ltcai 4.6.1 → 4.7.2

package/lattice_brain/__init__.py

@@ -26,7 +26,7 @@ from .storage import (
     storage_from_env,
 )
 
-__version__ = "4.6.1"
+__version__ = "4.7.2"
 
 __all__ = [
     "AgentRuntime",

package/lattice_brain/archive.py

@@ -50,6 +50,10 @@ def _now() -> str:
     return datetime.now(timezone.utc).isoformat()
 
 
+def _stamp() -> str:
+    return _now().replace(":", "").replace("-", "").replace(".", "")[:15]
+
+
 def _derive_key(passphrase: str, salt: bytes) -> bytes:
     if not passphrase:
         raise ValueError("A passphrase is required for encrypted .latticebrain archives.")
@@ -93,6 +97,78 @@ def _assert_safe_member(name: str) -> PurePosixPath:
     return path
 
 
+def _pre_restore_backup_dir(anchor: Path) -> Path:
+    backup_dir = anchor.parent / f"{anchor.name}.pre-restore-{_stamp()}"
+    index = 1
+    while backup_dir.exists():
+        backup_dir = anchor.parent / f"{anchor.name}.pre-restore-{_stamp()}-{index}"
+        index += 1
+    backup_dir.mkdir(parents=True)
+    return backup_dir
+
+
+def _sqlite_siblings(db_path: Path) -> tuple[Path, Path, Path]:
+    return (db_path, Path(str(db_path) + "-wal"), Path(str(db_path) + "-shm"))
+
+
+def _restore_sibling(path: Path, backup: Path) -> None:
+    if backup.exists():
+        shutil.copy2(backup, path)
+    elif path.exists():
+        path.unlink()
+
+
+def _replace_sqlite_atomically(src: Path, dest: Path, backup_dir: Path) -> None:
+    dest.parent.mkdir(parents=True, exist_ok=True)
+    tmp = dest.parent / f".{dest.name}.restore-{_stamp()}-{os.getpid()}.tmp"
+    shutil.copyfile(src, tmp)
+    backups: dict[Path, Path] = {}
+    try:
+        for sibling in _sqlite_siblings(dest):
+            if sibling.exists():
+                backup = backup_dir / sibling.name
+                shutil.copy2(sibling, backup)
+                backups[sibling] = backup
+        for sibling in _sqlite_siblings(dest)[1:]:
+            if sibling.exists():
+                sibling.unlink()
+        os.replace(tmp, dest)
+    except Exception:
+        if tmp.exists():
+            tmp.unlink()
+        for sibling in _sqlite_siblings(dest):
+            _restore_sibling(sibling, backups.get(sibling, backup_dir / sibling.name))
+        raise
+
+
+def _rollback_sqlite_from_backup(dest: Path, backup_dir: Path) -> None:
+    for sibling in _sqlite_siblings(dest):
+        _restore_sibling(sibling, backup_dir / sibling.name)
+
+
+def _replace_tree_with_backup(src: Optional[Path], dest: Path, backup_dir: Path) -> None:
+    dest.parent.mkdir(parents=True, exist_ok=True)
+    staged = dest.parent / f".{dest.name}.restore-{_stamp()}-{os.getpid()}"
+    backup = backup_dir / dest.name
+    if src and src.exists():
+        shutil.copytree(src, staged)
+    else:
+        staged.mkdir(parents=True)
+    try:
+        if dest.exists():
+            shutil.copytree(dest, backup)
+            shutil.rmtree(dest)
+        os.replace(staged, dest)
+    except Exception:
+        if staged.exists():
+            shutil.rmtree(staged)
+        if dest.exists():
+            shutil.rmtree(dest)
+        if backup.exists():
+            shutil.copytree(backup, dest)
+        raise
+
+
 @dataclass(frozen=True)
 class BrainArchivePaths:
     db_path: Path
@@ -397,19 +473,15 @@ class EncryptedBrainArchive:
             db_src = out / "knowledge_graph.sqlite"
             if not db_src.exists():
                 raise ValueError("Archive payload is missing knowledge_graph.sqlite.")
-            target.db_path.parent.mkdir(parents=True, exist_ok=True)
-            for sibling in (target.db_path, Path(str(target.db_path) + "-wal"), Path(str(target.db_path) + "-shm")):
-                if sibling.exists():
-                    sibling.unlink()
-            shutil.copyfile(db_src, target.db_path)
-            blobs_src = out / "blobs"
-            if target.blob_dir:
-                if target.blob_dir.exists():
-                    shutil.rmtree(target.blob_dir)
-                if blobs_src.exists():
-                    shutil.copytree(blobs_src, target.blob_dir)
-                else:
-                    target.blob_dir.mkdir(parents=True, exist_ok=True)
+            backup_dir = _pre_restore_backup_dir(target.db_path)
+            try:
+                _replace_sqlite_atomically(db_src, target.db_path, backup_dir)
+                blobs_src = out / "blobs"
+                if target.blob_dir:
+                    _replace_tree_with_backup(blobs_src if blobs_src.exists() else None, target.blob_dir, backup_dir)
+            except Exception:
+                _rollback_sqlite_from_backup(target.db_path, backup_dir)
+                raise
             if target.data_dir:
                 data_src = out / "data"
                 exports_src = out / "workspace_exports"
@@ -439,6 +511,7 @@ class EncryptedBrainArchive:
             "path": str(target.db_path),
             "encrypted": True,
             "verified": True,
+            "pre_restore_backup": str(backup_dir),
             "manifest": manifest,
         }
 

