@cerefox/memory 0.7.2 → 0.8.1

package/dist/server-assets/db/migrations/0006_usage_log.sql

@@ -0,0 +1,255 @@
+-- Migration 0006: Usage tracking + config table (Iteration 16C)
+--
+-- New tables:
+--   cerefox_config       -- key-value config (e.g., usage_tracking_enabled)
+--   cerefox_usage_log    -- read operation log for analytics
+--
+-- New RPCs:
+--   cerefox_get_config, cerefox_set_config
+--   cerefox_log_usage
+--   cerefox_list_usage_log
+--   cerefox_usage_summary
+
+-- ── 1. Config table ──────────────────────────────────────────────────────────
+
+CREATE TABLE IF NOT EXISTS cerefox_config (
+    key   TEXT PRIMARY KEY,
+    value TEXT NOT NULL
+);
+
+-- RLS: deny direct access; all access goes through SECURITY DEFINER RPCs
+ALTER TABLE cerefox_config ENABLE ROW LEVEL SECURITY;
+
+-- Seed default config
+INSERT INTO cerefox_config (key, value)
+VALUES ('usage_tracking_enabled', 'false')
+ON CONFLICT (key) DO NOTHING;
+
+-- ── 2. Usage log table ───────────────────────────────────────────────────────
+
+CREATE TABLE IF NOT EXISTS cerefox_usage_log (
+    id           UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    logged_at    TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+    operation    TEXT NOT NULL,
+    access_path  TEXT NOT NULL,
+    reader       TEXT,
+    document_id  UUID REFERENCES cerefox_documents(id) ON DELETE SET NULL,
+    project_id   UUID REFERENCES cerefox_projects(id) ON DELETE SET NULL,
+    query_text   TEXT,
+    result_count INT,
+    extra        JSONB DEFAULT '{}'::JSONB
+);
+
+-- RLS: deny direct access
+ALTER TABLE cerefox_usage_log ENABLE ROW LEVEL SECURITY;
+
+-- Indexes
+CREATE INDEX IF NOT EXISTS idx_usage_log_logged_at
+    ON cerefox_usage_log (logged_at DESC);
+CREATE INDEX IF NOT EXISTS idx_usage_log_operation_logged_at
+    ON cerefox_usage_log (operation, logged_at DESC);
+CREATE INDEX IF NOT EXISTS idx_usage_log_access_path
+    ON cerefox_usage_log (access_path);
+CREATE INDEX IF NOT EXISTS idx_usage_log_reader
+    ON cerefox_usage_log (reader) WHERE reader IS NOT NULL;
+CREATE INDEX IF NOT EXISTS idx_usage_log_document_id
+    ON cerefox_usage_log (document_id) WHERE document_id IS NOT NULL;
+
+-- ── 3. Config RPCs ───────────────────────────────────────────────────────────
+
+CREATE OR REPLACE FUNCTION cerefox_get_config(p_key TEXT)
+RETURNS TEXT
+LANGUAGE sql
+SECURITY DEFINER
+STABLE
+SET search_path = public, pg_catalog
+AS $$
+    SELECT value FROM cerefox_config WHERE key = p_key;
+$$;
+
+CREATE OR REPLACE FUNCTION cerefox_set_config(p_key TEXT, p_value TEXT)
+RETURNS VOID
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public, pg_catalog
+AS $$
+DECLARE
+    v_allowed TEXT[] := ARRAY['usage_tracking_enabled'];
+BEGIN
+    IF NOT (p_key = ANY(v_allowed)) THEN
+        RAISE EXCEPTION 'Unknown config key: %. Allowed keys: %', p_key, v_allowed;
+    END IF;
+
+    INSERT INTO cerefox_config (key, value)
+    VALUES (p_key, p_value)
+    ON CONFLICT (key) DO UPDATE SET value = EXCLUDED.value;
+END;
+$$;
+
+-- ── 4. Log usage RPC ─────────────────────────────────────────────────────────
+-- Checks config first; no-op if tracking is disabled.
