fix(celery): Guardrail for User File Processing (#8633)

Co-authored-by: Jamison Lahman <jamison@lahman.dev>

.github/workflows/pr-python-checks.yml

@@ -50,8 +50,9 @@ jobs:
         uses: runs-on/cache@50350ad4242587b6c8c2baa2e740b1bc11285ff4 # ratchet:runs-on/cache@v4
         with:
           path: backend/.mypy_cache
-          key: mypy-${{ runner.os }}-${{ hashFiles('**/*.py', '**/*.pyi', 'backend/pyproject.toml') }}
+          key: mypy-${{ runner.os }}-${{ github.base_ref || github.event.merge_group.base_ref || 'main' }}-${{ hashFiles('**/*.py', '**/*.pyi', 'backend/pyproject.toml') }}
           restore-keys: |
+            mypy-${{ runner.os }}-${{ github.base_ref || github.event.merge_group.base_ref || 'main' }}-
             mypy-${{ runner.os }}-
 
       - name: Run MyPy

.pre-commit-config.yaml

@@ -66,8 +66,7 @@ repos:
       - id: uv-run
         name: Check lazy imports
         args: ["--active", "--with=onyx-devtools", "ods", "check-lazy-imports"]
-        pass_filenames: true
-        files: ^backend/(?!\.venv/|scripts/).*\.py$
+        files: ^backend/(?!\.venv/).*\.py$
       # NOTE: This takes ~6s on a single, large module which is prohibitively slow.
       # - id: uv-run
       #   name: mypy

.vscode/launch.json

@@ -415,6 +415,7 @@
         "onyx.background.celery.versioned_apps.docfetching",
         "worker",
         "--pool=threads",
+        "--concurrency=1",
         "--prefetch-multiplier=1",
         "--loglevel=INFO",
         "--hostname=docfetching@%n",
@@ -445,6 +446,7 @@
         "onyx.background.celery.versioned_apps.docprocessing",
         "worker",
         "--pool=threads",
+        "--concurrency=6",
         "--prefetch-multiplier=1",
         "--loglevel=INFO",
         "--hostname=docprocessing@%n",
@@ -593,23 +595,6 @@
         "group": "3"
       }
     },
-    {
-      "name": "Build Sandbox Templates",
-      "type": "debugpy",
-      "request": "launch",
-      "module": "onyx.server.features.build.sandbox.build_templates",
-      "cwd": "${workspaceFolder}/backend",
-      "envFile": "${workspaceFolder}/.vscode/.env",
-      "env": {
-        "PYTHONUNBUFFERED": "1",
-        "PYTHONPATH": "."
-      },
-      "console": "integratedTerminal",
-      "presentation": {
-        "group": "3"
-      },
-      "consoleTitle": "Build Sandbox Templates"
-    },
     {
       // Dummy entry used to label the group
       "name": "--- Database ---",

backend/.dockerignore

@@ -16,8 +16,3 @@ dist/
 .coverage
 htmlcov/
 model_server/legacy/
-
-# Craft: demo_data directory should be unzipped at container startup, not copied
-**/demo_data/
-# Craft: templates/outputs/venv is created at container startup
-**/templates/outputs/venv

backend/Dockerfile

@@ -7,10 +7,6 @@ have a contract or agreement with DanswerAI, you are not permitted to use the En
 Edition features outside of personal development or testing purposes. Please reach out to \
 founders@onyx.app for more information. Please visit https://github.com/onyx-dot-app/onyx"
 
-# Build argument for Craft support (disabled by default)
-# Use --build-arg ENABLE_CRAFT=true to include Node.js and opencode CLI
-ARG ENABLE_CRAFT=false
-
 # DO_NOT_TRACK is used to disable telemetry for Unstructured
 ENV DANSWER_RUNNING_IN_DOCKER="true" \
     DO_NOT_TRACK="true" \
@@ -50,23 +46,7 @@ RUN apt-get update && \
     rm -rf /var/lib/apt/lists/* && \
     apt-get clean
 
-# Conditionally install Node.js 20 for Craft (required for Next.js)
-# Only installed when ENABLE_CRAFT=true
-RUN if [ "$ENABLE_CRAFT" = "true" ]; then \
-        echo "Installing Node.js 20 for Craft support..." && \
-        curl -fsSL https://deb.nodesource.com/setup_20.x | bash - && \
-        apt-get install -y nodejs && \
-        rm -rf /var/lib/apt/lists/*; \
-    fi
 
-# Conditionally install opencode CLI for Craft agent functionality
-# Only installed when ENABLE_CRAFT=true
-# TODO: download a specific, versioned release of the opencode CLI
-RUN if [ "$ENABLE_CRAFT" = "true" ]; then \
-        echo "Installing opencode CLI for Craft support..." && \
-        curl -fsSL https://opencode.ai/install | bash; \
-    fi
-ENV PATH="/root/.opencode/bin:${PATH}"
 
 # Install Python dependencies
 # Remove py which is pulled in by retry, py is not needed and is a CVE
@@ -109,12 +89,6 @@ RUN uv pip install --system --no-cache-dir --upgrade \
 RUN python -c "from tokenizers import Tokenizer; \
 Tokenizer.from_pretrained('nomic-ai/nomic-embed-text-v1')"
 
-# Pre-downloading NLTK for setups with limited egress
-RUN python -c "import nltk; \
-    nltk.download('stopwords', quiet=True); \
-    nltk.download('punkt_tab', quiet=True);"
-# nltk.download('wordnet', quiet=True); introduce this back if lemmatization is needed
-
 # Pre-downloading tiktoken for setups with limited egress
 RUN python -c "import tiktoken; \
 tiktoken.get_encoding('cl100k_base')"
@@ -139,8 +113,7 @@ COPY --chown=onyx:onyx ./static /app/static
 COPY --chown=onyx:onyx ./scripts/debugging /app/scripts/debugging
 COPY --chown=onyx:onyx ./scripts/force_delete_connector_by_id.py /app/scripts/force_delete_connector_by_id.py
 COPY --chown=onyx:onyx ./scripts/supervisord_entrypoint.sh /app/scripts/supervisord_entrypoint.sh
-COPY --chown=onyx:onyx ./scripts/setup_craft_templates.sh /app/scripts/setup_craft_templates.sh
-RUN chmod +x /app/scripts/supervisord_entrypoint.sh /app/scripts/setup_craft_templates.sh
+RUN chmod +x /app/scripts/supervisord_entrypoint.sh
 
 # Put logo in assets
 COPY --chown=onyx:onyx ./assets /app/assets

backend/alembic/versions/2020d417ec84_single_onyx_craft_migration.py

@@ -1,351 +0,0 @@
-"""single onyx craft migration
-
-Consolidates all buildmode/onyx craft tables into a single migration.
-
-Tables created:
-- build_session: User build sessions with status tracking
-- sandbox: User-owned containerized environments (one per user)
-- artifact: Build output files (web apps, documents, images)
-- snapshot: Sandbox filesystem snapshots
-- build_message: Conversation messages for build sessions
-
-Existing table modified:
-- connector_credential_pair: Added processing_mode column
-
-Revision ID: 2020d417ec84
-Revises: 41fa44bef321
-Create Date: 2026-01-26 14:43:54.641405
-
-"""
-
-from alembic import op
-import sqlalchemy as sa
-from sqlalchemy.dialects import postgresql
-
-
-# revision identifiers, used by Alembic.
-revision = "2020d417ec84"
-down_revision = "41fa44bef321"
-branch_labels = None
-depends_on = None
-
-
-def upgrade() -> None:
-    # ==========================================================================
-    # ENUMS
-    # ==========================================================================
-
-    # Build session status enum
-    build_session_status_enum = sa.Enum(
-        "active",
-        "idle",
-        name="buildsessionstatus",
-        native_enum=False,
-    )
-
-    # Sandbox status enum
-    sandbox_status_enum = sa.Enum(
-        "provisioning",
-        "running",
-        "idle",
-        "sleeping",
-        "terminated",
-        "failed",
-        name="sandboxstatus",
-        native_enum=False,
-    )
-
-    # Artifact type enum
-    artifact_type_enum = sa.Enum(
-        "web_app",
-        "pptx",
-        "docx",
-        "markdown",
-        "excel",
-        "image",
-        name="artifacttype",
-        native_enum=False,
-    )
-
-    # ==========================================================================
-    # BUILD_SESSION TABLE
-    # ==========================================================================
-
-    op.create_table(
-        "build_session",
-        sa.Column("id", postgresql.UUID(as_uuid=True), primary_key=True),
-        sa.Column(
-            "user_id",
-            postgresql.UUID(as_uuid=True),
-            sa.ForeignKey("user.id", ondelete="CASCADE"),
-            nullable=True,
-        ),
-        sa.Column("name", sa.String(), nullable=True),
-        sa.Column(
-            "status",
-            build_session_status_enum,
-            nullable=False,
-            server_default="active",
-        ),
-        sa.Column(
-            "created_at",
-            sa.DateTime(timezone=True),
-            server_default=sa.text("now()"),
-            nullable=False,
-        ),
-        sa.Column(
-            "last_activity_at",
-            sa.DateTime(timezone=True),
-            server_default=sa.text("now()"),
-            nullable=False,
-        ),
-        sa.Column("nextjs_port", sa.Integer(), nullable=True),
-        sa.PrimaryKeyConstraint("id"),
-    )
-
-    op.create_index(
-        "ix_build_session_user_created",
-        "build_session",
-        ["user_id", sa.text("created_at DESC")],
-        unique=False,
-    )
-    op.create_index(
-        "ix_build_session_status",
-        "build_session",
-        ["status"],
-        unique=False,
-    )
-
-    # ==========================================================================
-    # SANDBOX TABLE (user-owned, one per user)
-    # ==========================================================================
-
-    op.create_table(
-        "sandbox",
-        sa.Column("id", postgresql.UUID(as_uuid=True), primary_key=True),
-        sa.Column(
-            "user_id",
-            postgresql.UUID(as_uuid=True),
-            sa.ForeignKey("user.id", ondelete="CASCADE"),
-            nullable=False,
-        ),
-        sa.Column("container_id", sa.String(), nullable=True),
-        sa.Column(
-            "status",
-            sandbox_status_enum,
-            nullable=False,
-            server_default="provisioning",
-        ),
-        sa.Column(
-            "created_at",
-            sa.DateTime(timezone=True),
-            server_default=sa.text("now()"),
-            nullable=False,
-        ),
-        sa.Column("last_heartbeat", sa.DateTime(timezone=True), nullable=True),
-        sa.PrimaryKeyConstraint("id"),
-        sa.UniqueConstraint("user_id", name="sandbox_user_id_key"),
-    )
-
-    op.create_index(
-        "ix_sandbox_status",
-        "sandbox",
-        ["status"],
-        unique=False,
-    )
-    op.create_index(
-        "ix_sandbox_container_id",
-        "sandbox",
-        ["container_id"],
-        unique=False,
-    )
-
-    # ==========================================================================
-    # ARTIFACT TABLE
-    # ==========================================================================
-
-    op.create_table(
-        "artifact",
-        sa.Column("id", postgresql.UUID(as_uuid=True), primary_key=True),
-        sa.Column(
-            "session_id",
-            postgresql.UUID(as_uuid=True),
-            sa.ForeignKey("build_session.id", ondelete="CASCADE"),
-            nullable=False,
-        ),
-        sa.Column("type", artifact_type_enum, nullable=False),
-        sa.Column("path", sa.String(), nullable=False),
-        sa.Column("name", sa.String(), nullable=False),
-        sa.Column(
-            "created_at",
-            sa.DateTime(timezone=True),
-            server_default=sa.text("now()"),
-            nullable=False,
-        ),
-        sa.Column(
-            "updated_at",
-            sa.DateTime(timezone=True),
-            server_default=sa.text("now()"),
-            nullable=False,
-        ),
-        sa.PrimaryKeyConstraint("id"),
-    )
-
-    op.create_index(
-        "ix_artifact_session_created",
-        "artifact",
-        ["session_id", sa.text("created_at DESC")],
-        unique=False,
-    )
-    op.create_index(
-        "ix_artifact_type",
-        "artifact",
-        ["type"],
-        unique=False,
-    )
-
-    # ==========================================================================
-    # SNAPSHOT TABLE
-    # ==========================================================================
-
-    op.create_table(
-        "snapshot",
-        sa.Column("id", postgresql.UUID(as_uuid=True), primary_key=True),
-        sa.Column(
-            "session_id",
-            postgresql.UUID(as_uuid=True),
-            sa.ForeignKey("build_session.id", ondelete="CASCADE"),
-            nullable=False,
-        ),
-        sa.Column("storage_path", sa.String(), nullable=False),
-        sa.Column("size_bytes", sa.BigInteger(), nullable=False, server_default="0"),
-        sa.Column(
-            "created_at",
-            sa.DateTime(timezone=True),
-            server_default=sa.text("now()"),
-            nullable=False,
-        ),
-        sa.PrimaryKeyConstraint("id"),
-    )
-
-    op.create_index(
-        "ix_snapshot_session_created",
-        "snapshot",
-        ["session_id", sa.text("created_at DESC")],
-        unique=False,
-    )
-
-    # ==========================================================================
-    # BUILD_MESSAGE TABLE
-    # ==========================================================================
-
-    op.create_table(
-        "build_message",
-        sa.Column("id", postgresql.UUID(as_uuid=True), primary_key=True),
-        sa.Column(
-            "session_id",
-            postgresql.UUID(as_uuid=True),
-            sa.ForeignKey("build_session.id", ondelete="CASCADE"),
-            nullable=False,
-        ),
-        sa.Column(
-            "turn_index",
-            sa.Integer(),
-            nullable=False,
-        ),
-        sa.Column(
-            "type",
-            sa.Enum(
-                "SYSTEM",
-                "USER",
-                "ASSISTANT",
-                "DANSWER",
-                name="messagetype",
-                create_type=False,
-                native_enum=False,
-            ),
-            nullable=False,
-        ),
-        sa.Column(
-            "message_metadata",
-            postgresql.JSONB(),
-            nullable=False,
-        ),
-        sa.Column(
-            "created_at",
-            sa.DateTime(timezone=True),
-            server_default=sa.text("now()"),
-            nullable=False,
-        ),
-        sa.PrimaryKeyConstraint("id"),
-    )
-
-    op.create_index(
-        "ix_build_message_session_turn",
-        "build_message",
-        ["session_id", "turn_index", sa.text("created_at ASC")],
-        unique=False,
-    )
-
-    # ==========================================================================
-    # CONNECTOR_CREDENTIAL_PAIR MODIFICATION
-    # ==========================================================================
-
-    op.add_column(
-        "connector_credential_pair",
-        sa.Column(
-            "processing_mode",
-            sa.String(),
-            nullable=False,
-            server_default="regular",
-        ),
-    )
-
-
-def downgrade() -> None:
-    # ==========================================================================
-    # CONNECTOR_CREDENTIAL_PAIR MODIFICATION
-    # ==========================================================================
-
-    op.drop_column("connector_credential_pair", "processing_mode")
-
-    # ==========================================================================
-    # BUILD_MESSAGE TABLE
-    # ==========================================================================
-
-    op.drop_index("ix_build_message_session_turn", table_name="build_message")
-    op.drop_table("build_message")
-
-    # ==========================================================================
-    # SNAPSHOT TABLE
-    # ==========================================================================
-
-    op.drop_index("ix_snapshot_session_created", table_name="snapshot")
-    op.drop_table("snapshot")
-
-    # ==========================================================================
-    # ARTIFACT TABLE
-    # ==========================================================================
-
-    op.drop_index("ix_artifact_type", table_name="artifact")
-    op.drop_index("ix_artifact_session_created", table_name="artifact")
-    op.drop_table("artifact")
-    sa.Enum(name="artifacttype").drop(op.get_bind(), checkfirst=True)
-
-    # ==========================================================================
-    # SANDBOX TABLE
-    # ==========================================================================
-
-    op.drop_index("ix_sandbox_container_id", table_name="sandbox")
-    op.drop_index("ix_sandbox_status", table_name="sandbox")
-    op.drop_table("sandbox")
-    sa.Enum(name="sandboxstatus").drop(op.get_bind(), checkfirst=True)
-
-    # ==========================================================================
-    # BUILD_SESSION TABLE
-    # ==========================================================================
-
-    op.drop_index("ix_build_session_status", table_name="build_session")
-    op.drop_index("ix_build_session_user_created", table_name="build_session")
-    op.drop_table("build_session")
-    sa.Enum(name="buildsessionstatus").drop(op.get_bind(), checkfirst=True)

backend/alembic/versions/72aa7de2e5cf_make_processing_mode_default_all_caps.py

@@ -1,45 +0,0 @@
-"""make processing mode default all caps
-
-Revision ID: 72aa7de2e5cf
-Revises: 2020d417ec84
-Create Date: 2026-01-26 18:58:47.705253
-
-This migration fixes the ProcessingMode enum value mismatch:
-- SQLAlchemy's Enum with native_enum=False uses enum member NAMES as valid values
-- The original migration stored lowercase VALUES ('regular', 'file_system')
-- This converts existing data to uppercase NAMES ('REGULAR', 'FILE_SYSTEM')
-- Also drops any spurious native PostgreSQL enum type that may have been auto-created
-"""
-
-from alembic import op
-
-
-# revision identifiers, used by Alembic.
-revision = "72aa7de2e5cf"
-down_revision = "2020d417ec84"
-branch_labels = None
-depends_on = None
-
-
-def upgrade() -> None:
-    # Convert existing lowercase values to uppercase to match enum member names
-    op.execute(
-        "UPDATE connector_credential_pair SET processing_mode = 'REGULAR' "
-        "WHERE processing_mode = 'regular'"
-    )
-    op.execute(
-        "UPDATE connector_credential_pair SET processing_mode = 'FILE_SYSTEM' "
-        "WHERE processing_mode = 'file_system'"
-    )
-
-    # Update the server default to use uppercase
-    op.alter_column(
-        "connector_credential_pair",
-        "processing_mode",
-        server_default="REGULAR",
-    )
-
-
-def downgrade() -> None:
-    # State prior to this was broken, so we don't want to revert back to it
-    pass

backend/alembic/versions/9d1543a37106_add_processing_duration_seconds_to_chat_.py

@@ -1,27 +0,0 @@
-"""add processing_duration_seconds to chat_message
-
-Revision ID: 9d1543a37106
-Revises: 72aa7de2e5cf
-Create Date: 2026-01-21 11:42:18.546188
-
-"""
-
-from alembic import op
-import sqlalchemy as sa
-
-# revision identifiers, used by Alembic.
-revision = "9d1543a37106"
-down_revision = "72aa7de2e5cf"
-branch_labels = None
-depends_on = None
-
-
-def upgrade() -> None:
-    op.add_column(
-        "chat_message",
-        sa.Column("processing_duration_seconds", sa.Float(), nullable=True),
-    )
-
-
-def downgrade() -> None:
-    op.drop_column("chat_message", "processing_duration_seconds")

backend/ee/onyx/utils/license.py

@@ -5,7 +5,6 @@ import json
 import os
 from datetime import datetime
 from datetime import timezone
-from pathlib import Path
 
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat.primitives import hashes
@@ -20,27 +19,21 @@ from onyx.utils.logger import setup_logger
 
 logger = setup_logger()
 
-# Path to the license public key file
-_LICENSE_PUBLIC_KEY_PATH = (
-    Path(__file__).parent.parent.parent.parent / "keys" / "license_public_key.pem"
-)
+
+# RSA-4096 Public Key for license verification
+# Load from environment variable - key is generated on the control plane
+# In production, inject via Kubernetes secrets or secrets manager
+LICENSE_PUBLIC_KEY_PEM = os.environ.get("LICENSE_PUBLIC_KEY_PEM", "")
 
 
 def _get_public_key() -> RSAPublicKey:
-    """Load the public key from file, with env var override."""
-    # Allow env var override for flexibility
-    key_pem = os.environ.get("LICENSE_PUBLIC_KEY_PEM")
-
-    if not key_pem:
-        # Read from file
-        if not _LICENSE_PUBLIC_KEY_PATH.exists():
-            raise ValueError(
-                f"License public key not found at {_LICENSE_PUBLIC_KEY_PATH}. "
-                "License verification requires the control plane public key."
-            )
-        key_pem = _LICENSE_PUBLIC_KEY_PATH.read_text()
-
-    key = serialization.load_pem_public_key(key_pem.encode())
+    """Load the public key from environment variable."""
+    if not LICENSE_PUBLIC_KEY_PEM:
+        raise ValueError(
+            "LICENSE_PUBLIC_KEY_PEM environment variable not set. "
+            "License verification requires the control plane public key."
+        )
+    key = serialization.load_pem_public_key(LICENSE_PUBLIC_KEY_PEM.encode())
     if not isinstance(key, RSAPublicKey):
         raise ValueError("Expected RSA public key")
     return key
@@ -60,21 +53,17 @@ def verify_license_signature(license_data: str) -> LicensePayload:
         ValueError: If license data is invalid or signature verification fails
     """
     try:
+        # Decode the license data
         decoded = json.loads(base64.b64decode(license_data))
-
-        # Parse into LicenseData to validate structure
         license_obj = LicenseData(**decoded)
 
-        # IMPORTANT: Use the ORIGINAL payload JSON for signature verification,
-        # not re-serialized through Pydantic. Pydantic may format fields differently
-        # (e.g., datetime "+00:00" vs "Z") which would break signature verification.
-        original_payload = decoded.get("payload", {})
-        payload_json = json.dumps(original_payload, sort_keys=True)
+        payload_json = json.dumps(
+            license_obj.payload.model_dump(mode="json"), sort_keys=True
+        )
         signature_bytes = base64.b64decode(license_obj.signature)
 
         # Verify signature using PSS padding (modern standard)
         public_key = _get_public_key()
-
         public_key.verify(
             signature_bytes,
             payload_json.encode(),
@@ -88,18 +77,16 @@ def verify_license_signature(license_data: str) -> LicensePayload:
         return license_obj.payload
 
     except InvalidSignature:
-        logger.error("[verify_license] FAILED: Signature verification failed")
+        logger.error("License signature verification failed")
         raise ValueError("Invalid license signature")
-    except json.JSONDecodeError as e:
-        logger.error(f"[verify_license] FAILED: JSON decode error: {e}")
+    except json.JSONDecodeError:
+        logger.error("Failed to decode license JSON")
         raise ValueError("Invalid license format: not valid JSON")
     except (ValueError, KeyError, TypeError) as e:
-        logger.error(
-            f"[verify_license] FAILED: Validation error: {type(e).__name__}: {e}"
-        )
-        raise ValueError(f"Invalid license format: {type(e).__name__}: {e}")
+        logger.error(f"License data validation error: {type(e).__name__}")
+        raise ValueError(f"Invalid license format: {type(e).__name__}")
     except Exception:
-        logger.exception("[verify_license] FAILED: Unexpected error")
+        logger.exception("Unexpected error during license verification")
         raise ValueError("License verification failed: unexpected error")
 
 

backend/keys/license_public_key.pem

@@ -1,14 +0,0 @@
------BEGIN PUBLIC KEY-----
-MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5DpchQujdxjCwpc4/RQP
-Hej6rc3SS/5ENCXL0I8NAfMogel0fqG6PKRhonyEh/Bt3P4q18y8vYzAShwf4b6Q
-aS0WwshbvnkjyWlsK0BY4HLBKPkTpes7kaz8MwmPZDeelvGJ7SNv3FvyJR4QsoSQ
-GSoB5iTH7hi63TjzdxtckkXoNG+GdVd/koxVDUv2uWcAoWIFTTcbKWyuq2SS/5Sf
-xdVaIArqfAhLpnNbnM9OS7lZ1xP+29ZXpHxDoeluz35tJLMNBYn9u0y+puo1kW1E
-TOGizlAq5kmEMsTJ55e9ZuyIV3gZAUaUKe8CxYJPkOGt0Gj6e1jHoHZCBJmaq97Y
-stKj//84HNBzajaryEZuEfRecJ94ANEjkD8u9cGmW+9VxRe5544zWguP5WMT/nv1
-0Q+jkOBW2hkY5SS0Rug4cblxiB7bDymWkaX6+sC0VWd5g6WXp36EuP2T0v3mYuHU
-GDEiWbD44ToREPVwE/M07ny8qhLo/HYk2l8DKFt83hXe7ePBnyQdcsrVbQWOO1na
-j43OkoU5gOFyOkrk2RmmtCjA8jSnw+tGCTpRaRcshqoWC1MjZyU+8/kDteXNkmv9
-/B5VxzYSyX+abl7yAu5wLiUPW8l+mOazzWu0nPkmiA160ArxnRyxbGnmp4dUIrt5
-azYku4tQYLSsSabfhcpeiCsCAwEAAQ==
------END PUBLIC KEY-----

backend/onyx/auth/users.py

@@ -1468,7 +1468,7 @@ class OAuth2AuthorizeResponse(BaseModel):
 
 def generate_state_token(
     data: Dict[str, str],
-    secret: SecretType,  # type: ignore[valid-type]
+    secret: SecretType,
     lifetime_seconds: int = STATE_TOKEN_LIFETIME_SECONDS,
 ) -> str:
     data["aud"] = STATE_TOKEN_AUDIENCE
@@ -1484,7 +1484,7 @@ def generate_csrf_token() -> str:
 def create_onyx_oauth_router(
     oauth_client: BaseOAuth2,
     backend: AuthenticationBackend,
-    state_secret: SecretType,  # type: ignore[valid-type]
+    state_secret: SecretType,
     redirect_url: Optional[str] = None,
     associate_by_email: bool = False,
     is_verified_by_default: bool = False,
@@ -1504,7 +1504,7 @@ def get_oauth_router(
     oauth_client: BaseOAuth2,
     backend: AuthenticationBackend,
     get_user_manager: UserManagerDependency[models.UP, models.ID],
-    state_secret: SecretType,  # type: ignore[valid-type]
+    state_secret: SecretType,
     redirect_url: Optional[str] = None,
     associate_by_email: bool = False,
     is_verified_by_default: bool = False,

backend/onyx/background/celery/apps/background.py

@@ -134,7 +134,5 @@ celery_app.autodiscover_tasks(
         "onyx.background.celery.tasks.docprocessing",
         # Docfetching worker tasks
         "onyx.background.celery.tasks.docfetching",
-        # Sandbox cleanup tasks (isolated in build feature)
-        "onyx.server.features.build.sandbox.tasks",
     ]
 )

backend/onyx/background/celery/apps/heavy.py

@@ -98,7 +98,5 @@ for bootstep in base_bootsteps:
 celery_app.autodiscover_tasks(
     [
         "onyx.background.celery.tasks.pruning",
-        # Sandbox tasks (file sync, cleanup)
-        "onyx.server.features.build.sandbox.tasks",
     ]
 )

backend/onyx/background/celery/apps/light.py

@@ -116,7 +116,5 @@ celery_app.autodiscover_tasks(
         "onyx.background.celery.tasks.connector_deletion",
         "onyx.background.celery.tasks.doc_permission_syncing",
         "onyx.background.celery.tasks.docprocessing",
-        # Sandbox cleanup tasks (isolated in build feature)
-        "onyx.server.features.build.sandbox.tasks",
     ]
 )

backend/onyx/background/celery/tasks/beat_schedule.py

@@ -139,27 +139,6 @@ beat_task_templates: list[dict] = [
             "queue": OnyxCeleryQueues.MONITORING,
         },
     },
-    # Sandbox cleanup tasks
-    {
-        "name": "cleanup-idle-sandboxes",
-        "task": OnyxCeleryTask.CLEANUP_IDLE_SANDBOXES,
-        "schedule": timedelta(minutes=1),
-        "options": {
-            "priority": OnyxCeleryPriority.LOW,
-            "expires": BEAT_EXPIRES_DEFAULT,
-            "queue": OnyxCeleryQueues.SANDBOX,
-        },
-    },
-    {
-        "name": "cleanup-old-snapshots",
-        "task": OnyxCeleryTask.CLEANUP_OLD_SNAPSHOTS,
-        "schedule": timedelta(hours=24),
-        "options": {
-            "priority": OnyxCeleryPriority.LOW,
-            "expires": BEAT_EXPIRES_DEFAULT,
-            "queue": OnyxCeleryQueues.SANDBOX,
-        },
-    },
 ]
 
 if ENTERPRISE_EDITION_ENABLED:

backend/onyx/background/celery/tasks/user_file_processing/tasks.py

@@ -12,6 +12,7 @@ from retry import retry
 from sqlalchemy import select
 
 from onyx.background.celery.apps.app_base import task_logger
+from onyx.background.celery.celery_redis import celery_get_queue_length
 from onyx.background.celery.celery_utils import httpx_init_vespa_pool
 from onyx.background.celery.tasks.shared.RetryDocumentIndex import RetryDocumentIndex
 from onyx.configs.app_configs import MANAGED_VESPA
@@ -19,12 +20,14 @@ from onyx.configs.app_configs import VESPA_CLOUD_CERT_PATH
 from onyx.configs.app_configs import VESPA_CLOUD_KEY_PATH
 from onyx.configs.constants import CELERY_GENERIC_BEAT_LOCK_TIMEOUT
 from onyx.configs.constants import CELERY_USER_FILE_PROCESSING_LOCK_TIMEOUT
+from onyx.configs.constants import CELERY_USER_FILE_PROCESSING_TASK_EXPIRES
 from onyx.configs.constants import CELERY_USER_FILE_PROJECT_SYNC_LOCK_TIMEOUT
 from onyx.configs.constants import DocumentSource
 from onyx.configs.constants import OnyxCeleryPriority
 from onyx.configs.constants import OnyxCeleryQueues
 from onyx.configs.constants import OnyxCeleryTask
 from onyx.configs.constants import OnyxRedisLocks
+from onyx.configs.constants import USER_FILE_PROCESSING_MAX_QUEUE_DEPTH
 from onyx.connectors.file.connector import LocalFileConnector
 from onyx.connectors.models import Document
 from onyx.db.engine.sql_engine import get_session_with_current_tenant
@@ -53,6 +56,17 @@ def _user_file_lock_key(user_file_id: str | UUID) -> str:
     return f"{OnyxRedisLocks.USER_FILE_PROCESSING_LOCK_PREFIX}:{user_file_id}"
 
 
+def _user_file_queued_key(user_file_id: str | UUID) -> str:
+    """Key that exists while a process_single_user_file task is sitting in the queue.
+
+    The beat generator sets this with a TTL equal to CELERY_USER_FILE_PROCESSING_TASK_EXPIRES
+    before enqueuing and the worker deletes it as its first action.  This prevents
+    the beat from adding duplicate tasks for files that already have a live task
+    in flight.
+    """
+    return f"{OnyxRedisLocks.USER_FILE_QUEUED_PREFIX}:{user_file_id}"
+
+
 def _user_file_project_sync_lock_key(user_file_id: str | UUID) -> str:
     return f"{OnyxRedisLocks.USER_FILE_PROJECT_SYNC_LOCK_PREFIX}:{user_file_id}"
 
@@ -116,7 +130,24 @@ def _get_document_chunk_count(
 def check_user_file_processing(self: Task, *, tenant_id: str) -> None:
     """Scan for user files with PROCESSING status and enqueue per-file tasks.
 
-    Uses direct Redis locks to avoid overlapping runs.
+    Three mechanisms prevent queue runaway:
+
+    1. **Queue depth backpressure** – if the broker queue already has more than
+       USER_FILE_PROCESSING_MAX_QUEUE_DEPTH items we skip this beat cycle
+       entirely.  Workers are clearly behind; adding more tasks would only make
+       the backlog worse.
+
+    2. **Per-file queued guard** – before enqueuing a task we set a short-lived
+       Redis key (TTL = CELERY_USER_FILE_PROCESSING_TASK_EXPIRES).  If that key
+       already exists the file already has a live task in the queue, so we skip
+       it.  The worker deletes the key the moment it picks up the task so the
+       next beat cycle can re-enqueue if the file is still PROCESSING.
+
+    3. **Task expiry** – every enqueued task carries an `expires` value equal to
+       CELERY_USER_FILE_PROCESSING_TASK_EXPIRES.  If a task is still sitting in
+       the queue after that deadline, Celery discards it without touching the DB.
+       This is a belt-and-suspenders defence: even if the guard key is lost (e.g.
+       Redis restart), stale tasks evict themselves rather than piling up forever.
     """
     task_logger.info("check_user_file_processing - Starting")
 
@@ -131,7 +162,21 @@ def check_user_file_processing(self: Task, *, tenant_id: str) -> None:
         return None
 
     enqueued = 0
+    skipped_guard = 0
     try:
+        # --- Protection 1: queue depth backpressure ---
+        r_celery = self.app.broker_connection().channel().client  # type: ignore
+        queue_len = celery_get_queue_length(
+            OnyxCeleryQueues.USER_FILE_PROCESSING, r_celery
+        )
+        if queue_len > USER_FILE_PROCESSING_MAX_QUEUE_DEPTH:
+            task_logger.warning(
+                f"check_user_file_processing - Queue depth {queue_len} exceeds "
+                f"{USER_FILE_PROCESSING_MAX_QUEUE_DEPTH}, skipping enqueue for "
+                f"tenant={tenant_id}"
+            )
+            return None
+
         with get_session_with_current_tenant() as db_session:
             user_file_ids = (
                 db_session.execute(
@@ -144,12 +189,35 @@ def check_user_file_processing(self: Task, *, tenant_id: str) -> None:
             )
 
             for user_file_id in user_file_ids:
-                self.app.send_task(
-                    OnyxCeleryTask.PROCESS_SINGLE_USER_FILE,
-                    kwargs={"user_file_id": str(user_file_id), "tenant_id": tenant_id},
-                    queue=OnyxCeleryQueues.USER_FILE_PROCESSING,
-                    priority=OnyxCeleryPriority.HIGH,
+                # --- Protection 2: per-file queued guard ---
+                queued_key = _user_file_queued_key(user_file_id)
+                guard_set = redis_client.set(
+                    queued_key,
+                    1,
+                    ex=CELERY_USER_FILE_PROCESSING_TASK_EXPIRES,
+                    nx=True,
                 )
+                if not guard_set:
+                    skipped_guard += 1
+                    continue
+
+                # --- Protection 3: task expiry ---
+                # If task submission fails, clear the guard immediately so the
+                # next beat cycle can retry enqueuing this file.
+                try:
+                    self.app.send_task(
+                        OnyxCeleryTask.PROCESS_SINGLE_USER_FILE,
+                        kwargs={
+                            "user_file_id": str(user_file_id),
+                            "tenant_id": tenant_id,
+                        },
+                        queue=OnyxCeleryQueues.USER_FILE_PROCESSING,
+                        priority=OnyxCeleryPriority.HIGH,
+                        expires=CELERY_USER_FILE_PROCESSING_TASK_EXPIRES,
+                    )
+                except Exception:
+                    redis_client.delete(queued_key)
+                    raise
                 enqueued += 1
 
     finally:
@@ -157,7 +225,8 @@ def check_user_file_processing(self: Task, *, tenant_id: str) -> None:
             lock.release()
 
     task_logger.info(
-        f"check_user_file_processing - Enqueued {enqueued} tasks for tenant={tenant_id}"
+        f"check_user_file_processing - Enqueued {enqueued} skipped_guard={skipped_guard} "
+        f"tasks for tenant={tenant_id}"
     )
     return None
 
@@ -172,6 +241,12 @@ def process_single_user_file(self: Task, *, user_file_id: str, tenant_id: str) -
     start = time.monotonic()
 
     redis_client = get_redis_client(tenant_id=tenant_id)
+
+    # Clear the "queued" guard set by the beat generator so that the next beat
+    # cycle can re-enqueue this file if it is still in PROCESSING state after
+    # this task completes or fails.
+    redis_client.delete(_user_file_queued_key(user_file_id))
+
     file_lock: RedisLock = redis_client.lock(
         _user_file_lock_key(user_file_id),
         timeout=CELERY_USER_FILE_PROCESSING_LOCK_TIMEOUT,

backend/onyx/background/celery/tasks/vespa/document_sync.py

@@ -21,6 +21,8 @@ from onyx.utils.logger import setup_logger
 DOCUMENT_SYNC_PREFIX = "documentsync"
 DOCUMENT_SYNC_FENCE_KEY = f"{DOCUMENT_SYNC_PREFIX}_fence"
 DOCUMENT_SYNC_TASKSET_KEY = f"{DOCUMENT_SYNC_PREFIX}_taskset"
+FENCE_TTL = 7 * 24 * 60 * 60  # 7 days - defensive TTL to prevent memory leaks
+TASKSET_TTL = FENCE_TTL
 
 logger = setup_logger()
 
@@ -50,7 +52,7 @@ def set_document_sync_fence(r: Redis, payload: int | None) -> None:
         r.delete(DOCUMENT_SYNC_FENCE_KEY)
         return
 
-    r.set(DOCUMENT_SYNC_FENCE_KEY, payload)
+    r.set(DOCUMENT_SYNC_FENCE_KEY, payload, ex=FENCE_TTL)
     r.sadd(OnyxRedisConstants.ACTIVE_FENCES, DOCUMENT_SYNC_FENCE_KEY)
 
 
@@ -110,6 +112,7 @@ def generate_document_sync_tasks(
 
         # Add to the tracking taskset in Redis BEFORE creating the celery task
         r.sadd(DOCUMENT_SYNC_TASKSET_KEY, custom_task_id)
+        r.expire(DOCUMENT_SYNC_TASKSET_KEY, TASKSET_TTL)
 
         # Create the Celery task
         celery_app.send_task(

backend/onyx/background/indexing/run_docfetching.py

@@ -31,20 +31,17 @@ from onyx.connectors.interfaces import CheckpointedConnector
 from onyx.connectors.models import ConnectorFailure
 from onyx.connectors.models import ConnectorStopSignal
 from onyx.connectors.models import Document
-from onyx.connectors.models import IndexAttemptMetadata
 from onyx.connectors.models import TextSection
 from onyx.db.connector import mark_ccpair_with_indexing_trigger
 from onyx.db.connector_credential_pair import get_connector_credential_pair_from_id
 from onyx.db.connector_credential_pair import get_last_successful_attempt_poll_range_end
 from onyx.db.connector_credential_pair import update_connector_credential_pair
 from onyx.db.constants import CONNECTOR_VALIDATION_ERROR_MESSAGE_PREFIX
-from onyx.db.document import mark_document_as_indexed_for_cc_pair__no_commit
 from onyx.db.engine.sql_engine import get_session_with_current_tenant
 from onyx.db.enums import AccessType
 from onyx.db.enums import ConnectorCredentialPairStatus
 from onyx.db.enums import IndexingStatus
 from onyx.db.enums import IndexModelStatus
-from onyx.db.enums import ProcessingMode
 from onyx.db.index_attempt import create_index_attempt_error
 from onyx.db.index_attempt import get_index_attempt
 from onyx.db.index_attempt import get_recent_completed_attempts_for_cc_pair
@@ -56,12 +53,7 @@ from onyx.db.models import IndexAttempt
 from onyx.file_store.document_batch_storage import DocumentBatchStorage
 from onyx.file_store.document_batch_storage import get_document_batch_storage
 from onyx.indexing.indexing_heartbeat import IndexingHeartbeatInterface
-from onyx.indexing.indexing_pipeline import index_doc_batch_prepare
-from onyx.server.features.build.indexing.persistent_document_writer import (
-    get_persistent_document_writer,
-)
 from onyx.utils.logger import setup_logger
-from onyx.utils.middleware import make_randomized_onyx_request_id
 from onyx.utils.variable_functionality import global_version
 from shared_configs.configs import MULTI_TENANT
 from shared_configs.contextvars import INDEX_ATTEMPT_INFO_CONTEXTVAR
@@ -375,7 +367,6 @@ def connector_document_extraction(
 
         db_connector = index_attempt.connector_credential_pair.connector
         db_credential = index_attempt.connector_credential_pair.credential
-        processing_mode = index_attempt.connector_credential_pair.processing_mode
         is_primary = index_attempt.search_settings.status == IndexModelStatus.PRESENT
 
         from_beginning = index_attempt.from_beginning
@@ -609,103 +600,34 @@ def connector_document_extraction(
                 logger.debug(f"Indexing batch of documents: {batch_description}")
                 memory_tracer.increment_and_maybe_trace()
 
-                # cc4a
-                if processing_mode == ProcessingMode.FILE_SYSTEM:
-                    # File system only - write directly to persistent storage,
-                    # skip chunking/embedding/Vespa but still track documents in DB
+                # Store documents in storage
+                batch_storage.store_batch(batch_num, doc_batch_cleaned)
 
