Agent-Skills.md

Agent Skills: Multi-Tenant Account Pattern

Implement multi-tenant architecture using an Account model as the tenant boundary. Use when building SaaS applications, team-based apps, or any system where data must be isolated between organizations/accounts.

UncategorizedID: rbarazi/agent-skills/multi-tenant-accounts

Repository

rbarazi/agent-skills
rbarazi

Install this agent skill to your local

pnpm dlx add-skill https://github.com/rbarazi/agent-skills/tree/HEAD/skills/multi-tenant-accounts

Skill Files

Browse the full folder contents for multi-tenant-accounts.

Download Skill

Loading file tree…

skills/multi-tenant-accounts/SKILL.md

Skill Metadata

Name
multi-tenant-accounts
Description
Implement multi-tenant architecture using an Account model as the tenant boundary. Use when building SaaS applications, team-based apps, or any system where data must be isolated between organizations/accounts.

Multi-Tenant Account Pattern

Account-based multi-tenancy for Rails applications. All resources scoped to accounts for data isolation.

Quick Start

  1. Create Account model as the tenant container
  2. Add belongs_to :account to User model
  3. Configure Current model to delegate account from session
  4. Scope all resources via Current.account

Core Architecture

Account (tenant boundary)
  └── Users (belong to account)
  └── All resources (scoped to account)

Current.session → Current.user → Current.account

Components

| Component | Purpose | Reference | |-----------|---------|-----------| | Account model | Tenant container | models.md | | User-Account relationship | User scoping | models.md | | Current model | Request-scoped access | models.md | | Controller scoping | Safe queries | controllers.md | | Database migrations | Schema design | migrations.md | | Testing patterns | Isolation tests | testing.md |

Minimal Implementation

Account Model

class Account < ApplicationRecord
  has_many :users, dependent: :destroy
  has_many :agents, dependent: :destroy  # Example resource

  validates :name, presence: true, uniqueness: true
end

User-Account Association

class User < ApplicationRecord
  belongs_to :account
  has_secure_password
end

Current Model

class Current < ActiveSupport::CurrentAttributes
  attribute :session
  delegate :user, to: :session, allow_nil: true
  delegate :account, to: :user, allow_nil: true
end

Controller Scoping

class AgentsController < ApplicationController
  def index
    @agents = Current.account.agents  # Always scope to account
  end

  def show
    @agent = Current.account.agents.find(params[:id])  # Security critical!
  end
end

Critical Security Pattern

# CORRECT - scoped to account
@agent = Current.account.agents.find(params[:id])

# WRONG - exposes all accounts' data!
@agent = Agent.find(params[:id])  # SECURITY VULNERABILITY

Account Access Pattern

# Anywhere in your application:
Current.account        # => #<Account id: "abc-123">
Current.user           # => #<User id: "xyz-456">
Current.account.agents # => [Agent, Agent, ...]
Current.account.users  # => [User, User, ...]

Detailed References

Multi-Tenant Account Pattern Skill | Agent Skills