Audience filters
Every knowledge source in Gigamcp carries an audience that decides who can see its content through MCP. Audiences are enforced server-side in OpenSearch via a mandatory filter on every query — there is no in-process check the caller can bypass.
Format
An audience is a comma-separated list of typed targets:
tenant:<tenantId>— visible to every member of the workspacegroup:<groupId>— visible to members of the named groupuser:<userId>— visible only to that user
A knowledge source may have multiple audiences (a chunk is visible if any of them matches the requesting user). The admin console surfaces this as the "Visibility" picker on each source.
Resolution at request time
For each authenticated user we expand the audience set to:
tenant:<currentTenant>group:<groupId>for every group the user is a member ofuser:<currentUser>
OpenSearch's terms filter on the chunk's audience field then restricts the result set to chunks the user can see. No tenant override or "admin sees everything" mode exists; even workspace owners only see chunks whose audience matches their own membership graph.
Personal-source rule
Knowledge sources created via a personal connector (connectorScope = "user") automatically get an user:<ownerId> audience. The admin console refuses to widen this audience even for the workspace owner — the only way to share a personal-source's content is to re-ingest it through a tenant-level connector.
Audit
Every audience change is recorded in the audit log as knowledge_source.audience.changed with both the old and new values, so you can answer "who made this private and when?" without trawling logs.
Worked example
Source: handbook (Google Doc folder)
Audience: tenant:t_acme
Source: infra-runbooks (GitHub repo)
Audience: group:eng
Source: vahur-personal-notes (personal Drive folder)
Audience: user:u_vahur (immutable)A user in group eng sees handbook + infra-runbooks but not vahur-personal-notes. Vahur sees handbook + vahur-personal-notes (and infra-runbooks if he's also ineng).