-                    with get_session_with_current_tenant() as db_session:
-                        # Create metadata for the batch
-                        index_attempt_metadata = IndexAttemptMetadata(
-                            attempt_id=index_attempt_id,
-                            connector_id=db_connector.id,
-                            credential_id=db_credential.id,
-                            request_id=make_randomized_onyx_request_id("FSI"),
-                            structured_id=f"{tenant_id}:{cc_pair_id}:{index_attempt_id}:{batch_num}",
-                            batch_num=batch_num,
-                        )
+                # Create processing task data
+                processing_batch_data = {
+                    "index_attempt_id": index_attempt_id,
+                    "cc_pair_id": cc_pair_id,
+                    "tenant_id": tenant_id,
+                    "batch_num": batch_num,  # 0-indexed
+                }
 
-                        # Upsert documents to PostgreSQL (document table + cc_pair relationship)
-                        # This is a subset of what docprocessing does - just DB tracking, no chunking/embedding
-                        index_doc_batch_prepare(
-                            documents=doc_batch_cleaned,
-                            index_attempt_metadata=index_attempt_metadata,
-                            db_session=db_session,
-                            ignore_time_skip=True,  # Documents already filtered during extraction
-                        )
+                # Queue document processing task
+                app.send_task(
+                    OnyxCeleryTask.DOCPROCESSING_TASK,
+                    kwargs=processing_batch_data,
+                    queue=OnyxCeleryQueues.DOCPROCESSING,
+                    priority=docprocessing_priority,
+                )
 
-                        # Mark documents as indexed for the CC pair
-                        mark_document_as_indexed_for_cc_pair__no_commit(
-                            connector_id=db_connector.id,
-                            credential_id=db_credential.id,
-                            document_ids=[doc.id for doc in doc_batch_cleaned],
-                            db_session=db_session,
-                        )
-                        db_session.commit()
+                batch_num += 1
+                total_doc_batches_queued += 1
 
-                    # Write documents to persistent file system
-                    # Use creator_id for user-segregated storage paths (sandbox isolation)
-                    creator_id = index_attempt.connector_credential_pair.creator_id
-                    if creator_id is None:
-                        raise ValueError(
-                            f"ConnectorCredentialPair {index_attempt.connector_credential_pair.id} "
-                            "must have a creator_id for persistent document storage"
-                        )
-                    user_id_str: str = str(creator_id)
-                    writer = get_persistent_document_writer(
-                        user_id=user_id_str,
-                        tenant_id=tenant_id,
-                    )
-                    written_paths = writer.write_documents(doc_batch_cleaned)
-
-                    # Update coordination directly (no docprocessing task)
-                    with get_session_with_current_tenant() as db_session:
-                        IndexingCoordination.update_batch_completion_and_docs(
-                            db_session=db_session,
-                            index_attempt_id=index_attempt_id,
-                            total_docs_indexed=len(doc_batch_cleaned),
-                            new_docs_indexed=len(doc_batch_cleaned),
-                            total_chunks=0,  # No chunks for file system mode
-                        )
-
-                    batch_num += 1
-                    total_doc_batches_queued += 1
-
-                    logger.info(
-                        f"Wrote documents to file system: "
-                        f"batch_num={batch_num} "
-                        f"docs={len(written_paths)} "
-                        f"attempt={index_attempt_id}"
-                    )
-                else:
-                    # REGULAR mode (default): Full pipeline - store and queue docprocessing
-                    batch_storage.store_batch(batch_num, doc_batch_cleaned)
-
-                    # Create processing task data
-                    processing_batch_data = {
-                        "index_attempt_id": index_attempt_id,
-                        "cc_pair_id": cc_pair_id,
-                        "tenant_id": tenant_id,
-                        "batch_num": batch_num,  # 0-indexed
-                    }
-
-                    # Queue document processing task
-                    app.send_task(
-                        OnyxCeleryTask.DOCPROCESSING_TASK,
-                        kwargs=processing_batch_data,
-                        queue=OnyxCeleryQueues.DOCPROCESSING,
-                        priority=docprocessing_priority,
-                    )
-
-                    batch_num += 1
-                    total_doc_batches_queued += 1
-
-                    logger.info(
-                        f"Queued document processing batch: "
-                        f"batch_num={batch_num} "
-                        f"docs={len(doc_batch_cleaned)} "
-                        f"attempt={index_attempt_id}"
-                    )
+                logger.info(
+                    f"Queued document processing batch: "
+                    f"batch_num={batch_num} "
+                    f"docs={len(doc_batch_cleaned)} "
+                    f"attempt={index_attempt_id}"
+                )
 
             # Check checkpoint size periodically
             CHECKPOINT_SIZE_CHECK_INTERVAL = 100
@@ -741,24 +663,6 @@ def connector_document_extraction(
                 total_batches=batch_num,
             )
 
-        # Trigger file sync to user's sandbox (if running) - only for FILE_SYSTEM mode
-        # This syncs the newly written documents from S3 to any running sandbox pod
-        if processing_mode == ProcessingMode.FILE_SYSTEM:
-            creator_id = index_attempt.connector_credential_pair.creator_id
-            if creator_id:
-                app.send_task(
-                    OnyxCeleryTask.SANDBOX_FILE_SYNC,
-                    kwargs={
-                        "user_id": str(creator_id),
-                        "tenant_id": tenant_id,
-                    },
-                    queue=OnyxCeleryQueues.SANDBOX,
-                )
-                logger.info(
-                    f"Triggered sandbox file sync for user {creator_id} "
-                    f"after indexing complete"
-                )
-
     except Exception as e:
         logger.exception(
             f"Document extraction failed: "

backend/onyx/chat/chat_state.py

@@ -45,8 +45,6 @@ class ChatStateContainer:
         self.citation_to_doc: CitationMapping = {}
         # True if this turn is a clarification question (deep research flow)
         self.is_clarification: bool = False
-        # Tool processing duration (time before answer starts) in seconds
-        self.tool_processing_duration: float | None = None
         # Note: LLM cost tracking is now handled in multi_llm.py
         # Search doc collection - maps dedup key to SearchDoc for all docs from tool calls
         self._all_search_docs: dict[SearchDocKey, SearchDoc] = {}
@@ -103,16 +101,6 @@ class ChatStateContainer:
         with self._lock:
             return self.is_clarification
 
-    def set_tool_processing_duration(self, duration: float | None) -> None:
-        """Set the tool processing duration (time before answer starts)."""
-        with self._lock:
-            self.tool_processing_duration = duration
-
-    def get_tool_processing_duration(self) -> float | None:
-        """Thread-safe getter for tool_processing_duration."""
-        with self._lock:
-            return self.tool_processing_duration
-
     @staticmethod
     def create_search_doc_key(
         search_doc: SearchDoc, use_simple_key: bool = True

backend/onyx/chat/llm_loop.py

@@ -1,4 +1,3 @@
-import time
 from collections.abc import Callable
 
 from sqlalchemy.orm import Session
@@ -391,9 +390,6 @@ def run_llm_loop(
 
         initialize_litellm()
 
-        # Track processing start time for tool duration calculation
-        processing_start_time = time.monotonic()
-
         # Initialize citation processor for handling citations dynamically
         # When include_citations is True, use HYPERLINK mode to format citations as [[1]](url)
         # When include_citations is False, use REMOVE mode to strip citations from output
@@ -555,11 +551,6 @@ def run_llm_loop(
             # This calls the LLM, yields packets (reasoning, answers, etc.) and returns the result
             # It also pre-processes the tool calls in preparation for running them
             tool_defs = [tool.tool_definition() for tool in final_tools]
-
-            # Calculate tool processing duration at this point
-            # This captures the time spent on tool calls before the answer starts streaming
-            tool_processing_duration = time.monotonic() - processing_start_time
-
             llm_step_result, has_reasoned = run_llm_step(
                 emitter=emitter,
                 history=truncated_message_history,
@@ -574,7 +565,6 @@ def run_llm_loop(
                 # final set of documents immediately if desired.
                 final_documents=gathered_documents,
                 user_identity=user_identity,
-                tool_processing_duration=tool_processing_duration,
             )
             if has_reasoned:
                 reasoning_cycles += 1

backend/onyx/chat/llm_step.py

@@ -622,7 +622,6 @@ def run_llm_step_pkt_generator(
     # TODO: Temporary handling of nested tool calls with agents, figure out a better way to handle this
     use_existing_tab_index: bool = False,
     is_deep_research: bool = False,
-    tool_processing_duration: float | None = None,
 ) -> Generator[Packet, None, tuple[LlmStepResult, bool]]:
     """Run an LLM step and stream the response as packets.
     NOTE: DO NOT TOUCH THIS FUNCTION BEFORE ASKING YUHONG, this is very finicky and
@@ -823,12 +822,6 @@ def run_llm_step_pkt_generator(
                         reasoning_start = False
 
                     if not answer_start:
-                        # Store tool processing duration in state container for save_chat
-                        if state_container and tool_processing_duration is not None:
-                            state_container.set_tool_processing_duration(
-                                tool_processing_duration
-                            )
-
                         yield Packet(
                             placement=Placement(
                                 turn_index=turn_index,
@@ -837,7 +830,6 @@ def run_llm_step_pkt_generator(
                             ),
                             obj=AgentResponseStart(
                                 final_documents=final_documents,
-                                tool_processing_duration_seconds=tool_processing_duration,
                             ),
                         )
                         answer_start = True
@@ -1046,7 +1038,6 @@ def run_llm_step(
     max_tokens: int | None = None,
     use_existing_tab_index: bool = False,
     is_deep_research: bool = False,
-    tool_processing_duration: float | None = None,
 ) -> tuple[LlmStepResult, bool]:
     """Wrapper around run_llm_step_pkt_generator that consumes packets and emits them.
 
@@ -1068,7 +1059,6 @@ def run_llm_step(
         max_tokens=max_tokens,
         use_existing_tab_index=use_existing_tab_index,
         is_deep_research=is_deep_research,
-        tool_processing_duration=tool_processing_duration,
     )
 
     while True:

backend/onyx/chat/process_message.py

@@ -4,7 +4,6 @@ An overview can be found in the README.md file in this directory.
 """
 
 import re
-import time
 import traceback
 from collections.abc import Callable
 from uuid import UUID
@@ -86,10 +85,6 @@ from onyx.utils.logger import setup_logger
 from onyx.utils.long_term_log import LongTermLogger
 from onyx.utils.telemetry import mt_cloud_telemetry
 from onyx.utils.timing import log_function_time
-from onyx.utils.variable_functionality import (
-    fetch_versioned_implementation_with_fallback,
-)
-from onyx.utils.variable_functionality import noop_fallback
 from shared_configs.contextvars import get_current_tenant_id
 
 logger = setup_logger()
@@ -313,7 +308,6 @@ def handle_stream_message_objects(
     external_state_container: ChatStateContainer | None = None,
 ) -> AnswerStream:
     tenant_id = get_current_tenant_id()
-    processing_start_time = time.monotonic()
 
     llm: LLM | None = None
     chat_session: ChatSession | None = None
@@ -363,21 +357,20 @@ def handle_stream_message_objects(
             event=MilestoneRecordType.MULTIPLE_ASSISTANTS,
         )
 
-        # Track user message in PostHog for analytics
-        fetch_versioned_implementation_with_fallback(
-            module="onyx.utils.telemetry",
-            attribute="event_telemetry",
-            fallback=noop_fallback,
-        )(
-            distinct_id=user.email if user else tenant_id,
-            event="user_message_sent",
+        mt_cloud_telemetry(
+            tenant_id=tenant_id,
+            distinct_id=(
+                user.email
+                if user and not getattr(user, "is_anonymous", False)
+                else tenant_id
+            ),
+            event=MilestoneRecordType.USER_MESSAGE_SENT,
             properties={
                 "origin": new_msg_req.origin.value,
                 "has_files": len(new_msg_req.file_descriptors) > 0,
                 "has_project": chat_session.project_id is not None,
                 "has_persona": persona is not None and persona.id != DEFAULT_PERSONA_ID,
                 "deep_research": new_msg_req.deep_research,
-                "tenant_id": tenant_id,
             },
         )
 
@@ -604,7 +597,6 @@ def handle_stream_message_objects(
                 chat_session_id=str(chat_session.id),
                 is_connected=check_is_connected,
                 assistant_message=assistant_response,
-                processing_start_time=processing_start_time,
             )
 
         # Run the LLM loop with explicit wrapper for stop signal handling
@@ -725,7 +717,6 @@ def llm_loop_completion_handle(
     db_session: Session,
     chat_session_id: str,
     assistant_message: ChatMessage,
-    processing_start_time: float | None = None,
 ) -> None:
     # Determine if stopped by user
     completed_normally = is_connected()
@@ -757,7 +748,6 @@ def llm_loop_completion_handle(
         assistant_message=assistant_message,
         is_clarification=state_container.is_clarification,
         emitted_citations=state_container.get_emitted_citations(),
-        tool_processing_duration=state_container.get_tool_processing_duration(),
     )
 
 

backend/onyx/chat/save_chat.py

@@ -145,7 +145,6 @@ def save_chat_turn(
     assistant_message: ChatMessage,
     is_clarification: bool = False,
     emitted_citations: set[int] | None = None,
-    tool_processing_duration: float | None = None,
 ) -> None:
     """
     Save a chat turn by populating the assistant_message and creating related entities.
@@ -170,17 +169,12 @@ def save_chat_turn(
         is_clarification: Whether this assistant message is a clarification question (deep research flow)
         emitted_citations: Set of citation numbers that were actually emitted during streaming.
             If provided, only citations in this set will be saved; others are filtered out.
-        tool_processing_duration: Duration of tool processing before answer starts (in seconds)
     """
     # 1. Update ChatMessage with message content, reasoning tokens, and token count
     assistant_message.message = message_text
     assistant_message.reasoning_tokens = reasoning_tokens
     assistant_message.is_clarification = is_clarification
 
-    # Use tool processing duration (captured when MESSAGE_START was emitted)
-    if tool_processing_duration is not None:
-        assistant_message.processing_duration_seconds = tool_processing_duration
-
     # Calculate token count using default tokenizer, when storing, this should not use the LLM
     # specific one so we use a system default tokenizer here.
     default_tokenizer = get_tokenizer(None, None)

backend/onyx/configs/app_configs.py

@@ -207,9 +207,6 @@ OPENSEARCH_HOST = os.environ.get("OPENSEARCH_HOST") or "localhost"
 OPENSEARCH_REST_API_PORT = int(os.environ.get("OPENSEARCH_REST_API_PORT") or 9200)
 OPENSEARCH_ADMIN_USERNAME = os.environ.get("OPENSEARCH_ADMIN_USERNAME", "admin")
 OPENSEARCH_ADMIN_PASSWORD = os.environ.get("OPENSEARCH_ADMIN_PASSWORD", "")
-USING_AWS_MANAGED_OPENSEARCH = (
-    os.environ.get("USING_AWS_MANAGED_OPENSEARCH", "").lower() == "true"
-)
 
 # This is the "base" config for now, the idea is that at least for our dev
 # environments we always want to be dual indexing into both OpenSearch and Vespa
@@ -1045,14 +1042,3 @@ STRIPE_PUBLISHABLE_KEY_URL = (
 )
 # Override for local testing with Stripe test keys (pk_test_*)
 STRIPE_PUBLISHABLE_KEY_OVERRIDE = os.environ.get("STRIPE_PUBLISHABLE_KEY")
-# Persistent Document Storage Configuration
-# When enabled, indexed documents are written to local filesystem with hierarchical structure
-PERSISTENT_DOCUMENT_STORAGE_ENABLED = (
-    os.environ.get("PERSISTENT_DOCUMENT_STORAGE_ENABLED", "").lower() == "true"
-)
-
-# Base directory path for persistent document storage (local filesystem)
-# Example: /var/onyx/indexed-docs or /app/indexed-docs
-PERSISTENT_DOCUMENT_STORAGE_PATH = os.environ.get(
-    "PERSISTENT_DOCUMENT_STORAGE_PATH", "/app/indexed-docs"
-)

backend/onyx/configs/constants.py

@@ -153,6 +153,17 @@ CELERY_EXTERNAL_GROUP_SYNC_LOCK_TIMEOUT = 300  # 5 min
 
 CELERY_USER_FILE_PROCESSING_LOCK_TIMEOUT = 30 * 60  # 30 minutes (in seconds)
 
+# How long a queued user-file task is valid before workers discard it.
+# Should be longer than the beat interval (20 s) but short enough to prevent
+# indefinite queue growth.  Workers drop tasks older than this without touching
+# the DB, so a shorter value = faster drain of stale duplicates.
+CELERY_USER_FILE_PROCESSING_TASK_EXPIRES = 60  # 1 minute (in seconds)
+
+# Maximum number of tasks allowed in the user-file-processing queue before the
+# beat generator stops adding more.  Prevents unbounded queue growth when workers
+# fall behind.
+USER_FILE_PROCESSING_MAX_QUEUE_DEPTH = 500
+
 CELERY_USER_FILE_PROJECT_SYNC_LOCK_TIMEOUT = 5 * 60  # 5 minutes (in seconds)
 
 DANSWER_REDIS_FUNCTION_LOCK_PREFIX = "da_function_lock:"
@@ -241,7 +252,6 @@ class NotificationType(str, Enum):
     TRIAL_ENDS_TWO_DAYS = "two_day_trial_ending"  # 2 days left in trial
     RELEASE_NOTES = "release_notes"
     ASSISTANT_FILES_READY = "assistant_files_ready"
-    FEATURE_ANNOUNCEMENT = "feature_announcement"
 
 
 class BlobType(str, Enum):
@@ -328,7 +338,6 @@ class FileOrigin(str, Enum):
     PLAINTEXT_CACHE = "plaintext_cache"
     OTHER = "other"
     QUERY_HISTORY_CSV = "query_history_csv"
-    SANDBOX_SNAPSHOT = "sandbox_snapshot"
     USER_FILE = "user_file"
 
 
@@ -343,10 +352,10 @@ class MilestoneRecordType(str, Enum):
     CREATED_CONNECTOR = "created_connector"
     CONNECTOR_SUCCEEDED = "connector_succeeded"
     RAN_QUERY = "ran_query"
+    USER_MESSAGE_SENT = "user_message_sent"
     MULTIPLE_ASSISTANTS = "multiple_assistants"
     CREATED_ASSISTANT = "created_assistant"
     CREATED_ONYX_BOT = "created_onyx_bot"
-    REQUESTED_CONNECTOR = "requested_connector"
 
 
 class PostgresAdvisoryLocks(Enum):
@@ -386,9 +395,6 @@ class OnyxCeleryQueues:
     # KG processing queue
     KG_PROCESSING = "kg_processing"
 
-    # Sandbox processing queue
-    SANDBOX = "sandbox"
-
 
 class OnyxRedisLocks:
     PRIMARY_WORKER = "da_lock:primary_worker"
@@ -429,6 +435,9 @@ class OnyxRedisLocks:
     # User file processing
     USER_FILE_PROCESSING_BEAT_LOCK = "da_lock:check_user_file_processing_beat"
     USER_FILE_PROCESSING_LOCK_PREFIX = "da_lock:user_file_processing"
+    # Short-lived key set when a task is enqueued; cleared when the worker picks it up.
+    # Prevents the beat from re-enqueuing the same file while a task is already queued.
+    USER_FILE_QUEUED_PREFIX = "da_lock:user_file_queued"
     USER_FILE_PROJECT_SYNC_BEAT_LOCK = "da_lock:check_user_file_project_sync_beat"
     USER_FILE_PROJECT_SYNC_LOCK_PREFIX = "da_lock:user_file_project_sync"
     USER_FILE_DELETE_BEAT_LOCK = "da_lock:check_user_file_delete_beat"
@@ -437,10 +446,6 @@ class OnyxRedisLocks:
     # Release notes
     RELEASE_NOTES_FETCH_LOCK = "da_lock:release_notes_fetch"
 
-    # Sandbox cleanup
-    CLEANUP_IDLE_SANDBOXES_BEAT_LOCK = "da_lock:cleanup_idle_sandboxes_beat"
-    CLEANUP_OLD_SNAPSHOTS_BEAT_LOCK = "da_lock:cleanup_old_snapshots_beat"
-
 
 class OnyxRedisSignals:
     BLOCK_VALIDATE_INDEXING_FENCES = "signal:block_validate_indexing_fences"
@@ -566,13 +571,6 @@ class OnyxCeleryTask:
     CHECK_KG_PROCESSING_CLUSTERING_ONLY = "check_kg_processing_clustering_only"
     KG_RESET_SOURCE_INDEX = "kg_reset_source_index"
 
-    # Sandbox cleanup
-    CLEANUP_IDLE_SANDBOXES = "cleanup_idle_sandboxes"
-    CLEANUP_OLD_SNAPSHOTS = "cleanup_old_snapshots"
-
-    # Sandbox file sync
-    SANDBOX_FILE_SYNC = "sandbox_file_sync"
-
 
 # this needs to correspond to the matching entry in supervisord
 ONYX_CELERY_BEAT_HEARTBEAT_KEY = "onyx:celery:beat:heartbeat"

backend/onyx/connectors/asana/connector.py

@@ -25,11 +25,17 @@ class AsanaConnector(LoadConnector, PollConnector):
         batch_size: int = INDEX_BATCH_SIZE,
         continue_on_failure: bool = CONTINUE_ON_CONNECTOR_FAILURE,
     ) -> None:
-        self.workspace_id = asana_workspace_id
-        self.project_ids_to_index: list[str] | None = (
-            asana_project_ids.split(",") if asana_project_ids is not None else None
-        )
-        self.asana_team_id = asana_team_id
+        self.workspace_id = asana_workspace_id.strip()
+        if asana_project_ids:
+            project_ids = [
+                project_id.strip()
+                for project_id in asana_project_ids.split(",")
+                if project_id.strip()
+            ]
+            self.project_ids_to_index = project_ids or None
+        else:
+            self.project_ids_to_index = None
+        self.asana_team_id = (asana_team_id.strip() or None) if asana_team_id else None
         self.batch_size = batch_size
         self.continue_on_failure = continue_on_failure
         logger.info(

backend/onyx/connectors/fireflies/connector.py

@@ -89,9 +89,6 @@ def _create_doc_from_transcript(transcript: dict) -> Document | None:
     meeting_date_unix = transcript["date"]
     meeting_date = datetime.fromtimestamp(meeting_date_unix / 1000, tz=timezone.utc)
 
-    # Build hierarchy based on meeting date (year-month)
-    year_month = meeting_date.strftime("%Y-%m")
-
     meeting_organizer_email = transcript["organizer_email"]
     organizer_email_user_info = [BasicExpertInfo(email=meeting_organizer_email)]
 
@@ -105,14 +102,6 @@ def _create_doc_from_transcript(transcript: dict) -> Document | None:
         sections=cast(list[TextSection | ImageSection], sections),
         source=DocumentSource.FIREFLIES,
         semantic_identifier=meeting_title,
-        doc_metadata={
-            "hierarchy": {
-                "source_path": [year_month],
-                "year_month": year_month,
-                "meeting_title": meeting_title,
-                "organizer_email": meeting_organizer_email,
-            }
-        },
         metadata={
             k: str(v)
             for k, v in {

backend/onyx/connectors/github/connector.py

@@ -240,21 +240,8 @@ def _get_userinfo(user: NamedUser) -> dict[str, str]:
 def _convert_pr_to_document(
     pull_request: PullRequest, repo_external_access: ExternalAccess | None
 ) -> Document:
-    repo_full_name = pull_request.base.repo.full_name if pull_request.base else ""
-    # Split full_name (e.g., "owner/repo") into owner and repo
-    parts = repo_full_name.split("/", 1)
-    owner_name = parts[0] if parts else ""
-    repo_name = parts[1] if len(parts) > 1 else repo_full_name
-
-    doc_metadata = {
-        "repo": repo_full_name,
-        "hierarchy": {
-            "source_path": [owner_name, repo_name, "pull_requests"],
-            "owner": owner_name,
-            "repo": repo_name,
-            "object_type": "pull_request",
-        },
-    }
+    repo_name = pull_request.base.repo.full_name if pull_request.base else ""
+    doc_metadata = DocMetadata(repo=repo_name)
     return Document(
         id=pull_request.html_url,
         sections=[
@@ -272,7 +259,7 @@ def _convert_pr_to_document(
             else None
         ),
         # this metadata is used in perm sync
-        doc_metadata=doc_metadata,
+        doc_metadata=doc_metadata.model_dump(),
         metadata={
             k: [str(vi) for vi in v] if isinstance(v, list) else str(v)
             for k, v in {
@@ -329,21 +316,8 @@ def _fetch_issue_comments(issue: Issue) -> str:
 def _convert_issue_to_document(
     issue: Issue, repo_external_access: ExternalAccess | None
 ) -> Document:
-    repo_full_name = issue.repository.full_name if issue.repository else ""
-    # Split full_name (e.g., "owner/repo") into owner and repo
-    parts = repo_full_name.split("/", 1)
-    owner_name = parts[0] if parts else ""
-    repo_name = parts[1] if len(parts) > 1 else repo_full_name
-
-    doc_metadata = {
-        "repo": repo_full_name,
-        "hierarchy": {
-            "source_path": [owner_name, repo_name, "issues"],
-            "owner": owner_name,
-            "repo": repo_name,
-            "object_type": "issue",
-        },
-    }
+    repo_name = issue.repository.full_name if issue.repository else ""
+    doc_metadata = DocMetadata(repo=repo_name)
     return Document(
         id=issue.html_url,
         sections=[TextSection(link=issue.html_url, text=issue.body or "")],
@@ -353,7 +327,7 @@ def _convert_issue_to_document(
         # updated_at is UTC time but is timezone unaware
         doc_updated_at=issue.updated_at.replace(tzinfo=timezone.utc),
         # this metadata is used in perm sync
-        doc_metadata=doc_metadata,
+        doc_metadata=doc_metadata.model_dump(),
         metadata={
             k: [str(vi) for vi in v] if isinstance(v, list) else str(v)
             for k, v in {

backend/onyx/connectors/gmail/connector.py

@@ -390,9 +390,7 @@ class GmailConnector(
         """
         List all user emails if we are on a Google Workspace domain.
         If the domain is gmail.com, or if we attempt to call the Admin SDK and
-        get a 404 or 403, fall back to using the single user.
-        A 404 indicates a personal Gmail account with no Workspace domain.
-        A 403 indicates insufficient permissions (e.g., OAuth user without admin privileges).
+        get a 404, fall back to using the single user.
         """
 
         try:
@@ -415,13 +413,6 @@ class GmailConnector(
                     "with no Workspace domain. Falling back to single user."
                 )
                 return [self.primary_admin_email]
-            elif e.resp.status == 403:
-                logger.warning(
-                    "Received 403 from Admin SDK; this may indicate insufficient permissions "
-                    "(e.g., OAuth user without admin privileges or service account without "
-                    "domain-wide delegation). Falling back to single user."
-                )
-                return [self.primary_admin_email]
             raise
 
     def _fetch_threads_impl(

backend/onyx/connectors/gong/connector.py

@@ -31,6 +31,8 @@ class GongConnector(LoadConnector, PollConnector):
     BASE_URL = "https://api.gong.io"
     MAX_CALL_DETAILS_ATTEMPTS = 6
     CALL_DETAILS_DELAY = 30  # in seconds
+    # Gong API limit is 3 calls/sec — stay safely under it
+    MIN_REQUEST_INTERVAL = 0.5  # seconds between requests
 
     def __init__(
         self,
@@ -44,9 +46,13 @@ class GongConnector(LoadConnector, PollConnector):
         self.continue_on_fail = continue_on_fail
         self.auth_token_basic: str | None = None
         self.hide_user_info = hide_user_info
+        self._last_request_time: float = 0.0
 
+        # urllib3 Retry already respects the Retry-After header by default
+        # (respect_retry_after_header=True), so on 429 it will sleep for the
+        # duration Gong specifies before retrying.
         retry_strategy = Retry(
-            total=5,
+            total=10,
             backoff_factor=2,
             status_forcelist=[429, 500, 502, 503, 504],
         )
@@ -60,8 +66,24 @@ class GongConnector(LoadConnector, PollConnector):
         url = f"{GongConnector.BASE_URL}{endpoint}"
         return url
 
+    def _throttled_request(
+        self, method: str, url: str, **kwargs: Any
+    ) -> requests.Response:
+        """Rate-limited request wrapper. Enforces MIN_REQUEST_INTERVAL between
+        calls to stay under Gong's 3 calls/sec limit and avoid triggering 429s."""
+        now = time.monotonic()
+        elapsed = now - self._last_request_time
+        if elapsed < self.MIN_REQUEST_INTERVAL:
+            time.sleep(self.MIN_REQUEST_INTERVAL - elapsed)
+
+        response = self._session.request(method, url, **kwargs)
+        self._last_request_time = time.monotonic()
+        return response
+
     def _get_workspace_id_map(self) -> dict[str, str]:
-        response = self._session.get(GongConnector.make_url("/v2/workspaces"))
+        response = self._throttled_request(
+            "GET", GongConnector.make_url("/v2/workspaces")
+        )
         response.raise_for_status()
 
         workspaces_details = response.json().get("workspaces")
@@ -105,8 +127,8 @@ class GongConnector(LoadConnector, PollConnector):
                     del body["filter"]["workspaceId"]
 
             while True:
-                response = self._session.post(
-                    GongConnector.make_url("/v2/calls/transcript"), json=body
+                response = self._throttled_request(
+                    "POST", GongConnector.make_url("/v2/calls/transcript"), json=body
                 )
                 # If no calls in the range, just break out
                 if response.status_code == 404:
@@ -141,8 +163,8 @@ class GongConnector(LoadConnector, PollConnector):
             "contentSelector": {"exposedFields": {"parties": True}},
         }
 
-        response = self._session.post(
-            GongConnector.make_url("/v2/calls/extensive"), json=body
+        response = self._throttled_request(
+            "POST", GongConnector.make_url("/v2/calls/extensive"), json=body
         )
         response.raise_for_status()
 
@@ -193,7 +215,8 @@ class GongConnector(LoadConnector, PollConnector):
             # There's a likely race condition in the API where a transcript will have a
             # call id but the call to v2/calls/extensive will not return all of the id's
             # retry with exponential backoff has been observed to mitigate this
-            # in ~2 minutes
+            # in ~2 minutes. After max attempts, proceed with whatever we have —
+            # the per-call loop below will skip missing IDs gracefully.
             current_attempt = 0
             while True:
                 current_attempt += 1
@@ -212,11 +235,14 @@ class GongConnector(LoadConnector, PollConnector):
                     f"missing_call_ids={missing_call_ids}"
                 )
                 if current_attempt >= self.MAX_CALL_DETAILS_ATTEMPTS:
-                    raise RuntimeError(
-                        f"Attempt count exceeded for _get_call_details_by_ids: "
-                        f"missing_call_ids={missing_call_ids} "
-                        f"max_attempts={self.MAX_CALL_DETAILS_ATTEMPTS}"
+                    logger.error(
+                        f"Giving up on missing call id's after "
+                        f"{self.MAX_CALL_DETAILS_ATTEMPTS} attempts: "
+                        f"missing_call_ids={missing_call_ids} — "
+                        f"proceeding with {len(call_details_map)} of "
+                        f"{len(transcript_call_ids)} calls"
                     )
+                    break
 
                 wait_seconds = self.CALL_DETAILS_DELAY * pow(2, current_attempt - 1)
                 logger.warning(

backend/onyx/connectors/google_drive/doc_conversion.py

@@ -46,138 +46,6 @@ from onyx.utils.variable_functionality import noop_fallback
 
 logger = setup_logger()
 
-# Cache for folder path lookups to avoid redundant API calls
-# Maps folder_id -> (folder_name, parent_id)
-_folder_cache: dict[str, tuple[str, str | None]] = {}
-
-
-def _get_folder_info(
-    service: GoogleDriveService, folder_id: str
-) -> tuple[str, str | None]:
-    """Fetch folder name and parent ID, with caching."""
-    if folder_id in _folder_cache:
-        return _folder_cache[folder_id]
-
-    try:
-        folder = (
-            service.files()
-            .get(
-                fileId=folder_id,
-                fields="name, parents",
-                supportsAllDrives=True,
-            )
-            .execute()
-        )
-        folder_name = folder.get("name", "Unknown")
-        parents = folder.get("parents", [])
-        parent_id = parents[0] if parents else None
-        _folder_cache[folder_id] = (folder_name, parent_id)
-        return folder_name, parent_id
-    except HttpError as e:
-        logger.warning(f"Failed to get folder info for {folder_id}: {e}")
-        _folder_cache[folder_id] = ("Unknown", None)
-        return "Unknown", None
-
-
-def _get_drive_name(service: GoogleDriveService, drive_id: str) -> str:
-    """Fetch shared drive name."""
-    cache_key = f"drive_{drive_id}"
-    if cache_key in _folder_cache:
-        return _folder_cache[cache_key][0]
-
-    try:
-        drive = service.drives().get(driveId=drive_id).execute()
-        drive_name = drive.get("name", f"Shared Drive {drive_id}")
-        _folder_cache[cache_key] = (drive_name, None)
-        return drive_name
-    except HttpError as e:
-        logger.warning(f"Failed to get drive name for {drive_id}: {e}")
-        _folder_cache[cache_key] = (f"Shared Drive {drive_id}", None)
-        return f"Shared Drive {drive_id}"
-
-
-def build_folder_path(
-    file: GoogleDriveFileType,
-    service: GoogleDriveService,
-    drive_id: str | None = None,
-    user_email: str | None = None,
-) -> list[str]:
-    """
-    Build the full folder path for a file by walking up the parent chain.
-    Returns a list of folder names from root to immediate parent.
-
-    Args:
-        file: The Google Drive file object
-        service: Google Drive service instance
-        drive_id: Optional drive ID (will be extracted from file if not provided)
-        user_email: Optional user email to check ownership for "My Drive" vs "Shared with me"
-    """
-    path_parts: list[str] = []
-
-    # Get drive_id from file if not provided
-    if drive_id is None:
-        drive_id = file.get("driveId")
-
-    # Check if file is owned by the user (for distinguishing "My Drive" vs "Shared with me")
-    is_owned_by_user = False
-    if user_email:
-        owners = file.get("owners", [])
-        is_owned_by_user = any(
-            owner.get("emailAddress", "").lower() == user_email.lower()
-            for owner in owners
-        )
-
-    # Get the file's parent folder ID
-    parents = file.get("parents", [])
-    if not parents:
-        # File is at root level
-        if drive_id:
-            return [_get_drive_name(service, drive_id)]
-        # If not in a shared drive, check if it's owned by the user
-        if is_owned_by_user:
-            return ["My Drive"]
-        else:
-            return ["Shared with me"]
-
-    parent_id: str | None = parents[0]
-
-    # Walk up the folder hierarchy (limit to 50 levels to prevent infinite loops)
-    visited: set[str] = set()
-    for _ in range(50):
-        if not parent_id or parent_id in visited:
-            break
-        visited.add(parent_id)
-
-        folder_name, next_parent = _get_folder_info(service, parent_id)
-
-        # Check if we've reached the root (parent is the drive itself or no parent)
-        if next_parent is None:
-            # This folder's name is either the drive root, My Drive, or Shared with me
-            if drive_id:
-                path_parts.insert(0, _get_drive_name(service, drive_id))
-            else:
-                # Not in a shared drive - determine if it's "My Drive" or "Shared with me"
-                if is_owned_by_user:
-                    path_parts.insert(0, "My Drive")
-                else:
-                    path_parts.insert(0, "Shared with me")
-            break
-        else:
-            path_parts.insert(0, folder_name)
-            parent_id = next_parent
-
-    # If we didn't find a root, determine the root based on ownership and drive
-    if not path_parts:
-        if drive_id:
-            return [_get_drive_name(service, drive_id)]
-        elif is_owned_by_user:
-            return ["My Drive"]
-        else:
-            return ["Shared with me"]
-
-    return path_parts
-
-
 # This is not a standard valid unicode char, it is used by the docs advanced API to
 # represent smart chips (elements like dates and doc links).
 SMART_CHIP_CHAR = "\ue907"
@@ -658,33 +526,12 @@ def _convert_drive_item_to_document(
             else None
         )
 
-        # Build doc_metadata with hierarchy information
-        file_name = file.get("name", "")
-        mime_type = file.get("mimeType", "")
-        drive_id = file.get("driveId")
-
-        # Build full folder path by walking up the parent chain
-        # Pass retriever_email to determine if file is in "My Drive" vs "Shared with me"
-        source_path = build_folder_path(
-            file, _get_drive_service(), drive_id, retriever_email
-        )
-
-        doc_metadata = {
-            "hierarchy": {
-                "source_path": source_path,
-                "drive_id": drive_id,
-                "file_name": file_name,
-                "mime_type": mime_type,
-            }
-        }
-
         # Create the document
         return Document(
             id=doc_id,
             sections=sections,
             source=DocumentSource.GOOGLE_DRIVE,
-            semantic_identifier=file_name,
-            doc_metadata=doc_metadata,
+            semantic_identifier=file.get("name", ""),
             metadata={
                 "owner_names": ", ".join(
                     owner.get("displayName", "") for owner in file.get("owners", [])

backend/onyx/connectors/google_drive/file_retrieval.py

@@ -39,11 +39,11 @@ PERMISSION_FULL_DESCRIPTION = (
     "permissions(id, emailAddress, type, domain, allowFileDiscovery, permissionDetails)"
 )
 FILE_FIELDS = (
-    "nextPageToken, files(mimeType, id, name, driveId, parents, "
+    "nextPageToken, files(mimeType, id, name, "
     "modifiedTime, webViewLink, shortcutDetails, owners(emailAddress), size)"
 )
 FILE_FIELDS_WITH_PERMISSIONS = (
-    f"nextPageToken, files(mimeType, id, name, driveId, parents, {PERMISSION_FULL_DESCRIPTION}, permissionIds, "
+    f"nextPageToken, files(mimeType, id, name, {PERMISSION_FULL_DESCRIPTION}, permissionIds, "
     "modifiedTime, webViewLink, shortcutDetails, owners(emailAddress), size)"
 )
 SLIM_FILE_FIELDS = (

backend/onyx/connectors/hubspot/connector.py

@@ -490,13 +490,6 @@ class HubSpotConnector(LoadConnector, PollConnector):
                     semantic_identifier=title,
                     doc_updated_at=ticket.updated_at.replace(tzinfo=timezone.utc),
                     metadata=metadata,
-                    doc_metadata={
-                        "hierarchy": {
-                            "source_path": ["Tickets"],
-                            "object_type": "ticket",
-                            "object_id": ticket.id,
-                        }
-                    },
                 )
             )
 
@@ -622,13 +615,6 @@ class HubSpotConnector(LoadConnector, PollConnector):
                     semantic_identifier=title,
                     doc_updated_at=company.updated_at.replace(tzinfo=timezone.utc),
                     metadata=metadata,
-                    doc_metadata={
-                        "hierarchy": {
-                            "source_path": ["Companies"],
-                            "object_type": "company",
-                            "object_id": company.id,
-                        }
-                    },
                 )
             )
 
@@ -752,13 +738,6 @@ class HubSpotConnector(LoadConnector, PollConnector):
                     semantic_identifier=title,
                     doc_updated_at=deal.updated_at.replace(tzinfo=timezone.utc),
                     metadata=metadata,
-                    doc_metadata={
-                        "hierarchy": {
-                            "source_path": ["Deals"],
-                            "object_type": "deal",
-                            "object_id": deal.id,
-                        }
-                    },
                 )
             )
 
@@ -902,13 +881,6 @@ class HubSpotConnector(LoadConnector, PollConnector):
                     semantic_identifier=title,
                     doc_updated_at=contact.updated_at.replace(tzinfo=timezone.utc),
                     metadata=metadata,
-                    doc_metadata={
-                        "hierarchy": {
-                            "source_path": ["Contacts"],
-                            "object_type": "contact",
-                            "object_id": contact.id,
-                        }
-                    },
                 )
             )
 

backend/onyx/connectors/linear/connector.py

@@ -274,10 +274,6 @@ class LinearConnector(LoadConnector, PollConnector, OAuthConnector):
                 # Cast the sections list to the expected type
                 typed_sections = cast(list[TextSection | ImageSection], sections)
 
-                # Extract team name for hierarchy
-                team_name = (node.get("team") or {}).get("name") or "Unknown Team"
-                identifier = node.get("identifier", node["id"])
-
                 documents.append(
                     Document(
                         id=node["id"],
@@ -286,13 +282,6 @@ class LinearConnector(LoadConnector, PollConnector, OAuthConnector):
                         semantic_identifier=f"[{node['identifier']}] {node['title']}",
                         title=node["title"],
                         doc_updated_at=time_str_to_utc(node["updatedAt"]),
-                        doc_metadata={
-                            "hierarchy": {
-                                "source_path": [team_name],
-                                "team_name": team_name,
-                                "identifier": identifier,
-                            }
-                        },
                         metadata={
                             k: str(v)
                             for k, v in {

backend/onyx/connectors/salesforce/connector.py

@@ -6,6 +6,7 @@ import sys
 import tempfile
 import time
 from collections import defaultdict
+from collections.abc import Callable
 from pathlib import Path
 from typing import Any
 from typing import cast
@@ -30,20 +31,29 @@ from onyx.connectors.salesforce.onyx_salesforce import OnyxSalesforce
 from onyx.connectors.salesforce.salesforce_calls import fetch_all_csvs_in_parallel
 from onyx.connectors.salesforce.sqlite_functions import OnyxSalesforceSQLite
 from onyx.connectors.salesforce.utils import ACCOUNT_OBJECT_TYPE
-from onyx.connectors.salesforce.utils import BASE_DATA_PATH
-from onyx.connectors.salesforce.utils import get_sqlite_db_path
 from onyx.connectors.salesforce.utils import ID_FIELD
 from onyx.connectors.salesforce.utils import MODIFIED_FIELD
 from onyx.connectors.salesforce.utils import NAME_FIELD
 from onyx.connectors.salesforce.utils import USER_OBJECT_TYPE
 from onyx.indexing.indexing_heartbeat import IndexingHeartbeatInterface
 from onyx.utils.logger import setup_logger
-from shared_configs.configs import MULTI_TENANT
 
 
 logger = setup_logger()
 
 
+def _convert_to_metadata_value(value: Any) -> str | list[str]:
+    """Convert a Salesforce field value to a valid metadata value.
+
+    Document metadata expects str | list[str], but Salesforce returns
+    various types (bool, float, int, etc.). This function ensures all
+    values are properly converted to strings.
+    """
+    if isinstance(value, list):
+        return [str(item) for item in value]
+    return str(value)
+
+
 _DEFAULT_PARENT_OBJECT_TYPES = [ACCOUNT_OBJECT_TYPE]
 
 _DEFAULT_ATTRIBUTES_TO_KEEP: dict[str, dict[str, str]] = {
@@ -433,6 +443,88 @@ class SalesforceConnector(LoadConnector, PollConnector, SlimConnectorWithPermSyn
     #     # gc.collect()
     #     return all_types
 
+    def _yield_doc_batches(
+        self,
+        sf_db: OnyxSalesforceSQLite,
+        type_to_processed: dict[str, int],
+        changed_ids_to_type: dict[str, str],
+        parent_types: set[str],
+        increment_parents_changed: Callable[[], None],
+    ) -> GenerateDocumentsOutput:
+        """ """
+        docs_to_yield: list[Document] = []
+        docs_to_yield_bytes = 0
+
+        last_log_time = 0.0
+
+        for (
+            parent_type,
+            parent_id,
+            examined_ids,
+        ) in sf_db.get_changed_parent_ids_by_type(
+            changed_ids=list(changed_ids_to_type.keys()),
+            parent_types=parent_types,
+        ):
+            now = time.monotonic()
+
+            processed = examined_ids - 1
+            if now - last_log_time > SalesforceConnector.LOG_INTERVAL:
+                logger.info(
+                    f"Processing stats: {type_to_processed} "
+                    f"file_size={sf_db.file_size} "
+                    f"processed={processed} "
+                    f"remaining={len(changed_ids_to_type) - processed}"
+                )
+                last_log_time = now
+
+            type_to_processed[parent_type] = type_to_processed.get(parent_type, 0) + 1
+
+            parent_object = sf_db.get_record(parent_id, parent_type)
+            if not parent_object:
+                logger.warning(
+                    f"Failed to get parent object {parent_id} for {parent_type}"
+                )
+                continue
+
+            # use the db to create a document we can yield
+            doc = convert_sf_object_to_doc(
+                sf_db,
+                sf_object=parent_object,
+                sf_instance=self.sf_client.sf_instance,
+            )
+
+            doc.metadata["object_type"] = parent_type
+
+            # Add default attributes to the metadata
+            for (
+                sf_attribute,
+                canonical_attribute,
+            ) in _DEFAULT_ATTRIBUTES_TO_KEEP.get(parent_type, {}).items():
+                if sf_attribute in parent_object.data:
+                    doc.metadata[canonical_attribute] = _convert_to_metadata_value(
+                        parent_object.data[sf_attribute]
+                    )
+
+            doc_sizeof = sys.getsizeof(doc)
+            docs_to_yield_bytes += doc_sizeof
+            docs_to_yield.append(doc)
+            increment_parents_changed()
+
+            # memory usage is sensitive to the input length, so we're yielding immediately
+            # if the batch exceeds a certain byte length
+            if (
+                len(docs_to_yield) >= self.batch_size
+                or docs_to_yield_bytes > SalesforceConnector.MAX_BATCH_BYTES
+            ):
+                yield docs_to_yield
+                docs_to_yield = []
+                docs_to_yield_bytes = 0
+
+                # observed a memory leak / size issue with the account table if we don't gc.collect here.
+                gc.collect()
+
+        yield docs_to_yield
+
     def _full_sync(
         self,
         temp_dir: str,
@@ -443,8 +535,6 @@ class SalesforceConnector(LoadConnector, PollConnector, SlimConnectorWithPermSyn
         if not self._sf_client:
             raise RuntimeError("self._sf_client is None!")
 
