Tenant and workspace isolation
Each workspace is separated so assistants only operate inside the environment they are assigned to.
Trust Layer
AI agents should not roam your systems
Duka protects organizations by giving workspace assistants access to governed knowledge objects instead of raw operational systems, inboxes, folders, social accounts, or admin tools.
The safer pattern: expose only the knowledge needed
Instead of connecting an agent directly to everything, Duka first processes information into controlled objects with ownership, access rules, citations, lineage, freshness, quality status, and allowed actions.
Role-based access
Users receive answers based on their permissions, workspace role, and allowed knowledge objects.
Citation-aware retrieval
Answers can point back to the files, records, conversations, or source summaries used as evidence.
Freshness and quality checks
Assistants can surface when knowledge is current, stale, incomplete, or not strong enough to answer safely.
Allowed actions
Skills are constrained by what the assistant is approved to retrieve, draft, route, or execute.
Audit context
Sensitive retrieval and task execution can retain traceability across users, sources, and workflows.
No answer without access and evidence
If a user is not allowed to access a source, the assistant should not use it. If the evidence is missing or stale, the assistant can fall back safely instead of inventing an answer.
Safe skills for real work
Assistants can retrieve, explain, summarize, draft, and route tasks only through approved knowledge objects and controlled workflows.