feat: chat history, room soft-delete, and user migration to PostgreSQL

## Chat History
- Persist user and assistant messages to `chat_messages` table after every
chat interaction (both LLM-generated and direct/greeting responses)
- GET /room/{room_id} now returns full chat history via eager-loaded
`messages` relation, sorted by created_at ascending
- Added `ChatMessageResponse` Pydantic model to room response schema

## Room Soft Delete
- Added `status` column (active | inactive) to Room model
- GET /rooms/{user_id} filters to only return active rooms
- New DELETE /room/{room_id}?user_id=... endpoint: sets status to inactive
instead of physically deleting the row (data preserved for audit/recovery)
- Added idempotent migration in init_db.py:
ALTER TABLE rooms ADD COLUMN IF NOT EXISTS status VARCHAR NOT NULL DEFAULT 'active'

## User Migration: MongoDB → PostgreSQL
- Migrated user storage from MongoDB to PostgreSQL (User model added to models.py)
- get_user() now queries PostgreSQL via AsyncSessionLocal instead of MongoClient
- Replaced all emarcal--*--* env var aliases with emarcal__*__* format
across settings.py, users.py (hash_password, encode_jwt, decode_jwt)
- Login endpoint now returns 403 for inactive accounts
- Removed playground_chat.py and playground_flush_cache.py (moved to playground/)
- Updated uvicorn entry point from src.main:app to main:app, port 7860

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

.gitignore

@@ -26,7 +26,9 @@ test/users/user_accounts.csv
 .env.prd
 .env.example
 
+playground/
 playground_retriever.py
-playground_chat.pyc
-playground_flush_cache.pyc
+playground_chat.py
+playground_flush_cache.py
+playground_create_user.py
 API_CONTRACT.md

main.py

@@ -63,8 +63,8 @@ async def health_check():
 
 if __name__ == "__main__":
     uvicorn.run(
-        "src.main:app",
+        "main:app",
         host="0.0.0.0",
-        port=8000,
+        port=7860,
         reload=True
     )

src/api/v1/chat.py

@@ -1,9 +1,11 @@
 """Chat endpoint with streaming support."""
 
 import asyncio
+import uuid
 from fastapi import APIRouter, Depends, HTTPException
 from sqlalchemy.ext.asyncio import AsyncSession
 from src.db.postgres.connection import get_db
+from src.db.postgres.models import ChatMessage
 from src.agents.orchestration import orchestrator
 from src.agents.chatbot import chatbot
 from src.rag.retriever import retriever
@@ -81,6 +83,13 @@ async def cache_response(redis, cache_key: str, response: str):
     await redis.setex(cache_key, 86400, json.dumps(response))
 
 
+async def save_messages(db: AsyncSession, room_id: str, user_content: str, assistant_content: str):
+    """Persist user and assistant messages to chat_messages table."""
+    db.add(ChatMessage(id=str(uuid.uuid4()), room_id=room_id, role="user", content=user_content))
+    db.add(ChatMessage(id=str(uuid.uuid4()), room_id=room_id, role="assistant", content=assistant_content))
+    await db.commit()
+
+
 @router.post("/chat/stream")
 @log_execution(logger)
 async def chat_stream(request: ChatRequest, db: AsyncSession = Depends(get_db)):
@@ -143,6 +152,7 @@ async def chat_stream(request: ChatRequest, db: AsyncSession = Depends(get_db)):
         if intent_result.get("direct_response"):
             response = intent_result["direct_response"]
             await cache_response(redis, cache_key, response)
+            await save_messages(db, request.room_id, request.message, response)
 
             async def stream_direct():
                 yield {"event": "sources", "data": json.dumps([])}
@@ -161,6 +171,7 @@ async def chat_stream(request: ChatRequest, db: AsyncSession = Depends(get_db)):
                 yield {"event": "chunk", "data": token}
             yield {"event": "done", "data": ""}
             await cache_response(redis, cache_key, full_response)
+            await save_messages(db, request.room_id, request.message, full_response)
 
         return EventSourceResponse(stream_response())
 

src/api/v1/room.py

@@ -3,8 +3,9 @@
 from fastapi import APIRouter, Depends, HTTPException, status
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy import select
+from sqlalchemy.orm import selectinload
 from src.db.postgres.connection import get_db
-from src.db.postgres.models import Room
+from src.db.postgres.models import Room, ChatMessage
 from src.middlewares.logging import get_logger, log_execution
 from pydantic import BaseModel
 from typing import List
@@ -16,11 +17,19 @@ logger = get_logger("room_api")
 router = APIRouter(prefix="/api/v1", tags=["Rooms"])
 
