mancitrus/system-prompts-and-models-of-ai-tools
1
0
Fork 0
mirror of https://github.com/x1xhlol/system-prompts-and-models-of-ai-tools.git synced 2026-06-17 23:09:35 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
856fc89a7a
system-prompts-and-models-o.../salesflow-saas/backend/app/middleware/tenant_rls.py
Claude 38e9d02075
feat(dealix): close ALL 4 Tier-1 runtime gaps (Programs E, F, G, K, J) 
Program F — Multi-Tenancy RLS (Row-Level Security):
  alembic 20260417_0002_add_rls.py: Enables RLS on 23 tenant-scoped tables.
  database_rls.py: set_tenant_context() helpers for SET LOCAL app.tenant_id.
  middleware/tenant_rls.py: Extracts tenant_id from JWT on every request.
  Default-deny when no context. PostgreSQL only (CI safe on SQLite).
  Result: OWASP A01:2025 — access control enforced at DB layer.

Program G — Idempotency Standard:
  models/idempotency_key.py: IdempotencyKey table with TTL + SHA256 hash.
  services/idempotency_service.py: get_existing/store with request fingerprint.
  middleware/idempotency.py: HTTP middleware on POST/PUT/PATCH.
  Result: Duplicate side effects prevented on retry.

Program E — Persistent Durable Execution:
  models/durable_checkpoint.py: DurableCheckpoint with sequence_num + status.
  services/durable_runtime.py: start_run/checkpoint/complete/resume/list_incomplete.
  Result: Workflows survive crashes — resume from last persisted checkpoint.

Program K — OpenTelemetry:
  observability/otel.py: init/span/inject_correlation_id with graceful
    degradation when OTel packages absent.
  openclaw/gateway.py: Wraps execute() in span, binds correlation_id to
    trace_id. Bridge between business correlation and production observability.

Program J — Release Gate Hardening:
  docs/governance/release-gates.md: Documents 3 mandatory gates.
  .github/workflows/dealix-ci.yml: Adds release_readiness_matrix as CI step.
  release_readiness_matrix.py: Updated to check 41/41 components.

Verification:
  architecture_brief.py:     40/40 PASS
  release_readiness_matrix.py: 41/41 PASS

https://claude.ai/code/session_01W1rJthWDkasijTdXCfxVHs
2026-04-17 10:12:04 +00:00

37 lines
1.3 KiB
Python
Raw Blame History

"""Tenant RLS Middleware — sets PostgreSQL session tenant context per request.
Extracts tenant_id from JWT and sets it via SET LOCAL on the DB session.
RLS policies on tenant-scoped tables filter by this setting.
"""
from __future__ import annotations
from starlette.middleware.base import BaseHTTPMiddleware
from starlette.requests import Request
from starlette.responses import Response
class TenantRLSMiddleware(BaseHTTPMiddleware):
"""Sets app.tenant_id session variable from JWT for RLS enforcement.
Note: RLS works only on PostgreSQL. SQLite (CI) silently ignores the
SET LOCAL statement, so this middleware is a no-op on SQLite.
"""
async def dispatch(self, request: Request, call_next) -> Response:
# Extract tenant_id from JWT if available
tenant_id = None
try:
from app.utils.security import decode_token
auth = request.headers.get("authorization", "")
if auth.startswith("Bearer "):
token = auth[7:]
payload = decode_token(token)
tenant_id = payload.get("tenant_id") if isinstance(payload, dict) else None
except Exception:
tenant_id = None
# Make available to downstream handlers
request.state.tenant_id = tenant_id
return await call_next(request)
Reference in New Issue View Git Blame Copy Permalink