+
+CREATE OR REPLACE FUNCTION cerefox_log_usage(
+    p_operation    TEXT,
+    p_access_path  TEXT,
+    p_reader       TEXT        DEFAULT NULL,
+    p_document_id  UUID        DEFAULT NULL,
+    p_project_id   UUID        DEFAULT NULL,
+    p_query_text   TEXT        DEFAULT NULL,
+    p_result_count INT         DEFAULT NULL,
+    p_extra        JSONB       DEFAULT '{}'::JSONB
+)
+RETURNS VOID
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public, pg_catalog
+AS $$
+DECLARE
+    v_enabled TEXT;
+BEGIN
+    SELECT value INTO v_enabled FROM cerefox_config WHERE key = 'usage_tracking_enabled';
+    IF v_enabled IS NULL OR v_enabled != 'true' THEN
+        RETURN;  -- tracking disabled; no-op
+    END IF;
+
+    INSERT INTO cerefox_usage_log (
+        operation, access_path, reader, document_id, project_id,
+        query_text, result_count, extra
+    ) VALUES (
+        p_operation, p_access_path, p_reader, p_document_id, p_project_id,
+        p_query_text, p_result_count, p_extra
+    );
+END;
+$$;
+
+-- ── 5. List usage log RPC ────────────────────────────────────────────────────
+
+CREATE OR REPLACE FUNCTION cerefox_list_usage_log(
+    p_start       TIMESTAMPTZ DEFAULT NULL,
+    p_end         TIMESTAMPTZ DEFAULT NULL,
+    p_operation   TEXT        DEFAULT NULL,
+    p_access_path TEXT        DEFAULT NULL,
+    p_reader      TEXT        DEFAULT NULL,
+    p_project_id  UUID        DEFAULT NULL,
+    p_limit       INT         DEFAULT 100
+)
+RETURNS TABLE (
+    id           UUID,
+    logged_at    TIMESTAMPTZ,
+    operation    TEXT,
+    access_path  TEXT,
+    reader       TEXT,
+    document_id  UUID,
+    doc_title    TEXT,
+    project_id   UUID,
+    query_text   TEXT,
+    result_count INT,
+    extra        JSONB
+)
+LANGUAGE sql
+SECURITY DEFINER
+STABLE
+SET search_path = public, pg_catalog
+AS $$
+    SELECT
+        ul.id,
+        ul.logged_at,
+        ul.operation,
+        ul.access_path,
+        ul.reader,
+        ul.document_id,
+        d.title AS doc_title,
+        ul.project_id,
+        ul.query_text,
+        ul.result_count,
+        ul.extra
+    FROM cerefox_usage_log ul
+    LEFT JOIN cerefox_documents d ON ul.document_id = d.id
+    WHERE (p_start IS NULL       OR ul.logged_at >= p_start)
+      AND (p_end IS NULL         OR ul.logged_at <= p_end)
+      AND (p_operation IS NULL   OR ul.operation = p_operation)
+      AND (p_access_path IS NULL OR ul.access_path = p_access_path)
+      AND (p_reader IS NULL      OR ul.reader = p_reader)
+      AND (p_project_id IS NULL  OR ul.project_id = p_project_id)
+    ORDER BY ul.logged_at DESC
+    LIMIT p_limit;
+$$;
+
+-- ── 6. Usage summary RPC ─────────────────────────────────────────────────────
+-- Returns a JSON object with aggregated stats for the analytics page.
