chore: merge upstream dev

.github/dependabot.yml

@@ -0,0 +1,78 @@
+version: 2
+updates:
+  - package-ecosystem: pip
+    directory: /
+    target-branch: dev
+    schedule:
+      interval: weekly
+      day: monday
+      time: "09:00"
+      timezone: Asia/Kolkata
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - python
+    groups:
+      root-python-minor-patch:
+        update-types:
+          - minor
+          - patch
+
+  - package-ecosystem: pip
+    directory: /backend
+    target-branch: dev
+    schedule:
+      interval: weekly
+      day: monday
+      time: "09:15"
+      timezone: Asia/Kolkata
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - python
+      - backend
+    groups:
+      backend-python-minor-patch:
+        update-types:
+          - minor
+          - patch
+
+  - package-ecosystem: npm
+    directory: /frontend
+    target-branch: dev
+    schedule:
+      interval: weekly
+      day: monday
+      time: "09:30"
+      timezone: Asia/Kolkata
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - javascript
+      - frontend
+    groups:
+      frontend-npm-minor-patch:
+        update-types:
+          - minor
+          - patch
+    ignore:
+      - dependency-name: "eslint"
+        versions: [">= 10.0.0"]
+
+  - package-ecosystem: github-actions
+    directory: /
+    target-branch: dev
+    schedule:
+      interval: weekly
+      day: monday
+      time: "09:45"
+      timezone: Asia/Kolkata
+    open-pull-requests-limit: 5
+    labels:
+      - dependencies
+      - github-actions
+    groups:
+      github-actions-minor-patch:
+        update-types:
+          - minor
+          - patch

README.md

@@ -437,8 +437,9 @@ docker compose up --build
 | `POST` | `/api/v1/auth/register` | ❌ | Create a new user account |
 | `POST` | `/api/v1/auth/login` | ❌ | Login and receive JWT token |
 | `GET` | `/api/v1/auth/me` | ✅ | Get current user profile |
-| `POST` | `/api/v1/documents/upload` | ✅ | Upload PDF/DOCX and trigger indexing |
+| `POST` | `/api/v1/documents/upload` | ✅ | Upload PDF/DOCX and enqueue background indexing (`202 Accepted`) |
 | `GET` | `/api/v1/documents` | ✅ | List all documents for current user |
+| `GET` | `/api/v1/documents/{id}/status` | ✅ | Poll background document processing status |
 | `DELETE` | `/api/v1/documents/{id}` | ✅ | Delete a document and its vector data |
 | `POST` | `/api/v1/chat/ask/stream` | ✅ | Ask a question (SSE streaming response) |
 | `GET` | `/api/v1/chat/history/{doc_id}` | ✅ | Get chat history for a document |

backend/app/models.py

@@ -21,6 +21,7 @@ class User(Base):
     hashed_password = Column(String(255), nullable=False)
     is_admin = Column(Boolean, default=False)
     created_at = Column(DateTime, default=lambda: datetime.now(timezone.utc))
+    last_login = Column(DateTime, nullable=True, index=True)
 
     # Relationships
     documents = relationship("Document", back_populates="owner", cascade="all, delete-orphan")

backend/app/routes/auth.py

@@ -1,6 +1,7 @@
 """
 Auth API routes — register, login, and user profile.
 """
+from datetime import datetime, timezone
 from fastapi import APIRouter, Depends, HTTPException, status
 from langsmith import expect
 from sqlalchemy.exc import SQLAlchemyError
@@ -105,6 +106,10 @@ def login(payload: UserLogin, db: Session = Depends(get_db)):
             detail="Invalid email or password",
         )
 
+    user.last_login = datetime.now(timezone.utc)
+    db.commit()
+    db.refresh(user)
+
     access_token = create_access_token(user.id)
     refresh_token = create_refresh_token(user.id)
 

backend/app/routes/chat.py

@@ -1,12 +1,19 @@
 """
 Chat routes — ask questions with RAG, stream responses via SSE, manage history.
 """
+import html
 import json
+from datetime import datetime
+from io import BytesIO
 import logging
 from typing import Optional
 
 from fastapi import APIRouter, Depends, HTTPException, Request
-from fastapi.responses import StreamingResponse
+from fastapi.responses import Response, StreamingResponse
+from reportlab.lib.pagesizes import letter
+from reportlab.lib.styles import ParagraphStyle, getSampleStyleSheet
+from reportlab.lib.units import inch
+from reportlab.platypus import Paragraph, SimpleDocTemplate, Spacer
 from sqlalchemy.orm import Session
 
 from app.database import get_db
@@ -258,32 +265,31 @@ def export_chat_history(
 ):
     """Export the chat history for a document as a downloadable file.
 
