@realtimex/folio 0.1.16 → 0.1.17

package/dist/api/src/services/PolicyLearningService.js

@@ -182,7 +182,14 @@ function buildFromIngestionRow(ingestion) {
 }
 export class PolicyLearningService {
     static async recordManualMatch(opts) {
-        const { supabase, userId, ingestion, policyId, policyName } = opts;
+        const { supabase, userId, workspaceId, ingestion, policyId, policyName } = opts;
+        if (!workspaceId) {
+            logger.warn("Skipping policy learning feedback: missing workspace context", {
+                ingestionId: ingestion.id,
+                policyId,
+            });
+            return;
+        }
         const features = buildFromIngestionRow(ingestion);
         if (features.tokens.length === 0) {
             logger.warn("Skipping policy learning feedback: no usable tokens", {
@@ -192,6 +199,7 @@ export class PolicyLearningService {
             return;
         }
         const row = {
+            workspace_id: workspaceId,
             user_id: userId,
             ingestion_id: ingestion.id,
             policy_id: policyId,
@@ -201,7 +209,7 @@ export class PolicyLearningService {
         };
         const { error } = await supabase
             .from("policy_match_feedback")
-            .upsert(row, { onConflict: "user_id,ingestion_id,policy_id" });
+            .upsert(row, { onConflict: "workspace_id,ingestion_id,policy_id" });
         if (error) {
             logger.error("Failed to save policy match feedback", {
                 ingestionId: ingestion.id,
@@ -217,12 +225,15 @@ export class PolicyLearningService {
         });
     }
     static async getPolicyLearningStats(opts) {
-        const { supabase, userId } = opts;
+        const { supabase, userId, workspaceId } = opts;
+        if (!workspaceId) {
+            return {};
+        }
         const normalizedPolicyIds = (opts.policyIds ?? []).map((id) => id.trim()).filter(Boolean);
         let query = supabase
             .from("policy_match_feedback")
             .select("policy_id,created_at")
-            .eq("user_id", userId)
+            .eq("workspace_id", workspaceId)
             .order("created_at", { ascending: false })
             .limit(5000);
         if (normalizedPolicyIds.length > 0) {
@@ -251,7 +262,7 @@ export class PolicyLearningService {
         return stats;
     }
     static async resolveLearnedCandidate(opts) {
-        const { supabase, userId, policyIds, filePath, baselineEntities, documentText } = opts;
+        const { supabase, userId, workspaceId, policyIds, filePath, baselineEntities, documentText } = opts;
         if (policyIds.length === 0) {
             return {
                 candidate: null,
@@ -263,6 +274,17 @@ export class PolicyLearningService {
                 },
             };
         }
+        if (!workspaceId) {
+            return {
+                candidate: null,
+                diagnostics: {
+                    reason: "no_feedback_samples",
+                    evaluatedPolicies: policyIds.length,
+                    evaluatedSamples: 0,
+                    topCandidates: [],
+                },
+            };
+        }
         const docFeatures = buildFromDocInput({ filePath, baselineEntities, documentText });
         if (docFeatures.tokens.length === 0) {
             return {
@@ -278,7 +300,7 @@ export class PolicyLearningService {
         const { data, error } = await supabase
             .from("policy_match_feedback")
             .select("policy_id,policy_name,features")
-            .eq("user_id", userId)
+            .eq("workspace_id", workspaceId)
             .in("policy_id", policyIds)
             .order("created_at", { ascending: false })
             .limit(400);

