2b292d4924
* Remove outdated documentation files: Quick Start Guide, Apache AGE Analysis, and Scratchpad. * Add multi-tenant testing strategy and ADR index documentation - Introduced ADR 008 detailing the multi-tenant testing strategy for the ./starter environment, covering compatibility and multi-tenant modes, testing scenarios, and implementation details. - Created a comprehensive ADR index (README.md) summarizing all architecture decision records related to the multi-tenant implementation, including purpose, key sections, and reading paths for different roles. * feat(docs): Add comprehensive multi-tenancy guide and README for LightRAG Enterprise - Introduced `0008-multi-tenancy.md` detailing multi-tenancy architecture, key concepts, roles, permissions, configuration, and API endpoints. - Created `README.md` as the main documentation index, outlining features, quick start, system overview, and deployment options. - Documented the LightRAG architecture, storage backends, LLM integrations, and query modes. - Established a task log (`2025-01-21-lightrag-documentation-log.md`) summarizing documentation creation actions, decisions, and insights.
7.8 KiB
7.8 KiB
Multi-Tenant Architecture Audit
Date: November 29, 2025
Auditor: GitHub Copilot
Branch: feat/multi-tenannt
Scope: Full stack audit from Web UI to REST API to Storage
Executive Summary
This audit examines the multi-tenant implementation in LightRAG, covering:
- Web UI Layer (React/TypeScript frontend)
- REST API Layer (FastAPI backend)
- Storage Layer (PostgreSQL, Redis, Vector DBs)
Architecture Overview
┌─────────────────────────────────────────────────────────────────┐
│ Web UI Layer │
│ ┌─────────────┐ ┌──────────────┐ ┌─────────────────────────┐ │
│ │ TenantStore │ │ API Client │ │ DocumentManager/Query │ │
│ │ (Zustand) │◄─┤ (Axios) │◄─┤ Components │ │
│ └─────────────┘ └──────────────┘ └─────────────────────────┘ │
│ │ │ │ │
│ └────────────────┼──────────────────────┘ │
│ ▼ │
│ ┌───────────────────────────────────────────────────────────┐ │
│ │ HTTP Headers: X-Tenant-ID, X-KB-ID │ │
│ └───────────────────────────────────────────────────────────┘ │
└────────────────────────────────┬────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ REST API Layer │
│ ┌──────────────┐ ┌───────────────────┐ ┌──────────────────┐ │
│ │ Middleware │ │ Dependencies │ │ Route Handlers │ │
│ │ (Tenant │──▶│ (get_tenant_ctx) │──▶│ (Query/Doc/etc) │ │
│ │ Context) │ │ │ │ │ │
│ └──────────────┘ └───────────────────┘ └──────────────────┘ │
│ │ │ │
│ ▼ ▼ │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ TenantRAGManager │ │
│ │ - Per-tenant LightRAG instances │ │
│ │ - LRU caching with isolation │ │
│ │ - User access verification │ │
│ └──────────────────────────────────────────────────────────┘ │
└────────────────────────────────┬────────────────────────────────┘
│
▼
┌─────────────────────────────────────────────────────────────────┐
│ Storage Layer │
│ ┌─────────────────┐ ┌──────────────┐ ┌──────────────────┐ │
│ │ PostgreSQL │ │ Redis │ │ Vector DBs │ │
│ │ - tenant_id │ │ - Namespace │ │ - Metadata │ │
│ │ - kb_id columns │ │ prefixes │ │ filtering │ │
│ │ - Composite PK │ │ │ │ │ │
│ └─────────────────┘ └──────────────┘ └──────────────────┘ │
└─────────────────────────────────────────────────────────────────┘
Audit Components
1. Web UI Layer
- Tenant store state management
- API client header propagation
- Tenant/KB selection persistence
- Cross-component context sharing
- Document filtering by tenant/KB
- Query scoping by tenant/KB
2. REST API Layer
- Middleware tenant context extraction
- Dependency injection for tenant context
- Route handler tenant awareness
- TenantRAGManager isolation
- TenantService operations
- User access verification
3. Storage Layer
- PostgreSQL multi-tenant schema
- Redis namespace isolation
- Vector DB metadata filtering
- Composite key enforcement
- Cross-tenant data access prevention
Test Environment Setup
Configuration:
- Web UI: Local development (not Docker)
- REST API: Local development (not Docker)
- Database: Docker container (PostgreSQL + pgvector)
- Redis: Docker container
Documents in this Audit
00-audit-overview.md- This overview document01-test-protocol.md- Detailed test protocol and setup instructions02-webui-audit.md- Web UI layer findings03-api-audit.md- REST API layer findings04-storage-audit.md- Storage layer findings05-test-execution-log.md- Test execution progress and results06-issues-found.md- Issues discovered during audit07-recommendations.md- Final recommendations
Key Files Under Audit
Web UI
lightrag_webui/src/stores/tenant.ts- Tenant state managementlightrag_webui/src/api/client.ts- Axios interceptor for headerslightrag_webui/src/api/tenant.ts- Tenant/KB API functionslightrag_webui/src/features/DocumentManager.tsx- Document operationslightrag_webui/src/features/ChatQueryPanel.tsx- Query operations
REST API
lightrag/api/dependencies.py- Tenant context extractionlightrag/api/routers/tenant_routes.py- Tenant CRUDlightrag/api/routers/document_routes.py- Document operationslightrag/api/routers/query_routes.py- Query operationslightrag/tenant_rag_manager.py- RAG instance managementlightrag/services/tenant_service.py- Tenant business logic
Storage
lightrag/kg/postgres_impl.py- PostgreSQL storagelightrag/kg/postgres_tenant_support.py- Tenant SQL utilitieslightrag/kg/redis_tenant_support.py- Redis namespace utilitieslightrag/kg/vector_tenant_support.py- Vector DB utilities