-        docs_to_yield: list[Document] = []
-
         changed_ids_to_type: dict[str, str] = {}
         parents_changed = 0
         examined_ids = 0
@@ -492,9 +582,6 @@ class SalesforceConnector(LoadConnector, PollConnector, SlimConnectorWithPermSyn
                         f"records={num_records}"
                     )
 
-                    # yield an empty list to keep the connector alive
-                    yield docs_to_yield
-
                     new_ids = sf_db.update_from_csv(
                         object_type=object_type,
                         csv_download_path=csv_path,
@@ -527,79 +614,17 @@ class SalesforceConnector(LoadConnector, PollConnector, SlimConnectorWithPermSyn
             )
 
             # Step 3 - extract and index docs
-            docs_to_yield_bytes = 0
-
-            last_log_time = 0.0
-
-            for (
-                parent_type,
-                parent_id,
-                examined_ids,
-            ) in sf_db.get_changed_parent_ids_by_type(
-                changed_ids=list(changed_ids_to_type.keys()),
-                parent_types=ctx.parent_types,
-            ):
-                now = time.monotonic()
-
-                processed = examined_ids - 1
-                if now - last_log_time > SalesforceConnector.LOG_INTERVAL:
-                    logger.info(
-                        f"Processing stats: {type_to_processed} "
-                        f"file_size={sf_db.file_size} "
-                        f"processed={processed} "
-                        f"remaining={len(changed_ids_to_type) - processed}"
-                    )
-                    last_log_time = now
-
-                type_to_processed[parent_type] = (
-                    type_to_processed.get(parent_type, 0) + 1
-                )
-
-                parent_object = sf_db.get_record(parent_id, parent_type)
-                if not parent_object:
-                    logger.warning(
-                        f"Failed to get parent object {parent_id} for {parent_type}"
-                    )
-                    continue
-
-                # use the db to create a document we can yield
-                doc = convert_sf_object_to_doc(
-                    sf_db,
-                    sf_object=parent_object,
-                    sf_instance=self.sf_client.sf_instance,
-                )
-
-                doc.metadata["object_type"] = parent_type
-
-                # Add default attributes to the metadata
-                for (
-                    sf_attribute,
-                    canonical_attribute,
-                ) in _DEFAULT_ATTRIBUTES_TO_KEEP.get(parent_type, {}).items():
-                    if sf_attribute in parent_object.data:
-                        doc.metadata[canonical_attribute] = parent_object.data[
-                            sf_attribute
-                        ]
-
-                doc_sizeof = sys.getsizeof(doc)
-                docs_to_yield_bytes += doc_sizeof
-                docs_to_yield.append(doc)
+            def increment_parents_changed() -> None:
+                nonlocal parents_changed
                 parents_changed += 1
 
-                # memory usage is sensitive to the input length, so we're yielding immediately
-                # if the batch exceeds a certain byte length
-                if (
-                    len(docs_to_yield) >= self.batch_size
-                    or docs_to_yield_bytes > SalesforceConnector.MAX_BATCH_BYTES
-                ):
-                    yield docs_to_yield
-                    docs_to_yield = []
-                    docs_to_yield_bytes = 0
-
-                    # observed a memory leak / size issue with the account table if we don't gc.collect here.
-                    gc.collect()
-
-            yield docs_to_yield
+            yield from self._yield_doc_batches(
+                sf_db,
+                type_to_processed,
+                changed_ids_to_type,
+                ctx.parent_types,
+                increment_parents_changed,
+            )
         except Exception:
             logger.exception("Unexpected exception")
             raise
@@ -801,7 +826,9 @@ class SalesforceConnector(LoadConnector, PollConnector, SlimConnectorWithPermSyn
                     canonical_attribute,
                 ) in _DEFAULT_ATTRIBUTES_TO_KEEP.get(actual_parent_type, {}).items():
                     if sf_attribute in record:
-                        doc.metadata[canonical_attribute] = record[sf_attribute]
+                        doc.metadata[canonical_attribute] = _convert_to_metadata_value(
+                            record[sf_attribute]
+                        )
 
                 doc_sizeof = sys.getsizeof(doc)
                 docs_to_yield_bytes += doc_sizeof
@@ -1088,36 +1115,21 @@ class SalesforceConnector(LoadConnector, PollConnector, SlimConnectorWithPermSyn
         return return_context
 
     def load_from_state(self) -> GenerateDocumentsOutput:
-        if MULTI_TENANT:
-            # if multi tenant, we cannot expect the sqlite db to be cached/present
-            with tempfile.TemporaryDirectory() as temp_dir:
-                return self._full_sync(temp_dir)
-
-        # nuke the db since we're starting from scratch
-        sqlite_db_path = get_sqlite_db_path(BASE_DATA_PATH)
-        if os.path.exists(sqlite_db_path):
-            logger.info(f"load_from_state: Removing db at {sqlite_db_path}.")
-            os.remove(sqlite_db_path)
-        return self._full_sync(BASE_DATA_PATH)
+        # Always use a temp directory for SQLite - the database is rebuilt
+        # from scratch each time via CSV downloads, so there's no caching benefit
+        # from persisting it. Using temp dirs also avoids collisions between
+        # multiple CC pairs and eliminates stale WAL/SHM file issues.
+        # TODO(evan): make this thing checkpointed and persist/load db from filestore
+        with tempfile.TemporaryDirectory() as temp_dir:
+            yield from self._full_sync(temp_dir)
 
     def poll_source(
         self, start: SecondsSinceUnixEpoch, end: SecondsSinceUnixEpoch
     ) -> GenerateDocumentsOutput:
         """Poll source will synchronize updated parent objects one by one."""
-
-        if start == 0:
-            # nuke the db if we're starting from scratch
-            sqlite_db_path = get_sqlite_db_path(BASE_DATA_PATH)
-            if os.path.exists(sqlite_db_path):
-                logger.info(
-                    f"poll_source: Starting at time 0, removing db at {sqlite_db_path}."
-                )
-                os.remove(sqlite_db_path)
-
-            return self._delta_sync(BASE_DATA_PATH, start, end)
-
+        # Always use a temp directory - see comment in load_from_state()
         with tempfile.TemporaryDirectory() as temp_dir:
-            return self._delta_sync(temp_dir, start, end)
+            yield from self._delta_sync(temp_dir, start, end)
 
     def retrieve_all_slim_docs_perm_sync(
         self,

backend/onyx/connectors/salesforce/sqlite_functions.py

@@ -12,6 +12,7 @@ from onyx.connectors.models import BasicExpertInfo
 from onyx.connectors.salesforce.utils import ACCOUNT_OBJECT_TYPE
 from onyx.connectors.salesforce.utils import ID_FIELD
 from onyx.connectors.salesforce.utils import NAME_FIELD
+from onyx.connectors.salesforce.utils import remove_sqlite_db_files
 from onyx.connectors.salesforce.utils import SalesforceObject
 from onyx.connectors.salesforce.utils import USER_OBJECT_TYPE
 from onyx.connectors.salesforce.utils import validate_salesforce_id
@@ -22,6 +23,9 @@ from shared_configs.utils import batch_list
 logger = setup_logger()
 
 
+SQLITE_DISK_IO_ERROR = "disk I/O error"
+
+
 class OnyxSalesforceSQLite:
     """Notes on context management using 'with self.conn':
 
@@ -99,8 +103,37 @@ class OnyxSalesforceSQLite:
     def apply_schema(self) -> None:
         """Initialize the SQLite database with required tables if they don't exist.
 
-        Non-destructive operation.
+        Non-destructive operation. If a disk I/O error is encountered (often due
+        to stale WAL/SHM files from a previous crash), this method will attempt
+        to recover by removing the corrupted files and recreating the database.
         """
+        try:
+            self._apply_schema_impl()
+        except sqlite3.OperationalError as e:
+            if SQLITE_DISK_IO_ERROR not in str(e):
+                raise
+
+            logger.warning(f"SQLite disk I/O error detected, attempting recovery: {e}")
+            self._recover_from_corruption()
+            self._apply_schema_impl()
+
+    def _recover_from_corruption(self) -> None:
+        """Recover from SQLite corruption by removing all database files and reconnecting."""
+        logger.info(f"Removing corrupted SQLite files: {self.filename}")
+
+        # Close existing connection
+        self.close()
+
+        # Remove all SQLite files (main db, WAL, SHM)
+        remove_sqlite_db_files(self.filename)
+
+        # Reconnect - this will create a fresh database
+        self.connect()
+
+        logger.info("SQLite recovery complete, fresh database created")
+
+    def _apply_schema_impl(self) -> None:
+        """Internal implementation of apply_schema."""
         if self._conn is None:
             raise RuntimeError("Database connection is closed")
 

backend/onyx/connectors/salesforce/utils.py

@@ -41,6 +41,28 @@ def get_sqlite_db_path(directory: str) -> str:
     return os.path.join(directory, "salesforce_db.sqlite")
 
 
+def remove_sqlite_db_files(db_path: str) -> None:
+    """Remove SQLite database and all associated files (WAL, SHM).
+
+    SQLite in WAL mode creates additional files:
+    - .sqlite-wal: Write-ahead log
+    - .sqlite-shm: Shared memory file
+
+    If these files become stale (e.g., after a crash), they can cause
+    'disk I/O error' when trying to open the database. This function
+    ensures all related files are removed.
+    """
+    files_to_remove = [
+        db_path,
+        f"{db_path}-wal",
+        f"{db_path}-shm",
+    ]
+    for file_path in files_to_remove:
+        if os.path.exists(file_path):
+            os.remove(file_path)
+
+
+# NOTE: only used with shelves, deprecated at this point
 def get_object_type_path(object_type: str) -> str:
     """Get the directory path for a specific object type."""
     type_dir = os.path.join(BASE_DATA_PATH, object_type)

backend/onyx/connectors/slack/connector.py

@@ -234,8 +234,6 @@ def thread_to_doc(
         "\n", " "
     )
 
-    channel_name = channel["name"]
-
     return Document(
         id=_build_doc_id(channel_id=channel_id, thread_ts=thread[0]["ts"]),
         sections=[
@@ -249,14 +247,7 @@ def thread_to_doc(
         semantic_identifier=doc_sem_id,
         doc_updated_at=get_latest_message_time(thread),
         primary_owners=valid_experts,
-        doc_metadata={
-            "hierarchy": {
-                "source_path": [channel_name],
-                "channel_name": channel_name,
-                "channel_id": channel_id,
-            }
-        },
-        metadata={"Channel": channel_name},
+        metadata={"Channel": channel["name"]},
         external_access=channel_access,
     )
 

backend/onyx/db/chat.py

@@ -855,7 +855,6 @@ def translate_db_message_to_chat_message_detail(
         files=chat_message.files or [],
         error=chat_message.error,
         current_feedback=current_feedback,
-        processing_duration_seconds=chat_message.processing_duration_seconds,
     )
 
     return chat_msg_detail

backend/onyx/db/connector_credential_pair.py

@@ -22,7 +22,6 @@ from onyx.db.credentials import fetch_credential_by_id_for_user
 from onyx.db.engine.sql_engine import get_session_with_current_tenant
 from onyx.db.enums import AccessType
 from onyx.db.enums import ConnectorCredentialPairStatus
-from onyx.db.enums import ProcessingMode
 from onyx.db.models import Connector
 from onyx.db.models import ConnectorCredentialPair
 from onyx.db.models import Credential
@@ -117,14 +116,7 @@ def get_connector_credential_pairs_for_user(
     eager_load_user: bool = False,
     order_by_desc: bool = False,
     source: DocumentSource | None = None,
-    processing_mode: ProcessingMode | None = ProcessingMode.REGULAR,
 ) -> list[ConnectorCredentialPair]:
-    """Get connector credential pairs for a user.
-
-    Args:
-        processing_mode: Filter by processing mode. Defaults to REGULAR to hide
-            FILE_SYSTEM connectors from standard admin UI. Pass None to get all.
-    """
     if eager_load_user:
         assert (
             eager_load_credential
@@ -150,9 +142,6 @@ def get_connector_credential_pairs_for_user(
     if ids:
         stmt = stmt.where(ConnectorCredentialPair.id.in_(ids))
 
-    if processing_mode is not None:
-        stmt = stmt.where(ConnectorCredentialPair.processing_mode == processing_mode)
-
     if order_by_desc:
         stmt = stmt.order_by(desc(ConnectorCredentialPair.id))
 
@@ -171,7 +160,6 @@ def get_connector_credential_pairs_for_user_parallel(
     eager_load_user: bool = False,
     order_by_desc: bool = False,
     source: DocumentSource | None = None,
-    processing_mode: ProcessingMode | None = ProcessingMode.REGULAR,
 ) -> list[ConnectorCredentialPair]:
     with get_session_with_current_tenant() as db_session:
         return get_connector_credential_pairs_for_user(
@@ -184,7 +172,6 @@ def get_connector_credential_pairs_for_user_parallel(
             eager_load_user=eager_load_user,
             order_by_desc=order_by_desc,
             source=source,
-            processing_mode=processing_mode,
         )
 
 
@@ -514,7 +501,6 @@ def add_credential_to_connector(
     initial_status: ConnectorCredentialPairStatus = ConnectorCredentialPairStatus.SCHEDULED,
     last_successful_index_time: datetime | None = None,
     seeding_flow: bool = False,
-    processing_mode: ProcessingMode = ProcessingMode.REGULAR,
 ) -> StatusResponse:
     connector = fetch_connector_by_id(connector_id, db_session)
 
@@ -580,7 +566,6 @@ def add_credential_to_connector(
         access_type=access_type,
         auto_sync_options=auto_sync_options,
         last_successful_index_time=last_successful_index_time,
-        processing_mode=processing_mode,
     )
     db_session.add(association)
     db_session.flush()  # make sure the association has an id

backend/onyx/db/enums.py

@@ -56,13 +56,6 @@ class IndexingMode(str, PyEnum):
     REINDEX = "reindex"
 
 
-class ProcessingMode(str, PyEnum):
-    """Determines how documents are processed after fetching."""
-
-    REGULAR = "REGULAR"  # Full pipeline: chunk → embed → Vespa
-    FILE_SYSTEM = "FILE_SYSTEM"  # Write to file system only
-
-
 class SyncType(str, PyEnum):
     DOCUMENT_SET = "document_set"
     USER_GROUP = "user_group"
@@ -201,39 +194,3 @@ class SwitchoverType(str, PyEnum):
     REINDEX = "reindex"
     ACTIVE_ONLY = "active_only"
     INSTANT = "instant"
-
-
-# Onyx Build Mode Enums
-class BuildSessionStatus(str, PyEnum):
-    ACTIVE = "active"
-    IDLE = "idle"
-
-
-class SandboxStatus(str, PyEnum):
-    PROVISIONING = "provisioning"
-    RUNNING = "running"
-    IDLE = "idle"
-    SLEEPING = "sleeping"  # Pod terminated, snapshots saved to S3
-    TERMINATED = "terminated"
-    FAILED = "failed"
-
-    def is_active(self) -> bool:
-        """Check if sandbox is in an active state (running or idle)."""
-        return self in (SandboxStatus.RUNNING, SandboxStatus.IDLE)
-
-    def is_terminal(self) -> bool:
-        """Check if sandbox is in a terminal state."""
-        return self in (SandboxStatus.TERMINATED, SandboxStatus.FAILED)
-
-    def is_sleeping(self) -> bool:
-        """Check if sandbox is sleeping (pod terminated but can be restored)."""
-        return self == SandboxStatus.SLEEPING
-
-
-class ArtifactType(str, PyEnum):
-    WEB_APP = "web_app"
-    PPTX = "pptx"
-    DOCX = "docx"
-    IMAGE = "image"
-    MARKDOWN = "markdown"
-    EXCEL = "excel"

backend/onyx/db/models.py

@@ -11,7 +11,6 @@ from typing_extensions import TypedDict  # noreorder
 from uuid import UUID
 from pydantic import ValidationError
 
-from sqlalchemy.dialects.postgresql import JSONB as PGJSONB
 from sqlalchemy.dialects.postgresql import UUID as PGUUID
 
 from fastapi_users_db_sqlalchemy import SQLAlchemyBaseOAuthAccountTableUUID
@@ -56,12 +55,8 @@ from onyx.configs.constants import FileOrigin
 from onyx.configs.constants import MessageType
 from onyx.db.enums import (
     AccessType,
-    ArtifactType,
-    BuildSessionStatus,
     EmbeddingPrecision,
     IndexingMode,
-    ProcessingMode,
-    SandboxStatus,
     SyncType,
     SyncStatus,
     MCPAuthenticationType,
@@ -614,16 +609,6 @@ class ConnectorCredentialPair(Base):
         Enum(IndexingMode, native_enum=False), nullable=True
     )
 
-    # Determines how documents are processed after fetching:
-    # REGULAR: Full pipeline (chunk → embed → Vespa)
-    # FILE_SYSTEM: Write to file system only (for CLI agent sandbox)
-    processing_mode: Mapped[ProcessingMode] = mapped_column(
-        Enum(ProcessingMode, native_enum=False),
-        nullable=False,
-        default=ProcessingMode.REGULAR,
-        server_default="REGULAR",
-    )
-
     connector: Mapped["Connector"] = relationship(
         "Connector", back_populates="credentials"
     )
@@ -2173,10 +2158,6 @@ class ChatMessage(Base):
     )
     # True if this assistant message is a clarification question (deep research flow)
     is_clarification: Mapped[bool] = mapped_column(Boolean, default=False)
-    # Duration in seconds for processing this message (assistant messages only)
-    processing_duration_seconds: Mapped[float | None] = mapped_column(
-        Float, nullable=True
-    )
 
     # Relationships
     chat_session: Mapped[ChatSession] = relationship("ChatSession")
@@ -2952,8 +2933,6 @@ class PersonaLabel(Base):
         "Persona",
         secondary=Persona__PersonaLabel.__table__,
         back_populates="labels",
-        cascade="all, delete-orphan",
-        single_parent=True,
     )
 
 
@@ -4161,202 +4140,3 @@ class TenantUsage(Base):
         # Ensure only one row per window start (tenant_id is in the schema name)
         UniqueConstraint("window_start", name="uq_tenant_usage_window"),
     )
-
-
-"""Tables related to Build Mode (CLI Agent Platform)"""
-
-
-class BuildSession(Base):
-    """Stores metadata about CLI agent build sessions."""
-
-    __tablename__ = "build_session"
-
-    id: Mapped[UUID] = mapped_column(
-        PGUUID(as_uuid=True), primary_key=True, default=uuid4
-    )
-    user_id: Mapped[UUID | None] = mapped_column(
-        PGUUID(as_uuid=True), ForeignKey("user.id", ondelete="CASCADE"), nullable=True
-    )
-    name: Mapped[str | None] = mapped_column(String, nullable=True)
-    status: Mapped[BuildSessionStatus] = mapped_column(
-        Enum(BuildSessionStatus, native_enum=False, name="buildsessionstatus"),
-        nullable=False,
-        default=BuildSessionStatus.ACTIVE,
-    )
-    created_at: Mapped[datetime.datetime] = mapped_column(
-        DateTime(timezone=True), server_default=func.now(), nullable=False
-    )
-    last_activity_at: Mapped[datetime.datetime] = mapped_column(
-        DateTime(timezone=True),
-        server_default=func.now(),
-        onupdate=func.now(),
-        nullable=False,
-    )
-    nextjs_port: Mapped[int | None] = mapped_column(Integer, nullable=True)
-
-    # Relationships
-    user: Mapped[User | None] = relationship("User", foreign_keys=[user_id])
-    artifacts: Mapped[list["Artifact"]] = relationship(
-        "Artifact", back_populates="session", cascade="all, delete-orphan"
-    )
-    messages: Mapped[list["BuildMessage"]] = relationship(
-        "BuildMessage", back_populates="session", cascade="all, delete-orphan"
-    )
-    snapshots: Mapped[list["Snapshot"]] = relationship(
-        "Snapshot", back_populates="session", cascade="all, delete-orphan"
-    )
-
-    __table_args__ = (
-        Index("ix_build_session_user_created", "user_id", desc("created_at")),
-        Index("ix_build_session_status", "status"),
-    )
-
-
-class Sandbox(Base):
-    """Stores sandbox container metadata for users (one sandbox per user)."""
-
-    __tablename__ = "sandbox"
-
-    id: Mapped[UUID] = mapped_column(
-        PGUUID(as_uuid=True), primary_key=True, default=uuid4
-    )
-    user_id: Mapped[UUID] = mapped_column(
-        PGUUID(as_uuid=True),
-        ForeignKey("user.id", ondelete="CASCADE"),
-        nullable=False,
-        unique=True,
-    )
-    container_id: Mapped[str | None] = mapped_column(String, nullable=True)
-    status: Mapped[SandboxStatus] = mapped_column(
-        Enum(SandboxStatus, native_enum=False, name="sandboxstatus"),
-        nullable=False,
-        default=SandboxStatus.PROVISIONING,
-    )
-    created_at: Mapped[datetime.datetime] = mapped_column(
-        DateTime(timezone=True), server_default=func.now(), nullable=False
-    )
-    last_heartbeat: Mapped[datetime.datetime | None] = mapped_column(
-        DateTime(timezone=True), nullable=True
-    )
-
-    # Relationships
-    user: Mapped[User] = relationship("User")
-
-    __table_args__ = (
-        Index("ix_sandbox_status", "status"),
-        Index("ix_sandbox_container_id", "container_id"),
-    )
-
-
-class Artifact(Base):
-    """Stores metadata about artifacts generated by CLI agents."""
-
-    __tablename__ = "artifact"
-
-    id: Mapped[UUID] = mapped_column(
-        PGUUID(as_uuid=True), primary_key=True, default=uuid4
-    )
-    session_id: Mapped[UUID] = mapped_column(
-        PGUUID(as_uuid=True),
-        ForeignKey("build_session.id", ondelete="CASCADE"),
-        nullable=False,
-    )
-    type: Mapped[ArtifactType] = mapped_column(
-        Enum(ArtifactType, native_enum=False, name="artifacttype"), nullable=False
-    )
-    # path of artifact in sandbox relative to outputs/
-    path: Mapped[str] = mapped_column(String, nullable=False)
-    name: Mapped[str] = mapped_column(String, nullable=False)
-    created_at: Mapped[datetime.datetime] = mapped_column(
-        DateTime(timezone=True), server_default=func.now(), nullable=False
-    )
-    updated_at: Mapped[datetime.datetime] = mapped_column(
-        DateTime(timezone=True),
-        server_default=func.now(),
-        onupdate=func.now(),
-        nullable=False,
-    )
-
-    # Relationships
-    session: Mapped[BuildSession] = relationship(
-        "BuildSession", back_populates="artifacts"
-    )
-
-    __table_args__ = (
-        Index("ix_artifact_session_created", "session_id", desc("created_at")),
-        Index("ix_artifact_type", "type"),
-    )
-
-
-class Snapshot(Base):
-    """Stores metadata about session output snapshots."""
-
-    __tablename__ = "snapshot"
-
-    id: Mapped[UUID] = mapped_column(
-        PGUUID(as_uuid=True), primary_key=True, default=uuid4
-    )
-    session_id: Mapped[UUID] = mapped_column(
-        PGUUID(as_uuid=True),
-        ForeignKey("build_session.id", ondelete="CASCADE"),
-        nullable=False,
-    )
-    storage_path: Mapped[str] = mapped_column(String, nullable=False)
-    size_bytes: Mapped[int] = mapped_column(BigInteger, nullable=False, default=0)
-    created_at: Mapped[datetime.datetime] = mapped_column(
-        DateTime(timezone=True), server_default=func.now(), nullable=False
-    )
-
-    # Relationships
-    session: Mapped[BuildSession] = relationship(
-        "BuildSession", back_populates="snapshots"
-    )
-
-    __table_args__ = (
-        Index("ix_snapshot_session_created", "session_id", desc("created_at")),
-    )
-
-
-class BuildMessage(Base):
-    """Stores messages exchanged in build sessions.
-
-    All message data is stored in message_metadata as JSON (the raw ACP packet).
-    The turn_index groups all assistant responses under the user prompt they respond to.
-
-    Packet types stored in message_metadata:
-    - user_message: {type: "user_message", content: {...}}
-    - agent_message: {type: "agent_message", content: {...}} (accumulated from chunks)
-    - agent_thought: {type: "agent_thought", content: {...}} (accumulated from chunks)
-    - tool_call_progress: {type: "tool_call_progress", status: "completed", ...} (only completed)
-    - agent_plan_update: {type: "agent_plan_update", entries: [...]} (upserted, latest only)
-    """
-
-    __tablename__ = "build_message"
-
-    id: Mapped[UUID] = mapped_column(
-        PGUUID(as_uuid=True), primary_key=True, default=uuid4
-    )
-    session_id: Mapped[UUID] = mapped_column(
-        PGUUID(as_uuid=True),
-        ForeignKey("build_session.id", ondelete="CASCADE"),
-        nullable=False,
-    )
-    turn_index: Mapped[int] = mapped_column(Integer, nullable=False)
-    type: Mapped[MessageType] = mapped_column(
-        Enum(MessageType, native_enum=False, name="messagetype"), nullable=False
-    )
-    message_metadata: Mapped[dict[str, Any]] = mapped_column(PGJSONB, nullable=False)
-    created_at: Mapped[datetime.datetime] = mapped_column(
-        DateTime(timezone=True), server_default=func.now(), nullable=False
-    )
-
-    # Relationships
-    session: Mapped[BuildSession] = relationship(
-        "BuildSession", back_populates="messages"
-    )
-
-    __table_args__ = (
-        Index(
-            "ix_build_message_session_turn", "session_id", "turn_index", "created_at"
-        ),
-    )

backend/onyx/db/persona.py

@@ -917,7 +917,9 @@ def upsert_persona(
         existing_persona.icon_name = icon_name
         existing_persona.is_visible = is_visible
         existing_persona.search_start_date = search_start_date
-        existing_persona.labels = labels or []
+        if label_ids is not None:
+            existing_persona.labels.clear()
+            existing_persona.labels = labels or []
         existing_persona.is_default_persona = (
             is_default_persona
             if is_default_persona is not None

backend/onyx/db/users.py

@@ -15,7 +15,9 @@ from sqlalchemy.sql.elements import KeyedColumnElement
 from onyx.auth.invited_users import remove_user_from_invited_users
 from onyx.auth.schemas import UserRole
 from onyx.db.api_key import DANSWER_API_KEY_DUMMY_EMAIL_DOMAIN
+from onyx.db.models import DocumentSet
 from onyx.db.models import DocumentSet__User
+from onyx.db.models import Persona
 from onyx.db.models import Persona__User
 from onyx.db.models import SamlAccount
 from onyx.db.models import User
@@ -327,6 +329,15 @@ def delete_user_from_db(
     db_session.query(SamlAccount).filter(
         SamlAccount.user_id == user_to_delete.id
     ).delete()
+    # Null out ownership on document sets and personas so they're
+    # preserved for other users instead of being cascade-deleted
+    db_session.query(DocumentSet).filter(
+        DocumentSet.user_id == user_to_delete.id
+    ).update({DocumentSet.user_id: None})
+    db_session.query(Persona).filter(Persona.user_id == user_to_delete.id).update(
+        {Persona.user_id: None}
+    )
+
     db_session.query(DocumentSet__User).filter(
         DocumentSet__User.user_id == user_to_delete.id
     ).delete()

backend/onyx/deep_research/dr_loop.py

@@ -3,7 +3,6 @@
 # 2. Use user provided custom prompts
 # 3. Save the plan for replay
 
-import time
 from collections.abc import Callable
 from typing import cast
 
@@ -98,7 +97,6 @@ def generate_final_report(
     citation_mapping: CitationMapping,
     user_identity: LLMUserIdentity | None,
     saved_reasoning: str | None = None,
-    tool_processing_duration: float | None = None,
 ) -> bool:
     """Generate the final research report.
 
@@ -149,7 +147,6 @@ def generate_final_report(
             user_identity=user_identity,
             max_tokens=MAX_FINAL_REPORT_TOKENS,
             is_deep_research=True,
-            tool_processing_duration=tool_processing_duration,
         )
 
         # Save citation mapping to state_container so citations are persisted
@@ -203,9 +200,6 @@ def run_deep_research_llm_loop(
 
         initialize_litellm()
 
-        # Track processing start time for tool duration calculation
-        processing_start_time = time.monotonic()
-
         available_tokens = llm.config.max_input_tokens
 
         llm_step_result: LlmStepResult | None = None
@@ -246,9 +240,6 @@ def run_deep_research_llm_loop(
                     last_n_user_messages=MAX_USER_MESSAGES_FOR_CONTEXT,
                 )
 
-                # Calculate tool processing duration for clarification step
-                # (used if the LLM emits a clarification question instead of calling tools)
-                clarification_tool_duration = time.monotonic() - processing_start_time
                 llm_step_result, _ = run_llm_step(
                     emitter=emitter,
                     history=truncated_message_history,
@@ -263,7 +254,6 @@ def run_deep_research_llm_loop(
                     final_documents=None,
                     user_identity=user_identity,
                     is_deep_research=True,
-                    tool_processing_duration=clarification_tool_duration,
                 )
 
                 if not llm_step_result.tool_calls:
@@ -416,8 +406,6 @@ def run_deep_research_llm_loop(
                         turn_index=report_turn_index,
                         citation_mapping=citation_mapping,
                         user_identity=user_identity,
-                        tool_processing_duration=time.monotonic()
-                        - processing_start_time,
                     )
                     # Update final_turn_index: base + 1 for the report itself + 1 if reasoning occurred
                     final_turn_index = report_turn_index + (1 if report_reasoned else 0)
@@ -505,8 +493,6 @@ def run_deep_research_llm_loop(
                         turn_index=report_turn_index,
                         citation_mapping=citation_mapping,
                         user_identity=user_identity,
-                        tool_processing_duration=time.monotonic()
-                        - processing_start_time,
                     )
                     final_turn_index = report_turn_index + (1 if report_reasoned else 0)
                     break
@@ -527,8 +513,6 @@ def run_deep_research_llm_loop(
                         citation_mapping=citation_mapping,
                         user_identity=user_identity,
                         saved_reasoning=most_recent_reasoning,
-                        tool_processing_duration=time.monotonic()
-                        - processing_start_time,
                     )
                     final_turn_index = report_turn_index + (1 if report_reasoned else 0)
                     break
@@ -590,8 +574,6 @@ def run_deep_research_llm_loop(
                             turn_index=report_turn_index,
                             citation_mapping=citation_mapping,
                             user_identity=user_identity,
-                            tool_processing_duration=time.monotonic()
-                            - processing_start_time,
                         )
                         final_turn_index = report_turn_index + (
                             1 if report_reasoned else 0

backend/onyx/document_index/opensearch/client.py

@@ -559,36 +559,6 @@ class OpenSearchClient:
         """
         self._client.indices.refresh(index=self._index_name)
 
-    def set_cluster_auto_create_index_setting(self, enabled: bool) -> bool:
-        """Sets the cluster auto create index setting.
-
-        By default, when you index a document to a non-existent index,
-        OpenSearch will automatically create the index. This behavior is
-        undesirable so this function exposes the ability to disable it.
-
-        See
-        https://docs.opensearch.org/latest/install-and-configure/configuring-opensearch/index/#updating-cluster-settings-using-the-api
-
-        Args:
-            enabled: Whether to enable the auto create index setting.
-
-        Returns:
-            True if the setting was updated successfully, False otherwise. Does
-                not raise.
-        """
-        try:
-            body = {"persistent": {"action.auto_create_index": enabled}}
-            response = self._client.cluster.put_settings(body=body)
-            if response.get("acknowledged", False):
-                logger.info(f"Successfully set action.auto_create_index to {enabled}.")
-                return True
-            else:
-                logger.error(f"Failed to update setting: {response}.")
-                return False
-        except Exception:
-            logger.exception("Error setting auto_create_index.")
-            return False
-
     def ping(self) -> bool:
         """Pings the OpenSearch cluster.
 

backend/onyx/document_index/opensearch/opensearch_document_index.py

@@ -4,7 +4,6 @@ from typing import Any
 import httpx
 
 from onyx.access.models import DocumentAccess
-from onyx.configs.app_configs import USING_AWS_MANAGED_OPENSEARCH
 from onyx.configs.chat_configs import TITLE_CONTENT_RATIO
 from onyx.configs.constants import PUBLIC_DOC_PAT
 from onyx.connectors.cross_connector_utils.miscellaneous_utils import (
@@ -454,28 +453,15 @@ class OpenSearchDocumentIndex(DocumentIndex):
                 search pipelines.
         """
         logger.debug(
-            f"[OpenSearchDocumentIndex] Verifying and creating index {self._index_name} if necessary, "
-            f"with embedding dimension {embedding_dim}."
+            f"[OpenSearchDocumentIndex] Verifying and creating index {self._index_name} if necessary."
         )
         expected_mappings = DocumentSchema.get_document_schema(
             embedding_dim, self._tenant_state.multitenant
         )
         if not self._os_client.index_exists():
-            if not self._os_client.set_cluster_auto_create_index_setting(enabled=False):
-                logger.error(
-                    f"Failed to disable the auto create index setting for index {self._index_name}. "
-                    "This may cause unexpected index creation when indexing documents into an index that does not exist. "
-                    "Not taking any further action..."
-                )
-            if USING_AWS_MANAGED_OPENSEARCH:
-                index_settings = (
-                    DocumentSchema.get_index_settings_for_aws_managed_opensearch()
-                )
-            else:
-                index_settings = DocumentSchema.get_index_settings()
             self._os_client.create_index(
                 mappings=expected_mappings,
-                settings=index_settings,
+                settings=DocumentSchema.get_index_settings(),
             )
         if not self._os_client.validate_index(
             expected_mappings=expected_mappings,

backend/onyx/document_index/opensearch/schema.py

@@ -476,22 +476,16 @@ class DocumentSchema:
         }
 
     @staticmethod
-    def get_index_settings_for_aws_managed_opensearch() -> dict[str, Any]:
+    def get_bulk_index_settings() -> dict[str, Any]:
         """
-        Settings for AWS-managed OpenSearch.
-
-        Our AWS-managed OpenSearch cluster has 3 data nodes in 3 availability
-        zones.
-          - We use 3 shards to distribute load across all data nodes.
-          - We use 2 replicas to ensure each shard has a copy in each
-            availability zone. This is a hard requirement from AWS. The number
-            of data copies, including the primary (not a replica) copy, must be
-            divisible by the number of AZs.
+        Optimized settings for bulk indexing: disable refresh and replicas.
         """
         return {
             "index": {
-                "number_of_shards": 3,
-                "number_of_replicas": 2,
+                "number_of_shards": 1,
+                "number_of_replicas": 0,  # No replication during bulk load.
+                # Disables auto-refresh, improves performance in pure indexing (no searching) scenarios.
+                "refresh_interval": "-1",
                 # Required for vector search.
                 "knn": True,
                 "knn.algo_param.ef_search": EF_SEARCH,

backend/onyx/feature_flags/factory.py

@@ -1,4 +1,3 @@
-from onyx.configs.app_configs import DEV_MODE
 from onyx.feature_flags.interface import FeatureFlagProvider
 from onyx.feature_flags.interface import NoOpFeatureFlagProvider
 from onyx.utils.variable_functionality import (
@@ -20,7 +19,7 @@ def get_default_feature_flag_provider() -> FeatureFlagProvider:
     Returns:
         FeatureFlagProvider: The configured feature flag provider instance
     """
-    if MULTI_TENANT or DEV_MODE:
+    if MULTI_TENANT:
         return fetch_versioned_implementation_with_fallback(
             module="onyx.feature_flags.factory",
             attribute="get_posthog_feature_flag_provider",

backend/onyx/llm/utils.py

@@ -738,7 +738,7 @@ def model_is_reasoning_model(model_name: str, model_provider: str) -> bool:
 
