Resolve add/add conflicts by keeping the complete Phase 0 versions
of test_tenant_isolation_p0.py and the design spec (our branch is
a superset of the squash-merged copilot hotfix content).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs: add tenant data isolation design spec
Complete architecture plan for multi-tenant data isolation across
all layers (PostgreSQL RLS, application-layer filtering, schema
migration, testing strategy, and phased rollout checklist).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs: add background job isolation policy to tenant isolation spec
Documents policy for all 5 existing background jobs:
- Knowledge Flywheel and PSA Retry flagged for account_id threading
- Chat Retention already follows correct pattern (model for others)
- Maintenance Schedule Firing needs account_id in queries + Session creation
- AI Conversation Expiry approved as cross-tenant with justification
Adds approved cross-tenant query registry and Phase 2 checklist items.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* docs: add tenant isolation Phase 0 implementation plan
8 tasks covering: CRITICAL copilot hotfix, tenant_filter() helper,
get_tenant_context dependency, analytics/category/AI session gap fixes,
full UUID endpoint audit, TargetList dead code audit, teams orphan
check, and CI grep check for missing tenant filters.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: CRITICAL — scope copilot tree query to current account
A user who knew another account's tree UUID could start a copilot
conversation, causing the tree's full node structure, names, and
descriptions to be sent to the AI as part of the system prompt.
Fix: add account_id (or is_default / visibility='public') filter to
the tree SELECT in copilot_service.start_conversation(). Returns 404
for inaccessible trees. Test added in test_tenant_isolation_p0.py.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
- Rename _get_tree_or_403 → _get_tree_or_404 in maintenance_schedules.py
(function now raises 404, old name was misleading)
- Restore HTTP 403 for intra-account permission failures in update_tree:
same-account users who can see a tree but can't edit it got 404 (wrong);
only cross-account lookups should return 404 to avoid confirming existence
- Apply same 403/404 distinction to update_tree_visibility
- Add test: get_documentation must return 404 for cross-user session access
- Add comment documenting owner-only design for documentation endpoints
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
get_documentation was revealing session existence via 403. Added pre-check
query filtering by session_id AND user_id before calling the engine.
Also add cross-tenant isolation tests for steps, tags, step_categories,
and maintenance_schedules endpoints fixed in Task 6 (TDD was skipped).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
get_step_category now returns 404 for account-specific categories that
belong to another account, preventing resource existence confirmation.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
get_tag now returns 404 for account-specific tags that belong to another
account, preventing resource existence confirmation.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
_get_tree_or_403 now returns 404 when the user's team does not match,
preventing confirmation of tree existence across teams.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
revoke_share and create_share now return 404 when the caller is not the
owner, preventing resource existence confirmation across users.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
get_upload_url and delete_upload now return 404 when the upload belongs to
a different account/user, preventing resource existence confirmation.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
get_step_or_404 now returns 404 when can_view_step or can_edit_step fails,
preventing confirmation of step existence across tenant boundaries.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
get_tree and update_tree now return 404 when a user cannot access a tree
(private tree from another account). Prevents confirming resource existence
across tenant boundaries.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
All session endpoints (get, update, complete, scratchpad, variables, export,
ticket-link) now return 404 instead of 403 when a user tries to access
another user's session. This prevents confirming existence of resources
across tenant boundaries.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Cross-tenant isolation audit found:
- retry-psa-push had NO ownership check (CRITICAL) — any user could retry any session's PSA push
- save_task_lane used db.get() without ownership filter, returned 403 revealing existence
- get_session returned 403 instead of 404 for unauthorized access
- stream_documentation returned 403 instead of 404
All now use query-level user_id filtering and return 404 to avoid revealing existence.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Search endpoint used OR(user_id, account_id), exposing other users'
problem_summary and problem_domain within the same account. Sessions
are user-scoped only — cross-user access requires explicit escalation
or sharing. List and search endpoints now behave consistently.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
tree_count on GET /categories/{id} was including trees from all
accounts, leaking cross-tenant row counts.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Any authenticated user could read flow analytics (session counts,
completion rates, CSAT) for any tree UUID. Now returns 404 if the
tree doesn't belong to the requesting account.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
tenant_filter(model, account_id) is the canonical app-layer tenant
scoping expression. Every query on a tenant table must use it.
build_tree_access_filter and build_step_visibility_filter updated
to call tenant_filter() internally for the account_id match.
get_tenant_context is a FastAPI dependency that returns account_id
or raises 403 if the user has no account — prevents raw access to
current_user.account_id and centralises the null check.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Three fixes from beta tester session feedback:
1. MCP error handling (backend/app/services/assistant_chat_service.py)
- The MCP Microsoft Learn integration was catching only BadRequestError.