+
+CREATE OR REPLACE FUNCTION cerefox_usage_summary(
+    p_start       TIMESTAMPTZ DEFAULT NULL,
+    p_end         TIMESTAMPTZ DEFAULT NULL,
+    p_project_id  UUID        DEFAULT NULL,
+    p_access_path TEXT        DEFAULT NULL
+)
+RETURNS JSON
+LANGUAGE plpgsql
+SECURITY DEFINER
+STABLE
+SET search_path = public, pg_catalog
+AS $$
+DECLARE
+    v_result JSON;
+BEGIN
+    WITH filtered AS (
+        SELECT *
+        FROM cerefox_usage_log ul
+        WHERE (p_start IS NULL       OR ul.logged_at >= p_start)
+          AND (p_end IS NULL         OR ul.logged_at <= p_end)
+          AND (p_project_id IS NULL  OR ul.project_id = p_project_id)
+          AND (p_access_path IS NULL OR ul.access_path = p_access_path)
+    ),
+    ops_by_day AS (
+        SELECT
+            DATE(logged_at) AS day,
+            COUNT(*) AS count
+        FROM filtered
+        GROUP BY DATE(logged_at)
+        ORDER BY day
+    ),
+    ops_by_operation AS (
+        SELECT operation, COUNT(*) AS count
+        FROM filtered
+        GROUP BY operation
+        ORDER BY count DESC
+    ),
+    ops_by_access_path AS (
+        SELECT access_path, COUNT(*) AS count
+        FROM filtered
+        GROUP BY access_path
+        ORDER BY count DESC
+    ),
+    top_documents AS (
+        SELECT
+            f.document_id,
+            d.title AS doc_title,
+            COUNT(*) AS count
+        FROM filtered f
+        JOIN cerefox_documents d ON f.document_id = d.id
+        WHERE f.document_id IS NOT NULL
+        GROUP BY f.document_id, d.title
+        ORDER BY count DESC
+        LIMIT 10
+    ),
+    top_readers AS (
+        SELECT reader, COUNT(*) AS count
+        FROM filtered
+        WHERE reader IS NOT NULL
+        GROUP BY reader
+        ORDER BY count DESC
+        LIMIT 10
+    )
+    SELECT json_build_object(
+        'total_count', (SELECT COUNT(*) FROM filtered),
+        'ops_by_day', COALESCE((SELECT json_agg(json_build_object('day', day, 'count', count)) FROM ops_by_day), '[]'::JSON),
+        'ops_by_operation', COALESCE((SELECT json_agg(json_build_object('operation', operation, 'count', count)) FROM ops_by_operation), '[]'::JSON),
+        'ops_by_access_path', COALESCE((SELECT json_agg(json_build_object('access_path', access_path, 'count', count)) FROM ops_by_access_path), '[]'::JSON),
+        'top_documents', COALESCE((SELECT json_agg(json_build_object('document_id', document_id, 'doc_title', doc_title, 'count', count)) FROM top_documents), '[]'::JSON),
+        'top_readers', COALESCE((SELECT json_agg(json_build_object('reader', reader, 'count', count)) FROM top_readers), '[]'::JSON)
+    ) INTO v_result;
+
+    RETURN v_result;
+END;
+$$;

package/dist/server-assets/db/migrations/0007_usage_log_requestor.sql

@@ -0,0 +1,178 @@
+-- Migration 0007: Rename reader to requestor in cerefox_usage_log
+--
+-- The usage log tracks ALL operations (both reads and writes), not just reads.
+-- The "reader" column name implied read-only tracking. "requestor" is a neutral
+-- term that covers both the agent/user performing a search (read) and the
+-- agent/user performing an ingest (write).