 
+class ChatMessageResponse(BaseModel):
+    id: str
+    role: str
+    content: str
+    created_at: str
+
+
 class RoomResponse(BaseModel):
     id: str
     title: str
     created_at: str
     updated_at: str | None
+    messages: List[ChatMessageResponse] = []
 
 
 class CreateRoomRequest(BaseModel):
@@ -37,7 +46,7 @@ async def list_rooms(
     """List all rooms for a user."""
     result = await db.execute(
         select(Room)
-        .where(Room.user_id == user_id)
+        .where(Room.user_id == user_id, Room.status == "active")
         .order_by(Room.updated_at.desc())
     )
     rooms = result.scalars().all()
@@ -59,9 +68,11 @@ async def get_room(
     room_id: str,
     db: AsyncSession = Depends(get_db)
 ):
-    """Get a specific room."""
+    """Get a specific room with its chat history."""
     result = await db.execute(
-        select(Room).where(Room.id == room_id)
+        select(Room)
+        .where(Room.id == room_id)
+        .options(selectinload(Room.messages))
     )
     room = result.scalars().first()
 
@@ -71,12 +82,48 @@ async def get_room(
             detail="Room not found"
         )
 
+    messages = sorted(room.messages, key=lambda m: m.created_at)
+
     return RoomResponse(
         id=room.id,
         title=room.title,
         created_at=room.created_at.isoformat(),
-        updated_at=room.updated_at.isoformat() if room.updated_at else None
+        updated_at=room.updated_at.isoformat() if room.updated_at else None,
+        messages=[
+            ChatMessageResponse(
+                id=msg.id,
+                role=msg.role,
+                content=msg.content,
+                created_at=msg.created_at.isoformat()
+            )
+            for msg in messages
+        ]
+    )
+
+
+@router.delete("/room/{room_id}")
+@log_execution(logger)
+async def delete_room(
+    room_id: str,
+    user_id: str,
+    db: AsyncSession = Depends(get_db)
+):
+    """Soft-delete a room by setting its status to inactive."""
+    result = await db.execute(
+        select(Room).where(Room.id == room_id)
     )
+    room = result.scalars().first()
+
+    if not room:
+        raise HTTPException(status_code=404, detail="Room not found")
+
+    if room.user_id != user_id:
+        raise HTTPException(status_code=403, detail="Access denied")
+
+    room.status = "inactive"
+    await db.commit()
+
+    return {"status": "success", "message": "Room deleted successfully"}
 
 
 @router.post("/room/create")

src/api/v1/users.py

@@ -50,8 +50,12 @@ async def login(payload: ILogin):
             status_code=status.HTTP_404_NOT_FOUND,
             detail="Email not found"
         )
-    
-    user_profile.pop("_id", None)
+
+    if user_profile.get("status") == "inactive":
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN,
+            detail="Account is inactive"
+        )
 
     is_verified = verify_password(
         password=payload.password,

src/config/settings.py

@@ -51,15 +51,15 @@ class Settings(BaseSettings):
     LANGFUSE_HOST: str
 
     # MongoDB (for users - existing)
-    emarcal_mongo_endpoint_url: str = Field(alias="emarcal--mongo--endpoint--url", default="")
-    emarcal_buma_mongo_dbname: str = Field(alias="emarcal--buma--mongo--dbname", default="")
+    emarcal_mongo_endpoint_url: str = Field(alias="emarcal__mongo__endpoint__url", default="")
+    emarcal_buma_mongo_dbname: str = Field(alias="emarcal__buma__mongo__dbname", default="")
 
     # JWT (for users - existing)
-    emarcal_jwt_secret_key: str = Field(alias="emarcal--jwt--secret-key", default="")
-    emarcal_jwt_algorithm: str = Field(alias="emarcal--jwt--algorithm", default="HS256")
+    emarcal_jwt_secret_key: str = Field(alias="emarcal__jwt__secret_key", default="")
+    emarcal_jwt_algorithm: str = Field(alias="emarcal__jwt__algorithm", default="HS256")
 
     # Bcrypt salt (for users - existing)
-    emarcal_bcrypt_salt: str = Field(alias="emarcal--bcrypt--salt", default="")
+    emarcal_bcrypt_salt: str = Field(alias="emarcal__bcrypt__salt", default="")
 
 
 # Singleton instance

src/db/postgres/init_db.py

@@ -2,7 +2,7 @@
 
 from sqlalchemy import text
 from src.db.postgres.connection import engine, Base
-from src.db.postgres.models import Document, Room, ChatMessage
+from src.db.postgres.models import Document, Room, ChatMessage, User
 
 
 async def init_db():
@@ -16,3 +16,8 @@ async def init_db():
 
         # Create application tables
         await conn.run_sync(Base.metadata.create_all)
+
+        # Schema migrations (idempotent — safe to run on every startup)
+        await conn.execute(text(
+            "ALTER TABLE rooms ADD COLUMN IF NOT EXISTS status VARCHAR NOT NULL DEFAULT 'active'"
+        ))

src/db/postgres/models.py

@@ -7,8 +7,21 @@ from sqlalchemy.sql import func
 from src.db.postgres.connection import Base
 
