loki-mode 7.47.0 → 7.49.0

package/dashboard/api_v2.py

@@ -20,6 +20,7 @@ from typing import Any, Optional
 from fastapi import APIRouter, Depends, HTTPException, Query, Request
 from fastapi.responses import StreamingResponse
 from pydantic import BaseModel, Field
+from sqlalchemy import select
 from sqlalchemy.ext.asyncio import AsyncSession
 
 from . import auth
@@ -28,6 +29,7 @@ from . import api_keys
 from . import tenants as tenants_mod
 from . import runs as runs_mod
 from .database import get_db
+from .models import Project, Run
 
 
 # ---------------------------------------------------------------------------
@@ -120,6 +122,178 @@ def _audit_context(request: Request, token_info: Optional[dict] = None) -> dict:
     }
 
 
+# ---------------------------------------------------------------------------
+# Tenant isolation (P3-7)
+# ---------------------------------------------------------------------------
+#
+# The audit (backlog P3-7) flagged that API-level cross-tenant access was NOT
+# enforced: any authenticated caller with the `read` scope could list every
+# tenant and read any tenant's projects, regardless of which tenant they
+# belong to. A caller authenticated for tenant A could read tenant B's data.
+#
+# The caller's tenant MUST come from the trusted, server-validated token --
+# never from a client-supplied request header, which the caller could simply
+# set to a victim tenant's id and bypass the boundary entirely. The auth layer
+# (dashboard/auth.py) has no dedicated tenant field, but a validated token's
+# `scopes` list IS trusted: it is returned by validate_token() (from the
+# server-side token store) and by validate_oidc_token() (from
+# cryptographically/issuer-validated claims). We therefore bind a token to a
+# tenant via a `tenant:<id>` scope, parsed out of token_info["scopes"]. To
+# scope a token to tenant 5, mint it with that scope in its scope list, e.g.
+# via the API-key endpoint or auth.generate_token:
+#
+#     POST /api/v2/api-keys  {"name": "...", "scopes": ["read", "tenant:5"]}
+#     auth.generate_token(name="...", scopes=["read", "tenant:5"])
+#
+# A token's scopes decide crossing rights:
+#
+#   * A global admin (scope `*`, i.e. the admin role) may cross any tenant.
+#   * A non-admin token is pinned to the tenant in its `tenant:<id>` scope;
+#     a request that targets a different tenant is denied with 403.
+#   * When auth is disabled (no enterprise token auth and no OIDC) there is no
+#     caller identity to isolate -- this is single-user local mode -- so access
+#     is not restricted.
+#
+# This boundary is deliberately fail-closed for authenticated non-admin
+# callers: a token with no `tenant:<id>` scope cannot reach ANY tenant-scoped
+# resource (every cross-tenant check fails), so an un-scoped token is not
+# silently granted access to a tenant it was never bound to.
+
+TENANT_SCOPE_PREFIX = "tenant:"
+
+
+class TenantContext:
+    """Resolved tenant boundary for the current caller.
+
+    Attributes:
+        tenant_id: The tenant the caller's token is bound to (parsed from its
+            trusted `tenant:<id>` scope), or None if the token carries no
+            tenant scope.
+        is_global_admin: True if the caller holds admin scope and may
+            legitimately cross tenant boundaries.
+        auth_enabled: True if any auth method (token or OIDC) is active.
+    """
+
+    __slots__ = ("tenant_id", "is_global_admin", "auth_enabled")
+
+    def __init__(
+        self,
+        tenant_id: Optional[int],
+        is_global_admin: bool,
+        auth_enabled: bool,
+    ) -> None:
+        self.tenant_id = tenant_id
+        self.is_global_admin = is_global_admin
+        self.auth_enabled = auth_enabled
+
+    def enforce(self, target_tenant_id: int) -> None:
+        """Raise 403 if the caller may not access the given tenant's resources.
+
+        A global admin may access any tenant. When auth is disabled there is
+        no caller to isolate, so access is allowed. Otherwise the caller's
+        token-bound tenant must exactly match the target tenant.
+        """
+        if self.is_global_admin or not self.auth_enabled:
+            return
+        if self.tenant_id is None or self.tenant_id != target_tenant_id:
+            raise HTTPException(
+                status_code=403,
+                detail="Cross-tenant access denied",
+            )
+
+
+def _tenant_id_from_token(token_info: Optional[dict]) -> Optional[int]:
+    """Extract the caller's tenant id from a validated token's scopes.
+
