workspace-isolation-check

What problem does it solve?

Ensuring strict data separation in a multi-tenant application is critical but highly complex, with potential vulnerabilities across various code layers. This skill automates the validation of workspace isolation, systematically checking API routes, database queries, RLS policies, and middleware to prevent data leakage.

Core Features & Use Cases

• Comprehensive Code Scan: Checks all relevant code (API routes, DB queries, Prisma schema, RLS policies, pages, server actions) for isolation violations.
• Pattern Enforcement: Verifies adherence to established patterns like requireWorkspaceAccess(), workspaceId filters, and correct RLS policy usage.
• Detailed Reporting: Generates a checklist-based report highlighting any detected violations and suggesting fixes.
• Use Case: After modifying an API route or a database query, use this skill to perform a full workspace isolation check. It will scan the changed files, verify that all queries include workspaceId filters, that API routes use proper auth helpers, and that RLS policies are correctly applied, ensuring no cross-workspace data exposure.

Quick Start

Perform a workspace isolation check on the recently modified API route app/api/w/[slug]/challenges/route.ts. Report any missing auth checks or workspaceId filters.