package/lattice_brain/portability.py

@@ -15,6 +15,7 @@ from __future__ import annotations
 
 import hashlib
 import json
+import os
 import shutil
 import tempfile
 import zipfile
@@ -57,6 +58,78 @@ def _safe_zip_names(names) -> None:
             raise ValueError(f"Backup archive contains unsafe path: {name}")
 
 
+def _pre_restore_backup_dir(anchor: Path) -> Path:
+    backup_dir = anchor.parent / f"{anchor.name}.pre-restore-{_stamp()}"
+    index = 1
+    while backup_dir.exists():
+        backup_dir = anchor.parent / f"{anchor.name}.pre-restore-{_stamp()}-{index}"
+        index += 1
+    backup_dir.mkdir(parents=True)
+    return backup_dir
+
+
+def _sqlite_siblings(db_path: Path) -> tuple[Path, Path, Path]:
+    return (db_path, Path(str(db_path) + "-wal"), Path(str(db_path) + "-shm"))
+
+
+def _restore_sibling(path: Path, backup: Path) -> None:
+    if backup.exists():
+        shutil.copy2(backup, path)
+    elif path.exists():
+        path.unlink()
+
+
+def _replace_sqlite_atomically(src: Path, dest: Path, backup_dir: Path) -> None:
+    dest.parent.mkdir(parents=True, exist_ok=True)
+    tmp = dest.parent / f".{dest.name}.restore-{_stamp()}-{os.getpid()}.tmp"
+    shutil.copyfile(src, tmp)
+    backups: dict[Path, Path] = {}
+    try:
+        for sibling in _sqlite_siblings(dest):
+            if sibling.exists():
+                backup = backup_dir / sibling.name
+                shutil.copy2(sibling, backup)
+                backups[sibling] = backup
+        for sibling in _sqlite_siblings(dest)[1:]:
+            if sibling.exists():
+                sibling.unlink()
+        os.replace(tmp, dest)
+    except Exception:
+        if tmp.exists():
+            tmp.unlink()
+        for sibling in _sqlite_siblings(dest):
+            _restore_sibling(sibling, backups.get(sibling, backup_dir / sibling.name))
+        raise
+
+
+def _rollback_sqlite_from_backup(dest: Path, backup_dir: Path) -> None:
+    for sibling in _sqlite_siblings(dest):
+        _restore_sibling(sibling, backup_dir / sibling.name)
+
+
+def _replace_tree_with_backup(src: Optional[Path], dest: Path, backup_dir: Path) -> None:
+    dest.parent.mkdir(parents=True, exist_ok=True)
+    staged = dest.parent / f".{dest.name}.restore-{_stamp()}-{os.getpid()}"
+    backup = backup_dir / dest.name
+    if src and src.exists():
+        shutil.copytree(src, staged)
+    else:
+        staged.mkdir(parents=True)
+    try:
+        if dest.exists():
+            shutil.copytree(dest, backup)
+            shutil.rmtree(dest)
+        os.replace(staged, dest)
+    except Exception:
+        if staged.exists():
+            shutil.rmtree(staged)
+        if dest.exists():
+            shutil.rmtree(dest)
+        if backup.exists():
+            shutil.copytree(backup, dest)
+        raise
+
+
 class KGPortabilityService:
     def __init__(self, *, knowledge_graph: Any, data_dir, enable_graph: bool = True, device_identity: Any = None) -> None:
         self._kg = knowledge_graph
@@ -204,24 +277,19 @@ class KGPortabilityService:
                     }
                 db_dest = Path(self._kg.db_path)
                 blob_dest = Path(self._kg.blob_dir)
-                db_dest.parent.mkdir(parents=True, exist_ok=True)
-                # Drop the live DB + stale WAL/SHM siblings so the restored copy
-                # is authoritative (no stale journal overlaying old pages).
-                for sib in (db_dest, Path(str(db_dest) + "-wal"), Path(str(db_dest) + "-shm")):
-                    if sib.exists():
-                        sib.unlink()
-                shutil.copyfile(db_src, db_dest)
-                blob_src = tmp / "blobs"
-                if blob_src.exists():
-                    if blob_dest.exists():
-                        shutil.rmtree(blob_dest)
-                    shutil.copytree(blob_src, blob_dest)
-                else:
-                    blob_dest.mkdir(parents=True, exist_ok=True)
+                backup_dir = _pre_restore_backup_dir(db_dest)
+                try:
+                    _replace_sqlite_atomically(db_src, db_dest, backup_dir)
+                    blob_src = tmp / "blobs"
+                    _replace_tree_with_backup(blob_src if blob_src.exists() else None, blob_dest, backup_dir)
+                except Exception:
+                    _rollback_sqlite_from_backup(db_dest, backup_dir)
+                    raise
         stats = self._kg.stats()
         return {
             "restored": True,
             "manifest": manifest,
+            "pre_restore_backup": str(backup_dir),
             "nodes": sum(stats.get("nodes", {}).values()),
         }
 