         # Fallback: try using litellm.supports_reasoning() for newer models
         try:
-            # logger.debug("Falling back to `litellm.supports_reasoning`")
+            logger.debug("Falling back to `litellm.supports_reasoning`")
             full_model_name = (
                 f"{model_provider}/{model_name}"
                 if model_provider not in model_name

backend/onyx/main.py

@@ -63,8 +63,6 @@ from onyx.server.documents.connector import router as connector_router
 from onyx.server.documents.credential import router as credential_router
 from onyx.server.documents.document import router as document_router
 from onyx.server.documents.standard_oauth import router as standard_oauth_router
-from onyx.server.features.build.api.api import nextjs_assets_router
-from onyx.server.features.build.api.api import router as build_router
 from onyx.server.features.default_assistant.api import (
     router as default_assistant_router,
 )
@@ -378,8 +376,6 @@ def get_application(lifespan_override: Lifespan | None = None) -> FastAPI:
     include_router_with_global_prefix_prepended(application, admin_input_prompt_router)
     include_router_with_global_prefix_prepended(application, cc_pair_router)
     include_router_with_global_prefix_prepended(application, projects_router)
-    include_router_with_global_prefix_prepended(application, build_router)
-    include_router_with_global_prefix_prepended(application, nextjs_assets_router)
     include_router_with_global_prefix_prepended(application, document_set_router)
     include_router_with_global_prefix_prepended(application, search_settings_router)
     include_router_with_global_prefix_prepended(

backend/onyx/onyxbot/slack/blocks.py

@@ -592,11 +592,8 @@ def build_slack_response_blocks(
         )
 
     citations_blocks = []
-    document_blocks = []
     if answer.citation_info:
         citations_blocks = _build_citations_blocks(answer)
-    else:
-        document_blocks = _priority_ordered_documents_blocks(answer)
 
     citations_divider = [DividerBlock()] if citations_blocks else []
     buttons_divider = [DividerBlock()] if web_follow_up_block or follow_up_block else []
@@ -608,7 +605,6 @@ def build_slack_response_blocks(
         + ai_feedback_block
         + citations_divider
         + citations_blocks
-        + document_blocks
         + buttons_divider
         + web_follow_up_block
         + follow_up_block

backend/onyx/onyxbot/slack/formatting.py

@@ -1,12 +1,149 @@
-from mistune import Markdown  # type: ignore[import-untyped]
-from mistune import Renderer
+import re
+from collections.abc import Callable
+from typing import Any
+
+from mistune import create_markdown
+from mistune import HTMLRenderer
+
+# Tags that should be replaced with a newline (line-break and block-level elements)
+_HTML_NEWLINE_TAG_PATTERN = re.compile(
+    r"<br\s*/?>|</(?:p|div|li|h[1-6]|tr|blockquote|section|article)>",
+    re.IGNORECASE,
+)
+
+# Strips HTML tags but excludes autolinks like <https://...> and <mailto:...>
+_HTML_TAG_PATTERN = re.compile(
+    r"<(?!https?://|mailto:)/?[a-zA-Z][^>]*>",
+)
+
+# Matches fenced code blocks (``` ... ```) so we can skip sanitization inside them
+_FENCED_CODE_BLOCK_PATTERN = re.compile(r"```[\s\S]*?```")
+
+# Matches the start of any markdown link: [text]( or [[n]](
+# The inner group handles nested brackets for citation links like [[1]](.
+_MARKDOWN_LINK_PATTERN = re.compile(r"\[(?:[^\[\]]|\[[^\]]*\])*\]\(")
+
+# Matches Slack-style links <url|text> that LLMs sometimes output directly.
+# Mistune doesn't recognise this syntax, so text() would escape the angle
+# brackets and Slack would render them as literal text instead of links.
+_SLACK_LINK_PATTERN = re.compile(r"<(https?://[^|>]+)\|([^>]+)>")
+
+
+def _sanitize_html(text: str) -> str:
+    """Strip HTML tags from a text fragment.
+
+    Block-level closing tags and <br> are converted to newlines.
+    All other HTML tags are removed. Autolinks (<https://...>) are preserved.
+    """
+    text = _HTML_NEWLINE_TAG_PATTERN.sub("\n", text)
+    text = _HTML_TAG_PATTERN.sub("", text)
+    return text
+
+
+def _transform_outside_code_blocks(
+    message: str, transform: Callable[[str], str]
+) -> str:
+    """Apply *transform* only to text outside fenced code blocks."""
+    parts = _FENCED_CODE_BLOCK_PATTERN.split(message)
+    code_blocks = _FENCED_CODE_BLOCK_PATTERN.findall(message)
+
+    result: list[str] = []
+    for i, part in enumerate(parts):
+        result.append(transform(part))
+        if i < len(code_blocks):
+            result.append(code_blocks[i])
+
+    return "".join(result)
+
+
+def _extract_link_destination(message: str, start_idx: int) -> tuple[str, int | None]:
+    """Extract markdown link destination, allowing nested parentheses in the URL."""
+    depth = 0
+    i = start_idx
+
+    while i < len(message):
+        curr = message[i]
+        if curr == "\\":
+            i += 2
+            continue
+
+        if curr == "(":
+            depth += 1
+        elif curr == ")":
+            if depth == 0:
+                return message[start_idx:i], i
+            depth -= 1
+        i += 1
+
+    return message[start_idx:], None
+
+
+def _normalize_link_destinations(message: str) -> str:
+    """Wrap markdown link URLs in angle brackets so the parser handles special chars safely.
+
+    Markdown link syntax [text](url) breaks when the URL contains unescaped
+    parentheses, spaces, or other special characters. Wrapping the URL in angle
+    brackets — [text](<url>) — tells the parser to treat everything inside as
+    a literal URL. This applies to all links, not just citations.
+    """
+    if "](" not in message:
+        return message
+
+    normalized_parts: list[str] = []
+    cursor = 0
+
+    while match := _MARKDOWN_LINK_PATTERN.search(message, cursor):
+        normalized_parts.append(message[cursor : match.end()])
+        destination_start = match.end()
+        destination, end_idx = _extract_link_destination(message, destination_start)
+        if end_idx is None:
+            normalized_parts.append(message[destination_start:])
+            return "".join(normalized_parts)
+
+        already_wrapped = destination.startswith("<") and destination.endswith(">")
+        if destination and not already_wrapped:
+            destination = f"<{destination}>"
+
+        normalized_parts.append(destination)
+        normalized_parts.append(")")
+        cursor = end_idx + 1
+
+    normalized_parts.append(message[cursor:])
+    return "".join(normalized_parts)
+
+
+def _convert_slack_links_to_markdown(message: str) -> str:
+    """Convert Slack-style <url|text> links to standard markdown [text](url).
+
+    LLMs sometimes emit Slack mrkdwn link syntax directly. Mistune doesn't
+    recognise it, so the angle brackets would be escaped by text() and Slack
+    would render the link as literal text instead of a clickable link.
+    """
+    return _transform_outside_code_blocks(
+        message, lambda text: _SLACK_LINK_PATTERN.sub(r"[\2](\1)", text)
+    )
 
 
 def format_slack_message(message: str | None) -> str:
-    return Markdown(renderer=SlackRenderer()).render(message)
+    if message is None:
+        return ""
+    message = _transform_outside_code_blocks(message, _sanitize_html)
+    message = _convert_slack_links_to_markdown(message)
+    normalized_message = _normalize_link_destinations(message)
+    md = create_markdown(renderer=SlackRenderer(), plugins=["strikethrough"])
+    result = md(normalized_message)
+    # With HTMLRenderer, result is always str (not AST list)
+    assert isinstance(result, str)
+    return result.rstrip("\n")
 
 
-class SlackRenderer(Renderer):
+class SlackRenderer(HTMLRenderer):
+    """Renders markdown as Slack mrkdwn format instead of HTML.
+
+    Overrides all HTMLRenderer methods that produce HTML tags to ensure
+    no raw HTML ever appears in Slack messages.
+    """
+
     SPECIALS: dict[str, str] = {"&": "&amp;", "<": "&lt;", ">": "&gt;"}
 
     def escape_special(self, text: str) -> str:
@@ -14,52 +151,72 @@ class SlackRenderer(Renderer):
             text = text.replace(special, replacement)
         return text
 
-    def header(self, text: str, level: int, raw: str | None = None) -> str:
-        return f"*{text}*\n"
+    def heading(self, text: str, level: int, **attrs: Any) -> str:  # noqa: ARG002
+        return f"*{text}*\n\n"
 
     def emphasis(self, text: str) -> str:
         return f"_{text}_"
 
-    def double_emphasis(self, text: str) -> str:
+    def strong(self, text: str) -> str:
         return f"*{text}*"
 
     def strikethrough(self, text: str) -> str:
         return f"~{text}~"
 
-    def list(self, body: str, ordered: bool = True) -> str:
-        lines = body.split("\n")
+    def list(self, text: str, ordered: bool, **attrs: Any) -> str:
+        lines = text.split("\n")
         count = 0
         for i, line in enumerate(lines):
             if line.startswith("li: "):
                 count += 1
                 prefix = f"{count}. " if ordered else "• "
                 lines[i] = f"{prefix}{line[4:]}"
-        return "\n".join(lines)
+        return "\n".join(lines) + "\n"
 
     def list_item(self, text: str) -> str:
         return f"li: {text}\n"
 
-    def link(self, link: str, title: str | None, content: str | None) -> str:
-        escaped_link = self.escape_special(link)
-        if content:
-            return f"<{escaped_link}|{content}>"
+    def link(self, text: str, url: str, title: str | None = None) -> str:
+        escaped_url = self.escape_special(url)
+        if text:
+            return f"<{escaped_url}|{text}>"
         if title:
-            return f"<{escaped_link}|{title}>"
-        return f"<{escaped_link}>"
+            return f"<{escaped_url}|{title}>"
+        return f"<{escaped_url}>"
 
-    def image(self, src: str, title: str | None, text: str | None) -> str:
-        escaped_src = self.escape_special(src)
+    def image(self, text: str, url: str, title: str | None = None) -> str:
+        escaped_url = self.escape_special(url)
         display_text = title or text
-        return f"<{escaped_src}|{display_text}>" if display_text else f"<{escaped_src}>"
+        return f"<{escaped_url}|{display_text}>" if display_text else f"<{escaped_url}>"
 
     def codespan(self, text: str) -> str:
         return f"`{text}`"
 
-    def block_code(self, text: str, lang: str | None) -> str:
-        return f"```\n{text}\n```\n"
+    def block_code(self, code: str, info: str | None = None) -> str:  # noqa: ARG002
+        return f"```\n{code.rstrip(chr(10))}\n```\n\n"
+
+    def linebreak(self) -> str:
+        return "\n"
+
+    def thematic_break(self) -> str:
+        return "---\n\n"
+
+    def block_quote(self, text: str) -> str:
+        lines = text.strip().split("\n")
+        quoted = "\n".join(f">{line}" for line in lines)
+        return quoted + "\n\n"
+
+    def block_html(self, html: str) -> str:
+        return _sanitize_html(html) + "\n\n"
+
+    def block_error(self, text: str) -> str:
+        return f"```\n{text}\n```\n\n"
+
+    def text(self, text: str) -> str:
+        # Only escape the three entities Slack recognizes: & < >
+        # HTMLRenderer.text() also escapes " to &quot; which Slack renders
+        # as literal &quot; text since Slack doesn't recognize that entity.
+        return self.escape_special(text)
 
     def paragraph(self, text: str) -> str:
-        return f"{text}\n"
-
-    def autolink(self, link: str, is_email: bool) -> str:
-        return link if is_email else self.link(link, None, None)
+        return f"{text}\n\n"

backend/onyx/redis/redis_connector_delete.py

@@ -32,6 +32,7 @@ class RedisConnectorDelete:
     FENCE_PREFIX = f"{PREFIX}_fence"  # "connectordeletion_fence"
     FENCE_TTL = 7 * 24 * 60 * 60  # 7 days - defensive TTL to prevent memory leaks
     TASKSET_PREFIX = f"{PREFIX}_taskset"  # "connectordeletion_taskset"
+    TASKSET_TTL = FENCE_TTL
 
     # used to signal the overall workflow is still active
     # it's impossible to get the exact state of the system at a single point in time
@@ -136,6 +137,7 @@ class RedisConnectorDelete:
             # add to the tracking taskset in redis BEFORE creating the celery task.
             # note that for the moment we are using a single taskset key, not differentiated by cc_pair id
             self.redis.sadd(self.taskset_key, custom_task_id)
+            self.redis.expire(self.taskset_key, self.TASKSET_TTL)
 
             # Priority on sync's triggered by new indexing should be medium
             celery_app.send_task(

backend/onyx/redis/redis_connector_prune.py

@@ -45,6 +45,7 @@ class RedisConnectorPrune:
     )  # connectorpruning_generator_complete
 
     TASKSET_PREFIX = f"{PREFIX}_taskset"  # connectorpruning_taskset
+    TASKSET_TTL = FENCE_TTL
     SUBTASK_PREFIX = f"{PREFIX}+sub"  # connectorpruning+sub
 
     # used to signal the overall workflow is still active
@@ -184,6 +185,7 @@ class RedisConnectorPrune:
 
             # add to the tracking taskset in redis BEFORE creating the celery task.
             self.redis.sadd(self.taskset_key, custom_task_id)
+            self.redis.expire(self.taskset_key, self.TASKSET_TTL)
 
             # Priority on sync's triggered by new indexing should be medium
             result = celery_app.send_task(

backend/onyx/redis/redis_document_set.py

@@ -23,6 +23,7 @@ class RedisDocumentSet(RedisObjectHelper):
     FENCE_PREFIX = PREFIX + "_fence"
     FENCE_TTL = 7 * 24 * 60 * 60  # 7 days - defensive TTL to prevent memory leaks
     TASKSET_PREFIX = PREFIX + "_taskset"
+    TASKSET_TTL = FENCE_TTL
 
     def __init__(self, tenant_id: str, id: int) -> None:
         super().__init__(tenant_id, str(id))
@@ -83,6 +84,7 @@ class RedisDocumentSet(RedisObjectHelper):
 
             # add to the set BEFORE creating the task.
             redis_client.sadd(self.taskset_key, custom_task_id)
+            redis_client.expire(self.taskset_key, self.TASKSET_TTL)
 
             celery_app.send_task(
                 OnyxCeleryTask.VESPA_METADATA_SYNC_TASK,

backend/onyx/redis/redis_pool.py

@@ -109,6 +109,7 @@ class TenantRedis(redis.Redis):
             "unlock",
             "get",
             "set",
+            "setex",
             "delete",
             "exists",
             "incrby",

backend/onyx/redis/redis_usergroup.py

@@ -24,6 +24,7 @@ class RedisUserGroup(RedisObjectHelper):
     FENCE_PREFIX = PREFIX + "_fence"
     FENCE_TTL = 7 * 24 * 60 * 60  # 7 days - defensive TTL to prevent memory leaks
     TASKSET_PREFIX = PREFIX + "_taskset"
+    TASKSET_TTL = FENCE_TTL
 
     def __init__(self, tenant_id: str, id: int) -> None:
         super().__init__(tenant_id, str(id))
@@ -97,6 +98,7 @@ class RedisUserGroup(RedisObjectHelper):
 
             # add to the set BEFORE creating the task.
             redis_client.sadd(self.taskset_key, custom_task_id)
+            redis_client.expire(self.taskset_key, self.TASKSET_TTL)
 
             celery_app.send_task(
                 OnyxCeleryTask.VESPA_METADATA_SYNC_TASK,

backend/onyx/server/documents/cc_pair.py

@@ -564,7 +564,6 @@ def associate_credential_to_connector(
             access_type=metadata.access_type,
             auto_sync_options=metadata.auto_sync_options,
             groups=metadata.groups,
-            processing_mode=metadata.processing_mode,
         )
 
         # trigger indexing immediately

backend/onyx/server/documents/connector.py

@@ -20,7 +20,6 @@ from google.oauth2.credentials import Credentials
 from pydantic import BaseModel
 from sqlalchemy.orm import Session
 
-from onyx.auth.email_utils import send_email
 from onyx.auth.users import current_admin_user
 from onyx.auth.users import current_chat_accessible_user
 from onyx.auth.users import current_curator_or_admin_user
@@ -30,7 +29,6 @@ from onyx.background.celery.tasks.pruning.tasks import (
 )
 from onyx.background.celery.versioned_apps.client import app as client_app
 from onyx.configs.app_configs import DISABLE_AUTH
-from onyx.configs.app_configs import EMAIL_CONFIGURED
 from onyx.configs.app_configs import ENABLED_CONNECTOR_TYPES
 from onyx.configs.app_configs import MOCK_CONNECTOR_FILE_PATH
 from onyx.configs.constants import DocumentSource
@@ -127,7 +125,6 @@ from onyx.server.documents.models import ConnectorFileInfo
 from onyx.server.documents.models import ConnectorFilesResponse
 from onyx.server.documents.models import ConnectorIndexingStatusLite
 from onyx.server.documents.models import ConnectorIndexingStatusLiteResponse
-from onyx.server.documents.models import ConnectorRequestSubmission
 from onyx.server.documents.models import ConnectorSnapshot
 from onyx.server.documents.models import ConnectorStatus
 from onyx.server.documents.models import ConnectorUpdateRequest
@@ -1762,86 +1759,6 @@ def get_connector_by_id(
     )
 
 
-@router.post("/connector-request")
-def submit_connector_request(
-    request_data: ConnectorRequestSubmission,
-    user: User | None = Depends(current_user),
-) -> StatusResponse:
-    """
-    Submit a connector request for Cloud deployments.
-    Tracks via PostHog telemetry and sends email to hello@onyx.app.
-    """
-    tenant_id = get_current_tenant_id()
-    connector_name = request_data.connector_name.strip()
-
-    if not connector_name:
-        raise HTTPException(status_code=400, detail="Connector name cannot be empty")
-
-    # Get user identifier for telemetry
-    user_email = user.email if user else None
-    distinct_id = user_email or tenant_id
-
-    # Track connector request via PostHog telemetry (Cloud only)
-    from shared_configs.configs import MULTI_TENANT
-
-    if MULTI_TENANT:
-        mt_cloud_telemetry(
-            tenant_id=tenant_id,
-            distinct_id=distinct_id,
-            event=MilestoneRecordType.REQUESTED_CONNECTOR,
-            properties={
-                "connector_name": connector_name,
-                "user_email": user_email,
-            },
-        )
-
-    # Send email notification (if email is configured)
-    if EMAIL_CONFIGURED:
-        try:
-            subject = "Onyx Craft Connector Request"
-            email_body_text = f"""A new connector request has been submitted:
-
-Connector Name: {connector_name}
-User Email: {user_email or 'Not provided (anonymous user)'}
-Tenant ID: {tenant_id}
-"""
-            email_body_html = f"""<html>
-<body>
-<p>A new connector request has been submitted:</p>
-<ul>
-<li><strong>Connector Name:</strong> {connector_name}</li>
-<li><strong>User Email:</strong> {user_email or 'Not provided (anonymous user)'}</li>
-<li><strong>Tenant ID:</strong> {tenant_id}</li>
-</ul>
-</body>
-</html>"""
-
-            send_email(
-                user_email="hello@onyx.app",
-                subject=subject,
-                html_body=email_body_html,
-                text_body=email_body_text,
-            )
-            logger.info(
-                f"Connector request email sent to hello@onyx.app for connector: {connector_name}"
-            )
-        except Exception as e:
-            # Log error but don't fail the request if email fails
-            logger.error(
-                f"Failed to send connector request email for {connector_name}: {e}"
-            )
-
-    logger.info(
-        f"Connector request submitted: {connector_name} by user {user_email or 'anonymous'} "
-        f"(tenant: {tenant_id})"
-    )
-
-    return StatusResponse(
-        success=True,
-        message="Connector request submitted successfully. We'll prioritize popular requests!",
-    )
-
-
 class BasicCCPairInfo(BaseModel):
     has_successful_run: bool
     source: DocumentSource

backend/onyx/server/documents/models.py

@@ -18,7 +18,6 @@ from onyx.connectors.models import InputType
 from onyx.db.enums import AccessType
 from onyx.db.enums import ConnectorCredentialPairStatus
 from onyx.db.enums import PermissionSyncStatus
-from onyx.db.enums import ProcessingMode
 from onyx.db.models import Connector
 from onyx.db.models import ConnectorCredentialPair
 from onyx.db.models import Credential
@@ -484,7 +483,6 @@ class ConnectorCredentialPairMetadata(BaseModel):
     access_type: AccessType
     auto_sync_options: dict[str, Any] | None = None
     groups: list[int] = Field(default_factory=list)
-    processing_mode: ProcessingMode = ProcessingMode.REGULAR
 
 
 class CCStatusUpdateRequest(BaseModel):
@@ -525,10 +523,6 @@ class RunConnectorRequest(BaseModel):
     from_beginning: bool = False
 
 
-class ConnectorRequestSubmission(BaseModel):
-    connector_name: str
-
-
 class CCPropertyUpdateRequest(BaseModel):
     name: str
     value: str

backend/onyx/server/features/build/.gitignore

@@ -1,2 +0,0 @@
-sandbox/kubernetes/docker/templates/outputs/venv/**
-sandbox/kubernetes/docker/demo_data/**

backend/onyx/server/features/build/AGENTS.template.md

@@ -1,257 +0,0 @@
-# AGENTS.md
-
-This file provides guidance for AI agents when working in this sandbox.
-
-## Introduction
-
-You are Steve, an AI agent powering **Onyx Craft**, a feature that allows users to create interactive web applications and dashboards from their company knowledge. You are running in a secure sandbox with access to the user's knowledge sources and the ability to create Next.js applications.
-
-## Purpose
-
-Your primary purpose is to assist users in accomplishing their goals by providing information, executing tasks, and offering guidance. I aim to be a reliable partner in problem-solving and task completion.
-
-## How I Approach Tasks
-
-When presented with a task, I typically:
-
-1. Analyze the request to understand what's being asked
-2. Break down complex problems into manageable steps
-3. Use appropriate tools and methods to address each step
-4. Provide clear communication throughout the process
-5. Deliver results in a helpful and organized manner
-
-## My Personality Traits
-
-- Helpful and service-oriented
-- Detail-focused and thorough
-- Adaptable to different user needs
-- Patient when working through complex problems
-- Honest about my capabilities and limitations
-
-## Areas I Can Help With
-
-- Information gathering and research
-- Knowledge Synthesis
-- Data processing and analysis
-- File management and organization
-- Dashboard creation
-- Repetitive administrative tasks
-
-{{USER_CONTEXT}}
-
-## Your Configuration
-
-**LLM Provider**: {{LLM_PROVIDER_NAME}}
-**Model**: {{LLM_MODEL_NAME}}
-**Next.js Development Server**: Running on port {{NEXTJS_PORT}}
-{{DISABLED_TOOLS_SECTION}}
-
-## Your Environment
-
-You are in an ephemeral virtual machine.
-
-You currently have Python 3.11.13 and Node v22.21.1.
-
-**Python Virtual Environment**: A Python virtual environment is pre-configured at `.venv/` with common data science and visualization packages already installed (numpy, pandas, matplotlib, scipy, PIL, etc.). The environment should be automatically activated, but if you run into issues with missing packages, you can explicitly use `.venv/bin/python` or `.venv/bin/pip`.
-
-If you need additional packages, install them with `pip install <package>` (or `.venv/bin/pip install <package>` if the venv isn't active). For javascript packages, use `npm install <package>` from within the `outputs/web` directory.
-
-## Organization Info
-
-The `org_info/` directory contains information about the organization and user context:
-
-- `AGENTS.md`: Description of available organizational information files
-- `user_identity_profile.txt`: Contains the current user's name, email, and organization they work for. Use this information when personalizing outputs or when the user asks about their identity.
-- `organization_structure.json`: Contains a JSON representation of the organization's groups, managers, and their direct reports. Use this to understand reporting relationships and team structures.
-
-## Available Skills
-
-{{AVAILABLE_SKILLS_SECTION}}
-
-Skills contain best practices and guidelines for specific tasks. Always read the relevant skill's SKILL.md file BEFORE starting work that the skill covers.
-
-## General Capabilities
-
-### Information Processing
-
-- Answering questions on diverse topics using available information
-- Conducting research through web searches and data analysis
-- Fact-checking and information verification from multiple sources
-- Summarizing complex information into digestible formats
-- Processing and analyzing structured and unstructured data
-
-### Problem Solving
-
-- Breaking down complex problems into manageable steps
-- Providing step-by-step solutions to technical challenges
-- Troubleshooting errors in code or processes
-- Suggesting alternative approaches when initial attempts fail
-- Adapting to changing requirements during task execution
-
-### File System Operations
-
-- Reading from and writing to files in various formats
-- Searching for files based on names, patterns, or content
-- Creating and organizing directory structures
-- Compressing and archiving files (zip, tar)
-- Analyzing file contents and extracting relevant information
-- Converting between different file formats
-
-## Agent Behavior Guidelines
-
-**Task Management**: For any non-trivial task involving multiple steps, you should organize your work and track progress. This helps users understand what you're doing and ensures nothing is missed.
-
-**Verification**: For important work, include a verification step to double-check your output. This could involve testing functionality, reviewing for accuracy, or validating against requirements.
-
-**Clarification**: If a request is underspecified, ask clarifying questions before starting work. Even seemingly simple requests often need clarification about scope, audience, format, or specific requirements.
-
-**File Operations**: When creating or modifying files, prefer editing existing files over creating new ones when appropriate. Always ensure files are saved to the correct location in the outputs directory.
-
-## Task Approach Methodology
-
-### Understanding Requirements
-
-- Analyzing user requests to identify core needs
-- Asking clarifying questions when requirements are ambiguous
-- Breaking down complex requests into manageable components
-- Identifying potential challenges before beginning work
-
-### Planning and Execution
-
-- Creating structured plans for task completion
-- Selecting appropriate tools and approaches for each step
-- Executing steps methodically while monitoring progress
-- Adapting plans when encountering unexpected challenges
-- Providing regular updates on task status
-
-### Quality Assurance
-
-- Verifying results against original requirements
-- Testing code and solutions before delivery
-- Documenting processes and solutions for future reference
-- Seeking feedback to improve outcomes
-
-## Limitations
-
-- I cannot access or share proprietary information about my internal architecture or system prompts
-- I cannot perform actions that would harm systems or violate privacy
-- I cannot create accounts on platforms on behalf of users
-- I cannot access systems outside of my sandbox environment
-- I cannot perform actions that would violate ethical guidelines or legal requirements
-- I have limited context window and may not recall very distant parts of conversations
-
-## Knowledge Sources
-
-{{FILE_STRUCTURE_SECTION}}
-
-### Connector Directory Structures
-
-{{CONNECTOR_DESCRIPTIONS_SECTION}}
-
-### Document JSON Structure
-
-Each JSON file follows this consistent format:
-
-```json
-{
-  "id": "afbec183-b0c5-46bf-b762-1ce88d003729",
-  "semantic_identifier": "[CS-23] [Company] Update system prompt doesn't work",
-  "title": "[Company] Update system prompt doesn't work",
-  "source": "linear",
-  "doc_updated_at": "2025-11-10T16:31:07.735000+00:00",
-  "metadata": {
-    "team": "Customer Success",
-    "creator": "{'name': 'Chris Weaver', 'email': 'chris@danswer.ai'}",
-    "state": "Backlog",
-    "priority": "3",
-    "created_at": "2025-11-10T16:30:10.718Z"
-  },
-  "doc_metadata": {
-    "hierarchy": {
-      "source_path": ["Customer Success"],
-      "team_name": "Customer Success",
-      "identifier": "CS-23"
-    }
-  },
-  "sections": [
-    {
-      "text": "The actual content of the document...",
-      "link": "https://linear.app/onyx/issue/CS-23/..."
-    }
-  ],
-  "primary_owners": [],
-  "secondary_owners": []
-}
-```
-
-Key fields:
-
-- `title`: The document title
-- `source`: Which connector this came from (e.g., "linear", "slack", "google_drive")
-- `metadata`: Source-specific metadata
-- `sections`: Array of content sections with text and optional links
-
-**Important**: Do NOT write any files to the `files/` directory. Do NOT edit any files in the `files/` directory. This is read-only knowledge data.
-
-## Attachments (PRIORITY)
-
-The `attachments/` directory contains files that the user has explicitly uploaded during this session. **These files are critically important** and should be treated as high-priority context.
-
-### Why Attachments Matter
-
-- The user deliberately chose to upload these files, signaling they are directly relevant to the task
-- These files often contain the specific data, requirements, or examples the user wants you to work with
-- They may include spreadsheets, documents, images, or code that should inform your work
-
-### Required Actions
-
-**At the start of every task, you MUST:**
-
-1. **Check for attachments**: List the contents of `attachments/` to see what the user has provided
-2. **Read and analyze each file**: Thoroughly examine every attachment to understand its contents and relevance
-3. **Reference attachment content**: Use the information from attachments to inform your responses and outputs
-
-### File Handling
-
-- Uploaded files may be in various formats: CSV, JSON, PDF, images, text files, etc.
-- For spreadsheets and data files, examine the structure, columns, and sample data
-- For documents, extract key information and requirements
-- For images, analyze and describe their content
-- For code files, understand the logic and patterns
-
-**Do NOT ignore user uploaded files.** They are there for a reason and likely contain exactly what you need to complete the task successfully.
-
-## Outputs Directory
-
-There is a special folder called `outputs`. Any and all python scripts, javascript apps, generated documents, slides, etc. should go here.
-Feel free to write/edit anything you find in here.
-
-## Outputs
-
-There should be four main types of outputs:
-
-1. Web Applications / Dashboards
-
-Generally, you should use
-
-### Web Applications / Dashboards
-
-Web applications and dashboards should be written as a webapp built with Next.js, React, and shadcn/ui.. Within the `outputs` directory,
-there is a folder called `web` that has the skeleton of a basic Next.js app in it. Use this. We do NOT use a `src` directory.
-
-Use NextJS 16.1.1, React v19, Tailwindcss, and recharts.
-
-The Next.js app is already running on port {{NEXTJS_PORT}}. Do not run `npm run dev` yourself.
-
-If the app needs any pre-computation, then create a bash script called `prepare.sh` at the root of the `web` directory.
-
-**IMPORTANT: See `outputs/web/AGENTS.md` for detailed technical specifications, architecture patterns, component usage guidelines, and styling rules. It is the ground truth for webapp design**
-
-### Other Output Formats (Coming Soon)
-
-Additional output formats such as slides, markdown documents, and standalone graphs are coming soon. If the user requests these formats, let them know they're not yet available and suggest building an interactive web application instead, which can include:
-
-- Data visualizations and charts using recharts
-- Multi-page layouts with navigation
-- Exportable content (print-to-PDF functionality)
-- Interactive dashboards with real-time filtering and sorting

backend/onyx/server/features/build/CLAUDE.template.md

@@ -1,114 +0,0 @@
-# CLAUDE.md
-
-This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
-
-## Structure
-
-The `files` directory contains all of the knowledge from Chris' company, Onyx. This knowledge comes from Google Drive, Linear, Slack, Github, and Fireflies.
-
-Each source has it's own directory - `Google_Drive`, `Linear`, `Slack`, `Github`, and `Fireflies`. Within each directory, the structure of the source is built out as a folder structure:
-
-- Google Drive is copied over directly as is. End files are stored as `FILE_NAME.json`.
-- Linear has each project as a folder, and then within each project, each individual ticket is stored as a file: `[TICKET_ID]_TICKET_NAME.json`.
-- Slack has each channel as a folder titled `[CHANNEL_NAME]` in the root directory. Within each channel, each thread is represented as a single file called `[INITIAL_AUTHOR]_in_[CHANNEL]__[FIRST_MESSAGE].json`.
-- Github has each organization as a folder titled `[ORG_NAME]`. Within each organization, there is 
-a folder for each repository tilted `[REPO_NAME]`. Within each repository there are up to two folders: `pull_requests` and `issues`. Each pull request / issue is then represented as a single file
-within the appropriate folder. Pull requests are structured as `[PR_ID]__[PR_NAME].json` and issues 
-are structured as `[ISSUE_ID]__[ISSUE_NAME].json`.
-- Fireflies has all calls in the root, each as a single file titled `CALL_TITLE.json`.
-- HubSpot has four folders in the root: `Tickets`, `Companies`, `Deals`, and `Contacts`. Each object is stored as a file named after its title/name (e.g., `[TICKET_SUBJECT].json`, `[COMPANY_NAME].json`, `[DEAL_NAME].json`, `[CONTACT_NAME].json`).
-
-Across all names, spaces are replaced by `_`.
-
-Each JSON is structured like:
-
-```
-{
-  "id": "afbec183-b0c5-46bf-b768-1ce88d003729",
-  "semantic_identifier": "[CS-17] [Betclic] Update system prompt doesn't work",
-  "title": "[Betclic] Update system prompt doesn't work",
-  "source": "linear",
-  "doc_updated_at": "2025-11-10T16:31:07.735000+00:00",
-  "metadata": {
-    "team": "Customer Success",
-    "creator": "{'name': 'Chris Weaver', 'email': 'chris@danswer.ai'}",
-    "state": "Backlog",
-    "priority": "3",
-    "created_at": "2025-11-10T16:30:10.718Z"
-  },
-  "doc_metadata": {
-    "hierarchy": {
-      "source_path": [
-        "Customer Success"
-      ],
-      "team_name": "Customer Success",
-      "identifier": "CS-17"
-    }
-  },
-  "sections": [
-    {
-      "text": "Happens \\~15% of the time.",
-      "link": "https://linear.app/onyx-app/issue/CS-17/betclic-update-system-prompt-doesnt-work"
-    }
-  ],
-  "primary_owners": [],
-  "secondary_owners": []
-}
-```
-
-Do NOT write any files to these directories. Do NOT edit any files in these directories.
-
-There is a special folder called `outputs`. Any and all python scripts, javascript apps, generated documents, slides, etc. should go here.
-Feel free to write/edit anything you find in here.
-
-
-## Outputs
-
-There should be four main types of outputs:
-1. Web Applications / Dashboards
-2. Slides
-3. Markdown Documents
-4. Graphs/Charts
-
-Generally, you should use 
-
-### Web Applications / Dashboards
-
-Web applications and dashboards should be written as a Next.js app. Within the `outputs` directory,
-there is a folder called `web` that has the skeleton of a basic Next.js app in it. Use this.
-
-Use NextJS 16.1.1, React v19, Tailwindcss, and recharts.
-
-The Next.js app is already running and accessible at http://localhost:3002. Do not run `npm run dev` yourself.
-
-If the app needs any pre-computation, then create a bash script called `prepare.sh` at the root of the `web` directory.
-
-### Slides
-
-Slides should be created using the nano-banana MCP. 
-
-The outputs should be placed within the `outputs/slides` directory, named `[SLIDE_NUMBER].png`.
-
-Before creating slides, create a `SLIDE_OUTLINE.md` file describing the overall message as well as the content and structure of each slide.
-
-### Markdown Documents
-
-Markdown documents should be placed within the `outputs/document` directory.
-If you want to have a single "Document" that has multiple distinct pages, then create a folder within
-the `outputs/document` directory, and name each page `1.MD`, `2.MD`, ...
-
-### Graphs/Charts
-
-Graphs and charts should be placed in the `outputs/charts` directory.
-
-Graphs and charts should be created with a python script. You have access to libraries like numpy, pandas, scipy, matplotlib, and PIL.
-
-## Your Environment
-
-You are in an ephemeral virtual machine. 
-
-You currently have Python 3.11.13 and Node v22.21.1. 
-
-**Python Virtual Environment**: A Python virtual environment is pre-configured at `.venv/` with common data science and visualization packages already installed (numpy, pandas, matplotlib, scipy, PIL, etc.). The environment should be automatically activated, but if you run into issues with missing packages, you can explicitly use `.venv/bin/python` or `.venv/bin/pip`.
-
-If you need additional packages, install them with `pip install <package>` (or `.venv/bin/pip install <package>` if the venv isn't active). For javascript packages, use `npm` from within the `outputs/web` directory.  

