Spaces:

holistic-ai
/

AgentGraph

Sleeping

wu981526092 commited on Aug 31, 2025

Commit

032c9f9

1 Parent(s): 8e9b60e

🔒 Implement User Privacy Protection for HF Spaces

✅ Problem solved:
• Fixed multi-user data sharing issue in HF Spaces environment
• All users were seeing each other's uploaded traces and data
• SQLite database was globally shared across all sessions

🎯 Root cause analysis:
• HF Spaces containers share the same persistent database file
• All users access the same datasets/db/agent_monitoring.db instance
• No user session isolation or data privacy protection

⚡ Privacy solutions implemented:
• HF Spaces detection: Check SPACE_ID environment variable
• In-memory database: Use sqlite:///:memory: for HF Spaces
• Session isolation: Each container restart gets fresh database
• Local development: Still uses persistent file database

🚀 User experience improvements:
• Added privacy notice banner for HF Spaces users
• Clear messaging about data temporariness
• Backend logging shows database type on startup
• Frontend detects HF environment automatically

🔒 Security impact:
• Eliminates cross-user data visibility
• Prevents sensitive trace information leakage
• Ensures session-based data isolation
• Maintains full functionality while protecting privacy

Files changed (4) hide show

backend/app.py +8 -0
backend/database/__init__.py +13 -2
frontend/src/components/layout/MainWorkspace.tsx +13 -0
frontend/src/lib/config.ts +11 -0

backend/app.py CHANGED Viewed

@@ -77,6 +77,14 @@ async def startup_event():
     try:
         from backend.database.init_db import init_database
         init_database(reset=False, force=False)
         logger.info("🗄️ Database initialized successfully")
     except Exception as e:
         logger.error(f"❌ Database initialization failed: {e}")

     try:
         from backend.database.init_db import init_database
         init_database(reset=False, force=False)
+        # Show database type info
+        if os.getenv("SPACE_ID"):
+            logger.info("🔒 HF Spaces: Using in-memory database for user privacy")
+            logger.info("📝 Note: Data will be cleared when container restarts")
+        else:
+            logger.info("💾 Local development: Using persistent database")
         logger.info("🗄️ Database initialized successfully")
     except Exception as e:
         logger.error(f"❌ Database initialization failed: {e}")

backend/database/__init__.py CHANGED Viewed

@@ -11,8 +11,19 @@ from sqlalchemy.orm import sessionmaker, scoped_session
 # Get the absolute path to the project root directory
 ROOT_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
-# Database URL with absolute path
-DATABASE_URL = f"sqlite:///{os.path.join(ROOT_DIR, 'datasets/db/agent_monitoring.db')}"
 # Create engine
 engine = create_engine(DATABASE_URL, connect_args={"check_same_thread": False})

 # Get the absolute path to the project root directory
 ROOT_DIR = os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
+# Database URL - Use in-memory SQLite for HF Spaces to avoid data sharing between users
+# This ensures each container restart gets a fresh database
+import uuid
+session_id = str(uuid.uuid4())[:8]
+# For HF Spaces: Use in-memory database to prevent user data sharing
+# For local development: Use file database
+if os.getenv("SPACE_ID"):  # HF Spaces environment
+    DATABASE_URL = "sqlite:///:memory:"
+    print(f"🔒 HF Spaces: Using in-memory database (session: {session_id})")
+else:
+    DATABASE_URL = f"sqlite:///{os.path.join(ROOT_DIR, 'datasets/db/agent_monitoring.db')}"
+    print(f"💾 Local: Using persistent database")
 # Create engine
 engine = create_engine(DATABASE_URL, connect_args={"check_same_thread": False})

frontend/src/components/layout/MainWorkspace.tsx CHANGED Viewed

@@ -16,6 +16,7 @@ import { ConnectionsView } from "../features/connections/ConnectionsView";
 import { UploadView } from "../features/upload/UploadView";
 import { Button } from "@/components/ui/button";
 import { ArrowLeft } from "lucide-react";
 interface MainWorkspaceProps {
   isSidebarCollapsed: boolean;
@@ -391,6 +392,18 @@ export function MainWorkspace({
         </div>
       )}
       {/* Main Content */}
       <div className="flex-1 flex flex-col min-h-0">{renderView()}</div>
     </div>

 import { UploadView } from "../features/upload/UploadView";
 import { Button } from "@/components/ui/button";
 import { ArrowLeft } from "lucide-react";
+import { IS_HF_SPACES } from "@/lib/config";
 interface MainWorkspaceProps {
   isSidebarCollapsed: boolean;
         </div>
       )}
+      {/* HF Spaces Privacy Notice */}
+      {IS_HF_SPACES && (
+        <div className="bg-amber-50 border-b border-amber-200 px-6 py-3 text-sm text-amber-800 flex items-center gap-2">
+          <span className="text-amber-600">🔒</span>
+          <span>
+            <strong>Privacy Notice:</strong> You're using AgentGraph on Hugging Face Spaces.
+            Your data is stored in a temporary session and will be cleared when the container restarts.
+            Data is not shared between users or sessions.
+          </span>
+        </div>
+      )}
       {/* Main Content */}
       <div className="flex-1 flex flex-col min-h-0">{renderView()}</div>
     </div>

frontend/src/lib/config.ts CHANGED Viewed

@@ -24,3 +24,14 @@ export const getApiBase = () => {
 };
 export const API_BASE = getApiBase();

 };
 export const API_BASE = getApiBase();
+// Check if running on Hugging Face Spaces
+export const isHuggingFaceSpaces = () => {
+  if (typeof window === "undefined") return false;
+  return window.location.hostname.includes("huggingface.co") ||
+         window.location.hostname.includes("hf.space") ||
+         window.location.hostname.endsWith(".hf.space");
+};
+export const IS_HF_SPACES = isHuggingFaceSpaces();