Any other error type (APIStatusError, APIConnectionError, timeout) from
the external MCP server propagated as a 502, causing the generic error.
- Now catches all Exception types when MCP is active and retries without
MCP using the stable client.messages.create endpoint.
2. Frontend error UX (frontend/src/pages/AssistantChatPage.tsx)
- catch {} was silently swallowing all errors and inserting a generic
assistant message. Now: differentiates 429 (rate limit) vs 502/503
(AI unavailable), removes the optimistic user message on failure,
restores the failed message to the input so users can retry without
retyping, and logs errors to console for debugging.
3. Image attachments visible in chat (frontend/src/components/assistant/ChatMessage.tsx)
- Uploaded images were sent to the AI correctly but never shown in the
chat thread. Now captures preview URLs before clearing pendingUploads
and renders thumbnails above the user bubble, clickable to full size.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add persistent session header with title, status badge, Resolve,
Escalate, and Update Ticket/Share Update buttons — mirrors
FlowPilotSessionPage pattern exactly
- Update Ticket label when psa_ticket_id present, Share Update otherwise
- Full mobile support via ⋯ overflow menu (Resolve, Escalate, Update, Pause)
- Strip _(not yet completed)_ markers from stored conversation_messages
in unified_chat_service to prevent stale task lane items from prior
turns leaking into new sessions via the AI's re-include instruction
- Add currentChatRef guard to handleResumeNew (was missing unlike handleSend)
- Remove Update/Conclude from chatbar — toolbar is now input utilities only
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Import and call clearTaskState before updating questions/actions in
handleSend and handleTaskSubmit so new AI tasks always replace stale
sessionStorage cache instead of being overridden by it
- Include pending (not yet completed) tasks in the AI message on partial
submit so the AI knows which tasks were left unanswered
- Fix stale closure in TaskLane saveTaskLane useEffect — use refs for
questions/actions so the debounced backend save always uses current values
- Add responses field to pending_task_lane TypeScript type, removing the
unsafe double-cast in selectChat
- Instruct the AI to re-surface incomplete tasks unless ≥75% confident
the information is no longer needed
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Reformat PSA resolution/escalation notes: clean single-line header,
steps with engineer responses inline, remove duplicate timing blocks,
remove AI confidence section, add follow-up recommendations
- Standardize time display to decimal hours (e.g. 0.25 hrs) across all
note formatters and status update context
- Add follow_up_recommendations to SessionDocumentation schema and
surface in SessionDocView; extracted from resolution suggestion steps
- Add _build_what_we_know() helper: uses session.evidence_items when
cockpit branch merges, falls back to deriving findings from steps
- Fix option label lookup in generate_status_update (was passing raw
machine values to AI instead of human-readable labels)
- Add 'What We Know' section to status update ticket notes prompt
- Improve _build_session_context in resolution_output_generator to
include intake text and full step details instead of truncated chat
- Add request_info audience type: client-facing information request
that skips the length step and generates a numbered question list
- Improve client_update and email_draft prompts with per-context
guidance (status/resolution/escalation) and fix escalation subject
line from 'Specialist Review' to 'Specialist Assistance'
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- script_builder endpoint: pg_advisory_xact_lock on user_id before
session count check, preventing concurrent creates from both passing
the MAX_SESSIONS_PER_USER guard
- script_builder_service send_message: pg_advisory_xact_lock on session_id
before message count check, preventing concurrent sends from both
passing the MAX_MESSAGES_PER_SESSION guard
- script_builder_service save_to_library: replace check-then-insert slug
logic with IntegrityError retry loop (3 attempts with fresh UUID suffix);
add unique constraint on script_templates.slug (migration 070)
- ScriptBuilderPage: add creatingSessionRef to serialize concurrent
handleSend calls that would otherwise both call createSession() while
session is still null
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The generate_status_update service inserted AISessionStep with
step_type='status_update' which violated the DB CHECK constraint,
causing a 500 error. Also fix incorrect field name confidence_score
(should be confidence_at_step) and remove nonexistent confidence_tier.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Previously save_to_library() hardcoded parameters_schema to empty and
always used session.latest_script. Now accepts optional overrides from
the frontend for parameterized script bodies.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
_build_session_detail was omitting pending_task_lane, is_branching, and
active_branch_id from the GET /ai-sessions/{id} response. The fields
existed on the schema and model but were never passed in the manual
constructor, so task lane state could never be restored on navigation.
Also adds console logging to AssistantChatPage selectChat flow to
diagnose message restoration, and fixes ScriptTemplateEditor stepper
dismiss firing during programmatic script_body updates.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add PUT /ai-sessions/{id}/task-lane endpoint that saves the full task
lane state (AI questions/actions + user's in-progress responses) to
the pending_task_lane JSONB column. TaskLane debounce-saves to the
backend every 2s after changes. On session load, user responses are
restored from the backend into sessionStorage so TaskLane picks them
up on mount. Users can now close the browser, come back later, and
find their task lane exactly where they left it.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Task lane questions/actions are now saved to a pending_task_lane JSONB
column on ai_sessions, restoring them on session switch or page reload.
