gmakstutis/LightRAG
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
LightRAG/docs/0004-multi-tenant-ux-state-management.md
Raphael MANSUY fe9b8ec02a
tests: stabilize integration tests + skip external services; fix multi-tenant API behavior and idempotency (#4) 
* feat: Implement multi-tenant architecture with tenant and knowledge base models

- Added data models for tenants, knowledge bases, and related configurations.
- Introduced role and permission management for users in the multi-tenant system.
- Created a service layer for managing tenants and knowledge bases, including CRUD operations.
- Developed a tenant-aware instance manager for LightRAG with caching and isolation features.
- Added a migration script to transition existing workspace-based deployments to the new multi-tenant architecture.

* chore: ignore lightrag/api/webui/assets/ directory

* chore: stop tracking lightrag/api/webui/assets (ignore in .gitignore)

* feat: Initialize LightRAG Multi-Tenant Stack with PostgreSQL

- Added README.md for project overview, setup instructions, and architecture details.
- Created docker-compose.yml to define services: PostgreSQL, Redis, LightRAG API, and Web UI.
- Introduced env.example for environment variable configuration.
- Implemented init-postgres.sql for PostgreSQL schema initialization with multi-tenant support.
- Added reproduce_issue.py for testing default tenant access via API.

* feat: Enhance TenantSelector and update related components for improved multi-tenant support

* feat: Enhance testing capabilities and update documentation

- Updated Makefile to include new test commands for various modes (compatibility, isolation, multi-tenant, security, coverage, and dry-run).
- Modified API health check endpoint in Makefile to reflect new port configuration.
- Updated QUICK_START.md and README.md to reflect changes in service URLs and ports.
- Added environment variables for testing modes in env.example.
- Introduced run_all_tests.sh script to automate testing across different modes.
- Created conftest.py for pytest configuration, including database fixtures and mock services.
- Implemented database helper functions for streamlined database operations in tests.
- Added test collection hooks to skip tests based on the current MULTITENANT_MODE.

* feat: Implement multi-tenant support with demo mode enabled by default

- Added multi-tenant configuration to the environment and Docker setup.
- Created pre-configured demo tenants (acme-corp and techstart) for testing.
- Updated API endpoints to support tenant-specific data access.
- Enhanced Makefile commands for better service management and database operations.
- Introduced user-tenant membership system with role-based access control.
- Added comprehensive documentation for multi-tenant setup and usage.
- Fixed issues with document visibility in multi-tenant environments.
- Implemented necessary database migrations for user memberships and legacy support.

* feat(audit): Add final audit report for multi-tenant implementation

- Documented overall assessment, architecture overview, test results, security findings, and recommendations.
- Included detailed findings on critical security issues and architectural concerns.

fix(security): Implement security fixes based on audit findings

- Removed global RAG fallback and enforced strict tenant context.
- Configured super-admin access and required user authentication for tenant access.
- Cleared localStorage on logout and improved error handling in WebUI.

chore(logs): Create task logs for audit and security fixes implementation

- Documented actions, decisions, and next steps for both audit and security fixes.
- Summarized test results and remaining recommendations.

chore(scripts): Enhance development stack management scripts

- Added scripts for cleaning, starting, and stopping the development stack.
- Improved output messages and ensured graceful shutdown of services.

feat(starter): Initialize PostgreSQL with AGE extension support

- Created initialization scripts for PostgreSQL extensions including uuid-ossp, vector, and AGE.
- Ensured successful installation and verification of extensions.

* feat: Implement auto-select for first tenant and KB on initial load in WebUI

- Removed WEBUI_INITIAL_STATE_FIX.md as the issue is resolved.
- Added useTenantInitialization hook to automatically select the first available tenant and KB on app load.
- Integrated the new hook into the Root component of the WebUI.
- Updated RetrievalTesting component to ensure a KB is selected before allowing user interaction.
- Created end-to-end tests for multi-tenant isolation and real service interactions.
- Added scripts for starting, stopping, and cleaning the development stack.
- Enhanced API and tenant routes to support tenant-specific pipeline status initialization.
- Updated constants for backend URL to reflect the correct port.
- Improved error handling and logging in various components.

* feat: Add multi-tenant support with enhanced E2E testing scripts and client functionality

* update client

* Add integration and unit tests for multi-tenant API, models, security, and storage

- Implement integration tests for tenant and knowledge base management endpoints in `test_tenant_api_routes.py`.
- Create unit tests for tenant isolation, model validation, and role permissions in `test_tenant_models.py`.
- Add security tests to enforce role-based permissions and context validation in `test_tenant_security.py`.
- Develop tests for tenant-aware storage operations and context isolation in `test_tenant_storage_phase3.py`.

