remdb 0.3.157__py3-none-any.whl → 0.3.180__py3-none-any.whl

rem/agentic/agents/agent_manager.py

@@ -128,8 +128,9 @@ async def save_agent(
     )
 
     # Create Schema entity (user-scoped)
+    # Note: tenant_id defaults to "default" for anonymous users
     schema_entity = Schema(
-        tenant_id=user_id,
+        tenant_id=user_id or "default",
         user_id=user_id,
         name=name,
         spec=spec,

rem/agentic/context.py

@@ -2,11 +2,15 @@
 Agent execution context and configuration.
 
 Design pattern for session context that can be constructed from:
+- FastAPI Request object (preferred - extracts user from JWT via request.state)
 - HTTP headers (X-User-Id, X-Session-Id, X-Model-Name, X-Is-Eval, etc.)
 - Direct instantiation for testing/CLI
 
+User ID Sources (in priority order):
+1. request.state.user.id - From JWT token validated by auth middleware (SECURE)
+2. X-User-Id header - Fallback for backwards compatibility (less secure)
+
 Headers Mapping:
-    X-User-Id        → context.user_id
     X-Tenant-Id      → context.tenant_id (default: "default")
     X-Session-Id     → context.session_id
     X-Agent-Schema   → context.agent_schema_uri (default: "rem")
@@ -128,13 +132,87 @@ class AgentContext(BaseModel):
         logger.debug(f"No user_id from {source}, using None (anonymous/shared data)")
         return None
 
+    @classmethod
+    def from_request(cls, request: "Request") -> "AgentContext":
+        """
+        Construct AgentContext from a FastAPI Request object.
+
+        This is the PREFERRED method for API endpoints. It extracts user_id
+        from the authenticated user in request.state (set by auth middleware
+        from JWT token), which is more secure than trusting X-User-Id header.
+
+        Priority for user_id:
+        1. request.state.user.id - From validated JWT token (SECURE)
+        2. X-User-Id header - Fallback for backwards compatibility
+
+        Args:
+            request: FastAPI Request object
+
+        Returns:
+            AgentContext with user from JWT and other values from headers
+
+        Example:
+            @app.post("/api/v1/chat/completions")
+            async def chat(request: Request, body: ChatRequest):
+                context = AgentContext.from_request(request)
+                # context.user_id is from JWT, not header
+        """
+        from typing import TYPE_CHECKING
+        if TYPE_CHECKING:
+            from starlette.requests import Request
+
+        # Get headers dict
+        headers = dict(request.headers)
+        normalized = {k.lower(): v for k, v in headers.items()}
+
+        # Extract user_id from authenticated user (JWT) - this is the source of truth
+        user_id = None
+        tenant_id = "default"
+
+        if hasattr(request, "state"):
+            user = getattr(request.state, "user", None)
+            if user and isinstance(user, dict):
+                user_id = user.get("id")
+                # Also get tenant_id from authenticated user if available
+                if user.get("tenant_id"):
+                    tenant_id = user.get("tenant_id")
+                if user_id:
+                    logger.debug(f"User ID from JWT: {user_id}")
+
+        # Fallback to X-User-Id header if no authenticated user
+        if not user_id:
+            user_id = normalized.get("x-user-id")
+            if user_id:
+                logger.debug(f"User ID from X-User-Id header (fallback): {user_id}")
+
+        # Override tenant_id from header if provided
+        header_tenant = normalized.get("x-tenant-id")
+        if header_tenant:
+            tenant_id = header_tenant
+
+        # Parse X-Is-Eval header
+        is_eval_str = normalized.get("x-is-eval", "").lower()
+        is_eval = is_eval_str in ("true", "1", "yes")
+
+        return cls(
+            user_id=user_id,
+            tenant_id=tenant_id,
+            session_id=normalized.get("x-session-id"),
+            default_model=normalized.get("x-model-name") or settings.llm.default_model,
+            agent_schema_uri=normalized.get("x-agent-schema"),
+            is_eval=is_eval,
+        )
+
     @classmethod
     def from_headers(cls, headers: dict[str, str]) -> "AgentContext":
         """
-        Construct AgentContext from HTTP headers.
+        Construct AgentContext from HTTP headers dict.
+
+        NOTE: Prefer from_request() for API endpoints as it extracts user_id
+        from the validated JWT token in request.state, which is more secure.
 
         Reads standard headers:
-        - X-User-Id: User identifier
+        - X-User-Id: User identifier (fallback - prefer JWT)
         - X-Tenant-Id: Tenant identifier
         - X-Session-Id: Session identifier
         - X-Model-Name: Model override

rem/agentic/context_builder.py

@@ -12,7 +12,7 @@ User Context (on-demand by default):
 - System message includes REM LOOKUP hint for user profile
 - Agent decides whether to load profile based on query
 - More efficient for queries that don't need personalization
-- Example: "User ID: sarah@example.com. To load user profile: Use REM LOOKUP users/sarah@example.com"
+- Example: "User: sarah@example.com. To load user profile: Use REM LOOKUP \"sarah@example.com\""
 
 User Context (auto-inject when enabled):
 - Set CHAT__AUTO_INJECT_USER_CONTEXT=true
@@ -40,7 +40,7 @@ Usage (on-demand, default):
 
     # Messages list structure (on-demand):
     # [
-    #   {"role": "system", "content": "Today's date: 2025-11-22\nUser ID: sarah@example.com\nTo load user profile: Use REM LOOKUP users/sarah@example.com\nSession ID: sess-123\nTo load session history: Use REM LOOKUP messages?session_id=sess-123"},
+    #   {"role": "system", "content": "Today's date: 2025-11-22\nUser: sarah@example.com\nTo load user profile: Use REM LOOKUP \"sarah@example.com\"\nSession ID: sess-123\nTo load session history: Use REM LOOKUP messages?session_id=sess-123"},
     #   {"role": "user", "content": "What's next for the API migration?"}
     # ]
 
@@ -103,6 +103,7 @@ class ContextBuilder:
         headers: dict[str, str],
         new_messages: list[dict[str, str]] | None = None,
         db: PostgresService | None = None,
+        user_id: str | None = None,
     ) -> tuple[AgentContext, list[ContextMessage]]:
         """
         Build complete context from HTTP headers.
@@ -114,7 +115,7 @@ class ContextBuilder:
         - Agent can retrieve full content on-demand using REM LOOKUP
 
         User Context (on-demand by default):
-        - System message includes REM LOOKUP hint: "User ID: {user_id}. To load user profile: Use REM LOOKUP users/{user_id}"
+        - System message includes REM LOOKUP hint: "User: {email}. To load user profile: Use REM LOOKUP \"{email}\""
         - Agent decides whether to load profile based on query
 
         User Context (auto-inject when enabled):
@@ -125,6 +126,7 @@ class ContextBuilder:
             headers: HTTP request headers (case-insensitive)
             new_messages: New messages from current request
             db: Optional PostgresService (creates if None)
+            user_id: Override user_id from JWT token (takes precedence over X-User-Id header)
 
         Returns:
             Tuple of (AgentContext, messages list)
@@ -135,7 +137,7 @@ class ContextBuilder:
 
             # messages structure:
             # [
-            #   {"role": "system", "content": "Today's date: 2025-11-22\nUser ID: sarah@example.com\nTo load user profile: Use REM LOOKUP users/sarah@example.com"},
+            #   {"role": "system", "content": "Today's date: 2025-11-22\nUser: sarah@example.com\nTo load user profile: Use REM LOOKUP \"sarah@example.com\""},
             #   {"role": "user", "content": "Previous message"},
             #   {"role": "assistant", "content": "Start of long response... [REM LOOKUP session-123-msg-1] ...end"},
             #   {"role": "user", "content": "New message"}
@@ -147,6 +149,17 @@ class ContextBuilder:
         # Extract AgentContext from headers
         context = AgentContext.from_headers(headers)
 
