Update main.py

main.py

@@ -38,6 +38,9 @@ def _get_pinecone(api_key: str) -> Pinecone:
     _pinecone_pool.move_to_end(api_key)
     return _pinecone_pool[api_key]
 
+# ── Cloudinary: credentials injected per-call, NEVER globally configured.
+# If cloudinary.config() is called once, it applies to the whole process —
+# User A's credentials would bleed into User B's request under concurrency.
 def _cld_upload(tmp_path, folder, creds):
     return cloudinary.uploader.upload(
         tmp_path, folder=folder,
@@ -54,42 +57,11 @@ def _cld_root_folders(creds):
         api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
     )
 
-def _cld_resources_by_folder(folder, creds, max_results=100, next_cursor=None):
-    kwargs = dict(
-        type="upload", prefix=f"{folder}/", max_results=max_results,
-        api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
-    )
-    if next_cursor:
-        kwargs["next_cursor"] = next_cursor
-    return cloudinary.api.resources(**kwargs)
-
-def _cld_delete_resource(public_id, creds):
-    return cloudinary.uploader.destroy(
-        public_id,
-        api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
-    )
-
-def _cld_delete_by_prefix(prefix, creds):
-    """Delete all resources under a folder prefix."""
-    return cloudinary.api.delete_resources_by_prefix(
-        prefix,
-        api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
-    )
-
-def _cld_delete_folder(folder, creds):
-    """Delete a Cloudinary folder (must be empty first)."""
-    try:
-        return cloudinary.api.delete_folder(
-            folder,
-            api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
-        )
-    except Exception:
-        pass  # Folder may not exist — ignore
-
 @asynccontextmanager
 async def lifespan(app: FastAPI):
     global ai, _inference_sem
     from src.models import AIModelManager
+    
     print("⏳ Loading AI models …")
     loop = asyncio.get_event_loop()
     ai = await loop.run_in_executor(None, AIModelManager)
@@ -115,30 +87,6 @@ def get_cloudinary_creds(env_url: str) -> dict:
     parsed = urlparse(env_url)
     return {"api_key": parsed.username, "api_secret": parsed.password, "cloud_name": parsed.hostname}
 
-def url_to_public_id(image_url: str, cloud_name: str) -> str:
-    """
-    Extract Cloudinary public_id from a secure_url.
-    e.g. https://res.cloudinary.com/mycloud/image/upload/v123456/folder/filename.jpg
-         → folder/filename
-    """
-    try:
-        path = urlparse(image_url).path  # /mycloud/image/upload/v123456/folder/filename.jpg
-        # Remove leading /cloudname/image/upload/ and version segment
-        parts = path.strip('/').split('/')
-        # Find 'upload' and skip it + version
-        upload_idx = next(i for i, p in enumerate(parts) if p == 'upload')
-        after_upload = parts[upload_idx + 1:]
-        # Skip version segment (starts with 'v' followed by digits)
-        if after_upload and re.match(r'^v\d+$', after_upload[0]):
-            after_upload = after_upload[1:]
-        # Remove file extension
-        file_with_ext = after_upload[-1]
-        after_upload[-1] = re.sub(r'\.[^.]+$', '', file_with_ext)
-        return '/'.join(after_upload)
-    except Exception:
-        return ""
-
-
 # ══════════════════════════════════════════════════════════════════
 # 1. VERIFY KEYS & AUTO-BUILD INDEXES
 # ══════════════════════════════════════════════════════════════════
@@ -169,38 +117,35 @@ async def verify_keys(pinecone_key: str = Form(""), cloudinary_url: str = Form("
 