+    Looks for a single `tenant:<id>` scope in the (trusted) token scope list.
+    Returns None if the token carries no such scope. If the token carries
+    conflicting tenant scopes (more than one distinct tenant), access is
+    denied (403) rather than silently picking one.
+    """
+    if not token_info:
+        return None
+    found: set[int] = set()
+    for scope in token_info.get("scopes", []):
+        if isinstance(scope, str) and scope.startswith(TENANT_SCOPE_PREFIX):
+            raw = scope[len(TENANT_SCOPE_PREFIX):].strip()
+            try:
+                found.add(int(raw))
+            except (TypeError, ValueError):
+                # Malformed tenant scope -- ignore it (does not grant access).
+                continue
+    if not found:
+        return None
+    if len(found) > 1:
+        raise HTTPException(
+            status_code=403,
+            detail="Token carries conflicting tenant scopes",
+        )
+    return next(iter(found))
+
+
+def resolve_tenant_context(
+    token_info: Optional[dict] = Depends(auth.get_current_token),
+) -> TenantContext:
+    """FastAPI dependency that resolves the caller's tenant boundary.
+
+    The caller's tenant is derived solely from the trusted, server-validated
+    token (its `tenant:<id>` scope); whether the caller is a global admin (and
+    may cross tenants) is read from the same token's scopes. No client-supplied
+    header is consulted, so a caller cannot impersonate another tenant.
+    """
+    auth_enabled = auth.is_enterprise_mode() or auth.is_oidc_mode()
+    is_global_admin = bool(token_info) and auth.has_scope(token_info, "admin")
+    tenant_id = _tenant_id_from_token(token_info)
+    return TenantContext(
+        tenant_id=tenant_id,
+        is_global_admin=is_global_admin,
+        auth_enabled=auth_enabled,
+    )
+
+
+async def _enforce_project_tenant(
+    db: AsyncSession, tenant_ctx: TenantContext, project_id: int
+) -> None:
+    """Enforce the tenant boundary for a project referenced by id.
+
+    Loads the project's tenant_id and applies tenant_ctx.enforce. A missing
+    project yields 404 (so existence is not leaked across tenants any more
+    than the boundary already allows). For a global admin / auth-disabled
+    caller this is a cheap pass-through that does not need the lookup.
+    """
+    if tenant_ctx.is_global_admin or not tenant_ctx.auth_enabled:
+        return
+    result = await db.execute(
+        select(Project.tenant_id).where(Project.id == project_id)
+    )
+    owner_tenant_id = result.scalar_one_or_none()
+    if owner_tenant_id is None:
+        raise HTTPException(status_code=404, detail="Project not found")
+    tenant_ctx.enforce(owner_tenant_id)
+
+
+async def _enforce_run_tenant(
+    db: AsyncSession, tenant_ctx: TenantContext, run_id: int
+) -> None:
+    """Enforce the tenant boundary for a run referenced by id.
+
+    A run belongs to a project, which belongs to a tenant. We resolve the
+    run -> project -> tenant chain and apply the boundary. A missing run
+    yields 404.
+    """
+    if tenant_ctx.is_global_admin or not tenant_ctx.auth_enabled:
+        return
+    result = await db.execute(
+        select(Project.tenant_id)
+        .join(Run, Run.project_id == Project.id)
+        .where(Run.id == run_id)
+    )
+    owner_tenant_id = result.scalar_one_or_none()
+    if owner_tenant_id is None:
+        raise HTTPException(status_code=404, detail="Run not found")
+    tenant_ctx.enforce(owner_tenant_id)
+
+
 # ===========================================================================
 # TENANT ENDPOINTS
 # ===========================================================================
@@ -149,18 +323,33 @@ async def create_tenant(
 @router.get("/tenants", dependencies=[Depends(auth.require_scope("read"))])
 async def list_tenants(
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
-    """List all tenants."""
+    """List tenants visible to the caller.
+
+    A global admin sees every tenant. A tenant-scoped caller sees only their
+    own tenant (and an empty list if the token carries no `tenant:<id>`
+    scope). When auth is disabled, all tenants are returned (single-user
+    local mode).
+    """
     items = await tenants_mod.list_tenants(db)
-    return [tenants_mod._tenant_to_response(t) for t in items]
+    if tenant_ctx.is_global_admin or not tenant_ctx.auth_enabled:
+        return [tenants_mod._tenant_to_response(t) for t in items]
+    return [
+        tenants_mod._tenant_to_response(t)
+        for t in items
+        if t.id == tenant_ctx.tenant_id
+    ]
 
