Feat: Added Visual Search, API Key Auth, and Docker Optimization

.dockerignore

@@ -1,3 +1,4 @@
+#  Docker Ignore File
 # Python
 __pycache__
 *.pyc

.gitignore

@@ -1,3 +1,5 @@
+# --- Git Ignore File---
+# --- Byte-compiled / optimized / DLL files ---
 # --- Security (Inhein kabhi upload mat karna) ---
 .env
 .env.local

Dockerfile

@@ -1,3 +1,4 @@
+# Dockerfile for Python FastAPI Application
 # 1. Base Image 
 FROM python:3.11-slim 
 

Procfile

@@ -1 +1,2 @@
+
 web: uvicorn backend.src.main:app --host 0.0.0.0 --port $PORT

backend/src/api/routes/auth.py

@@ -1,3 +1,4 @@
+# backend/src/api/routes/auth.py
 from fastapi import APIRouter, Depends, HTTPException, status
 from fastapi.security import OAuth2PasswordRequestForm
 from sqlalchemy.ext.asyncio import AsyncSession

backend/src/api/routes/chat.py

@@ -1,6 +1,66 @@
-from fastapi import APIRouter, Depends, HTTPException, Request
+# # backend/src/api/routes/chat.py
+# from fastapi import APIRouter, Depends, HTTPException, Request
+# from sqlalchemy.ext.asyncio import AsyncSession
+# from sqlalchemy.future import select
+# from backend.src.db.session import get_db
+# from backend.src.schemas.chat import ChatRequest, ChatResponse
+# from backend.src.services.chat_service import process_chat
+# from backend.src.models.user import User
+
+# router = APIRouter()
+
+# @router.post("/chat", response_model=ChatResponse)
+# async def chat_endpoint(
+#     request_body: ChatRequest, 
+#     request: Request, # Browser headers read karne ke liye
+#     db: AsyncSession = Depends(get_db)
+# ):
+#     try:
+#         # 1. API Key se Bot Owner (User) ko dhoondo
+#         stmt = select(User).where(User.api_key == request_body.api_key)
+#         result = await db.execute(stmt)
+#         bot_owner = result.scalars().first()
+
+#         if not bot_owner:
+#             raise HTTPException(status_code=401, detail="Invalid API Key. Unauthorized access.")
+
+#         # 2. DOMAIN LOCK LOGIC (Whitelisting)
+#         # Browser automatically 'origin' ya 'referer' header bhejta hai
+#         client_origin = request.headers.get("origin") or request.headers.get("referer") or ""
+        
+#         if bot_owner.allowed_domains != "*":
+#             allowed = [d.strip() for d in bot_owner.allowed_domains.split(",")]
+#             # Check if client_origin contains any of the allowed domains
+#             is_authorized = any(domain in client_origin for domain in allowed)
+            
+#             if not is_authorized:
+#                 print(f"🚫 Blocked unauthorized domain: {client_origin}")
+#                 raise HTTPException(status_code=403, detail="Domain not authorized to use this bot.")
+
+#         # 3. Process Chat (Using the bot_owner's credentials)
+#         session_id = request_body.session_id or f"guest_{bot_owner.id}"
+        
+#         response_text = await process_chat(
+#             message=request_body.message,
+#             session_id=session_id,
+#             user_id=str(bot_owner.id), # Owner ki ID use hogi DB lookup ke liye
+#             db=db
+#         )
+        
+#         return ChatResponse(
+#             response=response_text,
+#             session_id=session_id,
+#             provider="omni_agent" 
+#         )
+        
+#     except HTTPException as he: raise he
+#     except Exception as e:
+#         print(f"❌ Chat Error: {e}")
+#         raise HTTPException(status_code=500, detail="AI Service Interrupted.")
+from fastapi import APIRouter, Depends, HTTPException, Request, status
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.future import select
+
 from backend.src.db.session import get_db
 from backend.src.schemas.chat import ChatRequest, ChatResponse
 from backend.src.services.chat_service import process_chat
@@ -8,6 +68,31 @@ from backend.src.models.user import User
 
 router = APIRouter()
 
+# --- HELPER: DOMAIN SECURITY (Standardized) ---
+def verify_domain_access(user: User, request: Request):
+    """
+    Checks if the incoming request is from an allowed domain.
+    """
+    # 1. Browser headers check karein
+    client_origin = request.headers.get("origin") or request.headers.get("referer") or ""
+    
+    # 2. Agar user ne "*" set kiya hai, to sab allow hai
+    if user.allowed_domains == "*":
+        return True
+        
+    # 3. Allowed domains ki list banao
+    allowed = [d.strip() for d in user.allowed_domains.split(",")]
+    
+    # 4. Check karo ke origin match karta hai ya nahi
+    is_authorized = any(domain in client_origin for domain in allowed)
+    
+    if not is_authorized:
+        print(f"🚫 [Chat Security] Blocked unauthorized domain: {client_origin}")
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN, 
+            detail="Domain not authorized to use this bot."
+        )
+
 @router.post("/chat", response_model=ChatResponse)
 async def chat_endpoint(
     request_body: ChatRequest, 
@@ -15,28 +100,29 @@ async def chat_endpoint(
     db: AsyncSession = Depends(get_db)
 ):
     try:
-        # 1. API Key se Bot Owner (User) ko dhoondo
+        # 1. AUTH: API Key se Bot Owner (User) ko dhoondo
+        # (Note: Chat Widget Body mein key bhejta hai, isliye hum Header wala dependency use nahi kar rahe yahan)
         stmt = select(User).where(User.api_key == request_body.api_key)
         result = await db.execute(stmt)
         bot_owner = result.scalars().first()
 
         if not bot_owner:
-            raise HTTPException(status_code=401, detail="Invalid API Key. Unauthorized access.")
-
-        # 2. DOMAIN LOCK LOGIC (Whitelisting)
-        # Browser automatically 'origin' ya 'referer' header bhejta hai
-        client_origin = request.headers.get("origin") or request.headers.get("referer") or ""
+            raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED, 
+                detail="Invalid API Key. Unauthorized access."
+            )
         
-        if bot_owner.allowed_domains != "*":
-            allowed = [d.strip() for d in bot_owner.allowed_domains.split(",")]
-            # Check if client_origin contains any of the allowed domains
-            is_authorized = any(domain in client_origin for domain in allowed)
-            
-            if not is_authorized:
-                print(f"🚫 Blocked unauthorized domain: {client_origin}")
-                raise HTTPException(status_code=403, detail="Domain not authorized to use this bot.")
+        # Check if user is active
+        if not bot_owner.is_active:
+             raise HTTPException(
+                status_code=status.HTTP_401_UNAUTHORIZED, 
+                detail="Bot owner account is inactive."
+            )
+
+        # 2. SECURITY: Domain Lock Check 🔐
+        verify_domain_access(bot_owner, request)
 
-        # 3. Process Chat (Using the bot_owner's credentials)
+        # 3. PROCESS: Chat Logic (Using the bot_owner's credentials)
         session_id = request_body.session_id or f"guest_{bot_owner.id}"
         
         response_text = await process_chat(

backend/src/api/routes/deps.py

@@ -1,4 +1,50 @@
-from fastapi import Depends, HTTPException, status
+# # backend/src/api/routes/deps.py
+# from fastapi import Depends, HTTPException, status
+# from fastapi.security import OAuth2PasswordBearer
+# from jose import jwt, JWTError
+# from sqlalchemy.ext.asyncio import AsyncSession
+# from sqlalchemy.future import select
+
+# from backend.src.core.config import settings
+# from backend.src.db.session import get_db
+# from backend.src.models.user import User
+# from backend.src.utils.auth import ALGORITHM
+
+# # Ye Swagger UI ko batata hai ke Token kahan se lena hai (/auth/login se)
+# oauth2_scheme = OAuth2PasswordBearer(tokenUrl=f"{settings.API_V1_STR}/auth/login")
+
+# async def get_current_user(
+#     token: str = Depends(oauth2_scheme), 
+#     db: AsyncSession = Depends(get_db)
+# ) -> User:
+#     """
+#     Ye function har protected route se pehle chalega.
+#     Ye Token ko verify karega aur Database se User nikal kar dega.
+#     """
+#     credentials_exception = HTTPException(
+#         status_code=status.HTTP_401_UNAUTHORIZED,
+#         detail="Could not validate credentials",
+#         headers={"WWW-Authenticate": "Bearer"},
+#     )
+    
+#     try:
+#         # Token Decode karo
+#         payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[ALGORITHM])
+#         user_id: str = payload.get("sub")
+#         if user_id is None:
+#             raise credentials_exception
+#     except JWTError:
+#         raise credentials_exception
+        
+#     # Database mein User check karo
+#     result = await db.execute(select(User).where(User.id == int(user_id)))
+#     user = result.scalars().first()
+    
+#     if user is None:
+#         raise credentials_exception
+        
+#     return user
+from fastapi import Depends, HTTPException, status, Header
 from fastapi.security import OAuth2PasswordBearer
 from jose import jwt, JWTError
 from sqlalchemy.ext.asyncio import AsyncSession
@@ -10,15 +56,18 @@ from backend.src.models.user import User
 from backend.src.utils.auth import ALGORITHM
 
 # Ye Swagger UI ko batata hai ke Token kahan se lena hai (/auth/login se)
+# Ye Dashboard access ke liye zaroori hai
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl=f"{settings.API_V1_STR}/auth/login")
 
+# ============================================================
+# 1. JWT AUTHENTICATION (For Dashboard / Settings Access)
+# ============================================================
 async def get_current_user(
     token: str = Depends(oauth2_scheme), 
     db: AsyncSession = Depends(get_db)
 ) -> User:
     """
-    Ye function har protected route se pehle chalega.
-    Ye Token ko verify karega aur Database se User nikal kar dega.
+    Ye function Internal Dashboard ke liye hai (Login required).
     """
     credentials_exception = HTTPException(
         status_code=status.HTTP_401_UNAUTHORIZED,
@@ -42,4 +91,43 @@ async def get_current_user(
     if user is None:
         raise credentials_exception
         
+    return user
+
+# ============================================================
+# 2. API KEY AUTHENTICATION (For Public Widgets: Chat/Visual) 🔐
+# ============================================================
+async def get_current_user_by_api_key(
+    # Frontend se header aayega: 'x-api-key: omni_abcdef...'
+    api_key_header: str = Header(..., alias="x-api-key"), 
+    db: AsyncSession = Depends(get_db)
+) -> User:
+    """
+    Ye function External Widgets (Chatbot, Visual Search) ke liye hai.
+    Ye JWT nahi maangta, sirf API Key maangta hai.
+    """
+    if not api_key_header:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED, 
+            detail="API Key missing in header"
+        )
+
+    # 1. Database mein API Key check karo
+    # Hum 'User' table mein dhoond rahe hain jiske paas ye key ho
+    stmt = select(User).where(User.api_key == api_key_header)
+    result = await db.execute(stmt)
+    user = result.scalars().first()
+    
+    # 2. Validation
+    if user is None:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="Invalid API Key provided."
+        )
+    
+    if not user.is_active:
+        raise HTTPException(
+            status_code=status.HTTP_401_UNAUTHORIZED,
+            detail="User account is inactive."
+        )
+        
     return user

backend/src/api/routes/ingestion.py

@@ -1,3 +1,4 @@
+# backend/src/api/routes/ingestion.py
 import os
 import shutil
 from fastapi import APIRouter, UploadFile, File, HTTPException, Form, BackgroundTasks, Depends

backend/src/api/routes/settings.py

@@ -1,4 +1,4 @@
-
+# backend/src/api/routes/settings.py
 # ---  ---
 import json
 from fastapi import APIRouter, Depends, HTTPException, status

