Circuit-Forge/turnstone
5
0
Fork 0
Code Issues 11 Pull requests 1 Projects Releases 6 Packages Wiki Activity Actions

feat: multi-tenant source namespacing -- isolate log sources per deployment context #50

New issue
Closed
opened 2026-05-26 23:05:27 -07:00 by pyr0ball · 0 comments
pyr0ball commented 2026-05-26 23:05:27 -07:00
Owner
Copy link

When Turnstone is deployed in a shared or enterprise context, log sources from different customers, environments, or teams must be queryable in isolation. Today all sources share a single flat namespace.

Design:

  • Add optional tenant_id field to source definitions in sources.yaml
  • Store tenant_id in the log_entries table (new column, nullable -- NULL = default tenant)
  • All search, diagnose, and incident API endpoints accept an optional ?tenant=<id> filter
  • When ?tenant= is specified: only entries from that tenant's sources are returned
  • list_sources MCP tool and /api/sources endpoint filter by tenant if specified

Migration:

  • Existing entries get tenant_id = NULL (default behavior unchanged)
  • Column added via ALTER TABLE in ensure_schema() with IF NOT EXISTS

Acceptance criteria:

  • Two tenants with overlapping source IDs cannot see each other's entries
  • Existing single-tenant deployments work unchanged
  • Unit test: verify cross-tenant query isolation
When Turnstone is deployed in a shared or enterprise context, log sources from different customers, environments, or teams must be queryable in isolation. Today all sources share a single flat namespace. **Design:** - Add optional `tenant_id` field to source definitions in `sources.yaml` - Store `tenant_id` in the `log_entries` table (new column, nullable -- NULL = default tenant) - All search, diagnose, and incident API endpoints accept an optional `?tenant=<id>` filter - When `?tenant=` is specified: only entries from that tenant's sources are returned - `list_sources` MCP tool and `/api/sources` endpoint filter by tenant if specified **Migration:** - Existing entries get `tenant_id = NULL` (default behavior unchanged) - Column added via `ALTER TABLE` in `ensure_schema()` with `IF NOT EXISTS` **Acceptance criteria:** - Two tenants with overlapping source IDs cannot see each other's entries - Existing single-tenant deployments work unchanged - Unit test: verify cross-tenant query isolation
pyr0ball added this to the beta milestone 2026-05-26 23:05:27 -07:00
pyr0ball added the
enhancement
security
 labels 2026-05-26 23:05:27 -07:00
pyr0ball modified the milestone from beta to (deleted) 2026-06-05 11:40:10 -07:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/42-50-postgres-multitenant
feat/32-domain-view
feat/15-hybrid-rag
feat/41-hybrid-bert-shim
feat/60-incidents-db
feat/pipeline-cleanup
feat/29-multi-agent-diagnose
feat/ssh-remote-glean
feat/live-watch
feat/llm-reasoning
feat/frictionless-capture
v0.7.0
v0.6.2
v0.6.1
v0.6.0
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
compliance

   
demo

   
deployment

   
docs

   
enhancement

   
parser

   
patterns

   
performance

   
security

   
ux
No labels
compliance
demo
deployment
docs
enhancement
parser
patterns
performance
security
ux
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Circuit-Forge/turnstone#50
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?