From 2ac52d3918a9fb9dbda7496007e277a1143d1109 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Fri, 10 Apr 2026 08:13:47 +0200
Subject: [PATCH] feat: tenant-scoped environment network names

Environment networks now include the tenant ID to prevent cross-tenant
collisions: cameleer-env-{tenantId}-{envSlug} instead of cameleer-env-
{envSlug}. Without this, two tenants with a "dev" environment would
share the same Docker network.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
---
 .../cameleer3/server/app/runtime/DeploymentExecutor.java   | 7 +++++--
 .../cameleer3/server/app/runtime/DockerNetworkManager.java | 5 +++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java
index a890d4a8..7208f3f0 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DeploymentExecutor.java
@@ -64,6 +64,9 @@ public class DeploymentExecutor {
     @Value("${cameleer.runtime.jar-storage-path:/data/jars}")
     private String jarStoragePath;
 
+    @Value("${cameleer.tenant.id:default}")
+    private String tenantId;
+
     public DeploymentExecutor(RuntimeOrchestrator orchestrator,
                               DeploymentService deploymentService,
                               AppService appService,
@@ -116,8 +119,8 @@ public class DeploymentExecutor {
                 // Traefik network for routing (apps need to be reachable by Traefik)
                 networkManager.ensureNetwork(DockerNetworkManager.TRAEFIK_NETWORK);
                 additionalNets.add(DockerNetworkManager.TRAEFIK_NETWORK);
-                // Per-environment network for intra-environment service discovery
-                envNet = DockerNetworkManager.envNetworkName(env.slug());
+                // Per-environment network scoped to tenant to prevent cross-tenant collisions
+                envNet = DockerNetworkManager.envNetworkName(tenantId, env.slug());
                 networkManager.ensureNetwork(envNet);
                 additionalNets.add(envNet);
             }
diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DockerNetworkManager.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DockerNetworkManager.java
index 40ae28d8..6647f63c 100644
--- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DockerNetworkManager.java
+++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/runtime/DockerNetworkManager.java
@@ -59,4 +59,9 @@ public class DockerNetworkManager {
     public static String envNetworkName(String envSlug) {
         return ENV_NETWORK_PREFIX + envSlug;
     }
+
+    /** Tenant-scoped environment network name to prevent cross-tenant collisions. */
+    public static String envNetworkName(String tenantId, String envSlug) {
+        return ENV_NETWORK_PREFIX + tenantId + "-" + envSlug;
+    }
 }