* feat(e2e): Implement OpenAI model support and database reset functionality

* Add comprehensive test suite for gpt-5-nano compatibility

- Introduced tests for parameter normalization, embeddings, and entity extraction.
- Implemented direct API testing for gpt-5-nano.
- Validated .env configuration loading and OpenAI API connectivity.
- Analyzed reasoning token overhead with various token limits.
- Documented test procedures and expected outcomes in README files.
- Ensured all tests pass for production readiness.

* kg(postgres_impl): ensure AGE extension is loaded in session and configure graph initialization

* dev: add hybrid dev helper scripts, Makefile, docker-compose.dev-db and local development docs

* feat(dev): add dev helper scripts and local development documentation for hybrid setup

* feat(multi-tenant): add detailed specifications and logs for multi-tenant improvements, including UX, backend handling, and ingestion pipeline

* feat(migration): add generated tenant/kb columns, indexes, triggers; drop unused tables; update schema and docs

* test(backward-compat): adapt tests to new StorageNameSpace/TenantService APIs (use concrete dummy storages)

* chore: multi-tenant and UX updates — docs, webui, storage, tenant service adjustments

* tests: stabilize integration tests + skip external services; fix multi-tenant API behavior and idempotency

- gpt5_nano_compatibility: add pytest-asyncio markers, skip when OPENAI key missing, prevent module-level asyncio.run collection, add conftest
- Ollama tests: add server availability check and skip markers; avoid pytest collection warnings by renaming helper classes
- Graph storage tests: rename interactive test functions to avoid pytest collection
- Document & Tenant routes: support external_ids for idempotency; ensure HTTPExceptions are re-raised
- LightRAG core: support external_ids in apipeline_enqueue_documents and idempotent logic
- Tests updated to match API changes (tenant routes & document routes)
- Add logs and scripts for inspection and audit
2025-12-04 16:04:21 +08:00