backend/src/api/routes/visual.py

@@ -0,0 +1,456 @@
+# # backend/src/api/routes/visual.py
+# import json
+# import asyncio
+# from fastapi import (
+#     APIRouter,
+#     Depends,
+#     UploadFile,
+#     File,
+#     HTTPException,
+#     BackgroundTasks
+# )
+# from sqlalchemy.ext.asyncio import AsyncSession
+# from sqlalchemy.future import select
+# from qdrant_client import QdrantClient
+# from qdrant_client.http import models
+
+# # =========================
+# # Auth & DB Imports
+# # =========================
+# from backend.src.api.routes.deps import get_current_user
+# from backend.src.db.session import get_db, AsyncSessionLocal
+# from backend.src.models.user import User
+# from backend.src.models.integration import UserIntegration
+# from backend.src.models.ingestion import IngestionJob, JobStatus
+
+# # =========================
+# # Visual Services
+# # =========================
+# from backend.src.services.visual.engine import get_image_embedding
+# from backend.src.services.visual.agent import run_visual_sync
+
+# router = APIRouter()
+
+# # ======================================================
+# # 1. VISUAL SYNC (BACKGROUND)
+# # ======================================================
+# @router.post("/visual/sync")
+# async def trigger_visual_sync(
+#     background_tasks: BackgroundTasks,
+#     db: AsyncSession = Depends(get_db),
+#     current_user: User = Depends(get_current_user)
+# ):
+#     try:
+#         job = IngestionJob(
+#             session_id=f"visual_sync_{current_user.id}",
+#             ingestion_type="visual_sync",
+#             source_name="Store Integration (Visual)",
+#             status=JobStatus.PENDING,
+#             total_items=0,
+#             items_processed=0
+#         )
+
+#         db.add(job)
+#         await db.commit()
+#         await db.refresh(job)
+
+#         background_tasks.add_task(
+#             run_visual_sync,
+#             str(current_user.id),
+#             job.id,
+#             AsyncSessionLocal
+#         )
+
+#         return {
+#             "status": "processing",
+#             "message": "Visual Sync started successfully.",
+#             "job_id": job.id
+#         }
+
+#     except Exception as e:
+#         print(f"❌ Visual Sync Failed: {e}")
+#         raise HTTPException(status_code=500, detail=str(e))
+
+
+# # ======================================================
+# # 2. VISUAL SEARCH (QDRANT 1.16.1 – DEDUPLICATED)
+# # ======================================================
+# @router.post("/visual/search")
+# async def search_visual_products(
+#     file: UploadFile = File(...),
+#     db: AsyncSession = Depends(get_db),
+#     current_user: User = Depends(get_current_user)
+# ):
+#     """
+#     Image → Embedding → Qdrant query_points → Unique Results
+#     """
+
+#     # ----------------------------------
+#     # 1. Load Qdrant Integration
+#     # ----------------------------------
+#     stmt = select(UserIntegration).where(
+#         UserIntegration.user_id == str(current_user.id),
+#         UserIntegration.provider == "qdrant",
+#         UserIntegration.is_active == True
+#     )
+
+#     result = await db.execute(stmt)
+#     integration = result.scalars().first()
+
+#     if not integration:
+#         raise HTTPException(
+#             status_code=400,
+#             detail="Qdrant integration not found."
+#         )
+
+#     try:
+#         creds = json.loads(integration.credentials)
+#         qdrant_url = creds["url"]
+#         qdrant_key = creds["api_key"]
+#         collection_name = "visual_search_products"
+#     except Exception:
+#         raise HTTPException(
+#             status_code=500,
+#             detail="Invalid Qdrant credentials format."
+#         )
+
+#     # ----------------------------------
+#     # 2. Image → Vector
+#     # ----------------------------------
+#     try:
+#         image_bytes = await file.read()
+#         vector = get_image_embedding(image_bytes)
+
+#         if not vector:
+#             raise ValueError("Empty embedding returned")
+#     except Exception as e:
+#         raise HTTPException(
+#             status_code=400,
+#             detail=f"Image processing failed: {e}"
+#         )
+
+#     # ----------------------------------
+#     # 3. Qdrant Search (query_points)
+#     # ----------------------------------
+#     try:
+#         def run_search():
+#             client = QdrantClient(
+#                 url=qdrant_url,
+#                 api_key=qdrant_key
+#             )
+
+#             # NOTE: Limit increased to 25 to ensure we have enough results 
+#             # after removing duplicates (variants with same image).
+#             return client.query_points(
+#                 collection_name=collection_name,
+#                 query=vector,
+#                 limit=25,
+#                 with_payload=True,
+#                 query_filter=models.Filter(
+#                     must=[
+#                         models.FieldCondition(
+#                             key="user_id",
+#                             match=models.MatchValue(
+#                                 value=str(current_user.id)
+#                             )
+#                         )
+#                     ]
+#                 )
+#             )
+
+#         # Execute search in thread
+#         search_response = await asyncio.to_thread(run_search)
+        
+#         # Get points from response object
+#         hits = search_response.points
+
+#         # ----------------------------------
+#         # 4. Format & Remove Duplicates
+#         # ----------------------------------
+#         results = []
+#         seen_products = set()  # To track unique product IDs
+
+#         for hit in hits:
+#             if hit.score < 0.50:
+#                 continue
+
+#             payload = hit.payload or {}
+#             product_id = payload.get("product_id")
+
+#             # ✅ DUPLICATE CHECK:
+#             # Agar ye product ID pehle aa chuka hai (higher score ke sath),
+#             # toh is wale ko skip karo.
+#             if product_id in seen_products:
+#                 continue
+            
+#             seen_products.add(product_id)
+
+#             results.append({
+#                 "product_id": product_id,
+#                 "slug": payload.get("slug"),
+#                 "image_path": payload.get("image_url"),
+#                 "similarity": hit.score
+#             })
+
+#             # Optional: Limit final output to top 10 unique products
+#             if len(results) >= 10:
+#                 break
+
+#         return {"results": results}
+
+#     except Exception as e:
+#         print(f"❌ Visual Search Failed: {e}")
+
+#         msg = str(e)
+#         if "dimension" in msg.lower():
+#             msg = "Vector dimension mismatch. Please re-run Visual Sync."
+#         if "not found" in msg.lower():
+#             msg = "Visual search collection not found. Run Sync first."
+
+#         raise HTTPException(status_code=500, detail=msg)
+import json
+import asyncio
+from fastapi import (
+    APIRouter,
+    Depends,
+    UploadFile,
+    File,
+    HTTPException,
+    BackgroundTasks,
+    Request,  # <--- NEW: Request object for headers/origin check
+    status
+)
+from sqlalchemy.ext.asyncio import AsyncSession
+from sqlalchemy.future import select
+from qdrant_client import QdrantClient
+from qdrant_client.http import models
+
+# =========================
+# Auth & DB Imports
+# =========================
+# 👇 Change: Humne naya auth method import kiya
+from backend.src.api.routes.deps import get_current_user, get_current_user_by_api_key
+from backend.src.db.session import get_db, AsyncSessionLocal
+from backend.src.models.user import User
+from backend.src.models.integration import UserIntegration
+from backend.src.models.ingestion import IngestionJob, JobStatus
+
+# =========================
+# Visual Services
+# =========================
+from backend.src.services.visual.engine import get_image_embedding
+from backend.src.services.visual.agent import run_visual_sync
+
+router = APIRouter()
+
+# ======================================================
+# HELPER: DOMAIN LOCK SECURITY 🔐
+# ======================================================
+def check_domain_authorization(user: User, request: Request):
+    """
+    Check if the request is coming from an allowed domain.
+    Logic copied from chat.py for consistency.
+    """
+    # 1. Browser headers check karein
+    client_origin = request.headers.get("origin") or request.headers.get("referer") or ""
+    
+    # 2. Agar user ne "*" set kiya hai, to sab allow hai
+    if user.allowed_domains == "*":
+        return True
+        
+    # 3. Allowed domains ki list banao
+    allowed = [d.strip() for d in user.allowed_domains.split(",")]
+    
+    # 4. Check karo ke origin match karta hai ya nahi
+    is_authorized = any(domain in client_origin for domain in allowed)
+    
+    if not is_authorized:
+        print(f"🚫 [Visual Security] Blocked unauthorized domain: {client_origin}")
+        raise HTTPException(
+            status_code=status.HTTP_403_FORBIDDEN, 
+            detail="Domain not authorized to use this API."
+        )
+
+# ======================================================
+# 1. VISUAL SYNC (Dashboard Only - Uses JWT)
+# ======================================================
+@router.post("/visual/sync")
+async def trigger_visual_sync(
+    background_tasks: BackgroundTasks,
+    db: AsyncSession = Depends(get_db),
+    # NOTE: Sync humesha Dashboard se hota hai, isliye JWT (get_current_user) rakha hai.
+    current_user: User = Depends(get_current_user)
+):
+    try:
+        job = IngestionJob(
+            session_id=f"visual_sync_{current_user.id}",
+            ingestion_type="visual_sync",
+            source_name="Store Integration (Visual)",
+            status=JobStatus.PENDING,
+            total_items=0,
+            items_processed=0
+        )
+
+        db.add(job)
+        await db.commit()
+        await db.refresh(job)
+
+        background_tasks.add_task(
+            run_visual_sync,
+            str(current_user.id),
+            job.id,
+            AsyncSessionLocal
+        )
+
+        return {
+            "status": "processing",
+            "message": "Visual Sync started successfully.",
+            "job_id": job.id
+        }
+
+    except Exception as e:
+        print(f"❌ Visual Sync Failed: {e}")
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+# ======================================================
+# 2. VISUAL SEARCH (Public Widget - Uses API Key + Domain Lock)
+# ======================================================
+@router.post("/visual/search")
+async def search_visual_products(
+    request: Request, # <--- Browser Request Access
+    file: UploadFile = File(...),
+    db: AsyncSession = Depends(get_db),
+    # 🔥 CHANGE: Ab ye API Key se authenticate hoga (Widget Friendly)
+    current_user: User = Depends(get_current_user_by_api_key)
+):
+    """
+    Image → Embedding → Qdrant query_points → Unique Results
+    Secured by API Key & Domain Lock.
+    """
+    
+    # 🔒 1. Domain Security Check
+    check_domain_authorization(current_user, request)
+
+    # ----------------------------------
+    # 2. Load Qdrant Integration
+    # ----------------------------------
+    stmt = select(UserIntegration).where(
+        UserIntegration.user_id == str(current_user.id),
+        UserIntegration.provider == "qdrant",
+        UserIntegration.is_active == True
+    )
+
+    result = await db.execute(stmt)
+    integration = result.scalars().first()
+
+    if not integration:
+        raise HTTPException(
+            status_code=400,
+            detail="Qdrant integration not found."
+        )
+
+    try:
+        creds = json.loads(integration.credentials)
+        qdrant_url = creds["url"]
+        qdrant_key = creds["api_key"]
+       # 🔥 CHANGE: Look for 'visual_collection_name' specifically
+        # This prevents conflict with Chat's 'collection_name'
+        collection_name = creds.get("visual_collection_name", "visual_search_products")
+    except Exception:
+        raise HTTPException(
+            status_code=500,
+            detail="Invalid Qdrant credentials format."
+        )
+
+    # ----------------------------------
+    # 3. Image → Vector
+    # ----------------------------------
+    try:
+        image_bytes = await file.read()
+        vector = get_image_embedding(image_bytes)
+
+        if not vector:
+            raise ValueError("Empty embedding returned")
+    except Exception as e:
+        raise HTTPException(
+            status_code=400,
+            detail=f"Image processing failed: {e}"
+        )
+
+    # ----------------------------------
+    # 4. Qdrant Search (query_points)
+    # ----------------------------------
+    try:
+        def run_search():
+            client = QdrantClient(
+                url=qdrant_url,
+                api_key=qdrant_key
+            )
+
+            # Limit 25 taake duplicates hatane ke baad bhi kafi results bachein
+            return client.query_points(
+                collection_name=collection_name,
+                query=vector,
+                limit=25,
+                with_payload=True,
+                query_filter=models.Filter(
+                    must=[
+                        models.FieldCondition(
+                            key="user_id",
+                            match=models.MatchValue(
+                                value=str(current_user.id)
+                            )
+                        )
+                    ]
+                )
+            )
+
+        # Execute search in thread
+        search_response = await asyncio.to_thread(run_search)
+        
+        # Get points from response object
+        hits = search_response.points
+
+        # ----------------------------------
+        # 5. Format & Remove Duplicates
+        # ----------------------------------
+        results = []
+        seen_products = set()  # To track unique product IDs
+
+        for hit in hits:
+            if hit.score < 0.50:
+                continue
+
+            payload = hit.payload or {}
+            product_id = payload.get("product_id")
+
+            # ✅ DUPLICATE CHECK
+            if product_id in seen_products:
+                continue
+            
+            seen_products.add(product_id)
+
+            results.append({
+                "product_id": product_id,
+                "slug": payload.get("slug"),
+                "image_path": payload.get("image_url"),
+                "similarity": hit.score
+            })
+
+            # Optional: Limit final output to top 10 unique products
+            if len(results) >= 10:
+                break
+
+        return {"results": results}
+
+    except Exception as e:
+        print(f"❌ Visual Search Failed: {e}")
+
+        msg = str(e)
+        if "dimension" in msg.lower():
+            msg = "Vector dimension mismatch. Please re-run Visual Sync."
+        if "not found" in msg.lower():
+            msg = "Visual search collection not found. Run Sync first."
+
+        raise HTTPException(status_code=500, detail=msg)

backend/src/core/config.py

@@ -1,3 +1,4 @@
+# backend/src/core/config.py
 # --- EXTERNAL IMPORTS ---
 import os
 from pydantic_settings import BaseSettings, SettingsConfigDict

backend/src/db/session.py

@@ -1,23 +1,31 @@
-# --- EXTERNAL IMPORTS ---
 from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession, async_sessionmaker
-from sqlalchemy import create_engine
 from backend.src.core.config import settings
 
 # Connection Arguments
 connect_args = {}
+
+# Agar Postgres hai, to command timeout badha do
+if "postgresql" in settings.DATABASE_URL:
+    connect_args = {
+        "command_timeout": 60, # 60 seconds tak wait karega query ka
+        "server_settings": {
+            "jit": "off" # JIT compilation off karne se kabhi kabhi speed fast hoti hai
+        }
+    }
+
 if "sqlite" in settings.DATABASE_URL:
     connect_args = {"check_same_thread": False}
 