 
 # ══════════════════════════════════════════════════════════════════
-# 2. UPLOAD
+# 2. UPLOAD 
 # ══════════════════════════════════════════════════════════════════
 @app.post("/api/upload")
-async def upload_new_images(
-    files: List[UploadFile] = File(...),
-    folder_name: str = Form(...),
-    detect_faces: bool = Form(True),
-    user_pinecone_key: str = Form(""),
-    user_cloudinary_url: str = Form("")
-):
-    actual_pc_key  = user_pinecone_key  or os.getenv("DEFAULT_PINECONE_KEY", "")
+async def upload_new_images(files: List[UploadFile] = File(...), folder_name: str = Form(...), detect_faces: bool = Form(True), user_pinecone_key: str = Form(""), user_cloudinary_url: str = Form("")):
+    # DEFENSIVE FIX: The 'or ""' ensures it never becomes None, preventing 500 crashes
+    actual_pc_key = user_pinecone_key or os.getenv("DEFAULT_PINECONE_KEY", "")
     actual_cld_url = user_cloudinary_url or os.getenv("DEFAULT_CLOUDINARY_URL", "")
+    
     if not actual_pc_key or not actual_cld_url:
-        raise HTTPException(400, "API Keys are missing.")
+        raise HTTPException(400, "API Keys are missing. If you are a guest, the server is missing its DEFAULT_ secrets in Hugging Face.")
 
     folder = standardize_category_name(folder_name)
-    creds  = get_cloudinary_creds(actual_cld_url)
+    uploaded_urls = []
+    
+    creds = get_cloudinary_creds(actual_cld_url)
     if not creds.get("cloud_name"):
         raise HTTPException(400, "Invalid Cloudinary URL format.")
-
-    pc      = _get_pinecone(actual_pc_key)
-    idx_obj  = pc.Index(IDX_OBJECTS)
+        
+    pc = _get_pinecone(actual_pc_key)
+    idx_obj = pc.Index(IDX_OBJECTS)
     idx_face = pc.Index(IDX_FACES)
-    uploaded_urls = []
 
     for file in files:
         tmp_path = f"temp_uploads/{uuid.uuid4().hex}_{sanitize_filename(file.filename)}"
         try:
             with open(tmp_path, "wb") as buf:
                 shutil.copyfileobj(file.file, buf)
-
-            res       = await asyncio.to_thread(_cld_upload, tmp_path, folder, creds)
+                
+            res = await asyncio.to_thread(_cld_upload, tmp_path, folder, creds)
             image_url = res["secure_url"]
             uploaded_urls.append(image_url)
 
@@ -210,45 +155,30 @@ async def upload_new_images(
             face_upserts, object_upserts = [], []
             for v in vectors:
                 vec_list = v["vector"].tolist() if hasattr(v["vector"], "tolist") else v["vector"]
-                # ── image_url added to metadata for reverse-lookup (delete by URL) ──
-                record = {
-                    "id":     str(uuid.uuid4()),
-                    "values": vec_list,
-                    "metadata": {
-                        "url":       image_url,
-                        "image_url": image_url,   # legacy compat
-                        "folder":    folder,
-                    }
-                }
+                record = {"id": str(uuid.uuid4()), "values": vec_list, "metadata": {"url": image_url, "folder": folder}}
                 (face_upserts if v["type"] == "face" else object_upserts).append(record)
 
             upsert_tasks = []
-            if face_upserts:   upsert_tasks.append(asyncio.to_thread(idx_face.upsert, vectors=face_upserts))
-            if object_upserts: upsert_tasks.append(asyncio.to_thread(idx_obj.upsert,  vectors=object_upserts))
-            if upsert_tasks:   await asyncio.gather(*upsert_tasks)
-
+            if face_upserts: upsert_tasks.append(asyncio.to_thread(idx_face.upsert, vectors=face_upserts))
+            if object_upserts: upsert_tasks.append(asyncio.to_thread(idx_obj.upsert, vectors=object_upserts))
+            if upsert_tasks: await asyncio.gather(*upsert_tasks)
         except Exception as e:
             print(f"❌ Upload error: {e}")
             raise HTTPException(500, f"Upload processing failed: {str(e)}")
         finally:
             if os.path.exists(tmp_path): os.remove(tmp_path)
-
+            
     return {"message": "Done!", "urls": uploaded_urls}
 
