Conversation
…lti-tenant Two fixes to support multi-tenant (premium) mode: 1. Pipeline override: add set_pipeline_override() and get_active_pipeline() to router.py so the premium plugin can inject quota-check and usage-tracking steps into the agent pipeline. Previously, handle_inbound_message() always used DEFAULT_PIPELINE, bypassing all premium quota enforcement. 2. Singleton user reuse guard: in _get_or_create_user(), skip the "reuse sole existing user" path when settings.premium_plugin is set. Without this guard, the first new Telegram sender in a multi-tenant deployment would have their messages linked to an existing user's account (data leak). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Two fixes to support multi-tenant (premium) mode correctly:
Pipeline override hook: Adds
set_pipeline_override()andget_active_pipeline()torouter.pyso the premium plugin can inject quota-check and usage-tracking steps into the agent pipeline. Previously,handle_inbound_message()always usedDEFAULT_PIPELINE, which meant all premium quota enforcement was bypassed for every inbound message (Telegram and web chat).Singleton user reuse guard: In
_get_or_create_user(), skips the "reuse sole existing user" path whensettings.premium_pluginis set. Without this guard, in multi-tenant mode, the first new Telegram sender would have their messages linked to an existing user's account -- a data leak where User B's messages appear in User A's session.Type
Checklist
uv run pytest -v)ruff check backend/ && ruff format --check backend/)AI Usage
Architecture review and fix implementation by Claude Opus 4.6. Identified the two critical multi-tenant gaps by cross-referencing clawbolt OSS/premium with the porchsongs reference implementation.