package/dist/api/src/services/PolicyLoader.js

@@ -1,7 +1,7 @@
 import { createLogger } from "../utils/logger.js";
 const logger = createLogger("PolicyLoader");
 // ─── Cache ───────────────────────────────────────────────────────────────────
-// Keyed by user_id so one user's policies never bleed into another's.
+// Keyed by workspace_id so one workspace's policies never bleed into another's.
 const _cache = new Map();
 const CACHE_TTL_MS = 30_000;
 // ─── Row → Policy ────────────────────────────────────────────────────────────
@@ -22,19 +22,21 @@ function rowToPolicy(row) {
 // ─── PolicyLoader ────────────────────────────────────────────────────────────
 export class PolicyLoader {
     /**
-     * Load all policies for the authenticated user from Supabase.
+     * Load all policies for the active workspace from Supabase.
      * Returns [] if no Supabase client is provided (unauthenticated state).
      */
-    static async load(forceRefresh = false, supabase) {
+    static async load(forceRefresh = false, supabase, workspaceId) {
         if (!supabase) {
             logger.info("No Supabase client — policies require authentication");
             return [];
         }
-        // Resolve the user ID to scope the cache correctly
-        const { data: { user } } = await supabase.auth.getUser();
-        const userId = user?.id ?? "anonymous";
+        const resolvedWorkspaceId = (workspaceId ?? "").trim();
+        if (!resolvedWorkspaceId) {
+            logger.warn("No workspace context — returning empty policy set");
+            return [];
+        }
         const now = Date.now();
-        const cached = _cache.get(userId);
+        const cached = _cache.get(resolvedWorkspaceId);
         if (!forceRefresh && cached && now - cached.loadedAt < CACHE_TTL_MS) {
             return cached.policies;
         }
@@ -42,13 +44,14 @@ export class PolicyLoader {
             const { data, error } = await supabase
                 .from("policies")
                 .select("*")
+                .eq("workspace_id", resolvedWorkspaceId)
                 .eq("enabled", true)
                 .order("priority", { ascending: false });
             if (error)
                 throw error;
             const policies = (data ?? []).map(rowToPolicy);
-            _cache.set(userId, { policies, loadedAt: Date.now() });
-            logger.info(`Loaded ${policies.length} policies from DB for user ${userId}`);
+            _cache.set(resolvedWorkspaceId, { policies, loadedAt: Date.now() });
+            logger.info(`Loaded ${policies.length} policies from DB for workspace ${resolvedWorkspaceId}`);
             return policies;
         }
         catch (err) {
@@ -56,9 +59,9 @@ export class PolicyLoader {
             return [];
         }
     }
-    static invalidateCache(userId) {
-        if (userId) {
-            _cache.delete(userId);
+    static invalidateCache(workspaceId) {
+        if (workspaceId) {
+            _cache.delete(workspaceId);
         }
         else {
             _cache.clear();
@@ -78,11 +81,12 @@ export class PolicyLoader {
      * Save (upsert) a policy to Supabase.
      * Throws if no Supabase client is available.
      */
-    static async save(policy, supabase, userId) {
-        if (!supabase || !userId) {
+    static async save(policy, supabase, userId, workspaceId) {
+        if (!supabase || !userId || !workspaceId) {
             throw new Error("Authentication required to save policies");
         }
         const row = {
+            workspace_id: workspaceId,
             user_id: userId,
             policy_id: policy.metadata.id,
             api_version: policy.apiVersion,
@@ -94,25 +98,25 @@ export class PolicyLoader {
         };
         const { error } = await supabase
             .from("policies")
-            .upsert(row, { onConflict: "user_id,policy_id" });
+            .upsert(row, { onConflict: "workspace_id,policy_id" });
         if (error)
             throw new Error(`Failed to save policy: ${error.message}`);
-        this.invalidateCache();
+        this.invalidateCache(workspaceId);
         logger.info(`Saved policy to DB: ${policy.metadata.id}`);
         return `db:policies/${policy.metadata.id}`;
     }
     /**
      * Partially update a policy (enabled toggle, name, description, tags, priority).
      */
-    static async patch(policyId, patch, supabase, userId) {
-        if (!supabase || !userId) {
+    static async patch(policyId, patch, supabase, userId, workspaceId) {
+        if (!supabase || !userId || !workspaceId) {
             throw new Error("Authentication required to update policies");
         }
         const { data: existing, error: fetchErr } = await supabase
             .from("policies")
             .select("metadata, priority, enabled")
             .eq("policy_id", policyId)
-            .eq("user_id", userId)
+            .eq("workspace_id", workspaceId)
             .single();
         if (fetchErr || !existing)
             throw new Error("Policy not found");
@@ -131,10 +135,10 @@ export class PolicyLoader {
             priority: patch.priority ?? existing.priority,
         })
             .eq("policy_id", policyId)
-            .eq("user_id", userId);
+            .eq("workspace_id", workspaceId);
         if (error)
             throw new Error(`Failed to patch policy: ${error.message}`);
-        this.invalidateCache();
+        this.invalidateCache(workspaceId);
         logger.info(`Patched policy: ${policyId}`);
         return true;
     }
@@ -142,18 +146,18 @@ export class PolicyLoader {
      * Delete a policy by ID from Supabase.
      * Throws if no Supabase client is available.
      */
-    static async delete(policyId, supabase, userId) {
-        if (!supabase || !userId) {
+    static async delete(policyId, supabase, userId, workspaceId) {
+        if (!supabase || !userId || !workspaceId) {
             throw new Error("Authentication required to delete policies");
         }
         const { error, count } = await supabase
             .from("policies")
             .delete({ count: "exact" })
             .eq("policy_id", policyId)
-            .eq("user_id", userId);
+            .eq("workspace_id", workspaceId);
         if (error)
             throw new Error(`Failed to delete policy: ${error.message}`);
-        this.invalidateCache();
+        this.invalidateCache(workspaceId);
         return (count ?? 0) > 0;
     }
 }