213 lines
8.3 KiB
Markdown
Raw Blame History

# Multi-Tenant UX & State Management
This document describes the multi-tenant state management architecture implemented in LightRAG, covering tenant switching, URL handling, state persistence, and security considerations.
## Overview
LightRAG implements a header-based multi-tenant architecture where:
- **Tenant context** is provided via `X-Tenant-ID` and `X-KB-ID` HTTP headers
- **URLs are tenant-agnostic** - they contain only UI state (page, filters, sort)
- **State is persisted** per-tenant in sessionStorage for quick restores
- **Security** is enforced server-side with token validation
## Architecture Diagram
```
┌─────────────────────────────────────────────────────────────────┐
│ Frontend (WebUI) │
├─────────────────────────────────────────────────────────────────┤
│ ┌─────────────────┐ ┌─────────────────┐ ┌──────────────┐ │
│ │ TenantStateManager │←→│ sessionStorage │ │ URL │ │
│ │ │ │ (tenant-scoped) │ │ (no tenant) │ │
│ └────────┬──────────┘ └─────────────────┘ └──────────────┘ │
│ │ │
│ ┌────────▼──────────┐ │
│ │ Axios Interceptor │ ──── Adds X-Tenant-ID / X-KB-ID headers │
│ └────────┬──────────┘ │
└───────────┼─────────────────────────────────────────────────────┘
▼ HTTP Requests with headers
┌───────────────────────────────────────────────────────────────────┐
│ Backend (API) │
├───────────────────────────────────────────────────────────────────┤
│ ┌─────────────────────┐ │
│ │ dependencies.py │ ─── Extracts & validates tenant context │
│ │ get_tenant_context │ │
│ └──────────┬──────────┘ │
│ │ │
│ ┌──────────▼──────────┐ ┌─────────────────┐ │
│ │ TenantRAGManager │───→│ Tenant-scoped │ │
│ │ │ │ LightRAG inst. │ │
│ └──────────────────────┘ └─────────────────┘ │
└───────────────────────────────────────────────────────────────────┘
```
## Frontend State Management
### TenantStateManager
The `tenantStateManager` is a centralized module for managing tenant+route state:
```typescript
import { tenantStateManager } from '@/services/tenantStateManager'
// Get state for current tenant and route
const state = tenantStateManager.getState(tenantId, 'documents')
// Update state (persists to sessionStorage)
tenantStateManager.setState(tenantId, 'documents', { page: 5 })
// Sync to URL (debounced, tenant-agnostic)
tenantStateManager.syncToURL('documents', state)
// Handle tenant switch
tenantStateManager.onTenantSwitch(oldTenantId, newTenantId)
```
### State Storage Strategy
| Priority | Storage | Purpose |
|----------|---------|---------|
| Primary | URL query params | Route-level UI settings (page, filters, sort) |
| Secondary | sessionStorage | Per-tenant state for quick restores |
| Tertiary | In-memory | Fast runtime access |
**Key Format for sessionStorage:**
```
lightrag:tenant:<tenantId>:route:<routeName>
```
### useRouteState Hook
React hook for easy integration:
```typescript
function DocumentManager() {
const {
page,
pageSize,
sort,
sortDirection,
filters,
setPage,
setFilters,
resetState,
} = useRouteState('documents')
// State changes automatically sync to URL and sessionStorage
}
```
## URL Format
URLs are **tenant-agnostic** for security. Examples:
```
/documents?kb=backup&page=3&pageSize=25&filters=status:active
/graph?kb=master&view=graph&filters=entityType:company
/retrieval?q=search+query
```
**Security Note:** Tenant identifiers are NEVER included in URLs. Tenant context comes from:
1. `X-Tenant-ID` header (required)
2. `X-KB-ID` header (optional, defaults to first KB)
3. Authorization token claims (for validation)
## Backend Tenant Resolution
The backend resolves tenant context in `dependencies.py`:
```python
async def get_tenant_context(
request: Request,
authorization: Optional[str] = Header(None),
x_tenant_id: Optional[str] = Header(None, alias="X-Tenant-ID"),
x_kb_id: Optional[str] = Header(None, alias="X-KB-ID"),
) -> TenantContext:
"""
Priority for tenant_id resolution:
1. Middleware state (subdomain/JWT extracted early)
2. Token metadata
3. X-Tenant-ID header (fallback)
"""
```
## Ingestion Idempotency
The ingestion API supports idempotency via `external_id`:
```python
# Request
POST /documents/text
X-Tenant-ID: tenant-123
X-KB-ID: kb-456
{
"text": "Document content...",
"external_id": "my-unique-doc-id"
}
# Response (first time)
{"status": "success", "track_id": "insert_xxx"}
# Response (same external_id again)
{"status": "duplicated", "message": "Document with external_id 'my-unique-doc-id' already exists"}
```
## Database Indexes
For optimal performance, the following indexes are created:
```sql
-- Pagination indexes
CREATE INDEX idx_doc_status_workspace_status_updated_at
ON LIGHTRAG_DOC_STATUS (workspace, status, updated_at DESC);
CREATE INDEX idx_doc_status_workspace_status_created_at
ON LIGHTRAG_DOC_STATUS (workspace, status, created_at DESC);
-- Idempotency index
CREATE INDEX idx_doc_status_workspace_external_id
ON LIGHTRAG_DOC_STATUS (workspace, (metadata->>'external_id'))
WHERE metadata->>'external_id' IS NOT NULL;
```
## Security Considerations
1. **Never expose tenant IDs in URLs** - Use headers only
2. **Server-side validation** - Always validate tenant context from token
3. **Tenant isolation** - Each tenant's data is stored with workspace prefix
4. **Strict mode** - Set `LIGHTRAG_MULTI_TENANT_STRICT=true` to require tenant context
## Testing
### Unit Tests
```bash
# Frontend tests
cd lightrag_webui
npm run test -- src/__tests__/tenantStateManager.test.ts
# Backend tests
pytest tests/test_idempotency.py -v
```
### E2E Tests
```bash
# Requires running server
RUN_E2E_TESTS=1 pytest tests/e2e_multi_tenant_state.py -v
```
## Rollout Checklist
- [ ] Deploy backend with new indexes
- [ ] Enable `LIGHTRAG_MULTI_TENANT_STRICT` in staging
- [ ] Run e2e tests against staging
- [ ] Deploy frontend with tenantStateManager
- [ ] Monitor per-tenant request latency
- [ ] Monitor ingestion failure rates
## Related Documentation
- [0001-multi-tenant-architecture.md](./0001-multi-tenant-architecture.md) - Core architecture
- [0002-multi-tenant-visual-reference.md](./0002-multi-tenant-visual-reference.md) - Visual diagrams
- [LOCAL_DEVELOPMENT.md](./LOCAL_DEVELOPMENT.md) - Local testing setup
Reference in a new issue View git blame Copy permalink