+
+-- 1. Rename the column
+ALTER TABLE cerefox_usage_log RENAME COLUMN reader TO requestor;
+
+-- 2. Rename the index (Postgres doesn't have RENAME INDEX, so drop and recreate)
+DROP INDEX IF EXISTS idx_usage_log_reader;
+CREATE INDEX IF NOT EXISTS idx_usage_log_requestor
+    ON cerefox_usage_log (requestor) WHERE requestor IS NOT NULL;
+
+-- 3. Drop and recreate cerefox_log_usage with renamed parameter
+DROP FUNCTION IF EXISTS cerefox_log_usage(TEXT, TEXT, TEXT, UUID, UUID, TEXT, INT, JSONB);
+
+CREATE OR REPLACE FUNCTION cerefox_log_usage(
+    p_operation    TEXT,
+    p_access_path  TEXT,
+    p_requestor    TEXT        DEFAULT NULL,
+    p_document_id  UUID        DEFAULT NULL,
+    p_project_id   UUID        DEFAULT NULL,
+    p_query_text   TEXT        DEFAULT NULL,
+    p_result_count INT         DEFAULT NULL,
+    p_extra        JSONB       DEFAULT '{}'::JSONB
+)
+RETURNS VOID
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public, pg_catalog
+AS $$
+DECLARE
+    v_enabled TEXT;
+BEGIN
+    SELECT value INTO v_enabled FROM cerefox_config WHERE key = 'usage_tracking_enabled';
+    IF v_enabled IS NULL OR v_enabled != 'true' THEN
+        RETURN;
+    END IF;
+
+    INSERT INTO cerefox_usage_log (
+        operation, access_path, requestor, document_id, project_id,
+        query_text, result_count, extra
+    ) VALUES (
+        p_operation, p_access_path, p_requestor, p_document_id, p_project_id,
+        p_query_text, p_result_count, p_extra
+    );
+END;
+$$;
+
+-- 4. Drop and recreate cerefox_list_usage_log with renamed column
+DROP FUNCTION IF EXISTS cerefox_list_usage_log(TIMESTAMPTZ, TIMESTAMPTZ, TEXT, TEXT, TEXT, UUID, INT);
+
+CREATE OR REPLACE FUNCTION cerefox_list_usage_log(
+    p_start       TIMESTAMPTZ DEFAULT NULL,
+    p_end         TIMESTAMPTZ DEFAULT NULL,
+    p_operation   TEXT        DEFAULT NULL,
+    p_access_path TEXT        DEFAULT NULL,
+    p_requestor   TEXT        DEFAULT NULL,
+    p_project_id  UUID        DEFAULT NULL,
+    p_limit       INT         DEFAULT 100
+)
+RETURNS TABLE (
+    id           UUID,
+    logged_at    TIMESTAMPTZ,
+    operation    TEXT,
+    access_path  TEXT,
+    requestor    TEXT,
+    document_id  UUID,
+    doc_title    TEXT,
+    project_id   UUID,
+    query_text   TEXT,
+    result_count INT,
+    extra        JSONB
+)
+LANGUAGE sql
+SECURITY DEFINER
+STABLE
+SET search_path = public, pg_catalog
+AS $$
+    SELECT
+        ul.id,
+        ul.logged_at,
+        ul.operation,
+        ul.access_path,
+        ul.requestor,
+        ul.document_id,
+        d.title AS doc_title,
+        ul.project_id,
+        ul.query_text,
+        ul.result_count,
+        ul.extra
+    FROM cerefox_usage_log ul
+    LEFT JOIN cerefox_documents d ON ul.document_id = d.id
+    WHERE (p_start IS NULL       OR ul.logged_at >= p_start)
+      AND (p_end IS NULL         OR ul.logged_at <= p_end)
+      AND (p_operation IS NULL   OR ul.operation = p_operation)
+      AND (p_access_path IS NULL OR ul.access_path = p_access_path)
+      AND (p_requestor IS NULL   OR ul.requestor = p_requestor)
+      AND (p_project_id IS NULL  OR ul.project_id = p_project_id)
+    ORDER BY ul.logged_at DESC
+    LIMIT p_limit;
+$$;
+
+-- 5. Drop and recreate cerefox_usage_summary with renamed field
+DROP FUNCTION IF EXISTS cerefox_usage_summary(TIMESTAMPTZ, TIMESTAMPTZ, UUID, TEXT);
+
+CREATE OR REPLACE FUNCTION cerefox_usage_summary(
+    p_start       TIMESTAMPTZ DEFAULT NULL,
+    p_end         TIMESTAMPTZ DEFAULT NULL,
+    p_project_id  UUID        DEFAULT NULL,
+    p_access_path TEXT        DEFAULT NULL
+)
+RETURNS JSON
