You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
AMS's telemetry/export code (portfolio-dashboard.ts, orb-export.ts, miner-prediction metrics) was built for a single-operator, single-machine context, with no assumption that its output might ever be visible to, or aggregated across, more than one tenant. ORB's own #4893 tracks an equivalent privacy pass on its fleet-analytics ingestion; AMS has no tracked counterpart, so it's currently unknown which fields would leak cross-tenant information if AMS were hosted as-is.
Area
AMS / Multi-tenancy audit
Proposal
Review every telemetry/export/metrics surface AMS currently emits and document which fields would need redaction, aggregation, or per-tenant partitioning before being safe to expose in a multi-tenant hosted context — mirroring the scope and rigor of ORB's #4893 privacy pass so the two audits produce comparably-structured findings.
Deliverables
A findings document listing each telemetry/export surface and its current field-level contents
Flagged fields that would leak cross-tenant information if unmodified in a hosted context, with a note on the remediation category (redact / aggregate / partition per-tenant) for each
Audit and documentation only — this issue must NOT implement any redaction, aggregation, or partitioning; that is a separate follow-up issue per surface.
Any follow-up redaction/partitioning fix that touches how tenant data is exposed must NOT be assumed contributor-eligible by default — since it's a tenancy-boundary control, it should get the same maintainer-review bar ORB's Cross-tenant data-isolation audit #4797 cross-tenant data-isolation audit follow-ups received before merge.
This issue must NOT decide the final redaction scheme itself — only enumerate what exists and flag the risk.
Problem
AMS's telemetry/export code (
portfolio-dashboard.ts,orb-export.ts, miner-prediction metrics) was built for a single-operator, single-machine context, with no assumption that its output might ever be visible to, or aggregated across, more than one tenant. ORB's own #4893 tracks an equivalent privacy pass on its fleet-analytics ingestion; AMS has no tracked counterpart, so it's currently unknown which fields would leak cross-tenant information if AMS were hosted as-is.Area
AMS / Multi-tenancy audit
Proposal
Review every telemetry/export/metrics surface AMS currently emits and document which fields would need redaction, aggregation, or per-tenant partitioning before being safe to expose in a multi-tenant hosted context — mirroring the scope and rigor of ORB's #4893 privacy pass so the two audits produce comparably-structured findings.
Deliverables
Resources
portfolio-dashboard.ts,orb-export.ts, miner-prediction metrics modulesBoundaries