 
 @router.get("/tenants/{tenant_id}", dependencies=[Depends(auth.require_scope("read"))])
 async def get_tenant(
     tenant_id: int,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
-    """Get a tenant by ID."""
+    """Get a tenant by ID, scoped to the caller's tenant boundary."""
+    tenant_ctx.enforce(tenant_id)
     tenant = await tenants_mod.get_tenant(db, tenant_id)
     if tenant is None:
         raise HTTPException(status_code=404, detail="Tenant not found")
@@ -175,8 +364,10 @@ async def update_tenant(
     db: AsyncSession = Depends(get_db),
     _auth: None = Depends(auth.require_scope("control")),
     token_info: Optional[dict] = Depends(auth.get_current_token),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
     """Update an existing tenant."""
+    tenant_ctx.enforce(tenant_id)
     tenant = await tenants_mod.update_tenant(
         db, tenant_id,
         name=body.name, description=body.description, settings=body.settings,
@@ -199,8 +390,10 @@ async def delete_tenant(
     db: AsyncSession = Depends(get_db),
     _auth: None = Depends(auth.require_scope("control")),
     token_info: Optional[dict] = Depends(auth.get_current_token),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
     """Delete a tenant."""
+    tenant_ctx.enforce(tenant_id)
     deleted = await tenants_mod.delete_tenant(db, tenant_id)
     if not deleted:
         raise HTTPException(status_code=404, detail="Tenant not found")
@@ -216,8 +409,10 @@ async def delete_tenant(
 async def get_tenant_projects(
     tenant_id: int,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
-    """List all projects for a tenant."""
+    """List all projects for a tenant, scoped to the caller's tenant boundary."""
+    tenant_ctx.enforce(tenant_id)
     tenant = await tenants_mod.get_tenant(db, tenant_id)
     if tenant is None:
         raise HTTPException(status_code=404, detail="Tenant not found")
@@ -248,8 +443,10 @@ async def create_run(
     db: AsyncSession = Depends(get_db),
     _auth: None = Depends(auth.require_scope("control")),
     token_info: Optional[dict] = Depends(auth.get_current_token),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
-    """Create a new run."""
+    """Create a new run, scoped to the caller's tenant boundary."""
+    await _enforce_project_tenant(db, tenant_ctx, body.project_id)
     run_resp = await runs_mod.create_run(
         db, project_id=body.project_id, trigger=body.trigger, config=body.config,
     )
@@ -268,19 +465,62 @@ async def list_runs(
     limit: int = Query(50, ge=1, le=1000),
     offset: int = Query(0, ge=0),
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
-    """List runs with optional filters."""
-    return await runs_mod.list_runs(
-        db, project_id=project_id, status=status, limit=limit, offset=offset,
+    """List runs with optional filters, scoped to the caller's tenant.
+
+    A global admin / auth-disabled caller sees all runs. A tenant-scoped
+    caller only ever sees runs whose project belongs to their tenant: an
+    explicit project_id is enforced against the boundary, and an unscoped
+    listing is narrowed to the caller's own projects.
+    """
+    if tenant_ctx.is_global_admin or not tenant_ctx.auth_enabled:
+        return await runs_mod.list_runs(
+            db, project_id=project_id, status=status, limit=limit, offset=offset,
+        )
+
+    if project_id is not None:
+        # Targeting a specific project: enforce it belongs to the caller.
+        await _enforce_project_tenant(db, tenant_ctx, project_id)
+        return await runs_mod.list_runs(
+            db, project_id=project_id, status=status, limit=limit, offset=offset,
+        )
+
+    # No project filter: restrict to the caller's own projects. A caller with
+    # no tenant binding sees nothing (fail-closed).
+    if tenant_ctx.tenant_id is None:
+        return []
+    proj_result = await db.execute(
+        select(Project.id).where(Project.tenant_id == tenant_ctx.tenant_id)
     )
+    owned_project_ids = [row[0] for row in proj_result]
+    if not owned_project_ids:
+        return []
+    # Collect this tenant's runs across all its projects, then apply the
+    # caller's limit/offset ONCE over the globally-sorted result so pagination
+    # is correct (not per-project). We over-fetch up to limit+offset per
+    # project to guarantee the merged top window is complete, then sort by
+    # created_at desc and slice. Isolation is unconditional regardless.
+    fetch_cap = limit + offset
+    collected: list = []
+    for pid in owned_project_ids:
+        collected.extend(
+            await runs_mod.list_runs(
+                db, project_id=pid, status=status, limit=fetch_cap, offset=0,
+            )
+        )
+    collected.sort(key=lambda r: r.created_at, reverse=True)
+    return collected[offset:offset + limit]
 
