Workspace Isolation

Every MarcoPolo user gets a dedicated workspace: a separate Kubernetes container that runs in isolation from all other users.

What isolation means

Separate containers. Your workspace is its own container with its own filesystem, DuckDB instance, and process space. No other user's AI agent or workspace shares your container.

No cross-tenant access. User A cannot access User B's files, cached data, query history, or data source connections. There is no shared filesystem or shared database between workspaces.

Separate credential scope. Each workspace has access only to the data sources its owner has connected or been granted access to. Sharing a data source with a colleague creates a separate credential binding, not shared access to your credentials.

Lifecycle

Provisioning. When you first sign in to MarcoPolo (via Google, GitHub, Microsoft, or email), a workspace is created for your user account and associated with your company (based on email domain).

Active use. While you're working, the workspace runs as a live container with compute resources. Your AI operates within this container.

Idle. When you're inactive, the runtime scales down. Your filesystem persists. Files, scripts, cached data, and artifacts are all preserved.

Resume. When you or your AI make a new request, the workspace spins back up. Your files are exactly as you left them.

Shared data sources

When you share a data source with a colleague, they get their own connection to that source in their own workspace. They don't access your workspace, and you don't access theirs. The source becomes available in both workspaces independently.

Company-level sharing (all users on the same email domain) works the same way. Each user gets their own isolated workspace with access to the shared source.