feat(web-search): use Google Custom Search for live web results

FILE_STRUCTURE.md

@@ -1,82 +0,0 @@
-# IntegraChat - Current File Structure
-
-```
-IntegraChat/
-├── backend/
-│   ├── api/
-│   │   ├── main.py                          # FastAPI main application
-│   │   ├── mcp_clients/
-│   │   │   ├── admin_client.py              # Admin MCP client
-│   │   │   ├── mcp_client.py                # Main MCP client wrapper
-│   │   │   ├── rag_client.py                # RAG MCP client
-│   │   │   └── web_client.py                 # Web search MCP client
-│   │   ├── models/
-│   │   │   ├── __init__.py
-│   │   │   ├── agent.py                     # Agent request/response models
-│   │   │   └── redflag.py                   # Red flag rule models
-│   │   ├── routes/
-│   │   │   ├── admin.py                     # Admin routes
-│   │   │   ├── agent.py                     # Agent chat routes
-│   │   │   ├── analytics.py                 # Analytics routes
-│   │   │   ├── rag.py                       # RAG routes
-│   │   │   └── web.py                       # Web search routes
-│   │   ├── services/
-│   │   │   ├── agent_orchestrator.py        # Main orchestrator (multi-tool execution)
-│   │   │   ├── intent_classifier.py         # Intent classification service
-│   │   │   ├── llm_client.py                # LLM client (Ollama/Groq)
-│   │   │   ├── prompt_builder.py            # Prompt building utilities
-│   │   │   ├── redflag_detector.py          # Red flag detection service
-│   │   │   └── tool_selector.py             # Multi-tool selection logic
-│   │   └── utils/
-│   │       └── text_extractor.py            # Text extraction utilities
-│   ├── mcp_server/
-│   │   ├── server.py                        # Unified MCP entrypoint (rag/web/admin)
-│   │   ├── rag/                             # RAG tool handlers (search/ingest/delete)
-│   │   ├── web/                             # Web search tool handler
-│   │   ├── admin/                           # Admin rules + violations tools
-│   │   └── common/                          # Shared tenant/logging/utils helpers
-│   ├── tests/
-│   │   ├── conftest.py                      # Pytest configuration
-│   │   ├── test_agent_orchestrator.py       # Orchestrator tests
-│   │   └── test_intent.py                   # Intent classification tests
-│   └── workers/                             # Background workers (empty)
-│
-├── venv/                                    # Python virtual environment
-├── env.example                              # Environment variables template
-├── pytest.ini                               # Pytest configuration
-├── README.md                                # Project documentation
-├── requirements.txt                         # Python dependencies
-└── start.bat                                # Windows startup script
-```
-
-## Key Files Overview
-
-### Core Services
-- **`agent_orchestrator.py`** - Main orchestrator handling multi-tool execution
-- **`tool_selector.py`** - Intelligent multi-tool selection (RAG + Web + LLM)
-- **`intent_classifier.py`** - Classifies user intent
-- **`redflag_detector.py`** - Detects policy violations
-
-### MCP Servers
-- **`backend/mcp_server/server.py`** - Unified MCP entrypoint (rag/web/admin tools)
-- **`backend/mcp_server/rag/*.py`** - RAG tool handlers (search/ingest/delete)
-- **`backend/mcp_server/web/search.py`** - DuckDuckGo handler
-- **`backend/mcp_server/admin/*.py`** - Admin rules & violations tools
-
-### API Routes
-- **`agent.py`** - Main chat/agent endpoint
-- **`rag.py`** - RAG operations
-- **`web.py`** - Web search operations
-- **`admin.py`** - Admin operations
-- **`analytics.py`** - Analytics endpoints
-
-### Models
-- **`agent.py`** - AgentRequest, AgentDecision, AgentResponse
-- **`redflag.py`** - RedFlagRule, RedFlagMatch
-
-### MCP Clients
-- **`mcp_client.py`** - Unified MCP client wrapper
-- **`rag_client.py`** - RAG client
-- **`web_client.py`** - Web search client
-- **`admin_client.py`** - Admin client
-

RULES_EXAMPLES.md

@@ -1,292 +0,0 @@
-# Admin Rules Examples for IntegraChat
-
-This document provides examples of rules you can use with the IntegraChat admin rules system.
-
-## Quick Start
-
-1. **Simple Rules** - Copy from `example_rules.txt` and paste into Gradio UI or Next.js frontend
-2. **File Upload** - Drag and drop or upload TXT, PDF, DOC, or DOCX files directly
-3. **Detailed Rules** - Use `example_rules_detailed.json` for rules with patterns and severity
-4. **API** - Use the `/admin/rules`, `/admin/rules/bulk`, or `/admin/rules/upload-file` endpoints
-
-## Rule Categories
-
-### 🔴 Critical Severity Rules
-
-These rules block the most sensitive information:
-
-```
-Block password disclosure requests
-Prevent sharing of API keys or tokens
-No sharing of credit card information
-Block requests for bank account details
-Prevent sharing of health information
-No disclosure of children's personal information
-```
-
-### 🟠 High Severity Rules
-
-Important security and compliance rules:
-
-```
-Block social security number requests
-Prevent disclosure of proprietary information
-No unauthorized access to financial records
-Block requests to delete system logs
-Prevent unauthorized system configuration changes
-No sharing of infrastructure credentials
-```
-
-### 🟡 Medium Severity Rules
-
-Operational and compliance rules:
-
-```
-Block requests for employee personal information
-Prevent sharing of customer data without authorization
-Block requests for confidential business strategies
-Prevent disclosure of personal data of EU citizens
-Block requests for generating harmful content
-Prevent creation of misleading information
-```
-
-### 🟢 Low Severity Rules
-
-General business rules:
-
-```
-Block requests for competitor pricing information
-Prevent sharing of upcoming product launch details
-No disclosure of vendor contract terms
-Block requests for customer churn analysis data
-```
-
-## Using Rules with Patterns
-
-For more precise matching, you can specify regex patterns:
-
-### Example 1: Password Detection
-```json
-{
-  "rule": "Block password disclosure requests",
-  "pattern": ".*(password|pwd|passcode|credential|login).*",
-  "severity": "high",
-  "description": "Prevents users from requesting or sharing passwords"
-}
-```
-
-### Example 2: API Key Detection
-```json
-{
-  "rule": "Prevent sharing of API keys or tokens",
-  "pattern": ".*(api.?key|token|secret|access.?key|auth.?token).*",
-  "severity": "critical",
-  "description": "Blocks requests to share API keys or tokens"
-}
-```
-
-### Example 3: Credit Card Detection
-```json
-{
-  "rule": "No sharing of credit card information",
-  "pattern": ".*(credit.?card|card.?number|cvv|cvc|expiration).*",
-  "severity": "critical",
-  "description": "Blocks credit card information sharing"
-}
-```
-
-## Adding Rules
-
-### Method 1: Via Gradio UI (Easiest)
-
-1. Open the IntegraChat Gradio interface
-2. Go to "Admin Rules & Compliance" tab
-3. Enter your tenant ID
-4. **Option A - Text Input**: Paste rules from `example_rules.txt` (one per line) and click "Upload / Append Rules"
-5. **Option B - File Upload**: Drag and drop or click to upload a TXT, PDF, DOC, or DOCX file containing rules
-6. Rules are automatically enhanced by LLM (identifies edge cases, improves patterns)
-7. Comment lines (starting with #) are automatically ignored
-
-### Method 2: Via Next.js Frontend
-
-1. Navigate to `/admin-rules` page
-2. Enter your tenant ID in the navbar
-3. **Text Input**: Paste rules in the text area and click "Upload / Append Rules"
-4. **File Upload**: Drag and drop files or click the drop zone to upload
-5. Click "Refresh Rules" to see your uploaded rules
-
-### Method 3: Via API (Programmatic)
-
-**Single Rule:**
-```bash
-curl -X POST http://localhost:8000/admin/rules \
-  -H "Content-Type: application/json" \
-  -H "x-tenant-id: your_tenant_id" \
-  -d '{
-    "rule": "Block password disclosure requests",
-    "pattern": ".*(password|pwd|passcode).*",
-    "severity": "high",
-    "description": "Prevents password sharing"
-  }'
-```
-
-**Bulk Rules:**
-```bash
-curl -X POST "http://localhost:8000/admin/rules/bulk?enhance=true" \
-  -H "Content-Type: application/json" \
-  -H "x-tenant-id: your_tenant_id" \
-  -d '{
-    "rules": [
-      "Block password disclosure requests",
-      "Prevent sharing of API keys",
-      "No sharing of credit card information"
-    ]
-  }'
-```
-
-**File Upload:**
-```bash
-curl -X POST "http://localhost:8000/admin/rules/upload-file?enhance=true" \
-  -H "x-tenant-id: your_tenant_id" \
-  -F "file=@example_rules.txt"
-```
-
-### Method 4: Using Python
-
-```python
-import requests
-
-BASE_URL = "http://localhost:8000"
-TENANT_ID = "your_tenant_id"
-
-# Add single rule
-response = requests.post(
-    f"{BASE_URL}/admin/rules",
-    json={
-        "rule": "Block password disclosure requests",
-        "pattern": ".*(password|pwd).*",
-        "severity": "high"
-    },
-    headers={"x-tenant-id": TENANT_ID}
-)
-
-# Add bulk rules
-response = requests.post(
-    f"{BASE_URL}/admin/rules/bulk",
-    json={
-        "rules": [
-            "Block password disclosure requests",
-            "Prevent sharing of API keys"
-        ]
-    },
-    headers={"x-tenant-id": TENANT_ID}
-)
-```
-
-## Rule Enhancement
-
-When you add rules, the LLM will automatically:
-- ✅ Identify edge cases (e.g., "password" → also catches "pwd", "passcode")
-- ✅ Improve regex patterns for better matching
-- ✅ Suggest appropriate severity levels
-- ✅ Write clear descriptions
-- ✅ Process rules in chunks (5 at a time) to avoid timeouts
-- ✅ Handle large rule sets efficiently
-
-**Note**: Enhancement can be disabled by setting `enhance=false` in the API query parameter, but it's enabled by default for better rule quality.
-
-**Example:**
-- **Input:** `Block password queries`
-- **Enhanced:** 
-  - Pattern: `.*password.*|.*pwd.*|.*passcode.*`
-  - Severity: `high`
-  - Edge cases: ["pwd", "passcode", "login credentials"]
-
-## Testing Rules
-
-After adding rules, test them by asking questions that should be blocked:
-
-```
-❌ "What is the admin password?"
-❌ "Can you share the API key?"
-❌ "Show me credit card numbers"
-❌ "What's the SSN for user 123?"
-
-✅ "How do I reset my password?" (if rule allows)
-✅ "What is password hashing?" (educational, not disclosure)
-```
-
-## Best Practices
-
-1. **Start Simple** - Begin with basic rules, then add patterns
-2. **Use File Upload** - For large rule sets, upload from files instead of typing manually
-3. **Leverage LLM Enhancement** - Let the system enhance your rules automatically
-4. **Test Thoroughly** - Test rules with various phrasings
-5. **Review Edge Cases** - Check if rules block legitimate queries
-6. **Use Appropriate Severity** - Match severity to risk level (low for brief responses, high for blocking)
-7. **Comment Lines** - Use `#` for comments in rule files - they're automatically ignored
-8. **Regular Updates** - Review and update rules periodically
-9. **Document Patterns** - Add descriptions explaining what each rule blocks
-10. **Chunk Processing** - Large uploads are automatically chunked - be patient for 20+ rules
-
-## Common Patterns
-
-### Password Detection
-```
-.*(password|pwd|passcode|credential|login|auth).*
-```
-
-### Financial Information
-```
-.*(credit.?card|card.?number|cvv|bank.?account|routing).*
-```
-
-### Personal Information
-```
-.*(ssn|social.?security|tax.?id|personal.?data|pii).*
-```
-
-### API/Security
-```
-.*(api.?key|token|secret|access.?key|auth.?token).*
-```
-
-### Health Information
-```
-.*(health|medical|patient|hipaa|diagnosis).*
-```
-
-## Viewing Rules
-
-```bash
-# Get all rules
-curl http://localhost:8000/admin/rules \
-  -H "x-tenant-id: your_tenant_id"
-
-# Get detailed rules with patterns
-curl "http://localhost:8000/admin/rules?detailed=true" \
-  -H "x-tenant-id: your_tenant_id"
-```
-
-## Deleting Rules
-
-```bash
-curl -X DELETE http://localhost:8000/admin/rules/Block%20password%20disclosure%20requests \
-  -H "x-tenant-id: your_tenant_id"
-```
-
-## Monitoring Violations
-
-```bash
-# Get recent violations
-curl http://localhost:8000/admin/violations \
-  -H "x-tenant-id: your_tenant_id"
-```
-
-## Need Help?
-
-- Check `example_rules.txt` for simple rule examples
-- See `example_rules_detailed.json` for advanced patterns
-- Review the API documentation in `README.md`
-- Test rules in the Gradio UI before deploying
-

SUPABASE_MIGRATION_COMPLETE.md

@@ -1,125 +0,0 @@
-# Supabase Migration Complete ✅
-
-After running the migration, your data is now in Supabase. This document explains how to ensure **all future data** is saved to Supabase instead of SQLite.
-
-## ✅ What's Already Configured
-
-Both `RulesStore` and `AnalyticsStore` automatically detect and use Supabase when credentials are available. They will:
-
-1. **Check for Supabase credentials** in your `.env` file
-2. **Use Supabase if available** (preferred)
-3. **Fall back to SQLite** only if Supabase is not configured
-
-## 🔧 Required Configuration
-
-To ensure Supabase is used for all future data, make sure your `.env` file has:
-
-```env
-# Required for runtime (REST API)
-SUPABASE_URL=https://your-project-id.supabase.co
-SUPABASE_SERVICE_KEY=your_service_role_key_here
-
-# Optional: For direct PostgreSQL connection (migration only)
-POSTGRESQL_URL=postgresql://postgres:password@db.xxxxx.supabase.co:5432/postgres
-```
-
-**Important:**
-- `SUPABASE_URL` and `SUPABASE_SERVICE_KEY` are **required** for runtime
-- `POSTGRESQL_URL` is optional (only needed for migration script)
-- Both stores use the Supabase REST API at runtime, not direct PostgreSQL
-
-## ✅ Verify Configuration
-
-Run the verification script to confirm Supabase is configured:
-
-```bash
-python verify_supabase_setup.py
-```
-
-This will show:
-- ✅ Which backend each store is using
-- ⚠️  Any missing configuration
-- 📋 Summary of what will be saved where
-
-## 🚀 After Configuration
-
-1. **Restart your services:**
-   ```bash
-   # Stop your FastAPI server
-   # Stop your MCP server
-   # Then restart them
-   ```
-
-2. **Check startup logs:**
-   You should see messages like:
-   ```
-   ✅ RulesStore: Using Supabase backend
-   ✅ AnalyticsStore: Using Supabase backend
-   ✅ AgentOrchestrator Analytics: Using Supabase backend
-   ```
-
-3. **Test by adding data:**
-   - Add a rule via the admin panel
-   - Make a query to generate analytics
-   - Check Supabase Dashboard → Table Editor to verify data appears
-
-## 📊 Where Data is Saved
-
-| Data Type | Storage Location | Configuration |
-|-----------|-----------------|---------------|
-| Admin Rules | Supabase `admin_rules` table | `SUPABASE_URL` + `SUPABASE_SERVICE_KEY` |
-| Analytics Events | Supabase analytics tables | `SUPABASE_URL` + `SUPABASE_SERVICE_KEY` |
-| Tool Usage | Supabase `tool_usage_events` | `SUPABASE_URL` + `SUPABASE_SERVICE_KEY` |
-| Red Flags | Supabase `redflag_violations` | `SUPABASE_URL` + `SUPABASE_SERVICE_KEY` |
-| RAG Searches | Supabase `rag_search_events` | `SUPABASE_URL` + `SUPABASE_SERVICE_KEY` |
-| Agent Queries | Supabase `agent_query_events` | `SUPABASE_URL` + `SUPABASE_SERVICE_KEY` |
-
-## 🔍 Troubleshooting
-
-### Data still going to SQLite?
-
-1. **Check your `.env` file:**
-   ```bash
-   # Make sure these are set (no quotes, no spaces)
-   SUPABASE_URL=https://xxxxx.supabase.co
-   SUPABASE_SERVICE_KEY=eyJ... (full key)
-   ```
-
-2. **Verify credentials:**
-   ```bash
-   python verify_supabase_key.py
-   ```
-
-3. **Check startup logs:**
-   Look for warnings like:
-   ```
-   ⚠️  RulesStore: Using SQLite backend
-   ```
-   This means Supabase credentials are missing or invalid.
-
-4. **Restart services:**
-   Environment variables are loaded at startup. After changing `.env`, restart your services.
-
-### Tables don't exist?
-
-If you see errors about missing tables:
-
-1. Go to Supabase Dashboard → SQL Editor
-2. Run `supabase_admin_rules_table.sql` (for rules)
-3. Run `supabase_analytics_tables.sql` (for analytics)
-
-### API Key errors?
-
-- Make sure you're using the **service_role** key (not anon key)
-- Key should be ~200+ characters long
-- No quotes or spaces around the value in `.env`
-
-## 📝 Summary
-
-✅ **Migration complete** - Your existing data is in Supabase  
-✅ **Auto-detection enabled** - Stores automatically use Supabase when configured  
-✅ **Startup logging** - You'll see which backend is being used  
-✅ **Verification script** - Run `verify_supabase_setup.py` to check configuration  
-
-**Next time you add rules or generate analytics, they will automatically be saved to Supabase!** 🎉
-