package/lattice_brain/runtime/multi_agent.py

@@ -14,7 +14,7 @@ from datetime import datetime
 from typing import Any, Callable, Dict, List, Optional
 
 
-MULTI_AGENT_VERSION = "4.6.1"
+MULTI_AGENT_VERSION = "4.7.2"
 
 AGENT_ROLES = ("researcher", "planner", "executor", "reviewer", "release")
 CORE_PIPELINE = ("planner", "executor", "reviewer")

package/latticeai/__init__.py

@@ -1,3 +1,3 @@
 """Lattice AI - modular server package."""
 
-__version__ = "4.6.1"
+__version__ = "4.7.2"

package/latticeai/api/admin.py

@@ -2,11 +2,14 @@
 
 import logging
 from collections import defaultdict
+from datetime import datetime, timedelta
 from typing import Callable, Dict, List, Optional
 
-from fastapi import APIRouter, HTTPException, Request
+from fastapi import APIRouter, HTTPException, Query, Request
 from pydantic import BaseModel
 
+from latticeai.core.workspace_os import DEFAULT_WORKSPACE_ID
+
 
 class AdminUserUpdate(BaseModel):
     role: Optional[str] = None
@@ -42,6 +45,7 @@ def create_admin_router(
     save_users: Callable,
     get_user_role: Callable,
     get_history: Callable,
+    get_audit_log: Callable,
     public_user: Callable,
     load_vpc_config: Callable,
     save_vpc_config: Callable,
@@ -60,10 +64,89 @@ def create_admin_router(
 ) -> APIRouter:
     router = APIRouter()
 
