ArchPilotExecutable architecture guardrails

Search docs

Docs search

Validation rule

Back to Rule Catalog
AP-DQR-001Data & Query Risk

Missing tenant filter evidence in multi-tenant SQL

Flags query paths where multi-tenant SQL lacks clear tenant-filter evidence.

warningviolationNo auto-fix

How to fix

  1. Add an explicit tenant filter to the query.
  2. Pass tenant context through repository/service boundaries.
  3. Document intentional shared queries and add tests that prove tenant isolation.

What it means

A query appears to touch tenant-scoped data without an obvious tenant filter.

Why it matters

Missing tenant filters can expose or mix data across tenants.

Common causes

  • Raw SQL omits tenant_id.
  • Tenant scoping is hidden behind an abstraction ArchPilot cannot identify.
  • A test fixture or report query was copied into production code.

Example bad pattern

SELECT * FROM invoices WHERE status = 'open'

Example good pattern

SELECT id, status FROM invoices WHERE tenant_id = $1 AND status = 'open'

Related files/config

  • apps/api/src
  • db/sql
  • packages/db/prisma/schema.prisma

Related CLI commands

  • archpilot validate
  • archpilot validate --ci

Related docs

Rule CatalogFindings & ExceptionsValidation & Findings
AP-DQR-001 - Missing tenant filter evidence in multi-tenant SQL | ArchPilot Docs