SUPABASE_SETUP.md

@@ -1,130 +0,0 @@
-# Supabase Setup for Admin Rules
-
-This guide will help you set up Supabase to store admin rules instead of SQLite.
-
-## Step 1: Create the Table in Supabase
-
-1. **Go to your Supabase Dashboard**
-   - Navigate to: https://app.supabase.com
-   - Select your project
-
-2. **Open SQL Editor**
-   - Click on "SQL Editor" in the left sidebar
-   - Click "New query"
-
-3. **Run the SQL Script**
-   - Copy the contents of `supabase_admin_rules_table.sql`
-   - Paste it into the SQL Editor
-   - Click "Run" to execute
-
-   This will create:
-   - `admin_rules` table with all necessary columns
-   - Indexes for performance
-   - Row Level Security (RLS) policies
-   - Automatic timestamp updates
-
-## Step 2: Configure Environment Variables
-
-Make sure your `.env` file has Supabase credentials:
-
-```env
-SUPABASE_URL=https://your-project.supabase.co
-SUPABASE_SERVICE_KEY=your_service_role_key_here
-```
-
-**Important:** Use the **Service Role Key** (not the anon key) for full access.
-
-To find your keys:
-1. Go to Supabase Dashboard → Settings → API
-2. Copy the "Project URL" → `SUPABASE_URL`
-3. Copy the "service_role" key → `SUPABASE_SERVICE_KEY`
-
-## Step 3: Verify Setup
-
-The `RulesStore` will automatically use Supabase if:
-- `SUPABASE_URL` is set
-- `SUPABASE_SERVICE_KEY` is set
-- Supabase Python client is installed (`pip install supabase`)
-
-If Supabase is not configured, it will fall back to SQLite automatically.
-
-## Step 4: Test the Integration
-
-You can test if rules are being saved to Supabase:
-
-```python
-from backend.api.storage.rules_store import RulesStore
-
-store = RulesStore()
-print(f"Using Supabase: {store.use_supabase}")
-
-# Add a test rule
-store.add_rule("test_tenant", "Test rule", severity="high")
-print("Rule added!")
-
-# Get rules
-rules = store.get_rules("test_tenant")
-print(f"Rules: {rules}")
-```
-
-## Step 5: View Rules in Supabase
-
-1. Go to Supabase Dashboard → Table Editor
-2. Select the `admin_rules` table
-3. You should see all your rules with tenant isolation
-
-## Supabase Analytics Tables
-
-To move analytics off SQLite, create the Supabase tables that mirror the local schema:
-
-1. Open the Supabase SQL Editor.
-2. Copy the contents of `supabase_analytics_tables.sql`.
-3. Run the script. It creates the following tables with indexes + RLS policies:
-   - `tool_usage_events`
-   - `redflag_violations`
-   - `rag_search_events`
-   - `agent_query_events`
-
-After the tables exist, the backend automatically detects Supabase credentials and writes analytics there (falling back to SQLite only when credentials or the Supabase client are missing).
-
-## Migration from SQLite
-
-If you already have local data that should be moved to Supabase, use the helper script:
-
-```bash
-python migrate_sqlite_to_supabase.py
-```
-
-The script:
-- Loads `.env` for Supabase credentials
-- Copies `data/admin_rules.db` → `admin_rules`
-- Copies all analytics tables in `data/analytics.db` → Supabase equivalents
-- Skips tables that already contain Supabase rows (pass `--force` to override)
-
-> **Tip:** Back up your SQLite databases before migrating. The script does not delete local data.
-
-## Troubleshooting
-
-### Rules not appearing in Supabase
-- Check that RLS policies allow your service role to read/write
-- Verify environment variables are set correctly
-- Check Supabase logs for errors
-
-### Fallback to SQLite
-- If Supabase credentials are missing, it automatically uses SQLite
-- Check your `.env` file has correct values
-- Restart your FastAPI server after changing `.env`
-
-### Permission Errors
-- Make sure you're using the **service_role** key (not anon key)
-- Check RLS policies in Supabase allow service role access
-
-## Benefits of Using Supabase
-
-✅ **Scalability** - Handle millions of rules  
-✅ **Multi-region** - Global availability  
-✅ **Backups** - Automatic backups  
-✅ **Real-time** - Can subscribe to changes  
-✅ **Security** - Row Level Security built-in  
-✅ **Analytics** - Built-in query performance monitoring  
-

TESTING_GUIDE.md

@@ -1,421 +0,0 @@
-# IntegraChat Testing Guide
-
-This guide explains how to test all the new features and improvements in IntegraChat.
-
-## Prerequisites
-
-1. **Install Dependencies**
-   ```bash
-   pip install -r requirements.txt
-   ```
-
-2. **Environment Setup**
-   - Create a `.env` file or set environment variables
-   - Optional: Set up Ollama for LLM testing
-   - Optional: Set up Supabase for production analytics
-
-## Test Structure
-
-### 1. Unit Tests
-
-Run unit tests for individual components:
-
-```bash
-# Run all unit tests
-pytest backend/tests/
-
-# Run specific test files
-pytest backend/tests/test_analytics_store.py -v
-pytest backend/tests/test_enhanced_admin_rules.py -v
-pytest backend/tests/test_api_endpoints.py -v
-
-# Run with coverage
-pytest backend/tests/ --cov=backend/api --cov-report=html
-```
-
-### 2. Integration Tests
-
-Test API endpoints with the FastAPI test client:
-
-```bash
-pytest backend/tests/test_api_endpoints.py -v
-```
-
-**Note**: Some integration tests may fail if MCP servers or LLM are not running. That's expected.
-
-### 3. Manual Testing Scripts
-
-Create test data and verify functionality manually:
-
-#### A. Test Analytics Store
-
-```bash
-python -c "
-from backend.api.storage.analytics_store import AnalyticsStore
-import time
-
-store = AnalyticsStore()
-
-# Log tool usage
-store.log_tool_usage('test_tenant', 'rag', latency_ms=150, tokens_used=500, success=True)
-store.log_tool_usage('test_tenant', 'web', latency_ms=80, success=True)
-
-# Log red-flag violation
-store.log_redflag_violation(
-    'test_tenant', 
-    'rule1', 
-    '.*password.*', 
-    'high',
-    'password123',
-    confidence=0.95
-)
-
-# Log RAG search
-store.log_rag_search('test_tenant', 'test query', hits_count=5, avg_score=0.85, top_score=0.92)
-
-# Log agent query
-store.log_agent_query('test_tenant', 'test message', intent='rag', tools_used=['rag', 'llm'], total_tokens=1000)
-
-# Get stats
-print('Tool Usage:', store.get_tool_usage_stats('test_tenant'))
-print('Violations:', store.get_redflag_violations('test_tenant'))
-print('Activity:', store.get_activity_summary('test_tenant'))
-print('RAG Quality:', store.get_rag_quality_metrics('test_tenant'))
-"
-```
-
-#### B. Test Admin Rules with Regex
-
-```bash
-python -c "
-from backend.api.storage.rules_store import RulesStore
-import re
-
-store = RulesStore()
-
-# Add rule with regex pattern
-store.add_rule(
-    'test_tenant',
-    'Block password queries',
-    pattern='.*password.*|.*pwd.*',
-    severity='high',
-    description='Blocks password-related queries'
-)
-
-# Get detailed rules
-rules = store.get_rules_detailed('test_tenant')
-print('Rules:', rules)
-
-# Test regex matching
-pattern = rules[0]['pattern']
-regex = re.compile(pattern, re.IGNORECASE)
-test_text = 'What is my password?'
-match = regex.search(test_text)
-print(f'Match for \"{test_text}\": {match is not None}')
-"
-```
-
-## API Endpoint Testing
-
-### Using curl
-
-#### 1. Test Analytics Endpoints
-
-```bash
-# Overview
-curl -X GET "http://localhost:8000/analytics/overview?days=30" \
-  -H "x-tenant-id: test_tenant"
-
-# Tool Usage
-curl -X GET "http://localhost:8000/analytics/tool-usage?days=30" \
-  -H "x-tenant-id: test_tenant"
-
-# RAG Quality
-curl -X GET "http://localhost:8000/analytics/rag-quality?days=30" \
-  -H "x-tenant-id: test_tenant"
-
-# Red Flags
-curl -X GET "http://localhost:8000/analytics/redflags?limit=50&days=30" \
-  -H "x-tenant-id: test_tenant"
-```
-
-#### 2. Test Admin Endpoints
-
-```bash
-# Add rule with regex and severity
-curl -X POST "http://localhost:8000/admin/rules" \
-  -H "x-tenant-id: test_tenant" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "rule": "Block password queries",
-    "pattern": ".*password.*",
-    "severity": "high",
-    "description": "Blocks password-related queries"
-  }'
-
-# Get detailed rules
-curl -X GET "http://localhost:8000/admin/rules?detailed=true" \
-  -H "x-tenant-id: test_tenant"
-
-# Get violations
-curl -X GET "http://localhost:8000/admin/violations?limit=50&days=30" \
-  -H "x-tenant-id: test_tenant"
-
-# Get tool logs
-curl -X GET "http://localhost:8000/admin/tools/logs?tool_name=rag&days=7" \
-  -H "x-tenant-id: test_tenant"
-```
-
-#### 3. Test Agent Endpoints
-
-```bash
-# Agent chat (normal)
-curl -X POST "http://localhost:8000/agent/message" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "tenant_id": "test_tenant",
-    "message": "What is the company policy?",
-    "temperature": 0.0
-  }'
-
-# Agent debug
-curl -X POST "http://localhost:8000/agent/debug" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "tenant_id": "test_tenant",
-    "message": "What is the company policy?",
-    "temperature": 0.0
-  }'
-
-# Agent plan
-curl -X POST "http://localhost:8000/agent/plan" \
-  -H "Content-Type: application/json" \
-  -d '{
-    "tenant_id": "test_tenant",
-    "message": "What is the company policy?",
-    "temperature": 0.0
-  }'
-```
-
-### Using Python requests
-
-Create a test script `test_api_manual.py`:
-
-```python
-import requests
-import json
-
-BASE_URL = "http://localhost:8000"
-TENANT_ID = "test_tenant"
-
-headers = {"x-tenant-id": TENANT_ID}
-
-# Test analytics
-print("Testing Analytics Endpoints...")
-response = requests.get(f"{BASE_URL}/analytics/overview?days=30", headers=headers)
-print(f"Overview: {response.status_code} - {json.dumps(response.json(), indent=2)}")
-
-response = requests.get(f"{BASE_URL}/analytics/tool-usage?days=30", headers=headers)
-print(f"Tool Usage: {response.status_code} - {json.dumps(response.json(), indent=2)}")
-
-# Test admin rules
-print("\nTesting Admin Rules...")
-response = requests.post(
-    f"{BASE_URL}/admin/rules",
-    headers=headers,
-    json={
-        "rule": "Block password queries",
-        "pattern": ".*password.*",
-        "severity": "high"
-    }
-)
-print(f"Add Rule: {response.status_code} - {json.dumps(response.json(), indent=2)}")
-
-response = requests.get(
-    f"{BASE_URL}/admin/rules?detailed=true",
-    headers=headers
-)
-print(f"Get Rules: {response.status_code} - {json.dumps(response.json(), indent=2)}")
-
-# Test agent endpoints
-print("\nTesting Agent Endpoints...")
-response = requests.post(
-    f"{BASE_URL}/agent/plan",
-    json={
-        "tenant_id": TENANT_ID,
-        "message": "What is the company policy?",
-        "temperature": 0.0
-    }
-)
-print(f"Agent Plan: {response.status_code} - {json.dumps(response.json(), indent=2)}")
-```
-
-Run it:
-```bash
-python test_api_manual.py
-```
-
-## End-to-End Testing Workflow
-
-### Step 1: Start Backend Services
-
-```bash
-# Terminal 1: Start FastAPI backend
-cd backend/api
-uvicorn main:app --port 8000 --reload
-
-# Terminal 2: Start unified MCP server (rag/web/admin tools)
-python backend/mcp_server/server.py
-
-# Optional: Start Ollama for LLM
-ollama serve
-```
-
-### Step 2: Generate Test Data
-
-Run the analytics and rules tests to populate the database:
-
-```bash
-pytest backend/tests/test_analytics_store.py -v
-pytest backend/tests/test_enhanced_admin_rules.py -v
-```
-
-### Step 3: Test Agent Flow
-
-1. **Add some admin rules:**
-   ```bash
-   curl -X POST "http://localhost:8000/admin/rules" \
-     -H "x-tenant-id: test_tenant" \
-     -H "Content-Type: application/json" \
-     -d '{"rule": "Block password queries", "pattern": ".*password.*", "severity": "high"}'
-   ```
-
-2. **Send a query that triggers red-flag:**
-   ```bash
-   curl -X POST "http://localhost:8000/agent/message" \
-     -H "Content-Type: application/json" \
-     -d '{"tenant_id": "test_tenant", "message": "What is my password?"}'
-   ```
-
-3. **Check violations were logged:**
-   ```bash
-   curl -X GET "http://localhost:8000/admin/violations" \
-     -H "x-tenant-id: test_tenant"
-   ```
-
-4. **Send normal queries and check analytics:**
-   ```bash
-   curl -X POST "http://localhost:8000/agent/message" \
-     -H "Content-Type: application/json" \
-     -d '{"tenant_id": "test_tenant", "message": "What is the company policy?"}'
-   
-   curl -X GET "http://localhost:8000/analytics/overview" \
-     -H "x-tenant-id: test_tenant"
-   ```
-
-5. **Use debug endpoint to see reasoning:**
-   ```bash
-   curl -X POST "http://localhost:8000/agent/debug" \
-     -H "Content-Type: application/json" \
-     -d '{"tenant_id": "test_tenant", "message": "What is the company policy?"}'
-   ```
-
-### Step 4: Verify Database
-
-Check that data is being stored:
-
-```bash
-# SQLite databases are in data/ directory
-sqlite3 data/analytics.db "SELECT * FROM tool_usage_events LIMIT 10;"
-sqlite3 data/analytics.db "SELECT * FROM redflag_violations LIMIT 10;"
-sqlite3 data/admin_rules.db "SELECT * FROM admin_rules;"
-```
-
-## Testing Checklist
-
-### Analytics Store
-- [ ] Tool usage logging works
-- [ ] Red-flag violations are logged
-- [ ] RAG search events are logged with quality metrics
-- [ ] Agent query events are logged
-- [ ] Stats can be filtered by time
-- [ ] Multiple tenants are isolated
-
-### Admin Rules
-- [ ] Rules can be added with regex patterns
-- [ ] Severity levels work (low/medium/high/critical)
-- [ ] Rules without pattern use rule text
-- [ ] Disabled rules are not returned
-- [ ] Multiple tenants are isolated
-- [ ] Regex patterns actually match correctly
-
-### API Endpoints
-- [ ] `/analytics/overview` returns correct data
-- [ ] `/analytics/tool-usage` returns stats
-- [ ] `/analytics/rag-quality` returns metrics
-- [ ] `/admin/rules` accepts regex/severity
-- [ ] `/admin/violations` returns violations
-- [ ] `/admin/tools/logs` returns tool usage
-- [ ] `/agent/debug` returns reasoning trace
-- [ ] `/agent/plan` returns tool selection plan
-- [ ] Missing tenant_id returns 400
-
-### Integration
-- [ ] Agent orchestrator logs to analytics
-- [ ] Red-flag detector logs violations
-- [ ] Tool calls are tracked
-- [ ] Multi-step workflows are logged
-- [ ] Errors are logged correctly
-
-## Common Issues
-
-### Database Not Found
-- Ensure `data/` directory exists
-- Analytics store will create it automatically
-
-### Tests Fail Due to Missing Services
-- Some tests require MCP servers or LLM to be running
-- Mock these services or skip tests if services unavailable
-- Unit tests should work without external services
-
-### Import Errors
-- Ensure you're running from project root
-- Check that `backend/` is in Python path
-- Install all dependencies: `pip install -r requirements.txt`
-
-## Performance Testing
-
-For large-scale testing:
-
-```python
-# Load test analytics store
-from backend.api.storage.analytics_store import AnalyticsStore
-import time
-
-store = AnalyticsStore()
-tenant_id = "load_test_tenant"
-
-start = time.time()
-for i in range(1000):
-    store.log_tool_usage(tenant_id, "rag", latency_ms=100 + i % 50)
-    
-elapsed = time.time() - start
-print(f"Logged 1000 events in {elapsed:.2f}s ({1000/elapsed:.0f} events/sec)")
-
-# Query performance
-start = time.time()
-stats = store.get_tool_usage_stats(tenant_id)
-elapsed = time.time() - start
-print(f"Query took {elapsed*1000:.2f}ms")
-```
-
-## Next Steps
-
-1. **Add more test cases** for edge cases
-2. **Set up CI/CD** to run tests automatically
-3. **Add performance benchmarks** for analytics queries
-4. **Create integration test suite** that spins up all services
-5. **Add E2E tests** using Playwright or Selenium for frontend
-
-For questions or issues, check the test files in `backend/tests/` or refer to the main README.md.
-

backend/api/mcp_clients/web_client.py

@@ -4,51 +4,63 @@ from dotenv import load_dotenv
 
 load_dotenv()
 
+
 class WebClient:
     """
     Communicates with the Google Custom Search API.
     """
 
-    def __init__(self):
-        self.api_key = os.getenv("GOOGLE_SEARCH_API_KEY")
-        self.cx_id = os.getenv("GOOGLE_SEARCH_CX_ID")
+    def __init__(self) -> None:
         self.search_endpoint = "https://www.googleapis.com/customsearch/v1"
 
-    async def search(self, query: str):
+    async def search(self, query: str, max_results: int = 5, region: str = "us"):
         """
         Sends the query to Google Custom Search and returns search results.
         """
 
-        if not self.api_key or not self.cx_id:
-            print("Web Client Error: Google Custom Search credentials not configured.")
-            return []
+        max_results_value = self._sanitize_max_results(max_results)
+
+        api_key = os.getenv("GOOGLE_SEARCH_API_KEY")
+        cx_id = os.getenv("GOOGLE_SEARCH_CX_ID")
+        if not api_key or not cx_id:
+            raise RuntimeError("Google Custom Search credentials not configured.")
+
+        params = {
+            "key": api_key,
+            "cx": cx_id,
+            "q": query,
+            "num": max_results_value,
+            "gl": self._sanitize_region(region),
+        }
 
         try:
-            async with httpx.AsyncClient() as client:
-                response = await client.get(
-                    self.search_endpoint,
-                    params={
-                        "key": self.api_key,
-                        "cx": self.cx_id,
-                        "q": query,
-                        "num": 5,
-                    }
-                )
-
-            if response.status_code != 200:
-                return []
-
-            data = response.json()
-            items = data.get("items", [])
-            return [
-                {
-                    "title": item.get("title"),
-                    "link": item.get("link"),
-                    "snippet": item.get("snippet"),
-                }
-                for item in items
-            ]
-
-        except Exception as e:
-            print("Web Client Error:", e)
-            return []
+            async with httpx.AsyncClient(timeout=10) as client:
+                response = await client.get(self.search_endpoint, params=params)
+            response.raise_for_status()
+        except Exception as exc:
+            raise RuntimeError(f"Google Custom Search request failed: {exc}") from exc
+
+        data = response.json()
+        items = data.get("items", [])
+        return [
+            {
+                "title": item.get("title"),
+                "link": item.get("link"),
+                "snippet": item.get("snippet"),
+            }
+            for item in items
+        ]
+
+    @staticmethod
+    def _sanitize_max_results(value: int) -> int:
+        try:
+            return max(1, min(int(value), 10))
+        except (TypeError, ValueError):
+            raise RuntimeError("max_results must be an integer between 1 and 10.")
+
+    @staticmethod
+    def _sanitize_region(region: str) -> str:
+        region_value = (region or "us").lower().split("-", 1)[0]
+        if len(region_value) != 2:
+            return "us"
+        return region_value

backend/api/routes/admin.py

@@ -1,3 +1,6 @@
+import logging
+import os
+
 from fastapi import APIRouter, Header, HTTPException, Query, UploadFile, File
 from pydantic import BaseModel
 from typing import List, Optional, Dict, Any
@@ -9,22 +12,74 @@ from backend.api.services.rule_enhancer import RuleEnhancer
 from backend.api.services.document_ingestion import extract_text_from_file_bytes
 
 router = APIRouter()
+logger = logging.getLogger(__name__)
+from dotenv import load_dotenv
+
+load_dotenv()
 
