01 · isolation
Every query. Every tenant. Zero trust.
Postgres RLS with FORCE. Tenant context bound at JWT verify, then attached to the connection for the lifetime of the request. A forgotten WHERE clause can't leak across tenants.
1ALTER TABLE orders ENABLE ROW LEVEL SECURITY;2ALTER TABLE orders FORCE ROW LEVEL SECURITY;34CREATE POLICY tenant_isolation ON orders5 FOR ALL6 USING (tenant_id = current_setting('app.tenant_id'));