backend/onyx/server/features/build/__init__.py

@@ -1 +0,0 @@
-# Build feature module

backend/onyx/server/features/build/api/api.py

@@ -1,454 +0,0 @@
-from collections.abc import Iterator
-from uuid import UUID
-
-import httpx
-from fastapi import APIRouter
-from fastapi import Depends
-from fastapi import HTTPException
-from fastapi import Request
-from fastapi import Response
-from fastapi.responses import StreamingResponse
-from sqlalchemy.orm import Session
-
-from onyx.auth.users import current_user
-from onyx.configs.constants import DocumentSource
-from onyx.db.connector_credential_pair import get_connector_credential_pairs_for_user
-from onyx.db.engine.sql_engine import get_session
-from onyx.db.enums import ConnectorCredentialPairStatus
-from onyx.db.enums import IndexingStatus
-from onyx.db.enums import ProcessingMode
-from onyx.db.index_attempt import get_latest_index_attempt_for_cc_pair_id
-from onyx.db.models import BuildSession
-from onyx.db.models import User
-from onyx.server.features.build.api.messages_api import router as messages_router
-from onyx.server.features.build.api.models import BuildConnectorInfo
-from onyx.server.features.build.api.models import BuildConnectorListResponse
-from onyx.server.features.build.api.models import BuildConnectorStatus
-from onyx.server.features.build.api.models import RateLimitResponse
-from onyx.server.features.build.api.rate_limit import get_user_rate_limit_status
-from onyx.server.features.build.api.sessions_api import router as sessions_router
-from onyx.server.features.build.db.sandbox import get_sandbox_by_user_id
-from onyx.server.features.build.sandbox import get_sandbox_manager
-from onyx.server.features.build.session.manager import SessionManager
-from onyx.server.features.build.utils import is_onyx_craft_enabled
-from onyx.utils.logger import setup_logger
-
-logger = setup_logger()
-
-
-def require_onyx_craft_enabled(user: User = Depends(current_user)) -> User:
-    """
-    Dependency that checks if Onyx Craft is enabled for the user.
-    Raises HTTP 403 if Onyx Craft is disabled via feature flag.
-    """
-    if not is_onyx_craft_enabled(user):
-        raise HTTPException(
-            status_code=403,
-            detail="Onyx Craft is not available",
-        )
-    return user
-
-
-router = APIRouter(prefix="/build", dependencies=[Depends(require_onyx_craft_enabled)])
-
-# Include sub-routers for sessions and messages
-router.include_router(sessions_router, tags=["build"])
-router.include_router(messages_router, tags=["build"])
-
-
-# -----------------------------------------------------------------------------
-# Rate Limiting
-# -----------------------------------------------------------------------------
-
-
-@router.get("/limit", response_model=RateLimitResponse)
-def get_rate_limit(
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> RateLimitResponse:
-    """Get rate limit information for the current user."""
-    return get_user_rate_limit_status(user, db_session)
-
-
-# -----------------------------------------------------------------------------
-# Build Connectors
-# -----------------------------------------------------------------------------
-
-
-@router.get("/connectors", response_model=BuildConnectorListResponse)
-def get_build_connectors(
-    user: User | None = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> BuildConnectorListResponse:
-    """Get all connectors for the build admin panel.
-
-    Returns all connector-credential pairs with simplified status information.
-    """
-    cc_pairs = get_connector_credential_pairs_for_user(
-        db_session=db_session,
-        user=user,
-        get_editable=False,
-        eager_load_connector=True,
-        eager_load_credential=True,
-        processing_mode=ProcessingMode.FILE_SYSTEM,  # Only show FILE_SYSTEM connectors
-    )
-
-    connectors: list[BuildConnectorInfo] = []
-    for cc_pair in cc_pairs:
-        # Skip ingestion API connectors and default pairs
-        if cc_pair.connector.source == DocumentSource.INGESTION_API:
-            continue
-        if cc_pair.name == "DefaultCCPair":
-            continue
-
-        # Determine status
-        error_message: str | None = None
-        has_ever_succeeded = cc_pair.last_successful_index_time is not None
-
-        if cc_pair.status == ConnectorCredentialPairStatus.DELETING:
-            status = BuildConnectorStatus.DELETING
-        elif cc_pair.status == ConnectorCredentialPairStatus.INVALID:
-            # If connector has succeeded before but credentials are now invalid,
-            # show as connected_with_errors so user can still disable demo data
-            if has_ever_succeeded:
-                status = BuildConnectorStatus.CONNECTED_WITH_ERRORS
-                error_message = "Connector credentials are invalid"
-            else:
-                status = BuildConnectorStatus.ERROR
-                error_message = "Connector credentials are invalid"
-        else:
-            # Check latest index attempt for errors
-            latest_attempt = get_latest_index_attempt_for_cc_pair_id(
-                db_session=db_session,
-                connector_credential_pair_id=cc_pair.id,
-                secondary_index=False,
-                only_finished=True,
-            )
-
-            if latest_attempt and latest_attempt.status == IndexingStatus.FAILED:
-                # If connector has succeeded before but latest attempt failed,
-                # show as connected_with_errors
-                if has_ever_succeeded:
-                    status = BuildConnectorStatus.CONNECTED_WITH_ERRORS
-                else:
-                    status = BuildConnectorStatus.ERROR
-                error_message = latest_attempt.error_msg
-            elif (
-                latest_attempt
-                and latest_attempt.status == IndexingStatus.COMPLETED_WITH_ERRORS
-            ):
-                # Completed with errors - if it has succeeded before, show as connected_with_errors
-                if has_ever_succeeded:
-                    status = BuildConnectorStatus.CONNECTED_WITH_ERRORS
-                else:
-                    status = BuildConnectorStatus.ERROR
-                error_message = "Indexing completed with errors"
-            elif cc_pair.status == ConnectorCredentialPairStatus.PAUSED:
-                status = BuildConnectorStatus.CONNECTED
-            elif cc_pair.last_successful_index_time is None:
-                # Never successfully indexed - check if currently indexing
-                # First check cc_pair status for scheduled/initial indexing
-                if cc_pair.status in (
-                    ConnectorCredentialPairStatus.SCHEDULED,
-                    ConnectorCredentialPairStatus.INITIAL_INDEXING,
-                ):
-                    status = BuildConnectorStatus.INDEXING
-                else:
-                    in_progress_attempt = get_latest_index_attempt_for_cc_pair_id(
-                        db_session=db_session,
-                        connector_credential_pair_id=cc_pair.id,
-                        secondary_index=False,
-                        only_finished=False,
-                    )
-                    if (
-                        in_progress_attempt
-                        and in_progress_attempt.status == IndexingStatus.IN_PROGRESS
-                    ):
-                        status = BuildConnectorStatus.INDEXING
-                    elif (
-                        in_progress_attempt
-                        and in_progress_attempt.status == IndexingStatus.NOT_STARTED
-                    ):
-                        status = BuildConnectorStatus.INDEXING
-                    else:
-                        # Has a finished attempt but never succeeded - likely error
-                        status = BuildConnectorStatus.ERROR
-                        error_message = (
-                            latest_attempt.error_msg
-                            if latest_attempt
-                            else "Initial indexing failed"
-                        )
-            else:
-                status = BuildConnectorStatus.CONNECTED
-
-        connectors.append(
-            BuildConnectorInfo(
-                cc_pair_id=cc_pair.id,
-                connector_id=cc_pair.connector.id,
-                credential_id=cc_pair.credential.id,
-                source=cc_pair.connector.source.value,
-                name=cc_pair.name or cc_pair.connector.name or "Unnamed",
-                status=status,
-                docs_indexed=0,  # Would need to query for this
-                last_indexed=cc_pair.last_successful_index_time,
-                error_message=error_message,
-            )
-        )
-
-    return BuildConnectorListResponse(connectors=connectors)
-
-
-# Headers to skip when proxying (hop-by-hop headers)
-EXCLUDED_HEADERS = {
-    "content-encoding",
-    "content-length",
-    "transfer-encoding",
-    "connection",
-}
-
-
-def _stream_response(response: httpx.Response) -> Iterator[bytes]:
-    """Stream the response content in chunks."""
-    for chunk in response.iter_bytes(chunk_size=8192):
-        yield chunk
-
-
-def _rewrite_asset_paths(content: bytes, session_id: str) -> bytes:
-    """Rewrite Next.js asset paths to go through the proxy."""
-    import re
-
-    # Base path includes session_id for routing
-    webapp_base_path = f"/api/build/sessions/{session_id}/webapp"
-
-    text = content.decode("utf-8")
-    # Rewrite /_next/ paths to go through our proxy
-    text = text.replace("/_next/", f"{webapp_base_path}/_next/")
-    # Rewrite JSON data file fetch paths (e.g., /data.json, /data/tickets.json)
-    # Matches paths like "/filename.json" or "/path/to/file.json"
-    text = re.sub(
-        r'"(/(?:[a-zA-Z0-9_-]+/)*[a-zA-Z0-9_-]+\.json)"',
-        f'"{webapp_base_path}\\1"',
-        text,
-    )
-    text = re.sub(
-        r"'(/(?:[a-zA-Z0-9_-]+/)*[a-zA-Z0-9_-]+\.json)'",
-        f"'{webapp_base_path}\\1'",
-        text,
-    )
-    # Rewrite favicon
-    text = text.replace('"/favicon.ico', f'"{webapp_base_path}/favicon.ico')
-    return text.encode("utf-8")
-
-
-# Content types that may contain asset path references that need rewriting
-REWRITABLE_CONTENT_TYPES = {
-    "text/html",
-    "text/css",
-    "application/javascript",
-    "text/javascript",
-    "application/x-javascript",
-}
-
-
-def _get_sandbox_url(session_id: UUID, db_session: Session) -> str:
-    """Get the internal URL for a session's Next.js server.
-
-    Uses the sandbox manager to get the correct URL for both local and
-    Kubernetes environments.
-
-    Args:
-        session_id: The build session ID
-        db_session: Database session
-
-    Returns:
-        The internal URL to proxy requests to
-
-    Raises:
-        HTTPException: If session not found, port not allocated, or sandbox not found
-    """
-
-    session = db_session.get(BuildSession, session_id)
-    if not session:
-        raise HTTPException(status_code=404, detail="Session not found")
-    if session.nextjs_port is None:
-        raise HTTPException(status_code=503, detail="Session port not allocated")
-    if session.user_id is None:
-        raise HTTPException(status_code=404, detail="User not found")
-
-    # Get the user's sandbox to get the sandbox_id
-    sandbox = get_sandbox_by_user_id(db_session, session.user_id)
-    if sandbox is None:
-        raise HTTPException(status_code=404, detail="Sandbox not found")
-
-    # Use sandbox manager to get the correct internal URL
-    sandbox_manager = get_sandbox_manager()
-    return sandbox_manager.get_webapp_url(sandbox.id, session.nextjs_port)
-
-
-def _proxy_request(
-    path: str, request: Request, session_id: UUID, db_session: Session
-) -> StreamingResponse | Response:
-    """Proxy a request to the sandbox's Next.js server."""
-    base_url = _get_sandbox_url(session_id, db_session)
-
-    # Build the target URL
-    target_url = f"{base_url}/{path.lstrip('/')}"
-
-    # Include query params if present
-    if request.query_params:
-        target_url = f"{target_url}?{request.query_params}"
-
-    logger.debug(f"Proxying request to: {target_url}")
-
-    try:
-        # Make the request to the target URL
-        with httpx.Client(timeout=30.0, follow_redirects=True) as client:
-            response = client.get(
-                target_url,
-                headers={
-                    key: value
-                    for key, value in request.headers.items()
-                    if key.lower() not in ("host", "content-length")
-                },
-            )
-
-            # Build response headers, excluding hop-by-hop headers
-            response_headers = {
-                key: value
-                for key, value in response.headers.items()
-                if key.lower() not in EXCLUDED_HEADERS
-            }
-
-            content_type = response.headers.get("content-type", "")
-
-            # For HTML/CSS/JS responses, rewrite asset paths
-            if any(ct in content_type for ct in REWRITABLE_CONTENT_TYPES):
-                content = _rewrite_asset_paths(response.content, str(session_id))
-                return Response(
-                    content=content,
-                    status_code=response.status_code,
-                    headers=response_headers,
-                    media_type=content_type,
-                )
-
-            return StreamingResponse(
-                content=_stream_response(response),
-                status_code=response.status_code,
-                headers=response_headers,
-                media_type=content_type or None,
-            )
-
-    except httpx.TimeoutException:
-        logger.error(f"Timeout while proxying request to {target_url}")
-        raise HTTPException(status_code=504, detail="Gateway timeout")
-    except httpx.RequestError as e:
-        logger.error(f"Error proxying request to {target_url}: {e}")
-        raise HTTPException(status_code=502, detail="Bad gateway")
-
-
-@router.get("/sessions/{session_id}/webapp", response_model=None)
-def get_webapp_root(
-    session_id: UUID,
-    request: Request,
-    _: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> StreamingResponse | Response:
-    """Proxy the root path of the webapp for a specific session."""
-    return _proxy_request("", request, session_id, db_session)
-
-
-@router.get("/sessions/{session_id}/webapp/{path:path}", response_model=None)
-def get_webapp_path(
-    session_id: UUID,
-    path: str,
-    request: Request,
-    _: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> StreamingResponse | Response:
-    """Proxy any subpath of the webapp (static assets, etc.) for a specific session."""
-    return _proxy_request(path, request, session_id, db_session)
-
-
-# Separate router for Next.js static assets at /_next/*
-# This is needed because Next.js apps may reference assets with root-relative paths
-# that don't get rewritten. The session_id is extracted from the Referer header.
-nextjs_assets_router = APIRouter()
-
-
-def _extract_session_from_referer(request: Request) -> UUID | None:
-    """Extract session_id from the Referer header.
-
-    Expects Referer to contain /api/build/sessions/{session_id}/webapp
-    """
-    import re
-
-    referer = request.headers.get("referer", "")
-    match = re.search(r"/api/build/sessions/([a-f0-9-]+)/webapp", referer)
-    if match:
-        try:
-            return UUID(match.group(1))
-        except ValueError:
-            return None
-    return None
-
-
-@nextjs_assets_router.get("/_next/{path:path}", response_model=None)
-def get_nextjs_assets(
-    path: str,
-    request: Request,
-    _: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> StreamingResponse | Response:
-    """Proxy Next.js static assets requested at root /_next/ path.
-
-    The session_id is extracted from the Referer header since these requests
-    come from within the iframe context.
-    """
-    session_id = _extract_session_from_referer(request)
-    if not session_id:
-        raise HTTPException(
-            status_code=400,
-            detail="Could not determine session from request context",
-        )
-    return _proxy_request(f"_next/{path}", request, session_id, db_session)
-
-
-# =============================================================================
-# Sandbox Management Endpoints
-# =============================================================================
-
-
-@router.post("/sandbox/reset", response_model=None)
-def reset_sandbox(
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> Response:
-    """Reset the user's sandbox by terminating it and cleaning up all sessions.
-
-    This endpoint terminates the user's shared sandbox container/pod and
-    cleans up all session workspaces. Useful for "start fresh" functionality.
-
-    After calling this endpoint, the next session creation will provision a
-    new sandbox.
-    """
-    session_manager = SessionManager(db_session)
-
-    try:
-        success = session_manager.terminate_user_sandbox(user.id)
-        if not success:
-            raise HTTPException(
-                status_code=404,
-                detail="No sandbox found for user",
-            )
-        db_session.commit()
-    except HTTPException:
-        raise
-    except Exception as e:
-        db_session.rollback()
-        logger.error(f"Failed to reset sandbox for user {user.id}: {e}")
-        raise HTTPException(
-            status_code=500,
-            detail=f"Failed to reset sandbox: {e}",
-        )
-
-    return Response(status_code=204)

backend/onyx/server/features/build/api/messages_api.py

@@ -1,106 +0,0 @@
-"""API endpoints for Build Mode message management."""
-
-from uuid import UUID
-
-from fastapi import APIRouter
-from fastapi import Depends
-from fastapi import HTTPException
-from fastapi.responses import StreamingResponse
-from sqlalchemy.orm import Session
-
-from onyx.auth.users import current_user
-from onyx.configs.constants import PUBLIC_API_TAGS
-from onyx.db.engine.sql_engine import get_session
-from onyx.db.models import User
-from onyx.server.features.build.api.models import MessageListResponse
-from onyx.server.features.build.api.models import MessageRequest
-from onyx.server.features.build.api.models import MessageResponse
-from onyx.server.features.build.db.sandbox import get_sandbox_by_user_id
-from onyx.server.features.build.db.sandbox import update_sandbox_heartbeat
-from onyx.server.features.build.session.manager import RateLimitError
-from onyx.server.features.build.session.manager import SessionManager
-from onyx.utils.logger import setup_logger
-
-logger = setup_logger()
-
-
-router = APIRouter()
-
-
-def check_build_rate_limits(
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> None:
-    """
-    Dependency to check build mode rate limits before processing the request.
-
-    Raises HTTPException(429) if rate limit is exceeded.
-    Follows the same pattern as chat's check_token_rate_limits.
-    """
-    session_manager = SessionManager(db_session)
-
-    try:
-        session_manager.check_rate_limit(user)
-    except RateLimitError as e:
-        raise HTTPException(
-            status_code=429,
-            detail=str(e),
-        )
-
-
-@router.get("/sessions/{session_id}/messages", tags=PUBLIC_API_TAGS)
-def list_messages(
-    session_id: UUID,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> MessageListResponse:
-    """Get all messages for a build session."""
-    if user is None:
-        raise HTTPException(status_code=401, detail="Authentication required")
-
-    session_manager = SessionManager(db_session)
-
-    messages = session_manager.list_messages(session_id, user.id)
-
-    if messages is None:
-        raise HTTPException(status_code=404, detail="Session not found")
-
-    return MessageListResponse(
-        messages=[MessageResponse.from_model(msg) for msg in messages]
-    )
-
-
-@router.post("/sessions/{session_id}/send-message", tags=PUBLIC_API_TAGS)
-async def send_message(
-    session_id: UUID,
-    request: MessageRequest,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-    _rate_limit_check: None = Depends(check_build_rate_limits),
-) -> StreamingResponse:
-    """
-    Send a message to the CLI agent and stream the response.
-
-    Enforces rate limiting before executing the agent (via dependency).
-    Returns a Server-Sent Events (SSE) stream with the agent's response.
-
-    Follows the same pattern as /chat/send-message for consistency.
-    """
-    # Update sandbox heartbeat - this is the only place we track activity
-    # for determining when a sandbox should be put to sleep
-    sandbox = get_sandbox_by_user_id(db_session, user.id)
-    if sandbox and sandbox.status.is_active():
-        update_sandbox_heartbeat(db_session, sandbox.id)
-
-    session_manager = SessionManager(db_session)
-
-    # Stream the CLI agent's response
-    return StreamingResponse(
-        session_manager.send_message(session_id, user.id, request.content),
-        media_type="text/event-stream",
-        headers={
-            "Cache-Control": "no-cache",
-            "Connection": "keep-alive",
-            "X-Accel-Buffering": "no",  # Disable nginx buffering
-        },
-    )

backend/onyx/server/features/build/api/models.py

@@ -1,325 +0,0 @@
-from datetime import datetime
-from enum import Enum
-from typing import Any
-from typing import TYPE_CHECKING
-from typing import Union
-
-from pydantic import BaseModel
-
-from onyx.configs.constants import MessageType
-from onyx.db.enums import ArtifactType
-from onyx.db.enums import BuildSessionStatus
-from onyx.db.enums import SandboxStatus
-from onyx.server.features.build.sandbox.models import (
-    FilesystemEntry as FileSystemEntry,
-)
-
-if TYPE_CHECKING:
-    from onyx.db.models import Sandbox
-    from onyx.db.models import BuildSession
-
-
-# ===== Session Models =====
-class SessionCreateRequest(BaseModel):
-    """Request to create a new build session."""
-
-    name: str | None = None  # Optional session name
-    demo_data_enabled: bool = True  # Whether to enable demo org_info data in sandbox
-    user_work_area: str | None = None  # User's work area (e.g., "engineering")
-    user_level: str | None = None  # User's level (e.g., "ic", "manager")
-    # LLM selection from user's cookie
-    llm_provider_type: str | None = None  # Provider type (e.g., "anthropic", "openai")
-    llm_model_name: str | None = None  # Model name (e.g., "claude-opus-4-5")
-
-
-class SessionUpdateRequest(BaseModel):
-    """Request to update a build session.
-
-    If name is None, the session name will be auto-generated using LLM.
-    """
-
-    name: str | None = None
-
-
-class SessionNameGenerateResponse(BaseModel):
-    """Response containing a generated session name."""
-
-    name: str
-
-
-class SandboxResponse(BaseModel):
-    """Sandbox metadata in session response."""
-
-    id: str
-    status: SandboxStatus
-    container_id: str | None
-    created_at: datetime
-    last_heartbeat: datetime | None
-
-    @classmethod
-    def from_model(cls, sandbox: Any) -> "SandboxResponse":
-        """Convert Sandbox ORM model to response."""
-        return cls(
-            id=str(sandbox.id),
-            status=sandbox.status,
-            container_id=sandbox.container_id,
-            created_at=sandbox.created_at,
-            last_heartbeat=sandbox.last_heartbeat,
-        )
-
-
-class ArtifactResponse(BaseModel):
-    """Artifact metadata in session response."""
-
-    id: str
-    session_id: str
-    type: ArtifactType
-    name: str
-    path: str
-    preview_url: str | None
-    created_at: datetime
-    updated_at: datetime
-
-    @classmethod
-    def from_model(cls, artifact: Any) -> "ArtifactResponse":
-        """Convert Artifact ORM model to response."""
-        return cls(
-            id=str(artifact.id),
-            session_id=str(artifact.session_id),
-            type=artifact.type,
-            name=artifact.name,
-            path=artifact.path,
-            preview_url=getattr(artifact, "preview_url", None),
-            created_at=artifact.created_at,
-            updated_at=artifact.updated_at,
-        )
-
-
-class SessionResponse(BaseModel):
-    """Response containing session details."""
-
-    id: str
-    user_id: str | None
-    name: str | None
-    status: BuildSessionStatus
-    created_at: datetime
-    last_activity_at: datetime
-    nextjs_port: int | None
-    sandbox: SandboxResponse | None
-    artifacts: list[ArtifactResponse]
-
-    @classmethod
-    def from_model(
-        cls, session: "BuildSession", sandbox: Union["Sandbox", None] = None
-    ) -> "SessionResponse":
-        """Convert BuildSession ORM model to response.
-
-        Args:
-            session: BuildSession ORM model
-            sandbox: Optional Sandbox ORM model. Since sandboxes are now user-owned
-                     (not session-owned), the sandbox must be passed separately.
-        """
-        return cls(
-            id=str(session.id),
-            user_id=str(session.user_id) if session.user_id else None,
-            name=session.name,
-            status=session.status,
-            created_at=session.created_at,
-            last_activity_at=session.last_activity_at,
-            nextjs_port=session.nextjs_port,
-            sandbox=(SandboxResponse.from_model(sandbox) if sandbox else None),
-            artifacts=[ArtifactResponse.from_model(a) for a in session.artifacts],
-        )
-
-
-class DetailedSessionResponse(SessionResponse):
-    """Extended session response with sandbox state details.
-
-    Used for single-session endpoints where we compute expensive fields
-    like session_loaded_in_sandbox.
-    """
-
-    session_loaded_in_sandbox: bool
-
-    @classmethod
-    def from_session_response(
-        cls,
-        base: SessionResponse,
-        session_loaded_in_sandbox: bool,
-    ) -> "DetailedSessionResponse":
-        return cls(
-            **base.model_dump(),
-            session_loaded_in_sandbox=session_loaded_in_sandbox,
-        )
-
-
-class SessionListResponse(BaseModel):
-    """Response containing list of sessions."""
-
-    sessions: list[SessionResponse]
-
-
-# ===== Message Models =====
-class MessageRequest(BaseModel):
-    """Request to send a message to the CLI agent."""
-
-    content: str
-
-
-class MessageResponse(BaseModel):
-    """Response containing message details.
-
-    All message data is stored in message_metadata as JSON (the raw ACP packet).
-    The turn_index groups all assistant responses under the user prompt they respond to.
-
-    Packet types in message_metadata:
-    - user_message: {type: "user_message", content: {...}}
-    - agent_message: {type: "agent_message", content: {...}}
-    - agent_thought: {type: "agent_thought", content: {...}}
-    - tool_call_progress: {type: "tool_call_progress", status: "completed", ...}
-    - agent_plan_update: {type: "agent_plan_update", entries: [...]}
-    """
-
-    id: str
-    session_id: str
-    turn_index: int
-    type: MessageType
-    message_metadata: dict[str, Any]
-    created_at: datetime
-
-    @classmethod
-    def from_model(cls, message: Any) -> "MessageResponse":
-        """Convert BuildMessage ORM model to response."""
-        return cls(
-            id=str(message.id),
-            session_id=str(message.session_id),
-            turn_index=message.turn_index,
-            type=message.type,
-            message_metadata=message.message_metadata,
-            created_at=message.created_at,
-        )
-
-
-class MessageListResponse(BaseModel):
-    """Response containing list of messages."""
-
-    messages: list[MessageResponse]
-
-
-# ===== Legacy Models (for compatibility with other code) =====
-class CreateSessionRequest(BaseModel):
-    task: str
-    available_sources: list[str] | None = None
-
-
-class CreateSessionResponse(BaseModel):
-    session_id: str
-
-
-class ExecuteRequest(BaseModel):
-    task: str
-    context: str | None = None
-
-
-class ArtifactInfo(BaseModel):
-    artifact_type: str  # "webapp", "file", "markdown", "image"
-    path: str
-    filename: str
-    mime_type: str | None = None
-
-
-class SessionStatus(BaseModel):
-    session_id: str
-    status: str  # "idle", "running", "completed", "failed"
-    webapp_url: str | None = None
-
-
-class DirectoryListing(BaseModel):
-    path: str  # Current directory path
-    entries: list[FileSystemEntry]  # Contents
-
-
-class WebappInfo(BaseModel):
-    has_webapp: bool  # Whether a webapp exists in outputs/web
-    webapp_url: str | None  # URL to access the webapp (e.g., http://localhost:3015)
-    status: str  # Sandbox status (running, terminated, etc.)
-
-
-# ===== File Upload Models =====
-class UploadResponse(BaseModel):
-    """Response after successful file upload."""
-
-    filename: str  # Sanitized filename
-    path: str  # Relative path in sandbox (e.g., "attachments/doc.pdf")
-    size_bytes: int  # File size in bytes
-
-
-# ===== Rate Limit Models =====
-class RateLimitResponse(BaseModel):
-    """Rate limit information."""
-
-    is_limited: bool
-    limit_type: str  # "weekly" or "total"
-    messages_used: int
-    limit: int
-    reset_timestamp: str | None = None
-
-
-# ===== Build Connector Models =====
-class BuildConnectorStatus(str, Enum):
-    """Status of a build connector."""
-
-    NOT_CONNECTED = "not_connected"
-    CONNECTED = "connected"
-    CONNECTED_WITH_ERRORS = "connected_with_errors"
-    INDEXING = "indexing"
-    ERROR = "error"
-    DELETING = "deleting"
-
-
-class BuildConnectorInfo(BaseModel):
-    """Simplified connector info for build admin panel."""
-
-    cc_pair_id: int
-    connector_id: int
-    credential_id: int
-    source: str
-    name: str
-    status: BuildConnectorStatus
-    docs_indexed: int
-    last_indexed: datetime | None
-    error_message: str | None = None
-
-
-class BuildConnectorListResponse(BaseModel):
-    """List of build connectors."""
-
-    connectors: list[BuildConnectorInfo]
-
-
-# ===== Suggestion Bubble Models =====
-class SuggestionTheme(str, Enum):
-    """Theme/category of a follow-up suggestion."""
-
-    ADD = "add"
-    QUESTION = "question"
-
-
-class SuggestionBubble(BaseModel):
-    """A single follow-up suggestion bubble."""
-
-    theme: SuggestionTheme
-    text: str
-
-
-class GenerateSuggestionsRequest(BaseModel):
-    """Request to generate follow-up suggestions."""
-
-    user_message: str  # First user message
-    assistant_message: str  # First assistant text response (accumulated)
-
-
-class GenerateSuggestionsResponse(BaseModel):
-    """Response containing generated suggestions."""
-
-    suggestions: list[SuggestionBubble]

backend/onyx/server/features/build/api/packet_logger.py

@@ -1,101 +0,0 @@
-"""Simple packet logger for build mode debugging.
-
-Logs the raw JSON of every packet emitted during build mode.
-
-Log output: backend/onyx/server/features/build/packets.log
-"""
-
-import json
-import logging
-import os
-from pathlib import Path
-from typing import Any
-
-
-class PacketLogger:
-    """Simple packet logger - outputs raw JSON for each packet."""
-
-    _instance: "PacketLogger | None" = None
-    _initialized: bool
-
-    def __new__(cls) -> "PacketLogger":
-        if cls._instance is None:
-            cls._instance = super().__new__(cls)
-            cls._instance._initialized = False
-        return cls._instance
-
-    def __init__(self) -> None:
-        if self._initialized:
-            return
-
-        self._initialized = True
-        self._enabled = os.getenv("LOG_LEVEL", "").upper() == "DEBUG"
-        self._logger: logging.Logger | None = None
-
-        if self._enabled:
-            self._setup_logger()
-
-    def _setup_logger(self) -> None:
-        """Set up the file handler for packet logging."""
-        # Log to backend/onyx/server/features/build/packets.log
-        build_dir = Path(__file__).parents[1]
-        log_file = build_dir / "packets.log"
-
-        self._logger = logging.getLogger("build.packets")
-        self._logger.setLevel(logging.DEBUG)
-        self._logger.propagate = False
-
-        self._logger.handlers.clear()
-
-        handler = logging.FileHandler(log_file, mode="a", encoding="utf-8")
-        handler.setLevel(logging.DEBUG)
-        handler.setFormatter(logging.Formatter("%(message)s"))
-
-        self._logger.addHandler(handler)
-
-    def log(self, packet_type: str, payload: dict[str, Any] | None = None) -> None:
-        """Log a packet as JSON.
-
-        Args:
-            packet_type: The type of packet
-            payload: The packet payload
-        """
-        if not self._enabled or not self._logger:
-            return
-
-        try:
-            output = json.dumps(payload, indent=2, default=str) if payload else "{}"
-            self._logger.debug(f"\n=== {packet_type} ===\n{output}")
-        except Exception:
-            self._logger.debug(f"\n=== {packet_type} ===\n{payload}")
-
-    def log_raw(self, label: str, data: Any) -> None:
-        """Log raw data with a label.
-
-        Args:
-            label: A label for this log entry
-            data: Any data to log
-        """
-        if not self._enabled or not self._logger:
-            return
-
-        try:
-            if isinstance(data, (dict, list)):
-                output = json.dumps(data, indent=2, default=str)
-            else:
-                output = str(data)
-            self._logger.debug(f"\n=== {label} ===\n{output}")
-        except Exception:
-            self._logger.debug(f"\n=== {label} ===\n{data}")
-
-
-# Singleton instance
-_packet_logger: PacketLogger | None = None
-
-
-def get_packet_logger() -> PacketLogger:
-    """Get the singleton packet logger instance."""
-    global _packet_logger
-    if _packet_logger is None:
-        _packet_logger = PacketLogger()
-    return _packet_logger

backend/onyx/server/features/build/api/packets.py

@@ -1,68 +0,0 @@
-"""Build Mode packet types for streaming agent responses.
-
-This module defines CUSTOM Onyx packet types that extend ACP (Agent Client Protocol).
-ACP events are passed through directly from the agent - this module only contains
-Onyx-specific extensions like artifacts and file operations.
-
-All packets use SSE (Server-Sent Events) format with `event: message` and include
-a `type` field to distinguish packet types.
-
-ACP events (passed through directly from acp.schema):
-- agent_message_chunk: Text/image content from agent
-- agent_thought_chunk: Agent's internal reasoning
-- tool_call_start: Tool invocation started
-- tool_call_progress: Tool execution progress/result
-- agent_plan_update: Agent's execution plan
-- current_mode_update: Agent mode change
-- prompt_response: Agent finished processing
-- error: An error occurred
-
-Custom Onyx packets (defined here):
-- error: Onyx-specific errors (e.g., session not found)
-
-Based on:
-- Agent Client Protocol (ACP): https://agentclientprotocol.com
-"""
-
-from datetime import datetime
-from datetime import timezone
-from typing import Any
-from typing import Literal
-
-from pydantic import BaseModel
-from pydantic import Field
-
-
-# =============================================================================
-# Base Packet Type
-# =============================================================================
-
-
-class BasePacket(BaseModel):
-    """Base packet with common fields for all custom Onyx packet types."""
-
-    type: str
-    timestamp: str = Field(
-        default_factory=lambda: datetime.now(tz=timezone.utc).isoformat()
-    )
-
-
-# =============================================================================
-# Custom Onyx Packets
-# =============================================================================
-
-
-class ErrorPacket(BasePacket):
-    """An Onyx-specific error occurred (e.g., session not found, sandbox not running)."""
-
-    type: Literal["error"] = "error"
-    message: str
-    code: int | None = None
-    details: dict[str, Any] | None = None
-
-
-# =============================================================================
-# Union Type for Custom Onyx Packets
-# =============================================================================
-
-BuildPacket = ErrorPacket

backend/onyx/server/features/build/api/rate_limit.py

@@ -1,90 +0,0 @@
-"""Rate limiting logic for Build Mode."""
-
-from datetime import datetime
-from datetime import timedelta
-from datetime import timezone
-from typing import Literal
-
-from sqlalchemy.orm import Session
-
-from onyx.db.models import User
-from onyx.server.features.build.api.models import RateLimitResponse
-from onyx.server.features.build.api.subscription_check import is_user_subscribed
-from onyx.server.features.build.db.rate_limit import count_user_messages_in_window
-from onyx.server.features.build.db.rate_limit import count_user_messages_total
-from onyx.server.features.build.db.rate_limit import get_oldest_message_timestamp
-from shared_configs.configs import MULTI_TENANT
-
-
-def get_user_rate_limit_status(
-    user: User,
-    db_session: Session,
-) -> RateLimitResponse:
-    """
-    Get the rate limit status for a user.
-
-    Rate limits:
-        - Cloud (MULTI_TENANT=true):
-            - Subscribed users: 50 messages per week (rolling 7-day window)
-            - Non-subscribed users: 5 messages (lifetime total)
-        - Self-hosted (MULTI_TENANT=false):
-            - Unlimited (no rate limiting)
-
-    Args:
-        user: The user object (None for unauthenticated users)
-        db_session: Database session
-
-    Returns:
-        RateLimitResponse with current limit status
-    """
-    # Self-hosted deployments have no rate limits
-    if not MULTI_TENANT:
-        return RateLimitResponse(
-            is_limited=False,
-            limit_type="weekly",
-            messages_used=0,
-            limit=0,  # 0 indicates unlimited
-            reset_timestamp=None,
-        )
-
-    # Determine subscription status
-    is_subscribed = is_user_subscribed(user, db_session)
-
-    # Set limits based on subscription
-    limit = 50 if is_subscribed else 5
-    limit_type: Literal["weekly", "total"] = "weekly" if is_subscribed else "total"
-
-    # Count messages
-    user_id = user.id if user else None
-    if user_id is None:
-        # Unauthenticated users have no usage
-        messages_used = 0
-        reset_timestamp = None
-    elif limit_type == "weekly":
-        # Subscribed: rolling 7-day window
-        cutoff_time = datetime.now(tz=timezone.utc) - timedelta(days=7)
-        messages_used = count_user_messages_in_window(user_id, cutoff_time, db_session)
-
-        # Calculate reset timestamp (when oldest message ages out)
-        # Only show reset time if user is at or over the limit
-        if messages_used >= limit:
-            oldest_msg = get_oldest_message_timestamp(user_id, cutoff_time, db_session)
-            if oldest_msg:
-                reset_time = oldest_msg + timedelta(days=7)
-                reset_timestamp = reset_time.isoformat()
-            else:
-                reset_timestamp = None
-        else:
-            reset_timestamp = None
-    else:
-        # Non-subscribed: lifetime total
-        messages_used = count_user_messages_total(user_id, db_session)
-        reset_timestamp = None
-
-    return RateLimitResponse(
-        is_limited=messages_used >= limit,
-        limit_type=limit_type,
-        messages_used=messages_used,
-        limit=limit,
-        reset_timestamp=reset_timestamp,
-    )