 # Initialize stores (table creation disabled by default to avoid blocking startup)
 rules_store = RulesStore(auto_create_table=False)
-analytics_store = AnalyticsStore()
 rule_enhancer = RuleEnhancer()
 
-# Log which backend is being used
-if rules_store.use_supabase:
-    print("✅ RulesStore: Using Supabase backend")
-else:
-    print("⚠️  RulesStore: Using SQLite backend (set SUPABASE_URL + SUPABASE_SERVICE_KEY to use Supabase)")
+_analytics_store: Optional[AnalyticsStore] = None
+_analytics_disabled = os.getenv("ANALYTICS_DISABLED", "").lower() in {"1", "true", "yes"}
+_analytics_failed = False
+
+
+def _get_analytics_store() -> Optional[AnalyticsStore]:
+    global _analytics_store, _analytics_failed
+
+    if _analytics_disabled or _analytics_failed:
+        return None
+
+    if _analytics_store is not None:
+        return _analytics_store
+
+    try:
+        _analytics_store = AnalyticsStore()
+    except RuntimeError as exc:
+        logger.warning("Admin analytics disabled: %s", exc)
+        _analytics_failed = True
+        _analytics_store = None
+    except Exception as exc:  # pragma: no cover - unexpected failures
+        logger.debug("Admin analytics unexpected init failure: %s", exc)
+        _analytics_failed = True
+        _analytics_store = None
+
+    return _analytics_store
+
+
+def _get_analytics_or_503() -> AnalyticsStore:
+    store = _get_analytics_store()
+    if not store:
+        raise HTTPException(
+            status_code=503,
+            detail="Analytics is disabled or not configured (Supabase credentials missing).",
+        )
+    return store
+
+
+def _log_backend_status_once() -> None:
+    if getattr(_log_backend_status_once, "_already_logged", False):
+        return
+
+    if rules_store.use_supabase:
+        print("✅ RulesStore: Using Supabase backend")
+    else:
+        print("⚠️  RulesStore: Using SQLite backend (set SUPABASE_URL + SUPABASE_SERVICE_KEY to use Supabase)")
+
+    analytics = _get_analytics_store()
+    if analytics is None:
+        print("⚠️  AnalyticsStore: Disabled (Supabase not configured)")
+    elif analytics.use_supabase:
+        print("✅ AnalyticsStore: Using Supabase backend")
+    else:
+        print("⚠️  AnalyticsStore: Using fallback backend")
+
+    _log_backend_status_once._already_logged = True  # type: ignore[attr-defined]
+
 
-if analytics_store.use_supabase:
-    print("✅ AnalyticsStore: Using Supabase backend")
-else:
-    print("⚠️  AnalyticsStore: Using SQLite backend (set SUPABASE_URL + SUPABASE_SERVICE_KEY to use Supabase)")
+_log_backend_status_once()
 
 
 class RulePayload(BaseModel):
@@ -319,7 +374,8 @@ async def get_violations(
         raise HTTPException(status_code=400, detail="Missing tenant ID")
 
     since_timestamp = int((datetime.now() - timedelta(days=days)).timestamp()) if days else None
-    violations = analytics_store.get_redflag_violations(x_tenant_id, limit, since_timestamp)
+    analytics = _get_analytics_or_503()
+    violations = analytics.get_redflag_violations(x_tenant_id, limit, since_timestamp)
 
     # Convert timestamps to ISO format
     for violation in violations:
@@ -351,7 +407,8 @@ async def get_tool_logs(
 
     # For now, return aggregated stats. Full log querying would require extending AnalyticsStore
     since_timestamp = int((datetime.now() - timedelta(days=days)).timestamp()) if days else None
-    tool_stats = analytics_store.get_tool_usage_stats(x_tenant_id, since_timestamp)
+    analytics = _get_analytics_or_503()
+    tool_stats = analytics.get_tool_usage_stats(x_tenant_id, since_timestamp)
 
     # Filter by tool if specified
     if tool_name:

backend/api/routes/web.py

@@ -1,4 +1,4 @@
-from fastapi import APIRouter, Header, HTTPException
+from fastapi import APIRouter, Header, HTTPException, Query
 from api.mcp_clients.web_client import WebClient
 
 router = APIRouter()
@@ -8,21 +8,26 @@ web_client = WebClient()
 @router.post("/web/search")
 async def web_search(
     query: str,
-    x_tenant_id: str = Header(None)
+    max_results: int = Query(5, ge=1, le=10),
+    region: str = Query("us"),
+    x_tenant_id: str = Header(None),
 ):
     """
-    Perform a live internet search using the Web MCP server.
+    Perform a live Google Custom Search query for the tenant.
     """
 
     if not x_tenant_id:
         raise HTTPException(status_code=400, detail="Missing tenant ID")
 
     try:
-        results = await web_client.search(query)
+        results = await web_client.search(query, max_results=max_results, region=region)
         return {
             "tenant_id": x_tenant_id,
             "query": query,
-            "results": results
+            "results": results,
+            "metadata": {"max_results": max_results, "region": region},
         }
-    except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
+    except RuntimeError as exc:
+        raise HTTPException(status_code=500, detail=str(exc)) from exc
+    except Exception as exc:
+        raise HTTPException(status_code=500, detail="Web search failed") from exc

backend/api/services/agent_orchestrator.py

@@ -13,6 +13,7 @@ import asyncio
 import json
 import os
 from typing import List, Dict, Any, Optional
+import logging
 
 from ..models.agent import AgentRequest, AgentDecision, AgentResponse
 from ..models.redflag import RedFlagMatch
@@ -26,6 +27,11 @@ from ..storage.analytics_store import AnalyticsStore
 from .result_merger import merge_parallel_results, format_merged_context_for_prompt
 import time
 
+logger = logging.getLogger(__name__)
+
+from dotenv import load_dotenv
+
+load_dotenv()
 
 class AgentOrchestrator:
 
@@ -43,14 +49,84 @@ class AgentOrchestrator:
         self.intent = IntentClassifier(llm_client=self.llm)
         self.selector = ToolSelector(llm_client=self.llm)
         self.tool_scorer = ToolScoringService()
-        self.analytics = AnalyticsStore()
-        # Log backend being used (only once at startup)
-        if not hasattr(AgentOrchestrator, '_analytics_backend_logged'):
-            if self.analytics.use_supabase:
+
+        self._analytics: Optional[AnalyticsStore] = None
+        self._analytics_disabled = os.getenv("ANALYTICS_DISABLED", "").lower() in {"1", "true", "yes"}
+        self._analytics_failed = False
+        self._log_analytics_backend_once()
+
+    def _log_analytics_backend_once(self) -> None:
+        if getattr(AgentOrchestrator, "_analytics_backend_logged", False):
+            return
+
+        if self._analytics_disabled:
+            print("⚠️  AgentOrchestrator Analytics: Disabled via ANALYTICS_DISABLED")
+        else:
+            store = self._get_analytics()
+            if store is None:
+                print("⚠️  AgentOrchestrator Analytics: Disabled (Supabase not configured)")
+            elif store.use_supabase:
                 print("✅ AgentOrchestrator Analytics: Using Supabase backend")
             else:
-                print("⚠️  AgentOrchestrator Analytics: Using SQLite backend")
-            AgentOrchestrator._analytics_backend_logged = True
+                print("⚠️  AgentOrchestrator Analytics: Using fallback backend")
+
+        AgentOrchestrator._analytics_backend_logged = True
+
+    def _get_analytics(self) -> Optional[AnalyticsStore]:
+        if self._analytics_disabled or self._analytics_failed:
+            return None
+
+        if self._analytics is not None:
+            return self._analytics
+
+        try:
+            self._analytics = AnalyticsStore()
+        except RuntimeError as exc:
+            logger.warning("AgentOrchestrator analytics disabled: %s", exc)
+            self._analytics_failed = True
+            self._analytics = None
+        except Exception as exc:  # pragma: no cover - unexpected initialization failures
+            logger.debug("AgentOrchestrator analytics unexpected init failure: %s", exc)
+            self._analytics_failed = True
+            self._analytics = None
+
+        return self._analytics
+
+    def _analytics_log_tool_usage(self, **kwargs: Any) -> None:
+        analytics = self._get_analytics()
+        if not analytics:
+            return
+        try:
+            analytics.log_tool_usage(**kwargs)
+        except Exception as exc:  # pragma: no cover - analytics failures should not break flow
+            logger.debug("AgentOrchestrator tool analytics failed: %s", exc)
+
+    def _analytics_log_agent_query(self, **kwargs: Any) -> None:
+        analytics = self._get_analytics()
+        if not analytics:
+            return
+        try:
+            analytics.log_agent_query(**kwargs)
+        except Exception as exc:  # pragma: no cover
+            logger.debug("AgentOrchestrator agent query analytics failed: %s", exc)
+
+    def _analytics_log_rag_search(self, **kwargs: Any) -> None:
+        analytics = self._get_analytics()
+        if not analytics:
+            return
+        try:
+            analytics.log_rag_search(**kwargs)
+        except Exception as exc:  # pragma: no cover
+            logger.debug("AgentOrchestrator RAG analytics failed: %s", exc)
+
+    def _analytics_log_redflag_violation(self, **kwargs: Any) -> None:
+        analytics = self._get_analytics()
+        if not analytics:
+            return
+        try:
+            analytics.log_redflag_violation(**kwargs)
+        except Exception as exc:  # pragma: no cover
+            logger.debug("AgentOrchestrator redflag analytics failed: %s", exc)
 
     async def handle(self, req: AgentRequest) -> AgentResponse:
         start_time = time.time()
@@ -73,7 +149,7 @@ class AgentOrchestrator:
         if matches:
             # Log all rule matches
             for match in matches:
-                self.analytics.log_redflag_violation(
+                self._analytics_log_redflag_violation(
                     tenant_id=req.tenant_id,
                     rule_id=match.rule_id,
                     rule_pattern=match.pattern,
@@ -126,7 +202,7 @@ class AgentOrchestrator:
                 })
                 
                 total_latency_ms = int((time.time() - start_time) * 1000)
-                self.analytics.log_agent_query(
+                self._analytics_log_agent_query(
                     tenant_id=req.tenant_id,
                     message_preview=req.message[:200],
                     intent="greeting",
@@ -202,7 +278,7 @@ Response:"""
             
             # Log LLM usage for red flag response
             estimated_tokens = len(llm_response) // 4 + len(llm_prompt) // 4
-            self.analytics.log_tool_usage(
+            self._analytics_log_tool_usage(
                 tenant_id=req.tenant_id,
                 tool_name="llm",
                 latency_ms=total_latency_ms,
@@ -211,7 +287,7 @@ Response:"""
                 user_id=req.user_id
             )
             
-            self.analytics.log_agent_query(
+            self._analytics_log_agent_query(
                 tenant_id=req.tenant_id,
                 message_preview=req.message[:200],
                 intent="admin",
@@ -261,7 +337,7 @@ Response:"""
                     if scores:
                         avg_score = sum(scores) / len(scores)
                         top_score = max(scores)
-                self.analytics.log_rag_search(
+                self._analytics_log_rag_search(
                     tenant_id=req.tenant_id,
                     query=req.message[:500],
                     hits_count=hits_count,
@@ -270,7 +346,7 @@ Response:"""
                     latency_ms=rag_latency_ms
                 )
                 # Log tool usage
-                self.analytics.log_tool_usage(
+                self._analytics_log_tool_usage(
                     tenant_id=req.tenant_id,
                     tool_name="rag",
                     latency_ms=rag_latency_ms,
@@ -286,7 +362,7 @@ Response:"""
         except Exception as pref_err:
             # If RAG fails, continue without it
             rag_latency_ms = 0  # 0 for failed
-            self.analytics.log_tool_usage(
+            self._analytics_log_tool_usage(
                 tenant_id=req.tenant_id,
                 tool_name="rag",
                 latency_ms=rag_latency_ms,
@@ -385,7 +461,7 @@ Response:"""
                     estimated_tokens = len(llm_out) // 4 + len(prompt) // 4
                     total_tokens += estimated_tokens
                     
-                    self.analytics.log_tool_usage(
+                    self._analytics_log_tool_usage(
                         tenant_id=req.tenant_id,
                         tool_name="llm",
                         latency_ms=llm_latency_ms,
@@ -402,7 +478,7 @@ Response:"""
                     })
                     
                     total_latency_ms = int((time.time() - start_time) * 1000)
-                    self.analytics.log_agent_query(
+                    self._analytics_log_agent_query(
                         tenant_id=req.tenant_id,
                         message_preview=req.message[:200],
                         intent=intent,
@@ -445,7 +521,7 @@ Response:"""
                     estimated_tokens = len(llm_out) // 4 + len(prompt) // 4
                     total_tokens += estimated_tokens
                     
-                    self.analytics.log_tool_usage(
+                    self._analytics_log_tool_usage(
                         tenant_id=req.tenant_id,
                         tool_name="llm",
                         latency_ms=llm_latency_ms,
@@ -462,7 +538,7 @@ Response:"""
                     })
                     
                     total_latency_ms = int((time.time() - start_time) * 1000)
-                    self.analytics.log_agent_query(
+                    self._analytics_log_agent_query(
                         tenant_id=req.tenant_id,
                         message_preview=req.message[:200],
                         intent=intent,
@@ -481,7 +557,7 @@ Response:"""
                     admin_latency_ms = int((time.time() - admin_start) * 1000)
                     tools_used.append("admin")
                     
-                    self.analytics.log_tool_usage(
+                    self._analytics_log_tool_usage(
                         tenant_id=req.tenant_id,
                         tool_name="admin",
                         latency_ms=admin_latency_ms,
@@ -498,7 +574,7 @@ Response:"""
                     })
                     
                     total_latency_ms = int((time.time() - start_time) * 1000)
-                    self.analytics.log_agent_query(
+                    self._analytics_log_agent_query(
                         tenant_id=req.tenant_id,
                         message_preview=req.message[:200],
                         intent=intent,
@@ -520,7 +596,7 @@ Response:"""
                     estimated_tokens = len(llm_out) // 4 + len(req.message) // 4
                     total_tokens += estimated_tokens
                     
-                    self.analytics.log_tool_usage(
+                    self._analytics_log_tool_usage(
                         tenant_id=req.tenant_id,
                         tool_name="llm",
                         latency_ms=llm_latency_ms,
@@ -537,7 +613,7 @@ Response:"""
                     })
                     
                     total_latency_ms = int((time.time() - start_time) * 1000)
-                    self.analytics.log_agent_query(
+                    self._analytics_log_agent_query(
                         tenant_id=req.tenant_id,
                         message_preview=req.message[:200],
                         intent=intent,
@@ -586,7 +662,7 @@ Response:"""
             tools_used = ["llm"]
             estimated_tokens = len(llm_out) // 4 + len(req.message) // 4
             
-            self.analytics.log_tool_usage(
+            self._analytics_log_tool_usage(
                 tenant_id=req.tenant_id,
                 tool_name="llm",
                 latency_ms=llm_latency_ms,
@@ -610,7 +686,7 @@ Response:"""
             else:
                 llm_out = f"I apologize, but I'm unable to process your request right now. The AI service is unavailable: {error_msg}"
             
-            self.analytics.log_tool_usage(
+            self._analytics_log_tool_usage(
                 tenant_id=req.tenant_id,
                 tool_name="llm",
                 success=False,
@@ -624,7 +700,7 @@ Response:"""
             })
         
         total_latency_ms = int((time.time() - start_time) * 1000)
-        self.analytics.log_agent_query(
+        self._analytics_log_agent_query(
             tenant_id=req.tenant_id,
             message_preview=req.message[:200],
             intent=intent,
@@ -741,7 +817,7 @@ Response:"""
                             "error": str(rag_result),
                             "latency_ms": parallel_latency_ms
                         })
-                        self.analytics.log_tool_usage(
+                        self._analytics_log_tool_usage(
                             tenant_id=req.tenant_id,
                             tool_name="rag",
                             latency_ms=parallel_latency_ms,
@@ -761,7 +837,7 @@ Response:"""
                             if scores:
                                 avg_score = sum(scores) / len(scores)
                                 top_score = max(scores)
-                        self.analytics.log_rag_search(
+                        self._analytics_log_rag_search(
                             tenant_id=req.tenant_id,
                             query=req.message[:500],
                             hits_count=hits_count,
@@ -769,7 +845,7 @@ Response:"""
                             top_score=top_score,
                             latency_ms=parallel_latency_ms
                         )
-                        self.analytics.log_tool_usage(
+                        self._analytics_log_tool_usage(
                             tenant_id=req.tenant_id,
                             tool_name="rag",
                             latency_ms=parallel_latency_ms,
@@ -797,7 +873,7 @@ Response:"""
                             "error": str(web_result),
                             "latency_ms": parallel_latency_ms
                         })
-                        self.analytics.log_tool_usage(
+                        self._analytics_log_tool_usage(
                             tenant_id=req.tenant_id,
                             tool_name="web",
                             latency_ms=parallel_latency_ms,
@@ -810,7 +886,7 @@ Response:"""
                         tools_used.append("web")
                         tool_traces.append({"tool": "web", "response": web_result, "note": "parallel"})
                         hits_count = len(self._extract_hits(web_result))
-                        self.analytics.log_tool_usage(
+                        self._analytics_log_tool_usage(
                             tenant_id=req.tenant_id,
                             tool_name="web",
                             latency_ms=parallel_latency_ms,
@@ -978,7 +1054,7 @@ Response:"""
             estimated_tokens = len(llm_out) // 4 + len(prompt) // 4
             total_tokens += estimated_tokens
             
-            self.analytics.log_tool_usage(
+            self._analytics_log_tool_usage(
                 tenant_id=req.tenant_id,
                 tool_name="llm",
                 latency_ms=llm_latency_ms,
@@ -988,7 +1064,7 @@ Response:"""
             )
             
             total_latency_ms = int((time.time() - start_time) * 1000)
-            self.analytics.log_agent_query(
+            self._analytics_log_agent_query(
                 tenant_id=req.tenant_id,
                 message_preview=req.message[:200],
                 intent="multi_step",
@@ -1103,7 +1179,7 @@ Response:"""
                             "status": "recovered"
                         })
                     if tenant_id:
-                        self.analytics.log_tool_usage(
+                        self._analytics_log_tool_usage(
                             tenant_id=tenant_id,
                             tool_name=f"{tool_name}_retry_{attempt+1}",
                             latency_ms=0,
@@ -1123,7 +1199,7 @@ Response:"""
                 