 
 # ══════════════════════════════════════════════════════════════════
-# 3. SEARCH
+# 3. SEARCH 
 # ══════════════════════════════════════════════════════════════════
 @app.post("/api/search")
-async def search_database(
-    file: UploadFile = File(...),
-    detect_faces: bool = Form(True),
-    user_pinecone_key: str = Form(""),
-    user_cloudinary_url: str = Form("")
-):
+async def search_database(file: UploadFile = File(...), detect_faces: bool = Form(True), user_pinecone_key: str = Form(""), user_cloudinary_url: str = Form("")):
     actual_pc_key = user_pinecone_key or os.getenv("DEFAULT_PINECONE_KEY", "")
     if not actual_pc_key:
-        raise HTTPException(400, "Pinecone Key is missing.")
+        raise HTTPException(400, "Pinecone Key is missing. If you are a guest, the server is missing its DEFAULT_PINECONE_KEY in Hugging Face.")
 
     tmp_path = f"temp_uploads/query_{uuid.uuid4().hex}_{sanitize_filename(file.filename)}"
     try:
@@ -258,49 +188,64 @@ async def search_database(
         async with _inference_sem:
             vectors = await ai.process_image_async(tmp_path, is_query=True, detect_faces=detect_faces)
 
-        pc       = _get_pinecone(actual_pc_key)
-        idx_obj  = pc.Index(IDX_OBJECTS)
+        pc = _get_pinecone(actual_pc_key)
+        idx_obj = pc.Index(IDX_OBJECTS)
         idx_face = pc.Index(IDX_FACES)
 
         async def _query_one(vec_dict: dict):
-            vec_list   = vec_dict["vector"].tolist() if hasattr(vec_dict["vector"], "tolist") else vec_dict["vector"]
+            vec_list = vec_dict["vector"].tolist() if hasattr(vec_dict["vector"], "tolist") else vec_dict["vector"]
             target_idx = idx_face if vec_dict["type"] == "face" else idx_obj
+            
             try:
                 res = await asyncio.to_thread(target_idx.query, vector=vec_list, top_k=10, include_metadata=True)
             except Exception as e:
                 if "404" in str(e):
-                    raise HTTPException(404, "Pinecone Index not found. Go to Settings → Configuration → Verify Keys.")
+                    raise HTTPException(404, f"Pinecone Index not found. Please log in and click 'Verify Keys' in Settings to build the indexes.")
                 raise e
+                
             out = []
             for match in res.get("matches", []):
-                score   = match["score"]
+                score = match["score"]
                 is_face = vec_dict["type"] == "face"
+
+                # ── Score filtering ──────────────────────────────────────
+                # Face lane: GhostFaceNet 512-D cosine similarity.
+                # Raw scores 0.3-0.5 = same person. Remap to 75-99% for UI.
                 if is_face:
-                    RAW_THRESHOLD = 0.35
-                    if score < RAW_THRESHOLD: continue
+                    RAW_THRESHOLD = 0.35   # matches original cloud_db.py
+                    if score < RAW_THRESHOLD:
+                        continue
                     ui_score = 0.75 + ((score - RAW_THRESHOLD) / (1.0 - RAW_THRESHOLD)) * 0.24
                     ui_score = min(0.99, ui_score)
                 else:
-                    if score < 0.45: continue
+                    # Object lane: SigLIP+DINOv2 1536-D fused cosine similarity.
+                    # Matches original cloud_db.py min_score=0.45 floor.
+                    # Scores below 0.45 are pure noise — unrelated images.
+                    MIN_OBJECT_SCORE = 0.45
+                    if score < MIN_OBJECT_SCORE:
+                        continue
                     ui_score = score
+
                 caption = "👤 Verified Identity" if is_face else match["metadata"].get("folder", "🎯 Object Match")
                 out.append({
-                    "url":     match["metadata"].get("url") or match["metadata"].get("image_url", ""),
+                    "url":     match["metadata"].get("url") or match["metadata"].get("image_url", ""),  # "image_url" = legacy key from cloud_db.py
                     "score":   round(ui_score, 4),
                     "caption": caption,
                 })
             return out
 
-        nested     = await asyncio.gather(*[_query_one(v) for v in vectors])
+        nested = await asyncio.gather(*[_query_one(v) for v in vectors])
         all_results = [r for sub in nested for r in sub]
+
         seen = {}
         for r in all_results:
             url = r["url"]
             if url not in seen or r["score"] > seen[url]["score"]:
                 seen[url] = r
-        return {"results": sorted(seen.values(), key=lambda x: x["score"], reverse=True)[:10]}
 
