pgvpd — transparent multi-tenancy for Drizzle via Postgres RLS

[solidcitizen]

pgvpd is a lightweight Postgres protocol-level proxy that injects tenant identity at connection time. Row-level security handles the rest — no middleware, no query rewriting, no .where(eq(tenantId, ctx.tenant)) on every query.

It works transparently with Drizzle. Here's what tenant-scoped queries look like:

import pg from "pg";
import { drizzle } from "drizzle-orm/node-postgres";
import { tenants } from "./schema.js";

// Connect as tenant_a through pgvpd
const client = new pg.Client({
  host: "localhost",
  port: 6432,              // pgvpd
  user: "app_user.tenant_a", // tenant encoded in username
  password: "password",
  database: "mydb",
});
await client.connect();
const db = drizzle(client);

// This only returns tenant_a rows — RLS enforced at the database level
const rows = await db.select().from(tenants);

// Transactions, inserts, joins — all tenant-scoped automatically
await db.transaction(async (tx) => {
  await tx.insert(tenants).values({ tenantId: "tenant_a", name: "Acme" });
});

We have a full Drizzle integration test suite covering SELECT isolation, cross-tenant blocking, INSERT scoping, RLS WITH CHECK enforcement, transactions, and superuser bypass — in both passthrough and connection-pool modes.

Repo: https://github.com/solidcitizen/pgvpd