Add multi-tenant support with owner_id isolation #1696

Open

AI-Manager wants to merge 2 commits from feature/multi-tenant-isolation into main

Author	SHA1	Message	Date
agent-company	e37859dabc	Add multi-tenant support with owner_id isolation - Add owner_id (FK to users) column to llm_messages, jobs, and tracked_companies tables via schema migration in initialize_schema() - Filter all read/write operations by authenticated user's owner_id so users cannot see or modify each other's data - Add user-scoped /tracked endpoints alongside existing admin ones - Add admin-scoped /admin/analyses and /admin/jobs endpoints that return cross-tenant data without owner filtering - Create migration script (scripts/migrate_add_owner_id.py) that backfills owner_id=1 for all existing rows - Replace global UNIQUE on tracked_companies.company_name with per-owner unique index (company_name, owner_id) - Fix route ordering: /analyze/batch and /analyze/patent routes now registered before /analyze/{company_name} to prevent path conflicts - Update all existing API tests with proper auth headers and owner_id assertions - Add comprehensive cross-tenant isolation test suite (tests/test_multi_tenant.py) Closes leeworks-agents/SPARC#1677 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-05-19 16:04:58 +00:00
agent-company	3dfa651f2d	Add rate limiting dashboard to admin panel - Enhance GET /admin/rate-limits with per-IP breakdown, 24h throttled count, and hourly time-series of rejected requests - Add _rejected_log deque for time-series tracking of throttled requests - Add AdminRateLimits React page with auto-refresh (configurable 15s/30s/1m), summary cards, throttled-over-time bar chart, endpoint table, per-IP table - Add TypeScript types (RateLimitStatsResponse) and adminApi.getRateLimits() - Wire up /admin/rate-limits route and nav link (admin-only) - Expand unit tests to 10 cases: auth, empty state, per-IP breakdown, throttled_24h count, time-series structure, response shape contract Closes leeworks-agents/SPARC#1686 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-05-19 15:39:45 +00:00

Author

SHA1

Message

Date

agent-company

e37859dabc

Add multi-tenant support with owner_id isolation

- Add owner_id (FK to users) column to llm_messages, jobs, and
  tracked_companies tables via schema migration in initialize_schema()
- Filter all read/write operations by authenticated user's owner_id
  so users cannot see or modify each other's data
- Add user-scoped /tracked endpoints alongside existing admin ones
- Add admin-scoped /admin/analyses and /admin/jobs endpoints that
  return cross-tenant data without owner filtering
- Create migration script (scripts/migrate_add_owner_id.py) that
  backfills owner_id=1 for all existing rows
- Replace global UNIQUE on tracked_companies.company_name with
  per-owner unique index (company_name, owner_id)
- Fix route ordering: /analyze/batch and /analyze/patent routes now
  registered before /analyze/{company_name} to prevent path conflicts
- Update all existing API tests with proper auth headers and owner_id
  assertions
- Add comprehensive cross-tenant isolation test suite
  (tests/test_multi_tenant.py)

Closes leeworks-agents/SPARC#1677

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-05-19 16:04:58 +00:00

agent-company

3dfa651f2d

Add rate limiting dashboard to admin panel

- Enhance GET /admin/rate-limits with per-IP breakdown, 24h throttled
  count, and hourly time-series of rejected requests
- Add _rejected_log deque for time-series tracking of throttled requests
- Add AdminRateLimits React page with auto-refresh (configurable 15s/30s/1m),
  summary cards, throttled-over-time bar chart, endpoint table, per-IP table
- Add TypeScript types (RateLimitStatsResponse) and adminApi.getRateLimits()
- Wire up /admin/rate-limits route and nav link (admin-only)
- Expand unit tests to 10 cases: auth, empty state, per-IP breakdown,
  throttled_24h count, time-series structure, response shape contract

Closes leeworks-agents/SPARC#1686

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-05-19 15:39:45 +00:00

Add multi-tenant support with owner_id isolation #1696

2 Commits