-# --- ROBUST ENGINE CREATION (The Fix) ---
-# Ye settings Neon/Serverless ke liye best hain
+# --- ROBUST ENGINE CREATION ---
 engine = create_async_engine(
     settings.DATABASE_URL,
     echo=False,
     connect_args=connect_args,
-    pool_size=5,  # 5 connections ka pool rakho
-    max_overflow=10, # Agar zaroorat pade to 10 aur bana lo
-    pool_recycle=300, # Har 5 minute (300s) mein purane connections ko refresh karo (Sleep issue fix)
-    pool_pre_ping=True, # Har query se pehle check karo ke connection zinda hai ya nahi
+    pool_size=20,         # Pool size badhaya (Load handle karne ke liye)
+    max_overflow=40,      # Overflow badhaya
+    pool_recycle=300,     # Refresh every 5 mins
+    pool_pre_ping=True,   # Connection check before query
+    pool_timeout=60       # 🔥 Timeout aur badha diya (30s -> 60s)
 )
 
 # Session Maker
@@ -33,5 +41,15 @@ async def get_db():
     async with AsyncSessionLocal() as session:
         try:
             yield session
+        except Exception:
+            # Agar koi logic error aaye to rollback karein
+            await session.rollback()
+            raise
         finally:
-            await session.close()
+            # 🔥 FIX: Graceful Cleanup
+            # Agar connection pehle hi close ho gaya ho (heavy load ki wajah se),
+            # to dobara close karne par crash na ho.
+            try:
+                await session.close()
+            except Exception:
+                pass

backend/src/init_db.py

@@ -1,3 +1,4 @@
+# backend/src/init_db.py
 import asyncio
 from backend.src.db.session import engine
 from backend.src.db.base import Base

backend/src/main.py

@@ -1,13 +1,22 @@
+# backend/src/main.py
 # --- EXTERNAL IMPORTS ---
 import os
+import asyncio
+import sys # <--- 1. Import asyncio
 from fastapi import FastAPI
 from fastapi.staticfiles import StaticFiles # <--- New Import
 from fastapi.middleware.cors import CORSMiddleware
 from backend.src.core.config import settings
-
+from backend.src.api.routes import visual
 # --- API Route Imports ---
 from backend.src.api.routes import chat, ingestion, auth, settings as settings_route
 
+# ==========================================
+# 🔥 WINDOWS FIX FOR DB TIMEOUTS 🔥
+# ==========================================
+if sys.platform.startswith("win"):
+    asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())
+
 # 1. App Initialize karein
 app = FastAPI(
     title=settings.PROJECT_NAME,
@@ -47,6 +56,7 @@ app.include_router(auth.router, prefix=settings.API_V1_STR, tags=["Authenticatio
 app.include_router(settings_route.router, prefix=settings.API_V1_STR, tags=["User Settings"])
 app.include_router(chat.router, prefix=settings.API_V1_STR, tags=["Chat"])
 app.include_router(ingestion.router, prefix=settings.API_V1_STR, tags=["Ingestion"])
+app.include_router(visual.router, prefix=settings.API_V1_STR, tags=["Visual Search"])
 
 if __name__ == "__main__":
     import uvicorn

backend/src/models/ingestion.py

@@ -1,3 +1,4 @@
+# backend/src/models/ingestion.py
 from sqlalchemy import Column, Integer, String, Text, DateTime, Enum, JSON # <--- JSON import karein
 from sqlalchemy.sql import func
 import enum

backend/src/models/integration.py

@@ -1,4 +1,4 @@
-
+# backend/src/models/integration.py
 from sqlalchemy import Column, Integer, String, Text, Boolean, JSON, DateTime
 from sqlalchemy.sql import func
 from backend.src.db.base import Base

backend/src/models/user.py

@@ -1,3 +1,4 @@
+# backend/src/models/user.py
 from sqlalchemy import Column, Integer, String, DateTime, Boolean, Text
 from sqlalchemy.sql import func
 from backend.src.db.base import Base

backend/src/schemas/chat.py

@@ -1,3 +1,4 @@
+# backend/src/schemas/chat.py
 from pydantic import BaseModel
 from typing import Optional
 

backend/src/services/chat_service.py

@@ -1,4 +1,5 @@
 
+# # backend/src/services/chat_service.py
 # import json
 # from sqlalchemy.ext.asyncio import AsyncSession
 # from sqlalchemy.future import select
@@ -6,7 +7,7 @@
 # # --- Model Imports ---
 # from backend.src.models.chat import ChatHistory
 # from backend.src.models.integration import UserIntegration
-# from backend.src.models.user import User  # Added User model for Bot Persona
+# from backend.src.models.user import User 
 
 # # --- Dynamic Factory & Tool Imports ---
 # from backend.src.services.llm.factory import get_llm_model
@@ -44,7 +45,6 @@
 #             creds['provider'] = i.provider
 #             creds['schema_map'] = i.schema_map if i.schema_map else {}
             
-#             # --- STRICT CHECK ---
 #             if i.profile_description:
 #                 creds['description'] = i.profile_description
             
@@ -74,7 +74,6 @@
 # async def get_bot_persona(user_id: str, db: AsyncSession):
 #     """Fetches custom Bot Name and Instructions from User table."""
 #     try:
-#         # User ID ko int mein convert karke query karein
 #         stmt = select(User).where(User.id == int(user_id))
 #         result = await db.execute(stmt)
 #         user = result.scalars().first()
@@ -88,17 +87,16 @@
 #         print(f"⚠️ Error fetching persona: {e}")
 #         pass
     
-#     # Fallback Default Persona
 #     return {"name": "OmniAgent", "instruction": "You are a helpful AI assistant."}
 
 # # ==========================================
-# # MAIN CHAT LOGIC
+# # MAIN CHAT LOGIC (Ultra-Strict Isolated Mode)
 # # ==========================================
 # async def process_chat(message: str, session_id: str, user_id: str, db: AsyncSession):
     
 #     # 1. Fetch User Settings & Persona
 #     user_settings = await get_user_integrations(user_id, db)
-#     bot_persona = await get_bot_persona(user_id, db) # <--- Persona Load kiya
+#     bot_persona = await get_bot_persona(user_id, db)
     
 #     # 2. LLM Check
 #     llm_creds = user_settings.get('groq') or user_settings.get('openai')
@@ -115,13 +113,13 @@
 #     # 4. SEMANTIC DECISION (Router)
 #     selected_provider = None
 #     if tools_map:
-#         router = SemanticRouter() # Singleton Instance
+#         router = SemanticRouter() 
 #         selected_provider = router.route(message, tools_map)
     
 #     response_text = ""
 #     provider_name = "general_chat"
 
-#     # 5. Route to Winner
+#     # 5. Route to Winner (Agent Execution)
 #     if selected_provider:
 #         print(f"👉 [Router] Selected Tool: {selected_provider.upper()}")
 #         try:
@@ -145,18 +143,16 @@
 #                 response_text = str(res.get('output', ''))
 #                 provider_name = "nosql_agent"
 
-#             # Anti-Hallucination
 #             if not response_text or "error" in response_text.lower():
-#                 print(f"⚠️ [Router] Tool {selected_provider} failed. Triggering Fallback.")
 #                 response_text = "" 
 
 #         except Exception as e:
-#             print(f"❌ [Router] Execution Failed: {e}")
+#             print(f"❌ Agent Execution Failed: {e}")
 #             response_text = "" 
 
-#     # 6. Fallback / RAG (Using Custom Persona)
+#     # 6. Fallback / RAG (ULTRA-STRICT MODE 🛡️)
 #     if not response_text:
-#         print("👉 [Router] Fallback to RAG/General Chat...")
+#         print("👉 [Router] Executing Strict RAG Fallback...")
 #         try:
 #             llm = get_llm_model(credentials=llm_creds)
             
@@ -171,15 +167,26 @@
 #                 except Exception as e:
 #                     print(f"⚠️ RAG Warning: {e}")
             
-#             # --- 🔥 DYNAMIC SYSTEM PROMPT ---
+#             # --- 🔥 THE ULTRA-STRICT SYSTEM PROMPT ---
 #             system_instruction = f"""
-#             IDENTITY: You are '{bot_persona['name']}'.
-#             MISSION: {bot_persona['instruction']}
-            
+#             SYSTEM IDENTITY: 
+#             You are the '{bot_persona['name']}'. You are a 'Knowledge-Isolated' AI Assistant for this specific platform.
+
+#             CORE MISSION:
+#             Your ONLY source of truth is the 'CONTEXT FROM KNOWLEDGE BASE' provided below. 
+#             You must ignore ALL of your internal pre-trained general knowledge about the world, geography, famous people, or general facts.
+
+#             STRICT OPERATING RULES:
+#             1. MANDATORY REFUSAL: If the user's question cannot be answered using ONLY the provided context, you MUST exactly say: "I apologize, but I am only authorized to provide information based on the provided database. This specific information is not currently available in my knowledge base."
+#             2. NO HALLUCINATION: Never attempt to be helpful using outside information. If a fact (like 'Japan's location') is not in the context, you do NOT know it.
+#             3. CONTEXT-ONLY: Your existence is bounded by the data below. If the data is empty, you cannot answer anything except greetings.
+#             4. GREETINGS: You may respond to 'Hi' or 'Hello' by briefly identifying yourself as '{bot_persona['name']}' and asking what data the user is looking for.
+#             5. PROHIBITED TOPICS: Do not discuss any topic that is not present in the provided context.
+
 #             CONTEXT FROM KNOWLEDGE BASE:
-#             {context if context else "No specific documents found."}
-            
-#             Answer the user's question based on the context above or your general knowledge if permitted by your mission.
+#             ---------------------------
+#             {context if context else "THE DATABASE IS CURRENTLY EMPTY. DO NOT PROVIDE ANY INFORMATION."}
+#             ---------------------------
 #             """
 
 #             # History Load
@@ -189,7 +196,7 @@
 #                 formatted_history.append(HumanMessage(content=chat.human_message))
 #                 if chat.ai_message: formatted_history.append(AIMessage(content=chat.ai_message))
 
-#             # LLM Call
+#             # LLM Chain Setup
 #             prompt = ChatPromptTemplate.from_messages([
 #                 ("system", system_instruction),
 #                 MessagesPlaceholder(variable_name="chat_history"),
@@ -203,7 +210,7 @@
 
 #         except Exception as e:
 #             print(f"❌ Fallback Error: {e}")
-#             response_text = "I am currently unable to process your request. Please check your AI configuration."
+#             response_text = "I apologize, but I am currently unable to process your request due to a system error."
 
 #     # 7. Save to DB
 #     await save_chat_to_db(db, session_id, message, response_text, provider_name)
@@ -211,6 +218,7 @@
 import json
 from sqlalchemy.ext.asyncio import AsyncSession
 from sqlalchemy.future import select
+from qdrant_client.http import models # <--- NEW IMPORT (Filter ke liye)
 
 # --- Model Imports ---
 from backend.src.models.chat import ChatHistory
@@ -369,7 +377,28 @@ async def process_chat(message: str, session_id: str, user_id: str, db: AsyncSes
             if 'qdrant' in user_settings:
                 try:
                     vector_store = get_vector_store(credentials=user_settings['qdrant'])
-                    docs = await vector_store.asimilarity_search(message, k=3)
+                    
+                    # 🔥 SECURITY FIX: FILTER BY USER_ID 🔥
+                    # Hum ensure kar rahe hain ke LangChain sirf ISI USER ka data uthaye.
+                    # QdrantAdapter mein humne metadata_payload_key="metadata" set kiya tha.
+                    # Isliye key "metadata.user_id" hogi.
+                    
+                    user_filter = models.Filter(
+                        must=[
+                            models.FieldCondition(
+                                key="metadata.user_id",
+                                match=models.MatchValue(value=str(user_id))
+                            )
+                        ]
+                    )
+
+                    # Ab search mein filter pass karein
+                    docs = await vector_store.asimilarity_search(
+                        message, 
+                        k=3, 
+                        filter=user_filter
+                    )
+                    
                     if docs:
                         context = "\n\n".join([d.page_content for d in docs])
                 except Exception as e:

backend/src/services/connectors/base.py

@@ -1,3 +1,4 @@
+# backend/src/services/connectors/base.py
 from abc import ABC, abstractmethod
 from typing import List, Dict, Any, Optional
 

backend/src/services/connectors/cms_base.py

@@ -1,3 +1,4 @@
+# backend/src/services/connectors/cms_base.py
 from abc import ABC, abstractmethod
 from typing import Dict, Any, List
 

backend/src/services/connectors/mongo_connector.py

@@ -1,4 +1,4 @@
-
+# backend/src/services/connectors/mongo_connector.py
 import pymongo
 from typing import List, Dict, Any, Optional
 from backend.src.services.connectors.base import NoSQLConnector

backend/src/services/connectors/sanity_connector.py

@@ -1,4 +1,4 @@
-
+# backend/src/services/connectors/sanity_connector.py
 import requests
 import json
 from urllib.parse import quote