backend/onyx/server/features/build/api/sessions_api.py

@@ -1,680 +0,0 @@
-"""API endpoints for Build Mode session management."""
-
-from uuid import UUID
-
-from fastapi import APIRouter
-from fastapi import Depends
-from fastapi import File
-from fastapi import HTTPException
-from fastapi import Response
-from fastapi import UploadFile
-from sqlalchemy.orm import Session
-
-from onyx.auth.users import current_user
-from onyx.db.engine.sql_engine import get_session
-from onyx.db.enums import SandboxStatus
-from onyx.db.models import User
-from onyx.redis.redis_pool import get_redis_client
-from onyx.server.features.build.api.models import ArtifactResponse
-from onyx.server.features.build.api.models import DetailedSessionResponse
-from onyx.server.features.build.api.models import DirectoryListing
-from onyx.server.features.build.api.models import GenerateSuggestionsRequest
-from onyx.server.features.build.api.models import GenerateSuggestionsResponse
-from onyx.server.features.build.api.models import SessionCreateRequest
-from onyx.server.features.build.api.models import SessionListResponse
-from onyx.server.features.build.api.models import SessionNameGenerateResponse
-from onyx.server.features.build.api.models import SessionResponse
-from onyx.server.features.build.api.models import SessionUpdateRequest
-from onyx.server.features.build.api.models import SuggestionBubble
-from onyx.server.features.build.api.models import SuggestionTheme
-from onyx.server.features.build.api.models import UploadResponse
-from onyx.server.features.build.api.models import WebappInfo
-from onyx.server.features.build.db.build_session import allocate_nextjs_port
-from onyx.server.features.build.db.build_session import get_build_session
-from onyx.server.features.build.db.sandbox import get_latest_snapshot_for_session
-from onyx.server.features.build.db.sandbox import get_sandbox_by_user_id
-from onyx.server.features.build.db.sandbox import update_sandbox_status__no_commit
-from onyx.server.features.build.sandbox import get_sandbox_manager
-from onyx.server.features.build.session.manager import SessionManager
-from onyx.server.features.build.session.manager import UploadLimitExceededError
-from onyx.server.features.build.utils import sanitize_filename
-from onyx.server.features.build.utils import validate_file
-from onyx.utils.logger import setup_logger
-from shared_configs.contextvars import get_current_tenant_id
-
-logger = setup_logger()
-
-router = APIRouter(prefix="/sessions")
-
-
-# =============================================================================
-# Session Management Endpoints
-# =============================================================================
-
-
-@router.get("", response_model=SessionListResponse)
-def list_sessions(
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> SessionListResponse:
-    """List all build sessions for the current user."""
-    session_manager = SessionManager(db_session)
-
-    sessions = session_manager.list_sessions(user.id)
-
-    # Get the user's sandbox (shared across all sessions)
-    sandbox = get_sandbox_by_user_id(db_session, user.id)
-
-    return SessionListResponse(
-        sessions=[SessionResponse.from_model(session, sandbox) for session in sessions]
-    )
-
-
-@router.post("", response_model=DetailedSessionResponse)
-def create_session(
-    request: SessionCreateRequest,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> DetailedSessionResponse:
-    """
-    Create or get an existing empty build session.
-
-    Creates a sandbox with the necessary file structure and returns a session ID.
-    Uses SessionManager for session and sandbox provisioning.
-
-    This endpoint is atomic - if sandbox provisioning fails, no database
-    records are created (transaction is rolled back).
-    """
-    session_manager = SessionManager(db_session)
-
-    try:
-        # Only pass user_work_area and user_level if demo data is enabled
-        # This prevents org_info directory creation when demo data is disabled
-        build_session = session_manager.get_or_create_empty_session(
-            user.id,
-            user_work_area=(
-                request.user_work_area if request.demo_data_enabled else None
-            ),
-            user_level=request.user_level if request.demo_data_enabled else None,
-            llm_provider_type=request.llm_provider_type,
-            llm_model_name=request.llm_model_name,
-        )
-        db_session.commit()
-    except ValueError as e:
-        # Max concurrent sandboxes reached or other validation error
-        logger.exception("Sandbox provisioning failed")
-        db_session.rollback()
-        raise HTTPException(status_code=429, detail=str(e))
-    except Exception as e:
-        # Sandbox provisioning failed - rollback to remove any uncommitted records
-        db_session.rollback()
-        logger.error(f"Sandbox provisioning failed: {e}")
-        raise HTTPException(
-            status_code=500,
-            detail=f"Sandbox provisioning failed: {e}",
-        )
-
-    # Get the user's sandbox to include in response
-    sandbox = get_sandbox_by_user_id(db_session, user.id)
-    base_response = SessionResponse.from_model(build_session, sandbox)
-    # Session was just created, so it's loaded in the sandbox
-    return DetailedSessionResponse.from_session_response(
-        base_response, session_loaded_in_sandbox=True
-    )
-
-
-@router.get("/{session_id}", response_model=DetailedSessionResponse)
-def get_session_details(
-    session_id: UUID,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> DetailedSessionResponse:
-    """
-    Get details of a specific build session.
-
-    Returns session_loaded_in_sandbox to indicate if the session workspace
-    exists in the running sandbox.
-    """
-    session_manager = SessionManager(db_session)
-
-    session = session_manager.get_session(session_id, user.id)
-
-    if session is None:
-        raise HTTPException(status_code=404, detail="Session not found")
-
-    # Get the user's sandbox to include in response
-    sandbox = get_sandbox_by_user_id(db_session, user.id)
-
-    # Check if session workspace exists in the sandbox
-    session_loaded = False
-    if sandbox and sandbox.status == SandboxStatus.RUNNING:
-        sandbox_manager = get_sandbox_manager()
-        session_loaded = sandbox_manager.session_workspace_exists(
-            sandbox.id, session_id
-        )
-
-    base_response = SessionResponse.from_model(session, sandbox)
-    return DetailedSessionResponse.from_session_response(
-        base_response, session_loaded_in_sandbox=session_loaded
-    )
-
-
-@router.post("/{session_id}/generate-name", response_model=SessionNameGenerateResponse)
-def generate_session_name(
-    session_id: UUID,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> SessionNameGenerateResponse:
-    """Generate a session name using LLM based on the first user message."""
-    session_manager = SessionManager(db_session)
-
-    generated_name = session_manager.generate_session_name(session_id, user.id)
-
-    if generated_name is None:
-        raise HTTPException(status_code=404, detail="Session not found")
-
-    return SessionNameGenerateResponse(name=generated_name)
-
-
-@router.post(
-    "/{session_id}/generate-suggestions", response_model=GenerateSuggestionsResponse
-)
-def generate_suggestions(
-    session_id: UUID,
-    request: GenerateSuggestionsRequest,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> GenerateSuggestionsResponse:
-    """Generate follow-up suggestions based on the first exchange in a session."""
-    session_manager = SessionManager(db_session)
-
-    # Verify session exists and belongs to user
-    session = session_manager.get_session(session_id, user.id)
-    if session is None:
-        raise HTTPException(status_code=404, detail="Session not found")
-
-    # Generate suggestions
-    suggestions_data = session_manager.generate_followup_suggestions(
-        user_message=request.user_message,
-        assistant_message=request.assistant_message,
-    )
-
-    # Convert to response model
-    suggestions = [
-        SuggestionBubble(
-            theme=SuggestionTheme(item["theme"]),
-            text=item["text"],
-        )
-        for item in suggestions_data
-    ]
-
-    return GenerateSuggestionsResponse(suggestions=suggestions)
-
-
-@router.put("/{session_id}/name", response_model=SessionResponse)
-def update_session_name(
-    session_id: UUID,
-    request: SessionUpdateRequest,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> SessionResponse:
-    """Update the name of a build session."""
-    session_manager = SessionManager(db_session)
-
-    session = session_manager.update_session_name(session_id, user.id, request.name)
-
-    if session is None:
-        raise HTTPException(status_code=404, detail="Session not found")
-
-    # Get the user's sandbox to include in response
-    sandbox = get_sandbox_by_user_id(db_session, user.id)
-    return SessionResponse.from_model(session, sandbox)
-
-
-@router.delete("/{session_id}", response_model=None)
-def delete_session(
-    session_id: UUID,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> Response:
-    """Delete a build session and all associated data.
-
-    This endpoint is atomic - if sandbox termination fails, the session
-    is NOT deleted (transaction is rolled back).
-    """
-    session_manager = SessionManager(db_session)
-
-    try:
-        success = session_manager.delete_session(session_id, user.id)
-        if not success:
-            raise HTTPException(status_code=404, detail="Session not found")
-        db_session.commit()
-    except HTTPException:
-        # Re-raise HTTP exceptions (like 404) without rollback
-        raise
-    except Exception as e:
-        # Sandbox termination failed - rollback to preserve session
-        db_session.rollback()
-        logger.error(f"Failed to delete session {session_id}: {e}")
-        raise HTTPException(
-            status_code=500,
-            detail=f"Failed to delete session: {e}",
-        )
-
-    return Response(status_code=204)
-
-
-# Lock timeout should be longer than max restore time (5 minutes)
-RESTORE_LOCK_TIMEOUT_SECONDS = 300
-
-
-@router.post("/{session_id}/restore", response_model=DetailedSessionResponse)
-def restore_session(
-    session_id: UUID,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> DetailedSessionResponse:
-    """Restore sandbox and load session snapshot. Blocks until complete.
-
-    Uses Redis lock to ensure only one restore runs per sandbox at a time.
-    If another restore is in progress, waits for it to complete.
-
-    Handles two cases:
-    1. Sandbox is SLEEPING: Re-provision pod, then load session snapshot
-    2. Sandbox is RUNNING but session not loaded: Just load session snapshot
-
-    Returns immediately if session workspace already exists in pod.
-    Always returns session_loaded_in_sandbox=True on success.
-    """
-    session = get_build_session(session_id, user.id, db_session)
-    if not session:
-        raise HTTPException(status_code=404, detail="Session not found")
-
-    sandbox = get_sandbox_by_user_id(db_session, user.id)
-    if not sandbox:
-        raise HTTPException(status_code=404, detail="Sandbox not found")
-
-    # If sandbox is already running, check if session workspace exists
-    sandbox_manager = get_sandbox_manager()
-    tenant_id = get_current_tenant_id()
-
-    # Need to do some work - acquire Redis lock
-    redis_client = get_redis_client(tenant_id=tenant_id)
-    lock_key = f"sandbox_restore:{sandbox.id}"
-    lock = redis_client.lock(lock_key, timeout=RESTORE_LOCK_TIMEOUT_SECONDS)
-
-    # blocking=True means wait if another restore is in progress
-    acquired = lock.acquire(
-        blocking=True, blocking_timeout=RESTORE_LOCK_TIMEOUT_SECONDS
-    )
-    if not acquired:
-        raise HTTPException(
-            status_code=503,
-            detail="Restore operation timed out waiting for lock",
-        )
-
-    try:
-        # Re-fetch sandbox status (may have changed while waiting for lock)
-        db_session.refresh(sandbox)
-
-        # Also re-check if session workspace exists (another request may have
-        # restored it while we were waiting)
-        if sandbox.status == SandboxStatus.RUNNING:
-            # Verify pod is healthy before proceeding
-            is_healthy = sandbox_manager.health_check(sandbox.id, timeout=10.0)
-            if is_healthy and sandbox_manager.session_workspace_exists(
-                sandbox.id, session_id
-            ):
-                logger.info(
-                    f"Session {session_id} workspace was restored by another request"
-                )
-                base_response = SessionResponse.from_model(session, sandbox)
-                return DetailedSessionResponse.from_session_response(
-                    base_response, session_loaded_in_sandbox=True
-                )
-
-            if not is_healthy:
-                logger.warning(
-                    f"Sandbox {sandbox.id} marked as RUNNING but pod is "
-                    f"unhealthy/missing. Entering recovery mode."
-                )
-                # Terminate to clean up any lingering K8s resources
-                sandbox_manager.terminate(sandbox.id)
-
-                update_sandbox_status__no_commit(
-                    db_session, sandbox.id, SandboxStatus.TERMINATED
-                )
-                db_session.commit()
-                db_session.refresh(sandbox)
-                # Fall through to TERMINATED handling below
-
-        session_manager = SessionManager(db_session)
-
-        if sandbox.status in (SandboxStatus.SLEEPING, SandboxStatus.TERMINATED):
-            # 1. Re-provision the pod
-            logger.info(f"Re-provisioning {sandbox.status.value} sandbox {sandbox.id}")
-            llm_config = session_manager._get_llm_config(None, None)
-            sandbox_manager.provision(
-                sandbox_id=sandbox.id,
-                user_id=user.id,
-                tenant_id=tenant_id,
-                llm_config=llm_config,
-            )
-            update_sandbox_status__no_commit(
-                db_session, sandbox.id, SandboxStatus.RUNNING
-            )
-            db_session.commit()
-            db_session.refresh(sandbox)
-
-        # 2. Check if session workspace needs to be loaded
-        if sandbox.status == SandboxStatus.RUNNING:
-            if not sandbox_manager.session_workspace_exists(sandbox.id, session_id):
-                # Get latest snapshot and restore it
-                snapshot = get_latest_snapshot_for_session(db_session, session_id)
-                if snapshot:
-                    # Allocate a new port for the restored session
-                    new_port = allocate_nextjs_port(db_session)
-                    session.nextjs_port = new_port
-                    db_session.commit()
-
-                    logger.info(
-                        f"Restoring snapshot for session {session_id} "
-                        f"from {snapshot.storage_path} with port {new_port}"
-                    )
-
-                    try:
-                        sandbox_manager.restore_snapshot(
-                            sandbox_id=sandbox.id,
-                            session_id=session_id,
-                            snapshot_storage_path=snapshot.storage_path,
-                            tenant_id=tenant_id,
-                            nextjs_port=new_port,
-                        )
-                    except Exception as e:
-                        # Clear the port allocation on failure so it can be reused
-                        logger.error(
-                            f"Failed to restore session {session_id}, "
-                            f"clearing port {new_port}: {e}"
-                        )
-                        session.nextjs_port = None
-                        db_session.commit()
-                        raise
-                else:
-                    # No snapshot - set up fresh workspace
-                    logger.info(
-                        f"No snapshot found for session {session_id}, "
-                        f"setting up fresh workspace"
-                    )
-                    llm_config = session_manager._get_llm_config(None, None)
-                    sandbox_manager.setup_session_workspace(
-                        sandbox_id=sandbox.id,
-                        session_id=session_id,
-                        llm_config=llm_config,
-                        nextjs_port=session.nextjs_port or 3010,
-                    )
-
-    except Exception as e:
-        logger.error(f"Failed to restore session {session_id}: {e}", exc_info=True)
-        raise HTTPException(
-            status_code=500,
-            detail=f"Failed to restore session: {e}",
-        )
-    finally:
-        if lock.owned():
-            lock.release()
-
-    base_response = SessionResponse.from_model(session, sandbox)
-    return DetailedSessionResponse.from_session_response(
-        base_response, session_loaded_in_sandbox=True
-    )
-
-
-# =============================================================================
-# Artifact Endpoints
-# =============================================================================
-
-
-@router.get(
-    "/{session_id}/artifacts",
-    response_model=list[ArtifactResponse],
-)
-def list_artifacts(
-    session_id: UUID,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> list[dict]:
-    """List artifacts generated in the session."""
-    user_id: UUID = user.id
-    session_manager = SessionManager(db_session)
-
-    artifacts = session_manager.list_artifacts(session_id, user_id)
-    if artifacts is None:
-        raise HTTPException(status_code=404, detail="Session not found")
-
-    return artifacts
-
-
-@router.get("/{session_id}/files", response_model=DirectoryListing)
-def list_directory(
-    session_id: UUID,
-    path: str = "",
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> DirectoryListing:
-    """
-    List files and directories in the sandbox.
-
-    Args:
-        session_id: The session ID
-        path: Relative path from sandbox root (empty string for root)
-
-    Returns:
-        DirectoryListing with sorted entries (directories first, then files)
-    """
-    user_id: UUID = user.id
-    session_manager = SessionManager(db_session)
-
-    try:
-        listing = session_manager.list_directory(session_id, user_id, path)
-    except ValueError as e:
-        error_message = str(e)
-        if "path traversal" in error_message.lower():
-            raise HTTPException(status_code=403, detail="Access denied")
-        elif "not found" in error_message.lower():
-            raise HTTPException(status_code=404, detail="Directory not found")
-        elif "not a directory" in error_message.lower():
-            raise HTTPException(status_code=400, detail="Path is not a directory")
-        raise HTTPException(status_code=400, detail=error_message)
-
-    if listing is None:
-        raise HTTPException(status_code=404, detail="Session not found")
-
-    return listing
-
-
-@router.get("/{session_id}/artifacts/{path:path}")
-def download_artifact(
-    session_id: UUID,
-    path: str,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> Response:
-    """Download a specific artifact file."""
-    user_id: UUID = user.id
-    session_manager = SessionManager(db_session)
-
-    try:
-        result = session_manager.download_artifact(session_id, user_id, path)
-    except ValueError as e:
-        error_message = str(e)
-        if (
-            "path traversal" in error_message.lower()
-            or "access denied" in error_message.lower()
-        ):
-            raise HTTPException(status_code=403, detail="Access denied")
-        elif "directory" in error_message.lower():
-            raise HTTPException(status_code=400, detail="Cannot download directory")
-        raise HTTPException(status_code=400, detail=error_message)
-
-    if result is None:
-        raise HTTPException(status_code=404, detail="Artifact not found")
-
-    content, mime_type, filename = result
-
-    # Handle Unicode filenames in Content-Disposition header
-    # HTTP headers require Latin-1 encoding, so we use RFC 5987 for Unicode
-    try:
-        # Try Latin-1 encoding first (ASCII-compatible filenames)
-        filename.encode("latin-1")
-        content_disposition = f'attachment; filename="{filename}"'
-    except UnicodeEncodeError:
-        # Use RFC 5987 encoding for Unicode filenames
-        from urllib.parse import quote
-
-        encoded_filename = quote(filename, safe="")
-        content_disposition = f"attachment; filename*=UTF-8''{encoded_filename}"
-
-    return Response(
-        content=content,
-        media_type=mime_type,
-        headers={
-            "Content-Disposition": content_disposition,
-        },
-    )
-
-
-@router.get("/{session_id}/webapp-info", response_model=WebappInfo)
-def get_webapp_info(
-    session_id: UUID,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> WebappInfo:
-    """
-    Get webapp information for a session.
-
-    Returns whether a webapp exists, its URL, and the sandbox status.
-    """
-    user_id: UUID = user.id
-    session_manager = SessionManager(db_session)
-
-    webapp_info = session_manager.get_webapp_info(session_id, user_id)
-
-    if webapp_info is None:
-        raise HTTPException(status_code=404, detail="Session not found")
-
-    return WebappInfo(**webapp_info)
-
-
-@router.get("/{session_id}/webapp/download")
-def download_webapp(
-    session_id: UUID,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> Response:
-    """
-    Download the webapp directory as a zip file.
-
-    Returns the entire outputs/web directory as a zip archive.
-    """
-    user_id: UUID = user.id
-    session_manager = SessionManager(db_session)
-
-    result = session_manager.download_webapp_zip(session_id, user_id)
-
-    if result is None:
-        raise HTTPException(status_code=404, detail="Webapp not found")
-
-    zip_bytes, filename = result
-
-    return Response(
-        content=zip_bytes,
-        media_type="application/zip",
-        headers={
-            "Content-Disposition": f'attachment; filename="{filename}"',
-        },
-    )
-
-
-@router.post("/{session_id}/upload", response_model=UploadResponse)
-async def upload_file_endpoint(
-    session_id: UUID,
-    file: UploadFile = File(...),
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> UploadResponse:
-    """Upload a file to the session's sandbox.
-
-    The file will be placed in the sandbox's attachments directory.
-    """
-    user_id: UUID = user.id
-    session_manager = SessionManager(db_session)
-
-    if not file.filename:
-        raise HTTPException(status_code=400, detail="File has no filename")
-
-    # Read file content
-    content = await file.read()
-
-    # Validate file (extension, mime type, size)
-    is_valid, error = validate_file(file.filename, file.content_type, len(content))
-    if not is_valid:
-        raise HTTPException(status_code=400, detail=error)
-
-    # Sanitize filename
-    safe_filename = sanitize_filename(file.filename)
-
-    try:
-        relative_path, _ = session_manager.upload_file(
-            session_id=session_id,
-            user_id=user_id,
-            filename=safe_filename,
-            content=content,
-        )
-    except UploadLimitExceededError as e:
-        # Return 429 for limit exceeded errors
-        raise HTTPException(status_code=429, detail=str(e))
-    except ValueError as e:
-        error_message = str(e)
-        if "not found" in error_message.lower():
-            raise HTTPException(status_code=404, detail=error_message)
-        raise HTTPException(status_code=400, detail=error_message)
-
-    return UploadResponse(
-        filename=safe_filename,
-        path=relative_path,
-        size_bytes=len(content),
-    )
-
-
-@router.delete("/{session_id}/files/{path:path}", response_model=None)
-def delete_file_endpoint(
-    session_id: UUID,
-    path: str,
-    user: User = Depends(current_user),
-    db_session: Session = Depends(get_session),
-) -> Response:
-    """Delete a file from the session's sandbox.
-
-    Args:
-        session_id: The session ID
-        path: Relative path to the file (e.g., "attachments/doc.pdf")
-    """
-    user_id: UUID = user.id
-    session_manager = SessionManager(db_session)
-
-    try:
-        deleted = session_manager.delete_file(session_id, user_id, path)
-    except ValueError as e:
-        error_message = str(e)
-        if "path traversal" in error_message.lower():
-            raise HTTPException(status_code=403, detail="Access denied")
-        elif "not found" in error_message.lower():
-            raise HTTPException(status_code=404, detail=error_message)
-        elif "directory" in error_message.lower():
-            raise HTTPException(status_code=400, detail="Cannot delete directory")
-        raise HTTPException(status_code=400, detail=error_message)
-
-    if not deleted:
-        raise HTTPException(status_code=404, detail="File not found")
-
-    return Response(status_code=204)

backend/onyx/server/features/build/api/subscription_check.py

@@ -1,52 +0,0 @@
-"""Subscription detection for Build Mode rate limiting."""
-
-from sqlalchemy.orm import Session
-
-from onyx.configs.app_configs import DEV_MODE
-from onyx.db.models import User
-from onyx.server.usage_limits import is_tenant_on_trial_fn
-from onyx.utils.logger import setup_logger
-from shared_configs.configs import MULTI_TENANT
-from shared_configs.contextvars import get_current_tenant_id
-
-logger = setup_logger()
-
-
-def is_user_subscribed(user: User, db_session: Session) -> bool:
-    """
-    Check if a user has an active subscription.
-
-    For cloud (MULTI_TENANT=true):
-        - Checks Stripe billing via control plane
-        - Returns True if tenant is NOT on trial (subscribed = NOT on trial)
-
-    For self-hosted (MULTI_TENANT=false):
-        - Checks license metadata
-        - Returns True if license status is ACTIVE
-
-    Args:
-        user: The user object (None for unauthenticated users)
-        db_session: Database session
-
-    Returns:
-        True if user has active subscription, False otherwise
-    """
-    if DEV_MODE:
-        return True
-
-    if user is None:
-        return False
-
-    if MULTI_TENANT:
-        # Cloud: check Stripe billing via control plane
-        tenant_id = get_current_tenant_id()
-        try:
-            on_trial = is_tenant_on_trial_fn(tenant_id)
-            # Subscribed = NOT on trial
-            return not on_trial
-        except Exception as e:
-            logger.warning(f"Subscription check failed for tenant {tenant_id}: {e}")
-            # Default to non-subscribed (safer/more restrictive)
-            return False
-
-    return True

backend/onyx/server/features/build/configs.py

@@ -1,117 +0,0 @@
-import os
-from enum import Enum
-from pathlib import Path
-
-
-class SandboxBackend(str, Enum):
-    """Backend mode for sandbox operations.
-
-    LOCAL: Development mode - no snapshots, no automatic cleanup
-    KUBERNETES: Production mode - full snapshots and cleanup
-    """
-
-    LOCAL = "local"
-    KUBERNETES = "kubernetes"
-
-
-# Sandbox backend mode (controls snapshot and cleanup behavior)
-# "local" = no snapshots, no cleanup (for development)
-# "kubernetes" = full snapshots and cleanup (for production)
-SANDBOX_BACKEND = SandboxBackend(os.environ.get("SANDBOX_BACKEND", "local"))
-
-
-# Persistent Document Storage Configuration
-# When enabled, indexed documents are written to local filesystem with hierarchical structure
-PERSISTENT_DOCUMENT_STORAGE_ENABLED = (
-    os.environ.get("PERSISTENT_DOCUMENT_STORAGE_ENABLED", "").lower() == "true"
-)
-
-# Base directory path for persistent document storage (local filesystem)
-# Example: /var/onyx/indexed-docs or /app/indexed-docs
-PERSISTENT_DOCUMENT_STORAGE_PATH = os.environ.get(
-    "PERSISTENT_DOCUMENT_STORAGE_PATH", ""
-)
-
-# Demo Data Path
-# Local: Source tree path (relative to this file)
-# Kubernetes: Baked into container image at /workspace/demo-data
-_THIS_FILE = Path(__file__)
-DEMO_DATA_PATH = str(
-    _THIS_FILE.parent / "sandbox" / "kubernetes" / "docker" / "demo_data"
-)
-
-# Sandbox filesystem paths
-SANDBOX_BASE_PATH = os.environ.get("SANDBOX_BASE_PATH", "/tmp/onyx-sandboxes")
-OUTPUTS_TEMPLATE_PATH = os.environ.get("OUTPUTS_TEMPLATE_PATH", "/templates/outputs")
-VENV_TEMPLATE_PATH = os.environ.get("VENV_TEMPLATE_PATH", "/templates/venv")
-
-# Sandbox agent configuration
-SANDBOX_AGENT_COMMAND = os.environ.get("SANDBOX_AGENT_COMMAND", "opencode").split()
-
-# OpenCode disabled tools (comma-separated list)
-# Available tools: bash, edit, write, read, grep, glob, list, lsp, patch,
-#                  skill, todowrite, todoread, webfetch, question
-# Example: "question,webfetch" to disable user questions and web fetching
-_disabled_tools_str = os.environ.get("OPENCODE_DISABLED_TOOLS", "question")
-OPENCODE_DISABLED_TOOLS: list[str] = [
-    t.strip() for t in _disabled_tools_str.split(",") if t.strip()
-]
-
-# Sandbox lifecycle configuration
-SANDBOX_IDLE_TIMEOUT_SECONDS = int(
-    os.environ.get("SANDBOX_IDLE_TIMEOUT_SECONDS", "3600")
-)
-SANDBOX_MAX_CONCURRENT_PER_ORG = int(
-    os.environ.get("SANDBOX_MAX_CONCURRENT_PER_ORG", "10")
-)
-
-# Sandbox snapshot storage
-SANDBOX_SNAPSHOTS_BUCKET = os.environ.get(
-    "SANDBOX_SNAPSHOTS_BUCKET", "sandbox-snapshots"
-)
-
-# Next.js preview server port range
-SANDBOX_NEXTJS_PORT_START = int(os.environ.get("SANDBOX_NEXTJS_PORT_START", "3010"))
-SANDBOX_NEXTJS_PORT_END = int(os.environ.get("SANDBOX_NEXTJS_PORT_END", "3100"))
-
-# File upload configuration
-MAX_UPLOAD_FILE_SIZE_MB = int(os.environ.get("BUILD_MAX_UPLOAD_FILE_SIZE_MB", "50"))
-MAX_UPLOAD_FILE_SIZE_BYTES = MAX_UPLOAD_FILE_SIZE_MB * 1024 * 1024
-MAX_UPLOAD_FILES_PER_SESSION = int(
-    os.environ.get("BUILD_MAX_UPLOAD_FILES_PER_SESSION", "20")
-)
-MAX_TOTAL_UPLOAD_SIZE_MB = int(os.environ.get("BUILD_MAX_TOTAL_UPLOAD_SIZE_MB", "200"))
-MAX_TOTAL_UPLOAD_SIZE_BYTES = MAX_TOTAL_UPLOAD_SIZE_MB * 1024 * 1024
-ATTACHMENTS_DIRECTORY = "attachments"
-
-# ============================================================================
-# Kubernetes Sandbox Configuration
-# Only used when SANDBOX_BACKEND = "kubernetes"
-# ============================================================================
-
-# Namespace where sandbox pods are created
-SANDBOX_NAMESPACE = os.environ.get("SANDBOX_NAMESPACE", "onyx-sandboxes")
-
-# Container image for sandbox pods
-# Should include Next.js template and opencode CLI
-SANDBOX_CONTAINER_IMAGE = os.environ.get(
-    "SANDBOX_CONTAINER_IMAGE", "onyxdotapp/sandbox:latest"
-)
-
-# S3 bucket for sandbox file storage (snapshots, knowledge files, uploads)
-# Path structure: s3://{bucket}/{tenant_id}/snapshots/{session_id}/{snapshot_id}.tar.gz
-#                 s3://{bucket}/{tenant_id}/knowledge/{user_id}/
-#                 s3://{bucket}/{tenant_id}/uploads/{session_id}/
-SANDBOX_S3_BUCKET = os.environ.get("SANDBOX_S3_BUCKET", "onyx-sandbox-files")
-
-# Service account for sandbox pods (NO IRSA - no AWS API access)
-SANDBOX_SERVICE_ACCOUNT_NAME = os.environ.get(
-    "SANDBOX_SERVICE_ACCOUNT_NAME", "sandbox-runner"
-)
-
-# Service account for init container (has IRSA for S3 access)
-SANDBOX_FILE_SYNC_SERVICE_ACCOUNT = os.environ.get(
-    "SANDBOX_FILE_SYNC_SERVICE_ACCOUNT", "sandbox-file-sync"
-)
-
-ENABLE_CRAFT = os.environ.get("ENABLE_CRAFT", "false").lower() == "true"

backend/onyx/server/features/build/db/__init__.py

@@ -1 +0,0 @@
-# Database operations for the build feature

backend/onyx/server/features/build/db/build_session.py

@@ -1,544 +0,0 @@
-"""Database operations for Build Mode sessions."""
-
-from datetime import datetime
-from datetime import timedelta
-from typing import Any
-from uuid import UUID
-
-from sqlalchemy import desc
-from sqlalchemy import exists
-from sqlalchemy import select
-from sqlalchemy.orm import selectinload
-from sqlalchemy.orm import Session
-
-from onyx.configs.constants import MessageType
-from onyx.db.enums import BuildSessionStatus
-from onyx.db.enums import SandboxStatus
-from onyx.db.models import Artifact
-from onyx.db.models import BuildMessage
-from onyx.db.models import BuildSession
-from onyx.db.models import LLMProvider as LLMProviderModel
-from onyx.db.models import Sandbox
-from onyx.db.models import Snapshot
-from onyx.server.features.build.configs import SANDBOX_NEXTJS_PORT_END
-from onyx.server.features.build.configs import SANDBOX_NEXTJS_PORT_START
-from onyx.server.manage.llm.models import LLMProviderView
-from onyx.utils.logger import setup_logger
-
-logger = setup_logger()
-
-
-def create_build_session__no_commit(
-    user_id: UUID,
-    db_session: Session,
-    name: str | None = None,
-) -> BuildSession:
-    """Create a new build session for the given user.
-
-    NOTE: This function uses flush() instead of commit(). The caller is
-    responsible for committing the transaction when ready.
-    """
-    session = BuildSession(
-        user_id=user_id,
-        name=name,
-        status=BuildSessionStatus.ACTIVE,
-    )
-    db_session.add(session)
-    db_session.flush()
-
-    logger.info(f"Created build session {session.id} for user {user_id}")
-    return session
-
-
-def get_build_session(
-    session_id: UUID,
-    user_id: UUID,
-    db_session: Session,
-) -> BuildSession | None:
-    """Get a build session by ID, ensuring it belongs to the user."""
-    return (
-        db_session.query(BuildSession)
-        .filter(
-            BuildSession.id == session_id,
-            BuildSession.user_id == user_id,
-        )
-        .one_or_none()
-    )
-
-
-def get_user_build_sessions(
-    user_id: UUID,
-    db_session: Session,
-    limit: int = 100,
-) -> list[BuildSession]:
-    """Get all build sessions for a user that have at least 1 message.
-
-    Excludes empty (pre-provisioned) sessions from the listing.
-    """
-    return (
-        db_session.query(BuildSession)
-        .join(BuildMessage)  # Inner join excludes empty sessions
-        .filter(BuildSession.user_id == user_id)
-        .group_by(BuildSession.id)
-        .order_by(desc(BuildSession.created_at))
-        .limit(limit)
-        .all()
-    )
-
-
-def get_empty_session_for_user(
-    user_id: UUID,
-    db_session: Session,
-    max_age_minutes: int = 30,
-) -> BuildSession | None:
-    """Get the user's empty session (0 messages) if one exists and is recent."""
-    cutoff = datetime.utcnow() - timedelta(minutes=max_age_minutes)
-
-    return (
-        db_session.query(BuildSession)
-        .filter(
-            BuildSession.user_id == user_id,
-            BuildSession.created_at > cutoff,
-            ~exists().where(BuildMessage.session_id == BuildSession.id),
-        )
-        .first()
-    )
-
-
-def update_session_activity(
-    session_id: UUID,
-    db_session: Session,
-) -> None:
-    """Update the last activity timestamp for a session."""
-    session = (
-        db_session.query(BuildSession)
-        .filter(BuildSession.id == session_id)
-        .one_or_none()
-    )
-    if session:
-        session.last_activity_at = datetime.utcnow()
-        db_session.commit()
-
-
-def update_session_status(
-    session_id: UUID,
-    status: BuildSessionStatus,
-    db_session: Session,
-) -> None:
-    """Update the status of a build session."""
-    session = (
-        db_session.query(BuildSession)
-        .filter(BuildSession.id == session_id)
-        .one_or_none()
-    )
-    if session:
-        session.status = status
-        db_session.commit()
-        logger.info(f"Updated build session {session_id} status to {status}")
-
-
-def delete_build_session__no_commit(
-    session_id: UUID,
-    user_id: UUID,
-    db_session: Session,
-) -> bool:
-    """Delete a build session and all related data.
-
-    NOTE: This function uses flush() instead of commit(). The caller is
-    responsible for committing the transaction when ready.
-    """
-    session = get_build_session(session_id, user_id, db_session)
-    if not session:
-        return False
-
-    db_session.delete(session)
-    db_session.flush()
-    logger.info(f"Deleted build session {session_id}")
-    return True
-
-
-# Sandbox operations
-# NOTE: Most sandbox operations have moved to sandbox.py
-# These remain here for convenience in session-related workflows
-
-
-def update_sandbox_status(
-    sandbox_id: UUID,
-    status: SandboxStatus,
-    db_session: Session,
-    container_id: str | None = None,
-) -> None:
-    """Update the status of a sandbox."""
-    sandbox = db_session.query(Sandbox).filter(Sandbox.id == sandbox_id).one_or_none()
-    if sandbox:
-        sandbox.status = status
-        if container_id is not None:
-            sandbox.container_id = container_id
-        sandbox.last_heartbeat = datetime.utcnow()
-        db_session.commit()
-        logger.info(f"Updated sandbox {sandbox_id} status to {status}")
-
-
-def update_sandbox_heartbeat(
-    sandbox_id: UUID,
-    db_session: Session,
-) -> None:
-    """Update the heartbeat timestamp for a sandbox."""
-    sandbox = db_session.query(Sandbox).filter(Sandbox.id == sandbox_id).one_or_none()
-    if sandbox:
-        sandbox.last_heartbeat = datetime.utcnow()
-        db_session.commit()
-
-
-# Artifact operations
-def create_artifact(
-    session_id: UUID,
-    artifact_type: str,
-    path: str,
-    name: str,
-    db_session: Session,
-) -> Artifact:
-    """Create a new artifact record."""
-    artifact = Artifact(
-        session_id=session_id,
-        type=artifact_type,
-        path=path,
-        name=name,
-    )
-    db_session.add(artifact)
-    db_session.commit()
-    db_session.refresh(artifact)
-
-    logger.info(f"Created artifact {artifact.id} for session {session_id}")
-    return artifact
-
-
-def get_session_artifacts(
-    session_id: UUID,
-    db_session: Session,
-) -> list[Artifact]:
-    """Get all artifacts for a session."""
-    return (
-        db_session.query(Artifact)
-        .filter(Artifact.session_id == session_id)
-        .order_by(desc(Artifact.created_at))
-        .all()
-    )
-
-
-def update_artifact(
-    artifact_id: UUID,
-    db_session: Session,
-    path: str | None = None,
-    name: str | None = None,
-) -> None:
-    """Update artifact metadata."""
-    artifact = (
-        db_session.query(Artifact).filter(Artifact.id == artifact_id).one_or_none()
-    )
-    if artifact:
-        if path is not None:
-            artifact.path = path
-        if name is not None:
-            artifact.name = name
-        artifact.updated_at = datetime.utcnow()
-        db_session.commit()
-        logger.info(f"Updated artifact {artifact_id}")
-
-
-# Snapshot operations
-def create_snapshot(
-    session_id: UUID,
-    storage_path: str,
-    size_bytes: int,
-    db_session: Session,
-) -> Snapshot:
-    """Create a new snapshot record."""
-    snapshot = Snapshot(
-        session_id=session_id,
-        storage_path=storage_path,
-        size_bytes=size_bytes,
-    )
-    db_session.add(snapshot)
-    db_session.commit()
-    db_session.refresh(snapshot)
-
-    logger.info(f"Created snapshot {snapshot.id} for session {session_id}")
-    return snapshot
-
-
-# Message operations
-def create_message(
-    session_id: UUID,
-    message_type: MessageType,
-    turn_index: int,
-    message_metadata: dict[str, Any],
-    db_session: Session,
-) -> BuildMessage:
-    """Create a new message in a build session.
-
-    All message data is stored in message_metadata as JSON.
-
-    Args:
-        session_id: Session UUID
-        message_type: Type of message (USER, ASSISTANT, SYSTEM)
-        turn_index: 0-indexed user message number this message belongs to
-        message_metadata: Required structured data (the raw ACP packet JSON)
-        db_session: Database session
-    """
-    message = BuildMessage(
-        session_id=session_id,
-        turn_index=turn_index,
-        type=message_type,
-        message_metadata=message_metadata,
-    )
-    db_session.add(message)
-    db_session.commit()
-    db_session.refresh(message)
-
-    logger.info(
-        f"Created {message_type.value} message {message.id} for session {session_id} "
-        f"turn={turn_index} type={message_metadata.get('type')}"
-    )
-    return message
-
-
-def update_message(
-    message_id: UUID,
-    message_metadata: dict[str, Any],
-    db_session: Session,
-) -> BuildMessage | None:
-    """Update an existing message's metadata.
-
-    Used for upserting agent_plan_update messages.
-
-    Args:
-        message_id: The message UUID to update
-        message_metadata: New metadata to set
-        db_session: Database session
-
-    Returns:
-        Updated BuildMessage or None if not found
-    """
-    message = (
-        db_session.query(BuildMessage).filter(BuildMessage.id == message_id).first()
-    )
-    if message is None:
-        return None
-
-    message.message_metadata = message_metadata
-    db_session.commit()
-    db_session.refresh(message)
-
-    logger.info(
-        f"Updated message {message_id} metadata type={message_metadata.get('type')}"
-    )
-    return message
-
-
-def upsert_agent_plan(
-    session_id: UUID,
-    turn_index: int,
-    plan_metadata: dict[str, Any],
-    db_session: Session,
-    existing_plan_id: UUID | None = None,
-) -> BuildMessage:
-    """Upsert an agent plan - update if exists, create if not.
-
-    Each session/turn should only have one agent_plan_update message.
-    This function updates the existing plan message or creates a new one.
-
-    Args:
-        session_id: Session UUID
-        turn_index: Current turn index
-        plan_metadata: The agent_plan_update packet data
-        db_session: Database session
-        existing_plan_id: ID of existing plan message to update (if known)
-
-    Returns:
-        The created or updated BuildMessage
-    """
-    if existing_plan_id:
-        # Fast path: we know the plan ID
-        updated = update_message(existing_plan_id, plan_metadata, db_session)
-        if updated:
-            return updated
-
-    # Check if a plan already exists for this session/turn
-    existing_plan = (
-        db_session.query(BuildMessage)
-        .filter(
-            BuildMessage.session_id == session_id,
-            BuildMessage.turn_index == turn_index,
-            BuildMessage.message_metadata["type"].astext == "agent_plan_update",
-        )
-        .first()
-    )
-
-    if existing_plan:
-        existing_plan.message_metadata = plan_metadata
-        db_session.commit()
-        db_session.refresh(existing_plan)
-        logger.info(
-            f"Updated agent_plan_update message {existing_plan.id} for session {session_id}"
-        )
-        return existing_plan
-
-    # Create new plan message
-    return create_message(
-        session_id=session_id,
-        message_type=MessageType.ASSISTANT,
-        turn_index=turn_index,
-        message_metadata=plan_metadata,
-        db_session=db_session,
-    )
-
-
-def get_session_messages(
-    session_id: UUID,
-    db_session: Session,
-) -> list[BuildMessage]:
-    """Get all messages for a session, ordered by turn index and creation time."""
-    return (
-        db_session.query(BuildMessage)
-        .filter(BuildMessage.session_id == session_id)
-        .order_by(BuildMessage.turn_index, BuildMessage.created_at)
-        .all()
-    )
-
-
-def _is_port_available(port: int) -> bool:
-    """Check if a port is available by attempting to bind to it.
-
-    Checks both IPv4 and IPv6 wildcard addresses to properly detect
-    if anything is listening on the port, regardless of address family.
-    """
-    import socket
-
-    logger.debug(f"Checking if port {port} is available")
-
-    # Check IPv4 wildcard (0.0.0.0) - this will detect any IPv4 listener
-    try:
-        with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as sock:
-            sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-            sock.bind(("0.0.0.0", port))
-            logger.debug(f"Port {port} IPv4 wildcard bind successful")
-    except OSError as e:
-        logger.debug(f"Port {port} IPv4 wildcard not available: {e}")
-        return False
-
-    # Check IPv6 wildcard (::) - this will detect any IPv6 listener
-    try:
-        with socket.socket(socket.AF_INET6, socket.SOCK_STREAM) as sock:
-            sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
-            # IPV6_V6ONLY must be False to allow dual-stack behavior
-            sock.setsockopt(socket.IPPROTO_IPV6, socket.IPV6_V6ONLY, 0)
-            sock.bind(("::", port))
-            logger.debug(f"Port {port} IPv6 wildcard bind successful")
-    except OSError as e:
-        logger.debug(f"Port {port} IPv6 wildcard not available: {e}")
-        return False
-
-    logger.debug(f"Port {port} is available")
-    return True
-
-
-def allocate_nextjs_port(db_session: Session) -> int:
-    """Allocate an available port for a new session.
-
-    Finds the first available port in the configured range by checking
-    both database allocations and system-level port availability.
-
-    Args:
-        db_session: Database session for querying allocated ports
-
-    Returns:
-        An available port number
-
-    Raises:
-        RuntimeError: If no ports are available in the configured range
-    """
-    from onyx.db.models import BuildSession
-
-    # Get all currently allocated ports from active sessions
-    allocated_ports = set(
-        db_session.query(BuildSession.nextjs_port)
-        .filter(BuildSession.nextjs_port.isnot(None))
-        .all()
-    )
-    allocated_ports = {port[0] for port in allocated_ports if port[0] is not None}
-
-    # Find first port that's not in DB and not currently bound
-    for port in range(SANDBOX_NEXTJS_PORT_START, SANDBOX_NEXTJS_PORT_END):
-        if port not in allocated_ports and _is_port_available(port):
-            return port
-
-    raise RuntimeError(
-        f"No available ports in range [{SANDBOX_NEXTJS_PORT_START}, {SANDBOX_NEXTJS_PORT_END})"
-    )
-
-
-def clear_nextjs_ports_for_user(db_session: Session, user_id: UUID) -> int:
-    """Clear nextjs_port for all sessions belonging to a user.
-
-    Called when sandbox goes to sleep to release port allocations.
-
-    Args:
-        db_session: Database session
-        user_id: The user whose sessions should have ports cleared
-
-    Returns:
-        Number of sessions updated
-    """
-    result = (
-        db_session.query(BuildSession)
-        .filter(
-            BuildSession.user_id == user_id,
-            BuildSession.nextjs_port.isnot(None),
-        )
-        .update({BuildSession.nextjs_port: None})
-    )
-    db_session.flush()
-    logger.info(f"Cleared {result} nextjs_port allocations for user {user_id}")
-    return result
-
-
-def fetch_llm_provider_by_type_for_build_mode(
-    db_session: Session, provider_type: str
-) -> LLMProviderView | None:
-    """Fetch an LLM provider by its provider type (e.g., "anthropic", "openai").
-
-    Resolution priority:
-    1. First try to find a provider named "build-mode-{type}" (e.g., "build-mode-anthropic")
-    2. If not found, fall back to any provider that matches the type
-
-    Args:
-        db_session: Database session
-        provider_type: The provider type (e.g., "anthropic", "openai", "openrouter")
-
-    Returns:
-        LLMProviderView if found, None otherwise
-    """
-    from onyx.db.llm import fetch_existing_llm_provider
-
-    # First try to find a "build-mode-{type}" provider
-    build_mode_name = f"build-mode-{provider_type}"
-    provider_model = fetch_existing_llm_provider(
-        name=build_mode_name, db_session=db_session
-    )
-
-    # If not found, fall back to any provider that matches the type
-    if not provider_model:
-        provider_model = db_session.scalar(
-            select(LLMProviderModel)
-            .where(LLMProviderModel.provider == provider_type)
-            .options(
-                selectinload(LLMProviderModel.model_configurations),
-                selectinload(LLMProviderModel.groups),
-                selectinload(LLMProviderModel.personas),
-            )
-        )
-
-    if not provider_model:
-        return None
-    return LLMProviderView.from_model(provider_model)

backend/onyx/server/features/build/db/rate_limit.py

@@ -1,96 +0,0 @@
-"""Database queries for Build Mode rate limiting."""
-
-from datetime import datetime
-from uuid import UUID
-
-from sqlalchemy import func
-from sqlalchemy.orm import Session
-
-from onyx.configs.constants import MessageType
-from onyx.db.models import BuildMessage
-from onyx.db.models import BuildSession
-
-
-def count_user_messages_in_window(
-    user_id: UUID,
-    cutoff_time: datetime,
-    db_session: Session,
-) -> int:
-    """
-    Count USER messages for a user since cutoff_time.
-
-    Args:
-        user_id: The user's UUID
-        cutoff_time: Only count messages created at or after this time
-        db_session: Database session
-
-    Returns:
-        Number of USER messages in the time window
-    """
-    return (
-        db_session.query(func.count(BuildMessage.id))
-        .join(BuildSession, BuildMessage.session_id == BuildSession.id)
-        .filter(
-            BuildSession.user_id == user_id,
-            BuildMessage.type == MessageType.USER,
-            BuildMessage.created_at >= cutoff_time,
-        )
-        .scalar()
-        or 0
-    )
-
-
-def count_user_messages_total(user_id: UUID, db_session: Session) -> int:
-    """
-    Count all USER messages for a user (lifetime total).
-
-    Args:
-        user_id: The user's UUID
-        db_session: Database session
-
-    Returns:
-        Total number of USER messages
-    """
-    return (
-        db_session.query(func.count(BuildMessage.id))
-        .join(BuildSession, BuildMessage.session_id == BuildSession.id)
-        .filter(
-            BuildSession.user_id == user_id,
-            BuildMessage.type == MessageType.USER,
-        )
-        .scalar()
-        or 0
-    )
-
-
-def get_oldest_message_timestamp(
-    user_id: UUID,
-    cutoff_time: datetime,
-    db_session: Session,
-) -> datetime | None:
-    """
-    Get the timestamp of the oldest USER message in the time window.
-
-    Used to calculate when the rate limit will reset (when the oldest
-    message ages out of the rolling window).
-
-    Args:
-        user_id: The user's UUID
-        cutoff_time: Only consider messages created at or after this time
-        db_session: Database session
-
-    Returns:
-        Timestamp of oldest message in window, or None if no messages
-    """
-    return (
-        db_session.query(BuildMessage.created_at)
-        .join(BuildSession, BuildMessage.session_id == BuildSession.id)
-        .filter(
-            BuildSession.user_id == user_id,
-            BuildMessage.type == MessageType.USER,
-            BuildMessage.created_at >= cutoff_time,
-        )
-        .order_by(BuildMessage.created_at.asc())
-        .limit(1)
-        .scalar()
-    )