-    Supports Markdown (.md) or plain text (.txt) export. The function accepts
+    Supports Markdown (.md), plain text (.txt), or PDF (.pdf) export. The function accepts
     authentication via either the standard `Authorization: Bearer <token>`
     header (handled by the dependency chain) or a `token` query parameter to
     facilitate browser-initiated downloads that cannot set custom headers.
 
     Args:
         document_id: The unique identifier of the document whose chat history is to be exported.
-        format: Output format, either "md" (Markdown) or "txt" (plain text). Defaults to "md".
+        format: Output format, either "md" (Markdown), "txt" (plain text), or "pdf". Defaults to "md".
         token: Optional JWT token passed as a query parameter. Used for browser
             downloads when the `Authorization` header is not available.
         db: SQLAlchemy database session, obtained from the dependency.
 
     Returns:
         Response: A FastAPI `Response` object with:
-            - `content`: Formatted chat history as a string.
-            - `media_type`: `text/markdown` or `text/plain`.
+            - `content`: Formatted chat history as a string or PDF bytes.
+            - `media_type`: `text/markdown`, `text/plain`, or `application/pdf`.
             - `headers`: `Content-Disposition` attachment header with a generated filename.
 
     Raises:
         HTTPException: 401 if neither the token query parameter nor a valid
             bearer token provides an authenticated user.
-        HTTPException: 400 if the `format` parameter is not "md" or "txt".
+        HTTPException: 400 if the `format` parameter is not "md", "txt", or "pdf".
         HTTPException: 404 if the document does not exist or does not belong
             to the user, or if no chat messages are found for the document.
     """
-    from fastapi import Request
     from app.auth import decode_token as _decode
 
     # Resolve user from query-param token (browser download links can't set headers)
@@ -296,8 +302,8 @@ def export_chat_history(
     if resolved_user is None:
         raise HTTPException(status_code=401, detail="Authentication required")
 
-    if format not in ("md", "txt"):
-        raise HTTPException(status_code=400, detail="Format must be 'md' or 'txt'")
+    if format not in ("md", "txt", "pdf"):
+        raise HTTPException(status_code=400, detail="Format must be 'md', 'txt', or 'pdf'")
 
     # Verify document exists and belongs to user
     doc = db.query(Document).filter(
@@ -325,15 +331,18 @@ def export_chat_history(
         content = _format_markdown(doc, messages)
         media_type = "text/markdown"
         extension = "md"
-    else:
+    elif format == "txt":
         content = _format_plaintext(doc, messages)
         media_type = "text/plain"
         extension = "txt"
+    else:
+        content = _format_pdf(doc, messages)
+        media_type = "application/pdf"
+        extension = "pdf"
 
     safe_name = doc.original_name.rsplit(".", 1)[0]
     filename = f"{safe_name}_chat_history.{extension}"
 
-    from fastapi.responses import Response
     return Response(
         content=content,
         media_type=media_type,
@@ -532,3 +541,80 @@ def _format_plaintext(doc, messages) -> str:
 
     return "\n".join(lines)
 
+
+def _format_pdf(doc, messages) -> bytes:
+    """Format chat history as a PDF document."""
+    buffer = BytesIO()
+    pdf = SimpleDocTemplate(
+        buffer,
+        pagesize=letter,
+        leftMargin=0.75 * inch,
+        rightMargin=0.75 * inch,
+        topMargin=0.75 * inch,
+        bottomMargin=0.75 * inch,
+    )
+
+    styles = getSampleStyleSheet()
+    metadata_style = styles["Normal"]
+    metadata_style.spaceAfter = 6
+    content_style = ParagraphStyle(
+        "ChatContent",
+        parent=styles["BodyText"],
+        leading=14,
+        spaceAfter=10,
+    )
+    source_style = ParagraphStyle(
+        "ChatSource",
+        parent=styles["BodyText"],
+        leftIndent=14,
+        leading=12,
+        spaceAfter=4,
+    )
+
+    story = [
+        Paragraph(f"Chat History - {html.escape(doc.original_name)}", styles["Title"]),
+        Spacer(1, 0.15 * inch),
+        Paragraph(f"Document: {html.escape(doc.original_name)}", metadata_style),
+        Paragraph(f"Exported at: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}", metadata_style),
+        Paragraph(f"Total messages: {len(messages)}", metadata_style),
+        Spacer(1, 0.2 * inch),
+    ]
+
+    for msg in messages:
+        timestamp = msg.created_at.strftime("%Y-%m-%d %H:%M:%S") if msg.created_at else ""
+        role_label = "You" if msg.role == "user" else "Assistant"
+
+        story.append(Paragraph(f"<b>{html.escape(role_label)}</b>", styles["Heading3"]))
+        story.append(Paragraph(html.escape(timestamp), styles["Italic"]))
+        story.append(Paragraph(_pdf_text(msg.content), content_style))
+
+        if msg.role == "assistant" and msg.sources_json:
+            try:
+                sources = json.loads(msg.sources_json)
+                if sources:
+                    story.append(Paragraph("<b>Sources:</b>", metadata_style))
+                    for i, src in enumerate(sources, 1):
+                        filename = html.escape(str(src.get("filename", "Unknown")))
+                        page = html.escape(str(src.get("page", "?")))
+                        confidence = html.escape(str(src.get("confidence", 0)))
+                        story.append(
+                            Paragraph(
+                                f"[{i}] {filename}, Page {page} (Confidence: {confidence}%)",
+                                source_style,
+                            )
+                        )
+                        text_preview = str(src.get("text", "")).strip()
+                        if text_preview:
+                            story.append(Paragraph(_pdf_text(text_preview), source_style))
+            except Exception:
+                pass
+
+        story.append(Spacer(1, 0.15 * inch))
+
+    pdf.build(story)
+    return buffer.getvalue()
+
+
+def _pdf_text(text: str) -> str:
+    """Escape text for ReportLab paragraphs while preserving line breaks."""
+    return html.escape(text or "").replace("\n", "<br/>")