                 # Log failed attempt
                 if tenant_id:
-                    self.analytics.log_tool_usage(
+                    self._analytics_log_tool_usage(
                         tenant_id=tenant_id,
                         tool_name=tool_name,
                         latency_ms=0,
@@ -1212,7 +1288,7 @@ Response:"""
                     avg_score = sum(scores) / len(scores)
             
             # Log retry
-            self.analytics.log_tool_usage(
+            self._analytics_log_tool_usage(
                 tenant_id=tenant_id,
                 tool_name="rag_retry_low_threshold",
                 latency_ms=retry_latency_ms,
@@ -1244,7 +1320,7 @@ Response:"""
                     avg_score = sum(scores) / len(scores)
             
             # Log retry
-            self.analytics.log_tool_usage(
+            self._analytics_log_tool_usage(
                 tenant_id=tenant_id,
                 tool_name="rag_retry_expanded_query",
                 latency_ms=retry_latency_ms,
@@ -1262,7 +1338,7 @@ Response:"""
         
         # Log final RAG search
         if hits:
-            self.analytics.log_rag_search(
+            self._analytics_log_rag_search(
                 tenant_id=tenant_id,
                 query=query[:500],
                 hits_count=len(hits),
@@ -1326,7 +1402,7 @@ Response:"""
                 hits = self._extract_hits(result)
                 
                 # Log retry
-                self.analytics.log_tool_usage(
+                self._analytics_log_tool_usage(
                     tenant_id=tenant_id,
                     tool_name=f"web_retry_rewrite_{i+1}",
                     latency_ms=retry_latency_ms,
@@ -1344,7 +1420,7 @@ Response:"""
                     break
         
         # Log final web search
-        self.analytics.log_tool_usage(
+        self._analytics_log_tool_usage(
             tenant_id=tenant_id,
             tool_name="web",
             latency_ms=web_latency_ms,

backend/mcp_server/common/logging.py

@@ -3,6 +3,9 @@ from __future__ import annotations
 import logging
 import os
 from typing import Any, Dict, Optional
+from dotenv import load_dotenv
+
+load_dotenv()
 
 logger = logging.getLogger("integrachat.mcp")
 if not logger.handlers:
@@ -20,9 +23,43 @@ try:
     from backend.api.storage.analytics_store import AnalyticsStore
 except Exception:  # pragma: no cover - analytics storage is optional during tests
     AnalyticsStore = None  # type: ignore
-    _analytics_store = None
-else:
-    _analytics_store = AnalyticsStore()
+
+_analytics_store: Optional["AnalyticsStore"] = None
+_analytics_failed = False
+_analytics_disabled = os.getenv("ANALYTICS_DISABLED", "").lower() in {"1", "true", "yes"}
+
+
+def _get_analytics_store() -> Optional["AnalyticsStore"]:
+    """
+    Lazily create the analytics store so missing Supabase credentials or package
+    do not prevent the MCP server from starting. When initialization fails we
+    keep analytics disabled for the remainder of the process.
+    """
+
+    global _analytics_store, _analytics_failed
+
+    if _analytics_disabled or _analytics_failed:
+        return None
+
+    if _analytics_store is not None:
+        return _analytics_store
+
+    if AnalyticsStore is None:
+        _analytics_failed = True
+        return None
+
+    try:
+        _analytics_store = AnalyticsStore()
+    except RuntimeError as exc:
+        logger.warning("Analytics disabled: %s", exc)
+        _analytics_failed = True
+        _analytics_store = None
+    except Exception as exc:  # pragma: no cover - unexpected failures
+        logger.debug("Unexpected analytics init failure: %s", exc)
+        _analytics_failed = True
+        _analytics_store = None
+
+    return _analytics_store
 
 
 def log_tool_usage(
@@ -51,9 +88,10 @@ def log_tool_usage(
     else:
         logger.warning("tool_failed %s", log_data)
 
-    if _analytics_store and tenant_id:
+    store = _get_analytics_store()
+    if store and tenant_id:
         try:
-            _analytics_store.log_tool_usage(
+            store.log_tool_usage(
                 tenant_id=tenant_id,
                 tool_name=tool_name,
                 latency_ms=latency_ms,
@@ -74,9 +112,10 @@ def log_rag_search_metrics(
     top_score: Optional[float],
     latency_ms: Optional[int] = None,
 ):
-    if _analytics_store:
+    store = _get_analytics_store()
+    if store:
         try:
-            _analytics_store.log_rag_search(
+            store.log_rag_search(
                 tenant_id=tenant_id,
                 query=query,
                 hits_count=hits_count,
@@ -99,9 +138,10 @@ def log_redflag_violation(
     message_preview: Optional[str] = None,
     user_id: Optional[str] = None,
 ):
-    if _analytics_store:
+    store = _get_analytics_store()
+    if store:
         try:
-            _analytics_store.log_redflag_violation(
+            store.log_redflag_violation(
                 tenant_id=tenant_id,
                 rule_id=rule_id,
                 rule_pattern=rule_pattern,

backend/mcp_server/web/search.py

@@ -2,16 +2,22 @@ from __future__ import annotations
 
 from typing import Mapping
 
-from duckduckgo_search import DDGS
+from dotenv import load_dotenv
 
+from backend.api.mcp_clients.web_client import WebClient
 from backend.mcp_server.common.tenant import TenantContext
-from backend.mcp_server.common.utils import ToolExecutionError, ToolValidationError, tool_handler
+from backend.mcp_server.common.utils import ToolValidationError, tool_handler
+
+
+load_dotenv()
+
+_web_client = WebClient()
 
 
 @tool_handler("web.search")
 async def web_search(context: TenantContext, payload: Mapping[str, object]) -> dict[str, object]:
     """
-    Perform a DuckDuckGo web search with an English-results bias.
+    Perform a Google Custom Search query with basic max-results and region controls.
     """
 
     query = payload.get("query")
@@ -24,33 +30,30 @@ async def web_search(context: TenantContext, payload: Mapping[str, object]) -> d
     except (TypeError, ValueError):
         raise ToolValidationError("max_results must be an integer between 1 and 10")
 
-    region = str(payload.get("region", "us-en"))
+    region = str(payload.get("region", "us"))
 
-    try:
-        ddg = DDGS()
-        query_string = query
-        if "lang:en" not in query_string.lower():
-            query_string = f"{query_string} lang:en"
-
-        try:
-            results = ddg.text(query_string, max_results=max_results_value, region=region)
-        except TypeError:
-            results = ddg.text(query_string, max_results=max_results_value)
+    metadata = {
+        "max_results": max_results_value,
+        "region": region,
+        "source": "google",
+    }
 
-        formatted = [
+    try:
+        results = await _web_client.search(query, max_results=max_results_value, region=region)
+    except RuntimeError as exc:
+        metadata["error"] = str(exc)
+        return {"query": query, "results": [], "metadata": metadata}
+
+    return {
+        "query": query,
+        "results": [
             {
                 "title": item.get("title"),
-                "snippet": item.get("body"),
-                "url": item.get("href"),
+                "snippet": item.get("snippet"),
+                "url": item.get("link"),
             }
             for item in results
-        ]
-
-        return {
-            "query": query,
-            "results": formatted,
-            "metadata": {"max_results": max_results_value, "region": region},
-        }
-    except Exception as exc:
-        raise ToolExecutionError(f"web search failed: {exc}") from exc
+        ],
+        "metadata": metadata,
+    }
 

backend/tests/README_RETRY_TESTS.md

@@ -260,3 +260,5 @@ pytest backend/tests/ -v -k retry
 
 For more information, see `TESTING_GUIDE.md` in the project root.
 
+
+

setup_env.py

@@ -1,127 +0,0 @@
-#!/usr/bin/env python3
-"""
-Helper script to create or update .env file with Supabase credentials.
-"""
-
-import os
-from pathlib import Path
-
-def main():
-    print("=" * 70)
-    print("Supabase .env Setup Helper")
-    print("=" * 70)
-    print()
-    
-    env_file = Path(".env")
-    env_example = Path("env.example")
-    
-    # Check if .env already exists
-    if env_file.exists():
-        print("⚠️  .env file already exists!")
-        response = input("   Do you want to update it? (y/n): ").strip().lower()
-        if response != 'y':
-            print("   Skipping. Edit .env manually if needed.")
-            return
-        print()
-    
-    # Read existing .env if it exists
-    existing_vars = {}
-    if env_file.exists():
-        with open(env_file, 'r') as f:
-            for line in f:
-                line = line.strip()
-                if line and not line.startswith('#') and '=' in line:
-                    key, value = line.split('=', 1)
-                    existing_vars[key.strip()] = value.strip()
-    
-    print("Enter your Supabase credentials:")
-    print("(You can find these at: https://app.supabase.com → Your Project → Settings → API)")
-    print()
-    
-    # Get Supabase URL
-    current_url = existing_vars.get('SUPABASE_URL', '')
-    if current_url:
-        print(f"Current SUPABASE_URL: {current_url[:50]}...")
-        response = input("Keep current? (y/n): ").strip().lower()
-        if response == 'y':
-            supabase_url = current_url
-        else:
-            supabase_url = input("Enter SUPABASE_URL (https://xxxxx.supabase.co): ").strip()
-    else:
-        supabase_url = input("Enter SUPABASE_URL (https://xxxxx.supabase.co): ").strip()
-    
-    # Get Supabase Service Key
-    current_key = existing_vars.get('SUPABASE_SERVICE_KEY', '')
-    if current_key:
-        print(f"Current SUPABASE_SERVICE_KEY: {current_key[:20]}...")
-        response = input("Keep current? (y/n): ").strip().lower()
-        if response == 'y':
-            supabase_key = current_key
-        else:
-            supabase_key = input("Enter SUPABASE_SERVICE_KEY (service_role key): ").strip()
-    else:
-        supabase_key = input("Enter SUPABASE_SERVICE_KEY (service_role key): ").strip()
-    
-    # Validate
-    if not supabase_url.startswith('https://'):
-        print("⚠️  Warning: SUPABASE_URL should start with https://")
-    if not supabase_key.startswith('eyJ'):
-        print("⚠️  Warning: SUPABASE_SERVICE_KEY should start with 'eyJ' (JWT token)")
-    
-    print()
-    print("📝 Creating/updating .env file...")
-    
-    # Read env.example as template
-    lines = []
-    if env_example.exists():
-        with open(env_example, 'r') as f:
-            lines = f.readlines()
-    else:
-        # Create basic template
-        lines = [
-            "# IntegraChat Environment Variables\n",
-            "# Supabase Configuration\n",
-            "SUPABASE_URL=\n",
-            "SUPABASE_SERVICE_KEY=\n",
-        ]
-    
-    # Update or add Supabase variables
-    updated_lines = []
-    url_found = False
-    key_found = False
-    
-    for line in lines:
-        if line.startswith('SUPABASE_URL='):
-            updated_lines.append(f'SUPABASE_URL={supabase_url}\n')
-            url_found = True
-        elif line.startswith('SUPABASE_SERVICE_KEY='):
-            updated_lines.append(f'SUPABASE_SERVICE_KEY={supabase_key}\n')
-            key_found = True
-        else:
-            updated_lines.append(line)
-    
-    # Add if not found
-    if not url_found:
-        updated_lines.append(f'SUPABASE_URL={supabase_url}\n')
-    if not key_found:
-        updated_lines.append(f'SUPABASE_SERVICE_KEY={supabase_key}\n')
-    
-    # Write .env file
-    with open(env_file, 'w') as f:
-        f.writelines(updated_lines)
-    
-    print(f"✅ .env file created/updated at: {env_file.absolute()}")
-    print()
-    print("Next steps:")
-    print("1. Make sure your Supabase project is active (not paused)")
-    print("2. Create the tables in Supabase:")
-    print("   - Run supabase_admin_rules_table.sql in SQL Editor")
-    print("   - Run supabase_analytics_tables.sql in SQL Editor")
-    print("3. Test the connection:")
-    print("   python check_supabase_rules.py")
-    print("4. Run the migration:")
-    print("   python migrate_sqlite_to_supabase.py")
-
-if __name__ == "__main__":
-    main()
-

setup_supabase_table.py

@@ -1,121 +0,0 @@
-"""
-Automated Supabase Table Setup
-Creates the admin_rules table in Supabase using the Management API.
-"""
-
-import os
-import sys
-from pathlib import Path
-from dotenv import load_dotenv
-
-# Load environment variables
-load_dotenv()
-
-SUPABASE_URL = os.getenv("SUPABASE_URL")
-SUPABASE_SERVICE_KEY = os.getenv("SUPABASE_SERVICE_KEY")
-
-if not SUPABASE_URL or not SUPABASE_SERVICE_KEY:
-    print("❌ Missing Supabase credentials!")
-    print("   Please set SUPABASE_URL and SUPABASE_SERVICE_KEY in your .env file")
-    sys.exit(1)
-
-def create_table_via_supabase():
-    """
-    Create table using Supabase client and direct table operations.
-    Since Supabase doesn't allow direct SQL execution via REST API,
-    we'll create the table structure using the Supabase client.
-    """
-    try:
-        from supabase import create_client
-        
-        print("🔗 Connecting to Supabase...")
-        client = create_client(SUPABASE_URL, SUPABASE_SERVICE_KEY)
-        
-        # Read SQL file
-        sql_file = Path(__file__).parent / "supabase_admin_rules_table.sql"
-        if not sql_file.exists():
-            print(f"❌ SQL file not found: {sql_file}")
-            return False
-        
-        with open(sql_file, "r", encoding="utf-8") as f:
-            sql_content = f.read()
-        
-        print("📝 SQL Script loaded from supabase_admin_rules_table.sql")
-        print("\n" + "=" * 60)
-        print("⚠️  IMPORTANT: Supabase Python client cannot execute raw SQL")
-        print("=" * 60)
-        print("\nYou need to run the SQL manually in Supabase Dashboard:")
-        print("\n📋 Steps:")
-        print("   1. Open: https://app.supabase.com")
-        print("   2. Select your project")
-        print("   3. Go to: SQL Editor (left sidebar)")
-        print("   4. Click: 'New query'")
-        print("   5. Copy the SQL below and paste it:")
-        print("\n" + "-" * 60)
-        print(sql_content)
-        print("-" * 60)
-        print("\n   6. Click 'Run' button (or press Ctrl+Enter)")
-        print("   7. Wait for success message")
-        print("\n✅ After running, the table will be created!")
-        
-        # Try to verify table exists (after user runs SQL)
-        print("\n🔍 Checking if table exists...")
-        try:
-            result = client.table("admin_rules").select("id").limit(1).execute()
-            print("✅ Table 'admin_rules' exists and is accessible!")
-            return True
-        except Exception as e:
-            if "relation" in str(e).lower() or "does not exist" in str(e).lower():
-                print("⚠️  Table does not exist yet.")
-                print("   Please run the SQL script in Supabase SQL Editor first.")
-                return False
-            else:
-                # Table might be empty, which is fine
-                print("✅ Table exists (might be empty)")
-                return True
-                
-    except ImportError:
-        print("❌ Supabase client not installed")
-        print("   Run: pip install supabase")
-        return False
-    except Exception as e:
-        print(f"❌ Error: {e}")
-        return False
-
-
-def create_table_via_http():
-    """
-    Alternative: Try to create table via HTTP POST to Supabase REST API.
-    This method uses the PostgREST API to create tables.
-    Note: This typically requires admin privileges and may not work.
-    """
-    import httpx
-    
-    # This approach won't work because Supabase doesn't allow DDL via REST API
-    # But we can try to use the pg_net extension if available
-    print("⚠️  Direct HTTP table creation is not supported by Supabase REST API")
-    print("   Supabase requires SQL execution via the SQL Editor for security reasons")
-    return False
-
-
-if __name__ == "__main__":
-    print("=" * 60)
-    print("Supabase Admin Rules Table Setup")
-    print("=" * 60)
-    print()
-    
-    # Method 1: Try via Supabase client (will show instructions)
-    success = create_table_via_supabase()
-    
-    if not success:
-        print("\n" + "=" * 60)
-        print("📝 Manual Setup Required")
-        print("=" * 60)
-        print("\nSince Supabase doesn't allow programmatic SQL execution")
-        print("for security reasons, you need to run the SQL manually.")
-        print("\nThe SQL script is ready in: supabase_admin_rules_table.sql")
-        print("\nAfter running the SQL in Supabase Dashboard:")
-        print("  - The table will be created")
-        print("  - RulesStore will automatically use Supabase")
-        print("  - All rules will be saved to Supabase instead of SQLite")
-

