Skip to content

Dashboard initDb() ignores AUGMENTAGENT_DB — multi-tenant data leaks into the production DB #360

Description

@nolanmak

Severity: Medium — breaks the multi-tenant isolation invariant documented in docs/MULTI-TENANT.md. Found during a docs-accuracy audit (2026-06-24).

Problem

docs/MULTI-TENANT.md (Google-Drive step) instructs operators to run the dashboard with AUGMENTAGENT_DB=<tenant>.db so a tenant's data lands in a separate DB. But the Node dashboard never reads AUGMENTAGENT_DBinitDb() is called with no argument, so it always opens the default data.db. Result: tenant drive_accounts (and anything else the dashboard persists) are written into the production DB, silently violating the doc's "zero shared state" invariant.

Locations

  • src/db.ts:15export function initDb(dbPath?: string) already accepts an optional path…
  • src/dashboard-server.ts:14 — …but calls initDb() with no argument
  • src/index.ts:123 — same

Fix (one of)

  • Pass the env var at both call sites: initDb(process.env.AUGMENTAGENT_DB) (default inside initDb already falls back to data.db).
  • Or, if dashboard multi-tenant DB isolation isn't intended to be supported, remove/redflag the misleading step in docs/MULTI-TENANT.md.

Acceptance

Launching the dashboard with AUGMENTAGENT_DB=foo.db writes to foo.db, not data.db.


Filed from a docs-accuracy audit, 2026-06-24.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:dashboardWeb dashboard / JSON APIbugSomething isn't workingself-auditFiled by the self-audit loop or by manual audit workseverity:mediumMedium security severity

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions