ArchPilotExecutable architecture guardrails

Search docs

Docs search

Validation category

Tenant Isolation

Review implemented validation rules for tenant context propagation, tenant-scoped data access, and tenant-model documentation.

Why it matters

Tenant Isolation findings protect organization-scoped Cloud data by checking that tenant context and enforcement remain visible.

What this category covers

  • Tenant or organization context carried through request workflows.
  • Data access constrained by tenant scope.
  • Tenant isolation decisions documented for reviewers.

Implemented rules

These are the currently implemented rules in this category. Cloud stores and displays the uploaded findings from local validation; it does not add future or speculative rules.

Rule IDRule titleCategorySeverityShort explanationExample violationRemediation guidance
AP-TEN-001Missing tenant context propagationTenant IsolationwarningFlags request or workflow paths where tenant context is not clearly propagated.createRepository(input) writes repository data without organizationId in the service call.Pass tenant context through service and repository method signatures. Use explicit scoped inputs for tenant-sensitive work. Add tests that prove the tenant context reaches data access.
AP-TEN-002Missing tenant enforcement on data accessTenant IsolationwarningFlags data access without clear tenant-scoping enforcement.findUnique({ where: { id: repositoryId } }) for an organization-scoped repository.Add tenant constraints to the query. Require tenant scope in repository inputs. Review raw SQL and ORM calls for tenant filters.
AP-TEN-003Cross-tenant access riskTenant IsolationwarningFlags flows that may combine or expose data across tenant boundaries.A repository activity query aggregates all organizations for a member-scoped dashboard.Constrain the flow to one tenant. Add explicit administrative authorization for cross-tenant operations. Document and test any intentional global access path.
AP-TEN-004Tenant isolation model undocumented or inconsistentTenant IsolationinfoReports missing or inconsistent documentation for the tenant isolation model.The schema uses organizationId everywhere, but the architecture overview never describes tenant isolation.Update the tenant model ADR or architecture overview. Name the tenant discriminator and ownership model. Link tenant isolation docs from security-sensitive workflows.

Related pages

AuthorizationData / Query RiskRule Catalog

Next steps

Transaction BoundariesDomain Model Quality
Tenant Isolation | ArchPilot Docs