+    def _workspace_scope(request: Request) -> Optional[str]:
+        header = request.headers.get("X-Workspace-Id")
+        if header and header.strip():
+            return header.strip()
+        query = request.query_params.get("workspace_id")
+        return query.strip() if query and query.strip() else None
+
+    def _matches_scope(item: Dict[str, object], workspace_id: Optional[str]) -> bool:
+        if not workspace_id:
+            return True
+        item_scope = item.get("workspace_id")
+        if not item_scope and workspace_id == DEFAULT_WORKSPACE_ID:
+            return True
+        return str(item_scope or "") == str(workspace_id)
+
+    def _scoped_history(request: Request) -> List[Dict]:
+        scope = _workspace_scope(request)
+        return [item for item in get_history() if _matches_scope(item, scope)]
+
+    def _scoped_audit_log(request: Request) -> List[Dict]:
+        scope = _workspace_scope(request)
+        return [item for item in get_audit_log() if _matches_scope(item, scope)]
+
+    def _filter_audit_log(
+        events: List[Dict],
+        *,
+        q: Optional[str] = None,
+        actor: Optional[str] = None,
+        action: Optional[str] = None,
+        severity: Optional[str] = None,
+        limit: int = 50,
+    ) -> List[Dict]:
+        needle = (q or "").strip().lower()
+        actor_filter = (actor or "").strip().lower()
+        action_filter = (action or "").strip().lower()
+        severity_filter = (severity or "").strip().lower()
+
+        def matches(event: Dict) -> bool:
+            public = _event_public_text(event)
+            if needle and needle not in public:
+                return False
+            if actor_filter and actor_filter not in str(event.get("user_email") or event.get("actor") or "").lower():
+                return False
+            event_action = str(event.get("event_type") or event.get("action") or "").lower()
+            if action_filter and action_filter not in event_action:
+                return False
+            event_severity = str(event.get("severity") or event.get("sev") or "").lower()
+            if severity_filter and event_severity != severity_filter:
+                return False
+            return True
+
+        capped_limit = max(1, min(int(limit or 50), 250))
+        return [event for event in events if matches(event)][-capped_limit:]
+
+    def _event_public_text(event: Dict) -> str:
+        parts = [
+            event.get("event_type"),
+            event.get("action"),
+            event.get("user_email"),
+            event.get("actor"),
+            event.get("target"),
+            event.get("target_email"),
+            event.get("workspace_id"),
+            event.get("severity"),
+            event.get("sev"),
+        ]
+        return " ".join(str(part).lower() for part in parts if part is not None)
+
+    def _parse_timestamp(value: object) -> Optional[datetime]:
+        if not value:
+            return None
+        try:
+            parsed = datetime.fromisoformat(str(value).replace("Z", "+00:00"))
+            if parsed.tzinfo is not None:
+                return parsed.astimezone().replace(tzinfo=None)
+            return parsed
+        except ValueError:
+            return None
+
     @router.get("/admin/summary")
     async def admin_summary(request: Request):
         _, users = require_admin(request)
-        history = get_history()
+        history = _scoped_history(request)
         user_msgs = [i for i in history if i.get("role") == "user"]
         asst_msgs = [i for i in history if i.get("role") == "assistant"]
         return {
@@ -79,7 +162,7 @@ def create_admin_router(
     @router.get("/admin/stats")
     async def admin_stats(request: Request):
         require_admin(request)
-        history = get_history()
+        history = _scoped_history(request)
         daily: dict = defaultdict(lambda: {"user": 0, "assistant": 0})
         for item in history:
             ts = item.get("timestamp", "")
@@ -98,12 +181,37 @@ def create_admin_router(
     @router.get("/admin/sensitivity")
     async def admin_sensitivity(request: Request):
         require_admin(request)
-        return build_sensitivity_report(get_history())
+        return build_sensitivity_report(_scoped_history(request))
 
     @router.get("/admin/audit")
-    async def admin_audit(request: Request):
+    async def admin_audit(
+        request: Request,
+        q: Optional[str] = Query(None),
+        actor: Optional[str] = Query(None),
+        action: Optional[str] = Query(None),
+        severity: Optional[str] = Query(None),
+        limit: int = Query(50, ge=1, le=250),
+    ):
         _, users = require_admin(request)
-        report = build_admin_audit_report(users)
+        scoped_events = _scoped_audit_log(request)
+        filtered_events = _filter_audit_log(
+            scoped_events,
+            q=q,
+            actor=actor,
+            action=action,
+            severity=severity,
+            limit=limit,
+        )
+        report = build_admin_audit_report(users, filtered_events)
+        report["filters"] = {
+            "q": q or "",
+            "actor": actor or "",
+            "action": action or "",
+            "severity": severity or "",
+            "limit": limit,
+            "matched_events": len(filtered_events),
+            "scoped_events": len(scoped_events),
+        }
         try:
             report["graph"] = get_graph_stats() if enable_graph else {"disabled": True}
         except Exception as e:
@@ -153,9 +261,36 @@ def create_admin_router(
                 {"id": "invite_gate", "label": "Invite gate",
                  "value": "Required for new accounts" if invite_gate_enabled else "Open registration",
                  "enforced": bool(invite_gate_enabled)},
+                {"id": "log_retention", "label": "Log retention",
+                 "value": "90 day local audit window with manual export before pruning", "enforced": True},
             ]
         }
 