backend/src/services/connectors/shopify_connector.py

@@ -0,0 +1,70 @@
+# backend/src/services/connectors/shopify_connector.py
+
+import shopify
+import time
+from typing import List, Dict, Any
+
+class ShopifyConnector:
+    def __init__(self, credentials: Dict[str, str]):
+        self.shop_url = credentials.get("shop_url")
+        self.access_token = credentials.get("access_token")
+        self.api_version = credentials.get("api_version", "2024-01") # Default stable version
+
+        if not self.shop_url or not self.access_token:
+            raise ValueError("Shopify credentials (shop_url, access_token) are required.")
+
+        # Session Setup
+        self.session = shopify.Session(self.shop_url, self.api_version, self.access_token)
+
+    def fetch_all_products(self) -> List[Dict[str, Any]]:
+        """
+        Shopify Admin API se saare products aur unki images fetch karta hai.
+        Pagination handle karta hai taake saara data aaye.
+        """
+        print(f"🛍️ [Shopify] Connecting to {self.shop_url}...")
+        shopify.ShopifyResource.activate_session(self.session)
+        
+        product_list = []
+        
+        try:
+            # Pehla page fetch karein (Limit 250 max hai)
+            page = shopify.Product.find(limit=250)
+            
+            while page:
+                for product in page:
+                    if not product.images:
+                        continue
+                    
+                    # Har image ko process karein
+                    for image in product.images:
+                        product_list.append({
+                            # Unique ID: ProductID_ImageID
+                            "id": f"{product.id}_{image.id}",
+                            "image_path": image.src,
+                            # Slug (Handle) taake user click karke product par ja sake
+                            "slug": product.handle, 
+                            "product_id": str(product.id)
+                        })
+                
+                # Agla page check karein
+                if page.has_next_page():
+                    time.sleep(0.5) # Rate limit se bachne ke liye thoda wait
+                    page = page.next_page()
+                else:
+                    break
+                    
+            print(f"✅ [Shopify] Fetched {len(product_list)} images successfully.")
+            return product_list
+
+        except Exception as e:
+            print(f"❌ [Shopify] Error fetching products: {e}")
+            return []
+            
+        finally:
+            # Session close karna zaroori hai
+            shopify.ShopifyResource.clear_session()
+
+# Wrapper function jo Agent use karega
+def fetch_all_products(credentials: dict):
+    connector = ShopifyConnector(credentials)
+    return connector.fetch_all_products()

backend/src/services/connectors/woocommerce_connector.py

@@ -0,0 +1,76 @@
+# backend/src/services/connectors/woocommerce_connector.py
+
+from woocommerce import API
+from typing import List, Dict, Any
+
+class WooCommerceConnector:
+    def __init__(self, credentials: Dict[str, str]):
+        self.url = credentials.get("website_url") or credentials.get("url")
+        self.consumer_key = credentials.get("consumer_key")
+        self.consumer_secret = credentials.get("consumer_secret")
+
+        if not all([self.url, self.consumer_key, self.consumer_secret]):
+            raise ValueError("WooCommerce credentials (url, consumer_key, consumer_secret) are required.")
+
+        # API Setup
+        self.wcapi = API(
+            url=self.url,
+            consumer_key=self.consumer_key,
+            consumer_secret=self.consumer_secret,
+            version="wc/v3",
+            timeout=20  # Thoda zyada time dete hain slow WP sites ke liye
+        )
+
+    def fetch_all_products(self) -> List[Dict[str, Any]]:
+        """
+        WooCommerce API se paginated products fetch karta hai.
+        """
+        print(f"🛒 [WooCommerce] Connecting to {self.url}...")
+        
+        product_list = []
+        page = 1
+        per_page = 50  # Reasonable chunk size
+        
+        try:
+            while True:
+                # API Call
+                response = self.wcapi.get("products", params={"per_page": per_page, "page": page, "status": "publish"})
+                
+                if response.status_code != 200:
+                    print(f"⚠️ [WooCommerce] Error on page {page}: {response.status_code} - {response.text}")
+                    break
+                
+                products = response.json()
+                
+                # Agar products khatam ho gaye, to loop roko
+                if not products:
+                    break
+                
+                for product in products:
+                    # Agar image nahi hai to skip karo
+                    if not product.get("images"):
+                        continue
+                        
+                    for image in product["images"]:
+                        product_list.append({
+                            # Unique ID: ProductID_ImageID
+                            "id": f"{product['id']}_{image['id']}",
+                            "image_path": image["src"],
+                            "slug": product["slug"], # Product URL slug
+                            "product_id": str(product['id'])
+                        })
+                
+                print(f"   -> Page {page} fetched ({len(products)} items)")
+                page += 1
+
+            print(f"✅ [WooCommerce] Fetched {len(product_list)} images successfully.")
+            return product_list
+
+        except Exception as e:
+            print(f"❌ [WooCommerce] Connection Error: {e}")
+            return []
+
+# Wrapper function for Agent
+def fetch_all_products(credentials: dict):
+    connector = WooCommerceConnector(credentials)
+    return connector.fetch_all_products()

backend/src/services/ingestion/crawler.py

@@ -1,3 +1,4 @@
+# backend/src/services/ingestion/crawler.py
 import asyncio
 import requests
 import json # Credentials decode karne ke liye

backend/src/services/ingestion/file_processor.py

@@ -1,3 +1,4 @@
+# backend/src/services/ingestion/file_processor.py
 import os
 import asyncio
 import json

backend/src/services/ingestion/guardrail_factory.py

@@ -1,3 +1,4 @@
+# backend/src/services/ingestion/guardrail_factory.py
 from sentence_transformers import CrossEncoder
 import asyncio
 import os

backend/src/services/ingestion/web_processor.py

@@ -1,3 +1,4 @@
+# backend/src/services/ingestion/web_processor.py
 import asyncio
 import json
 from sqlalchemy.ext.asyncio import AsyncSession

backend/src/services/ingestion/zip_processor.py

@@ -1,3 +1,4 @@
+# backend/src/services/ingestion/zip_processor.py
 import zipfile
 import os
 import shutil

backend/src/services/llm/factory.py

@@ -1,4 +1,4 @@
-
+# backend/src/services/llm/factory.py
 from langchain_google_genai import ChatGoogleGenerativeAI
 from langchain_openai import ChatOpenAI
 from backend.src.core.config import settings

backend/src/services/routing/semantic_router.py

@@ -1,3 +1,4 @@
+# backend/src/services/routing/semantic_router.py
 from sentence_transformers import SentenceTransformer
 from sklearn.metrics.pairwise import cosine_similarity
 import numpy as np

backend/src/services/security/pii_scrubber.py

@@ -1,3 +1,4 @@
+# backend/src/services/security/pii_scrubber.py
 import re
 from typing import Tuple
 

backend/src/services/tools/cms_agent.py

@@ -1,4 +1,4 @@
-
+# backend/src/services/tools/cms_agent.py
 import json
 from langchain.agents import create_agent
 from backend.src.services.llm.factory import get_llm_model

backend/src/services/tools/cms_tool.py

@@ -1,4 +1,4 @@
-
+# backend/src/services/tools/cms_tool.py
 import json
 import ast
 from typing import Type

backend/src/services/tools/nosql_agent.py

@@ -1,4 +1,4 @@
-
+# backend/src/services/tools/nosql_agent.py
 from langchain.agents import create_agent
 from backend.src.services.llm.factory import get_llm_model
 from backend.src.services.tools.nosql_tool import NoSQLQueryTool

backend/src/services/tools/nosql_tool.py

@@ -1,4 +1,4 @@
-
+# backend/src/services/tools/nosql_tool.py
 import json
 import asyncio
 from typing import Type

backend/src/services/tools/secure_agent.py

@@ -1,4 +1,4 @@
-
+# backend/src/services/tools/secure_agent.py
 from langchain.agents import create_agent
 from backend.src.services.llm.factory import get_llm_model
 from backend.src.services.tools.sql_tool import get_sql_toolkit # Updated Import

backend/src/services/tools/sql_tool.py

@@ -1,4 +1,4 @@
-
+# backend/src/services/tools/sql_tool.py
 from langchain_community.utilities import SQLDatabase
 from langchain_community.agent_toolkits import SQLDatabaseToolkit
 from backend.src.services.llm.factory import get_llm_model