 
 @router.get("/runs/{run_id}", dependencies=[Depends(auth.require_scope("read"))])
 async def get_run(
     run_id: int,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
-    """Get run details by ID."""
+    """Get run details by ID, scoped to the caller's tenant boundary."""
+    await _enforce_run_tenant(db, tenant_ctx, run_id)
     run_resp = await runs_mod.get_run(db, run_id)
     if run_resp is None:
         raise HTTPException(status_code=404, detail="Run not found")
@@ -294,8 +534,10 @@ async def cancel_run(
     db: AsyncSession = Depends(get_db),
     _auth: None = Depends(auth.require_scope("control")),
     token_info: Optional[dict] = Depends(auth.get_current_token),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
-    """Cancel a running run."""
+    """Cancel a running run, scoped to the caller's tenant boundary."""
+    await _enforce_run_tenant(db, tenant_ctx, run_id)
     run_resp = await runs_mod.cancel_run(db, run_id)
     if run_resp is None:
         raise HTTPException(status_code=404, detail="Run not found")
@@ -313,8 +555,10 @@ async def replay_run(
     db: AsyncSession = Depends(get_db),
     _auth: None = Depends(auth.require_scope("control")),
     token_info: Optional[dict] = Depends(auth.get_current_token),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
-    """Replay a run."""
+    """Replay a run, scoped to the caller's tenant boundary."""
+    await _enforce_run_tenant(db, tenant_ctx, run_id)
     run_resp = await runs_mod.replay_run(db, run_id)
     if run_resp is None:
         raise HTTPException(status_code=404, detail="Run not found")
@@ -329,8 +573,10 @@ async def replay_run(
 async def get_run_timeline(
     run_id: int,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ):
-    """Get the timeline of events for a run."""
+    """Get the timeline of events for a run, scoped to the caller's tenant."""
+    await _enforce_run_tenant(db, tenant_ctx, run_id)
     timeline = await runs_mod.get_run_timeline(db, run_id)
     if timeline is None:
         return {"run_id": run_id, "phases": [], "current_phase": None, "events": []}