+        # Override user_id if provided (from JWT token - takes precedence over header)
+        if user_id is not None:
+            context = AgentContext(
+                user_id=user_id,
+                tenant_id=context.tenant_id,
+                session_id=context.session_id,
+                default_model=context.default_model,
+                agent_schema_uri=context.agent_schema_uri,
+                is_eval=context.is_eval,
+            )
+
         # Initialize DB if not provided and needed (for user context or session history)
         close_db = False
         if db is None and (settings.chat.auto_inject_user_context or context.session_id):
@@ -178,8 +191,16 @@ class ContextBuilder:
                     context_hint += "\n\nNo user context available (anonymous or new user)."
             elif context.user_id:
                 # On-demand: Provide hint to use REM LOOKUP
-                context_hint += f"\n\nUser ID: {context.user_id}"
-                context_hint += f"\nTo load user profile: Use REM LOOKUP users/{context.user_id}"
+                # user_id is UUID5 hash of email - load user to get email for display and LOOKUP
+                user_repo = Repository(User, "users", db=db)
+                user = await user_repo.get_by_id(context.user_id, context.tenant_id)
+                if user and user.email:
+                    # Show email (more useful than UUID) and LOOKUP hint
+                    context_hint += f"\n\nUser: {user.email}"
+                    context_hint += f"\nTo load user profile: Use REM LOOKUP \"{user.email}\""
+                else:
+                    context_hint += f"\n\nUser ID: {context.user_id}"
+                    context_hint += "\nUser profile not available."
 
             # Add system context hint
             messages.append(ContextMessage(role="system", content=context_hint))
@@ -226,6 +247,9 @@ class ContextBuilder:
         """
         Load user profile from database and format as context.
 
+        user_id is always a UUID5 hash of email (bijection).
+        Looks up user by their id field in the database.
+
         Returns formatted string with:
         - User summary (generated by dreaming worker)
         - Current projects
@@ -239,6 +263,7 @@ class ContextBuilder:
 
         try:
             user_repo = Repository(User, "users", db=db)
+            # user_id is UUID5 hash of email - look up by database id
             user = await user_repo.get_by_id(user_id, tenant_id)
 
             if not user:

rem/agentic/mcp/tool_wrapper.py

@@ -149,12 +149,23 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
     parts = re.sub(r'_+', '_', parts).strip('_')  # Clean up multiple underscores
     func_name = f"get_{parts}"
 
+    # For parameterized URIs, append _by_{params} to avoid naming conflicts
+    # e.g., rem://agents/{name} -> get_rem_agents_by_name (distinct from get_rem_agents)
+    if template_vars:
+        param_suffix = "_by_" + "_".join(template_vars)
+        func_name = f"{func_name}{param_suffix}"
+
     # Build description including parameter info
     description = usage or f"Fetch {uri} resource"
     if template_vars:
         param_desc = ", ".join(template_vars)
         description = f"{description}\n\nParameters: {param_desc}"
 
+    # Capture mcp_server reference at tool creation time (for closure)
+    # This ensures the correct server is used even if called later
+    _captured_mcp_server = mcp_server
+    _captured_uri = uri  # Also capture URI for consistent logging
+
     if template_vars:
         # Template URI -> create parameterized tool
         async def wrapper(**kwargs: Any) -> str:
@@ -162,13 +173,17 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
             import asyncio
             import inspect
 
