A transaction should result from a single session with a single tenant.  Currently, we don't perform any enforcement at the oplog entry level to prevent mixing tenantIds in a transaction.  Enforcing this would mean that the top-level tenantId in the oplog entry should also match the tenantIds in all operations in the applyOps array.  However, this is also used as a method of testing for tenantIds in transactions in unit tests, which will need to be modified to either detect this or accommodate this.