+    @router.get("/admin/log-retention")
+    async def admin_log_retention(request: Request):
+        require_admin(request)
+        events = _scoped_audit_log(request)
+        retention_days = 90
+        cutoff = datetime.now() - timedelta(days=retention_days)
+        retained = 0
+        prune_candidates = 0
+        for event in events:
+            ts = _parse_timestamp(event.get("timestamp") or event.get("ts"))
+            if ts and ts < cutoff:
+                prune_candidates += 1
+            else:
+                retained += 1
+        return {
+            "mode": "local-first",
+            "retention_days": retention_days,
+            "total_events": len(events),
+            "retained_events": retained,
+            "prune_candidates": prune_candidates,
+            "export_before_prune": True,
+            "editable": False,
+            "reason": "Retention is reported in Community mode; destructive pruning requires an explicit export workflow.",
+        }
+
     @router.get("/admin/product-hardening")
     async def admin_product_hardening(request: Request):
         require_admin(request)

package/latticeai/api/chat.py

@@ -52,6 +52,7 @@ class AgentRequest(BaseModel):
     temperature: float = 0.1
     user_email: Optional[str] = None
     user_nickname: Optional[str] = None
+    workspace_id: Optional[str] = None
     planning_model: Optional[str] = None
     executing_model: Optional[str] = None
     reviewing_model: Optional[str] = None
@@ -136,6 +137,13 @@ def format_network_status(info: Dict) -> str:
         lines.extend(["", note])
     return "\n".join(lines)
 
+def workspace_scope_from_request(request: Request) -> Optional[str]:
+    header = request.headers.get("X-Workspace-Id")
+    if header and header.strip():
+        return header.strip()
+    query = request.query_params.get("workspace_id")
+    return query.strip() if query and query.strip() else None
+
 async def single_text_stream(text: str, model: str = "system") -> AsyncIterator[str]:
     yield f"data: {json.dumps({'chunk': text, 'model': model}, ensure_ascii=False)}\n\n"
     yield "data: [DONE]\n\n"
@@ -296,15 +304,20 @@ def create_chat_router(context: AppContext) -> APIRouter:
         )
         effective_email = req.user_email or current_user or None
         history_user = get_history_user(effective_email, req.user_nickname)
+        history_meta = {
+            "source": req.source or "web",
+            "conversation_id": req.conversation_id,
+            "workspace_id": workspace_scope_from_request(request),
+        }
     
         if is_network_status_request(req.message):
             history_message = f"{req.message}\n[Image attached]" if req.image_data else req.message
-            save_to_history("user", history_message, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+            save_to_history("user", history_message, **history_meta, **history_user)
             try:
                 answer = format_network_status(network_status())
             except ToolError as exc:
                 answer = f"네트워크 정보를 확인하지 못했습니다: {exc}"
-            save_to_history("assistant", answer, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+            save_to_history("assistant", answer, **history_meta, **history_user)
             notify_chat_message("user", req.message, req.source)
             notify_chat_message("assistant", answer, req.source)
             if req.stream:
@@ -362,8 +375,8 @@ def create_chat_router(context: AppContext) -> APIRouter:
     
         if is_current_url_request(req.message) and req.client_url:
             answer = f"현재 페이지 URL: {req.client_url}"
-            save_to_history("user", req.message, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
-            save_to_history("assistant", answer, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+            save_to_history("user", req.message, **history_meta, **history_user)
+            save_to_history("assistant", answer, **history_meta, **history_user)
             notify_chat_message("user", req.message, req.source)
             notify_chat_message("assistant", answer, req.source)
             if req.stream:
@@ -459,7 +472,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
             trace_seed["context_assembly"] = context_trace
     
