Why must communityId be included in every query?

Including communityId in every query ensures strict data isolation, preventing a user from one community from accidentally or maliciously accessing data belonging to another community.

Does this skill work with MongoDB aggregation pipelines?

Yes, it enforces that the first stage of any aggregate pipeline must be a $match stage containing the communityId filter.

Is it safe to get the communityId from the request body?

No, sourcing communityId from a request body is a security risk as it can be forged by an attacker. It should always be extracted from a verified JWT token.

How should indexes be structured for multi-tenancy?

All compound indexes must have communityId as the first field. This ensures both query efficiency and logical isolation at the database level.

Aegis Tenancy Enforcer

Name: Aegis Tenancy Enforcer
Author: muhammadcaeed

bymuhammadcaeed

0•

Database Management

Enforces strict multi-tenant data isolation in MongoDB queries and service logic for the Aegis platform.

The Aegis Tenancy Enforcer is a specialized development skill designed to maintain rigorous security and data isolation within multi-tenant community platforms. It provides automated guidance for writing MongoDB queries, repository methods, and service logic, ensuring that a communityId filter is consistently applied to every database operation. By mandating that tenant identifiers are sourced from authenticated JWT tokens rather than request bodies, it effectively prevents cross-community data breaches while optimizing database performance through tenant-first indexing strategies.

Key Features

01Detection and prevention of common security anti-patterns

02Secure JWT-based tenant identification enforcement

030 GitHub stars

04Mandatory communityId filtering for all CRUD operations

05Optimized compound index guidance for tenant isolation

06Strict aggregate pipeline stage validation

Use Cases

01Performing security audits on existing MongoDB query logic

02Developing secure repository methods in multi-tenant environments

03Implementing tenant-aware aggregate pipelines for reporting

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add muhammadcaeed/aegis tenancy-enforcer.md

For use in Claude.ai and ChatGPT

Key Features

01Detection and prevention of common security anti-patterns

02Secure JWT-based tenant identification enforcement

030 GitHub stars

04Mandatory communityId filtering for all CRUD operations

05Optimized compound index guidance for tenant isolation

06Strict aggregate pipeline stage validation

Use Cases

01Performing security audits on existing MongoDB query logic

02Developing secure repository methods in multi-tenant environments

03Implementing tenant-aware aggregate pipelines for reporting

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add muhammadcaeed/aegis tenancy-enforcer.md

For use in Claude.ai and ChatGPT