backend/app/routes/documents.py

@@ -16,7 +16,7 @@ from sqlalchemy.orm import Session
 
 from app.database import get_db
 from app.models import User, Document
-from app.schemas import DocumentResponse, DocumentListResponse
+from app.schemas import DocumentResponse, DocumentListResponse, DocumentStatusResponse
 from app.auth import get_current_user
 from app.config import get_settings
 from app.rag.chunker import chunk_document, get_page_count
@@ -191,7 +191,7 @@ def _ingest_document(document_id: str, filepath: str, original_name: str, user_i
         db.close()
 
 
-@router.post("/upload", response_model=DocumentResponse, status_code=status.HTTP_201_CREATED)
+@router.post("/upload", response_model=DocumentResponse, status_code=status.HTTP_202_ACCEPTED)
 async def upload_document(
     background_tasks: BackgroundTasks,
     file: UploadFile = File(...),
@@ -199,11 +199,13 @@ async def upload_document(
     db: Session = Depends(get_db),
 ):
     """
-    Upload a document for RAG processing.
+    Upload a document and enqueue RAG processing.
     
     Validates the uploaded file (extension, size, MIME type, integrity),
     saves it to the user's directory, creates a database record with status
-    'pending', and schedules a background task for chunking and embedding.
+    'pending', schedules a background task for chunking and embedding, and
+    returns 202 Accepted immediately so large documents do not block the API
+    request while embeddings are generated.
 
     Args:
         background_tasks: FastAPI BackgroundTasks instance to run the ingestion process asynchronously.
@@ -272,6 +274,30 @@ async def upload_document(
     return DocumentResponse.model_validate(document)
 
 
+@router.get("/{document_id}/status", response_model=DocumentStatusResponse)
+def get_document_status(
+    document_id: str,
+    user: User = Depends(get_current_user),
+    db: Session = Depends(get_db),
+):
+    """
+    Poll processing status for a single uploaded document.
+
+    This endpoint lets clients refresh the upload lifecycle without fetching
+    the entire document list. The returned status is one of the existing
+    document states: pending, processing, ready, or failed.
+    """
+    doc = db.query(Document).filter(
+        Document.id == document_id,
+        Document.user_id == user.id,
+    ).first()
+
+    if not doc:
+        raise HTTPException(status_code=404, detail="Document not found")
+
+    return DocumentStatusResponse.model_validate(doc)
+
+
 @router.get("/", response_model=DocumentListResponse)
 def list_documents(
     page: int = Query(1, ge=1),

backend/app/schemas.py

@@ -75,6 +75,17 @@ class DocumentResponse(BaseModel):
         from_attributes = True
 
 
+class DocumentStatusResponse(BaseModel):
+    id: str
+    status: str
+    page_count: int
+    chunk_count: int
+    error_message: Optional[str] = None
+
+    class Config:
+        from_attributes = True
+
+
 class DocumentListResponse(BaseModel):
     items: List[DocumentResponse]
     total: int

backend/requirements.txt

@@ -49,3 +49,4 @@ python-magic-bin==0.4.27; sys_platform == "win32" # for windows
 python-magic; sys_platform != "win32"
 python-docx
 pypdf
+reportlab