         history_message = f"{req.message}\n[Image attached]" if req.image_data else req.message
-        save_to_history("user", history_message, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+        save_to_history("user", history_message, **history_meta, **history_user)
         notify_chat_message("user", req.message, req.source)
     
         if is_doc_gen and ENABLE_GRAPH and KNOWLEDGE_GRAPH:
@@ -488,7 +501,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
                         yield f"data: {json.dumps({'text': footnote}, ensure_ascii=False)}\n\n"
                         full_text += footnote
                     session.update(graph_md, full_text, req.conversation_id)
-                    save_to_history("assistant", full_text, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+                    save_to_history("assistant", full_text, **history_meta, **history_user)
                     trace_record = CHAT_SERVICE.record_trace(
                         question=req.message,
                         response=full_text,
@@ -513,7 +526,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
                 if footnote:
                     result += footnote
                 session.update(graph_md, result, req.conversation_id)
-                save_to_history("assistant", str(result), source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+                save_to_history("assistant", str(result), **history_meta, **history_user)
                 trace_record = CHAT_SERVICE.record_trace(
                     question=req.message,
                     response=str(result),
@@ -530,7 +543,14 @@ def create_chat_router(context: AppContext) -> APIRouter:
             if recent_context:
                 stream_context = f"[RECENT CONVERSATION]\n{recent_context}\n\n{context}".strip()
             return StreamingResponse(
-                _stream_chat(req, stream_context, req.image_data, trace_seed=trace_seed, effective_email=effective_email),
+                _stream_chat(
+                    req,
+                    stream_context,
+                    req.image_data,
+                    trace_seed=trace_seed,
+                    effective_email=effective_email,
+                    history_meta=history_meta,
+                ),
                 media_type="text/event-stream",
                 headers={"X-Model": router.current_model_id},
             )
@@ -549,7 +569,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
     
             result = await router.generate(req.message, full_context, req.max_tokens, req.temperature, req.image_data)
     
-            save_to_history("assistant", str(result), source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+            save_to_history("assistant", str(result), **history_meta, **history_user)
             trace_record = CHAT_SERVICE.record_trace(
                 question=req.message,
                 response=str(result),
@@ -637,6 +657,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
         *,
         trace_seed: Optional[Dict] = None,
         effective_email: Optional[str] = None,
+        history_meta: Optional[Dict] = None,
     ) -> AsyncIterator[str]:
         full_response = ""
         async for chunk in router.stream_generate(req.message, context, req.max_tokens, req.temperature, image_data):
@@ -651,8 +672,8 @@ def create_chat_router(context: AppContext) -> APIRouter:
     
             full_response += str(clean_chunk)
             yield f"data: {json.dumps({'chunk': clean_chunk, 'model': router.current_model_id}, ensure_ascii=False)}\n\n"
-        history_user = get_history_user(req.user_email, req.user_nickname)
-        save_to_history("assistant", full_response, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
+        history_user = get_history_user(effective_email or req.user_email, req.user_nickname)
+        save_to_history("assistant", full_response, **(history_meta or {}), **history_user)
         trace_record = CHAT_SERVICE.record_trace(
             question=req.message,
             response=full_response,
@@ -728,6 +749,7 @@ def create_chat_router(context: AppContext) -> APIRouter:
         """
         current_user = require_user(request)
         enforce_rate_limit(current_user, "agent")
+        req.workspace_id = req.workspace_id or workspace_scope_from_request(request)
         if not router.current_model_id:
             raise HTTPException(status_code=400, detail="No model loaded. Call /models/load first.")
     
@@ -776,8 +798,8 @@ def create_chat_router(context: AppContext) -> APIRouter:
         asyncio.create_task(_AGENT_RUNTIME.memory_update(ctx, req, current_user))
     
         message = ctx.final_message or "작업을 완료했습니다."
-        save_to_history("user", req.message, source=req.source or "web", conversation_id=req.conversation_id)
-        save_to_history("assistant", message, source=req.source or "web", conversation_id=req.conversation_id)
+        save_to_history("user", req.message, source=req.source or "web", conversation_id=req.conversation_id, workspace_id=req.workspace_id)
+        save_to_history("assistant", message, source=req.source or "web", conversation_id=req.conversation_id, workspace_id=req.workspace_id)
         try:
             WORKSPACE_OS.record_agent_run(
                 agent_id="agent:executor",