test_all.py

@@ -1,233 +0,0 @@
-"""
-Single-file test suite for IntegraChat backend (unit + integration + simulation).
-This version aligns with the current backend API surface.
-"""
-
-from __future__ import annotations
-
-import os
-import sys
-from pathlib import Path
-from typing import List, Dict
-
-import pytest
-from fastapi.testclient import TestClient
-
-
-# ---------------------------------------------------------------------------
-# Ensure backend package is importable
-# ---------------------------------------------------------------------------
-PROJECT_ROOT = Path(__file__).resolve().parent
-if str(PROJECT_ROOT) not in sys.path:
-    sys.path.insert(0, str(PROJECT_ROOT))
-backend_path = PROJECT_ROOT / "backend"
-if str(backend_path) not in sys.path:
-    sys.path.insert(0, str(backend_path))
-
-
-# ---------------------------------------------------------------------------
-# Shared fixtures
-# ---------------------------------------------------------------------------
-
-@pytest.fixture(autouse=True, scope="session")
-def set_test_env():
-    os.environ.setdefault("RAG_MCP_URL", "http://mock-rag")
-    os.environ.setdefault("WEB_MCP_URL", "http://mock-web")
-    os.environ.setdefault("ADMIN_MCP_URL", "http://mock-admin")
-    os.environ.setdefault("OLLAMA_URL", "http://localhost:11434")
-    os.environ.setdefault("OLLAMA_MODEL", "llama3")
-    os.environ.setdefault("LLM_BACKEND", "ollama")
-
-
-@pytest.fixture
-def mock_backend_dependencies(monkeypatch):
-    print(">> applying backend dependency patches for tests")
-    """Patch MCP client calls and red-flag detector for deterministic tests."""
-    from backend.api.models.redflag import RedFlagMatch
-    from backend.api.services.tool_scoring import ToolScoringService
-    import types
-
-    async def fake_call_rag(self, tenant_id: str, query: str) -> Dict:
-        return {
-            "results": [
-                {"text": "HR policy includes onboarding, leave rules.", "relevance": 0.92},
-                {"text": "General company announcement", "relevance": 0.42}
-            ],
-            "metadata": {"total_retrieved": 2, "returned": 2, "threshold": 0.55}
-        }
-
-    async def fake_call_web(self, tenant_id: str, query: str) -> Dict:
-        return {
-            "results": [
-                {"title": "Latest inflation update", "snippet": "Inflation is 3.2%", "url": "https://example.com"},
-                {"title": "Global news", "snippet": "Market highlights", "url": "https://news.example.com"}
-            ]
-        }
-
-    async def fake_call_admin(self, tenant_id: str, query: str) -> Dict:
-        return {"status": "ok", "tenant_id": tenant_id, "query": query}
-
-    monkeypatch.setattr("backend.api.mcp_clients.mcp_client.MCPClient.call_rag", fake_call_rag)
-    monkeypatch.setattr("backend.api.mcp_clients.mcp_client.MCPClient.call_web", fake_call_web)
-    monkeypatch.setattr("backend.api.mcp_clients.mcp_client.MCPClient.call_admin", fake_call_admin)
-
-    async def fake_redflag_check(self, tenant_id: str, text: str) -> List[RedFlagMatch]:
-        if "delete" in text.lower():
-            return [
-                RedFlagMatch(
-                    rule_id="1",
-                    pattern="delete",
-                    severity="high",
-                    description="Deletion request",
-                    matched_text="delete",
-                    confidence=0.9,
-                    explanation="Matched on keyword 'delete'"
-                )
-            ]
-        return []
-
-    async def fake_notify(self, tenant_id, violations, source_payload=None):
-        return None
-
-    monkeypatch.setattr("backend.api.services.redflag_detector.RedFlagDetector.check", fake_redflag_check)
-    monkeypatch.setattr("backend.api.services.redflag_detector.RedFlagDetector.notify_admin", fake_notify)
-
-    def fake_score(self, message: str, intent: str, rag_results: List[Dict]) -> Dict[str, float]:
-        return {"rag_fitness": 0.82, "web_fitness": 0.78, "llm_only": 0.25}
-
-    monkeypatch.setattr(ToolScoringService, "score", fake_score)
-
-    # Ensure already-instantiated orchestrator uses the same patches
-    from backend.api.routes import agent as agent_routes
-
-    agent_routes.orchestrator.mcp.call_rag = types.MethodType(fake_call_rag, agent_routes.orchestrator.mcp)
-    agent_routes.orchestrator.mcp.call_web = types.MethodType(fake_call_web, agent_routes.orchestrator.mcp)
-    agent_routes.orchestrator.mcp.call_admin = types.MethodType(fake_call_admin, agent_routes.orchestrator.mcp)
-    agent_routes.orchestrator.redflag.check = types.MethodType(fake_redflag_check, agent_routes.orchestrator.redflag)
-    agent_routes.orchestrator.redflag.notify_admin = types.MethodType(fake_notify, agent_routes.orchestrator.redflag)
-
-
-@pytest.fixture
-def api_client(mock_backend_dependencies):
-    from backend.api.main import app
-    return TestClient(app)
-
-
-# ---------------------------------------------------------------------------
-# Unit tests
-# ---------------------------------------------------------------------------
-
-@pytest.mark.asyncio
-async def test_redflag_detector():
-    import time
-    from backend.api.services.redflag_detector import RedFlagDetector
-    from backend.api.models.redflag import RedFlagRule
-    from backend.api.services.semantic_encoder import embed_text
-
-    detector = RedFlagDetector(supabase_url="http://fake", supabase_key="fake")
-    rule = RedFlagRule(
-        id="rule-salary",
-        pattern="salary",
-        description="Salary access",
-        severity="high",
-        source="test",
-        enabled=True,
-        keywords=["salary"]
-    )
-    detector._rules_cache["tenant-x"] = {"fetched_at": int(time.time()), "rules": [rule]}
-    detector._rule_embeddings["tenant-x"] = {rule.id: embed_text("salary access")}
-
-    matches = await detector.check("tenant-x", "Show me employee salary details")
-
-    assert matches
-    assert matches[0].matched_text.lower() == "salary"
-    assert matches[0].confidence is not None
-
-
-def test_tool_scoring():
-    from backend.api.services.tool_scoring import ToolScoringService
-
-    scorer = ToolScoringService()
-    scores = scorer.score("What is inflation today?", intent="web", rag_results=[])
-
-    assert set(scores.keys()) == {"rag_fitness", "web_fitness", "llm_only"}
-    assert scores["web_fitness"] > scores["rag_fitness"]
-
-
-@pytest.mark.asyncio
-async def test_tool_selector():
-    from backend.api.services.tool_selector import ToolSelector
-
-    selector = ToolSelector()
-    decision = await selector.select(
-        intent="rag",
-        text="Tell me HR policy and compare with external news",
-        ctx={"rag_results": [{"text": "Policy"}], "tool_scores": {"rag_fitness": 0.9, "web_fitness": 0.8}}
-    )
-
-    steps = decision.tool_input["steps"]
-    assert steps[0]["tool"] == "rag"
-    assert any(step["tool"] == "web" for step in steps)
-    assert steps[-1]["tool"] == "llm"
-
-
-def test_reasoning_trace_via_response(api_client):
-    payload = {"tenant_id": "tenant1", "message": "Summarize our HR policies"}
-    res = api_client.post("/agent/message", json=payload)
-    data = res.json()
-
-    assert data["reasoning_trace"]
-    step_names = [entry["step"] for entry in data["reasoning_trace"]]
-    assert "intent_detection" in step_names
-
-
-# ---------------------------------------------------------------------------
-# Integration tests
-# ---------------------------------------------------------------------------
-
-def test_full_agent_pipeline(api_client):
-    payload = {"tenant_id": "tenant123", "message": "What are our HR policies and latest updates?"}
-    response = api_client.post("/agent/message", json=payload)
-    data = response.json()
-
-    assert data["text"]
-    assert len(data["reasoning_trace"]) >= 3
-
-    rag_steps = [step for step in data["reasoning_trace"] if step.get("tool") == "rag"]
-    assert rag_steps, "expected rag tool execution in reasoning trace"
-
-
-def test_parallel_execution_detected(api_client):
-    payload = {"tenant_id": "t1", "message": "Summarize HR policies and latest news updates"}
-    response = api_client.post("/agent/message", json=payload)
-    data = response.json()
-
-    tools_used = {trace.get("tool") for trace in data["tool_traces"] if trace.get("tool")}
-    assert "rag" in tools_used and "web" in tools_used
-
-
-# ---------------------------------------------------------------------------
-# Simulation tests
-# ---------------------------------------------------------------------------
-
-SIM_QUERIES = [
-    "What is the inflation rate today?",
-    "Summarize our HR policies",
-    "Delete all records",
-    "Explain our refund policy",
-    "How many employees are in the company?"
-]
-
-
-@pytest.mark.parametrize("message", SIM_QUERIES)
-def test_agent_simulation(api_client, message):
-    res = api_client.post("/agent/message", json={"tenant_id": "demo", "message": message})
-    data = res.json()
-
-    assert data["text"]
-    assert data["reasoning_trace"]
-
-    if "delete" in message.lower():
-        assert data["decision"]["action"] in {"block", "multi_step"}
-        reason = (data["decision"]["reason"] or "").lower()
-        assert "admin" in reason or "redflag" in reason

test_key.py

@@ -1,45 +0,0 @@
-import os
-from dotenv import load_dotenv
-
-load_dotenv()
-
-key = os.getenv("SUPABASE_SERVICE_KEY")
-url = os.getenv("SUPABASE_URL")
-
-print("Checking Supabase Configuration:")
-print("=" * 50)
-
-if key:
-    print(f"SUPABASE_SERVICE_KEY:")
-    print(f"  Length: {len(key)} characters")
-    print(f"  Starts with 'eyJ': {key.startswith('eyJ')}")
-    print(f"  First 30 chars: {key[:30]}...")
-    print(f"  Last 30 chars: ...{key[-30:]}")
-    
-    if len(key) >= 200:
-        print(f"  [OK] Key length is correct")
-    else:
-        print(f"  [WARNING] Key might be too short (expected 200+)")
-    
-    if key.startswith("eyJ"):
-        print(f"  [OK] Key format looks correct (JWT)")
-    else:
-        print(f"  [WARNING] Key doesn't start with 'eyJ'")
-else:
-    print("SUPABASE_SERVICE_KEY: NOT SET")
-
-print()
-
-if url:
-    print(f"SUPABASE_URL:")
-    print(f"  Value: {url}")
-    if url.startswith("https://") and ".supabase.co" in url:
-        print(f"  [OK] URL format looks correct")
-    else:
-        print(f"  [WARNING] URL format might be incorrect")
-else:
-    print("SUPABASE_URL: NOT SET")
-
-print()
-print("=" * 50)
-

test_manual.py

@@ -1,306 +0,0 @@
-"""
-Manual testing script for IntegraChat improvements
-
-Run this script to test all new features:
-- Analytics logging
-- Enhanced admin rules with regex/severity
-- API endpoints
-- Agent debug/plan endpoints
-
-Usage:
-    python test_manual.py
-"""
-
-import requests
-import json
-import time
-from pathlib import Path
-import sys
-
-# Add backend to path
-backend_dir = Path(__file__).parent / "backend"
-sys.path.insert(0, str(backend_dir))
-
-# Also add root for backend.api imports
-root_dir = Path(__file__).parent
-sys.path.insert(0, str(root_dir))
-
-BASE_URL = "http://localhost:8000"
-TENANT_ID = "test_tenant_manual"
-
-def print_section(title):
-    print("\n" + "=" * 60)
-    print(f"  {title}")
-    print("=" * 60)
-
-
-def test_analytics_store():
-    """Test AnalyticsStore directly."""
-    print_section("Testing AnalyticsStore")
-    
-    try:
-        from api.storage.analytics_store import AnalyticsStore
-        
-        store = AnalyticsStore()
-        
-        # Log various events
-        print("Logging tool usage...")
-        store.log_tool_usage(TENANT_ID, "rag", latency_ms=150, tokens_used=500, success=True)
-        store.log_tool_usage(TENANT_ID, "web", latency_ms=80, success=True)
-        store.log_tool_usage(TENANT_ID, "llm", latency_ms=200, tokens_used=1000, success=True)
-        
-        print("Logging red-flag violation...")
-        store.log_redflag_violation(
-            TENANT_ID,
-            "rule1",
-            ".*password.*",
-            "high",
-            "password123",
-            confidence=0.95,
-            message_preview="User asked about password"
-        )
-        
-        print("Logging RAG search...")
-        store.log_rag_search(
-            TENANT_ID,
-            "What is the company policy?",
-            hits_count=5,
-            avg_score=0.85,
-            top_score=0.92,
-            latency_ms=120
-        )
-        
-        print("Logging agent query...")
-        store.log_agent_query(
-            TENANT_ID,
-            "What is the company policy?",
-            intent="rag",
-            tools_used=["rag", "llm"],
-            total_tokens=1000,
-            total_latency_ms=250,
-            success=True
-        )
-        
-        # Get stats
-        print("\n📊 Tool Usage Stats:")
-        print(json.dumps(store.get_tool_usage_stats(TENANT_ID), indent=2))
-        
-        print("\n🚨 Red-Flag Violations:")
-        violations = store.get_redflag_violations(TENANT_ID)
-        print(json.dumps(violations, indent=2, default=str))
-        
-        print("\n📈 Activity Summary:")
-        print(json.dumps(store.get_activity_summary(TENANT_ID), indent=2, default=str))
-        
-        print("\n🔍 RAG Quality Metrics:")
-        print(json.dumps(store.get_rag_quality_metrics(TENANT_ID), indent=2))
-        
-        print("\n✅ AnalyticsStore tests passed!")
-        return True
-        
-    except Exception as e:
-        print(f"❌ AnalyticsStore test failed: {e}")
-        import traceback
-        traceback.print_exc()
-        return False
-
-
-def test_admin_rules():
-    """Test enhanced admin rules with regex and severity."""
-    print_section("Testing Enhanced Admin Rules")
-    
-    try:
-        from api.storage.rules_store import RulesStore
-        import re
-        
-        store = RulesStore()
-        
-        # Add rules with regex and severity
-        print("Adding rules with regex patterns...")
-        store.add_rule(
-            TENANT_ID,
-            "Block password queries",
-            pattern=".*password.*|.*pwd.*",
-            severity="high",
-            description="Blocks password-related queries"
-        )
-        store.add_rule(
-            TENANT_ID,
-            "Block email sharing",
-            pattern=".*@.*\\..*",
-            severity="medium",
-            description="Blocks email addresses"
-        )
-        store.add_rule(
-            TENANT_ID,
-            "Simple keyword rule",
-            severity="low"
-        )
-        
-        # Get detailed rules
-        rules = store.get_rules_detailed(TENANT_ID)
-        print("\n📋 Rules with Metadata:")
-        print(json.dumps(rules, indent=2, default=str))
-        
-        # Test regex matching
-        print("\n🧪 Testing Regex Patterns:")
-        for rule in rules:
-            if rule.get("pattern"):
-                pattern = rule["pattern"]
-                regex = re.compile(pattern, re.IGNORECASE)
-                test_cases = [
-                    "What is my password?",
-                    "My email is test@example.com",
-                    "Just regular text"
-                ]
-                for test_text in test_cases:
-                    match = regex.search(test_text)
-                    print(f"  Pattern: {pattern[:30]}... | Text: \"{test_text}\" | Match: {match is not None}")
-        
-        print("\n✅ Admin Rules tests passed!")
-        return True
-        
-    except Exception as e:
-        print(f"❌ Admin Rules test failed: {e}")
-        import traceback
-        traceback.print_exc()
-        return False
-
-
-def test_api_endpoints():
-    """Test API endpoints."""
-    print_section("Testing API Endpoints")
-    
-    headers = {"x-tenant-id": TENANT_ID}
-    
-    endpoints = [
-        ("GET", "/analytics/overview?days=30", None),
-        ("GET", "/analytics/tool-usage?days=30", None),
-        ("GET", "/analytics/rag-quality?days=30", None),
-        ("GET", "/analytics/redflags?limit=50&days=30", None),
-        ("GET", "/admin/rules?detailed=true", None),
-        ("GET", "/admin/violations?limit=50&days=30", None),
-        ("GET", "/admin/tools/logs?days=7", None),
-    ]
-    
-    results = []
-    
-    for method, endpoint, data in endpoints:
-        try:
-            url = f"{BASE_URL}{endpoint}"
-            if method == "GET":
-                response = requests.get(url, headers=headers, timeout=5)
-            else:
-                response = requests.post(url, headers=headers, json=data, timeout=5)
-            
-            status = "✅" if response.status_code == 200 else "⚠️"
-            print(f"{status} {method} {endpoint} - Status: {response.status_code}")
-            
-            if response.status_code == 200:
-                result = response.json()
-                print(f"   Response keys: {list(result.keys())[:5]}")
-            
-            results.append(response.status_code == 200)
-            
-        except requests.exceptions.ConnectionError:
-            print(f"❌ {method} {endpoint} - Cannot connect to {BASE_URL}")
-            print("   Make sure the FastAPI server is running on port 8000")
-            results.append(False)
-        except Exception as e:
-            print(f"❌ {method} {endpoint} - Error: {e}")
-            results.append(False)
-    
-    # Test POST endpoints
-    print("\n📝 Testing POST Endpoints...")
-    
-    try:
-        # Add admin rule
-        response = requests.post(
-            f"{BASE_URL}/admin/rules",
-            headers=headers,
-            json={
-                "rule": "Test rule via API",
-                "pattern": ".*test.*",
-                "severity": "medium"
-            },
-            timeout=5
-        )
-        status = "✅" if response.status_code == 200 else "⚠️"
-        print(f"{status} POST /admin/rules - Status: {response.status_code}")
-        results.append(response.status_code == 200)
-    except Exception as e:
-        print(f"❌ POST /admin/rules - Error: {e}")
-        results.append(False)
-    
-    # Test agent endpoints (may fail if services not running)
-    print("\n🤖 Testing Agent Endpoints...")
-    
-    agent_endpoints = [
-        ("/agent/plan", {"tenant_id": TENANT_ID, "message": "Test message", "temperature": 0.0}),
-    ]
-    
-    for endpoint, data in agent_endpoints:
-        try:
-            response = requests.post(
-                f"{BASE_URL}{endpoint}",
-                json=data,
-                timeout=10
-            )
-            status = "✅" if response.status_code == 200 else "⚠️"
-            print(f"{status} POST {endpoint} - Status: {response.status_code}")
-            if response.status_code == 200:
-                result = response.json()
-                print(f"   Response keys: {list(result.keys())[:5]}")
-            results.append(response.status_code in [200, 500, 503])  # Accept various status codes
-        except Exception as e:
-            print(f"⚠️ POST {endpoint} - Error: {e} (May be expected if services not running)")
-            results.append(True)  # Don't fail if services not running
-    
-    success_count = sum(results)
-    total_count = len(results)
-    
-    print(f"\n📊 API Endpoint Tests: {success_count}/{total_count} passed")
-    return success_count == total_count or success_count >= total_count * 0.8  # 80% pass rate
-
-
-def main():
-    """Run all manual tests."""
-    print("\n" + "🚀" * 30)
-    print("IntegraChat Manual Testing Suite")
-    print("🚀" * 30)
-    
-    results = []
-    
-    # Test Analytics Store
-    results.append(test_analytics_store())
-    time.sleep(1)
-    
-    # Test Admin Rules
-    results.append(test_admin_rules())
-    time.sleep(1)
-    
-    # Test API Endpoints
-    results.append(test_api_endpoints())
-    
-    # Summary
-    print_section("Test Summary")
-    passed = sum(results)
-    total = len(results)
-    
-    print(f"Tests Passed: {passed}/{total}")
-    if passed == total:
-        print("✅ All tests passed!")
-    elif passed >= total * 0.8:
-        print("⚠️ Most tests passed (some may require running services)")
-    else:
-        print("❌ Some tests failed. Check errors above.")
-    
-    print("\n💡 Tips:")
-    print("  - For API tests, ensure FastAPI server is running: uvicorn backend.api.main:app --port 8000")
-    print("  - Agent endpoints may require MCP servers and LLM to be running")
-    print("  - Check TESTING_GUIDE.md for more detailed testing instructions")
-
-
-if __name__ == "__main__":
-    main()
-