backend/scripts/vector_cleanup.py

@@ -0,0 +1,128 @@
+"""
+Cleanup script for ChromaDB vectors belonging to inactive users.
+
+By default, a user is considered inactive if they have not logged in for
+30 days. Users without last_login are skipped to avoid deleting vectors for
+legacy accounts before activity tracking existed.
+
+Run manually:
+    python backend/scripts/vector_cleanup.py
+
+Environment:
+    VECTOR_CLEANUP_INACTIVE_DAYS=30
+    VECTOR_CLEANUP_DRY_RUN=true
+"""
+from __future__ import annotations
+
+import logging
+import os
+import sys
+from datetime import datetime, timedelta, timezone
+from pathlib import Path
+
+from sqlalchemy import inspect, or_, text
+
+# Allow running this file directly from the repository root.
+BACKEND_DIR = Path(__file__).resolve().parents[1]
+if str(BACKEND_DIR) not in sys.path:
+    sys.path.insert(0, str(BACKEND_DIR))
+
+from app.database import SessionLocal  # noqa: E402
+from app.models import User  # noqa: E402
+from app.rag.vectorstore import delete_user_collection  # noqa: E402
+
+logger = logging.getLogger("vector_cleanup")
+logging.basicConfig(level=logging.INFO, format="%(asctime)s %(levelname)s %(message)s")
+
+
+def _env_bool(name: str, default: bool = False) -> bool:
+    value = os.getenv(name)
+    if value is None:
+        return default
+    return value.strip().lower() in {"1", "true", "yes", "on"}
+
+
+
+def ensure_last_login_column() -> None:
+    """Add users.last_login for SQLite installs that do not run migrations."""
+    db = SessionLocal()
+    try:
+        bind = db.get_bind()
+        inspector = inspect(bind)
+        columns = {column["name"] for column in inspector.get_columns("users")}
+        if "last_login" not in columns:
+            logger.info("Adding missing users.last_login column")
+            db.execute(text("ALTER TABLE users ADD COLUMN last_login DATETIME"))
+            db.commit()
+    finally:
+        db.close()
+
+
+def cleanup_inactive_user_vectors(
+    inactive_days: int | None = None,
+    dry_run: bool | None = None,
+) -> dict[str, int]:
+    """Delete Chroma collections for users inactive past the threshold."""
+    ensure_last_login_column()
+
+    days = inactive_days or int(os.getenv("VECTOR_CLEANUP_INACTIVE_DAYS", "30"))
+    is_dry_run = _env_bool("VECTOR_CLEANUP_DRY_RUN", False) if dry_run is None else dry_run
+    cutoff = datetime.now(timezone.utc) - timedelta(days=days)
+
+    stats = {
+        "scanned": 0,
+        "eligible": 0,
+        "deleted": 0,
+        "skipped_no_login": 0,
+        "failed": 0,
+    }
+
+    db = SessionLocal()
+    try:
+        users = db.query(User).filter(
+            or_(User.last_login.is_(None), User.last_login < cutoff)
+        ).all()
+
+        for user in users:
+            stats["scanned"] += 1
+
+            if user.last_login is None:
+                stats["skipped_no_login"] += 1
+                logger.info(
+                    "Skipping user %s because last_login is missing",
+                    user.id,
+                )
+                continue
+
+            stats["eligible"] += 1
+            logger.info(
+                "User %s inactive since %s; deleting collection=%s dry_run=%s",
+                user.id,
+                user.last_login,
+                f"user_{user.id.replace('-', '_')}"[:63],
+                is_dry_run,
+            )
+
+            if is_dry_run:
+                continue
+
+            try:
+                delete_user_collection(user.id)
+                stats["deleted"] += 1
+            except Exception as exc:  # defensive script boundary
+                stats["failed"] += 1
+                logger.warning(
+                    "Failed deleting vector collection for user %s: %s",
+                    user.id,
+                    exc,
+                    exc_info=True,
+                )
+
+        logger.info("Vector cleanup complete: %s", stats)
+        return stats
+    finally:
+        db.close()
+
+
+if __name__ == "__main__":
+    cleanup_inactive_user_vectors()