backend/onyx/server/features/build/db/sandbox.py

@@ -1,206 +0,0 @@
-"""Database operations for CLI agent sandbox management."""
-
-import datetime
-from uuid import UUID
-
-from sqlalchemy import func
-from sqlalchemy import select
-from sqlalchemy.orm import Session
-
-from onyx.db.enums import SandboxStatus
-from onyx.db.models import Sandbox
-from onyx.db.models import Snapshot
-from onyx.utils.logger import setup_logger
-
-logger = setup_logger()
-
-
-def create_sandbox__no_commit(
-    db_session: Session,
-    user_id: UUID,
-) -> Sandbox:
-    """Create a new sandbox record for a user.
-
-    NOTE: This function uses flush() instead of commit(). The caller is
-    responsible for committing the transaction when ready.
-    """
-    sandbox = Sandbox(
-        user_id=user_id,
-        status=SandboxStatus.PROVISIONING,
-    )
-    db_session.add(sandbox)
-    db_session.flush()
-    return sandbox
-
-
-def get_sandbox_by_user_id(db_session: Session, user_id: UUID) -> Sandbox | None:
-    """Get sandbox by user ID (primary lookup method)."""
-    stmt = select(Sandbox).where(Sandbox.user_id == user_id)
-    return db_session.execute(stmt).scalar_one_or_none()
-
-
-def get_sandbox_by_session_id(db_session: Session, session_id: UUID) -> Sandbox | None:
-    """Get sandbox by session ID (compatibility function).
-
-    This function provides backwards compatibility during the transition to
-    user-owned sandboxes. It looks up the session's user_id, then finds the
-    user's sandbox.
-
-    NOTE: This will be removed in a future phase when all callers are updated
-    to use get_sandbox_by_user_id() directly.
-    """
-    from onyx.db.models import BuildSession
-
-    stmt = select(BuildSession.user_id).where(BuildSession.id == session_id)
-    result = db_session.execute(stmt).scalar_one_or_none()
-    if result is None:
-        return None
-
-    return get_sandbox_by_user_id(db_session, result)
-
-
-def get_sandbox_by_id(db_session: Session, sandbox_id: UUID) -> Sandbox | None:
-    """Get sandbox by its ID."""
-    stmt = select(Sandbox).where(Sandbox.id == sandbox_id)
-    return db_session.execute(stmt).scalar_one_or_none()
-
-
-def update_sandbox_status__no_commit(
-    db_session: Session,
-    sandbox_id: UUID,
-    status: SandboxStatus,
-) -> Sandbox:
-    """Update sandbox status.
-
-    NOTE: This function uses flush() instead of commit(). The caller is
-    responsible for committing the transaction when ready.
-    """
-    sandbox = get_sandbox_by_id(db_session, sandbox_id)
-    if not sandbox:
-        raise ValueError(f"Sandbox {sandbox_id} not found")
-
-    sandbox.status = status
-    db_session.flush()
-    return sandbox
-
-
-def update_sandbox_heartbeat(db_session: Session, sandbox_id: UUID) -> Sandbox:
-    """Update sandbox last_heartbeat to now."""
-    sandbox = get_sandbox_by_id(db_session, sandbox_id)
-    if not sandbox:
-        raise ValueError(f"Sandbox {sandbox_id} not found")
-
-    sandbox.last_heartbeat = datetime.datetime.now(datetime.timezone.utc)
-    db_session.commit()
-    return sandbox
-
-
-def get_idle_sandboxes(
-    db_session: Session, idle_threshold_seconds: int
-) -> list[Sandbox]:
-    """Get sandboxes that have been idle longer than threshold."""
-    threshold_time = datetime.datetime.now(datetime.timezone.utc) - datetime.timedelta(
-        seconds=idle_threshold_seconds
-    )
-
-    stmt = select(Sandbox).where(
-        Sandbox.status.in_([SandboxStatus.RUNNING, SandboxStatus.IDLE]),
-        Sandbox.last_heartbeat < threshold_time,
-    )
-    return list(db_session.execute(stmt).scalars().all())
-
-
-def get_running_sandbox_count_by_tenant(db_session: Session, tenant_id: str) -> int:
-    """Get count of running sandboxes for a tenant (for limit enforcement).
-
-    Note: tenant_id parameter is kept for API compatibility but is not used
-    since Sandbox model no longer has tenant_id. This function returns
-    the count of all running sandboxes.
-    """
-    stmt = select(func.count(Sandbox.id)).where(
-        Sandbox.status.in_([SandboxStatus.RUNNING, SandboxStatus.IDLE])
-    )
-    result = db_session.execute(stmt).scalar()
-    return result or 0
-
-
-def create_snapshot(
-    db_session: Session,
-    session_id: UUID,
-    storage_path: str,
-    size_bytes: int,
-) -> Snapshot:
-    """Create a snapshot record for a session."""
-    snapshot = Snapshot(
-        session_id=session_id,
-        storage_path=storage_path,
-        size_bytes=size_bytes,
-    )
-    db_session.add(snapshot)
-    db_session.commit()
-    return snapshot
-
-
-def get_latest_snapshot_for_session(
-    db_session: Session, session_id: UUID
-) -> Snapshot | None:
-    """Get most recent snapshot for a session."""
-    stmt = (
-        select(Snapshot)
-        .where(Snapshot.session_id == session_id)
-        .order_by(Snapshot.created_at.desc())
-        .limit(1)
-    )
-    return db_session.execute(stmt).scalar_one_or_none()
-
-
-def get_snapshots_for_session(db_session: Session, session_id: UUID) -> list[Snapshot]:
-    """Get all snapshots for a session, ordered by creation time descending."""
-    stmt = (
-        select(Snapshot)
-        .where(Snapshot.session_id == session_id)
-        .order_by(Snapshot.created_at.desc())
-    )
-    return list(db_session.execute(stmt).scalars().all())
-
-
-def delete_old_snapshots(
-    db_session: Session, tenant_id: str, retention_days: int
-) -> int:
-    """Delete snapshots older than retention period, return count deleted.
-
-    Note: tenant_id parameter is kept for API compatibility but is not used
-    since Snapshot model no longer has tenant_id. This function deletes
-    all snapshots older than the retention period.
-    """
-    cutoff_time = datetime.datetime.now(datetime.timezone.utc) - datetime.timedelta(
-        days=retention_days
-    )
-
-    stmt = select(Snapshot).where(
-        Snapshot.created_at < cutoff_time,
-    )
-    old_snapshots = db_session.execute(stmt).scalars().all()
-
-    count = 0
-    for snapshot in old_snapshots:
-        db_session.delete(snapshot)
-        count += 1
-
-    if count > 0:
-        db_session.commit()
-
-    return count
-
-
-def delete_snapshot(db_session: Session, snapshot_id: UUID) -> bool:
-    """Delete a specific snapshot by ID. Returns True if deleted, False if not found."""
-    stmt = select(Snapshot).where(Snapshot.id == snapshot_id)
-    snapshot = db_session.execute(stmt).scalar_one_or_none()
-
-    if not snapshot:
-        return False
-
-    db_session.delete(snapshot)
-    db_session.commit()
-    return True

backend/onyx/server/features/build/indexing/persistent_document_writer.py

@@ -1,400 +0,0 @@
-"""
-Persistent Document Writer for writing indexed documents to local filesystem or S3 with
-hierarchical directory structure that mirrors the source organization.
-
-Local mode (SandboxBackend.LOCAL):
-    Writes to local filesystem at {PERSISTENT_DOCUMENT_STORAGE_PATH}/{tenant_id}/knowledge/{user_id}/...
-
-Kubernetes mode (SandboxBackend.KUBERNETES):
-    Writes to S3 at s3://{SANDBOX_S3_BUCKET}/{tenant_id}/knowledge/{user_id}/...
-    This is the same location that kubernetes_sandbox_manager.py reads from when
-    provisioning sandboxes.
-
-Both modes use consistent tenant/user-segregated paths for multi-tenant isolation.
-"""
-
-import hashlib
-import json
-from pathlib import Path
-from typing import Any
-
-import boto3
-from botocore.exceptions import ClientError
-from mypy_boto3_s3.client import S3Client
-
-from onyx.connectors.models import Document
-from onyx.server.features.build.configs import PERSISTENT_DOCUMENT_STORAGE_PATH
-from onyx.server.features.build.configs import SANDBOX_BACKEND
-from onyx.server.features.build.configs import SANDBOX_S3_BUCKET
-from onyx.server.features.build.configs import SandboxBackend
-from onyx.utils.logger import setup_logger
-
-logger = setup_logger()
-
-
-# =============================================================================
-# Shared Utilities for Path Building
-# =============================================================================
-
-
-def sanitize_path_component(component: str, replace_slash: bool = True) -> str:
-    """Sanitize a path component for file system / S3 key safety.
-
-    Args:
-        component: The path component to sanitize
-        replace_slash: If True, replaces forward slashes (needed for local filesystem).
-                      Set to False for S3 where `/` is a valid delimiter.
-
-    Returns:
-        Sanitized path component safe for use in file paths or S3 keys
-    """
-    # Replace spaces with underscores
-    sanitized = component.replace(" ", "_")
-    # Replace problematic characters
-    if replace_slash:
-        sanitized = sanitized.replace("/", "_")
-    sanitized = sanitized.replace("\\", "_").replace(":", "_")
-    sanitized = sanitized.replace("<", "_").replace(">", "_").replace("|", "_")
-    sanitized = sanitized.replace('"', "_").replace("?", "_").replace("*", "_")
-    # Also handle null bytes and other control characters
-    sanitized = "".join(c for c in sanitized if ord(c) >= 32)
-    return sanitized.strip() or "unnamed"
-
-
-def sanitize_filename(name: str, replace_slash: bool = True) -> str:
-    """Sanitize name for use as filename.
-
-    Args:
-        name: The filename to sanitize
-        replace_slash: Passed through to sanitize_path_component
-
-    Returns:
-        Sanitized filename, truncated with hash suffix if too long
-    """
-    sanitized = sanitize_path_component(name, replace_slash=replace_slash)
-    if len(sanitized) > 200:
-        # Keep first 150 chars + hash suffix for uniqueness
-        hash_suffix = hashlib.sha256(name.encode()).hexdigest()[:16]
-        return f"{sanitized[:150]}_{hash_suffix}"
-    return sanitized
-
-
-def get_base_filename(doc: Document, replace_slash: bool = True) -> str:
-    """Get base filename from document, preferring semantic identifier.
-
-    Args:
-        doc: The document to get filename for
-        replace_slash: Passed through to sanitize_filename
-
-    Returns:
-        Sanitized base filename (without extension)
-    """
-    name = doc.semantic_identifier or doc.title or doc.id
-    return sanitize_filename(name, replace_slash=replace_slash)
-
-
-def build_document_subpath(doc: Document, replace_slash: bool = True) -> list[str]:
-    """Build the source/hierarchy path components from a document.
-
-    Returns path components like: [source, hierarchy_part1, hierarchy_part2, ...]
-
-    This is the common part of the path that comes after user/tenant segregation.
-
-    Args:
-        doc: The document to build path for
-        replace_slash: Passed through to sanitize_path_component
-
-    Returns:
-        List of sanitized path components
-    """
-    parts: list[str] = []
-
-    # Source type (e.g., "google_drive", "confluence")
-    parts.append(doc.source.value)
-
-    # Get hierarchy from doc_metadata
-    hierarchy = doc.doc_metadata.get("hierarchy", {}) if doc.doc_metadata else {}
-    source_path = hierarchy.get("source_path", [])
-
-    if source_path:
-        parts.extend(
-            [
-                sanitize_path_component(p, replace_slash=replace_slash)
-                for p in source_path
-            ]
-        )
-
-    return parts
-
-
-def resolve_duplicate_filename(
-    doc: Document,
-    base_filename: str,
-    has_duplicates: bool,
-    replace_slash: bool = True,
-) -> str:
-    """Resolve filename, appending ID suffix if there are duplicates.
-
-    Args:
-        doc: The document (for ID extraction)
-        base_filename: The base filename without extension
-        has_duplicates: Whether there are other docs with the same base filename
-        replace_slash: Passed through to sanitize_path_component
-
-    Returns:
-        Final filename with .json extension
-    """
-    if has_duplicates:
-        id_suffix = sanitize_path_component(doc.id, replace_slash=replace_slash)
-        if len(id_suffix) > 50:
-            id_suffix = hashlib.sha256(doc.id.encode()).hexdigest()[:16]
-        return f"{base_filename}_{id_suffix}.json"
-    return f"{base_filename}.json"
-
-
-def serialize_document(doc: Document) -> dict[str, Any]:
-    """Serialize a document to a dictionary for JSON storage.
-
-    Args:
-        doc: The document to serialize
-
-    Returns:
-        Dictionary representation of the document
-    """
-    return {
-        "id": doc.id,
-        "semantic_identifier": doc.semantic_identifier,
-        "title": doc.title,
-        "source": doc.source.value,
-        "doc_updated_at": (
-            doc.doc_updated_at.isoformat() if doc.doc_updated_at else None
-        ),
-        "metadata": doc.metadata,
-        "doc_metadata": doc.doc_metadata,
-        "sections": [
-            {"text": s.text if hasattr(s, "text") else None, "link": s.link}
-            for s in doc.sections
-        ],
-        "primary_owners": [o.model_dump() for o in (doc.primary_owners or [])],
-        "secondary_owners": [o.model_dump() for o in (doc.secondary_owners or [])],
-    }
-
-
-# =============================================================================
-# Classes
-# =============================================================================
-
-
-class PersistentDocumentWriter:
-    """Writes indexed documents to local filesystem with hierarchical structure.
-
-    Documents are stored in tenant/user-segregated paths:
-    {base_path}/{tenant_id}/knowledge/{user_id}/{source}/{hierarchy}/document.json
-
-    This enables per-tenant and per-user isolation for sandbox access control.
-    """
-
-    def __init__(
-        self,
-        base_path: str,
-        tenant_id: str,
-        user_id: str,
-    ):
-        self.base_path = Path(base_path)
-        self.tenant_id = tenant_id
-        self.user_id = user_id
-
-    def write_documents(self, documents: list[Document]) -> list[str]:
-        """Write documents to local filesystem, returns written file paths."""
-        written_paths: list[str] = []
-
-        # Build a map of base filenames to detect duplicates
-        # Key: (directory_path, base_filename) -> list of docs with that name
-        filename_map: dict[tuple[Path, str], list[Document]] = {}
-
-        for doc in documents:
-            dir_path = self._build_directory_path(doc)
-            base_filename = get_base_filename(doc, replace_slash=True)
-            key = (dir_path, base_filename)
-            if key not in filename_map:
-                filename_map[key] = []
-            filename_map[key].append(doc)
-
-        # Now write documents, appending ID if there are duplicates
-        for (dir_path, base_filename), docs in filename_map.items():
-            has_duplicates = len(docs) > 1
-            for doc in docs:
-                filename = resolve_duplicate_filename(
-                    doc, base_filename, has_duplicates, replace_slash=True
-                )
-                path = dir_path / filename
-                self._write_document(doc, path)
-                written_paths.append(str(path))
-
-        return written_paths
-
-    def _build_directory_path(self, doc: Document) -> Path:
-        """Build directory path from document metadata.
-
-        Documents are stored under tenant/user-segregated paths:
-        {base_path}/{tenant_id}/knowledge/{user_id}/{source}/{hierarchy}/
-
-        This enables per-tenant and per-user isolation for sandbox access control.
-        """
-        # Tenant and user segregation prefix (matches S3 path structure)
-        parts = [self.tenant_id, "knowledge", self.user_id]
-        # Add source and hierarchy from document
-        parts.extend(build_document_subpath(doc, replace_slash=True))
-
-        return self.base_path / "/".join(parts)
-
-    def _write_document(self, doc: Document, path: Path) -> None:
-        """Serialize and write document to filesystem."""
-        content = serialize_document(doc)
-
-        # Create parent directories if they don't exist
-        path.parent.mkdir(parents=True, exist_ok=True)
-
-        # Write the JSON file
-        with open(path, "w", encoding="utf-8") as f:
-            json.dump(content, f, indent=2, default=str)
-
-        logger.debug(f"Wrote document to {path}")
-
-
-class S3PersistentDocumentWriter:
-    """Writes indexed documents to S3 with hierarchical structure.
-
-    Documents are stored in tenant/user-segregated paths:
-    s3://{bucket}/{tenant_id}/knowledge/{user_id}/{source}/{hierarchy}/document.json
-
-    This matches the location that KubernetesSandboxManager reads from when
-    provisioning sandboxes (via the init container's aws s3 sync command).
-    """
-
-    def __init__(self, tenant_id: str, user_id: str):
-        """Initialize S3PersistentDocumentWriter.
-
-        Args:
-            tenant_id: Tenant identifier for multi-tenant isolation
-            user_id: User ID for user-segregated storage paths
-        """
-        self.tenant_id = tenant_id
-        self.user_id = user_id
-        self.bucket = SANDBOX_S3_BUCKET
-        self._s3_client: S3Client | None = None
-
-    def _get_s3_client(self) -> S3Client:
-        """Lazily initialize S3 client.
-
-        Uses the default boto3 credential chain which supports:
-        - Environment variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY)
-        - AWS config files
-        - IAM roles (EC2/ECS/EKS instance profiles, IRSA)
-        """
-        if self._s3_client is None:
-            self._s3_client = boto3.client("s3")
-        return self._s3_client
-
-    def write_documents(self, documents: list[Document]) -> list[str]:
-        """Write documents to S3, returns written S3 keys.
-
-        Args:
-            documents: List of documents to write
-
-        Returns:
-            List of S3 keys that were written
-        """
-        written_keys: list[str] = []
-
-        # Build a map of base keys to detect duplicates
-        # Key: (directory_prefix, base_filename) -> list of docs with that name
-        key_map: dict[tuple[str, str], list[Document]] = {}
-
-        for doc in documents:
-            dir_prefix = self._build_directory_path(doc)
-            base_filename = get_base_filename(doc, replace_slash=False)
-            key = (dir_prefix, base_filename)
-            if key not in key_map:
-                key_map[key] = []
-            key_map[key].append(doc)
-
-        # Now write documents, appending ID if there are duplicates
-        s3_client = self._get_s3_client()
-
-        for (dir_prefix, base_filename), docs in key_map.items():
-            has_duplicates = len(docs) > 1
-            for doc in docs:
-                filename = resolve_duplicate_filename(
-                    doc, base_filename, has_duplicates, replace_slash=False
-                )
-                s3_key = f"{dir_prefix}/{filename}"
-                self._write_document(s3_client, doc, s3_key)
-                written_keys.append(s3_key)
-
-        return written_keys
-
-    def _build_directory_path(self, doc: Document) -> str:
-        """Build S3 key prefix from document metadata.
-
-        Documents are stored under tenant/user-segregated paths:
-        {tenant_id}/knowledge/{user_id}/{source}/{hierarchy}/
-
-        This matches the path that KubernetesSandboxManager syncs from:
-        aws s3 sync "s3://{bucket}/{tenant_id}/knowledge/{user_id}/" /workspace/files/
-        """
-        # Tenant and user segregation (matches K8s sandbox init container path)
-        parts = [self.tenant_id, "knowledge", self.user_id]
-        # Add source and hierarchy from document
-        parts.extend(build_document_subpath(doc, replace_slash=False))
-
-        return "/".join(parts)
-
-    def _write_document(self, s3_client: S3Client, doc: Document, s3_key: str) -> None:
-        """Serialize and write document to S3."""
-        content = serialize_document(doc)
-        json_content = json.dumps(content, indent=2, default=str)
-
-        try:
-            s3_client.put_object(
-                Bucket=self.bucket,
-                Key=s3_key,
-                Body=json_content.encode("utf-8"),
-                ContentType="application/json",
-            )
-            logger.debug(f"Wrote document to s3://{self.bucket}/{s3_key}")
-        except ClientError as e:
-            logger.error(f"Failed to write to S3: {e}")
-            raise
-
-
-def get_persistent_document_writer(
-    user_id: str,
-    tenant_id: str,
-) -> PersistentDocumentWriter | S3PersistentDocumentWriter:
-    """Factory function to create a PersistentDocumentWriter with default configuration.
-
-    Args:
-        user_id: User ID for user-segregated storage paths.
-        tenant_id: Tenant ID for multi-tenant isolation.
-
-    Both local and S3 modes use consistent tenant/user-segregated paths:
-        - Local: {base_path}/{tenant_id}/knowledge/{user_id}/...
-        - S3: s3://{bucket}/{tenant_id}/knowledge/{user_id}/...
-
-    Returns:
-        PersistentDocumentWriter for local mode, S3PersistentDocumentWriter for K8s mode
-    """
-    if SANDBOX_BACKEND == SandboxBackend.LOCAL:
-        return PersistentDocumentWriter(
-            base_path=PERSISTENT_DOCUMENT_STORAGE_PATH,
-            tenant_id=tenant_id,
-            user_id=user_id,
-        )
-    elif SANDBOX_BACKEND == SandboxBackend.KUBERNETES:
-        return S3PersistentDocumentWriter(
-            tenant_id=tenant_id,
-            user_id=user_id,
-        )
-    else:
-        raise ValueError(f"Unknown sandbox backend: {SANDBOX_BACKEND}")

backend/onyx/server/features/build/sandbox/README.md

@@ -1,352 +0,0 @@
-# Onyx Sandbox System
-
-This directory contains the implementation of Onyx's sandbox system for running OpenCode agents in isolated environments.
-
-## Overview
-
-The sandbox system provides isolated execution environments where OpenCode agents can build web applications, run code, and interact with knowledge files. Each sandbox includes:
-
-- **Next.js development environment** - Lightweight Next.js scaffold with shadcn/ui and Recharts for building UIs
-- **Python virtual environment** - Pre-installed packages for data processing
-- **OpenCode agent** - AI coding agent with access to tools and MCP servers
-- **Knowledge files** - Access to indexed documents and user uploads
-
-## Architecture
-
-### Deployment Modes
-
-1. **Local Mode** (`SANDBOX_BACKEND=local`)
-   - Sandboxes run as directories on the local filesystem
-   - No automatic cleanup or snapshots
-   - Suitable for development and testing
-
-2. **Kubernetes Mode** (`SANDBOX_BACKEND=kubernetes`)
-   - Sandboxes run as Kubernetes pods
-   - Automatic snapshots to S3
-   - Auto-cleanup of idle sandboxes
-   - Production-ready with resource isolation
-
-### Directory Structure
-
-```
-/workspace/                          # Sandbox root (in container)
-├── outputs/                         # Working directory
-│   ├── web/                        # Lightweight Next.js app (shadcn/ui, Recharts)
-│   ├── slides/                     # Generated presentations
-│   ├── markdown/                   # Generated documents
-│   └── graphs/                     # Generated visualizations
-├── .venv/                          # Python virtual environment
-├── files/                          # Symlink to knowledge files
-├── attachments/                    # User uploads
-├── AGENTS.md                       # Agent instructions
-└── .opencode/
-    └── skills/                     # Agent skills
-```
-
-## Setup
-
-### Running via Docker/Kubernetes (Zero Setup!) 🎉
-
-**No setup required!** Just build and deploy:
-
-```bash
-# Build backend image (includes both templates)
-cd backend
-docker build -f Dockerfile.sandbox-templates -t onyxdotapp/backend:latest .
-
-# Build sandbox container (lightweight runner)
-cd onyx/server/features/build/sandbox/kubernetes/docker
-docker build -t onyxdotapp/sandbox:latest .
-
-# Deploy with docker-compose or kubectl - sandboxes work immediately!
-```
-
-**How it works:**
-
-- **Backend image**: Contains both templates at build time:
-  - Web template at `/templates/outputs/web` (lightweight Next.js scaffold, ~2MB)
-  - Python venv template at `/templates/venv` (pre-installed packages, ~50MB)
-- **Init container** (Kubernetes only): Syncs knowledge files from S3
-- **Sandbox startup**: Runs `npm install` (for fresh dependency locks) + `next dev`
-
-### Running Backend Directly (Without Docker)
-
-**Only needed if you're running the Onyx backend outside of Docker.** Most developers use Docker and can skip this section.
-
-If you're running the backend Python process directly on your machine, you need templates at `/templates/`:
-
-#### Web Template
-
-The web template is a lightweight Next.js app (Next.js 16, React 19, shadcn/ui, Recharts) checked into the codebase at `backend/onyx/server/features/build/templates/outputs/web/`.
-
-For local development, create a symlink to this template:
-
-```bash
-sudo mkdir -p /templates/outputs
-sudo ln -s $(pwd)/backend/onyx/server/features/build/templates/outputs/web /templates/outputs/web
-```
-
-#### Python Venv Template
-
-If you don't have a venv template, create it:
-
-```bash
-# Use the utility script
-cd backend
-python -m onyx.server.features.build.sandbox.util.build_venv_template
-
-# Or manually
-python3 -m venv /templates/venv
-/templates/venv/bin/pip install -r backend/onyx/server/features/build/sandbox/kubernetes/docker/initial-requirements.txt
-```
-
-**That's it!** When sandboxes are created:
-
-1. Web template is copied from `/templates/outputs/web`
-2. Python venv is copied from `/templates/venv`
-3. `npm install` runs automatically to install fresh Next.js dependencies
-
-## OpenCode Configuration
-
-Each sandbox includes an OpenCode agent configured with:
-
-- **LLM Provider**: Anthropic, OpenAI, Google, Bedrock, or Azure
-- **Extended thinking**: High reasoning effort / thinking budgets for complex tasks
-- **Tool permissions**: File operations, bash commands, web access
-- **Disabled tools**: Configurable via `OPENCODE_DISABLED_TOOLS` env var
-
-Configuration is generated dynamically in `templates/opencode_config.py`.
-
-## Key Components
-
-### Managers
-
-- **`base.py`** - Abstract base class defining the sandbox interface
-- **`local/manager.py`** - Filesystem-based sandbox manager for local development
-- **`kubernetes/manager.py`** - Kubernetes-based sandbox manager for production
-
-### Managers (Shared)
-
-- **`manager/directory_manager.py`** - Creates sandbox directory structure and copies templates
-- **`manager/snapshot_manager.py`** - Handles snapshot creation and restoration
-
-### Utilities
-
-- **`util/opencode_config.py`** - Generates OpenCode configuration with MCP support
-- **`util/agent_instructions.py`** - Generates agent instructions (AGENTS.md)
-- **`util/build_venv_template.py`** - Utility to build Python venv template for local development
-
-### Templates
-
-- **`../templates/outputs/web/`** - Lightweight Next.js scaffold (shadcn/ui, Recharts) versioned with the backend code
-
-### Kubernetes Specific
-
-- **`kubernetes/docker/Dockerfile`** - Sandbox container image (runs Next.js + OpenCode)
-- **`kubernetes/docker/entrypoint.sh`** - Container startup script
-
-## Environment Variables
-
-### Core Settings
-
-```bash
-# Sandbox backend mode
-SANDBOX_BACKEND=local|kubernetes           # Default: local
-
-# Template paths (local mode)
-OUTPUTS_TEMPLATE_PATH=/templates/outputs   # Default: /templates/outputs
-VENV_TEMPLATE_PATH=/templates/venv        # Default: /templates/venv
-
-# Sandbox base path (local mode)
-SANDBOX_BASE_PATH=/tmp/onyx-sandboxes     # Default: /tmp/onyx-sandboxes
-
-# OpenCode configuration
-OPENCODE_DISABLED_TOOLS=question          # Comma-separated list, default: question
-```
-
-### Kubernetes Settings
-
-```bash
-# Kubernetes namespace
-SANDBOX_NAMESPACE=onyx-sandboxes          # Default: onyx-sandboxes
-
-# Container image
-SANDBOX_CONTAINER_IMAGE=onyxdotapp/sandbox:latest
-
-# S3 bucket for snapshots and files
-SANDBOX_S3_BUCKET=onyx-sandbox-files      # Default: onyx-sandbox-files
-
-# Service accounts
-SANDBOX_SERVICE_ACCOUNT_NAME=sandbox-runner          # No AWS access
-SANDBOX_FILE_SYNC_SERVICE_ACCOUNT=sandbox-file-sync  # Has S3 access via IRSA
-```
-
-### Lifecycle Settings
-
-```bash
-# Idle timeout before cleanup (seconds)
-SANDBOX_IDLE_TIMEOUT_SECONDS=900          # Default: 900 (15 minutes)
-
-# Max concurrent sandboxes per organization
-SANDBOX_MAX_CONCURRENT_PER_ORG=10         # Default: 10
-
-# Next.js port range (local mode)
-SANDBOX_NEXTJS_PORT_START=3010            # Default: 3010
-SANDBOX_NEXTJS_PORT_END=3100              # Default: 3100
-```
-
-## Testing
-
-### Integration Tests
-
-```bash
-# Test local sandbox provisioning
-uv run pytest backend/tests/integration/sandbox/test_local_sandbox.py
-
-# Test Kubernetes sandbox provisioning (requires k8s cluster)
-uv run pytest backend/tests/integration/sandbox/test_kubernetes_sandbox.py
-```
-
-### Manual Testing
-
-```bash
-# Start a local sandbox session
-curl -X POST http://localhost:3000/api/build/session \
-  -H "Content-Type: application/json" \
-  -d '{
-    "user_id": "user-123",
-    "file_system_path": "/path/to/files"
-  }'
-
-# Send a message to the agent
-curl -X POST http://localhost:3000/api/build/session/{session_id}/message \
-  -H "Content-Type: application/json" \
-  -d '{
-    "message": "Create a simple web page"
-  }'
-```
-
-## Troubleshooting
-
-### Sandbox Stuck in PROVISIONING (Kubernetes)
-
-**Symptoms**: Sandbox status never changes from `PROVISIONING`
-
-**Solutions**:
-
-- Check pod logs: `kubectl logs -n onyx-sandboxes sandbox-{sandbox-id}`
-- Check init container: `kubectl logs -n onyx-sandboxes sandbox-{sandbox-id} -c file-sync`
-- Verify init container completed: `kubectl describe pod -n onyx-sandboxes sandbox-{sandbox-id}`
-- Check S3 bucket access: Ensure init container service account has IRSA configured
-
-### Next.js Server Won't Start
-
-**Symptoms**: Sandbox provisioned but web preview doesn't load
-
-**Solutions**:
-
-- **Local mode**: Check if port is already in use
-- **Docker/K8s**: Check container logs: `kubectl logs -n onyx-sandboxes sandbox-{sandbox-id}`
-- Verify npm install succeeded (check entrypoint.sh logs)
-- Check that web template was copied: `kubectl exec -n onyx-sandboxes sandbox-{sandbox-id} -- ls /workspace/outputs/web`
-
-### Templates Not Found (Local Mode)
-
-**Symptoms**: `RuntimeError: Sandbox templates are missing`
-
-**Solution**: Set up templates as described in the "Local Development" section above:
-
-```bash
-# Symlink web template
-sudo ln -s $(pwd)/backend/onyx/server/features/build/templates/outputs/web /templates/outputs/web
-
-# Create Python venv
-python3 -m venv /templates/venv
-/templates/venv/bin/pip install -r backend/onyx/server/features/build/sandbox/kubernetes/docker/initial-requirements.txt
-```
-
-### Permission Denied
-
-**Symptoms**: `Permission denied` error accessing `/templates/`
-
-**Solution**: Either use sudo when creating symlinks, or use custom paths:
-
-```bash
-export OUTPUTS_TEMPLATE_PATH=$HOME/.onyx/templates/outputs
-export VENV_TEMPLATE_PATH=$HOME/.onyx/templates/venv
-
-# Then symlink to your home directory
-mkdir -p $HOME/.onyx/templates/outputs
-ln -s $(pwd)/backend/onyx/server/features/build/templates/outputs/web $HOME/.onyx/templates/outputs/web
-```
-
-## Security Considerations
-
-### Sandbox Isolation
-
-- **Kubernetes pods** run with restricted security context (non-root, no privilege escalation)
-- **Init containers** have S3 access for file sync, but main sandbox container does NOT
-- **Network policies** can restrict sandbox egress traffic
-- **Resource limits** prevent resource exhaustion
-
-### Credentials Management
-
-- LLM API keys are passed as environment variables (not stored in sandbox)
-- User file access is read-only via symlinks
-- Snapshots are isolated per tenant in S3
-
-## Development
-
-### Adding New MCP Servers
-
-1. Add MCP configuration to `templates/opencode_config.py`:
-
-   ```python
-   config["mcp"] = {
-       "my-mcp": {
-           "type": "local",
-           "command": ["npx", "@my/mcp@latest"],
-           "enabled": True,
-       }
-   }
-   ```
-
-2. Install required npm packages in web template (if needed)
-
-3. Rebuild Docker image and templates
-
-### Modifying Agent Instructions
-
-Edit `AGENTS.template.md` in the build directory. This is populated with dynamic content by `templates/agent_instructions.py`.
-
-### Adding New Tools/Permissions
-
-Update `templates/opencode_config.py` to add/remove tool permissions in the `permission` section.
-
-## Template Details
-
-### Web Template
-
-The lightweight Next.js template (`backend/onyx/server/features/build/templates/outputs/web/`) includes:
-
-- **Framework**: Next.js 16.1.4 with React 19.2.3
-- **UI Library**: shadcn/ui components with Radix UI primitives
-- **Styling**: Tailwind CSS v4 with custom theming support
-- **Charts**: Recharts for data visualization
-- **Size**: ~2MB (excluding node_modules, which are installed fresh per sandbox)
-
-This template provides a modern development environment without the complexity of the full Onyx application, allowing agents to build custom UIs quickly.
-
-### Python Venv Template
-
-The Python venv (`/templates/venv/`) includes packages from `initial-requirements.txt`:
-
-- Data processing: pandas, numpy, polars
-- HTTP clients: requests, httpx
-- Utilities: python-dotenv, pydantic
-
-## References
-
-- [OpenCode Documentation](https://docs.opencode.ai)
-- [Next.js Documentation](https://nextjs.org/docs)
-- [shadcn/ui Components](https://ui.shadcn.com)

backend/onyx/server/features/build/sandbox/__init__.py

@@ -1,44 +0,0 @@
-"""
-Sandbox module for CLI agent filesystem-based isolation.
-
-This module provides lightweight sandbox management for CLI-based AI agent sessions.
-Each sandbox is a directory on the local filesystem or a Kubernetes pod.
-
-Usage:
-    from onyx.server.features.build.sandbox import get_sandbox_manager
-
-    # Get the appropriate sandbox manager based on SANDBOX_BACKEND config
-    sandbox_manager = get_sandbox_manager()
-
-    # Use the sandbox manager
-    sandbox_info = sandbox_manager.provision(...)
-
-Module structure:
-    - base.py: SandboxManager ABC and get_sandbox_manager() factory
-    - models.py: Shared Pydantic models
-    - local/: Local filesystem-based implementation for development
-    - kubernetes/: Kubernetes pod-based implementation for production
-    - internal/: Shared internal utilities (snapshot manager)
-"""
-
-from onyx.server.features.build.sandbox.base import get_sandbox_manager
-from onyx.server.features.build.sandbox.base import SandboxManager
-from onyx.server.features.build.sandbox.local.local_sandbox_manager import (
-    LocalSandboxManager,
-)
-from onyx.server.features.build.sandbox.models import FilesystemEntry
-from onyx.server.features.build.sandbox.models import SandboxInfo
-from onyx.server.features.build.sandbox.models import SnapshotInfo
-
-__all__ = [
-    # Factory function (preferred)
-    "get_sandbox_manager",
-    # Interface
-    "SandboxManager",
-    # Implementations
-    "LocalSandboxManager",
-    # Models
-    "SandboxInfo",
-    "SnapshotInfo",
-    "FilesystemEntry",
-]

