools and documents. Instead of broad role buckets only, relationships can be expressed per key, per project, per document, and per tool. That lets teams expose exactly the parts of the MCP surface a caller should see.
- API keys can be granted or denied specific tools.
- Docs can be scoped separately from tools.
- Organizations and temporary grants can layer additional access rules over time.
Encrypted credentials
Organization-specific target credentials are encrypted before being stored. Frege decrypts them only when applying outbound authentication and keeps plaintext usage constrained to the request path where they are needed.
This is especially useful for B2B SaaS and enterprise partner scenarios where each downstream organization needs different credentials against the same shared project surface.
Isolated MCP runtimes
Project MCP servers run as supervised child processes. That adds runtime isolation between projects and versions, helps contain crashes, and makes version-specific serving easier to reason about operationally.
Audit trails and version history
Frege records tool calls, access changes, version actions, webhook events, and related project activity. Combined with immutable versioning, that gives teams a clearer record of what changed, who changed it, and which runtime surface was active at the time.
Transport and form protection
Frege sets standard browser security headers and uses CSRF protection for state-changing form flows in the web interface. Sessions are configured with secure cookie defaults appropriate to environment.
Webhook verification and event flow
Frege includes webhook verification adapters and event routing so incoming external events can be checked before they are accepted, stored, and bridged into MCP notifications.
Identity and OAuth building blocks
Frege includes Kratos and Hydra integrations for identity and OAuth flows. That creates a path for governed user onboarding, shareable connect pages, and organization-aware access without forcing every deployment to invent its own auth layer.
Need a deeper technical review?
This page is a high-level overview of the current security model. For an enterprise evaluation, the strongest story is the combination of RLS, Ory Keto, encrypted credentials, versioned rollout, and isolated MCP runtimes working together.
Read the model, then inspect the product.
Frege works best for teams that want a concrete, inspectable MCP runtime around an API they already operate.