+            logger.debug(f"Resource tool invoked: uri={_captured_uri}, kwargs={kwargs}, mcp_server={'set' if _captured_mcp_server else 'None'}")
+
             # Try to resolve from MCP server's resource templates first
-            if mcp_server is not None:
+            if _captured_mcp_server is not None:
                 try:
                     # Get resource templates from MCP server
-                    templates = await mcp_server.get_resource_templates()
-                    if uri in templates:
-                        template = templates[uri]
+                    templates = await _captured_mcp_server.get_resource_templates()
+                    logger.debug(f"MCP server templates: {list(templates.keys())}")
+                    if _captured_uri in templates:
+                        template = templates[_captured_uri]
+                        logger.debug(f"Found template for {_captured_uri}, calling fn with kwargs={kwargs}")
                         # Call the template's underlying function directly
                         # The fn expects the template variables as kwargs
                         fn_result = template.fn(**kwargs)
@@ -178,17 +193,22 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
                         if isinstance(fn_result, str):
                             return fn_result
                         return json.dumps(fn_result, indent=2)
+                    else:
+                        logger.warning(f"Template {_captured_uri} not found in MCP server templates: {list(templates.keys())}")
                 except Exception as e:
-                    logger.warning(f"Failed to resolve resource {uri} from MCP server: {e}")
+                    logger.warning(f"Failed to resolve resource {_captured_uri} from MCP server: {e}", exc_info=True)
+            else:
+                logger.warning(f"No MCP server provided for resource tool {_captured_uri}, using fallback")
 
             # Fallback: substitute template variables and use load_resource
-            resolved_uri = uri
+            resolved_uri = _captured_uri
             for var in template_vars:
                 if var in kwargs:
                     resolved_uri = resolved_uri.replace(f"{{{var}}}", str(kwargs[var]))
                 else:
                     return json.dumps({"error": f"Missing required parameter: {var}"})
 
+            logger.debug(f"Using fallback load_resource for resolved URI: {resolved_uri}")
             from rem.api.mcp_router.resources import load_resource
             result = await load_resource(resolved_uri)
             if isinstance(result, str):
@@ -202,7 +222,7 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
         wrapper.__annotations__ = {var: str for var in template_vars}
         wrapper.__annotations__['return'] = str
 
-        logger.info(f"Built parameterized resource tool: {func_name} (uri: {uri}, params: {template_vars})")
+        logger.info(f"Built parameterized resource tool: {func_name} (uri: {uri}, params: {template_vars}, mcp_server={'provided' if mcp_server else 'None'})")
     else:
         # Concrete URI -> no-param tool
         async def wrapper(**kwargs: Any) -> str:
@@ -213,12 +233,16 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
             if kwargs:
                 logger.warning(f"Resource tool {func_name} called with unexpected kwargs: {list(kwargs.keys())}")
 
+            logger.debug(f"Concrete resource tool invoked: uri={_captured_uri}, mcp_server={'set' if _captured_mcp_server else 'None'}")
+
             # Try to resolve from MCP server's resources first
-            if mcp_server is not None:
+            if _captured_mcp_server is not None:
                 try:
-                    resources = await mcp_server.get_resources()
-                    if uri in resources:
-                        resource = resources[uri]
+                    resources = await _captured_mcp_server.get_resources()
+                    logger.debug(f"MCP server resources: {list(resources.keys())}")
+                    if _captured_uri in resources:
+                        resource = resources[_captured_uri]
+                        logger.debug(f"Found resource for {_captured_uri}")
                         # Call the resource's underlying function
                         fn_result = resource.fn()
                         if inspect.iscoroutine(fn_result):
@@ -226,12 +250,17 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
                         if isinstance(fn_result, str):
                             return fn_result
                         return json.dumps(fn_result, indent=2)
+                    else:
+                        logger.warning(f"Resource {_captured_uri} not found in MCP server resources: {list(resources.keys())}")
                 except Exception as e:
-                    logger.warning(f"Failed to resolve resource {uri} from MCP server: {e}")
+                    logger.warning(f"Failed to resolve resource {_captured_uri} from MCP server: {e}", exc_info=True)
+            else:
+                logger.warning(f"No MCP server provided for resource tool {_captured_uri}, using fallback")
 