backend/src/services/visual/agent.py

@@ -0,0 +1,524 @@
+# import asyncio
+# import json
+# import requests
+# import concurrent.futures
+# from uuid import uuid4
+# from sqlalchemy.future import select
+# from qdrant_client.http import models
+
+# # Internal Modules
+# from backend.src.models.integration import UserIntegration
+# from backend.src.models.ingestion import IngestionJob, JobStatus
+# from backend.src.services.vector_store.qdrant_adapter import get_vector_store
+# from backend.src.services.visual.engine import get_image_embedding
+
+# # Connectors
+# from backend.src.services.connectors.sanity_connector import SanityConnector
+# from backend.src.services.connectors.shopify_connector import fetch_all_products as fetch_shopify
+# from backend.src.services.connectors.woocommerce_connector import fetch_all_products as fetch_woo
+
+# # --- OPTIMIZATION CONFIG ---
+# BATCH_SIZE = 100 
+# MAX_WORKERS = 20
+
+# # --- 🔥 SAFE LOGGING HELPER ---
+# async def update_job_safe(db_factory, job_id: int, status: str, processed=0, total=0, error=None):
+#     try:
+#         async with db_factory() as db:
+#             result = await db.execute(select(IngestionJob).where(IngestionJob.id == job_id))
+#             job = result.scalars().first()
+#             if job:
+#                 job.status = status
+#                 job.items_processed = processed
+#                 job.total_items = total
+#                 if error:
+#                     job.error_message = str(error)
+#                 await db.commit()
+#     except Exception as e:
+#         print(f"⚠️ Status Update Failed: {e}")
+
+# async def fetch_products_from_source(provider: str, credentials: dict):
+#     products = []
+#     print(f"🔄 [Visual Agent] Fetching products from {provider}...")
+#     try:
+#         if provider == 'sanity':
+#             connector = SanityConnector(credentials)
+#             query = """*[_type == "product" && defined(variants)]{
+#                 _id, "slug": slug.current, "variants": variants[]{ _key, images[]{ asset->{url} } }
+#             }"""
+#             raw_data = connector.execute_query(query)
+#             for item in raw_data:
+#                 if not item.get('variants'): continue
+#                 for variant in item['variants']:
+#                     if not variant.get('images'): continue
+#                     for img in variant['images']:
+#                         if img.get('asset'):
+#                             products.append({
+#                                 "id": f"{item['_id']}_{variant['_key']}",
+#                                 "image_path": img['asset']['url'],
+#                                 "slug": item.get('slug'),
+#                                 "product_id": item['_id']
+#                             })
+#         elif provider == 'shopify':
+#             products = await asyncio.to_thread(fetch_shopify, credentials)
+#         elif provider == 'woocommerce':
+#             products = await asyncio.to_thread(fetch_woo, credentials)
+#         return products
+#     except Exception as e:
+#         print(f"❌ Fetch Error: {e}")
+#         return []
+
+# def download_and_vectorize(product):
+#     # Ensure we use the correct key for image path
+#     image_url = product.get('image_path') or product.get('image_url')
+    
+#     if not image_url:
+#         return None
+
+#     try:
+#         response = requests.get(image_url, timeout=5)
+#         if response.status_code != 200: return None
+#         image_bytes = response.content
+#         vector = get_image_embedding(image_bytes)
+#         if not vector: return None
+#         return {"product": product, "vector": vector}
+#     except Exception:
+#         return None
+
+# async def run_visual_sync(user_id: str, job_id: int, db_factory):
+#     """
+#     High Performance Sync: Uses ThreadPool for parallel processing.
+#     """
+#     print(f"🚀 [Visual Agent] Starting Optimized Sync Job {job_id} for User: {user_id}")
+    
+#     try:
+#         await update_job_safe(db_factory, job_id, JobStatus.PROCESSING)
+
+#         # 1. Credentials Fetch
+#         async with db_factory() as db:
+#             stmt = select(UserIntegration).where(
+#                 UserIntegration.user_id == str(user_id),
+#                 UserIntegration.is_active == True
+#             )
+#             result = await db.execute(stmt)
+#             integrations = result.scalars().all()
+
+#         qdrant_config = None
+#         store_config = None
+#         store_provider = None
+
+#         for i in integrations:
+#             if i.provider == 'qdrant':
+#                 qdrant_config = json.loads(i.credentials)
+#             elif i.provider in ['sanity', 'shopify', 'woocommerce']:
+#                 store_config = json.loads(i.credentials)
+#                 store_provider = i.provider
+
+#         if not qdrant_config or not store_config:
+#             await update_job_safe(db_factory, job_id, JobStatus.FAILED, error="Missing Database or Store connection.")
+#             return
+
+#         # 2. Connect Qdrant & Setup Collection
+#         vector_store = get_vector_store(credentials=qdrant_config)
+#         collection_name = "visual_search_products"
+        
+#         # Reset Collection
+#         try:
+#             vector_store.client.delete_collection(collection_name)
+#         except: pass
+        
+#         vector_store.client.create_collection(
+#             collection_name=collection_name,
+#             vectors_config=models.VectorParams(size=2048, distance=models.Distance.COSINE)
+#         )
+
+#         # ✅ FIXED: Create Payload Index for 'user_id'
+#         # Ye zaroori hai taake Qdrant filter query allow kare
+#         print(f"🛠️ [Visual Agent] Creating index for user_id on {collection_name}...")
+#         vector_store.client.create_payload_index(
+#             collection_name=collection_name,
+#             field_name="user_id",
+#             field_schema=models.PayloadSchemaType.KEYWORD
+#         )
+
+#         # 3. Fetch Products
+#         products = await fetch_products_from_source(store_provider, store_config)
+#         total_products = len(products)
+#         await update_job_safe(db_factory, job_id, JobStatus.PROCESSING, total=total_products)
+
+#         if not products:
+#             await update_job_safe(db_factory, job_id, JobStatus.COMPLETED, error="No products found.")
+#             return
+
+#         print(f"⚡ Processing {total_products} images in batches of {BATCH_SIZE}...")
+
+#         # 4. OPTIMIZED BATCH PROCESSING
+#         processed_count = 0
+#         loop = asyncio.get_running_loop()
+        
+#         for i in range(0, total_products, BATCH_SIZE):
+#             batch = products[i : i + BATCH_SIZE]
+#             points = []
+
+#             with concurrent.futures.ThreadPoolExecutor(max_workers=MAX_WORKERS) as executor:
+#                 futures = [
+#                     loop.run_in_executor(executor, download_and_vectorize, item) 
+#                     for item in batch
+#                 ]
+#                 results = await asyncio.gather(*futures)
+
+#             for res in results:
+#                 if res:
+#                     prod = res['product']
+#                     # Use .get() to avoid KeyError if keys differ across providers
+#                     img_url = prod.get('image_path') or prod.get('image_url')
+                    
+#                     points.append(models.PointStruct(
+#                         id=str(uuid4()), 
+#                         vector=res['vector'],
+#                         payload={
+#                             "product_id": prod.get('product_id'),
+#                             "slug": prod.get('slug'),
+#                             "image_url": img_url,
+#                             "user_id": str(user_id),
+#                             "source": store_provider
+#                         }
+#                     ))
+
+#             if points:
+#                 await asyncio.to_thread(
+#                     vector_store.client.upsert,
+#                     collection_name=collection_name, 
+#                     points=points
+#                 )
+#                 processed_count += len(points)
+
+#             # --- SAFE STATUS UPDATE ---
+#             await update_job_safe(db_factory, job_id, JobStatus.PROCESSING, processed=processed_count, total=total_products)
+#             print(f"   -> Batch {i//BATCH_SIZE + 1} done. ({processed_count}/{total_products})")
+
+#         # Final Success
+#         await update_job_safe(db_factory, job_id, JobStatus.COMPLETED, processed=processed_count, total=total_products)
+#         print(f"🎉 Job {job_id} Complete. {processed_count} images indexed.")
+
+#     except Exception as e:
+#         print(f"❌ Job {job_id} Failed: {e}")
+#         await update_job_safe(db_factory, job_id, JobStatus.FAILED, error=str(e))
+import asyncio
+import json
+import requests
+import concurrent.futures
+from uuid import uuid4
+from sqlalchemy.future import select
+from qdrant_client.http import models
+
+# Internal Modules
+from backend.src.models.integration import UserIntegration
+from backend.src.models.ingestion import IngestionJob, JobStatus
+from backend.src.services.vector_store.qdrant_adapter import get_vector_store
+from backend.src.services.visual.engine import get_image_embedding
+
+# Connectors
+from backend.src.services.connectors.sanity_connector import SanityConnector
+from backend.src.services.connectors.shopify_connector import fetch_all_products as fetch_shopify
+from backend.src.services.connectors.woocommerce_connector import fetch_all_products as fetch_woo
+
+# --- OPTIMIZATION CONFIG ---
+BATCH_SIZE = 100 
+MAX_WORKERS = 20
+
+# --- 🔥 SAFE LOGGING HELPER ---
+async def update_job_safe(db_factory, job_id: int, status: str, processed=0, total=0, error=None, message=None):
+    try:
+        async with db_factory() as db:
+            result = await db.execute(select(IngestionJob).where(IngestionJob.id == job_id))
+            job = result.scalars().first()
+            if job:
+                job.status = status
+                job.items_processed = processed
+                job.total_items = total
+                if error:
+                    job.error_message = str(error)
+                # Agar hum koi custom message save karna chahein
+                if message:
+                     print(f"📝 Job Log: {message}")
+                await db.commit()
+    except Exception as e:
+        print(f"⚠️ Status Update Failed: {e}")
+
+async def fetch_products_from_source(provider: str, credentials: dict):
+    products = []
+    print(f"🔄 [Visual Agent] Fetching products from {provider}...")
+    try:
+        if provider == 'sanity':
+            connector = SanityConnector(credentials)
+            query = """*[_type == "product" && defined(variants)]{
+                _id, "slug": slug.current, "variants": variants[]{ _key, images[]{ asset->{url} } }
+            }"""
+            raw_data = connector.execute_query(query)
+            for item in raw_data:
+                if not item.get('variants'): continue
+                for variant in item['variants']:
+                    if not variant.get('images'): continue
+                    for img in variant['images']:
+                        if img.get('asset'):
+                            products.append({
+                                "id": f"{item['_id']}_{variant['_key']}",
+                                "image_path": img['asset']['url'],
+                                "slug": item.get('slug'),
+                                "product_id": item['_id']
+                            })
+        elif provider == 'shopify':
+            products = await asyncio.to_thread(fetch_shopify, credentials)
+        elif provider == 'woocommerce':
+            products = await asyncio.to_thread(fetch_woo, credentials)
+        return products
+    except Exception as e:
+        print(f"❌ Fetch Error: {e}")
+        return []
+
+def download_and_vectorize(product):
+    # Ensure we use the correct key for image path
+    image_url = product.get('image_path') or product.get('image_url')
+    
+    if not image_url:
+        return None
+
+    try:
+        response = requests.get(image_url, timeout=5)
+        if response.status_code != 200: return None
+        image_bytes = response.content
+        vector = get_image_embedding(image_bytes)
+        if not vector: return None
+        return {"product": product, "vector": vector}
+    except Exception:
+        return None
+
+# --- 🧠 SMART DIFF HELPER ---
+async def get_current_qdrant_state(client, collection_name, user_id):
+    """
+    Qdrant se sirf IDs aur Image URLs fetch karta hai taake hum compare kar sakein.
+    Returns: Dict { 'product_unique_id::image_url': 'qdrant_uuid' }
+    """
+    state = {}
+    next_offset = None
+    
+    print(f"🕵️ Scanning existing Qdrant data for User: {user_id} in '{collection_name}'...")
+    
+    while True:
+        # Scroll through points (Pagination)
+        records, next_offset = await asyncio.to_thread(
+            client.scroll,
+            collection_name=collection_name,
+            scroll_filter=models.Filter(
+                must=[models.FieldCondition(key="user_id", match=models.MatchValue(value=str(user_id)))]
+            ),
+            limit=1000,
+            with_payload=True,
+            with_vectors=False, # Vector download karne ki zarurat nahi, slow hota hai
+            offset=next_offset
+        )
+        
+        for point in records:
+            payload = point.payload or {}
+            
+            prod_id = payload.get("product_id")
+            img_url = payload.get("image_url")
+            
+            if prod_id and img_url:
+                # Composite key create karte hain uniquely identify karne ke liye
+                key = f"{prod_id}::{img_url}"
+                state[key] = point.id # Save Qdrant UUID (Delete karne ke kaam ayega)
+        
+        if next_offset is None:
+            break
+            
+    print(f"✅ Found {len(state)} existing records in DB.")
+    return state
+
+async def run_visual_sync(user_id: str, job_id: int, db_factory):
+    """
+    🚀 Smart Incremental Sync:
+    1. Fetch Source Data
+    2. Fetch DB State
+    3. Calculate Diff (Add/Delete)
+    4. Execute Updates
+    """
+    print(f"🚀 [Visual Agent] Starting Smart Sync Job {job_id} for User: {user_id}")
+    
+    try:
+        await update_job_safe(db_factory, job_id, JobStatus.PROCESSING)
+
+        # 1. Credentials Fetch
+        async with db_factory() as db:
+            stmt = select(UserIntegration).where(
+                UserIntegration.user_id == str(user_id),
+                UserIntegration.is_active == True
+            )
+            result = await db.execute(stmt)
+            integrations = result.scalars().all()
+
+        qdrant_config = None
+        store_config = None
+        store_provider = None
+
+        for i in integrations:
+            if i.provider == 'qdrant':
+                qdrant_config = json.loads(i.credentials)
+            elif i.provider in ['sanity', 'shopify', 'woocommerce']:
+                store_config = json.loads(i.credentials)
+                store_provider = i.provider
+
+        if not qdrant_config or not store_config:
+            await update_job_safe(db_factory, job_id, JobStatus.FAILED, error="Missing Database or Store connection.")
+            return
+
+        # 2. Connect Qdrant & Check Collection
+        vector_store = get_vector_store(credentials=qdrant_config)
+        
+         # 🔥 CRITICAL FIX: Explicitly look for 'visual_collection_name'
+        # Agar user ne visual naam nahi diya, to default 'visual_search_products' use karo.
+        # Hum 'collection_name' (jo chat ke liye hai) use NAHI karenge taake mix na ho.
+        collection_name = qdrant_config.get("visual_collection_name", "visual_search_products")
+        
+        client = vector_store.client
+        
+        # Ensure Collection Exists
+        if not client.collection_exists(collection_name):
+             print(f"🛠️ Creating new collection: {collection_name}")
+             client.create_collection(
+                collection_name=collection_name,
+                vectors_config=models.VectorParams(size=2048, distance=models.Distance.COSINE)
+            )
+             client.create_payload_index(
+                collection_name=collection_name,
+                field_name="user_id",
+                field_schema=models.PayloadSchemaType.KEYWORD
+            )
+
+        # 3. Fetch Data from Source (Fresh List)
+        source_products = await fetch_products_from_source(store_provider, store_config)
+        if not source_products:
+            await update_job_safe(db_factory, job_id, JobStatus.COMPLETED, error="No products found in store.")
+            return
+
+        # 4. Fetch Data from Qdrant (Existing List)
+        # Map: "ProductID::ImageURL" -> QdrantUUID
+        db_state = await get_current_qdrant_state(client, collection_name, user_id)
+
+        # 5. 🧠 CALCULATE THE DIFF (The Magic)
+        points_to_delete = []
+        items_to_process = []
+        
+        # A. Identify New Items & Unchanged Items
+        source_keys = set()
+        
+        for prod in source_products:
+            prod_id = prod.get('product_id')
+            img_url = prod.get('image_path') or prod.get('image_url')
+            
+            if not prod_id or not img_url: continue
+            
+            key = f"{prod_id}::{img_url}"
+            source_keys.add(key)
+            
+            if key in db_state:
+                # Already exists and Image URL is exact match -> SKIP (Save Time)
+                continue
+            else:
+                # New Item (or URL changed, which creates a new key) -> PROCESS
+                items_to_process.append(prod)
+
+        # B. Identify Deleted Items
+        # Agar koi cheez DB mein hai, lekin Source (source_keys) mein nahi, to wo delete hogi.
+        for db_key, db_uuid in db_state.items():
+            if db_key not in source_keys:
+                points_to_delete.append(db_uuid)
+
+        # Stats
+        total_source = len(source_products)
+        to_add_count = len(items_to_process)
+        to_delete_count = len(points_to_delete)
+        unchanged_count = total_source - to_add_count
+
+        print(f"📊 Sync Analysis for User {user_id}:")
+        print(f"   - Collection: {collection_name}")
+        print(f"   - Total in Store: {total_source}")
+        print(f"   - Unchanged (Skipping): {unchanged_count}")
+        print(f"   - To Add/Update: {to_add_count}")
+        print(f"   - To Delete (Removed from Store): {to_delete_count}")
+
+        # 6. EXECUTE DELETE (Agar kuch delete karna ho)
+        if points_to_delete:
+            print(f"🗑️ Deleting {to_delete_count} obsolete records...")
+            # Qdrant delete by Point ID (UUID)
+            # Batching deletes if too many
+            chunk_size = 1000
+            for i in range(0, len(points_to_delete), chunk_size):
+                chunk = points_to_delete[i:i + chunk_size]
+                client.delete(
+                    collection_name=collection_name,
+                    points_selector=models.PointIdsList(points=chunk)
+                )
+
+        # 7. EXECUTE ADD/UPDATE (Batch Processing)
+        if items_to_process:
+            print(f"⚡ Processing {to_add_count} new images...")
+            processed_count = 0
+            
+            # Initial status update
+            await update_job_safe(db_factory, job_id, JobStatus.PROCESSING, total=to_add_count, processed=0)
+            
+            loop = asyncio.get_running_loop()
+            
+            for i in range(0, len(items_to_process), BATCH_SIZE):
+                batch = items_to_process[i : i + BATCH_SIZE]
+                points = []
+
+                # Parallel Download & Vectorize
+                with concurrent.futures.ThreadPoolExecutor(max_workers=MAX_WORKERS) as executor:
+                    futures = [
+                        loop.run_in_executor(executor, download_and_vectorize, item) 
+                        for item in batch
+                    ]
+                    results = await asyncio.gather(*futures)
+
+                for res in results:
+                    if res:
+                        prod = res['product']
+                        img_url = prod.get('image_path') or prod.get('image_url')
+                        
+                        points.append(models.PointStruct(
+                            id=str(uuid4()), 
+                            vector=res['vector'],
+                            payload={
+                                "product_id": prod.get('product_id'),
+                                "slug": prod.get('slug'),
+                                "image_url": img_url,
+                                "user_id": str(user_id),
+                                "source": store_provider
+                            }
+                        ))
+
+                if points:
+                    await asyncio.to_thread(
+                        client.upsert,
+                        collection_name=collection_name, 
+                        points=points
+                    )
+                    processed_count += len(points)
+
+                # Progress Update
+                await update_job_safe(db_factory, job_id, JobStatus.PROCESSING, processed=processed_count, total=to_add_count)
+                print(f"   -> Batch {i//BATCH_SIZE + 1} done. ({processed_count}/{to_add_count})")
+        else:
+            print("✨ No new images to process.")
+
+        # Final Success
+        final_msg = f"Sync Complete. Added: {to_add_count}, Deleted: {to_delete_count}, Skipped: {unchanged_count}"
+        await update_job_safe(db_factory, job_id, JobStatus.COMPLETED, processed=to_add_count, total=to_add_count, message=final_msg)
+        print(f"🎉 {final_msg}")
+
+    except Exception as e:
+        print(f"❌ Job {job_id} Failed: {e}")
+        await update_job_safe(db_factory, job_id, JobStatus.FAILED, error=str(e))