+LANGUAGE plpgsql
+SECURITY DEFINER
+STABLE
+SET search_path = public, pg_catalog
+AS $$
+DECLARE
+    v_result JSON;
+BEGIN
+    WITH filtered AS (
+        SELECT *
+        FROM cerefox_usage_log ul
+        WHERE (p_start IS NULL       OR ul.logged_at >= p_start)
+          AND (p_end IS NULL         OR ul.logged_at <= p_end)
+          AND (p_project_id IS NULL  OR ul.project_id = p_project_id)
+          AND (p_access_path IS NULL OR ul.access_path = p_access_path)
+    ),
+    ops_by_day AS (
+        SELECT DATE(logged_at) AS day, COUNT(*) AS count
+        FROM filtered
+        GROUP BY DATE(logged_at)
+        ORDER BY day
+    ),
+    ops_by_operation AS (
+        SELECT operation, COUNT(*) AS count
+        FROM filtered
+        GROUP BY operation
+        ORDER BY count DESC
+    ),
+    ops_by_access_path AS (
+        SELECT access_path, COUNT(*) AS count
+        FROM filtered
+        GROUP BY access_path
+        ORDER BY count DESC
+    ),
+    top_documents AS (
+        SELECT f.document_id, d.title AS doc_title, COUNT(*) AS count
+        FROM filtered f
+        JOIN cerefox_documents d ON f.document_id = d.id
+        WHERE f.document_id IS NOT NULL
+        GROUP BY f.document_id, d.title
+        ORDER BY count DESC
+        LIMIT 10
+    ),
+    top_requestors AS (
+        SELECT requestor, COUNT(*) AS count
+        FROM filtered
+        WHERE requestor IS NOT NULL
+        GROUP BY requestor
+        ORDER BY count DESC
+        LIMIT 10
+    )
+    SELECT json_build_object(
+        'total_count', (SELECT COUNT(*) FROM filtered),
+        'ops_by_day', COALESCE((SELECT json_agg(json_build_object('day', day, 'count', count)) FROM ops_by_day), '[]'::JSON),
+        'ops_by_operation', COALESCE((SELECT json_agg(json_build_object('operation', operation, 'count', count)) FROM ops_by_operation), '[]'::JSON),
+        'ops_by_access_path', COALESCE((SELECT json_agg(json_build_object('access_path', access_path, 'count', count)) FROM ops_by_access_path), '[]'::JSON),
+        'top_documents', COALESCE((SELECT json_agg(json_build_object('document_id', document_id, 'doc_title', doc_title, 'count', count)) FROM top_documents), '[]'::JSON),
+        'top_requestors', COALESCE((SELECT json_agg(json_build_object('requestor', requestor, 'count', count)) FROM top_requestors), '[]'::JSON)
+    ) INTO v_result;
+
+    RETURN v_result;
+END;
+$$;

package/dist/server-assets/db/migrations/0008_soft_delete.sql

@@ -0,0 +1,130 @@
+-- Migration 0008: Soft delete for documents
+--
+-- Adds deleted_at column to cerefox_documents. "Delete" sets the timestamp
+-- instead of cascade-deleting. Search indexes exclude soft-deleted docs.
+-- A separate "purge" operation does the real cascade delete.
+-- Recovery is just clearing the deleted_at timestamp.
+
+-- 1. Add deleted_at column (nullable, default NULL = not deleted)
+ALTER TABLE cerefox_documents ADD COLUMN IF NOT EXISTS deleted_at TIMESTAMPTZ DEFAULT NULL;
+
+-- 1b. Add 'restore' to the audit log operation CHECK constraint
+ALTER TABLE cerefox_audit_log DROP CONSTRAINT IF EXISTS cerefox_audit_log_operation_check;
+ALTER TABLE cerefox_audit_log ADD CONSTRAINT cerefox_audit_log_operation_check CHECK (
+    operation IN ('create', 'update-content', 'update-metadata', 'delete',
+                  'status-change', 'archive', 'unarchive', 'restore')
+);
+
+-- 2. Index for finding soft-deleted documents efficiently
+CREATE INDEX IF NOT EXISTS idx_documents_deleted_at
+    ON cerefox_documents (deleted_at) WHERE deleted_at IS NOT NULL;
+
+-- 3. Update cerefox_delete_document to soft-delete instead of cascade-delete.