test_retry_integration.py

@@ -1,529 +0,0 @@
-#!/usr/bin/env python3
-"""
-Integration tests for autonomous retry and self-correction system.
-
-This script tests the retry functionality with a running backend.
-It verifies that retry steps appear in reasoning traces and analytics.
-
-Usage:
-    python test_retry_integration.py
-
-Prerequisites:
-    - FastAPI backend running on http://localhost:8000
-    - MCP server running
-    - Optional: LLM service available
-"""
-
-import requests
-import json
-import time
-import sys
-from pathlib import Path
-
-BASE_URL = "http://localhost:8000"
-TENANT_ID = "retry_test_tenant"
-TIMEOUT = 120  # Increased timeout for LLM calls (model loading can take time)
-
-
-def print_section(title, char="=", width=70):
-    """Print a formatted section header."""
-    print("\n" + char * width)
-    print(f"  {title}")
-    print(char * width)
-
-
-def print_success(msg):
-    """Print success message."""
-    print(f"✅ {msg}")
-
-
-def print_warning(msg):
-    """Print warning message."""
-    print(f"⚠️  {msg}")
-
-
-def print_error(msg):
-    """Print error message."""
-    print(f"❌ {msg}")
-
-
-def print_info(msg):
-    """Print info message."""
-    print(f"ℹ️  {msg}")
-
-
-def check_backend():
-    """Check if backend is running."""
-    try:
-        response = requests.get(f"{BASE_URL}/health", timeout=5)
-        return response.status_code == 200
-    except:
-        return False
-
-
-def test_rag_retry_scenario():
-    """Test RAG retry when scores are low."""
-    print_section("Test 1: RAG Retry with Low Scores")
-    
-    # First, ingest a document that might not be highly relevant to test query
-    print_info("Ingesting test document...")
-    try:
-        ingest_response = requests.post(
-            f"{BASE_URL}/rag/ingest",
-            json={
-                "tenant_id": TENANT_ID,
-                "content": "This is a general document about various topics. It mentions computers, technology, and general information."
-            },
-            timeout=TIMEOUT
-        )
-        print(f"   Ingest status: {ingest_response.status_code}")
-    except requests.exceptions.Timeout:
-        print_warning(f"Ingest request timed out after {TIMEOUT} seconds")
-    except Exception as e:
-        print_warning(f"Could not ingest document: {e}")
-    
-    # Send a query that will likely have low relevance initially
-    print_info("Sending query that should trigger RAG retry...")
-    try:
-        debug_response = requests.post(
-            f"{BASE_URL}/agent/debug",
-            json={
-                "tenant_id": TENANT_ID,
-                "message": "What is quantum computing and how does quantum entanglement work?"
-            },
-            timeout=TIMEOUT
-        )
-        
-        if debug_response.status_code == 200:
-            debug_data = debug_response.json()
-            reasoning_trace = debug_data.get("reasoning_trace", [])
-            
-            # Look for retry steps in reasoning trace
-            retry_steps = []
-            for step in reasoning_trace:
-                step_str = json.dumps(step).lower()
-                if "retry" in step_str or "rag_retry" in step_str or "threshold" in step_str:
-                    retry_steps.append(step)
-            
-            print(f"\n   Found {len(retry_steps)} retry-related steps:")
-            for step in retry_steps[:5]:  # Show first 5
-                step_name = step.get("step", "unknown")
-                print(f"     - {step_name}")
-            
-            if retry_steps:
-                print_success("RAG retry system is working!")
-                return True
-            else:
-                print_warning("No retry steps found (may not have triggered - scores might be good)")
-                return True  # Not a failure, just didn't need retry
-        else:
-            print_error(f"Request failed: {debug_response.status_code}")
-            print_error(f"Response: {debug_response.text[:200]}")
-            return False
-            
-    except requests.exceptions.Timeout:
-        print_error(f"Request timed out after {TIMEOUT} seconds")
-        print_error("   Possible causes:")
-        print_error("   - Ollama is not running or model is not loaded")
-        print_error("   - MCP server is not running")
-        print_error("   - LLM call is taking too long")
-        print_error("\n   To fix:")
-        print_error("   1. Check if Ollama is running: ollama serve")
-        print_error("   2. Check if model is available: ollama list")
-        print_error("   3. Pull the model if needed: ollama pull llama3.1:latest")
-        return False
-    except requests.exceptions.ConnectionError:
-        print_error("Cannot connect to backend. Is it running on port 8000?")
-        return False
-    except Exception as e:
-        print_error(f"Error: {e}")
-        import traceback
-        traceback.print_exc()
-        return False
-
-
-def test_web_retry_scenario():
-    """Test web search retry when results are empty."""
-    print_section("Test 2: Web Search Retry with Empty Results")
-    
-    # Send a query with an obscure term that might return empty results
-    print_info("Sending obscure query to trigger web retry...")
-    try:
-        debug_response = requests.post(
-            f"{BASE_URL}/agent/debug",
-            json={
-                "tenant_id": TENANT_ID,
-                "message": "Explain the concept of zyxwvutsrqp in detail"
-            },
-            timeout=TIMEOUT
-        )
-        
-        if debug_response.status_code == 200:
-            debug_data = debug_response.json()
-            reasoning_trace = debug_data.get("reasoning_trace", [])
-            
-            # Look for web retry steps
-            retry_steps = []
-            for step in reasoning_trace:
-                step_str = json.dumps(step).lower()
-                if "web_retry" in step_str or ("web" in step_str and "retry" in step_str):
-                    retry_steps.append(step)
-            
-            print(f"\n   Found {len(retry_steps)} web retry steps:")
-            for step in retry_steps[:5]:
-                step_name = step.get("step", "unknown")
-                print(f"     - {step_name}")
-                if 'rewritten_query' in step:
-                    print(f"       Rewritten: {step['rewritten_query'][:60]}...")
-            
-            if retry_steps:
-                print_success("Web retry system is working!")
-                return True
-            else:
-                print_warning("No web retry steps found (results might have been found on first try)")
-                return True  # Not a failure
-        else:
-            print_error(f"Request failed: {debug_response.status_code}")
-            return False
-            
-    except requests.exceptions.Timeout:
-        print_error(f"Request timed out after {TIMEOUT} seconds")
-        print_warning("   This may happen if Ollama is loading the model")
-        return False
-    except requests.exceptions.ConnectionError:
-        print_error("Cannot connect to backend")
-        return False
-    except requests.exceptions.Timeout:
-        print_error(f"Request timed out after {TIMEOUT} seconds")
-        print_warning("   This may happen if Ollama is loading the model")
-        return False
-    except Exception as e:
-        print_error(f"Error: {e}")
-        return False
-
-
-def test_reasoning_trace_contains_retry_info():
-    """Verify retry steps appear in reasoning traces."""
-    print_section("Test 3: Verify Reasoning Trace Contains Retry Info")
-    
-    try:
-        debug_response = requests.post(
-            f"{BASE_URL}/agent/debug",
-            json={
-                "tenant_id": TENANT_ID,
-                "message": "What is artificial intelligence and machine learning?"
-            },
-            timeout=TIMEOUT
-        )
-        
-        if debug_response.status_code == 200:
-            debug_data = debug_response.json()
-            reasoning_trace = debug_data.get("reasoning_trace", [])
-            
-            print(f"\n   Reasoning trace has {len(reasoning_trace)} steps")
-            print("\n   Step breakdown:")
-            
-            retry_related_count = 0
-            for i, step in enumerate(reasoning_trace[:10]):  # Show first 10
-                step_name = step.get("step", "unknown")
-                step_str = str(step).lower()
-                
-                is_retry_related = "retry" in step_str or "repair" in step_str or "threshold" in step_str
-                if is_retry_related:
-                    retry_related_count += 1
-                    marker = "⚡"
-                else:
-                    marker = "  "
-                
-                print(f"   {marker} {i+1}. {step_name}")
-            
-            if retry_related_count > 0:
-                print_success(f"Found {retry_related_count} retry-related steps in reasoning trace")
-                return True
-            else:
-                print_warning("No retry-related steps found (may not have been needed)")
-                return True
-        else:
-            print_error(f"Request failed: {debug_response.status_code}")
-            return False
-            
-    except requests.exceptions.Timeout:
-        print_error(f"Request timed out after {TIMEOUT} seconds")
-        print_warning("   This may happen if Ollama is loading the model")
-        return False
-    except Exception as e:
-        print_error(f"Error: {e}")
-        return False
-
-
-def test_analytics_logging():
-    """Test that retry attempts are logged to analytics."""
-    print_section("Test 4: Analytics Logging for Retries")
-    
-    try:
-        # Send a query that might trigger retries
-        print_info("Sending query to generate activity...")
-        requests.post(
-            f"{BASE_URL}/agent/message",
-            json={
-                "tenant_id": TENANT_ID,
-                "message": "Explain quantum mechanics"
-            },
-            timeout=TIMEOUT
-        )
-        
-        # Wait a moment for analytics to be logged
-        time.sleep(1)
-        
-        # Check analytics
-        print_info("Checking analytics for retry tool calls...")
-        analytics_response = requests.get(
-            f"{BASE_URL}/analytics/tool-usage?days=1",
-            headers={"x-tenant-id": TENANT_ID},
-            timeout=TIMEOUT
-        )
-        
-        if analytics_response.status_code == 200:
-            data = analytics_response.json()
-            tool_logs = data.get("logs", [])
-            
-            print(f"   Found {len(tool_logs)} tool usage logs")
-            
-            # Look for retry-related tool names
-            retry_tools = []
-            for log in tool_logs:
-                tool_name = log.get("tool_name", "").lower()
-                if "retry" in tool_name:
-                    retry_tools.append(log)
-            
-            print(f"   Found {len(retry_tools)} retry-related tool calls:")
-            for tool in retry_tools[:5]:
-                tool_name = tool.get("tool_name")
-                timestamp = tool.get("timestamp", "unknown")
-                success = tool.get("success", False)
-                status = "✅" if success else "❌"
-                print(f"     {status} {tool_name} at {timestamp}")
-            
-            if len(retry_tools) > 0:
-                print_success("Retry attempts are being logged to analytics!")
-                return True
-            else:
-                print_warning("No retry tool calls found (may not have triggered retries)")
-                return True
-        else:
-            print_warning(f"Could not fetch analytics: {analytics_response.status_code}")
-            return True  # Don't fail on analytics endpoint issues
-            
-    except requests.exceptions.Timeout:
-        print_warning(f"Analytics check timed out after {TIMEOUT} seconds")
-        return True  # Don't fail the whole test on analytics issues
-    except Exception as e:
-        print_warning(f"Analytics check failed: {e}")
-        return True  # Don't fail the whole test on analytics issues
-
-
-def test_full_agent_flow():
-    """Test full agent flow with retry system integrated."""
-    print_section("Test 5: Full Agent Flow with Retry Integration")
-    
-    try:
-        print_info("Sending complete agent request...")
-        response = requests.post(
-            f"{BASE_URL}/agent/message",
-            json={
-                "tenant_id": TENANT_ID,
-                "message": "What is machine learning and how does it differ from deep learning?",
-                "temperature": 0.0
-            },
-            timeout=TIMEOUT
-        )
-        
-        if response.status_code == 200:
-            data = response.json()
-            
-            has_text = "text" in data and data["text"]
-            has_decision = "decision" in data
-            has_tool_traces = "tool_traces" in data
-            
-            print(f"\n   Response components:")
-            print(f"     - Has text: {'✅' if has_text else '❌'}")
-            print(f"     - Has decision: {'✅' if has_decision else '❌'}")
-            print(f"     - Has tool traces: {'✅' if has_tool_traces else '❌'}")
-            
-            if has_text:
-                text_preview = data["text"][:100] + "..." if len(data["text"]) > 100 else data["text"]
-                print(f"\n   Response preview: {text_preview}")
-            
-            if has_tool_traces:
-                tool_traces = data["tool_traces"]
-                print(f"\n   Tool traces: {len(tool_traces)} steps")
-                for trace in tool_traces[:3]:
-                    tool = trace.get("tool", "unknown")
-                    print(f"     - {tool}")
-            
-            if has_text and has_decision:
-                print_success("Full agent flow completed successfully!")
-                return True
-            else:
-                print_error("Agent flow incomplete")
-                return False
-        else:
-            print_error(f"Request failed: {response.status_code}")
-            print_error(f"Response: {response.text[:200]}")
-            return False
-            
-    except requests.exceptions.Timeout:
-        print_error(f"Request timed out after {TIMEOUT} seconds")
-        print_warning("   This may happen if Ollama is loading the model")
-        return False
-    except requests.exceptions.Timeout:
-        print_error(f"Request timed out after {TIMEOUT} seconds")
-        print_warning("   This may happen if Ollama is loading the model")
-        return False
-    except Exception as e:
-        print_error(f"Error: {e}")
-        return False
-
-
-def test_agent_plan_endpoint():
-    """Test agent plan endpoint shows retry considerations."""
-    print_section("Test 6: Agent Plan Endpoint")
-    
-    try:
-        print_info("Checking agent plan for query...")
-        response = requests.post(
-            f"{BASE_URL}/agent/plan",
-            json={
-                "tenant_id": TENANT_ID,
-                "message": "Explain neural networks"
-            },
-            timeout=TIMEOUT
-        )
-        
-        if response.status_code == 200:
-            data = response.json()
-            
-            has_plan = "plan" in data
-            has_intent = "intent" in data
-            has_reason = "reason" in data
-            
-            print(f"\n   Plan components:")
-            print(f"     - Has plan: {'✅' if has_plan else '❌'}")
-            print(f"     - Has intent: {'✅' if has_intent else '❌'}")
-            print(f"     - Has reason: {'✅' if has_reason else '❌'}")
-            
-            if has_plan:
-                plan = data["plan"]
-                print(f"\n   Plan action: {plan.get('action', 'unknown')}")
-                print(f"   Plan tool: {plan.get('tool', 'none')}")
-            
-            if has_reason:
-                print(f"   Reason: {data['reason'][:100]}...")
-            
-            print_success("Agent plan endpoint working!")
-            return True
-        else:
-            print_warning(f"Plan endpoint returned: {response.status_code}")
-            return True  # Don't fail on plan endpoint
-            
-    except requests.exceptions.Timeout:
-        print_warning(f"Plan endpoint request timed out after {TIMEOUT} seconds")
-        return True  # Don't fail on this
-    except Exception as e:
-        print_warning(f"Plan endpoint check failed: {e}")
-        return True  # Don't fail on this
-
-
-def main():
-    """Run all integration tests."""
-    print("\n" + "🚀" * 35)
-    print("  Retry & Self-Correction System Integration Tests")
-    print("🚀" * 35)
-    
-    # Check backend
-    print_section("Prerequisites Check")
-    if not check_backend():
-        print_error("Backend is not running on http://localhost:8000")
-        print_error("Please start the backend before running tests:")
-        print_error("  uvicorn backend.api.main:app --port 8000")
-        print_error("\nOr run: python start.bat")
-        sys.exit(1)
-    else:
-        print_success("Backend is running!")
-    
-    print("\n" + "=" * 70)
-    print("  Starting Integration Tests")
-    print("=" * 70)
-    print(f"\n⏱️  Timeout: {TIMEOUT} seconds per request")
-    print("   (First request may take longer if Ollama needs to load the model)")
-    print("\n⚠️  Note: Some tests may not trigger retries if:")
-    print("   - RAG scores are already high (no retry needed)")
-    print("   - Web search finds results immediately")
-    print("   - System is working perfectly (which is good!)")
-    print("\nPress Enter to continue or Ctrl+C to cancel...")
-    try:
-        input()
-    except KeyboardInterrupt:
-        print("\n\nTests cancelled.")
-        sys.exit(0)
-    
-    results = []
-    
-    # Run tests
-    results.append(("RAG Retry Scenario", test_rag_retry_scenario()))
-    time.sleep(0.5)
-    
-    results.append(("Web Retry Scenario", test_web_retry_scenario()))
-    time.sleep(0.5)
-    
-    results.append(("Reasoning Trace Verification", test_reasoning_trace_contains_retry_info()))
-    time.sleep(0.5)
-    
-    results.append(("Analytics Logging", test_analytics_logging()))
-    time.sleep(0.5)
-    
-    results.append(("Full Agent Flow", test_full_agent_flow()))
-    time.sleep(0.5)
-    
-    results.append(("Agent Plan Endpoint", test_agent_plan_endpoint()))
-    
-    # Summary
-    print_section("Test Summary", "=", 70)
-    
-    passed = 0
-    for test_name, result in results:
-        status = "✅ PASS" if result else "❌ FAIL"
-        print(f"{status} - {test_name}")
-        if result:
-            passed += 1
-    
-    print(f"\n📊 Results: {passed}/{len(results)} tests passed")
-    
-    if passed == len(results):
-        print_success("All tests passed!")
-    elif passed >= len(results) * 0.8:
-        print_warning("Most tests passed (some may not have triggered retries, which is fine)")
-    else:
-        print_error("Some tests failed. Check errors above.")
-    
-    print("\n💡 Tips:")
-    print("  - Use /agent/debug endpoint to see detailed reasoning traces")
-    print("  - Check /analytics/tool-usage for retry attempt logs")
-    print("  - Retry system works automatically - no configuration needed")
-    print("\n📝 Next steps:")
-    print("  - Run unit tests: pytest backend/tests/test_retry_system.py -v")
-    print("  - Check TESTING_GUIDE.md for more testing options")
-
-
-if __name__ == "__main__":
-    try:
-        main()
-    except KeyboardInterrupt:
-        print("\n\nTests interrupted by user.")
-        sys.exit(0)
-    except Exception as e:
-        print_error(f"Unexpected error: {e}")
-        import traceback
-        traceback.print_exc()
-        sys.exit(1)
-

