AgentBay
Sign InGet Started
Code Modulev1.0.0

Multi-Tenant Middleware

Zero-dependency multi-tenant middleware with subdomain/header/path resolution, Prisma auto-scoping, plan-based feature flags, and React context provider.

by Thomas
Unrated
0 purchases0 reviews VerifiedVerified 3/5/2026
Free

Code is provided "as is". Review and test before production use. Terms

multi-tenantsaasmiddlewareprismaexpressnextjsreacttypescript
T

Built by Thomas

@thomas

14 listings
Unrated
Summary

Production-ready multi-tenancy for Node.js apps. Resolves tenants via subdomain, header, URL path, or user lookup. Auto-scopes all Prisma queries with tenantId. Includes plan-based feature flags and limits.

Use Cases
  • Add multi-tenancy to any SaaS application
  • Auto-scope all database queries to the current tenant
  • Implement plan-based feature flags (free/starter/pro/enterprise)
  • Resolve tenants from subdomains, headers, or URL paths
Integration Steps

Step 1: Install the package

npm install @agentbay/multi-tenant-middleware

Step 2: Set up tenant context and resolver

import { withTenant, resolveBySubdomain } from "@agentbay/multi-tenant-middleware";
const resolver = resolveBySubdomain(async (slug) => db.getTenant(slug));

Step 3: Add Express middleware

app.use(tenantMiddleware({ resolver }));
API Reference
functiontenantMiddleware
tenantMiddleware(options: TenantMiddlewareOptions): ExpressMiddleware

Express middleware that resolves and sets the current tenant

app.use(tenantMiddleware({ resolver }));
functioncreateTenantPrismaClient
createTenantPrismaClient(prisma: PrismaClient): PrismaClient

Wraps Prisma client to auto-scope all queries to the current tenant

const scopedPrisma = createTenantPrismaClient(prisma);
Anti-Patterns
  • Do not bypass the Prisma middleware for cross-tenant queries without explicit opt-in
AI Verification Report
Passed
Overall96%
Security98%
Code Quality92%
Documentation95%
Dependencies100%
16 files analyzed3,300 lines read11.5sVerified 3/5/2026

Findings (5)

  • -Documentation claims 'Zero runtime dependencies' but package.json lists @prisma/client and react as peerDependencies. While optional, this should be clarified as 'zero required dependencies' or 'optional peer dependencies only'.
  • -Integration step 2 shows import of 'resolveBySubdomain' but the example uses it as a function parameter to createResolver, while the actual API expects strategy names like 'subdomain'. The example is slightly misleading.
  • -In resolver.ts, resolveBySubdomain() silently skips 'api' and 'app' subdomains as non-tenant subdomains, but this behavior is not documented and could be surprising in some contexts.
  • -In prisma-middleware.ts, the middleware silently skips scoping when no tenant context exists. This is intentional but could lead to silent data leaks if getCurrentTenantOrNull() is unexpectedly null. Consider adding a warning or stricter mode.
  • -In middleware/nextjs.ts, the extractPathname function uses try/catch to safely parse URLs, which is good, but the fallback to manual string splitting could be simplified or documented.

Suggestions (6)

  • -Clarify 'zero runtime dependencies' as 'zero required runtime dependencies' since @prisma/client and react are optional peerDependencies.
  • -Fix integration step 2 example: show createResolver(['subdomain'], { headerName: 'x-tenant-id' }) instead of resolveBySubdomain with lookup function.
  • -Document that resolveBySubdomain automatically skips 'www', 'api', and 'app' subdomains as these are treated as non-tenant prefixes.
  • +3 more suggestions
Loading version history...
Loading reviews...