# Engine API ## Purpose The engine API provides an HTTP interface for knowledge base operations including search, document ingestion, document management, tag management, and system status. ## Requirements ### Requirement: Engine startup and model loading The engine SHALL load the embedding model eagerly at startup before accepting HTTP requests. The engine SHALL expose a health endpoint that returns unhealthy until the model is fully loaded and the database is initialised. #### Scenario: Cold start with model download - **WHEN** the engine starts for the first time with no cached model - **THEN** it SHALL download the configured embedding model, load it into memory (GPU if available, CPU otherwise), enable WAL mode on the SQLite database, and begin accepting requests only after all initialisation completes #### Scenario: Health check during startup - **WHEN** a client sends `GET /api/v1/health` before the model is loaded - **THEN** the engine SHALL respond with HTTP 503 and `{"status": "starting"}` #### Scenario: Health check after startup - **WHEN** a client sends `GET /api/v1/health` after initialisation completes - **THEN** the engine SHALL respond with HTTP 200 and `{"status": "healthy"}` --- ### Requirement: Hybrid search The engine SHALL provide hybrid search combining BM25 full-text search (via FTS5) and vector similarity search (via sqlite-vec), merged using Reciprocal Rank Fusion. Search SHALL complete in under 100ms when the model is warm. The engine SHALL sanitize user query strings to prevent FTS5 syntax errors for any input. #### Scenario: Hybrid search with results - **WHEN** a client sends `POST /api/v1/search` with body `{"query": "how to change oil", "top": 5}` - **THEN** the engine SHALL embed the query using the resident model, run both FTS5 and vector searches, merge results via RRF, and return a JSON response with matched chunks including scores, document metadata, and tags #### Scenario: Search with filters - **WHEN** a client sends `POST /api/v1/search` with body `{"query": "brakes", "tags": ["maintenance"], "doc_type": "pdf", "top": 3}` - **THEN** the engine SHALL apply tag and document type filters to both FTS5 and vector results before merging #### Scenario: Search with mode override - **WHEN** a client sends `POST /api/v1/search` with body `{"query": "error log", "fts_only": true}` - **THEN** the engine SHALL return only FTS5 results without running vector search #### Scenario: Empty knowledge base - **WHEN** a client searches against an empty database - **THEN** the engine SHALL return HTTP 200 with `{"query": "...", "results": [], "total_matches": 0}` #### Scenario: Search with special characters - **WHEN** a client sends `POST /api/v1/search` with body `{"query": "what color is grass?"}` - **THEN** the engine SHALL sanitize the query for FTS5, execute the search successfully, and return results (not a 500 error) #### Scenario: Search with FTS5 operators in query - **WHEN** a client sends `POST /api/v1/search` with body `{"query": "NOT something OR (other)"}` - **THEN** the engine SHALL treat the input as literal search terms, not FTS5 operators, and return matching results #### Scenario: Search with only special characters - **WHEN** a client sends `POST /api/v1/search` with body `{"query": "??!@#"}` - **THEN** the engine SHALL return HTTP 200 with an empty result set (not a 500 error) #### Scenario: Search with quotes in query - **WHEN** a client sends `POST /api/v1/search` with body `{"query": "the \"quick\" fox"}` - **THEN** the engine SHALL sanitize embedded quotes and return results normally --- ### Requirement: Async ingestion via job queue The engine SHALL accept file uploads and text notes for ingestion asynchronously. Uploaded content SHALL be written to a staging area and a job record created in the database. The engine SHALL return HTTP 202 immediately. A background worker SHALL process queued jobs sequentially. Before staging, the engine SHALL compute a SHA256 hash of the uploaded content and reject duplicates immediately. #### Scenario: Upload a PDF file - **WHEN** a client sends `POST /api/v1/jobs` with a multipart form containing a PDF file and optional fields (tags, doc_type) - **THEN** the engine SHALL compute the SHA256 hash of the file bytes, verify no existing document has the same hash, write the file to the staging directory, create a job record with status `queued`, and return HTTP 202 with `{"job_id": "", "status": "queued", "filename": "report.pdf"}` #### Scenario: Upload a text note - **WHEN** a client sends `POST /api/v1/jobs` with a multipart form containing a `note` text field and optional `title` field - **THEN** the engine SHALL compute the SHA256 hash of the note text (UTF-8 encoded), verify no existing document has the same