package/dashboard/server.py

@@ -55,6 +55,11 @@ from . import app_secrets as secrets_mod
 from . import telemetry as _telemetry
 from .control import atomic_write_json, find_skill_dir, is_process_running
 from .activity_logger import get_activity_logger
+from .api_v2 import (
+    TenantContext,
+    _enforce_project_tenant,
+    resolve_tenant_context,
+)
 
 try:
     from . import __version__ as _version
@@ -267,6 +272,7 @@ class ProjectResponse(BaseModel):
     description: Optional[str]
     prd_path: Optional[str]
     status: str
+    tenant_id: int
     created_at: datetime
     updated_at: datetime
     task_count: int = 0
@@ -1255,14 +1261,25 @@ async def list_projects(
     limit: int = Query(default=50, ge=1, le=500),
     offset: int = Query(default=0, ge=0),
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ) -> list[ProjectResponse]:
-    """List projects with pagination. Does not eager-load tasks for efficiency."""
+    """List projects with pagination. Does not eager-load tasks for efficiency.
+
+    Tenant isolation (P3-7): a non-admin authenticated caller only sees
+    projects belonging to their declared tenant (X-Loki-Tenant-ID). A global
+    admin and single-user local mode (auth disabled) see all projects.
+    """
     try:
         from sqlalchemy import func as sa_func
 
         query = select(Project)
         if status:
             query = query.where(Project.status == status)
+        if not tenant_ctx.is_global_admin and tenant_ctx.auth_enabled:
+            # Pin to the caller's tenant. A None tenant_id yields no matches,
+            # which is the correct fail-closed behaviour for a scoped caller
+            # that did not declare a tenant.
+            query = query.where(Project.tenant_id == tenant_ctx.tenant_id)
         query = query.order_by(Project.created_at.desc()).offset(offset).limit(limit)
 
         result = await db.execute(query)
@@ -1295,6 +1312,7 @@ async def list_projects(
                     description=project.description,
                     prd_path=project.prd_path,
                     status=project.status,
+                    tenant_id=project.tenant_id,
                     created_at=project.created_at,
                     updated_at=project.updated_at,
                     task_count=total,
@@ -1311,8 +1329,14 @@ async def list_projects(
 async def create_project(
     project: ProjectCreate,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ) -> ProjectResponse:
-    """Create a new project."""
+    """Create a new project.
+
+    Tenant isolation (P3-7): a non-admin caller may only create projects in
+    their own declared tenant; targeting another tenant returns 403.
+    """
+    tenant_ctx.enforce(project.tenant_id)
     # Validate tenant exists
     tenant_result = await db.execute(
         select(Tenant).where(Tenant.id == project.tenant_id)
@@ -1342,6 +1366,7 @@ async def create_project(
         description=db_project.description,
         prd_path=db_project.prd_path,
         status=db_project.status,
+        tenant_id=db_project.tenant_id,
         created_at=db_project.created_at,
         updated_at=db_project.updated_at,
         task_count=0,
@@ -1353,8 +1378,9 @@ async def create_project(
 async def get_project(
     project_id: int,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ) -> ProjectResponse:
-    """Get a project by ID."""
+    """Get a project by ID, scoped to the caller's tenant boundary."""
     result = await db.execute(
         select(Project)
         .options(selectinload(Project.tasks))
@@ -1365,6 +1391,8 @@ async def get_project(
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
 
+    tenant_ctx.enforce(project.tenant_id)
+
     task_count = len(project.tasks)
     completed_count = len([t for t in project.tasks if t.status == TaskStatus.DONE])
 