-    except HTTPException: raise
+        return {"results": sorted(seen.values(), key=lambda x: x["score"], reverse=True)[:10]}
+    except HTTPException:
+        raise
     except Exception as e:
         print(f"❌ Search error: {e}")
         raise HTTPException(500, str(e))
@@ -316,10 +261,12 @@ async def get_categories(user_cloudinary_url: str = Form("")):
     actual_cld_url = user_cloudinary_url or os.getenv("DEFAULT_CLOUDINARY_URL", "")
     if not actual_cld_url:
         return {"categories": []}
+        
     try:
         creds = get_cloudinary_creds(actual_cld_url)
         if not creds.get("cloud_name"):
             return {"categories": []}
+            
         result = await asyncio.to_thread(_cld_root_folders, creds)
         return {"categories": [f["name"] for f in result.get("folders", [])]}
     except Exception as e:
@@ -327,154 +274,211 @@ async def get_categories(user_cloudinary_url: str = Form("")):
         return {"categories": []}
 
 
+@app.get("/api/health")
+async def health():
+    return {"status": "ok"}
 # ══════════════════════════════════════════════════════════════════
-# 5. CLOUDINARY FOLDER IMAGES (File Explorer)
+# 5. LIST FOLDER IMAGES
 # ══════════════════════════════════════════════════════════════════
+def _cld_list_folder_images(folder: str, creds: dict, next_cursor: str = None):
+    kwargs = dict(
+        type="upload", prefix=f"{folder}/",
+        max_results=500,
+        api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
+    )
+    if next_cursor:
+        kwargs["next_cursor"] = next_cursor
+    return cloudinary.api.resources(**kwargs)
+
 @app.post("/api/cloudinary/folder-images")
-async def get_folder_images(
+async def list_folder_images(
     user_cloudinary_url: str = Form(""),
-    folder_name: str = Form(...)
+    folder_name: str = Form(...),
 ):
     actual_cld_url = user_cloudinary_url or os.getenv("DEFAULT_CLOUDINARY_URL", "")
-    if not actual_cld_url:
-        raise HTTPException(400, "Cloudinary URL is required.")
     creds = get_cloudinary_creds(actual_cld_url)
     if not creds.get("cloud_name"):
         raise HTTPException(400, "Invalid Cloudinary URL.")
-    try:
-        images = []
-        next_cursor = None
-        while True:
-            result = await asyncio.to_thread(
-                _cld_resources_by_folder, folder_name, creds, 100, next_cursor
-            )
-            for r in result.get("resources", []):
-                images.append({
-                    "url":       r["secure_url"],
-                    "public_id": r["public_id"],
-                    "format":    r.get("format", ""),
-                    "width":     r.get("width", 0),
-                    "height":    r.get("height", 0),
-                    "bytes":     r.get("bytes", 0),
-                })
-            next_cursor = result.get("next_cursor")
-            if not next_cursor:
-                break
-        return {"images": images}
-    except Exception as e:
-        print(f"Folder images error: {e}")
-        raise HTTPException(500, str(e))
+
+    images = []
+    next_cursor = None
+    while True:
+        result = await asyncio.to_thread(_cld_list_folder_images, folder_name, creds, next_cursor)
+        for r in result.get("resources", []):
+            images.append({"url": r["secure_url"], "public_id": r["public_id"]})
+        next_cursor = result.get("next_cursor")
+        if not next_cursor:
+            break
+
+    return {"images": images, "count": len(images)}
 