frontend/package-lock.json

@@ -22,7 +22,8 @@
         "remark-gfm": "^4.0.1",
         "shadcn": "^4.3.1",
         "tailwind-merge": "^3.5.0",
-        "tw-animate-css": "^1.4.0"
+        "tw-animate-css": "^1.4.0",
+        "zustand": "^5.0.13"
       },
       "devDependencies": {
         "@tailwindcss/postcss": "^4",
@@ -1106,9 +1107,6 @@
       "cpu": [
         "arm"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1125,9 +1123,6 @@
       "cpu": [
         "arm64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1144,9 +1139,6 @@
       "cpu": [
         "ppc64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1163,9 +1155,6 @@
       "cpu": [
         "riscv64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1182,9 +1171,6 @@
       "cpu": [
         "s390x"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1201,9 +1187,6 @@
       "cpu": [
         "x64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1220,9 +1203,6 @@
       "cpu": [
         "arm64"
       ],
-      "libc": [
-        "musl"
-      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1239,9 +1219,6 @@
       "cpu": [
         "x64"
       ],
-      "libc": [
-        "musl"
-      ],
       "license": "LGPL-3.0-or-later",
       "optional": true,
       "os": [
@@ -1258,9 +1235,6 @@
       "cpu": [
         "arm"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -1283,9 +1257,6 @@
       "cpu": [
         "arm64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -1308,9 +1279,6 @@
       "cpu": [
         "ppc64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -1333,9 +1301,6 @@
       "cpu": [
         "riscv64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -1358,9 +1323,6 @@
       "cpu": [
         "s390x"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -1383,9 +1345,6 @@
       "cpu": [
         "x64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -1408,9 +1367,6 @@
       "cpu": [
         "arm64"
       ],
-      "libc": [
-        "musl"
-      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -1433,9 +1389,6 @@
       "cpu": [
         "x64"
       ],
-      "libc": [
-        "musl"
-      ],
       "license": "Apache-2.0",
       "optional": true,
       "os": [
@@ -1856,9 +1809,6 @@
       "cpu": [
         "arm64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1879,9 +1829,6 @@
       "cpu": [
         "arm64"
       ],
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1902,9 +1849,6 @@
       "cpu": [
         "riscv64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1925,9 +1869,6 @@
       "cpu": [
         "x64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -1948,9 +1889,6 @@
       "cpu": [
         "x64"
       ],
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -2072,9 +2010,6 @@
       "cpu": [
         "arm64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -2091,9 +2026,6 @@
       "cpu": [
         "arm64"
       ],
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -2110,9 +2042,6 @@
       "cpu": [
         "x64"
       ],
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -2129,9 +2058,6 @@
       "cpu": [
         "x64"
       ],
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -2446,9 +2372,6 @@
         "arm64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -2466,9 +2389,6 @@
         "arm64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -2486,9 +2406,6 @@
         "x64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -2506,9 +2423,6 @@
         "x64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -3206,9 +3120,6 @@
         "arm64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -3223,9 +3134,6 @@
         "arm64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -3240,9 +3148,6 @@
         "ppc64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -3257,9 +3162,6 @@
         "riscv64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -3274,9 +3176,6 @@
         "riscv64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -3291,9 +3190,6 @@
         "s390x"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -3308,9 +3204,6 @@
         "x64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -3325,9 +3218,6 @@
         "x64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MIT",
       "optional": true,
       "os": [
@@ -7288,9 +7178,6 @@
         "arm64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MPL-2.0",
       "optional": true,
       "os": [
@@ -7312,9 +7199,6 @@
         "arm64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MPL-2.0",
       "optional": true,
       "os": [
@@ -7336,9 +7220,6 @@
         "x64"
       ],
       "dev": true,
-      "libc": [
-        "glibc"
-      ],
       "license": "MPL-2.0",
       "optional": true,
       "os": [
@@ -7360,9 +7241,6 @@
         "x64"
       ],
       "dev": true,
-      "libc": [
-        "musl"
-      ],
       "license": "MPL-2.0",
       "optional": true,
       "os": [
@@ -11763,6 +11641,35 @@
         "zod": "^3.25.0 || ^4.0.0"
       }
     },
+    "node_modules/zustand": {
+      "version": "5.0.13",
+      "resolved": "https://registry.npmjs.org/zustand/-/zustand-5.0.13.tgz",
+      "integrity": "sha512-efI2tVaVQPqtOh114loML/Z80Y4NP3yc+Ff0fYiZJPauNeWZeIp/bRFD7I9bfmCOYBh/PHxlglQ9+wvlwnPikQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=12.20.0"
+      },
+      "peerDependencies": {
+        "@types/react": ">=18.0.0",
+        "immer": ">=9.0.6",
+        "react": ">=18.0.0",
+        "use-sync-external-store": ">=1.2.0"
+      },
+      "peerDependenciesMeta": {
+        "@types/react": {
+          "optional": true
+        },
+        "immer": {
+          "optional": true
+        },
+        "react": {
+          "optional": true
+        },
+        "use-sync-external-store": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/zwitch": {
       "version": "2.0.4",
       "resolved": "https://registry.npmjs.org/zwitch/-/zwitch-2.0.4.tgz",

frontend/package.json

@@ -23,7 +23,8 @@
     "remark-gfm": "^4.0.1",
     "shadcn": "^4.3.1",
     "tailwind-merge": "^3.5.0",
-    "tw-animate-css": "^1.4.0"
+    "tw-animate-css": "^1.4.0",
+    "zustand": "^5.0.13"
   },
   "devDependencies": {
     "@tailwindcss/postcss": "^4",

frontend/src/components/chat/ChatPanel.tsx

@@ -3,38 +3,28 @@
 import { useState, useRef, useEffect } from "react";
 import type { DocInfo } from "@/app/dashboard/page";
 import { api, API_BASE } from "@/lib/api";
+import { useChatStore, type ChatMsg, type SourceChunk } from "@/store/chat-store";
 import { Button } from "@/components/ui/button";
 import { Textarea } from "@/components/ui/textarea";
 import MessageBubble from "./MessageBubble";
 import SourceCard from "./SourceCard";
 import { Send, Loader2, Trash2, MessageSquare, Download } from "lucide-react";
 