             # Fallback to load_resource
+            logger.debug(f"Using fallback load_resource for URI: {_captured_uri}")
             from rem.api.mcp_router.resources import load_resource
-            result = await load_resource(uri)
+            result = await load_resource(_captured_uri)
             if isinstance(result, str):
                 return result
             return json.dumps(result, indent=2)
@@ -239,6 +268,6 @@ def create_resource_tool(uri: str, usage: str = "", mcp_server: Any = None) -> T
         wrapper.__name__ = func_name
         wrapper.__doc__ = description
 
-        logger.info(f"Built resource tool: {func_name} (uri: {uri})")
+        logger.info(f"Built resource tool: {func_name} (uri: {uri}, mcp_server={'provided' if mcp_server else 'None'})")
 
     return Tool(wrapper)

rem/agentic/providers/pydantic_ai.py

@@ -96,6 +96,35 @@ TODO:
 
     Priority: HIGH (blocks production scaling beyond 50 req/sec)
 
+    4. Response Format Control (structured_output enhancement):
+       - Current: structured_output is bool (True=strict schema, False=free-form text)
+       - Missing: OpenAI JSON mode (valid JSON without strict schema enforcement)
+       - Missing: Completions API support (some models only support completions, not chat)
+
+       Proposed schema field values for `structured_output`:
+         - True (default): Strict structured output using provider's native schema support
+         - False: Free-form text response (properties converted to prompt guidance)
+         - "json": JSON mode - ensures valid JSON but no schema enforcement
+                   (OpenAI: response_format={"type": "json_object"})
+         - "text": Explicit free-form text (alias for False)
+
+       Implementation:
+         a) Update AgentSchemaMetadata.structured_output type:
+            structured_output: bool | Literal["json", "text"] = True
+         b) In create_agent(), handle each mode:
+            - True: Use output_type with Pydantic model (current behavior)
+            - False/"text": Convert properties to prompt guidance (current behavior)
+            - "json": Use provider's JSON mode without strict schema
+         c) Provider-specific JSON mode:
+            - OpenAI: model_settings={"response_format": {"type": "json_object"}}
+            - Anthropic: Not supported natively, use prompt guidance
+            - Others: Fallback to prompt guidance with JSON instruction
+
+       Related: Some providers (Cerebras) have completions-only models where
+       structured output isn't available. Consider model capability detection.
+
+       Priority: MEDIUM (enables more flexible output control)
+
 Example Agent Schema:
 {
   "type": "object",
@@ -553,58 +582,70 @@ async def create_agent(
     if agent_schema:
         system_prompt = get_system_prompt(agent_schema)
         metadata = get_metadata(agent_schema)
-        mcp_server_configs = [s.model_dump() for s in metadata.mcp_servers] if hasattr(metadata, 'mcp_servers') and metadata.mcp_servers else []
         resource_configs = metadata.resources if hasattr(metadata, 'resources') else []
 
+        # DEPRECATED: mcp_servers in agent schemas is ignored
+        # MCP servers are now always auto-detected at the application level
+        if hasattr(metadata, 'mcp_servers') and metadata.mcp_servers:
+            logger.warning(
+                "DEPRECATED: mcp_servers in agent schema is ignored. "
+                "MCP servers are auto-detected from tools.mcp_server module. "
+                "Remove mcp_servers from your agent schema."
+            )
+
         if metadata.system_prompt:
             logger.debug("Using custom system_prompt from json_schema_extra")
     else:
         system_prompt = ""
         metadata = None
-        mcp_server_configs = []
         resource_configs = []
 