 
 # ══════════════════════════════════════════════════════════════════
-# 6. DELETE SINGLE IMAGE (File Explorer)
-#    Deletes from Cloudinary + removes matching vectors from Pinecone
+# 6. DELETE SINGLE IMAGE
 # ══════════════════════════════════════════════════════════════════
+def url_to_public_id(image_url: str, cloud_name: str) -> str:
+    """Extract Cloudinary public_id from secure_url."""
+    try:
+        path = urlparse(image_url).path
+        parts = path.split("/")
+        # Strip leading slash, cloud_name, delivery_type (image), access_mode (upload)
+        # Format: /cloud_name/image/upload/[v12345/]folder/filename.ext
+        upload_idx = parts.index("upload")
+        after_upload = parts[upload_idx + 1:]
+        # Strip version segment if present (starts with 'v' + digits)
+        if after_upload and after_upload[0].startswith("v") and after_upload[0][1:].isdigit():
+            after_upload = after_upload[1:]
+        public_id_with_ext = "/".join(after_upload)
+        # Strip file extension
+        public_id = public_id_with_ext.rsplit(".", 1)[0]
+        return public_id
+    except Exception:
+        return ""
+
+def _cld_delete_resource(public_id: str, creds: dict):
+    return cloudinary.uploader.destroy(
+        public_id,
+        api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
+    )
+
 @app.post("/api/delete-image")
 async def delete_image(
-    image_url: str = Form(...),
+    user_pinecone_key:   str = Form(""),
     user_cloudinary_url: str = Form(""),
-    user_pinecone_key: str = Form("")
+    image_url:           str = Form(""),
+    public_id:           str = Form(""),
 ):
+    actual_pc_key  = user_pinecone_key   or os.getenv("DEFAULT_PINECONE_KEY", "")
     actual_cld_url = user_cloudinary_url or os.getenv("DEFAULT_CLOUDINARY_URL", "")
-    actual_pc_key  = user_pinecone_key  or os.getenv("DEFAULT_PINECONE_KEY", "")
-    if not actual_cld_url or not actual_pc_key:
-        raise HTTPException(400, "Both Cloudinary URL and Pinecone Key are required.")
-
     creds = get_cloudinary_creds(actual_cld_url)
     if not creds.get("cloud_name"):
         raise HTTPException(400, "Invalid Cloudinary URL.")
 
-    errors = []
+    pid = public_id or url_to_public_id(image_url, creds["cloud_name"])
+    if not pid:
+        raise HTTPException(400, "Could not determine public_id.")
 
-    # ── 1. Delete from Cloudinary ────────────────────────────────
-    public_id = url_to_public_id(image_url, creds["cloud_name"])
-    if public_id:
+    # Delete from Cloudinary
+    await asyncio.to_thread(_cld_delete_resource, pid, creds)
+
+    # Delete from Pinecone by metadata filter
+    if actual_pc_key and image_url:
         try:
-            await asyncio.to_thread(_cld_delete_resource, public_id, creds)
+            pc = _get_pinecone(actual_pc_key)
+            for idx_name in [IDX_OBJECTS, IDX_FACES]:
+                idx = pc.Index(idx_name)
+                await asyncio.to_thread(idx.delete, filter={"url": {"$eq": image_url}})
         except Exception as e:
-            errors.append(f"Cloudinary deletion failed: {e}")
-    else:
-        errors.append("Could not extract public_id from URL — Cloudinary deletion skipped.")
+            print(f"Pinecone delete warning: {e}")
+
+    return {"message": "Image deleted successfully."}
 
-    # ── 2. Delete matching vectors from Pinecone by metadata filter ─
-    # Works only for vectors uploaded AFTER the image_url metadata fix.
-    # Old vectors (without image_url metadata) will not be found — that's expected.
+
+# ══════════════════════════════════════════════════════════════════
+# 7. DELETE ENTIRE FOLDER
+# ══════════════════════════════════════════════════════════════════
+def _cld_delete_folder(folder: str, creds: dict):
+    return cloudinary.api.delete_resources_by_prefix(
+        f"{folder}/",
+        api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
+    )
+
+def _cld_remove_folder(folder: str, creds: dict):
     try:
-        pc       = _get_pinecone(actual_pc_key)
-        idx_obj  = pc.Index(IDX_OBJECTS)
-        idx_face = pc.Index(IDX_FACES)
+        return cloudinary.api.delete_folder(
+            folder,
+            api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
+        )
+    except Exception:
+        pass  # Folder may already be empty/gone
 