 
-# Note: Users are managed in MongoDB (src/users/users.py).
-# user_id columns here are plain strings — no FK to a postgres users table.
+class User(Base):
+    """User model."""
+    __tablename__ = "users"
+
+    id = Column(String, primary_key=True, default=lambda: str(uuid4()))
+    fullname = Column(String, nullable=False)
+    email = Column(String, nullable=False, unique=True, index=True)
+    password = Column(String, nullable=False)  # bcrypt-hashed
+    company = Column(String)
+    company_size = Column(String)
+    function = Column(String)
+    site = Column(String)
+    role = Column(String)
+    status = Column(String, nullable=False, default="active")  # active | inactive
+    created_at = Column(DateTime(timezone=True), server_default=func.now())
 
 
 class Document(Base):
@@ -37,6 +50,8 @@ class Room(Base):
     created_at = Column(DateTime(timezone=True), server_default=func.now())
     updated_at = Column(DateTime(timezone=True), onupdate=func.now())
 
+    status = Column(String, nullable=False, default="active")  # active | inactive
+
     messages = relationship("ChatMessage", back_populates="room", cascade="all, delete-orphan")
 
 

src/users/users.py

@@ -56,7 +56,7 @@ def hash_password(password: str) -> str:
     Returns:
         str: Password yang sudah di-hash dan di-salt dengan aman.
     """
-    salt = bytes(os.environ.get('emarcal--bcrypt--salt'), encoding='utf-8')
+    salt = bytes(os.environ.get('emarcal__bcrypt__salt'), encoding='utf-8')
     bpassword = bytes(password, encoding='utf-8')
     hashed_password = bcrypt.hashpw(bpassword, salt=salt)
     hashed_password = hashed_password.decode('utf-8') # convert byte to str
@@ -95,21 +95,9 @@ import jwt
 import uuid
 from datetime import datetime
 from jwt.exceptions import ExpiredSignatureError, DecodeError
-from src.models.user_info import UserCreate
-from pymongo import MongoClient
-
-
-
-async def get_mongo_conn(collection_name:str = 'users'):
-    mongo_client = MongoClient(
-        host=os.environ.get('emarcal--mongo--endpoint--url'),
-        # serverSelectionTimeoutMS=5000,
-        # connectTimeoutMS=5000,
-        # socketTimeoutMS=5000,
-    )
-    db = mongo_client[os.environ.get('emarcal--buma--mongo--dbname')]
-    users_collection = db[collection_name]
-    return users_collection
+from sqlalchemy import select
+from src.db.postgres.connection import AsyncSessionLocal
+from src.db.postgres.models import User
 
 
 # @trace_runtime
@@ -118,23 +106,23 @@ def encode_jwt(input:Dict) -> str:
         k: (str(v) if isinstance(v, (uuid.UUID, datetime)) else v)
         for k, v in input.items()
     }
-    encoded_jwt = jwt.encode(safe_payload, os.environ.get("emarcal--jwt--secret-key"), algorithm=os.environ.get("emarcal--jwt--algorithm"))
+    encoded_jwt = jwt.encode(safe_payload, os.environ.get("emarcal__jwt__secret_key"), algorithm=os.environ.get("emarcal__jwt__algorithm"))
     return encoded_jwt
 
 
 # @trace_runtime
 def decode_jwt(encoded_input:str) -> Any:
-    decoded_payload = jwt.decode(encoded_input, os.environ.get("emarcal--jwt--secret-key"), algorithms=[os.environ.get("emarcal--jwt--algorithm")])
+    decoded_payload = jwt.decode(encoded_input, os.environ.get("emarcal__jwt__secret_key"), algorithms=[os.environ.get("emarcal__jwt__algorithm")])
     return decoded_payload
 
 
-async def get_user(email: str) -> dict:
+async def get_user(email: str) -> dict | None:
     try:
-        users_collection = await get_mongo_conn(collection_name="users")
-        user_profile:dict = users_collection.find_one({"email":email})
-        if user_profile:
-            return user_profile
-        else:
+        async with AsyncSessionLocal() as session:
+            result = await session.execute(select(User).where(User.email == email))
+            user = result.scalars().first()
+            if user:
+                return {c.key: getattr(user, c.key) for c in user.__mapper__.column_attrs}
             return None
     except Exception as E:
         print(f"❌ get user error, {E}")
@@ -142,19 +130,3 @@ async def get_user(email: str) -> dict:
         fname = os.path.split(exc_tb.tb_frame.f_code.co_filename)[1]
         print(exc_type, fname, exc_tb.tb_lineno)
         raise
-
-
-# input = UserCreate(
-#         fullname="Harry",
-#         email="harryyanto.ia@bukittechnology.com",
-#         password="#$ema.harry#$",
-#         company="BUMA ID",
-#         company_size="5000+",
-#         function="MANAGEMENT",
-#         site="HO",
-#         role="admin"
-#     )
-
-# xxx= input.model_dump()
-# encoded_jwt = encode_jwt(xxx)
-# decoded_jwt = decode_jwt(encoded_jwt)