backend/src/services/visual/engine.py

@@ -0,0 +1,74 @@
+# backend/src/services/visual/engine.py
+
+import torch
+import torchvision.models as models
+import torchvision.transforms as transforms
+from PIL import Image
+import numpy as np
+from io import BytesIO
+
+# Global variable taake Model sirf ek baar load ho (Memory Bachane ke liye)
+_visual_model_instance = None
+_preprocess_instance = None
+
+def get_visual_model():
+    """
+    Singleton Pattern: ResNet50 ko sirf tab load karega jab pehli baar zaroorat hogi.
+    Railway/Serverless par RAM bachane ke liye zaroori hai.
+    """
+    global _visual_model_instance, _preprocess_instance
+    
+    if _visual_model_instance is None:
+        print("👁️ [Visual Engine] Loading ResNet50 AI Model...")
+        # 1. Load Standard ResNet50
+        full_model = models.resnet50(weights=models.ResNet50_Weights.DEFAULT)
+        full_model.eval() # Inference mode (Training off)
+        
+        # 2. Remove the last Classification Layer
+        # Humein "Cat/Dog" label nahi chahiye, humein features (vectors) chahiye.
+        _visual_model_instance = torch.nn.Sequential(*(list(full_model.children())[:-1]))
+        
+        # 3. Define Image Preprocessing steps
+        _preprocess_instance = transforms.Compose([
+            transforms.Resize(256),
+            transforms.CenterCrop(224),
+            transforms.ToTensor(),
+            transforms.Normalize(mean=[0.485, 0.456, 0.406], std=[0.229, 0.224, 0.225]),
+        ])
+        print("✅ [Visual Engine] Model Loaded Successfully.")
+        
+    return _visual_model_instance, _preprocess_instance
+
+def get_image_embedding(image_bytes: bytes) -> list:
+    """
+    Image ke bytes leta hai -> ResNet50 se guzarta hai -> 2048 numbers ki list wapis karta hai.
+    """
+    model, preprocess = get_visual_model()
+    
+    try:
+        # 1. Convert Bytes to Image
+        img = Image.open(BytesIO(image_bytes)).convert("RGB")
+        
+        # 2. Preprocess
+        img_tensor = preprocess(img)
+        batch_img_tensor = torch.unsqueeze(img_tensor, 0) # Batch dimension add karein
+        
+        # 3. Generate Embedding
+        with torch.no_grad():
+            embedding = model(batch_img_tensor)
+        
+        # 4. Flatten & Normalize (Cosine Similarity ke liye zaroori)
+        embedding_np = embedding.flatten().numpy()
+        norm = np.linalg.norm(embedding_np)
+        
+        # Zero division se bachne ke liye
+        if norm == 0:
+            return embedding_np.tolist()
+            
+        normalized_embedding = (embedding_np / norm).astype('float32')
+        
+        return normalized_embedding.tolist()
+        
+    except Exception as e:
+        print(f"❌ [Visual Engine] Error processing image: {e}")
+        return None

backend/src/update_db.py

@@ -0,0 +1,57 @@
+import asyncio
+from sqlalchemy import text
+from backend.src.db.session import engine
+
+async def upgrade_database():
+    print("⚙️ Updating Database Schema (Without Deleting Data)...")
+    
+    async with engine.begin() as conn:
+        # --- 1. Users Table mein 'api_key' add karna ---
+        try:
+            print("   -> Adding 'api_key' column to users...")
+            await conn.execute(text("ALTER TABLE users ADD COLUMN api_key VARCHAR;"))
+        except Exception as e:
+            print("      (Skipped: Column shayad pehle se hai)")
+
+        # --- 2. Users Table mein 'allowed_domains' add karna ---
+        try:
+            print("   -> Adding 'allowed_domains' column to users...")
+            await conn.execute(text("ALTER TABLE users ADD COLUMN allowed_domains VARCHAR DEFAULT '*';"))
+        except Exception as e:
+            print("      (Skipped: Column shayad pehle se hai)")
+
+        # --- 3. Integrations Table mein 'profile_description' add karna ---
+        try:
+            print("   -> Adding 'profile_description' column to user_integrations...")
+            await conn.execute(text("ALTER TABLE user_integrations ADD COLUMN profile_description TEXT;"))
+        except Exception as e:
+            print("      (Skipped: Column shayad pehle se hai)")
+
+    print("✅ Database Update Complete! Aapka purana data safe hai.")
+
+    # --- 4. Purane Users ke liye API Key Generate karna ---
+    # Kyunki purane users ki API Key NULL hogi, unhein nayi key deni padegi.
+    from backend.src.utils.auth import generate_api_key
+    from sqlalchemy.future import select
+    from backend.src.models.user import User
+    from backend.src.db.session import AsyncSessionLocal
+
+    print("🔑 Generating API Keys for existing users...")
+    async with AsyncSessionLocal() as db:
+        result = await db.execute(select(User))
+        users = result.scalars().all()
+        
+        count = 0
+        for user in users:
+            if not user.api_key: # Agar key nahi hai
+                user.api_key = generate_api_key()
+                user.allowed_domains = "*"
+                db.add(user)
+                count += 1
+                print(f"   -> Key generated for: {user.email}")
+        
+        await db.commit()
+        print(f"✅ {count} Users updated with new API Keys.")
+
+if __name__ == "__main__":
+    asyncio.run(upgrade_database())

backend/src/utils/auth.py

@@ -1,3 +1,4 @@
+# backend/src/utils/auth.py
 import secrets # Cryptographically strong random numbers generate karne ke liye
 from passlib.context import CryptContext
 from datetime import datetime, timedelta

backend/src/utils/security.py

@@ -1,30 +1,61 @@
-# --- EXTERNAL IMPORTS ---
+# backend/src/utils/security.py
+import os
 from cryptography.fernet import Fernet
-import base64
+from dotenv import load_dotenv
 
-# --- FIX: A Valid, Consistent 32-byte Base64 Key ---
-# Ye key change nahi hogi, to decryption hamesha chalega.
-DEFAULT_KEY = b'8_sW7x9y2z4A5b6C8d9E0f1G2h3I4j5K6l7M8n9O0pQ='
+load_dotenv()
+
+# --- SECURITY CONFIGURATION ---
+# 1. Production mein yeh key hamesha .env file mein honi chahiye: ENCRYPTION_KEY=...
+# 2. Yeh niche wali key maine Fernet.generate_key() se generate ki hai. 
+#    Yeh valid format mein hai, isay use karein taake crash na ho.
+FALLBACK_KEY = b'gQp8v5Y3Z9k1L0mN2oP4rS6tU8vW0xY2z4A6bC8dE0f='
 
 class SecurityUtils:
     @staticmethod
     def get_cipher():
-        # Production mein ye .env se aana chahiye
-        # Development ke liye hum hardcoded valid key use kar rahe hain
-        return Fernet(DEFAULT_KEY)
+        """
+        Encryption Cipher banata hai.
+        Priority: 
+        1. OS Environment Variable (Best for Production)
+        2. Hardcoded Fallback (Only for Local Dev)
+        """
+        key = os.getenv("ENCRYPTION_KEY")
+        
+        if not key:
+            # Agar .env mein key nahi hai, to fallback use karo aur warning do
+            # print("⚠️ WARNING: Using insecure fallback encryption key!")
+            return Fernet(FALLBACK_KEY)
+            
+        try:
+            # Agar .env se key aayi hai, to usay bytes mein convert karo
+            if isinstance(key, str):
+                key = key.encode()
+            return Fernet(key)
+        except Exception:
+            print("❌ ERROR: Invalid ENCRYPTION_KEY in .env. Falling back to default.")
+            return Fernet(FALLBACK_KEY)
 
     @staticmethod
     def encrypt(data: str) -> str:
+        """String ko encrypt karke encrypted string return karta hai"""
         if not data: return ""
-        cipher = SecurityUtils.get_cipher()
-        return cipher.encrypt(data.encode()).decode()
+        try:
+            cipher = SecurityUtils.get_cipher()
+            # Encrypt karne ke liye bytes chahiye, wapis string banate waqt decode
+            return cipher.encrypt(data.encode()).decode()
+        except Exception as e:
+            print(f"🔐 Encryption Failed: {e}")
+            raise e
 
     @staticmethod
     def decrypt(token: str) -> str:
+        """Encrypted string ko wapis original text mein lata hai"""
         if not token: return ""
-        cipher = SecurityUtils.get_cipher()
         try:
+            cipher = SecurityUtils.get_cipher()
             return cipher.decrypt(token.encode()).decode()
         except Exception as e:
+            # Agar key change hui ya data corrupt hua to ye error dega
             print(f"🔐 Decryption Failed: {e}")
             raise ValueError("Invalid Key or Corrupted Data")

docker-compose.yml

@@ -1,3 +1,4 @@
+# Docker Compose File for Local Development
 version: '3.8'
 
 services:

frontend/visual_search_test.html

@@ -0,0 +1,68 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>OmniAgent Visual Search Tester (API Key Mode)</title>
+    <style>
+        body { font-family: 'Segoe UI', Tahoma, Geneva, Verdana, sans-serif; background-color: #f4f7f9; color: #333; margin: 0; padding: 40px; display: flex; justify-content: center; }
+        .container { width: 100%; max-width: 900px; background: #fff; padding: 30px; border-radius: 12px; box-shadow: 0 10px 30px rgba(0,0,0,0.1); }
+        h1 { color: #2c3e50; text-align: center; margin-bottom: 10px; }
+        .subtitle { text-align: center; color: #7f8c8d; margin-bottom: 30px; font-size: 0.9em; }
+        
+        .input-group { display: flex; flex-direction: column; gap: 15px; margin-bottom: 20px; }
+        .input-group label { font-weight: bold; margin-bottom: -10px; font-size: 0.9em; color: #555; }
+        .input-group input, .input-group button { padding: 12px; border-radius: 6px; border: 1px solid #ccc; font-size: 16px; }
+        
+        .input-group button { background-color: #3498db; color: white; border: none; cursor: pointer; transition: background-color 0.3s; font-weight: bold; }
+        .input-group button:hover { background-color: #2980b9; }
+        .input-group button:disabled { background-color: #bdc3c7; cursor: not-allowed; }
+
+        #auth-status { text-align: center; padding: 15px; background: #f8f9fa; border-radius: 6px; margin-bottom: 20px; border-left: 5px solid #bdc3c7; }
+        
+        #search-results-container { margin-top: 30px; display: grid; grid-template-columns: repeat(auto-fill, minmax(200px, 1fr)); gap: 20px; }
+        
+        .result-card { background-color: #fff; border: 1px solid #eee; border-radius: 8px; overflow: hidden; transition: transform 0.2s, box-shadow 0.2s; }
+        .result-card:hover { transform: translateY(-5px); box-shadow: 0 5px 15px rgba(0,0,0,0.1); }
+        .result-card img { width: 100%; height: 200px; object-fit: cover; display: block; border-bottom: 1px solid #eee; }
+        .card-content { padding: 12px; text-align: center; }
+        .similarity-badge { background: #27ae60; color: white; padding: 4px 8px; border-radius: 12px; font-size: 12px; font-weight: bold; }
+
+        .info-message { grid-column: 1 / -1; text-align: center; font-size: 16px; color: #777; margin-top: 20px; }
+        .loader { border: 4px solid #f3f3f3; border-top: 4px solid #3498db; border-radius: 50%; width: 40px; height: 40px; animation: spin 1s linear infinite; margin: 20px auto; display: none; }
+        @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>OmniAgent Visual Search</h1>
+        <p class="subtitle">Production Test Interface (API Key Secured)</p>
+        
+        <div id="auth-status">
+            <p style="margin:0"><strong>Status:</strong> Waiting for API Key...</p>
+        </div>
+
+        <div class="input-group">
+            <label for="api-key-input">1. Enter API Key (Get from Dashboard)</label>
+            <input type="text" id="api-key-input" placeholder="omni_xxxxxxxxxxxxxxxxxxxxxxxx...">
+            
+            <label for="image-upload-input">2. Upload Query Image</label>
+            <input type="file" id="image-upload-input" accept="image/*">
+            
+            <button id="search-button" disabled>🔍 Search Products</button>
+        </div>
+
+        <div id="loader" class="loader"></div>
+        <div id="search-results-container">
+            <p class="info-message">Results will appear here...</p>
+        </div>
+    </div>
+    
+    <script src="visual_search_test.js"></script>
+    <script>
+        // Backend URL (Ensure Port is Correct)
+        const API_ENDPOINT = "http://127.0.0.1:8000/api/v1/visual/search";
+        VisualSearchTester.init(API_ENDPOINT);
+    </script>
+</body>
+</html>