-        for idx in [idx_obj, idx_face]:
-            try:
-                # Query for vectors with this exact image_url in metadata
-                matches = await asyncio.to_thread(
-                    idx.query,
-                    vector=[0.0] * (1536 if idx == idx_obj else 512),
-                    top_k=50,
-                    include_metadata=True,
-                    filter={"image_url": {"$eq": image_url}}
-                )
-                ids_to_delete = [m["id"] for m in matches.get("matches", []) if m.get("metadata", {}).get("image_url") == image_url or m.get("metadata", {}).get("url") == image_url]
-                if ids_to_delete:
-                    await asyncio.to_thread(idx.delete, ids=ids_to_delete)
-            except Exception as e:
-                # Pinecone filter queries may not be supported on all plan types — log but don't fail
-                print(f"Pinecone vector delete attempt failed (non-critical): {e}")
+@app.post("/api/delete-folder")
+async def delete_folder(
+    user_pinecone_key:   str = Form(""),
+    user_cloudinary_url: str = Form(""),
+    folder_name:         str = Form(...),
+):
+    actual_pc_key  = user_pinecone_key   or os.getenv("DEFAULT_PINECONE_KEY", "")
+    actual_cld_url = user_cloudinary_url or os.getenv("DEFAULT_CLOUDINARY_URL", "")
+    creds = get_cloudinary_creds(actual_cld_url)
+    if not creds.get("cloud_name"):
+        raise HTTPException(400, "Invalid Cloudinary URL.")
 
-    except Exception as e:
-        errors.append(f"Pinecone deletion failed: {e}")
+    # 1. List all images in folder first (for Pinecone cleanup)
+    all_images = []
+    next_cursor = None
+    while True:
+        result = await asyncio.to_thread(_cld_list_folder_images, folder_name, creds, next_cursor)
+        all_images.extend(result.get("resources", []))
+        next_cursor = result.get("next_cursor")
+        if not next_cursor:
+            break
 
-    if len(errors) == 2:
-        raise HTTPException(500, " | ".join(errors))
+    # 2. Delete all images from Cloudinary
+    await asyncio.to_thread(_cld_delete_folder, folder_name, creds)
+
+    # 3. Remove the folder itself from Cloudinary
+    await asyncio.to_thread(_cld_remove_folder, folder_name, creds)
+
+    # 4. Delete Pinecone vectors for each image
+    if actual_pc_key:
+        try:
+            pc = _get_pinecone(actual_pc_key)
+            # Try bulk delete by folder metadata filter first
+            for idx_name in [IDX_OBJECTS, IDX_FACES]:
+                idx = pc.Index(idx_name)
+                try:
+                    await asyncio.to_thread(idx.delete, filter={"folder": {"$eq": folder_name}})
+                except Exception:
+                    # Fallback: delete by individual image URLs
+                    for img in all_images:
+                        try:
+                            url = img.get("secure_url", "")
+                            if url:
+                                await asyncio.to_thread(idx.delete, filter={"url": {"$eq": url}})
+                        except Exception:
+                            pass
+        except Exception as e:
+            print(f"Pinecone folder delete warning: {e}")
 
-    return {"message": "Image deleted.", "warnings": errors}
+    return {"message": f"Folder '{folder_name}' and all its contents deleted.", "deleted_count": len(all_images)}
 
