TenantShield

A multi-tenant enforcement engine for Python that eliminates cross-tenant data leaks by construction.

Status

Pre-1.0 alpha. Phase 1 (core) is complete; framework adapters (Django, SQLAlchemy, Celery, DRF) arrive in subsequent phases.

Quick links

• Getting Started — install and run your first example.
• Concepts — what each part of TenantShield does.
• API Reference — full API documentation.
• ADRs — architectural decisions.

Why TenantShield?

Multi-tenant data leaks are common. Most defenses are reactive (audits, manual review, hope). TenantShield is preventive: it makes leaks fail loudly instead of silently corrupt data.

If bind_tenant(...) was never called and a tenant-aware query runs, TenantShield raises an exception. There is no implicit fallback.