Adapters overview
Adapters enforce tenant isolation inside the ORM you already use.
An adapter is the piece that keeps tenants apart inside your ORM. You give it your manager and
your ORM client, declare which models/tables are tenant-scoped, and it makes sure every query inside a
tenant scope is filtered to that tenant - and that queries outside a scope fail closed.
Install only the adapter for the ORM you use, then check its page for setup and which strategies it supports.
To stay fail-closed, the scoped facade rejects what it can't safely scope - raw queries, nested
reads/writes, native handles, and complex criteria - wherever the facade is the only guard
(Lucid is the one exception: it supports nested reads). Where the database enforces isolation, those
restrictions lift: Knex database-per-tenant gives you full query freedom via
unrestricted(). Read
Limitations before you build.
| Adapter | Package | Row-level | Schema-per-tenant | Database-per-tenant |
|---|---|---|---|---|
| Prisma | tenancyjs-adapter-prisma | ✅ | ✅ ¹ | ✅ |
| Knex | tenancyjs-adapter-knex | ✅ | ✅ | ✅ |
| Lucid | tenancyjs-adapter-lucid | ✅ | ✅ | ✅ |
| TypeORM | tenancyjs-adapter-typeorm | ✅ | ✅ | ✅ |
| Sequelize | tenancyjs-adapter-sequelize | ✅ | ✅ | ✅ |
| Drizzle | tenancyjs-adapter-drizzle | ✅ | ✅ | ✅ |
| Mongoose | tenancyjs-adapter-mongoose | ✅ ² | - | ✅ ³ |
¹ PostgreSQL only, using a schema-bound Prisma driver client rather than search_path.
² Facade-only row-level isolation. ³ Database routing becomes MongoDB-authorized only with database-restricted credentials. See the Mongoose page. Full details on the capability matrix.
Defense in depth
PostgreSQL row-level adapters use a whitelist facade plus forced RLS. TypeORM, Sequelize, Drizzle,
and Prisma also support MySQL row-level through an explicitly weaker adapter-only facade. Schema routing uses
transaction-local search_path (or Prisma's driver schema option), and database routing uses separate
cache-leased resources. Schema/database routing is server-authorized only when tenant roles or
credentials cannot access sibling placements.