 
 # ════════════════���═════════════════════════════════════════════════
-# 7. RESET DATABASE
-#    Deletes ALL Cloudinary images + wipes + recreates Pinecone indexes
-#    Only operates on the user's OWN keys (never defaults)
+# 8. RESET DATABASE
 # ══════════════════════════════════════════════════════════════════
+DEFAULT_PC_KEY  = os.getenv("DEFAULT_PINECONE_KEY",  "")
+DEFAULT_CLD_URL = os.getenv("DEFAULT_CLOUDINARY_URL","")
+
+def _is_default_key(key: str, default: str) -> bool:
+    return bool(default) and key.strip() == default.strip()
+
 @app.post("/api/reset-database")
 async def reset_database(
-    user_pinecone_key: str = Form(...),
-    user_cloudinary_url: str = Form(...)
+    user_pinecone_key:   str = Form(""),
+    user_cloudinary_url: str = Form(""),
 ):
-    if not user_pinecone_key or not user_cloudinary_url:
-        raise HTTPException(400, "Your own Pinecone Key and Cloudinary URL are required. This endpoint only operates on personal databases.")
-
-    # Guard: refuse to operate on server default keys
-    default_pc  = os.getenv("DEFAULT_PINECONE_KEY", "")
-    default_cld = os.getenv("DEFAULT_CLOUDINARY_URL", "")
-    if user_pinecone_key == default_pc or user_cloudinary_url == default_cld:
-        raise HTTPException(403, "Cannot reset the shared default database. This operation is only permitted on your personal database.")
+    if _is_default_key(user_pinecone_key, DEFAULT_PC_KEY) or _is_default_key(user_cloudinary_url, DEFAULT_CLD_URL):
+        raise HTTPException(403, "Reset is not allowed on the shared demo database.")
 
     creds = get_cloudinary_creds(user_cloudinary_url)
     if not creds.get("cloud_name"):
         raise HTTPException(400, "Invalid Cloudinary URL.")
 
-    errors = []
-
-    # ── 1. Wipe ALL Cloudinary resources ───────────────────────
+    # Wipe all Cloudinary resources
     try:
-        # Get all root folders and delete resources + folders
-        folders_res = await asyncio.to_thread(_cld_root_folders, creds)
-        folders     = [f["name"] for f in folders_res.get("folders", [])]
-        for folder in folders:
-            try:
-                await asyncio.to_thread(_cld_delete_by_prefix, f"{folder}/", creds)
-                await asyncio.to_thread(_cld_delete_folder, folder, creds)
-            except Exception as e:
-                errors.append(f"Cloudinary folder '{folder}' error: {e}")
+        await asyncio.to_thread(
+            lambda: cloudinary.api.delete_all_resources(
+                api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
+            )
+        )
     except Exception as e:
-        errors.append(f"Cloudinary wipe error: {e}")
+        print(f"Cloudinary wipe warning: {e}")
 
-    # ── 2. Delete and recreate Pinecone indexes ─────────────────
+    # Delete and recreate Pinecone indexes
     try:
-        pc       = _get_pinecone(user_pinecone_key)
+        pc = _get_pinecone(user_pinecone_key)
         existing = {idx.name for idx in await asyncio.to_thread(pc.list_indexes)}
-
         delete_tasks = []
         if IDX_OBJECTS in existing:
             delete_tasks.append(asyncio.to_thread(pc.delete_index, IDX_OBJECTS))
@@ -482,84 +486,51 @@ async def reset_database(
             delete_tasks.append(asyncio.to_thread(pc.delete_index, IDX_FACES))
         if delete_tasks:
             await asyncio.gather(*delete_tasks)
-
-        # Wait a moment for deletion to propagate
-        await asyncio.sleep(3)
-
-        create_tasks = [
+        await asyncio.sleep(2)
+        await asyncio.gather(
             asyncio.to_thread(pc.create_index, name=IDX_OBJECTS, dimension=1536, metric="cosine", spec=ServerlessSpec(cloud="aws", region="us-east-1")),
             asyncio.to_thread(pc.create_index, name=IDX_FACES,   dimension=512,  metric="cosine", spec=ServerlessSpec(cloud="aws", region="us-east-1")),
-        ]
-        await asyncio.gather(*create_tasks)
-
-        # Evict this key from the pool so we get fresh index handles
-        if user_pinecone_key in _pinecone_pool:
-            del _pinecone_pool[user_pinecone_key]
-
+        )
     except Exception as e:
-        errors.append(f"Pinecone reset error: {e}")
+        raise HTTPException(500, f"Pinecone reset error: {e}")
 
-    if errors:
-        return {"message": "Reset completed with some errors.", "warnings": errors}
-    return {"message": "Database wiped and recreated successfully."}
+    return {"message": "Database reset complete. All data wiped and indexes recreated."}
 