@@ -1374,6 +1402,7 @@ async def get_project(
         description=project.description,
         prd_path=project.prd_path,
         status=project.status,
+        tenant_id=project.tenant_id,
         created_at=project.created_at,
         updated_at=project.updated_at,
         task_count=task_count,
@@ -1386,8 +1415,9 @@ async def update_project(
     project_id: int,
     project_update: ProjectUpdate,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ) -> ProjectResponse:
-    """Update a project."""
+    """Update a project, scoped to the caller's tenant boundary."""
     result = await db.execute(
         select(Project)
         .options(selectinload(Project.tasks))
@@ -1398,6 +1428,8 @@ async def update_project(
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
 
+    tenant_ctx.enforce(project.tenant_id)
+
     update_data = project_update.model_dump(exclude_unset=True)
     for field, value in update_data.items():
         setattr(project, field, value)
@@ -1420,6 +1452,7 @@ async def update_project(
         description=project.description,
         prd_path=project.prd_path,
         status=project.status,
+        tenant_id=project.tenant_id,
         created_at=project.created_at,
         updated_at=project.updated_at,
         task_count=task_count,
@@ -1432,8 +1465,9 @@ async def delete_project(
     project_id: int,
     request: Request,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ) -> None:
-    """Delete a project."""
+    """Delete a project, scoped to the caller's tenant boundary."""
     result = await db.execute(
         select(Project).where(Project.id == project_id)
     )
@@ -1442,6 +1476,8 @@ async def delete_project(
     if not project:
         raise HTTPException(status_code=404, detail="Project not found")
 
+    tenant_ctx.enforce(project.tenant_id)
+
     audit.log_event(
         action="delete",
         resource_type="project",
@@ -1702,8 +1738,11 @@ async def list_tasks(
 async def create_task(
     task: TaskCreate,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ) -> TaskResponse:
-    """Create a new task."""
+    """Create a new task, scoped to the caller's tenant boundary."""
+    # Enforce the tenant boundary on the target project (also 404s if missing).
+    await _enforce_project_tenant(db, tenant_ctx, task.project_id)
     # Verify project exists
     result = await db.execute(
         select(Project).where(Project.id == task.project_id)
@@ -1777,8 +1816,9 @@ async def create_task(
 async def get_task(
     task_id: int,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ) -> TaskResponse:
-    """Get a task by ID."""
+    """Get a task by ID, scoped to the caller's tenant boundary."""
     result = await db.execute(
         select(Task).where(Task.id == task_id)
     )
@@ -1787,6 +1827,8 @@ async def get_task(
     if not task:
         raise HTTPException(status_code=404, detail="Task not found")
 
+    await _enforce_project_tenant(db, tenant_ctx, task.project_id)
+
     return _task_response_from_db(task)
 
 
@@ -1795,8 +1837,9 @@ async def update_task(
     task_id: int,
     task_update: TaskUpdate,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ) -> TaskResponse:
-    """Update a task."""
+    """Update a task, scoped to the caller's tenant boundary."""
     result = await db.execute(
         select(Task).where(Task.id == task_id)
     )
@@ -1805,6 +1848,8 @@ async def update_task(
     if not task:
         raise HTTPException(status_code=404, detail="Task not found")
 
+    await _enforce_project_tenant(db, tenant_ctx, task.project_id)
+
     update_data = task_update.model_dump(exclude_unset=True)
 
     # Handle status change to/from completed
@@ -1844,8 +1889,9 @@ async def delete_task(
     task_id: int,
     request: Request,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ) -> None:
-    """Delete a task."""
+    """Delete a task, scoped to the caller's tenant boundary."""
     result = await db.execute(
         select(Task).where(Task.id == task_id)
     )
@@ -1854,6 +1900,8 @@ async def delete_task(
     if not task:
         raise HTTPException(status_code=404, detail="Task not found")
 