-export interface SourceChunk {
-  text: string;
-  filename: string;
-  page: number;
-  score: number;
-  confidence: number;
-}
-
-export interface ChatMsg {
-  id: string;
-  role: "user" | "assistant";
-  content: string;
-  sources: SourceChunk[];
-  isStreaming?: boolean;
-}
-
 interface Props {
   activeDoc: DocInfo | null;
   onCitationClick: (page: number) => void;
 }
 
 export default function ChatPanel({ activeDoc, onCitationClick }: Props) {
-  const [messages, setMessages] = useState<ChatMsg[]>([]);
-  const [input, setInput] = useState("");
-  const [streaming, setStreaming] = useState(false);
-  const [isTyping, setIsTyping] = useState(false);
+  const messages = useChatStore((state) => state.messages);
+  const input = useChatStore((state) => state.input);
+  const streaming = useChatStore((state) => state.streaming);
+  const isTyping = useChatStore((state) => state.isTyping);
+  const setMessages = useChatStore((state) => state.setMessages);
+  const setInput = useChatStore((state) => state.setInput);
+  const setStreaming = useChatStore((state) => state.setStreaming);
+  const setIsTyping = useChatStore((state) => state.setIsTyping);
+  const resetChat = useChatStore((state) => state.resetChat);
   const [showExportMenu, setShowExportMenu] = useState(false);
   const textareaRef = useRef<HTMLTextAreaElement>(null);
   const bottomRef = useRef<HTMLDivElement>(null);
@@ -63,6 +53,12 @@ export default function ChatPanel({ activeDoc, onCitationClick }: Props) {
     bottomRef.current?.scrollIntoView({ behavior: "smooth" });
   }, [messages]);
 
+  useEffect(() => {
+    return () => {
+      resetChat();
+    };
+  }, [resetChat]);
+
   // Load history on doc change
   useEffect(() => {
     if (!activeDoc) {
@@ -102,7 +98,7 @@ export default function ChatPanel({ activeDoc, onCitationClick }: Props) {
     return () => {
       cancelled = true;
     };
-  }, [activeDoc]);
+  }, [activeDoc, resetChat, setMessages]);
 
   const handleSend = async () => {
     if (!input.trim() || streaming) return;
@@ -211,7 +207,7 @@ export default function ChatPanel({ activeDoc, onCitationClick }: Props) {
     }
   };
 
-  const handleExport = (format: "md" | "txt") => {
+  const handleExport = (format: "md" | "txt" | "pdf") => {
     if (!activeDoc) return;
     setShowExportMenu(false);
     const token = localStorage.getItem("token");
@@ -350,6 +346,14 @@ export default function ChatPanel({ activeDoc, onCitationClick }: Props) {
                         <span className="text-base">📄</span>
                         Plain Text (.txt)
                       </button>
+                      <button
+                        id="export-pdf-btn"
+                        onClick={() => handleExport("pdf")}
+                        className="w-full flex items-center gap-2 rounded-md px-3 py-2 text-sm hover:bg-accent transition-colors text-left"
+                      >
+                        <span className="text-base">📕</span>
+                        PDF (.pdf)
+                      </button>
                     </div>
                   )}
                 </div>
@@ -369,4 +373,4 @@ export default function ChatPanel({ activeDoc, onCitationClick }: Props) {
       </div>
     </div>
   );
-}
+}

frontend/src/components/chat/MessageBubble.tsx

@@ -3,7 +3,7 @@
 import { useState, useRef } from "react";
 import ReactMarkdown from "react-markdown";
 import remarkGfm from "remark-gfm";
-import type { ChatMsg } from "./ChatPanel";
+import type { ChatMsg } from "@/store/chat-store";
 import { Brain, User, Copy, Check } from "lucide-react";
 import { Button } from "@/components/ui/button";
 

frontend/src/components/chat/SourceCard.tsx

@@ -1,7 +1,7 @@
 "use client";
 
 import { useState } from "react";
-import type { SourceChunk } from "./ChatPanel";
+import type { SourceChunk } from "@/store/chat-store";
 import { Badge } from "@/components/ui/badge";
 import { Button } from "@/components/ui/button";
 import { ChevronDown, ChevronUp, FileText, Eye } from "lucide-react";

frontend/src/lib/auth.tsx

@@ -1,73 +1,24 @@
 "use client";
 