+-- The old RPC did: audit entry + CASCADE DELETE.
+-- The new RPC does: audit entry + SET deleted_at = NOW().
+-- Drop the old signature first (it takes different params across versions).
+
+DROP FUNCTION IF EXISTS cerefox_delete_document(UUID);
+
+CREATE OR REPLACE FUNCTION cerefox_delete_document(
+    p_document_id UUID
+)
+RETURNS VOID
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public, pg_catalog
+AS $$
+DECLARE
+    v_title TEXT;
+    v_total_chars INT;
+BEGIN
+    -- Get document info for audit entry
+    SELECT title, total_chars INTO v_title, v_total_chars
+    FROM cerefox_documents WHERE id = p_document_id;
+
+    IF v_title IS NULL THEN
+        RETURN;  -- Document doesn't exist
+    END IF;
+
+    -- Soft delete: set deleted_at timestamp
+    UPDATE cerefox_documents SET deleted_at = NOW() WHERE id = p_document_id;
+
+    -- Audit entry
+    INSERT INTO cerefox_audit_log (
+        document_id, operation, author, author_type,
+        size_before, size_after, description
+    ) VALUES (
+        p_document_id, 'delete', 'unknown', 'user',
+        v_total_chars, 0,
+        format('Soft-deleted document: %s (%s chars)', v_title, v_total_chars)
+    );
+END;
+$$;
+
+-- 4. New RPC: restore a soft-deleted document
+CREATE OR REPLACE FUNCTION cerefox_restore_document(
+    p_document_id UUID
+)
+RETURNS VOID
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public, pg_catalog
+AS $$
+DECLARE
+    v_title TEXT;
+    v_total_chars INT;
+BEGIN
+    SELECT title, total_chars INTO v_title, v_total_chars
+    FROM cerefox_documents WHERE id = p_document_id AND deleted_at IS NOT NULL;
+
+    IF v_title IS NULL THEN
+        RETURN;  -- Not found or not deleted
+    END IF;
+
+    UPDATE cerefox_documents SET deleted_at = NULL WHERE id = p_document_id;
+
+    INSERT INTO cerefox_audit_log (
+        document_id, operation, author, author_type,
+        size_before, size_after, description
+    ) VALUES (
+        p_document_id, 'restore', 'unknown', 'user',
+        0, v_total_chars,
+        format('Restored document: %s', v_title)
+    );
+END;
+$$;
+
+-- 5. New RPC: permanently purge a soft-deleted document
+CREATE OR REPLACE FUNCTION cerefox_purge_document(
+    p_document_id UUID
+)
+RETURNS VOID
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = public, pg_catalog
+AS $$
+DECLARE
+    v_title TEXT;
+    v_total_chars INT;
+BEGIN
+    SELECT title, total_chars INTO v_title, v_total_chars
+    FROM cerefox_documents WHERE id = p_document_id AND deleted_at IS NOT NULL;
+
+    IF v_title IS NULL THEN
+        RETURN;  -- Not found or not soft-deleted (can only purge soft-deleted docs)
+    END IF;
+
+    -- Audit entry BEFORE delete (FK will SET NULL on the audit entry's document_id)
+    INSERT INTO cerefox_audit_log (
+        document_id, operation, author, author_type,
+        size_before, size_after, description
+    ) VALUES (
+        p_document_id, 'delete', 'unknown', 'user',
+        v_total_chars, 0,
+        format('Permanently deleted document: %s (%s chars)', v_title, v_total_chars)
+    );
+
+    -- Real cascade delete
+    DELETE FROM cerefox_documents WHERE id = p_document_id;
+END;
+$$;

package/dist/server-assets/db/migrations/0009_audit_log_restore_operation.sql

@@ -0,0 +1,20 @@
+-- Migration 0009: Add 'restore' to audit log operation CHECK constraint
+--
+-- The soft delete feature (0008) used 'unarchive' for restore-from-trash
+-- operations. This was semantically incorrect -- 'unarchive' is for version
+-- archival toggling. This migration adds 'restore' as a proper operation type.