hash, write the note content to a staging file, create a job record with status `queued`, and return HTTP 202 with the job ID #### Scenario: Upload multiple files in sequence - **WHEN** a client sends multiple `POST /api/v1/jobs` requests in quick succession - **THEN** the engine SHALL queue each job independently and the background worker SHALL process them in FIFO order #### Scenario: Duplicate file detected at upload time (already ingested) - **WHEN** a client uploads a file whose SHA256 content hash matches an already-ingested document - **THEN** the engine SHALL NOT stage the file or create a job record, and SHALL return HTTP 409 with `{"error": "duplicate", "document_id": , "title": ""}` #### Scenario: Duplicate file detected at upload time (in-flight job) - **WHEN** a client uploads a file whose SHA256 content hash matches a queued or processing job - **THEN** the engine SHALL NOT stage the file or create a job record, and SHALL return HTTP 409 with `{"error": "duplicate", "job_id": <id>, "title": "<filename>"}` #### Scenario: Duplicate note detected at upload time (already ingested) - **WHEN** a client submits a note whose SHA256 content hash matches an already-ingested document - **THEN** the engine SHALL NOT stage the note or create a job record, and SHALL return HTTP 409 with `{"error": "duplicate", "document_id": <id>, "title": "<title>"}` #### Scenario: Duplicate note detected at upload time (in-flight job) - **WHEN** a client submits a note whose SHA256 content hash matches a queued or processing job - **THEN** the engine SHALL NOT stage the note or create a job record, and SHALL return HTTP 409 with `{"error": "duplicate", "job_id": <id>, "title": "<filename>"}` #### Scenario: Duplicate uploaded during concurrent request handling - **WHEN** two identical files are uploaded in the same instant, both passing the API hash check before either job is committed - **THEN** both jobs SHALL be queued, and the background worker SHALL process the first normally and mark the second as `skipped` (worker-side safety net via `hash_exists()` and UNIQUE constraint) #### Scenario: Upload failure due to unsupported file type - **WHEN** a client uploads a file with an unsupported extension - **THEN** the engine SHALL return HTTP 422 with an error message listing supported types --- ### Requirement: Job status tracking The engine SHALL maintain job records in SQLite with status tracking. Jobs SHALL transition through states: `queued` → `processing` → `done` | `failed` | `skipped`. #### Scenario: List all jobs - **WHEN** a client sends `GET /api/v1/jobs` - **THEN** the engine SHALL return a JSON array of job records ordered by creation time (newest first), each including job_id, filename, status, created_at, and completed_at #### Scenario: Filter jobs by status - **WHEN** a client sends `GET /api/v1/jobs?status=failed` - **THEN** the engine SHALL return only jobs with the specified status #### Scenario: Get job details - **WHEN** a client sends `GET /api/v1/jobs/{id}` - **THEN** the engine SHALL return the full job record including status, filename, error message (if failed), document_id (if done), chunk count, and timing information #### Scenario: Job not found - **WHEN** a client sends `GET /api/v1/jobs/{id}` with a non-existent ID - **THEN** the engine SHALL return HTTP 404 --- ### Requirement: Background ingestion worker The engine SHALL run a background worker that processes queued jobs. The worker SHALL process one job at a time. For each job, it SHALL: detect document type, run the appropriate chunking pipeline (Docling for PDFs, header-based for Markdown, AST-based for code, whole-text for notes), generate embeddings using the resident model, insert chunks and vectors into the database, and move the original file to persistent storage. #### Scenario: Successful PDF ingestion - **WHEN** the background worker picks up a queued PDF job - **THEN** it SHALL update the job status to `processing`, run Docling conversion and chunking, embed all chunks, insert document and chunks into the database, move the staged file to `{data_dir}/documents/{content_hash}.pdf`, update `documents.stored_path` with the permanent path, store the original filename in `documents.original_filename`, update the job status to `done` with the resulting document_id and chunk count, and clean up the staging entry #### Scenario: Ingestion failure - **WHEN** the background worker encounters an error during processing (e.g., corrupt PDF) - **THEN** it SHALL update the job status to `failed` with the error message, delete the staged file, and continue processing the next queued job #### Scenario: Search during active ingestion - **WHEN** a search request arrives while the background worker is processing a job - **THEN** the