Partial submit no longer force-clears the lane — the AI response
controls what stays. Also removes redundant "New Session" button from
the sidebar (dashboard already provides this).
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add DOCX MIME type to ALLOWED_DOCUMENT_TYPES in storage_service.py
- Add python-docx text extraction in _generate_ai_description
- Extract shared _store_document_content helper for PDF/DOCX
- Add python-docx>=1.1.0 to requirements.txt
- Add tests for docx upload acceptance and document fetch
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
PDF uploads were stored in S3 and had text extracted during upload, but
fetch_upload_images() filtered exclusively for image MIME types, so
document content never reached the AI.
- Add fetch_upload_documents() in storage_service.py to retrieve
extracted_content for PDFs and text files
- Update ai_sessions.py chat endpoint to call both fetch_upload_images
and fetch_upload_documents, injecting document text as context
- Add PDF text extraction in _generate_ai_description (pypdf)
- Add pypdf>=4.0.0 to requirements.txt
- Fix test_db teardown to avoid connection pool issues
- Add 5 tests for fetch_upload_documents
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
When user.team_id is None, `WHERE team_id == None` matches all
personal templates. Return empty set instead when user has no team.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- script_template.py: add server_default to ALL NOT NULL columns so
Base.metadata.create_all matches Alembic behavior for raw SQL INSERTs
- test_session_branches_api.py: fork_reason needs 5+ chars ("test" → "testing fork")
- test_scripts.py: engineers CAN create templates (assert 201, not 403)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- script_template.py: add server_default for requires_elevation,
is_gallery_featured, gallery_sort_order so Base.metadata.create_all
emits proper SQL DEFAULTs (test fixtures use raw SQL INSERT)
- session_branches.py: refresh fork_point after commit so JSONB options
field is loaded before Pydantic serialization
- test_session_branches_api.py: add status assertion on fork response
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
SQLAlchemy SAWarning about overlapping relationships was promoted to
an error by pytest filterwarnings=error, crashing mapper initialization
and causing 500s on every request — cascading to 423+ test failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add back_populates to SessionBranch.session ↔ AISession.branches
to fix SQLAlchemy InvalidRequestError that broke all backend tests
- Remove unused 'tree' variable in command-palette.spec.ts
- Suppress setState-in-effect lint rule in TaskLane (intentional sync)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix system prompt to ensure [QUESTIONS]/[ACTIONS] markers in AI responses
- Add format reminder injection to user messages for marker compliance
- Wire TaskLane activation in prefill and resume paths
- Add ActionCardGroup component for structured question/action rendering
- Update FlowPilot session and step card components
- Update ai-session schemas and types for marker data
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
SQLAlchemy can't resolve ambiguous FK paths when tables have
multiple cross-references. All relationships now specify foreign_keys.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Integrates ResolutionOutputGenerator into the resolve endpoint so that
structured outputs (ticket note, KB article, etc.) are auto-generated
after every successful session resolution. Non-blocking — resolve still
succeeds if output generation fails.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds _generate_ai_description background task that fires after a
successful upload: images get a one-sentence vision description via
Claude, text/log/config files get extracted_content + AI summary when
>2000 chars. Runs as asyncio.create_task so it never blocks the upload
response. Errors are logged and swallowed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds GET /outputs, PATCH /outputs/{id}, and POST /outputs/{id}/push
endpoints under /ai-sessions/{session_id}/, plus integration tests.
Router registered before ai_sessions to avoid path conflict.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds ResolutionOutputGenerator service that generates PSA ticket notes,
knowledge base article draft, and client summary on session resolve, plus
integration tests for generate_all and edit_output.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Four endpoints: create handoff (park/escalate), list handoff history,
claim session, and team queue. Two routers: session-scoped router with
prefix /ai-sessions/{session_id} and queue_router with prefix /ai-sessions.
queue_router registered before ai_sessions.router to avoid /{session_id}
path conflict on GET /ai-sessions/queue.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Unified park/escalate handoff management with snapshot generation,
AI diagnostic assessment for escalations (via _call_ai), claim workflow
that reactivates sessions, PSA push via existing psa_documentation_service,
and team queue query. Dual-writes to ai_sessions.escalation_package for
backward compatibility.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add is_branching guard to unified_chat_service.send_chat_message() that
routes messages through BranchAwarePromptBuilder when a session has active
branching. Add branch_id to all AISessionStep constructor calls in
flowpilot_engine.py via optional branch_id param on _create_step_from_parsed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