 
 # ══════════════════════════════════════════════════════════════════
-# 8. DELETE ACCOUNT
-#    Full wipe: Cloudinary + Pinecone + Supabase settings row
-#    Note: Supabase auth user deletion must be done client-side
-#          via supabase.auth.admin or the user's own session.
+# 9. DELETE ACCOUNT
 # ══════════════════════════════════════════════════════════════════
 @app.post("/api/delete-account")
 async def delete_account(
-    user_pinecone_key: str = Form(...),
-    user_cloudinary_url: str = Form(...),
-    user_id: str = Form(...)
+    user_pinecone_key:   str = Form(""),
+    user_cloudinary_url: str = Form(""),
+    user_id:             str = Form(""),
 ):
-    if not user_pinecone_key or not user_cloudinary_url:
-        raise HTTPException(400, "Your own API keys are required.")
-
-    # Guard against default keys
-    default_pc  = os.getenv("DEFAULT_PINECONE_KEY", "")
-    default_cld = os.getenv("DEFAULT_CLOUDINARY_URL", "")
-    if user_pinecone_key == default_pc or user_cloudinary_url == default_cld:
-        raise HTTPException(403, "Cannot delete using shared default keys.")
+    if _is_default_key(user_pinecone_key, DEFAULT_PC_KEY) or _is_default_key(user_cloudinary_url, DEFAULT_CLD_URL):
+        raise HTTPException(403, "Account deletion is not allowed on the shared demo database.")
 
-    # Reuse reset logic for data wipe
+    # Full wipe (same as reset)
     creds = get_cloudinary_creds(user_cloudinary_url)
-
-    # Wipe Cloudinary
     try:
-        folders_res = await asyncio.to_thread(_cld_root_folders, creds)
-        for f in folders_res.get("folders", []):
-            await asyncio.to_thread(_cld_delete_by_prefix, f"{f['name']}/", creds)
-            await asyncio.to_thread(_cld_delete_folder, f["name"], creds)
+        await asyncio.to_thread(
+            lambda: cloudinary.api.delete_all_resources(
+                api_key=creds["api_key"], api_secret=creds["api_secret"], cloud_name=creds["cloud_name"],
+            )
+        )
     except Exception as e:
-        print(f"Account delete — Cloudinary error: {e}")
+        print(f"Account delete Cloudinary warning: {e}")
 
-    # Wipe + delete Pinecone indexes
     try:
         pc = _get_pinecone(user_pinecone_key)
         existing = {idx.name for idx in await asyncio.to_thread(pc.list_indexes)}
-        tasks = []
-        if IDX_OBJECTS in existing: tasks.append(asyncio.to_thread(pc.delete_index, IDX_OBJECTS))
-        if IDX_FACES   in existing: tasks.append(asyncio.to_thread(pc.delete_index, IDX_FACES))
-        if tasks: await asyncio.gather(*tasks)
-        if user_pinecone_key in _pinecone_pool: del _pinecone_pool[user_pinecone_key]
+        delete_tasks = []
+        if IDX_OBJECTS in existing:
+            delete_tasks.append(asyncio.to_thread(pc.delete_index, IDX_OBJECTS))
+        if IDX_FACES in existing:
+            delete_tasks.append(asyncio.to_thread(pc.delete_index, IDX_FACES))
+        if delete_tasks:
+            await asyncio.gather(*delete_tasks)
     except Exception as e:
-        print(f"Account delete — Pinecone error: {e}")
-
-    # Note: Supabase user deletion & settings row deletion is handled
-    # client-side via supabase.auth.signOut() after this endpoint returns.
-    # The Supabase ON DELETE CASCADE on user_settings + user_folders
-    # handles row cleanup automatically when the auth user is deleted.
-
-    return {"message": "Account data wiped. Please confirm deletion in your Supabase dashboard if needed."}
-
+        print(f"Account delete Pinecone warning: {e}")
 
-# ══════════════════════════════════════════════════════════════════
-# 9. HEALTH CHECK
-# ══════════════════════════════════════════════════════════════════
-@app.get("/api/health")
-async def health():
-    return {"status": "ok"}
+    return {"message": "Account data deleted. Sign out initiated."}