frontend/visual_search_test.js

@@ -0,0 +1,132 @@
+// frontend/visual_search_test.js
+
+const VisualSearchTester = {
+    config: {
+        apiEndpoint: "",
+    },
+    elements: {},
+    
+    init: function(apiEndpoint) {
+        this.config.apiEndpoint = apiEndpoint;
+        this.elements = {
+            apiKeyInput: document.getElementById('api-key-input'), // ID Changed
+            fileInput: document.getElementById('image-upload-input'),
+            searchButton: document.getElementById('search-button'),
+            authStatus: document.getElementById('auth-status'),
+            loader: document.getElementById('loader'),
+            resultsContainer: document.getElementById('search-results-container'),
+        };
+        
+        // Listeners
+        this.elements.apiKeyInput.addEventListener('input', this._updateButtonState.bind(this));
+        this.elements.fileInput.addEventListener('change', this._updateButtonState.bind(this));
+        this.elements.searchButton.addEventListener('click', this._handleSearch.bind(this));
+        
+        this._updateButtonState();
+    },
+    
+    _updateButtonState: function() {
+        const apiKey = this.elements.apiKeyInput.value.trim();
+        const file = this.elements.fileInput.files[0];
+        
+        // API Key 'omni_' se shuru hoti hai aur approx 30-40 chars hoti hai
+        const isValidKey = apiKey.length > 20 && apiKey.startsWith("omni_");
+        const canSearch = isValidKey && file;
+        
+        this.elements.searchButton.disabled = !canSearch;
+        
+        if (isValidKey) {
+            this.elements.authStatus.style.borderLeftColor = '#27ae60';
+            this.elements.authStatus.innerHTML = '<p style="color: #27ae60; margin:0"><strong>Status:</strong> Valid API Key Format ✅</p>';
+        } else {
+            this.elements.authStatus.style.borderLeftColor = '#bdc3c7';
+            this.elements.authStatus.innerHTML = '<p style="color: #7f8c8d; margin:0"><strong>Status:</strong> Waiting for valid API Key...</p>';
+        }
+    },
+
+    // --- 🔥 MAIN SEARCH LOGIC (API KEY UPDATE) 🔥 ---
+    _handleSearch: async function() {
+        const apiKey = this.elements.apiKeyInput.value.trim();
+        const file = this.elements.fileInput.files[0];
+
+        if (!apiKey || !file) return;
+
+        this.elements.loader.style.display = 'block';
+        this.elements.searchButton.disabled = true; // Prevent double click
+        this.elements.resultsContainer.innerHTML = '';
+
+        const formData = new FormData();
+        formData.append('file', file);
+
+        try {
+            console.log("Sending request to:", this.config.apiEndpoint);
+            
+            const response = await fetch(this.config.apiEndpoint, {
+                method: 'POST',
+                headers: { 
+                    // ✅ CHANGE: Use 'x-api-key' instead of 'Authorization'
+                    'x-api-key': apiKey,
+                    'Accept': 'application/json'
+                    // Note: 'Content-Type' header mat lagana jab FormData bhej rahe ho, browser khud boundary set karega.
+                },
+                body: formData
+            });
+
+            const data = await response.json();
+
+            if (!response.ok) {
+                // Handle specific Auth errors
+                if (response.status === 401 || response.status === 403) {
+                    throw new Error("Authentication Failed! Please check your API Key or Domain Settings.");
+                }
+                const errorDetail = data.detail || data.message || "Unknown server error";
+                throw new Error(`Error ${response.status}: ${errorDetail}`);
+            }
+
+            this._renderResults(data.results);
+
+        } catch (error) {
+            this.elements.resultsContainer.innerHTML = `
+                <div style="text-align:center; padding: 20px;">
+                    <p style="color: #e74c3c; font-weight: bold; font-size: 1.2em;">❌ Search Failed</p>
+                    <p style="color: #555;">${error.message}</p>
+                </div>`;
+            console.error("Visual Search Error:", error);
+        } finally {
+            this.elements.loader.style.display = 'none';
+            this.elements.searchButton.disabled = false;
+        }
+    },
+
+    _renderResults: function(results) {
+        const container = this.elements.resultsContainer;
+        container.innerHTML = '';
+
+        if (!results || results.length === 0) {
+            container.innerHTML = '<p class="info-message">🤷‍♂️ No matching products found.</p>';
+            return;
+        }
+
+        results.forEach(item => {
+            const card = document.createElement('div');
+            card.className = 'result-card';
+            
+            const similarityScore = (item.similarity * 100).toFixed(1);
+            const slug = item.slug || "#";
+            
+            // Image Fallback logic
+            const imgUrl = item.image_path || "https://via.placeholder.com/200?text=No+Image";
+
+            card.innerHTML = `
+                <a href="/product/${slug}" target="_blank" style="text-decoration: none; color: inherit;">
+                    <img src="${imgUrl}" alt="Product Image" onerror="this.src='https://via.placeholder.com/200?text=Error'">
+                    <div class="card-content">
+                        <span class="similarity-badge">${similarityScore}% Match</span>
+                        <p style="margin-top: 10px; font-size: 0.9em; color: #555;">ID: ${item.product_id}</p>
+                    </div>
+                </a>
+            `;
+            container.appendChild(card);
+        });
+    }
+};

requirements.txt

@@ -1,4 +1,3 @@
-# Requirements for the project
 accelerate==1.12.0
 aiofiles==25.1.0
 aiohappyeyeballs==2.6.1
@@ -122,6 +121,7 @@ proto-plus==1.26.1
 protobuf==6.33.2
 psutil==7.1.3
 psycopg2-binary==2.9.11
+pyactiveresource==2.2.2
 pyasn1==0.6.1
 pyasn1_modules==0.4.2
 pycocotools==2.0.10
@@ -129,11 +129,13 @@ pycparser==2.23
 pydantic==2.12.5
 pydantic-settings==2.12.0
 pydantic_core==2.41.5
+PyJWT==2.10.1
 pymongo==4.15.5
 pypandoc==1.16.2
 pyparsing==3.2.5
 pypdf==6.4.1
 pypdfium2==5.1.0
+pyreadline3==3.5.4
 python-dateutil==2.9.0.post0
 python-docx==1.2.0
 python-dotenv==1.2.1
@@ -144,6 +146,7 @@ python-multipart==0.0.20
 python-oxmsg==0.0.2
 python-pptx==1.0.2
 pytz==2025.2
+pywin32==311
 PyYAML==6.0.3
 qdrant-client==1.16.1
 RapidFuzz==3.14.3
@@ -156,6 +159,7 @@ scikit-learn==1.7.2
 scipy==1.16.3
 sentence-transformers==5.1.2
 setuptools==80.9.0
+ShopifyAPI==12.7.0
 six==1.17.0
 sniffio==1.3.1
 soupsieve==2.8
@@ -167,8 +171,8 @@ threadpoolctl==3.6.0
 tiktoken==0.12.0
 timm==1.0.22
 tokenizers==0.22.1
-torch==2.9.1+cpu 
-torchvision==0.24.1+cpu
+torch==2.9.1
+torchvision==0.24.1
 tqdm==4.67.1
 transformers==4.57.3
 typing-inspect==0.9.0
@@ -185,6 +189,7 @@ uvicorn==0.38.0
 watchfiles==1.1.1
 webencodings==0.5.1
 websockets==15.0.1
+WooCommerce==3.0.0
 wrapt==2.0.1
 xlrd==2.0.2
 xlsxwriter==3.2.9

static/widget.js

@@ -4,10 +4,10 @@
     // ----------------------------------------------------
     const scriptTag = document.currentScript;
     
-    // Ab hum User ID nahi, balki secure API Key mangenge 🔑
+    // Auth & Config
     const API_KEY = scriptTag.getAttribute("data-api-key"); 
     const API_URL = scriptTag.getAttribute("data-api-url");
-    const THEME_COLOR = scriptTag.getAttribute("data-theme-color") || "#FF0000"; // Default Red for your theme
+    const THEME_COLOR = scriptTag.getAttribute("data-theme-color") || "#0084FF"; 
 
     if (!API_KEY || !API_URL) {
         console.error("OmniAgent Security Error: data-api-key or data-api-url is missing!");
@@ -17,7 +17,7 @@
     const CHAT_SESSION_ID = "omni_session_" + Math.random().toString(36).slice(2, 11); 
 
     // ----------------------------------------------------
-    // 2. STYLES: UI & Responsive Design
+    // 2. STYLES: UI & Responsive Design (Tabs + Camera)
     // ----------------------------------------------------
     const style = document.createElement('style');
     style.innerHTML = `
@@ -27,15 +27,15 @@
         }
         #omni-chat-btn {
             background: ${THEME_COLOR}; color: white; border: none; padding: 15px; border-radius: 50%;
-            cursor: pointer; box-shadow: 0 4px 15px rgba(0,0,0,0.3); width: 60px; height: 60px; font-size: 24px;
-            display: flex; align-items: center; justify-content: center; transition: all 0.3s cubic-bezier(0.175, 0.885, 0.32, 1.275);
+            cursor: pointer; box-shadow: 0 4px 15px rgba(0,0,0,0.3); width: 60px; height: 60px; font-size: 28px;
+            display: flex; align-items: center; justify-content: center; transition: all 0.3s;
         }
-        #omni-chat-btn:hover { transform: scale(1.1) rotate(5deg); }
+        #omni-chat-btn:hover { transform: scale(1.1); }
         
-        #omni-chat-window {
-            display: none; width: 370px; height: 550px; background: white; border-radius: 16px;
-            box-shadow: 0 12px 40px rgba(0,0,0,0.2); flex-direction: column; overflow: hidden;
-            margin-bottom: 20px; border: 1px solid #f0f0f0; animation: omniSlideUp 0.4s ease;
+        #omni-window {
+            display: none; width: 380px; height: 600px; background: white; border-radius: 16px;
+            box-shadow: 0 12px 40px rgba(0,0,0,0.25); flex-direction: column; overflow: hidden;
+            margin-bottom: 20px; animation: omniSlideUp 0.3s ease; border: 1px solid #e0e0e0;
         }
         
         @keyframes omniSlideUp {
@@ -43,135 +43,241 @@
             to { opacity: 1; transform: translateY(0); }
         }
 
-        #omni-header { 
-            background: ${THEME_COLOR}; color: white; padding: 18px; font-weight: 600; display: flex; 
-            justify-content: space-between; align-items: center; letter-spacing: 0.5px;
+        /* --- Header & Tabs --- */
+        #omni-header { background: ${THEME_COLOR}; padding: 15px; color: white; }
+        .omni-title { font-weight: bold; font-size: 16px; display: flex; align-items: center; gap: 8px; }
+        .omni-close { cursor: pointer; float: right; font-size: 24px; line-height: 16px; }
+
+        .omni-tabs { display: flex; background: #f1f1f1; border-bottom: 1px solid #ddd; }
+        .omni-tab { flex: 1; padding: 12px; text-align: center; cursor: pointer; font-size: 14px; font-weight: 600; color: #555; transition: 0.2s; }
+        .omni-tab.active { background: white; color: ${THEME_COLOR}; border-bottom: 3px solid ${THEME_COLOR}; }
+
+        /* --- Content Areas --- */
+        .omni-view { display: none; flex: 1; flex-direction: column; overflow: hidden; }
+        .omni-view.active { display: flex; }
+
+        /* --- Chat View --- */
+        #omni-messages { flex: 1; padding: 15px; overflow-y: auto; background: #f9f9f9; display: flex; flex-direction: column; gap: 10px; }
+        .omni-msg { padding: 10px 14px; border-radius: 12px; max-width: 80%; font-size: 14px; line-height: 1.4; }
+        .omni-msg.user { background: ${THEME_COLOR}; color: white; align-self: flex-end; border-bottom-right-radius: 2px; }
+        .omni-msg.bot { background: #e9eff5; color: #333; align-self: flex-start; border-bottom-left-radius: 2px; }
+        
+        #omni-input-area { display: flex; border-top: 1px solid #eee; padding: 10px; background: white; }
+        #omni-input { flex: 1; padding: 10px; border: 1px solid #ddd; border-radius: 20px; outline: none; }
+        #omni-send { background: none; border: none; color: ${THEME_COLOR}; font-size: 20px; cursor: pointer; padding-left: 10px; }
+
+        /* --- Visual Search View --- */
+        #omni-visual-area { flex: 1; padding: 20px; display: flex; flex-direction: column; align-items: center; justify-content: flex-start; overflow-y: auto; text-align: center; }
+        #omni-upload-box { 
+            border: 2px dashed #ccc; border-radius: 12px; padding: 30px; margin-bottom: 20px; 
+            width: 80%; cursor: pointer; transition: 0.2s; background: #fafafa;
         }
-        #omni-messages { flex: 1; padding: 20px; overflow-y: auto; background: #ffffff; display: flex; flex-direction: column; }
-        #omni-input-area { display: flex; border-top: 1px solid #eee; background: #fff; padding: 10px; }
-        #omni-input { flex: 1; padding: 12px; border: 1px solid #eee; border-radius: 25px; outline: none; font-size: 14px; background: #f8f9fa; }
-        #omni-send { background: transparent; border: none; color: ${THEME_COLOR}; font-weight: bold; cursor: pointer; padding: 0 12px; font-size: 22px; }
+        #omni-upload-box:hover { border-color: ${THEME_COLOR}; background: #f0f7ff; }
+        #omni-file-input { display: none; }
         
