Add a tenantId column to every entity as a discriminator. Create a REQUEST-scoped repository that reads tenantId from the incoming request and automatically scopes all queries to the current tenant. This prevents cross-tenant data leaks without requiring every service method to manually pass the tenant identifier.
Scope.REQUEST on the repository ensures a new instance per request with the correct tenantId.
Scope propagation — every service that injects this repository also becomes REQUEST-scoped.
Always include tenantId in WHERE clauses for both reads and writes — never trust client-provided tenantId.
Set tenantId from the authenticated JWT in middleware or a guard, not from the request body.
Consider PostgreSQL Row Level Security as an alternative for tenant isolation enforced at the database layer.