← ClaudeAtlas

tenancy-enforcerlisted

Use this skill when writing MongoDB queries, repository methods, or service logic in Aegis. It enforces strict multi-tenancy by ensuring communityId is always included.
muhammadcaeed/aegis · ★ 0 · Data & Documents · score 62
Install: claude install-skill muhammadcaeed/aegis
# Aegis Multi-Tenancy Enforcer ## When This Skill Applies - Writing ANY MongoDB query (find, update, delete) - Creating repository methods - Implementing service layer logic - Adding new indexes to schemas - Creating aggregate pipelines ## The Absolute Rule **Every database query MUST include `communityId` in the filter.** No exceptions. Cross-community access is a security breach. ## Source of communityId ### Correct: From JWT Token ```typescript // Controller extracts from token @Get() async findAll(@CurrentUser() user: JwtPayload) { return this.service.findAll(user.communityId); } // Service passes to repository async findAll(communityId: string) { return this.repository.findAll(communityId); } // Repository includes in query async findAll(communityId: string) { return this.model.find({ communityId: new Types.ObjectId(communityId), }); } ``` ### Wrong: From Request Body ```typescript // NEVER DO THIS @Post() async create(@Body() dto: CreateDto) { // dto.communityId could be forged by attacker return this.service.create(dto.communityId, dto); } ``` ## Repository Method Patterns ### Find Methods ```typescript // Always require communityId as parameter async findById(id: string, communityId: string): Promise<Document | null> { return this.model.findOne({ _id: new Types.ObjectId(id), communityId: new Types.ObjectId(communityId), // REQUIRED }); } async findByHousehold(householdId: string, communityId: string): Promise<Document[]> {