-        .omni-msg { margin: 10px 0; padding: 12px 16px; border-radius: 18px; max-width: 85%; font-size: 14px; line-height: 1.5; word-wrap: break-word; position: relative; }
-        .omni-msg.user { background: ${THEME_COLOR}; color: white; align-self: flex-end; border-bottom-right-radius: 2px; box-shadow: 0 4px 10px rgba(0,0,0,0.1); }
-        .omni-msg.bot { background: #f0f2f5; color: #1c1e21; align-self: flex-start; border-bottom-left-radius: 2px; }
+        .omni-result-card { 
+            display: flex; align-items: center; gap: 10px; background: white; border: 1px solid #eee; 
+            padding: 10px; border-radius: 8px; width: 100%; margin-bottom: 10px; text-align: left;
+            transition: 0.2s; text-decoration: none; color: inherit;
+        }
+        .omni-result-card:hover { transform: translateY(-2px); box-shadow: 0 4px 10px rgba(0,0,0,0.1); }
+        .omni-result-img { width: 60px; height: 60px; object-fit: cover; border-radius: 6px; }
         
-        /* Custom Scrollbar */
-        #omni-messages::-webkit-scrollbar { width: 5px; }
-        #omni-messages::-webkit-scrollbar-track { background: #f1f1f1; }
-        #omni-messages::-webkit-scrollbar-thumb { background: #ccc; border-radius: 10px; }
+        .omni-loader { border: 3px solid #f3f3f3; border-top: 3px solid ${THEME_COLOR}; border-radius: 50%; width: 24px; height: 24px; animation: spin 1s linear infinite; margin: 20px auto; display: none; }
+        @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
     `;
     document.head.appendChild(style);
 
     // ----------------------------------------------------
-    // 3. UI LOGIC: Global Toggle Function
-    // ----------------------------------------------------
-    window.toggleOmniChat = function() {
-        const win = document.getElementById('omni-chat-window');
-        if (!win) return;
-        const isVisible = win.style.display === 'flex';
-        win.style.display = isVisible ? 'none' : 'flex';
-        if (!isVisible) {
-            document.getElementById('omni-input').focus();
-        }
-    };
-
-    // ----------------------------------------------------
-    // 4. HTML STRUCTURE: Dynamic Insertion
+    // 3. HTML STRUCTURE
     // ----------------------------------------------------
     const container = document.createElement('div');
     container.id = 'omni-widget-container';
 
     container.innerHTML = `
-        <div id="omni-chat-window">
+        <div id="omni-window">
             <div id="omni-header">
-                <div style="display:flex; align-items:center; gap:10px;">
-                    <div style="width:10px; height:10px; background:#2ecc71; border-radius:50%;"></div>
-                    <span>AI Knowledge Assistant</span>
+                <span class="omni-close" onclick="window.toggleOmni()">×</span>
+                <div class="omni-title">
+                    <span>🤖 AI Assistant</span>
                 </div>
-                <span style="cursor:pointer; font-size: 24px; font-weight:300;" onclick="window.toggleOmniChat()">×</span>
             </div>
-            <div id="omni-messages"></div>
-            <div id="omni-input-area">
-                <input type="text" id="omni-input" placeholder="Type a message..." autocomplete="off" />
-                <button id="omni-send">➤</button>
+            
+            <div class="omni-tabs">
+                <div class="omni-tab active" onclick="window.switchTab('chat')">💬 Chat</div>
+                <div class="omni-tab" onclick="window.switchTab('visual')">📷 Visual Search</div>
+            </div>
+
+            <!-- CHAT VIEW -->
+            <div id="omni-chat-view" class="omni-view active">
+                <div id="omni-messages"></div>
+                <div id="omni-input-area">
+                    <input type="text" id="omni-input" placeholder="Ask anything..." autocomplete="off" />
+                    <button id="omni-send">➤</button>
+                </div>
+            </div>
+
+            <!-- VISUAL VIEW -->
+            <div id="omni-visual-view" class="omni-view">
+                <div id="omni-visual-area">
+                    <div id="omni-upload-box" onclick="document.getElementById('omni-file-input').click()">
+                        <div style="font-size:40px; margin-bottom:10px;">📤</div>
+                        <p style="margin:0; color:#666;">Click to Upload Image</p>
+                        <p style="margin:0; font-size:12px; color:#999;">Find similar products</p>
+                    </div>
+                    <input type="file" id="omni-file-input" accept="image/*">
+                    <div id="omni-visual-loader" class="omni-loader"></div>
+                    <div id="omni-visual-results" style="width:100%;"></div>
+                </div>
             </div>
         </div>
-        <button id="omni-chat-btn" onclick="window.toggleOmniChat()">💬</button>
+        <button id="omni-chat-btn" onclick="window.toggleOmni()">💬</button>
     `;
 
     document.body.appendChild(container);
 
     // ----------------------------------------------------
-    // 5. CHAT ENGINE: Fetch & Security Headers
+    // 4. UI LOGIC (Toggle & Tabs)
     // ----------------------------------------------------
-    const inputField = document.getElementById('omni-input');
-    const sendButton = document.getElementById('omni-send');
-    const messagesContainer = document.getElementById('omni-messages');
+    window.toggleOmni = function() {
+        const win = document.getElementById('omni-window');
+        const isVisible = win.style.display === 'flex';
+        win.style.display = isVisible ? 'none' : 'flex';
+    };
 
-    function addMessage(text, sender) {
-        const div = document.createElement('div');
-        div.className = `omni-msg ${sender}`;
-        // URL auto-linking logic
-        div.innerHTML = text.replace(/(https?:\/\/[^\s]+)/g, '<a href="$1" target="_blank" style="color:inherit; text-decoration:underline;">$1</a>');
-        messagesContainer.appendChild(div);
-        messagesContainer.scrollTo({ top: messagesContainer.scrollHeight, behavior: 'smooth' });
-    }
+    window.switchTab = function(tab) {
+        document.querySelectorAll('.omni-tab').forEach(t => t.classList.remove('active'));
+        document.querySelectorAll('.omni-view').forEach(v => v.classList.remove('active'));
+
+        if (tab === 'chat') {
+            document.querySelector('.omni-tabs .omni-tab:nth-child(1)').classList.add('active');
+            document.getElementById('omni-chat-view').classList.add('active');
+        } else {
+            document.querySelector('.omni-tabs .omni-tab:nth-child(2)').classList.add('active');
+            document.getElementById('omni-visual-view').classList.add('active');
+        }
+    };
+
+    // ----------------------------------------------------
+    // 5. CHAT ENGINE
+    // ----------------------------------------------------
+    const chatInput = document.getElementById('omni-input');
+    const sendBtn = document.getElementById('omni-send');
+    const msgContainer = document.getElementById('omni-messages');
 
     async function sendMessage() {
-        const text = inputField.value.trim();
+        const text = chatInput.value.trim();
         if (!text) return;
 
-        addMessage(text, 'user');
-        inputField.value = '';
+        addMsg(text, 'user');
+        chatInput.value = '';
         
-        // Loading dots logic
         const loadingDiv = document.createElement('div');
         loadingDiv.className = 'omni-msg bot';
-        loadingDiv.innerHTML = '<span class="omni-dots">...</span>';
-        messagesContainer.appendChild(loadingDiv);
-        messagesContainer.scrollTop = messagesContainer.scrollHeight;
+        loadingDiv.innerHTML = '...';
+        msgContainer.appendChild(loadingDiv);
+        msgContainer.scrollTop = msgContainer.scrollHeight;
 
         try {
             const response = await fetch(`${API_URL}/api/v1/chat`, {
                 method: 'POST',
-                headers: { 
-                    'Content-Type': 'application/json'
-                },
+                headers: { 'Content-Type': 'application/json' },
                 body: JSON.stringify({
                     message: text,
                     session_id: CHAT_SESSION_ID,
-                    api_key: API_KEY // 🔑 Secure Auth
+                    api_key: API_KEY // Auth
                 })
             });
-
+            
+            msgContainer.removeChild(loadingDiv);
             const data = await response.json();
-            messagesContainer.removeChild(loadingDiv);
-
-            if (response.status === 401) {
-                addMessage("🚫 Security Error: Invalid API Key.", 'bot');
-            } else if (response.status === 403) {
-                addMessage("🚫 Security Error: Domain not authorized.", 'bot');
+            
+            if (response.ok) {
+                addMsg(data.response, 'bot');
             } else {
-                addMessage(data.response || "I couldn't process that. Please try again.", 'bot'); 
+                addMsg("⚠️ Error: " + (data.detail || "Server error"), 'bot');
             }
 
-        } catch (error) {
-            if (loadingDiv.parentNode) messagesContainer.removeChild(loadingDiv);
-            addMessage("📡 Connection lost. Is the AI server online?", 'bot');
-            console.error("OmniAgent API Error:", error);
+        } catch (e) {
+            if(loadingDiv.parentNode) msgContainer.removeChild(loadingDiv);
+            addMsg("📡 Connection Error", 'bot');
         }
     }
 
-    // Event Listeners
-    sendButton.addEventListener('click', sendMessage);
-    inputField.addEventListener('keypress', (e) => { 
-        if(e.key === 'Enter') { sendMessage(); }
-    });
+    function addMsg(text, sender) {
+        const div = document.createElement('div');
+        div.className = `omni-msg ${sender}`;
+        div.innerText = text; // Secure text insertion
+        msgContainer.appendChild(div);
+        msgContainer.scrollTop = msgContainer.scrollHeight;
+    }
+
+    sendBtn.onclick = sendMessage;
+    chatInput.onkeypress = (e) => { if(e.key === 'Enter') sendMessage(); };
+
+    // ----------------------------------------------------
+    // 6. VISUAL SEARCH ENGINE
+    // ----------------------------------------------------
+    const fileInput = document.getElementById('omni-file-input');
+    const visualLoader = document.getElementById('omni-visual-loader');
+    const visualResults = document.getElementById('omni-visual-results');
+
+    fileInput.onchange = async function() {
+        const file = fileInput.files[0];
+        if (!file) return;
+
+        visualLoader.style.display = 'block';
+        visualResults.innerHTML = '';
+
+        const formData = new FormData();
+        formData.append('file', file);
+
+        try {
+            const response = await fetch(`${API_URL}/api/v1/visual/search`, {
+                method: 'POST',
+                headers: { 
+                    'x-api-key': API_KEY // Header Auth ✅
+                },
+                body: formData
+            });
+
+            const data = await response.json();
+            visualLoader.style.display = 'none';
+
+            if (!response.ok) {
+                visualResults.innerHTML = `<p style="color:red; margin-top:20px;">Error: ${data.detail}</p>`;
+                return;
+            }
+
+            if (!data.results || data.results.length === 0) {
+                visualResults.innerHTML = '<p style="color:#777; margin-top:20px;">No similar products found.</p>';
+                return;
+            }
+
+            // Render Results
+            data.results.forEach(item => {
+                const score = (item.similarity * 100).toFixed(0);
+                const el = document.createElement('a');
+                el.className = 'omni-result-card';
+                el.href = `/product/${item.slug || '#'}`; // Dynamic link
+                el.target = '_blank';
+                el.innerHTML = `
+                    <img src="${item.image_path}" class="omni-result-img" onerror="this.src='https://via.placeholder.com/60'">
+                    <div>
+                        <div style="font-weight:bold; font-size:14px;">Product Match</div>
+                        <div style="font-size:12px; color:#27ae60;">${score}% Similarity</div>
+                    </div>
+                `;
+                visualResults.appendChild(el);
+            });
+
+        } catch (e) {
+            visualLoader.style.display = 'none';
+            visualResults.innerHTML = '<p style="color:red;">Connection Failed</p>';
+        }
+    };
 
-    // Initial Welcome (AI Persona)
-    setTimeout(() => {
-        addMessage("Hello! I am your AI assistant. How can I help you today?", "bot");
-    }, 1500);
+    // Initial Hello
+    setTimeout(() => addMsg("Hi! I can help you find products by chatting or uploading an image.", "bot"), 1000);
 
 })();