test_retry_quick.py

@@ -1,128 +0,0 @@
-#!/usr/bin/env python3
-"""
-Quick test script for retry system - minimal version.
-
-Run this to quickly verify retry functionality is working.
-Usage: python test_retry_quick.py
-"""
-
-import requests
-import json
-
-BASE_URL = "http://localhost:8000"
-TENANT_ID = "quick_test"
-TIMEOUT = 120  # Increased timeout for LLM calls (model loading can take time)
-
-def check_server_health():
-    """Check if the backend server is running."""
-    try:
-        response = requests.get(f"{BASE_URL}/health", timeout=5)
-        if response.status_code == 200:
-            return True
-    except:
-        pass
-    return False
-
-def test_debug_endpoint():
-    """Quick test using debug endpoint."""
-    print("🔍 Testing retry system via /agent/debug endpoint...\n")
-    
-    # First check if server is running
-    print("📡 Checking if backend server is running...")
-    if not check_server_health():
-        print(f"❌ Cannot connect to {BASE_URL}")
-        print("   Make sure backend is running:")
-        print("   - uvicorn backend.api.main:app --port 8000")
-        print("   - Or use: python backend/mcp_server/server.py")
-        return False
-    print("✅ Backend server is running\n")
-    
-    try:
-        print(f"⏱️  Sending request (timeout: {TIMEOUT}s)...")
-        print("   Note: First request may take longer if Ollama needs to load the model\n")
-        
-        response = requests.post(
-            f"{BASE_URL}/agent/debug",
-            json={
-                "tenant_id": TENANT_ID,
-                "message": "What is quantum computing?"
-            },
-            timeout=TIMEOUT
-        )
-        
-        if response.status_code == 200:
-            data = response.json()
-            reasoning_trace = data.get("reasoning_trace", [])
-            
-            print(f"✅ Connected to backend")
-            print(f"📋 Found {len(reasoning_trace)} reasoning steps\n")
-            
-            # Look for retry steps
-            retry_steps = []
-            for step in reasoning_trace:
-                step_str = json.dumps(step).lower()
-                if any(keyword in step_str for keyword in ["retry", "repair", "threshold", "rewritten"]):
-                    retry_steps.append(step)
-            
-            if retry_steps:
-                print(f"⚡ Found {len(retry_steps)} retry-related steps:")
-                for step in retry_steps[:3]:
-                    print(f"   - {step.get('step', 'unknown')}")
-                print("\n✅ Retry system is active and working!")
-                return True
-            else:
-                print("ℹ️  No retry steps found (system working optimally - no retries needed)")
-                print("\n✅ Retry system is integrated (retries only happen when needed)")
-                return True
-        else:
-            print(f"❌ Request failed: {response.status_code}")
-            try:
-                error_data = response.json()
-                print(f"   Error details: {error_data}")
-            except:
-                print(f"   Response: {response.text[:200]}")
-            return False
-            
-    except requests.exceptions.Timeout:
-        print(f"❌ Request timed out after {TIMEOUT} seconds")
-        print("\n   Possible causes:")
-        print("   - Ollama is not running or model is not loaded")
-        print("   - MCP server is not running")
-        print("   - LLM call is taking too long")
-        print("\n   To fix:")
-        print("   1. Check if Ollama is running: ollama serve")
-        print("   2. Check if model is available: ollama list")
-        print("   3. Pull the model if needed: ollama pull llama3.1:latest")
-        print("   4. Check if MCP server is running")
-        return False
-    except requests.exceptions.ConnectionError:
-        print(f"❌ Cannot connect to {BASE_URL}")
-        print("   Make sure backend is running:")
-        print("   - uvicorn backend.api.main:app --port 8000")
-        print("   - Or use: python backend/mcp_server/server.py")
-        return False
-    except Exception as e:
-        print(f"❌ Error: {e}")
-        print(f"   Error type: {type(e).__name__}")
-        return False
-
-
-if __name__ == "__main__":
-    print("=" * 60)
-    print("  Quick Retry System Test")
-    print("=" * 60 + "\n")
-    
-    success = test_debug_endpoint()
-    
-    if success:
-        print("\n" + "=" * 60)
-        print("✅ Test completed successfully!")
-        print("=" * 60)
-        print("\n💡 For comprehensive tests, run:")
-        print("   - pytest backend/tests/test_retry_system.py -v")
-        print("   - python test_retry_integration.py")
-    else:
-        print("\n" + "=" * 60)
-        print("❌ Test failed - check errors above")
-        print("=" * 60)
-

test_simple.py

@@ -1,148 +0,0 @@
-"""
-Simple standalone test script - can be run directly without pytest
-
-Usage:
-    python test_simple.py
-"""
-
-import sys
-from pathlib import Path
-
-# Setup paths
-backend_dir = Path(__file__).parent / "backend"
-sys.path.insert(0, str(backend_dir))
-root_dir = Path(__file__).parent
-sys.path.insert(0, str(root_dir))
-
-def test_analytics_store():
-    """Test AnalyticsStore"""
-    print("\n" + "="*60)
-    print("Testing AnalyticsStore")
-    print("="*60)
-    
-    try:
-        from api.storage.analytics_store import AnalyticsStore
-        
-        store = AnalyticsStore()
-        tenant_id = "test_simple"
-        
-        # Log some events
-        print("✓ Logging tool usage...")
-        store.log_tool_usage(tenant_id, "rag", latency_ms=150, tokens_used=500, success=True)
-        store.log_tool_usage(tenant_id, "web", latency_ms=80, success=True)
-        
-        print("✓ Logging red-flag violation...")
-        store.log_redflag_violation(
-            tenant_id, "rule1", ".*password.*", "high",
-            "password123", confidence=0.95
-        )
-        
-        print("✓ Logging RAG search...")
-        store.log_rag_search(tenant_id, "test query", hits_count=5, avg_score=0.85)
-        
-        # Get stats
-        print("\n📊 Tool Usage Stats:")
-        stats = store.get_tool_usage_stats(tenant_id)
-        print(f"  RAG: {stats.get('rag', {})}")
-        print(f"  Web: {stats.get('web', {})}")
-        
-        print("\n🚨 Violations:")
-        violations = store.get_redflag_violations(tenant_id)
-        print(f"  Count: {len(violations)}")
-        if violations:
-            print(f"  First: {violations[0]['severity']} - {violations[0]['matched_text']}")
-        
-        print("\n✅ AnalyticsStore test PASSED!")
-        return True
-        
-    except Exception as e:
-        print(f"\n❌ AnalyticsStore test FAILED: {e}")
-        import traceback
-        traceback.print_exc()
-        return False
-
-
-def test_admin_rules():
-    """Test Admin Rules with regex"""
-    print("\n" + "="*60)
-    print("Testing Admin Rules (Regex & Severity)")
-    print("="*60)
-    
-    try:
-        from api.storage.rules_store import RulesStore
-        import re
-        
-        store = RulesStore()
-        tenant_id = "test_simple"
-        
-        # Add rule with regex
-        print("✓ Adding rule with regex pattern...")
-        store.add_rule(
-            tenant_id,
-            "Block password queries",
-            pattern=".*password.*",
-            severity="high",
-            description="Blocks password queries"
-        )
-        
-        # Get detailed rules
-        rules = store.get_rules_detailed(tenant_id)
-        print(f"\n📋 Rules found: {len(rules)}")
-        
-        if rules:
-            rule = rules[0]
-            print(f"  Pattern: {rule['pattern']}")
-            print(f"  Severity: {rule['severity']}")
-            print(f"  Description: {rule['description']}")
-            
-            # Test regex
-            print("\n🧪 Testing regex pattern...")
-            regex = re.compile(rule['pattern'], re.IGNORECASE)
-            test_cases = [
-                ("What is my password?", True),
-                ("Regular text", False)
-            ]
-            for text, should_match in test_cases:
-                match = regex.search(text) is not None
-                status = "✓" if match == should_match else "✗"
-                print(f"  {status} '{text}' -> {match} (expected {should_match})")
-        
-        print("\n✅ Admin Rules test PASSED!")
-        return True
-        
-    except Exception as e:
-        print(f"\n❌ Admin Rules test FAILED: {e}")
-        import traceback
-        traceback.print_exc()
-        return False
-
-
-def main():
-    """Run all tests"""
-    print("\n🚀 IntegraChat Simple Tests")
-    print("="*60)
-    
-    results = []
-    
-    results.append(test_analytics_store())
-    results.append(test_admin_rules())
-    
-    # Summary
-    print("\n" + "="*60)
-    print("Test Summary")
-    print("="*60)
-    passed = sum(results)
-    total = len(results)
-    print(f"Tests Passed: {passed}/{total}")
-    
-    if passed == total:
-        print("✅ All tests passed!")
-        return 0
-    else:
-        print("❌ Some tests failed")
-        return 1
-
-
-if __name__ == "__main__":
-    exit(main())
-

test_supabase_connection.py

@@ -1,81 +0,0 @@
-#!/usr/bin/env python3
-"""Test Supabase connection directly"""
-
-import os
-from dotenv import load_dotenv
-
-load_dotenv()
-
-try:
-    from supabase import create_client
-    
-    supabase_url = os.getenv("SUPABASE_URL")
-    supabase_key = os.getenv("SUPABASE_SERVICE_KEY")
-    
-    print("Testing Supabase Connection:")
-    print("=" * 50)
-    print(f"URL: {supabase_url}")
-    print(f"Key length: {len(supabase_key) if supabase_key else 0}")
-    print()
-    
-    if not supabase_url or not supabase_key:
-        print("ERROR: Missing Supabase credentials")
-        exit(1)
-    
-    print("Creating Supabase client...")
-    client = create_client(supabase_url, supabase_key)
-    print("[OK] Client created successfully")
-    
-    print()
-    print("Testing table access...")
-    tables = ["tool_usage_events", "redflag_violations", "rag_search_events", "agent_query_events"]
-    
-    for table in tables:
-        try:
-            result = client.table(table).select("id").limit(1).execute()
-            print(f"[OK] Table '{table}' is accessible")
-        except Exception as e:
-            error_msg = str(e)
-            if "does not exist" in error_msg.lower() or "relation" in error_msg.lower():
-                print(f"[ERROR] Table '{table}' does NOT exist")
-                print(f"  Solution: Run supabase_analytics_tables.sql in Supabase SQL Editor")
-            elif "401" in error_msg or "Invalid API key" in error_msg:
-                print(f"[ERROR] Table '{table}' access denied - Invalid API key")
-                print(f"  Error: {error_msg[:100]}")
-            else:
-                print(f"[ERROR] Table '{table}' error: {error_msg[:100]}")
-    
-    print()
-    print("Testing insert...")
-    try:
-        test_payload = {
-            "tenant_id": "test_connection",
-            "tool_name": "connection_test",
-            "timestamp": 1234567890,
-            "success": True
-        }
-        result = client.table("tool_usage_events").insert(test_payload).execute()
-        print("[OK] Test insert successful!")
-        print(f"  Inserted {len(result.data) if result.data else 1} row(s)")
-    except Exception as e:
-        error_msg = str(e)
-        print(f"[ERROR] Test insert failed: {error_msg[:200]}")
-        if "401" in error_msg or "Invalid API key" in error_msg:
-            print("  This indicates an invalid API key")
-        elif "does not exist" in error_msg.lower():
-            print("  This indicates the table doesn't exist")
-        elif "RLS" in error_msg or "policy" in error_msg.lower():
-            print("  This indicates RLS policy blocking the insert")
-    
-    print()
-    print("=" * 50)
-    print("Connection test complete!")
-    
-except ImportError:
-    print("ERROR: supabase-py package not installed")
-    print("Install it with: pip install supabase")
-except Exception as e:
-    print(f"ERROR: {e}")
-    import traceback
-    traceback.print_exc()
-

verify_supabase_key.py

@@ -1,106 +0,0 @@
-#!/usr/bin/env python3
-"""
-Quick script to verify your Supabase API key format and connection.
-"""
-
-import os
-from dotenv import load_dotenv
-
-load_dotenv()
-
-url = os.getenv("SUPABASE_URL")
-key = os.getenv("SUPABASE_SERVICE_KEY")
-
-print("=" * 70)
-print("Supabase API Key Verification")
-print("=" * 70)
-print()
-
-if not url:
-    print("❌ SUPABASE_URL is not set in .env file")
-    exit(1)
-
-if not key:
-    print("❌ SUPABASE_SERVICE_KEY is not set in .env file")
-    exit(1)
-
-# Clean the key
-key = key.strip()
-
-print(f"📋 SUPABASE_URL: {url[:30]}...")
-print(f"📋 SUPABASE_SERVICE_KEY: {key[:20]}...{key[-10:] if len(key) > 30 else ''} ({len(key)} chars)")
-print()
-
-# Check key format
-issues = []
-
-if not key.startswith("eyJ"):
-    issues.append("❌ Key doesn't start with 'eyJ' (not a JWT token)")
-
-if len(key) < 100:
-    issues.append(f"❌ Key is too short ({len(key)} chars, expected ~200+)")
-
-if len(key) > 500:
-    issues.append(f"⚠️  Key is unusually long ({len(key)} chars)")
-
-if " " in key or "\n" in key or "\t" in key:
-    issues.append("❌ Key contains whitespace (spaces, newlines, tabs)")
-
-if key.startswith('"') or key.endswith('"'):
-    issues.append("❌ Key is wrapped in quotes (remove quotes from .env)")
-
-if key.startswith("'") or key.endswith("'"):
-    issues.append("❌ Key is wrapped in single quotes (remove quotes from .env)")
-
-if issues:
-    print("⚠️  Issues found with API key format:")
-    for issue in issues:
-        print(f"   {issue}")
-    print()
-else:
-    print("✅ Key format looks good!")
-    print()
-
-# Try to connect
-print("🔗 Testing connection to Supabase...")
-try:
-    from supabase import create_client
-    client = create_client(url, key)
-    
-    # Try a simple query
-    try:
-        client.table("admin_rules").select("id").limit(0).execute()
-        print("✅ Connection successful! API key is valid.")
-        print()
-        print("💡 Next steps:")
-        print("   1. Make sure tables exist (run SQL scripts in Supabase)")
-        print("   2. Run: python migrate_sqlite_to_supabase.py")
-    except Exception as e:
-        error_str = str(e)
-        if "Invalid API key" in error_str or "401" in error_str:
-            print("❌ Connection failed: Invalid API key")
-            print()
-            print("🔧 How to fix:")
-            print("   1. Go to https://app.supabase.com")
-            print("   2. Select your project")
-            print("   3. Go to Settings → API")
-            print("   4. Find 'service_role' key (NOT 'anon' key)")
-            print("   5. Click 'Reveal' to show the full key")
-            print("   6. Copy the ENTIRE key (it's very long)")
-            print("   7. Update SUPABASE_SERVICE_KEY in .env file")
-            print("   8. Make sure NO quotes or spaces around the value")
-        elif "does not exist" in error_str or "relation" in error_str.lower():
-            print("⚠️  Connection works, but table doesn't exist yet")
-            print("   This is OK - create tables first, then migrate")
-        else:
-            print(f"❌ Connection error: {error_str}")
-            
-except ImportError:
-    print("❌ Supabase Python client not installed")
-    print("   Run: pip install supabase")
-except Exception as e:
-    print(f"❌ Error: {e}")
-
-print()
-print("=" * 70)
-

verify_supabase_setup.py

@@ -1,181 +0,0 @@
-#!/usr/bin/env python3
-"""
-Verification script to ensure Supabase is configured and will be used for all future data.
-Run this after migration to confirm everything is set up correctly.
-"""
-
-import os
-import sys
-from pathlib import Path
-from dotenv import load_dotenv
-
-# Add backend to path
-backend_dir = Path(__file__).resolve().parent
-sys.path.insert(0, str(backend_dir))
-
-load_dotenv()
-
-from backend.api.storage.rules_store import RulesStore
-from backend.api.storage.analytics_store import AnalyticsStore
-
-def main():
-    print("=" * 70)
-    print("Supabase Configuration Verification")
-    print("=" * 70)
-    print()
-    
-    # Check environment variables
-    print("1. Checking Environment Variables:")
-    postgres_url = os.getenv("POSTGRESQL_URL")
-    supabase_url = os.getenv("SUPABASE_URL")
-    supabase_key = os.getenv("SUPABASE_SERVICE_KEY")
-    
-    has_postgres = bool(postgres_url)
-    has_supabase_api = bool(supabase_url and supabase_key)
-    
-    if has_postgres:
-        masked = postgres_url[:30] + "..." + postgres_url[-20:] if len(postgres_url) > 50 else postgres_url
-        print(f"   ✅ POSTGRESQL_URL is set: {masked}")
-    else:
-        print("   ❌ POSTGRESQL_URL is not set")
-    
-    if supabase_url:
-        print(f"   ✅ SUPABASE_URL is set: {supabase_url[:50]}...")
-    else:
-        print("   ❌ SUPABASE_URL is not set")
-    
-    if supabase_key:
-        if len(supabase_key) > 100:
-            print(f"   ✅ SUPABASE_SERVICE_KEY is set: {supabase_key[:20]}... ({len(supabase_key)} chars)")
-        else:
-            print(f"   ❌ SUPABASE_SERVICE_KEY seems incomplete ({len(supabase_key)} chars, expected 200+)")
-            print("   ⚠️  This looks like an 'anon' key, not a 'service_role' key!")
-            print("   💡 You need the SERVICE_ROLE key (not anon key) for backend operations")
-            print("   💡 Get it from: Supabase Dashboard → Settings → API → service_role key")
-    else:
-        print("   ❌ SUPABASE_SERVICE_KEY is not set")
-    
-    print()
-    
-    # Check RulesStore
-    print("2. Checking RulesStore Configuration:")
-    try:
-        rules_store = RulesStore()
-        if rules_store.use_supabase:
-            print("   ✅ RulesStore is using Supabase")
-            print(f"   📦 Backend: Supabase (REST API)")
-        else:
-            print("   ❌ RulesStore is using SQLite (not Supabase)")
-            print("   ⚠️  Future rules will be saved to SQLite, not Supabase!")
-            print()
-            print("   To fix:")
-            print("   - Set SUPABASE_URL and SUPABASE_SERVICE_KEY in .env")
-    except Exception as e:
-        print(f"   ❌ Error initializing RulesStore: {e}")
-    
-    print()
-    
-    # Check AnalyticsStore
-    print("3. Checking AnalyticsStore Configuration:")
-    analytics_store = None
-    try:
-        analytics_store = AnalyticsStore()
-        if analytics_store.use_supabase:
-            print("   ✅ AnalyticsStore is using Supabase")
-            print(f"   📦 Backend: Supabase (REST API)")
-            
-            # Test table verification
-            if analytics_store._tables_verified:
-                print("   ✅ Analytics tables verified and accessible")
-            else:
-                print("   ⚠️  Analytics tables not verified")
-                print("   ⚠️  This may cause inserts to fail!")
-                print("   💡 Solution: Run supabase_analytics_tables.sql in Supabase SQL Editor")
-            
-            # Test actual insert
-            print()
-            print("   🧪 Testing actual insert to Supabase...")
-            try:
-                test_tenant = "test_verification"
-                analytics_store.log_tool_usage(
-                    tenant_id=test_tenant,
-                    tool_name="verification_test",
-                    latency_ms=1,
-                    success=True
-                )
-                print("   ✅ Test insert successful! Data is being saved to Supabase.")
-            except Exception as insert_error:
-                error_str = str(insert_error)
-                print(f"   ❌ Test insert failed: {insert_error}")
-                print("   💡 This indicates:")
-                
-                # Check for specific error types
-                if "Invalid API key" in error_str or "401" in error_str:
-                    print("      ❌ INVALID API KEY - This is the main issue!")
-                    print("      💡 Your SUPABASE_SERVICE_KEY is incorrect or incomplete")
-                    print("      💡 Get the correct key from: Supabase Dashboard → Settings → API")
-                    print("      💡 Make sure you're using the 'service_role' key (not 'anon' key)")
-                    print("      💡 The service_role key should be 200+ characters long")
-                elif "does not exist" in error_str.lower() or "relation" in error_str.lower():
-                    print("      - Tables may not exist (run supabase_analytics_tables.sql)")
-                elif "RLS" in error_str or "policy" in error_str.lower():
-                    print("      - RLS policies may be blocking inserts")
-                else:
-                    print("      - Schema mismatch between code and database")
-                    print("      - Check Supabase logs for more details")
-        else:
-            print("   ❌ AnalyticsStore is using SQLite (not Supabase)")
-            print("   ⚠️  Future analytics will be saved to SQLite, not Supabase!")
-            print()
-            print("   To fix:")
-            if has_postgres:
-                print("   - POSTGRESQL_URL is set, but AnalyticsStore needs SUPABASE_URL + SUPABASE_SERVICE_KEY")
-            else:
-                print("   - Set SUPABASE_URL and SUPABASE_SERVICE_KEY in .env")
-    except Exception as e:
-        print(f"   ❌ Error initializing AnalyticsStore: {e}")
-    
-    print()
-    
-    # Summary
-    print("4. Summary:")
-    rules_ok = rules_store.use_supabase if 'rules_store' in locals() else False
-    analytics_ok = analytics_store.use_supabase if 'analytics_store' in locals() else False
-    
-    if rules_ok and analytics_ok:
-        print("   ✅ All systems configured to use Supabase!")
-        print("   ✅ Future data will be saved to Supabase")
-        print()
-        print("   💡 Next steps:")
-        print("   1. Restart your FastAPI/MCP services to apply changes")
-        print("   2. Test by adding a rule or generating analytics")
-        print("   3. Verify data appears in Supabase Dashboard → Table Editor")
-    elif rules_ok or analytics_ok:
-        print("   ⚠️  Partial configuration:")
-        if rules_ok:
-            print("   ✅ Rules will use Supabase")
-        else:
-            print("   ❌ Rules will use SQLite")
-        if analytics_ok:
-            print("   ✅ Analytics will use Supabase")
-        else:
-            print("   ❌ Analytics will use SQLite")
-        print()
-        print("   To fully migrate to Supabase:")
-        print("   - Ensure SUPABASE_URL and SUPABASE_SERVICE_KEY are set in .env")
-        print("   - Restart your services")
-    else:
-        print("   ❌ Not configured for Supabase")
-        print("   ⚠️  All data will be saved to SQLite")
-        print()
-        print("   To migrate to Supabase:")
-        print("   1. Set SUPABASE_URL and SUPABASE_SERVICE_KEY in .env")
-        print("   2. Restart your services")
-        print("   3. Run this verification again")
-    
-    print()
-    print("=" * 70)
-
-if __name__ == "__main__":
-    main()
-

