xTenant
xTenant neon arc background
xTenant

Stop cross-tenant data leaks before they ship

Runtime-true guardrails for B2B SaaS. xTenant watches the SQL your app actually executes, verifies tenant predicates at the AST level, tracks context across web → workers → caches, and turns precise findings into PR comments, CI checks, and compliance-grade evidence.

Start free with the Django agentSee a live PR reviewRead the full spec

Why teams choose xTenant

Union-PR simulator

Catches unsafe combinations that only break isolation when multiple PRs merge. Fail CI only when your Shield Score says it’s safe to do so.

Auto-patches on PRs

Not just red flags—one-click diffs to add the missing tenant predicate or propagate context.

Polyglot coverage

Optional Postgres wire proxy (audit-only) while native agents roll out.

Noise discipline

AST engine + clustering + baselines with <1% FP target and Shield Score gating keep trust high.

What xTenant is

  • A Django agent that captures executed SQL + context, parses SQL AST, detects tenant-unsafe statements, and emits signed events.
  • A control plane for ingest, dedupe, clustering, dashboards, PR bot, and evidence packs.

What it isn’t

  • A forked ORM, generic SAST/DAST, or a replacement for DB-level RLS.
  • We can verify and even help you generate RLS policies.

How it works (15-minute onboarding)

  1. Install the Django agent and enable the middleware.
  2. Shadow week: observe signals and calibrate allowlists/baselines.
  3. Turn on the PR bot: start with comments; enable fail-on-violation once Shield ≥ threshold.
  4. Polyglot estates: deploy the PG proxy (audit-only) for Node/Ruby/ETL services.
pip install xtenant-agent # settings.py MIDDLEWARE += ["xtenant.middleware.AuditMiddleware"] TENANT_FIELD = "tenant_id" XTENANT_DSN = "xtnt://ingest.eu/org=acme/app=core" XTENANT_SECRET = "set-this-in-env"

Built for privacy & compliance

Strict GDPR Mode (default): fingerprints only, SQL shape (no literals), tenant pseudonyms via per-org HMAC, EU-resident storage, short retention. One-click Evidence Packs for SOC2/ISO; CSV/JSON exports; DSAR/Erasure by pseudonym.

Install the Django agentView KPIs