-import React, { createContext, useContext, useEffect, useState, useCallback } from "react";
-import { api } from "./api";
-
-interface User {
-  id: string;
-  username: string;
-  email: string;
-  is_admin: boolean;
-  created_at: string;
-}
-
-interface AuthContextType {
-  user: User | null;
-  token: string | null;
-  loading: boolean;
-  login: (email: string, password: string) => Promise<void>;
-  register: (username: string, email: string, password: string) => Promise<void>;
-  logout: () => void;
-}
-
-const AuthContext = createContext<AuthContextType | undefined>(undefined);
+import React, { useEffect } from "react";
+import { useAuthStore } from "@/store/auth-store";
 
 export function AuthProvider({ children }: { children: React.ReactNode }) {
-  const [user, setUser] = useState<User | null>(null);
-  // Lazy initializer reads localStorage once — avoids setState-in-effect lint error
-  const [token, setToken] = useState<string | null>(
-    () => (typeof window !== "undefined" ? localStorage.getItem("token") : null)
-  );
-  // loading=true only when a token exists and needs server validation.
-  // If there's no token we're already done — no effect setState needed.
-  const [loading, setLoading] = useState<boolean>(
-    () => typeof window !== "undefined" && !!localStorage.getItem("token")
-  );
+  const initializeAuth = useAuthStore((state) => state.initializeAuth);
+  const syncTokensRefreshed = useAuthStore((state) => state.syncTokensRefreshed);
+  const syncLoggedOut = useAuthStore((state) => state.syncLoggedOut);
 
-  // ── Validate saved token on mount ─────────────────
-  // NOTE: no synchronous setState here — setLoading/setUser/setToken are
-  // only called inside async callbacks (.then / .catch / .finally).
   useEffect(() => {
-    if (!token) return; // loading is already false when token is null
-    api
-      .get<User>("/api/v1/auth/me", { token })
-      .then(setUser)
-      .catch(() => {
-        localStorage.removeItem("token");
-        localStorage.removeItem("refresh_token");
-        setToken(null);
-      })
-      .finally(() => setLoading(false));
-  // eslint-disable-next-line react-hooks/exhaustive-deps
-  }, []); // intentionally runs once on mount only
+    void initializeAuth();
+  }, [initializeAuth]);
 
-  // ── Listen for token refresh events from ApiClient ──
-  // When the API client auto-refreshes tokens, it dispatches custom events
-  // so this context stays in sync without prop drilling.
   useEffect(() => {
     const handleTokensRefreshed = (e: Event) => {
-      const detail = (e as CustomEvent).detail;
-      if (detail?.accessToken) {
-        setToken(detail.accessToken);
-      }
-      if (detail?.user) {
-        setUser(detail.user);
-      }
+      syncTokensRefreshed((e as CustomEvent).detail);
     };
 
     const handleLoggedOut = () => {
-      setToken(null);
-      setUser(null);
+      syncLoggedOut();
     };
 
     window.addEventListener("auth:tokens-refreshed", handleTokensRefreshed);
@@ -77,46 +28,11 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
       window.removeEventListener("auth:tokens-refreshed", handleTokensRefreshed);
       window.removeEventListener("auth:logged-out", handleLoggedOut);
     };
-  }, []);
-
-  const login = useCallback(async (email: string, password: string) => {
-    const data = await api.post<{ access_token: string; refresh_token: string; user: User }>(
-      "/api/v1/auth/login",
-      { email, password }
-    );
-    localStorage.setItem("token", data.access_token);
-    localStorage.setItem("refresh_token", data.refresh_token);
-    setToken(data.access_token);
-    setUser(data.user);
-  }, []);
-
-  const register = useCallback(async (username: string, email: string, password: string) => {
-    const data = await api.post<{ access_token: string; refresh_token: string; user: User }>(
-      "/api/v1/auth/register",
-      { username, email, password }
-    );
-    localStorage.setItem("token", data.access_token);
-    localStorage.setItem("refresh_token", data.refresh_token);
-    setToken(data.access_token);
-    setUser(data.user);
-  }, []);
-
-  const logout = useCallback(() => {
-    localStorage.removeItem("token");
-    localStorage.removeItem("refresh_token");
-    setToken(null);
-    setUser(null);
-  }, []);
+  }, [syncLoggedOut, syncTokensRefreshed]);
 
-  return (
-    <AuthContext.Provider value={{ user, token, loading, login, register, logout }}>
-      {children}
-    </AuthContext.Provider>
-  );
+  return <>{children}</>;
 }
 
 export function useAuth() {
-  const ctx = useContext(AuthContext);
-  if (!ctx) throw new Error("useAuth must be used within AuthProvider");
-  return ctx;
+  return useAuthStore();
 }

