Context A SaaS platform serves multiple organizations from a single database. Data isolation between tenants must be enforced at the application and database levels. The Problem Tenant isolation is currently implemented only in application code. A bug in any middleware layer could leak data across tenants. Constraints Implement row-level security in PostgreSQL using tenant_id policies. Inject the tenant context from the JWT into the database session using SET LOCAL. Build a middleware that extracts the tenant from the token and sets the session variable. Write tests proving cross-tenant data access is impossible. Expected Deliverable A Node.js multi-tenant API enforcing data isolation at the database level via PostgreSQL row-level security, with tenant context injected from JWT claims.