ArchPilotExecutable architecture guardrails

Search docs

Docs search

Validation rule

Back to Rule Catalog
AP-TEN-002Tenant Isolation

Missing tenant enforcement on data access

Flags data access without clear tenant-scoping enforcement.

warningviolationNo auto-fix

How to fix

  1. Add tenant constraints to the query.
  2. Require tenant scope in repository inputs.
  3. Review raw SQL and ORM calls for tenant filters.

What it means

A query or mutation touches tenant-owned data without obvious tenant constraints.

Why it matters

Tenant enforcement at data access prevents cross-tenant reads and writes even when higher layers make mistakes.

Common causes

  • A where clause omits organizationId.
  • A repository method accepts an id but not tenant scope.
  • Raw SQL is not constrained by tenant columns.

Example bad pattern

findUnique({ where: { id: repositoryId } }) for an organization-scoped repository.

Example good pattern

findFirst({ where: { id: repositoryId, organizationId } }).

Related files/config

  • apps/api/src
  • apps/web/app/api
  • packages/db/prisma/schema.prisma

Related CLI commands

  • archpilot validate
  • archpilot validate --ci

Related docs

Rule CatalogTenant IsolationData / Query Risk
AP-TEN-002 - Missing tenant enforcement on data access | ArchPilot Docs