frontend/src/store/auth-store.ts

@@ -0,0 +1,124 @@
+"use client";
+
+import { create } from "zustand";
+import { api } from "@/lib/api";
+
+export interface AuthUser {
+  id: string;
+  username: string;
+  email: string;
+  is_admin: boolean;
+  created_at: string;
+}
+
+interface AuthStore {
+  user: AuthUser | null;
+  token: string | null;
+  loading: boolean;
+  initialized: boolean;
+  login: (email: string, password: string) => Promise<void>;
+  register: (username: string, email: string, password: string) => Promise<void>;
+  logout: () => void;
+  initializeAuth: () => Promise<void>;
+  syncTokensRefreshed: (detail?: { accessToken?: string; user?: AuthUser | null }) => void;
+  syncLoggedOut: () => void;
+}
+
+const getStoredToken = () =>
+  typeof window !== "undefined" ? localStorage.getItem("token") : null;
+
+const clearStoredTokens = () => {
+  if (typeof window === "undefined") return;
+  localStorage.removeItem("token");
+  localStorage.removeItem("refresh_token");
+};
+
+export const useAuthStore = create<AuthStore>((set, get) => ({
+  user: null,
+  token: getStoredToken(),
+  loading: !!getStoredToken(),
+  initialized: false,
+
+  async login(email, password) {
+    const data = await api.post<{ access_token: string; refresh_token: string; user: AuthUser }>(
+      "/api/v1/auth/login",
+      { email, password }
+    );
+
+    localStorage.setItem("token", data.access_token);
+    localStorage.setItem("refresh_token", data.refresh_token);
+    set({
+      token: data.access_token,
+      user: data.user,
+      loading: false,
+      initialized: true,
+    });
+  },
+
+  async register(username, email, password) {
+    const data = await api.post<{ access_token: string; refresh_token: string; user: AuthUser }>(
+      "/api/v1/auth/register",
+      { username, email, password }
+    );
+
+    localStorage.setItem("token", data.access_token);
+    localStorage.setItem("refresh_token", data.refresh_token);
+    set({
+      token: data.access_token,
+      user: data.user,
+      loading: false,
+      initialized: true,
+    });
+  },
+
+  logout() {
+    clearStoredTokens();
+    set({
+      token: null,
+      user: null,
+      loading: false,
+      initialized: true,
+    });
+  },
+
+  async initializeAuth() {
+    const { initialized, token } = get();
+    if (initialized) return;
+
+    const storedToken = token ?? getStoredToken();
+    if (!storedToken) {
+      set({ token: null, user: null, loading: false, initialized: true });
+      return;
+    }
+
+    set({ token: storedToken, loading: true });
+
+    try {
+      const user = await api.get<AuthUser>("/api/v1/auth/me", { token: storedToken });
+      set({ user, token: storedToken, loading: false, initialized: true });
+    } catch {
+      clearStoredTokens();
+      set({ user: null, token: null, loading: false, initialized: true });
+    }
+  },
+
+  syncTokensRefreshed(detail) {
+    if (!detail) return;
+
+    set((state) => ({
+      token: detail.accessToken ?? state.token,
+      user: detail.user ?? state.user,
+      loading: false,
+      initialized: true,
+    }));
+  },
+
+  syncLoggedOut() {
+    set({
+      token: null,
+      user: null,
+      loading: false,
+      initialized: true,
+    });
+  },
+}));

frontend/src/store/chat-store.ts

@@ -0,0 +1,68 @@
+"use client";
+
+import { create } from "zustand";
+
+export interface SourceChunk {
+  text: string;
+  filename: string;
+  page: number;
+  score: number;
+  confidence: number;
+}
+
+export interface ChatMsg {
+  id: string;
+  role: "user" | "assistant";
+  content: string;
+  sources: SourceChunk[];
+  isStreaming?: boolean;
+}
+
+type Setter<T> = T | ((prev: T) => T);
+
+interface ChatStore {
+  messages: ChatMsg[];
+  input: string;
+  streaming: boolean;
+  isTyping: boolean;
+  setMessages: (value: Setter<ChatMsg[]>) => void;
+  setInput: (value: Setter<string>) => void;
+  setStreaming: (value: Setter<boolean>) => void;
+  setIsTyping: (value: Setter<boolean>) => void;
+  resetChat: () => void;
+}
+
+const resolveValue = <T,>(value: Setter<T>, current: T): T =>
+  typeof value === "function" ? (value as (prev: T) => T)(current) : value;
+
+export const useChatStore = create<ChatStore>((set) => ({
+  messages: [],
+  input: "",
+  streaming: false,
+  isTyping: false,
+
+  setMessages(value) {
+    set((state) => ({ messages: resolveValue(value, state.messages) }));
+  },
+
+  setInput(value) {
+    set((state) => ({ input: resolveValue(value, state.input) }));
+  },
+
+  setStreaming(value) {
+    set((state) => ({ streaming: resolveValue(value, state.streaming) }));
+  },
+
+  setIsTyping(value) {
+    set((state) => ({ isTyping: resolveValue(value, state.isTyping) }));
+  },
+
+  resetChat() {
+    set({
+      messages: [],
+      input: "",
+      streaming: false,
+      isTyping: false,
+    });
+  },
+}));