Workspace tenancy for AI agent teams.
Harbor for organizations that need shared OAuth grants, audited execution, and one contract covering every agent on the team.
Last updated
What Enterprise unlocks
Six capabilities your team gets on day one. Everything below is repo-verifiable or available on request — no roadmap claims.
Workspace tenancy
Dedicated workspace with per-workspace credentials, OAuth grants, runs, traces, and orbit primitives — no shared state with other tenants.
SSO via WorkOS
SAML 2.0 and OIDC through WorkOS / AuthKit. Provision membership from your identity provider and revoke access in one place.
Shared OAuth grants
One OAuth client config per workspace for each connected service. Member agents reuse the grant; you control the scope.
Audit log retention
Every exec, function invocation, app request, and tool call written to D1 with span-level history. Custom retention on contract.
Custom data residency
Cloudflare Workers for Platforms dispatch namespace isolation for Orbit jobs. EU and US options available on request.
Dedicated support
Named contact, shared Slack or Linear channel, and an SLA written into the contract — not a status page promise.
How workspace tenancy works
Workspace is the top-level isolation primitive in Harbor. Every plugin connection, OAuth grant, run, and trace is bound to a single workspace_id. Two workspaces never collide on shared keys — orbit primitives are server-side prefixed per workspace, so hrbr.storage.put({ key: "results" }) from one team is invisible to another team running the same code.
Member identity is decoupled from workspace identity. WorkOS / AuthKit handles human authentication via SAML 2.0 or OIDC against your IdP, and per-workspace membership is provisioned from the same source. Agents authenticate as agents — not as the developer who once wired up a Slack integration on their laptop — so offboarding revokes both the human IdP grant and the agent dock in a single action.
For workloads that need stronger isolation, Orbit jobs run inside a per-workspace Cloudflare Workers for Platforms dispatch namespace. Even at the Cloudflare layer, your workloads do not share an isolate with another tenant. EU-only and US-only routing are available on contract; default deploy is the global edge.
The execution layer that hosts hrbr exec, scheduled functions, and live apps reads from the same workspace primitives. One credential rotation, one OAuth grant change, one policy update — and every agent docked to the workspace observes the change on the next call. There is no per-agent configuration sprawl to chase down. Audit, replay, and incident review all draw a single boundary around the workspace rather than around each agent process.
Talk to sales
A 30-minute call covers scoping, security review, and pricing. We send a written quote within two business days.
Book a call
30 minutes with the team that ships Harbor.
We will walk through your stack, security posture, and contract requirements together. No SDR triage.
Or email us directly
founders@zonko.aiWe reply within one business day. Include your stack, team size, and the agent surfaces you plan to wire through Harbor.
What enterprises ask about
The three questions that come up in every scoping call. Direct answers below.
Q.01
Can we pin workloads to a specific region?
Cloudflare Workers for Platforms supports dispatch namespace isolation. EU-only and US-only routing is available on request as part of the contract; default deploy is global edge.
Q.02
How long do you retain audit logs?
Default retention follows the workspace tier. Enterprise contracts can extend D1 audit retention and add scheduled export to a customer-controlled bucket.
Q.03
What does a custom SLA look like?
Uptime, response time, and incident-handling commitments are written into the master services agreement. Scope depends on the surfaces you depend on (control plane, runtime, MCP server).
Have a different question? Drop a note to founders@zonko.ai and we will route it to the right person.