verify_tenant_isolation.py

@@ -1,449 +0,0 @@
-"""
-verify_tenant_isolation.py
-Script to verify tenant_id is properly used for data isolation
-
-Usage:
-    python verify_tenant_isolation.py
-
-This script tests:
-- Admin rules isolation
-- Analytics isolation
-- RAG document isolation
-- Database direct verification
-"""
-
-import requests
-import json
-from pathlib import Path
-import sys
-
-# Add backend to path
-backend_dir = Path(__file__).parent / "backend"
-sys.path.insert(0, str(backend_dir))
-root_dir = Path(__file__).parent
-sys.path.insert(0, str(root_dir))
-
-BASE_URL = "http://localhost:8000"
-
-
-def print_section(title):
-    """Print a formatted section header"""
-    print("\n" + "="*60)
-    print(f"  {title}")
-    print("="*60)
-
-
-def verify_admin_rules_isolation():
-    """Verify admin rules are isolated by tenant_id"""
-    print_section("Testing Admin Rules Isolation")
-    
-    tenant1 = "verify_tenant1"
-    tenant2 = "verify_tenant2"
-    
-    try:
-        # Add rules for different tenants
-        print(f"\n1. Adding rule for {tenant1}...")
-        response = requests.post(
-            f"{BASE_URL}/admin/rules",
-            headers={"x-tenant-id": tenant1, "Content-Type": "application/json"},
-            json={"rule": f"Rule for {tenant1}", "severity": "high"},
-            timeout=5
-        )
-        print(f"   Status: {response.status_code}")
-        
-        print(f"\n2. Adding rule for {tenant2}...")
-        response = requests.post(
-            f"{BASE_URL}/admin/rules",
-            headers={"x-tenant-id": tenant2, "Content-Type": "application/json"},
-            json={"rule": f"Rule for {tenant2}", "severity": "low"},
-            timeout=5
-        )
-        print(f"   Status: {response.status_code}")
-        
-        # Get rules for tenant1
-        print(f"\n3. Getting rules for {tenant1}...")
-        response = requests.get(
-            f"{BASE_URL}/admin/rules",
-            headers={"x-tenant-id": tenant1},
-            timeout=5
-        )
-        tenant1_rules = response.json().get("rules", [])
-        print(f"   Found {len(tenant1_rules)} rules")
-        print(f"   Rules: {tenant1_rules}")
-        
-        # Get rules for tenant2
-        print(f"\n4. Getting rules for {tenant2}...")
-        response = requests.get(
-            f"{BASE_URL}/admin/rules",
-            headers={"x-tenant-id": tenant2},
-            timeout=5
-        )
-        tenant2_rules = response.json().get("rules", [])
-        print(f"   Found {len(tenant2_rules)} rules")
-        print(f"   Rules: {tenant2_rules}")
-        
-        # Verify isolation
-        print("\n5. Verifying isolation...")
-        tenant1_rule_text = f"Rule for {tenant1}"
-        tenant2_rule_text = f"Rule for {tenant2}"
-        
-        tenant1_has_own_rule = tenant1_rule_text in tenant1_rules
-        tenant1_has_other_rule = tenant2_rule_text in tenant1_rules
-        
-        tenant2_has_own_rule = tenant2_rule_text in tenant2_rules
-        tenant2_has_other_rule = tenant1_rule_text in tenant2_rules
-        
-        print(f"   Tenant1 has own rule: {tenant1_has_own_rule} ✓")
-        print(f"   Tenant1 has other's rule: {tenant1_has_other_rule} {'✗ FAILED!' if tenant1_has_other_rule else '✓ PASSED'}")
-        print(f"   Tenant2 has own rule: {tenant2_has_own_rule} ✓")
-        print(f"   Tenant2 has other's rule: {tenant2_has_other_rule} {'✗ FAILED!' if tenant2_has_other_rule else '✓ PASSED'}")
-        
-        if not tenant1_has_other_rule and not tenant2_has_other_rule:
-            print("\n✅ Admin Rules Isolation: PASSED")
-            return True
-        else:
-            print("\n❌ Admin Rules Isolation: FAILED")
-            return False
-            
-    except requests.exceptions.ConnectionError:
-        print("\n⚠️ Cannot connect to API. Make sure it's running:")
-        print("   uvicorn backend.api.main:app --port 8000")
-        return None
-    except Exception as e:
-        print(f"\n❌ Error: {e}")
-        import traceback
-        traceback.print_exc()
-        return False
-
-
-def verify_analytics_isolation():
-    """Verify analytics are isolated by tenant_id"""
-    print_section("Testing Analytics Isolation")
-    
-    tenant1 = "verify_tenant1"
-    tenant2 = "verify_tenant2"
-    
-    try:
-        # Make queries for different tenants
-        print(f"\n1. Making query as {tenant1}...")
-        response = requests.post(
-            f"{BASE_URL}/agent/message",
-            json={"tenant_id": tenant1, "message": "Test query from tenant1"},
-            timeout=10
-        )
-        print(f"   Status: {response.status_code}")
-        
-        print(f"\n2. Making query as {tenant2}...")
-        response = requests.post(
-            f"{BASE_URL}/agent/message",
-            json={"tenant_id": tenant2, "message": "Test query from tenant2"},
-            timeout=10
-        )
-        print(f"   Status: {response.status_code}")
-        
-        # Get analytics for tenant1
-        print(f"\n3. Getting analytics for {tenant1}...")
-        response = requests.get(
-            f"{BASE_URL}/analytics/overview?days=30",
-            headers={"x-tenant-id": tenant1},
-            timeout=5
-        )
-        tenant1_analytics = response.json()
-        print(f"   Total queries: {tenant1_analytics.get('total_queries', 0)}")
-        
-        # Get analytics for tenant2
-        print(f"\n4. Getting analytics for {tenant2}...")
-        response = requests.get(
-            f"{BASE_URL}/analytics/overview?days=30",
-            headers={"x-tenant-id": tenant2},
-            timeout=5
-        )
-        tenant2_analytics = response.json()
-        print(f"   Total queries: {tenant2_analytics.get('total_queries', 0)}")
-        
-        # Verify they're different
-        print("\n5. Verifying isolation...")
-        tenant1_queries = tenant1_analytics.get('total_queries', 0)
-        tenant2_queries = tenant2_analytics.get('total_queries', 0)
-        
-        print(f"   Tenant1 queries: {tenant1_queries}")
-        print(f"   Tenant2 queries: {tenant2_queries}")
-        
-        if tenant1_queries > 0 and tenant2_queries > 0:
-            print("\n✅ Analytics Isolation: PASSED (both tenants have their own data)")
-            return True
-        else:
-            print("\n⚠️ Analytics Isolation: Need more queries to verify")
-            return True
-            
-    except requests.exceptions.ConnectionError:
-        print("\n⚠️ Cannot connect to API. Make sure it's running:")
-        print("   uvicorn backend.api.main:app --port 8000")
-        return None
-    except Exception as e:
-        print(f"\n❌ Error: {e}")
-        import traceback
-        traceback.print_exc()
-        return False
-
-
-def verify_rag_isolation():
-    """Verify RAG documents are isolated by tenant_id"""
-    print_section("Testing RAG Document Isolation")
-    
-    tenant1 = "verify_tenant1"
-    tenant2 = "verify_tenant2"
-    
-    try:
-        # Ingest documents for different tenants
-        print(f"\n1. Ingesting document for {tenant1}...")
-        response = requests.post(
-            f"{BASE_URL}/rag/ingest-document",
-            headers={"x-tenant-id": tenant1, "Content-Type": "application/json"},
-            json={
-                "content": "This is a confidential document for Tenant 1 only. Secret code: TENANT1_SECRET_12345",
-                "source_type": "raw_text"
-            },
-            timeout=10
-        )
-        print(f"   Status: {response.status_code}")
-        if response.status_code != 200:
-            print(f"   Error: {response.text}")
-        
-        print(f"\n2. Ingesting document for {tenant2}...")
-        response = requests.post(
-            f"{BASE_URL}/rag/ingest-document",
-            headers={"x-tenant-id": tenant2, "Content-Type": "application/json"},
-            json={
-                "content": "This is a confidential document for Tenant 2 only. Secret code: TENANT2_SECRET_67890",
-                "source_type": "raw_text"
-            },
-            timeout=10
-        )
-        print(f"   Status: {response.status_code}")
-        if response.status_code != 200:
-            print(f"   Error: {response.text}")
-        
-        # List documents for tenant1
-        print(f"\n3. Listing documents for {tenant1}...")
-        response = requests.get(
-            f"{BASE_URL}/rag/list",
-            headers={"x-tenant-id": tenant1},
-            timeout=5
-        )
-        tenant1_docs = response.json().get("documents", [])
-        print(f"   Found {len(tenant1_docs)} documents")
-        
-        # List documents for tenant2
-        print(f"\n4. Listing documents for {tenant2}...")
-        response = requests.get(
-            f"{BASE_URL}/rag/list",
-            headers={"x-tenant-id": tenant2},
-            timeout=5
-        )
-        tenant2_docs = response.json().get("documents", [])
-        print(f"   Found {len(tenant2_docs)} documents")
-        
-        # Search for tenant1's secret
-        print(f"\n5. Searching for tenant1's secret as tenant1...")
-        response = requests.post(
-            f"{BASE_URL}/rag/search",
-            headers={"x-tenant-id": tenant1, "Content-Type": "application/json"},
-            json={"query": "TENANT1_SECRET"},
-            timeout=10
-        )
-        tenant1_search = response.json()
-        
-        # Check only the result texts, not the entire JSON (which includes the query)
-        tenant1_results = tenant1_search.get("results", [])
-        tenant1_found = False
-        for result in tenant1_results:
-            result_text = result.get("text", "") or result.get("content", "") or str(result)
-            if "TENANT1_SECRET" in result_text:
-                tenant1_found = True
-                break
-        
-        print(f"   Found: {tenant1_found}")
-        if tenant1_results:
-            print(f"   Results count: {len(tenant1_results)}")
-            if tenant1_results:
-                print(f"   First result preview: {str(tenant1_results[0].get('text', ''))[:100]}...")
-        
-        # Search for tenant1's secret as tenant2 (should NOT find it)
-        print(f"\n6. Searching for tenant1's secret as tenant2 (should NOT find)...")
-        response = requests.post(
-            f"{BASE_URL}/rag/search",
-            headers={"x-tenant-id": tenant2, "Content-Type": "application/json"},
-            json={"query": "TENANT1_SECRET"},
-            timeout=10
-        )
-        tenant2_search = response.json()
-        
-        # Check results more carefully
-        tenant2_results = tenant2_search.get("results", [])
-        tenant2_found = False
-        tenant2_found_texts = []
-        
-        for result in tenant2_results:
-            result_text = result.get("text", "") or result.get("content", "") or str(result)
-            if "TENANT1_SECRET" in result_text:
-                tenant2_found = True
-                tenant2_found_texts.append(result_text[:100])
-        
-        print(f"   Found: {tenant2_found}")
-        print(f"   Results count: {len(tenant2_results)}")
-        if tenant2_results:
-            print(f"   First result preview: {str(tenant2_results[0])[:150]}")
-        if tenant2_found_texts:
-            print(f"   ⚠️ Found TENANT1_SECRET in {len(tenant2_found_texts)} result(s):")
-            for i, text in enumerate(tenant2_found_texts, 1):
-                print(f"      {i}. {text}...")
-        
-        # Verify isolation
-        print("\n7. Verifying isolation...")
-        if tenant1_found and not tenant2_found:
-            print("   ✅ Tenant1 can find their own secret")
-            print("   ✅ Tenant2 cannot find tenant1's secret")
-            print("\n✅ RAG Isolation: PASSED")
-            return True
-        elif tenant1_found and tenant2_found:
-            print("   ❌ Tenant2 can see tenant1's secret - ISOLATION FAILED!")
-            print(f"   Debug: tenant2 found {len(tenant2_found_texts)} result(s) containing TENANT1_SECRET")
-            print("\n❌ RAG Isolation: FAILED")
-            return False
-        else:
-            print("   ⚠️ Could not verify (may need RAG server running)")
-            print("\n⚠️ RAG Isolation: INCONCLUSIVE")
-            return None
-            
-    except requests.exceptions.ConnectionError:
-        print("\n⚠️ Cannot connect to API/RAG server. Make sure they're running:")
-        print("   uvicorn backend.api.main:app --port 8000")
-        print("   python backend/mcp_server/server.py")
-        return None
-    except Exception as e:
-        print(f"\n❌ Error: {e}")
-        import traceback
-        traceback.print_exc()
-        return False
-
-
-def verify_database_directly():
-    """Verify tenant_id in database directly"""
-    print_section("Verifying Database Directly")
-    
-    try:
-        from api.storage.analytics_store import AnalyticsStore
-        from api.storage.rules_store import RulesStore
-        
-        # Check analytics store
-        print("\n1. Checking Analytics Store...")
-        analytics = AnalyticsStore()
-        
-        # Log events for different tenants
-        analytics.log_tool_usage("db_verify_tenant1", "rag", latency_ms=100)
-        analytics.log_tool_usage("db_verify_tenant2", "web", latency_ms=200)
-        
-        # Get stats
-        tenant1_stats = analytics.get_tool_usage_stats("db_verify_tenant1")
-        tenant2_stats = analytics.get_tool_usage_stats("db_verify_tenant2")
-        
-        print(f"   Tenant1 stats: {list(tenant1_stats.keys())}")
-        print(f"   Tenant2 stats: {list(tenant2_stats.keys())}")
-        
-        # Check rules store
-        print("\n2. Checking Rules Store...")
-        rules = RulesStore()
-        
-        rules.add_rule("db_verify_tenant1", "Rule 1", severity="high")
-        rules.add_rule("db_verify_tenant2", "Rule 2", severity="low")
-        
-        tenant1_rules = rules.get_rules("db_verify_tenant1")
-        tenant2_rules = rules.get_rules("db_verify_tenant2")
-        
-        print(f"   Tenant1 rules: {tenant1_rules}")
-        print(f"   Tenant2 rules: {tenant2_rules}")
-        
-        # Verify isolation
-        print("\n3. Verifying isolation...")
-        tenant1_has_rule1 = "Rule 1" in tenant1_rules
-        tenant1_has_rule2 = "Rule 2" in tenant1_rules
-        tenant2_has_rule1 = "Rule 1" in tenant2_rules
-        tenant2_has_rule2 = "Rule 2" in tenant2_rules
-        
-        print(f"   Tenant1 has Rule 1: {tenant1_has_rule1} ✓")
-        print(f"   Tenant1 has Rule 2: {tenant1_has_rule2} {'✗ FAILED!' if tenant1_has_rule2 else '✓ PASSED'}")
-        print(f"   Tenant2 has Rule 1: {tenant2_has_rule1} {'✗ FAILED!' if tenant2_has_rule1 else '✓ PASSED'}")
-        print(f"   Tenant2 has Rule 2: {tenant2_has_rule2} ✓")
-        
-        if tenant1_has_rule1 and not tenant1_has_rule2 and not tenant2_has_rule1 and tenant2_has_rule2:
-            print("\n✅ Database Direct Verification: PASSED")
-            return True
-        else:
-            print("\n❌ Database Direct Verification: FAILED")
-            return False
-            
-    except Exception as e:
-        print(f"\n❌ Error: {e}")
-        import traceback
-        traceback.print_exc()
-        return False
-
-
-def main():
-    """Run all verification tests"""
-    print("\n" + "🔍" * 30)
-    print("Tenant ID Isolation Verification")
-    print("🔍" * 30)
-    
-    results = []
-    
-    # Test 1: Database direct verification (always runs, no API needed)
-    print("\n📊 Running database direct verification (no API required)...")
-    result = verify_database_directly()
-    if result is not None:
-        results.append(result)
-    
-    # Test 2: Admin rules isolation (requires API running)
-    print("\n📋 Testing admin rules isolation (requires API)...")
-    result = verify_admin_rules_isolation()
-    if result is not None:
-        results.append(result)
-    
-    # Test 3: Analytics isolation (requires API running)
-    print("\n📈 Testing analytics isolation (requires API)...")
-    result = verify_analytics_isolation()
-    if result is not None:
-        results.append(result)
-    
-    # Test 4: RAG isolation (requires API and RAG server running)
-    print("\n📚 Testing RAG document isolation (requires API + RAG server)...")
-    result = verify_rag_isolation()
-    if result is not None:
-        results.append(result)
-    
-    # Summary
-    print_section("Verification Summary")
-    passed = sum(1 for r in results if r is True)
-    failed = sum(1 for r in results if r is False)
-    total = len(results)
-    
-    print(f"\nTests Completed: {total}")
-    print(f"✅ Passed: {passed}")
-    print(f"❌ Failed: {failed}")
-    
-    if total == 0:
-        print("\n⚠️ No tests could run. Make sure services are running:")
-        print("   - API: uvicorn backend.api.main:app --port 8000")
-        print("   - MCP Server: python backend/mcp_server/server.py")
-    elif failed == 0 and passed > 0:
-        print("\n✅ All tenant isolation tests PASSED!")
-    elif failed > 0:
-        print("\n❌ Some tenant isolation tests FAILED!")
-    else:
-        print("\n⚠️ Some tests were inconclusive or skipped")
-
-
-if __name__ == "__main__":
-    main()
-