AgentSkillsCN

multi-tenancy-guard

确保租户间严格的数据隔离。在编写数据库查询、API 路由,或访问用户数据时,可使用此技能。

SKILL.md
--- frontmatter
name: multi-tenancy-guard
description: Ensures strict data isolation between tenants. Use when writing database queries, API routes, or accessing user data.

Multi-Tenancy Guard Skill

Goal: Prevent data leaks between organizations/tenants

Instructions:

  1. Database Queries: Every query MUST include where: { organizationId }
  2. API Routes: Verify orgId from session/token matches requested resource
  3. Middleware: Check organization resolution from subdomain/custom domain
  4. Admin Operations: Ensure only organization owners can delete/update org settings

Scripts:

  • Run scripts/check-isolation.ts to verify RLS (Row Level Security) policies

Constraints:

  • NEVER generate code that queries database without organization filter
  • ALWAYS validate tenant context before data access
  • Flag CRITICAL if tenant isolation is missing