-    # Auto-detect local MCP server if not explicitly configured
-    # This makes mcp_servers config optional - agents get tools automatically
+    # Auto-detect MCP server at application level
+    # Convention: tools/mcp_server.py exports `mcp` FastMCP instance
+    # Falls back to REM's built-in MCP server if no local server found
+    import importlib
+    import os
+    import sys
+
+    # Ensure current working directory is in sys.path for local imports
+    cwd = os.getcwd()
+    if cwd not in sys.path:
+        sys.path.insert(0, cwd)
+
+    mcp_server_configs = []
+    auto_detect_modules = [
+        "tools.mcp_server",  # Convention: tools/mcp_server.py
+        "mcp_server",        # Alternative: mcp_server.py in root
+    ]
+    for module_path in auto_detect_modules:
+        try:
+            mcp_module = importlib.import_module(module_path)
+            if hasattr(mcp_module, "mcp"):
+                logger.info(f"Auto-detected local MCP server: {module_path}")
+                mcp_server_configs = [{"type": "local", "module": module_path, "id": "auto-detected"}]
+                break
+        except ImportError as e:
+            logger.debug(f"MCP server auto-detect: {module_path} not found ({e})")
+            continue
+        except Exception as e:
+            logger.warning(f"MCP server auto-detect: {module_path} failed to load: {e}")
+            continue
+
+    # Fall back to REM's default MCP server if no local server found
     if not mcp_server_configs:
-        import importlib
-        import os
-        import sys
-
-        # Ensure current working directory is in sys.path for local imports
-        cwd = os.getcwd()
-        if cwd not in sys.path:
-            sys.path.insert(0, cwd)
-
-        # Try common local MCP server module paths first
-        auto_detect_modules = [
-            "tools.mcp_server",  # Convention: tools/mcp_server.py
-            "mcp_server",        # Alternative: mcp_server.py in root
-        ]
-        for module_path in auto_detect_modules:
-            try:
-                mcp_module = importlib.import_module(module_path)
-                if hasattr(mcp_module, "mcp"):
-                    logger.info(f"Auto-detected local MCP server: {module_path}")
-                    mcp_server_configs = [{"type": "local", "module": module_path, "id": "auto-detected"}]
-                    break
-            except ImportError:
-                continue
-
-        # Fall back to REM's default MCP server if no local server found
-        if not mcp_server_configs:
-            logger.debug("No local MCP server found, using REM default")
-            mcp_server_configs = [{"type": "local", "module": "rem.mcp_server", "id": "rem"}]
+        logger.info("No local MCP server found, using REM default (rem.mcp_server)")
+        mcp_server_configs = [{"type": "local", "module": "rem.mcp_server", "id": "rem"}]
 
     # Extract temperature and max_iterations from schema metadata (with fallback to settings defaults)
     if metadata:
         temperature = metadata.override_temperature if metadata.override_temperature is not None else settings.llm.default_temperature
         max_iterations = metadata.override_max_iterations if metadata.override_max_iterations is not None else settings.llm.default_max_iterations
-        use_structured_output = metadata.structured_output
+        # Use schema-level structured_output if set, otherwise fall back to global setting
+        use_structured_output = metadata.structured_output if metadata.structured_output is not None else settings.llm.default_structured_output
     else:
         temperature = settings.llm.default_temperature
         max_iterations = settings.llm.default_max_iterations
-        use_structured_output = True
+        use_structured_output = settings.llm.default_structured_output
 
     # Build list of tools - start with built-in tools
     tools = _get_builtin_tools()
@@ -727,6 +768,7 @@ async def create_agent(
 
     # Create tools from collected resource URIs
     # Pass the loaded MCP server so resources can be resolved from it
+    logger.info(f"Creating {len(resource_uris)} resource tools with mcp_server={'set' if loaded_mcp_server else 'None'}")
     for uri, usage in resource_uris:
         resource_tool = create_resource_tool(uri, usage, mcp_server=loaded_mcp_server)
         tools.append(resource_tool)

rem/agentic/schema.py

@@ -215,12 +215,13 @@ class AgentSchemaMetadata(BaseModel):
     )
 
