Multi-Tenant Safety Check
Apply when writing any database query in routes/, lib/services/, or workers/.
This platform serves 40+ tenants. One data leak destroys trust across all of them.
Before writing ANY query:
- •Does this query filter by tenant_id in EVERY WHERE clause?
- •If it joins tables, does EACH table in the join have tenant_id filtering?
- •Could a NULL tenant_id cause this to return data from all tenants?
- •If this uses RLS (set_config), does it have a fallback if set_config fails?
- •Is the tenant_id sourced from req.tenantContext (trusted) or from req.body (untrusted)?
Every query must use: .where({ tenant_id: tenantId }) or .where('tenant_id', tenantId) Phone numbers must be E.164 format. Normalize with normalizePhoneE164() before querying.