+--
+-- Safe to re-run: DROP CONSTRAINT IF EXISTS handles idempotency.
+
+ALTER TABLE cerefox_audit_log DROP CONSTRAINT IF EXISTS cerefox_audit_log_operation_check;
+ALTER TABLE cerefox_audit_log ADD CONSTRAINT cerefox_audit_log_operation_check CHECK (
+    operation IN ('create', 'update-content', 'update-metadata', 'delete',
+                  'status-change', 'archive', 'unarchive', 'restore')
+);
+
+-- Also fix any existing audit entries that used 'unarchive' for restore-from-trash
+-- (they have description starting with 'Restored document:')
+UPDATE cerefox_audit_log
+SET operation = 'restore'
+WHERE operation = 'unarchive'
+  AND description LIKE 'Restored document:%';

package/dist/server-assets/db/migrations/0010_requestor_enforcement_config.sql

@@ -0,0 +1,12 @@
+-- Migration 0010: Seed requestor enforcement config defaults
+--
+-- Adds two new config keys for optional requestor identity enforcement
+-- on MCP tool calls. Both default to "off" for backward compatibility.
+
+INSERT INTO cerefox_config (key, value)
+VALUES ('require_requestor_identity', 'false')
+ON CONFLICT (key) DO NOTHING;
+
+INSERT INTO cerefox_config (key, value)
+VALUES ('requestor_identity_format', '^[a-zA-Z0-9_:.\- ]+$')
+ON CONFLICT (key) DO NOTHING;

package/dist/server-assets/db/migrations/0011_title_boosting.sql

@@ -0,0 +1,48 @@
+-- Migration 0011: Title Boosting for FTS and Semantic Search
+--
+-- Changes the fts column on cerefox_chunks from GENERATED ALWAYS AS to a
+-- regular tsvector column. This allows the document title (from
+-- cerefox_documents) to be included at weight A in the FTS index, which
+-- is impossible with a GENERATED column (cannot reference other tables).
+--
+-- After this migration, fts is set by the ingestion pipeline:
+--   setweight(to_tsvector('english', doc_title),   'A')  -- document title
+--   || setweight(to_tsvector('english', chunk_title), 'A')  -- heading title
+--   || setweight(to_tsvector('english', content),    'B')  -- body content
+--
+-- The cerefox_ingest_document RPC computes this automatically for all new
+-- or updated documents. The cerefox_update_chunk_fts RPC handles the
+-- title-change path (title changed but content unchanged).
+--
+-- Existing chunks retain their old tsvectors (computed without doc title).
+-- New ingestion automatically uses the new formula. Running
+-- scripts/reindex_all.py updates all existing chunks (optional but
+-- recommended for complete title-boosted search coverage).
+--
+-- Applied by: uv run python scripts/db_migrate.py
+
+-- Step 1: Drop the GENERATED expression on fts.
+-- The column stays as a regular tsvector; existing values are preserved.
+ALTER TABLE cerefox_chunks ALTER COLUMN fts DROP EXPRESSION;
+
+-- Step 2: Add cerefox_update_chunk_fts RPC.
+-- Called when a document title changes (content unchanged) to refresh the
+-- FTS index for all current chunks without creating a version snapshot.
+DROP FUNCTION IF EXISTS cerefox_update_chunk_fts(UUID, TEXT);
+CREATE FUNCTION cerefox_update_chunk_fts(
+    p_document_id   UUID,
+    p_new_title     TEXT
+)
+RETURNS VOID
+LANGUAGE sql
+SECURITY DEFINER
+SET search_path = public, pg_catalog
+AS $$
+    UPDATE cerefox_chunks
+    SET fts =
+        setweight(to_tsvector('english', COALESCE(p_new_title, '')), 'A') ||
+        setweight(to_tsvector('english', COALESCE(title, '')), 'A') ||
+        setweight(to_tsvector('english', COALESCE(content, '')), 'B')
+    WHERE document_id = p_document_id
+      AND version_id IS NULL;
+$$;