     # Structured output toggle
-    structured_output: bool = Field(
-        default=True,
+    structured_output: bool | None = Field(
+        default=None,
         description=(
             "Whether to enforce structured JSON output. "
             "When False, the agent produces free-form text and schema properties "
-            "are converted to prompt guidance instead. Default: True (JSON output)."
+            "are converted to prompt guidance instead. "
+            "Default: None (uses LLM__DEFAULT_STRUCTURED_OUTPUT setting, which defaults to False)."
         ),
     )
 

rem/agentic/tools/rem_tools.py

@@ -3,6 +3,17 @@ REM tools for agent execution (CLI and API compatible).
 
 These tools work in both CLI and API contexts by initializing services on-demand.
 They wrap the service layer directly, not MCP tools.
+
+Core tables (always available):
+- resources: Documents, content chunks, artifacts
+- moments: Temporal narratives extracted from resources (usually user-specific)
+- ontologies: Domain entities with semantic links for further lookups (like a wiki)
+
+Other tables (may vary by deployment):
+- users, sessions, messages, files, schemas, feedbacks
+
+Note: Not all tables are populated in all systems. Use FUZZY or SEARCH
+to discover what data exists before assuming specific tables have content.
 """
 
 from typing import Any, Literal, cast

rem/api/deps.py

@@ -147,7 +147,6 @@ def is_admin(user: dict | None) -> bool:
 async def get_user_filter(
     request: Request,
     x_user_id: str | None = None,
-    x_tenant_id: str = "default",
 ) -> dict[str, Any]:
     """
     Get user-scoped filter dict for database queries.
@@ -158,7 +157,6 @@ async def get_user_filter(
     Args:
         request: FastAPI request
         x_user_id: Optional user_id filter (admin only for cross-user)
-        x_tenant_id: Tenant ID for multi-tenancy
 
     Returns:
         Filter dict with appropriate user_id constraint
@@ -169,7 +167,7 @@ async def get_user_filter(
             return await repo.find(filters)
     """
     user = get_current_user(request)
-    filters: dict[str, Any] = {"tenant_id": x_tenant_id}
+    filters: dict[str, Any] = {}
 
     if is_admin(user):
         # Admin can filter by any user or see all

rem/api/main.py

@@ -149,19 +149,38 @@ class RequestLoggingMiddleware(BaseHTTPMiddleware):
         client_host = request.client.host if request.client else "unknown"
         user_agent = request.headers.get('user-agent', 'unknown')[:100]
 
+        # Extract auth info for logging (first 8 chars of token for debugging)
+        auth_header = request.headers.get('authorization', '')
+        auth_preview = ""
+        if auth_header.startswith('Bearer '):
+            token = auth_header[7:]
+            auth_preview = f"Bearer {token[:8]}..." if len(token) > 8 else f"Bearer {token}"
+
         # Process request
         response = await call_next(request)
 
+        # Extract user info set by auth middleware (after processing)
+        user = getattr(request.state, "user", None)
+        user_id = user.get("id", "none")[:12] if user else "anon"
+        user_email = user.get("email", "") if user else ""
+
         # Determine log level based on path AND response status
         duration_ms = (time.time() - start_time) * 1000
         use_debug = self._should_log_at_debug(path, response.status_code)
         log_fn = logger.debug if use_debug else logger.info
 
-        # Log request and response together
+        # Build user info string
+        user_info = f"user={user_id}"
+        if user_email:
+            user_info += f" ({user_email})"
+        if auth_preview:
+            user_info += f" | auth={auth_preview}"
+
+        # Log request and response together with auth info
         log_fn(
             f"→ REQUEST: {request.method} {path} | "
             f"Client: {client_host} | "
-            f"User-Agent: {user_agent}"
+            f"{user_info}"
         )
         log_fn(
             f"← RESPONSE: {request.method} {path} | "