package/dist/api/src/services/RAGService.js

@@ -89,7 +89,7 @@ export class RAGService {
     /**
      * Process an ingested document's raw text: chunk it, embed it, and store in DB.
      */
-    static async chunkAndEmbed(ingestionId, userId, rawText, supabase, settings) {
+    static async chunkAndEmbed(ingestionId, userId, rawText, supabase, settings, workspaceId) {
         if (/^\[VLM_(IMAGE|PDF)_DATA:/.test(rawText)) {
             logger.info(`Skipping chunking and embedding for VLM base64 multimodal data (Ingestion: ${ingestionId})`);
             return;
@@ -100,6 +100,21 @@ export class RAGService {
             return;
         }
         const resolvedModel = await this.resolveEmbeddingModel(settings || {});
+        let resolvedWorkspaceId = (workspaceId ?? "").trim();
+        if (!resolvedWorkspaceId) {
+            const { data: ingestionRow, error: ingestionLookupError } = await supabase
+                .from("ingestions")
+                .select("workspace_id")
+                .eq("id", ingestionId)
+                .maybeSingle();
+            if (ingestionLookupError) {
+                throw new Error(`Failed to resolve workspace for ingestion ${ingestionId}: ${ingestionLookupError.message}`);
+            }
+            resolvedWorkspaceId = String(ingestionRow?.workspace_id ?? "").trim();
+            if (!resolvedWorkspaceId) {
+                throw new Error(`Workspace context is required to index chunks for ingestion ${ingestionId}`);
+            }
+        }
         logger.info(`Extracted ${chunks.length} chunks for ingestion ${ingestionId}. Embedding with ${resolvedModel.provider}/${resolvedModel.model}...`);
         // Global gate: background fire-and-forget jobs are bounded process-wide.
         await this.acquireEmbedJobSlot();
@@ -113,6 +128,7 @@ export class RAGService {
                     const { data: existing } = await supabase
                         .from("document_chunks")
                         .select("id")
+                        .eq("workspace_id", resolvedWorkspaceId)
                         .eq("ingestion_id", ingestionId)
                         .eq("content_hash", hash)
                         .eq("embedding_provider", resolvedModel.provider)
@@ -126,6 +142,7 @@ export class RAGService {
                     const embedding = await this.embedTextWithResolvedModel(content, resolvedModel);
                     const vector_dim = embedding.length;
                     const { error } = await supabase.from("document_chunks").insert({
+                        workspace_id: resolvedWorkspaceId,
                         user_id: userId,
                         ingestion_id: ingestionId,
                         content,
@@ -155,30 +172,44 @@ export class RAGService {
      * Semantically search the document chunks using dynamic pgvector partial indexing.
      */
     static async runSearchForModel(args) {
-        const { userId, supabase, modelScope, queryEmbedding, queryDim, similarityThreshold, topK } = args;
-        const { data, error } = await supabase.rpc("search_documents", {
-            p_user_id: userId,
+        const { userId, workspaceId, supabase, modelScope, queryEmbedding, queryDim, similarityThreshold, topK } = args;
+        const basePayload = {
             p_embedding_provider: modelScope.provider,
             p_embedding_model: modelScope.model,
             query_embedding: queryEmbedding,
             match_threshold: similarityThreshold,
             match_count: topK,
             query_dim: queryDim
-        });
+        };
+        const { data, error } = workspaceId
+            ? await supabase.rpc("search_workspace_documents", {
+                p_workspace_id: workspaceId,
+                ...basePayload
+            })
+            : await supabase.rpc("search_documents", {
+                p_user_id: userId,
+                ...basePayload
+            });
         if (error) {
             throw new Error(`Knowledge base search failed for ${modelScope.provider}/${modelScope.model}: ${error.message}`);
         }
         return (data || []);
     }
-    static async listUserModelScopes(userId, supabase) {
-        const { data, error } = await supabase
+    static async listModelScopes(userId, supabase, workspaceId) {
+        let query = supabase
             .from("document_chunks")
             .select("embedding_provider, embedding_model, vector_dim, created_at")
-            .eq("user_id", userId)
             .order("created_at", { ascending: false })
             .limit(2000);
+        if (workspaceId) {
+            query = query.eq("workspace_id", workspaceId);
+        }
+        else {
+            query = query.eq("user_id", userId);
+        }
+        const { data, error } = await query;
         if (error) {
-            logger.warn("Failed to list user embedding scopes for RAG fallback", { error });
+            logger.warn("Failed to list embedding scopes for RAG fallback", { userId, workspaceId, error });
             return [];
         }
         const scopes = new Map();
@@ -203,7 +234,7 @@ export class RAGService {
         return Array.from(scopes.values());
     }
     static async searchDocuments(query, userId, supabase, options = {}) {
-        const { topK = 5, similarityThreshold = 0.7, settings } = options;
+        const { topK = 5, similarityThreshold = 0.7, settings, workspaceId } = options;
         const minThreshold = Math.max(0.1, Math.min(similarityThreshold, 0.4));
         const thresholdLevels = Array.from(new Set([similarityThreshold, minThreshold]));
         const preferred = await this.resolveEmbeddingModel(settings || {});
@@ -232,6 +263,7 @@ export class RAGService {
             logger.info(`Searching knowledge base (${scope.provider}/${scope.model}, dim=${queryDim}, topK=${topK}, threshold=${threshold})`);
             const hits = await this.runSearchForModel({
                 userId,
+                workspaceId,
                 supabase,
                 modelScope: scope,
                 queryEmbedding,
@@ -268,7 +300,7 @@ export class RAGService {
             });
         }
         if (collected.size === 0) {
-            const scopes = await this.listUserModelScopes(userId, supabase);
+            const scopes = await this.listModelScopes(userId, supabase, workspaceId);
             const fallbackScopes = scopes.filter((scope) => !(scope.provider === preferredScope.provider && scope.model === preferredScope.model));
             for (const scope of fallbackScopes) {
                 try {