search SHALL execute without blocking (SQLite WAL mode) and return results from already-ingested documents --- ### Requirement: Document management The engine SHALL provide endpoints to list, inspect, remove, and download original files for ingested documents. #### Scenario: List documents - **WHEN** a client sends `GET /api/v1/documents` - **THEN** the engine SHALL return a JSON array of documents with id, title, doc_type, tags, chunk_count, and created_at #### Scenario: List documents with filters - **WHEN** a client sends `GET /api/v1/documents?type=pdf&tags=manual` - **THEN** the engine SHALL return only documents matching all specified filters #### Scenario: Get document details - **WHEN** a client sends `GET /api/v1/documents/{id}` - **THEN** the engine SHALL return the full document record including all chunks, their text content, and whether the original file is available (`has_file: true/false`) #### Scenario: Download original file - **WHEN** a client sends `GET /api/v1/documents/{id}/file` - **THEN** the engine SHALL return the original file with appropriate Content-Type and `Content-Disposition: attachment; filename="{original_filename}"` headers, or HTTP 404 if the file is not available #### Scenario: Remove a document - **WHEN** a client sends `DELETE /api/v1/documents/{id}` - **THEN** the engine SHALL delete the document, all its chunks, associated embeddings, tag associations, and the stored original file from disk, and return HTTP 200 with a confirmation #### Scenario: Remove non-existent document - **WHEN** a client sends `DELETE /api/v1/documents/{id}` with a non-existent ID - **THEN** the engine SHALL return HTTP 404 --- ### Requirement: Tag management The engine SHALL provide endpoints to list all tags and manage tags on documents. #### Scenario: List all tags - **WHEN** a client sends `GET /api/v1/tags` - **THEN** the engine SHALL return a JSON array of tags with name and document count #### Scenario: Add tags to a document - **WHEN** a client sends `PUT /api/v1/documents/{id}/tags` with body `{"add": ["manual", "v2"]}` - **THEN** the engine SHALL add the specified tags to the document and return the updated tag list #### Scenario: Remove tags from a document - **WHEN** a client sends `PUT /api/v1/documents/{id}/tags` with body `{"remove": ["draft"]}` - **THEN** the engine SHALL remove the specified tags from the document and return the updated tag list --- ### Requirement: Engine status and reindex The engine SHALL provide status information and support re-embedding all chunks. #### Scenario: Get engine status - **WHEN** a client sends `GET /api/v1/status` - **THEN** the engine SHALL return JSON with model_name, embedding_dim, GPU device info, database stats (document count by type, total chunks, DB size), and queue stats (queued/processing job count) #### Scenario: Trigger reindex - **WHEN** a client sends `POST /api/v1/reindex` - **THEN** the engine SHALL re-embed all existing chunks using the currently loaded model and return progress information. This operation SHALL NOT block search queries. --- ### Requirement: API authentication The engine SHALL support optional API key authentication via Bearer token. When `KB_API_KEY` is set, all requests MUST include a matching `Authorization: Bearer <key>` header. When `KB_API_KEY` is not set, authentication SHALL be disabled. #### Scenario: Valid API key - **WHEN** `KB_API_KEY` is set and a request includes a matching Bearer token - **THEN** the engine SHALL process the request normally #### Scenario: Missing API key when required - **WHEN** `KB_API_KEY` is set and a request has no Authorization header - **THEN** the engine SHALL return HTTP 401 `{"error": "authentication required"}` #### Scenario: Invalid API key - **WHEN** `KB_API_KEY` is set and a request includes a non-matching Bearer token - **THEN** the engine SHALL return HTTP 401 `{"error": "invalid api key"}` #### Scenario: Auth disabled - **WHEN** `KB_API_KEY` is not set - **THEN** the engine SHALL process all requests without requiring authentication --- ### Requirement: Engine configuration via environment variables The engine SHALL be configured via environment variables. No config file is read by the engine — all configuration comes from the environment (set via compose.yaml or Docker run). #### Scenario: Default configuration - **WHEN** the engine starts with no environment variables set - **THEN** it SHALL use defaults: data directory `/data`, model `all-MiniLM-L6-v2`, device `auto`, no API key required. It SHALL create `staging/` and `documents/` subdirectories under the data directory. #### Scenario: Custom model - **WHEN** `KB_MODEL` is set to `BAAI/bge-small-en-v1.5` - **THEN** the engine SHALL download and load that model instead of the default