+    await _enforce_project_tenant(db, tenant_ctx, task.project_id)
+
     project_id = task.project_id
 
     audit.log_event(
@@ -1888,8 +1936,12 @@ async def move_task(
     task_id: int,
     move: TaskMove,
     db: AsyncSession = Depends(get_db),
+    tenant_ctx: TenantContext = Depends(resolve_tenant_context),
 ) -> TaskResponse:
-    """Move a task to a new status/position (for Kanban drag-and-drop)."""
+    """Move a task to a new status/position (for Kanban drag-and-drop).
+
+    Scoped to the caller's tenant boundary.
+    """
     result = await db.execute(
         select(Task).where(Task.id == task_id)
     )
@@ -1898,6 +1950,8 @@ async def move_task(
     if not task:
         raise HTTPException(status_code=404, detail="Task not found")
 
+    await _enforce_project_tenant(db, tenant_ctx, task.project_id)
+
     old_status = task.status
 
     # Validate status transition

package/dashboard/telemetry.py

@@ -1,6 +1,13 @@
 """Anonymous usage telemetry for Loki Mode dashboard.
 
-Opt-out: LOKI_TELEMETRY_DISABLED=true or DO_NOT_TRACK=1
+Collection is OPT-IN and OFF by default. Nothing is sent unless the user
+explicitly opts in, so a default install (including air-gapped, GDPR, and
+FedRAMP deployments) never phones home.
+
+Opt-in (one required): LOKI_TELEMETRY=on  OR  ~/.loki/config: TELEMETRY_ENABLED=true
+Opt-out (always wins): LOKI_TELEMETRY=off / LOKI_TELEMETRY_DISABLED=true /
+                       DO_NOT_TRACK=1 / ~/.loki/config: TELEMETRY_DISABLED=true
+
 All calls are fire-and-forget, silent on failure, non-blocking.
 """
 
@@ -19,10 +26,20 @@ _POSTHOG_KEY = "phc_ya0vGBru41AJWtGNfZZ8H9W4yjoZy4KON0nnayS7s87"
 
 
 def _is_enabled():
-    # Unified opt-out: these checks must mirror loki_collection_enabled in
-    # autonomy/crash.sh so one switch gates BOTH PostHog usage telemetry and
-    # crash reporting.
-    if os.environ.get("LOKI_TELEMETRY", "").lower() == "off":
+    # Unified OPT-IN gate. Collection is OFF by default; enabled ONLY when the
+    # user has opted in AND has not also opted out. This precedence MUST mirror
+    # loki_collection_enabled in autonomy/crash.sh and _loki_telemetry_enabled
+    # in autonomy/telemetry.sh so one model gates BOTH PostHog usage telemetry
+    # and crash reporting.
+    #
+    # Precedence:
+    #   1. Any opt-out flag present  -> False (hard kill, always wins)
+    #   2. Else any opt-in flag present -> True
+    #   3. Else (default)            -> False (no egress)
+    telem = os.environ.get("LOKI_TELEMETRY", "").lower()
+
+    # --- 1. Opt-out always wins ---
+    if telem == "off":
         return False
     if os.environ.get("LOKI_TELEMETRY_DISABLED") == "true":
         return False
@@ -30,15 +47,26 @@ def _is_enabled():
         return False
     # Persistent opt-out in ~/.loki/config (matches the bash grep prefix
     # semantics: any line beginning with TELEMETRY_DISABLED=true).
+    config_enabled = False
     try:
         config_path = Path.home() / ".loki" / "config"
         if config_path.is_file():
             for line in config_path.read_text().splitlines():
                 if line.startswith("TELEMETRY_DISABLED=true"):
                     return False
+                if line.startswith("TELEMETRY_ENABLED=true"):
+                    config_enabled = True
     except Exception:
         pass
-    return True
+
+    # --- 2. Opt-in required to enable ---
+    if telem == "on":
+        return True
+    if config_enabled:
+        return True
+
+    # --- 3. Default: OFF ---
+    return False
 
 
 def _get_distinct_id():