backend/onyx/server/features/build/sandbox/base.py

@@ -1,466 +0,0 @@
-"""Abstract base class and factory for sandbox operations.
-
-SandboxManager is the abstract interface for sandbox lifecycle management.
-Use get_sandbox_manager() to get the appropriate implementation based on SANDBOX_BACKEND.
-
-IMPORTANT: SandboxManager implementations must NOT interface with the database directly.
-All database operations should be handled by the caller (SessionManager, Celery tasks, etc.).
-
-Architecture Note (User-Shared Sandbox Model):
-- One sandbox (container/pod) is shared across all of a user's sessions
-- provision() creates the user's sandbox with shared files/ directory
-- setup_session_workspace() creates per-session workspace within the sandbox
-- cleanup_session_workspace() removes session workspace on session delete
-- terminate() destroys the entire sandbox (all sessions)
-"""
-
-import threading
-from abc import ABC
-from abc import abstractmethod
-from collections.abc import Generator
-from typing import Any
-from uuid import UUID
-
-from onyx.server.features.build.configs import SANDBOX_BACKEND
-from onyx.server.features.build.configs import SandboxBackend
-from onyx.server.features.build.sandbox.models import FilesystemEntry
-from onyx.server.features.build.sandbox.models import LLMProviderConfig
-from onyx.server.features.build.sandbox.models import SandboxInfo
-from onyx.server.features.build.sandbox.models import SnapshotResult
-from onyx.utils.logger import setup_logger
-
-logger = setup_logger()
-
-# ACPEvent is a union type defined in both local and kubernetes modules
-# Using Any here to avoid circular imports - the actual type checking
-# happens in the implementation modules
-ACPEvent = Any
-
-
-class SandboxManager(ABC):
-    """Abstract interface for sandbox operations.
-
-    Defines the contract for sandbox lifecycle management including:
-    - Provisioning and termination (user-level)
-    - Session workspace setup and cleanup (session-level)
-    - Snapshot creation (session-level)
-    - Health checks
-    - Agent communication (session-level)
-    - Filesystem operations (session-level)
-
-    Directory Structure:
-        $SANDBOX_ROOT/
-        ├── files/                     # SHARED - symlink to user's persistent documents
-        └── sessions/
-            ├── $session_id_1/         # Per-session workspace
-            │   ├── outputs/           # Agent output for this session
-            │   │   └── web/           # Next.js app
-            │   ├── venv/              # Python virtual environment
-            │   ├── skills/            # Opencode skills
-            │   ├── AGENTS.md          # Agent instructions
-            │   ├── opencode.json      # LLM config
-            │   └── attachments/
-            └── $session_id_2/
-                └── ...
-
-    IMPORTANT: Implementations must NOT interface with the database directly.
-    All database operations should be handled by the caller.
-
-    Use get_sandbox_manager() to get the appropriate implementation.
-    """
-
-    @abstractmethod
-    def provision(
-        self,
-        sandbox_id: UUID,
-        user_id: UUID,
-        tenant_id: str,
-        llm_config: LLMProviderConfig,
-    ) -> SandboxInfo:
-        """Provision a new sandbox for a user.
-
-        Creates the sandbox container/directory with:
-        - sessions/ directory for per-session workspaces
-
-        NOTE: This does NOT set up session-specific workspaces.
-        Call setup_session_workspace() after provisioning to create a session workspace.
-
-        Args:
-            sandbox_id: Unique identifier for the sandbox
-            user_id: User identifier who owns this sandbox
-            tenant_id: Tenant identifier for multi-tenant isolation
-            llm_config: LLM provider configuration (for default config)
-
-        Returns:
-            SandboxInfo with the provisioned sandbox details
-
-        Raises:
-            RuntimeError: If provisioning fails
-        """
-        ...
-
-    @abstractmethod
-    def terminate(self, sandbox_id: UUID) -> None:
-        """Terminate a sandbox and clean up all resources.
-
-        Destroys the entire sandbox including all session workspaces.
-        Use cleanup_session_workspace() to remove individual sessions.
-
-        Args:
-            sandbox_id: The sandbox ID to terminate
-        """
-        ...
-
-    @abstractmethod
-    def setup_session_workspace(
-        self,
-        sandbox_id: UUID,
-        session_id: UUID,
-        llm_config: LLMProviderConfig,
-        nextjs_port: int,
-        file_system_path: str | None = None,
-        snapshot_path: str | None = None,
-        user_name: str | None = None,
-        user_role: str | None = None,
-        user_work_area: str | None = None,
-        user_level: str | None = None,
-        use_demo_data: bool = False,
-    ) -> None:
-        """Set up a session workspace within an existing sandbox.
-
-        Creates the per-session directory structure:
-        - sessions/$session_id/outputs/ (from snapshot or template)
-        - sessions/$session_id/venv/
-        - sessions/$session_id/skills/
-        - sessions/$session_id/files/ (symlink to demo data or user files)
-        - sessions/$session_id/AGENTS.md
-        - sessions/$session_id/opencode.json
-        - sessions/$session_id/attachments/
-        - sessions/$session_id/org_info/ (if demo data enabled)
-
-        Args:
-            sandbox_id: The sandbox ID (must be provisioned)
-            session_id: The session ID for this workspace
-            llm_config: LLM provider configuration for opencode.json
-            file_system_path: Path to user's knowledge/source files
-            snapshot_path: Optional storage path to restore outputs from
-            user_name: User's name for personalization in AGENTS.md
-            user_role: User's role/title for personalization in AGENTS.md
-            user_work_area: User's work area for demo persona (e.g., "engineering")
-            user_level: User's level for demo persona (e.g., "ic", "manager")
-            use_demo_data: If True, symlink files/ to demo data; else to user files
-
-        Raises:
-            RuntimeError: If workspace setup fails
-        """
-        ...
-
-    @abstractmethod
-    def cleanup_session_workspace(
-        self,
-        sandbox_id: UUID,
-        session_id: UUID,
-    ) -> None:
-        """Clean up a session workspace (on session delete).
-
-        Removes the session directory: sessions/$session_id/
-        Does NOT terminate the sandbox - other sessions may still be using it.
-
-        Args:
-            sandbox_id: The sandbox ID
-            session_id: The session ID to clean up
-        """
-        ...
-
-    @abstractmethod
-    def create_snapshot(
-        self,
-        sandbox_id: UUID,
-        session_id: UUID,
-        tenant_id: str,
-    ) -> SnapshotResult | None:
-        """Create a snapshot of a session's outputs directory.
-
-        Captures only the session-specific outputs:
-        sessions/$session_id/outputs/
-
-        Does NOT include: venv, skills, AGENTS.md, opencode.json, attachments
-        Does NOT include: shared files/ directory
-
-        Args:
-            sandbox_id: The sandbox ID
-            session_id: The session ID to snapshot
-            tenant_id: Tenant identifier for storage path
-
-        Returns:
-            SnapshotResult with storage path and size, or None if
-            snapshots are disabled for this backend
-
-        Raises:
-            RuntimeError: If snapshot creation fails
-        """
-        ...
-
-    @abstractmethod
-    def session_workspace_exists(
-        self,
-        sandbox_id: UUID,
-        session_id: UUID,
-    ) -> bool:
-        """Check if a session's workspace directory exists in the sandbox.
-
-        Used to determine if we need to restore from snapshot.
-        Checks for sessions/$session_id/outputs/ directory.
-
-        Args:
-            sandbox_id: The sandbox ID
-            session_id: The session ID to check
-
-        Returns:
-            True if the session workspace exists, False otherwise
-        """
-        ...
-
-    @abstractmethod
-    def restore_snapshot(
-        self,
-        sandbox_id: UUID,
-        session_id: UUID,
-        snapshot_storage_path: str,
-        tenant_id: str,
-        nextjs_port: int,
-    ) -> None:
-        """Restore a snapshot into a session's workspace directory.
-
-        Downloads the snapshot from storage, extracts it into
-        sessions/$session_id/outputs/, and starts the NextJS server.
-
-        For Kubernetes backend, this downloads from S3 and streams
-        into the pod via kubectl exec (since the pod has no S3 access).
-
-        Args:
-            sandbox_id: The sandbox ID
-            session_id: The session ID to restore
-            snapshot_storage_path: Path to the snapshot in storage
-            tenant_id: Tenant identifier for storage access
-            nextjs_port: Port number for the NextJS dev server
-
-        Raises:
-            RuntimeError: If snapshot restoration fails
-            FileNotFoundError: If snapshot does not exist
-        """
-        ...
-
-    @abstractmethod
-    def health_check(self, sandbox_id: UUID, timeout: float = 60.0) -> bool:
-        """Check if the sandbox is healthy.
-
-        Args:
-            sandbox_id: The sandbox ID to check
-
-        Returns:
-            True if sandbox is healthy, False otherwise
-        """
-        ...
-
-    @abstractmethod
-    def send_message(
-        self,
-        sandbox_id: UUID,
-        session_id: UUID,
-        message: str,
-    ) -> Generator[ACPEvent, None, None]:
-        """Send a message to the CLI agent and stream typed ACP events.
-
-        The agent runs in the session-specific workspace:
-        sessions/$session_id/
-
-        Args:
-            sandbox_id: The sandbox ID
-            session_id: The session ID (determines workspace directory)
-            message: The message content to send
-
-        Yields:
-            Typed ACP schema event objects
-
-        Raises:
-            RuntimeError: If agent communication fails
-        """
-        ...
-
-    @abstractmethod
-    def list_directory(
-        self, sandbox_id: UUID, session_id: UUID, path: str
-    ) -> list[FilesystemEntry]:
-        """List contents of a directory in the session's outputs directory.
-
-        Args:
-            sandbox_id: The sandbox ID
-            session_id: The session ID
-            path: Relative path within sessions/$session_id/outputs/
-
-        Returns:
-            List of FilesystemEntry objects sorted by directory first, then name
-
-        Raises:
-            ValueError: If path traversal attempted or path is not a directory
-        """
-        ...
-
-    @abstractmethod
-    def read_file(self, sandbox_id: UUID, session_id: UUID, path: str) -> bytes:
-        """Read a file from the session's workspace.
-
-        Args:
-            sandbox_id: The sandbox ID
-            session_id: The session ID
-            path: Relative path within sessions/$session_id/
-
-        Returns:
-            File contents as bytes
-
-        Raises:
-            ValueError: If path traversal attempted or path is not a file
-        """
-        ...
-
-    @abstractmethod
-    def upload_file(
-        self,
-        sandbox_id: UUID,
-        session_id: UUID,
-        filename: str,
-        content: bytes,
-    ) -> str:
-        """Upload a file to the session's attachments directory.
-
-        Args:
-            sandbox_id: The sandbox ID
-            session_id: The session ID
-            filename: Sanitized filename
-            content: File content as bytes
-
-        Returns:
-            Relative path where file was saved (e.g., "attachments/doc.pdf")
-
-        Raises:
-            RuntimeError: If upload fails
-        """
-        ...
-
-    @abstractmethod
-    def delete_file(
-        self,
-        sandbox_id: UUID,
-        session_id: UUID,
-        path: str,
-    ) -> bool:
-        """Delete a file from the session's workspace.
-
-        Args:
-            sandbox_id: The sandbox ID
-            session_id: The session ID
-            path: Relative path to the file (e.g., "attachments/doc.pdf")
-
-        Returns:
-            True if file was deleted, False if not found
-
-        Raises:
-            ValueError: If path traversal attempted
-        """
-        ...
-
-    @abstractmethod
-    def get_upload_stats(
-        self,
-        sandbox_id: UUID,
-        session_id: UUID,
-    ) -> tuple[int, int]:
-        """Get current file count and total size for a session's attachments.
-
-        Args:
-            sandbox_id: The sandbox ID
-            session_id: The session ID
-
-        Returns:
-            Tuple of (file_count, total_size_bytes)
-        """
-        ...
-
-    @abstractmethod
-    def get_webapp_url(self, sandbox_id: UUID, port: int) -> str:
-        """Get the webapp URL for a session's Next.js server.
-
-        Returns the appropriate URL based on the backend:
-        - Local: Returns localhost URL with port
-        - Kubernetes: Returns internal cluster service URL
-
-        Args:
-            sandbox_id: The sandbox ID
-            port: The session's allocated Next.js port
-
-        Returns:
-            URL to access the webapp
-        """
-        ...
-
-    @abstractmethod
-    def sync_files(
-        self,
-        sandbox_id: UUID,
-        user_id: UUID,
-        tenant_id: str,
-    ) -> bool:
-        """Sync files from S3 to the sandbox's /workspace/files directory.
-
-        For Kubernetes backend: Executes `aws s3 sync` in the file-sync sidecar container.
-        For Local backend: No-op since files are directly accessible via symlink.
-
-        This is idempotent - only downloads changed files.
-
-        Args:
-            sandbox_id: The sandbox UUID
-            user_id: The user ID (for S3 path construction)
-            tenant_id: The tenant ID (for S3 path construction)
-
-        Returns:
-            True if sync was successful, False otherwise.
-        """
-        ...
-
-
-# Singleton instance cache for the factory
-_sandbox_manager_instance: SandboxManager | None = None
-_sandbox_manager_lock = threading.Lock()
-
-
-def get_sandbox_manager() -> SandboxManager:
-    """Get the appropriate SandboxManager implementation based on SANDBOX_BACKEND.
-
-    Returns:
-        SandboxManager instance:
-        - LocalSandboxManager for local backend (development)
-        - KubernetesSandboxManager for kubernetes backend (production)
-    """
-    global _sandbox_manager_instance
-
-    if _sandbox_manager_instance is None:
-        with _sandbox_manager_lock:
-            if _sandbox_manager_instance is None:
-                if SANDBOX_BACKEND == SandboxBackend.LOCAL:
-                    from onyx.server.features.build.sandbox.local.local_sandbox_manager import (
-                        LocalSandboxManager,
-                    )
-
-                    _sandbox_manager_instance = LocalSandboxManager()
-                elif SANDBOX_BACKEND == SandboxBackend.KUBERNETES:
-                    from onyx.server.features.build.sandbox.kubernetes.kubernetes_sandbox_manager import (
-                        KubernetesSandboxManager,
-                    )
-
-                    _sandbox_manager_instance = KubernetesSandboxManager()
-                    logger.info("Using KubernetesSandboxManager for sandbox operations")
-                else:
-                    raise ValueError(f"Unknown sandbox backend: {SANDBOX_BACKEND}")
-
-    return _sandbox_manager_instance

backend/onyx/server/features/build/sandbox/kubernetes/__init__.py

@@ -1,16 +0,0 @@
-"""Kubernetes-based sandbox implementation.
-
-This module provides the KubernetesSandboxManager for production deployments
-that run sandboxes as isolated Kubernetes pods.
-
-Internal implementation details (acp_http_client) are in the internal/
-subdirectory and should not be used directly.
-"""
-
-from onyx.server.features.build.sandbox.kubernetes.kubernetes_sandbox_manager import (
-    KubernetesSandboxManager,
-)
-
-__all__ = [
-    "KubernetesSandboxManager",
-]

backend/onyx/server/features/build/sandbox/kubernetes/docker/Dockerfile

@@ -1,100 +0,0 @@
-# Sandbox Container Image
-#
-# User-shared sandbox model:
-# - One pod per user, shared across all user's sessions
-# - Session workspaces created via kubectl exec (setup_session_workspace)
-# - OpenCode agent runs via kubectl exec when needed
-#
-# Directory structure (created by init container + session setup):
-#   /workspace/
-#   ├── demo-data/       # Demo data (baked into image, for demo sessions)
-#   ├── files/           # User's knowledge files (synced from S3)
-#   ├── templates/       # Output templates (baked into image)
-#   └── sessions/        # Per-session workspaces (created via exec)
-#       └── $session_id/
-#           ├── files/   # Symlink to /workspace/demo-data or /workspace/files
-#           ├── outputs/
-#           ├── AGENTS.md
-#           └── opencode.json
-
-FROM node:20-slim
-
-# Install system dependencies
-RUN apt-get update && apt-get install -y \
-    python3 \
-    python3-pip \
-    python3-venv \
-    curl \
-    git \
-    procps \
-    unzip \
-    && rm -rf /var/lib/apt/lists/*
-
-# Create non-root user (matches pod securityContext)
-# Handle existing user/group with UID/GID 1000 in base image
-RUN EXISTING_USER=$(id -nu 1000 2>/dev/null || echo ""); \
-    EXISTING_GROUP=$(getent group 1000 | cut -d: -f1 2>/dev/null || echo ""); \
-    if [ -n "$EXISTING_GROUP" ] && [ "$EXISTING_GROUP" != "sandbox" ]; then \
-    groupmod -n sandbox $EXISTING_GROUP; \
-    elif [ -z "$EXISTING_GROUP" ]; then \
-    groupadd -g 1000 sandbox; \
-    fi; \
-    if [ -n "$EXISTING_USER" ] && [ "$EXISTING_USER" != "sandbox" ]; then \
-    usermod -l sandbox -g sandbox $EXISTING_USER; \
-    usermod -d /home/sandbox -m sandbox; \
-    usermod -s /bin/bash sandbox; \
-    elif [ -z "$EXISTING_USER" ]; then \
-    useradd -u 1000 -g sandbox -m -s /bin/bash sandbox; \
-    fi
-
-# Create workspace directories
-RUN mkdir -p workspace/sessions /workspace/files /workspace/templates /workspace/demo-data && \
-    chown -R sandbox:sandbox /workspace
-
-# Copy outputs template (web app scaffold, without node_modules)
-COPY --exclude=.next --exclude=node_modules templates/outputs /workspace/templates/outputs
-RUN chown -R sandbox:sandbox /workspace/templates
-
-# Copy and extract demo data from zip file
-COPY demo_data.zip /tmp/demo_data.zip
-RUN unzip -q /tmp/demo_data.zip -d /workspace/demo-data && \
-    rm /tmp/demo_data.zip && \
-    chown -R sandbox:sandbox /workspace/demo-data
-
-# Copy and install Python requirements into a venv
-COPY initial-requirements.txt /tmp/initial-requirements.txt
-RUN python3 -m venv /workspace/.venv && \
-    /workspace/.venv/bin/pip install --upgrade pip && \
-    /workspace/.venv/bin/pip install -r /tmp/initial-requirements.txt && \
-    rm /tmp/initial-requirements.txt && \
-    chown -R sandbox:sandbox /workspace/.venv
-
-# Add venv to PATH so python/pip use it by default
-ENV PATH="/workspace/.venv/bin:${PATH}"
-
-# Install opencode CLI as sandbox user so it goes to their home directory
-USER sandbox
-RUN curl -fsSL https://opencode.ai/install | bash
-USER root
-
-# Add opencode to PATH (installs to ~/.opencode/bin)
-ENV PATH="/home/sandbox/.opencode/bin:${PATH}"
-
-# Set ownership
-RUN chown -R sandbox:sandbox /workspace
-
-# Copy scripts
-COPY generate_agents_md.py /usr/local/bin/generate_agents_md.py
-RUN chmod +x /usr/local/bin/generate_agents_md.py
-
-# Switch to non-root user
-USER sandbox
-WORKDIR /workspace
-
-# Expose ports
-# - 3000: Next.js dev server (started per-session if needed)
-# - 8081: OpenCode ACP HTTP server (started via exec)
-EXPOSE 3000 8081
-
-# Keep container alive - all work done via kubectl exec
-CMD ["sleep", "infinity"]

backend/onyx/server/features/build/sandbox/kubernetes/docker/generate_agents_md.py

@@ -1,164 +0,0 @@
-#!/usr/bin/env python3
-"""Generate AGENTS.md by scanning the files directory and populating the template.
-
-This script runs at container startup, AFTER the init container has synced files
-from S3. It scans the /workspace/files directory to discover what knowledge sources
-are available and generates appropriate documentation.
-
-Environment variables:
-- AGENT_INSTRUCTIONS: The template content with placeholders to replace
-"""
-
-import os
-import sys
-from pathlib import Path
-
-# Connector descriptions for known connector types
-# Keep in sync with agent_instructions.py CONNECTOR_DESCRIPTIONS
-CONNECTOR_DESCRIPTIONS = {
-    "google_drive": (
-        "**Google Drive**: Copied over directly as is. "
-        "End files are stored as `FILE_NAME.json`."
-    ),
-    "gmail": (
-        "**Gmail**: Copied over directly as is. "
-        "End files are stored as `FILE_NAME.json`."
-    ),
-    "linear": (
-        "**Linear**: Each project is a folder, and within each project, "
-        "individual tickets are stored as `[TICKET_ID]_TICKET_NAME.json`."
-    ),
-    "slack": (
-        "**Slack**: Each channel is a folder titled `[CHANNEL_NAME]`. "
-        "Within each channel, each thread is a single file called "
-        "`[INITIAL_AUTHOR]_in_[CHANNEL]__[FIRST_MESSAGE].json`."
-    ),
-    "github": (
-        "**Github**: Each organization is a folder titled `[ORG_NAME]`. "
-        "Within each organization, there is a folder for each repository "
-        "titled `[REPO_NAME]`. Within each repository there are up to two "
-        "folders: `pull_requests` and `issues`. Pull requests are structured "
-        "as `[PR_ID]__[PR_NAME].json` and issues as `[ISSUE_ID]__[ISSUE_NAME].json`."
-    ),
-    "fireflies": (
-        "**Fireflies**: All calls are in the root, each as a single file "
-        "titled `CALL_TITLE.json`."
-    ),
-    "hubspot": (
-        "**HubSpot**: Four folders in the root: `Tickets`, `Companies`, "
-        "`Deals`, and `Contacts`. Each object is stored as a file named "
-        "after its title/name (e.g., `[TICKET_SUBJECT].json`, `[COMPANY_NAME].json`)."
-    ),
-    "notion": (
-        "**Notion**: Pages and databases are organized hierarchically. "
-        "Each page is stored as `PAGE_TITLE.json`."
-    ),
-    "org_info": (
-        "**Org Info**: Contains organizational data and identity information."
-    ),
-}
-
-
-def build_file_structure_section(files_path: Path) -> str:
-    """Build the file structure section by scanning the files directory."""
-    if not files_path.exists():
-        return "No knowledge sources available."
-
-    sources = []
-    try:
-        for item in sorted(files_path.iterdir()):
-            if not item.is_dir() or item.name.startswith("."):
-                continue
-
-            file_count = sum(1 for f in item.rglob("*") if f.is_file())
-            subdir_count = sum(1 for d in item.rglob("*") if d.is_dir())
-
-            details = []
-            if file_count > 0:
-                details.append(f"{file_count} file{'s' if file_count != 1 else ''}")
-            if subdir_count > 0:
-                details.append(
-                    f"{subdir_count} subdirector{'ies' if subdir_count != 1 else 'y'}"
-                )
-
-            source_info = f"- **{item.name}/**"
-            if details:
-                source_info += f" ({', '.join(details)})"
-            sources.append(source_info)
-    except Exception as e:
-        print(f"Warning: Error scanning files directory: {e}", file=sys.stderr)
-        return "Error scanning knowledge sources."
-
-    if not sources:
-        return "No knowledge sources available."
-
-    header = "The `files/` directory contains the following knowledge sources:\n\n"
-    return header + "\n".join(sources)
-
-
-def build_connector_descriptions(files_path: Path) -> str:
-    """Build connector-specific descriptions for available data sources."""
-    if not files_path.exists():
-        return ""
-
-    descriptions = []
-    try:
-        for item in sorted(files_path.iterdir()):
-            if not item.is_dir() or item.name.startswith("."):
-                continue
-
-            normalized = item.name.lower().replace(" ", "_").replace("-", "_")
-            if normalized in CONNECTOR_DESCRIPTIONS:
-                descriptions.append(f"- {CONNECTOR_DESCRIPTIONS[normalized]}")
-    except Exception as e:
-        print(
-            f"Warning: Error scanning for connector descriptions: {e}", file=sys.stderr
-        )
-        return ""
-
-    if not descriptions:
-        return ""
-
-    header = "Each connector type organizes its data differently:\n\n"
-    footer = "\n\nSpaces in names are replaced by `_`."
-    return header + "\n".join(descriptions) + footer
-
-
-def main() -> None:
-    # Read template from environment variable
-    template = os.environ.get("AGENT_INSTRUCTIONS", "")
-    if not template:
-        print("Warning: No AGENT_INSTRUCTIONS template provided", file=sys.stderr)
-        template = "# Agent Instructions\n\nNo instructions provided."
-
-    # Scan files directory
-    files_path = Path("/workspace/files")
-    file_structure = build_file_structure_section(files_path)
-    connector_descriptions = build_connector_descriptions(files_path)
-
-    # Replace placeholders
-    content = template
-    content = content.replace("{{FILE_STRUCTURE_SECTION}}", file_structure)
-    content = content.replace(
-        "{{CONNECTOR_DESCRIPTIONS_SECTION}}", connector_descriptions
-    )
-
-    # Write AGENTS.md
-    output_path = Path("/workspace/AGENTS.md")
-    output_path.write_text(content)
-
-    # Log result
-    source_count = 0
-    if files_path.exists():
-        source_count = len(
-            [
-                d
-                for d in files_path.iterdir()
-                if d.is_dir() and not d.name.startswith(".")
-            ]
-        )
-    print(f"Generated AGENTS.md with {source_count} knowledge sources")
-
-
-if __name__ == "__main__":
-    main()

backend/onyx/server/features/build/sandbox/kubernetes/docker/initial-requirements.txt

@@ -1,17 +0,0 @@
-google-genai>=1.0.0
-matplotlib==3.9.1
-matplotlib-inline>=0.1.7
-matplotlib-venn>=1.1.2
-numpy==1.26.4
-opencv-python>=4.11.0.86
-openpyxl>=3.1.5
-pandas==2.2.2
-pdfplumber>=0.11.7
-Pillow>=10.0.0
-pydantic>=2.11.9
-python-pptx>=1.0.2
-scikit-image>=0.25.2
-scikit-learn>=1.7.2
-scipy>=1.16.2
-seaborn>=0.13.2
-xgboost>=3.0.5

backend/onyx/server/features/build/sandbox/kubernetes/docker/run-test.sh

@@ -1,80 +0,0 @@
-#!/bin/bash
-# Run Kubernetes sandbox integration tests
-#
-# This script:
-# 1. Builds the onyx-backend Docker image
-# 2. Loads it into the kind cluster
-# 3. Deletes/recreates the test pod
-# 4. Waits for the pod to be ready
-# 5. Runs the pytest command inside the pod
-#
-# Usage:
-#   ./run-test.sh [test_name]
-#
-# Examples:
-#   ./run-test.sh                                    # Run all tests
-#   ./run-test.sh test_kubernetes_sandbox_provision  # Run specific test
-
-set -e
-
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
-PROJECT_ROOT="$(cd "$SCRIPT_DIR/../../../../../../../.." && pwd)"
-NAMESPACE="onyx-sandboxes"
-POD_NAME="sandbox-test"
-IMAGE_NAME="onyxdotapp/onyx-backend:latest"
-TEST_FILE="onyx/server/features/build/sandbox/kubernetes/test_kubernetes_sandbox.py"
-ENV_FILE="$PROJECT_ROOT/.vscode/.env"
-
-ORIGINAL_TEST_FILE="$PROJECT_ROOT/backend/tests/external_dependency_unit/craft/test_kubernetes_sandbox.py"
-cp "$ORIGINAL_TEST_FILE" "$PROJECT_ROOT/backend/$TEST_FILE"
-
-# Optional: specific test to run
-TEST_NAME="${1:-}"
-
-# Build env var arguments from .vscode/.env file for passing to the container
-ENV_VARS=()
-if [ -f "$ENV_FILE" ]; then
-    echo "=== Loading environment variables from .vscode/.env ==="
-    while IFS= read -r line || [ -n "$line" ]; do
-        # Skip empty lines and comments
-        [[ -z "$line" || "$line" =~ ^[[:space:]]*# ]] && continue
-        # Skip lines without =
-        [[ "$line" != *"="* ]] && continue
-        # Add to env vars array
-        ENV_VARS+=("$line")
-    done < "$ENV_FILE"
-    echo "Loaded ${#ENV_VARS[@]} environment variables"
-else
-    echo "Warning: .vscode/.env not found, running without additional env vars"
-fi
-
-echo "=== Building onyx-backend Docker image ==="
-cd "$PROJECT_ROOT/backend"
-docker build -t "$IMAGE_NAME" -f Dockerfile .
-
-rm "$PROJECT_ROOT/backend/$TEST_FILE"
-
-echo "=== Loading image into kind cluster ==="
-kind load docker-image "$IMAGE_NAME" --name onyx 2>/dev/null || \
-    kind load docker-image "$IMAGE_NAME" 2>/dev/null || \
-    echo "Warning: Could not load into kind. If using minikube, run: minikube image load $IMAGE_NAME"
-
-echo "=== Deleting existing test pod (if any) ==="
-kubectl delete pod "$POD_NAME" -n "$NAMESPACE" --ignore-not-found=true
-
-echo "=== Creating test pod ==="
-kubectl apply -f "$SCRIPT_DIR/test-job.yaml"
-
-echo "=== Waiting for pod to be ready ==="
-kubectl wait --for=condition=Ready pod/"$POD_NAME" -n "$NAMESPACE" --timeout=120s
-
-echo "=== Running tests ==="
-if [ -n "$TEST_NAME" ]; then
-    kubectl exec -it "$POD_NAME" -n "$NAMESPACE" -- \
-        env "${ENV_VARS[@]}" pytest "$TEST_FILE::$TEST_NAME" -v -s
-else
-    kubectl exec -it "$POD_NAME" -n "$NAMESPACE" -- \
-        env "${ENV_VARS[@]}" pytest "$TEST_FILE" -v -s
-fi
-
-echo "=== Tests complete ==="

backend/onyx/server/features/build/sandbox/kubernetes/docker/templates/outputs/web/.gitignore

@@ -1,41 +0,0 @@
-# See https://help.github.com/articles/ignoring-files/ for more about ignoring files.
-
-# dependencies
-/node_modules
-/.pnp
-.pnp.*
-.yarn/*
-!.yarn/patches
-!.yarn/plugins
-!.yarn/releases
-!.yarn/versions
-
-# testing
-/coverage
-
-# next.js
-/.next/
-/out/
-
-# production
-/build
-
-# misc
-.DS_Store
-*.pem
-
-# debug
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
-.pnpm-debug.log*
-
-# env files (can opt-in for committing if needed)
-.env*
-
-# vercel
-.vercel
-
-# typescript
-*.tsbuildinfo
-next-env.d.ts

backend/onyx/server/features/build/sandbox/kubernetes/docker/templates/outputs/web/AGENTS.md

@@ -1,803 +0,0 @@
-# AGENTS.md
-
-This file provides guidance to AI agents when working on the web application within this directory.
-
-## Important Notes
-
-- **The development server is already running** at a dynamically allocated port. Do NOT run `npm run dev` yourself.
-- **We do NOT use a `src` directory** - all code lives directly in the root folders (`app/`, `components/`, `lib/`, etc.)
-- If the app needs pre-computation (data processing, API calls, etc.), create a bash or python script called `prepare.sh`/`prepare.py` at the root of this directory
-- **CRITICAL: Create small, modular components** - Do NOT write everything in `page.tsx`. Break your UI into small, reusable components in the `components/` directory. Each component should have a single responsibility and be in its own file.
-
-## Data Preparation Scripts
-
-**CRITICAL: Always re-run data scripts after modifying them.**
-
-If a `prepare.sh` or `prepare.py` script exists at the root of this directory, it is responsible for generating/loading data that the frontend consumes. 
-
-### When to Run the Script
-
-You MUST run the data preparation script:
-1. **After creating** the script for the first time
-2. **After modifying** the script logic (new data sources, changed processing, etc.)
-3. **After updating** any data files the script reads from
-4. **Before testing** the frontend if you're unsure if data is fresh
-
-### How to Run
-
-```bash
-# For bash scripts
-bash prepare.sh
-
-# For python scripts
-python prepare.py
-```
-
-### Common Mistake
-
-❌ **Updating the script but forgetting to run it** - This leaves stale data in place and the frontend won't reflect your changes. Always run the script immediately after modifying it.
-
-## Commands
-
-```bash
-npm run dev      # Start development server (DO NOT RUN - already running)
-npm run lint     # Run ESLint
-```
-
-## Architecture
-
-This is a **Next.js 16.1.1** application using the **App Router** with **React 19** and **TypeScript**. It serves as a component showcase/template built on shadcn/ui.
-
-### File Organization Philosophy
-
-**Prioritize small, incremental file writes.** Break your application into many small components rather than monolithic page files.
-
-#### Component Organization
-
-```
-components/
-├── dashboard/           # Feature-specific components
-│   ├── stats-card.tsx
-│   ├── activity-feed.tsx
-│   └── recent-items.tsx
-├── charts/             # Chart components
-│   ├── line-chart.tsx
-│   ├── bar-chart.tsx
-│   └── pie-chart.tsx
-├── data/               # Data display components
-│   ├── data-table.tsx
-│   ├── filter-bar.tsx
-│   └── sort-controls.tsx
-└── layout/             # Layout components
-    ├── header.tsx
-    ├── sidebar.tsx
-    └── footer.tsx
-```
-
-#### Page Structure
-
-Pages (`app/page.tsx`) should be **thin orchestration layers** that compose components:
-
-```typescript
-// ✅ GOOD - page.tsx is just composition
-import { StatsCard } from "@/components/dashboard/stats-card";
-import { ActivityFeed } from "@/components/dashboard/activity-feed";
-import { RecentItems } from "@/components/dashboard/recent-items";
-
-export default function DashboardPage() {
-  return (
-    <div className="container py-6 space-y-6">
-      <h1 className="text-3xl font-bold">Dashboard</h1>
-      <div className="grid grid-cols-1 md:grid-cols-3 gap-4">
-        <StatsCard title="Total Users" value={1234} />
-        <StatsCard title="Active Sessions" value={56} />
-        <StatsCard title="Revenue" value="$12,345" />
-      </div>
-      <div className="grid grid-cols-1 lg:grid-cols-2 gap-6">
-        <ActivityFeed />
-        <RecentItems />
-      </div>
-    </div>
-  );
-}
-
-// ❌ BAD - Everything in page.tsx (500+ lines of mixed logic)
-export default function DashboardPage() {
-  // ... 500 lines of component logic, state, handlers, JSX ...
-}
-```
-
-#### Component Granularity
-
-Create a new component file when:
-- A UI section has distinct functionality (e.g., `user-profile-card.tsx`)
-- Logic exceeds ~50-100 lines
-- A pattern is reused 2+ times
-- Testing/maintenance would benefit from isolation
-
-**Example: Dashboard Feature**
-
-Instead of writing everything in `app/page.tsx`:
-
-```typescript
-// components/dashboard/stats-card.tsx
-export function StatsCard({ title, value, trend }: StatsCardProps) {
-  return (
-    <Card>
-      <CardHeader>
-        <CardTitle className="text-sm font-medium">{title}</CardTitle>
-      </CardHeader>
-      <CardContent>
-        <div className="text-2xl font-bold">{value}</div>
-        {trend && <p className="text-xs text-muted-foreground">{trend}</p>}
-      </CardContent>
-    </Card>
-  );
-}
-
-// components/dashboard/activity-feed.tsx
-export function ActivityFeed() {
-  // Activity feed logic here
-}
-
-// components/dashboard/recent-items.tsx
-export function RecentItems() {
-  // Recent items logic here
-}
-```
-
-#### Benefits of Small Components
-
-1. **Incremental Development**: Write one component at a time, test, iterate
-2. **Better Diffs**: Smaller files = clearer git diffs and easier reviews
-3. **Reusability**: Components can be imported across pages
-4. **Maintainability**: Easier to locate and fix issues
-5. **Hot Reload Efficiency**: Changes to small files reload faster
-6. **Parallel Development**: Multiple features can be worked on independently
-
-### Tech Stack
-
-- **Framework**: Next.js 16.1.1 with App Router
-- **React**: React 19
-- **Language**: TypeScript
-- **Styling**: Tailwind CSS v4 with CSS variables in OKLCH color space
-- **Charts**: recharts for data visualization
-- **UI Components**: shadcn/ui (53 components) built on Radix UI primitives
-- **Variants**: class-variance-authority (CVA) for component variants
-- **Class Merging**: `cn()` utility in `lib/utils.ts` (clsx + tailwind-merge)
-- **Theme**: Dark mode enforced (via `dark` class on `<html>`)
-
-### Key Directories
-
-- `app/` - Next.js App Router pages and layouts
-- `components/ui/` - shadcn/ui component library (Button, Card, Dialog, etc.)
-- `components/` - App-specific components
-- `hooks/` - Custom React hooks (e.g., `use-mobile.ts`)
-- `lib/` - Utilities (`cn()` function)
-
-### Component Patterns
-
-- **Compound Components**: Components like `DropdownMenu`, `Dialog`, `Select` export multiple sub-components (Trigger, Content, Item)
-- **Variants via CVA**: Use `variants` prop for size/style variations (e.g., `buttonVariants`)
-- **Radix UI Primitives**: UI components wrap Radix for accessibility
-
-### Path Aliases
-
-All imports use `@/` alias (e.g., `@/components/ui/button`, `@/lib/utils`)
-
-### shadcn/ui Configuration
-
-Located in `components.json`:
-
-- Style: `radix-nova`
-- RSC enabled
-- Icons: lucide-react
-
-### Theme Variables
-
-Global CSS variables defined in `app/globals.css` control colors, radius, and spacing. **Dark mode is enforced site-wide** via the `dark` class on the `<html>` element in `app/layout.tsx`. All styling should assume dark mode is active.
-
-### Dark Mode Priority
-
-- **Dark mode is the default and only theme** - do not design for light mode
-- The `dark` class is permanently set on `<html>` in `layout.tsx`
-- Use dark-appropriate colors: `bg-background`, `text-foreground`, etc.
-- Ensure sufficient contrast for dark backgrounds
-- Test all components in dark mode only
-
-## Styling Guidelines
-
-### CRITICAL: Use Only shadcn/ui Components
-
-**MINIMIZE freestyling and creating custom components.** This application uses a complete, professionally designed component library (shadcn/ui). You MUST use the existing components from `components/ui/` for most UI needs.
-
-#### Available shadcn/ui Components
-
-All components are in `components/ui/`. Import using `@/components/ui/component-name`.
-
-**Layout & Structure:**
-
-- `Card` (`card.tsx`) - Content containers with CardHeader, CardTitle, CardDescription, CardContent, CardFooter
-- `Separator` (`separator.tsx`) - Horizontal/vertical dividers
-- `Tabs` (`tabs.tsx`) - Tabbed interfaces with Tabs, TabsList, TabsTrigger, TabsContent
-- `ScrollArea` (`scroll-area.tsx`) - Styled scrollable regions
-- `Resizable` (`resizable.tsx`) - Resizable panel layouts
-- `Drawer` (`drawer.tsx`) - Bottom/side drawer overlays
-- `Sidebar` (`sidebar.tsx`) - Application sidebar layout
-- `AspectRatio` (`aspect-ratio.tsx`) - Maintain aspect ratios
-
-**Forms & Inputs:**
-
-- `Button` (`button.tsx`) - Primary, secondary, destructive, outline, ghost, link variants
-- `ButtonGroup` (`button-group.tsx`) - Group of related buttons
-- `Input` (`input.tsx`) - Text inputs with various states
-- `InputGroup` (`input-group.tsx`) - Input with addons/icons
-- `Textarea` (`textarea.tsx`) - Multi-line text input
-- `Checkbox` (`checkbox.tsx`) - Checkboxes with indeterminate state
-- `RadioGroup` (`radio-group.tsx`) - Radio button groups
-- `Switch` (`switch.tsx`) - Toggle switches
-- `Select` (`select.tsx`) - Dropdown select menus
-- `NativeSelect` (`native-select.tsx`) - Native HTML select
-- `Combobox` (`combobox.tsx`) - Autocomplete select with search
-- `Command` (`command.tsx`) - Command palette/search interface
-- `Field` (`field.tsx`) - Form field wrapper with label and error
-- `Label` (`label.tsx`) - Form labels with proper accessibility
-- `Slider` (`slider.tsx`) - Range sliders
-- `Calendar` (`calendar.tsx`) - Date picker calendar
-- `Toggle` (`toggle.tsx`) - Toggle button
-- `ToggleGroup` (`toggle-group.tsx`) - Group of toggle buttons
-
-**Navigation:**
-
-- `NavigationMenu` (`navigation-menu.tsx`) - Complex navigation menus
-- `Menubar` (`menubar.tsx`) - Application menu bar
-- `Breadcrumb` (`breadcrumb.tsx`) - Breadcrumb navigation
-- `Pagination` (`pagination.tsx`) - Page navigation controls
-
-**Feedback & Overlays:**
-
-- `Dialog` (`dialog.tsx`) - Modal dialogs
-- `AlertDialog` (`alert-dialog.tsx`) - Confirmation dialogs
-- `Sheet` (`sheet.tsx`) - Side sheets/panels
-- `Popover` (`popover.tsx`) - Floating popovers
-- `HoverCard` (`hover-card.tsx`) - Hover-triggered cards
-- `Tooltip` (`tooltip.tsx`) - Tooltips on hover
-- `Sonner` (`sonner.tsx`) - Toast notifications
-- `Alert` (`alert.tsx`) - Static alert messages
-- `Progress` (`progress.tsx`) - Progress bars
-- `Skeleton` (`skeleton.tsx`) - Loading skeletons
-- `Spinner` (`spinner.tsx`) - Loading spinners
-- `Empty` (`empty.tsx`) - Empty state placeholder
-
-**Menus & Dropdowns:**
-
-- `DropdownMenu` (`dropdown-menu.tsx`) - Dropdown menus with submenus
-- `ContextMenu` (`context-menu.tsx`) - Right-click context menus
-
-**Data Display:**
-
-- `Table` (`table.tsx`) - Data tables with Table, TableHeader, TableBody, TableRow, TableCell, etc.
-- `Badge` (`badge.tsx`) - Status badges and tags
-- `Avatar` (`avatar.tsx`) - User avatars with fallbacks
-- `Accordion` (`accordion.tsx`) - Collapsible content sections
-- `Collapsible` (`collapsible.tsx`) - Simple collapse/expand
-- `Carousel` (`carousel.tsx`) - Image/content carousels
-- `Item` (`item.tsx`) - List item component
-- `Kbd` (`kbd.tsx`) - Keyboard shortcut display
-
-**Data Visualization:**
-
-- `Chart` (`chart.tsx`) - Chart wrapper with ChartContainer, ChartTooltip, ChartTooltipContent, ChartLegend, ChartLegendContent
-
-### Component Usage Principles
-
-#### 1. **Never Create Custom Components**
-
-```typescript
-// ❌ WRONG - Do not create freestyle components
-function CustomCard({ title, children }) {
-  return (
-    <div className="rounded-lg border p-4">
-      <h3 className="font-bold">{title}</h3>
-      {children}
-    </div>
-  );
-}
-
-// ✅ CORRECT - Use shadcn Card
-import { Card, CardHeader, CardTitle, CardContent } from "@/components/ui/card";
-
-function MyComponent() {
-  return (
-    <Card>
-      <CardHeader>
-        <CardTitle>Title</CardTitle>
-      </CardHeader>
-      <CardContent>Content here</CardContent>
-    </Card>
-  );
-}
-```
-
-#### 2. **Use Component Variants, Don't Style Directly**
-
-```typescript
-// ❌ WRONG - Applying custom Tailwind classes
-<button className="bg-blue-500 hover:bg-blue-700 text-white font-bold py-2 px-4 rounded">
-  Click me
-</button>
-
-// ✅ CORRECT - Use Button variants
-import { Button } from "@/components/ui/button";
-
-<Button variant="default">Click me</Button>
-<Button variant="destructive">Delete</Button>
-<Button variant="outline">Cancel</Button>
-<Button variant="ghost">Subtle Action</Button>
-<Button size="sm">Small</Button>
-<Button size="lg">Large</Button>
-```
-
-#### 3. **Compose Compound Components**
-
-Many shadcn components export multiple sub-components. Use them as designed:
-
-```typescript
-// ✅ Dropdown Menu Composition
-import {
-  DropdownMenu,
-  DropdownMenuTrigger,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuSeparator,
-  DropdownMenuLabel,
-} from "@/components/ui/dropdown-menu";
-
-<DropdownMenu>
-  <DropdownMenuTrigger asChild>
-    <Button variant="outline">Options</Button>
-  </DropdownMenuTrigger>
-  <DropdownMenuContent>
-    <DropdownMenuLabel>Actions</DropdownMenuLabel>
-    <DropdownMenuSeparator />
-    <DropdownMenuItem>Edit</DropdownMenuItem>
-    <DropdownMenuItem>Delete</DropdownMenuItem>
-  </DropdownMenuContent>
-</DropdownMenu>
-```
-
-#### 4. **Use Layout Components for Structure**
-
-```typescript
-// ✅ Use Card for content sections
-import { Card, CardHeader, CardTitle, CardDescription, CardContent, CardFooter } from "@/components/ui/card";
-
-<Card>
-  <CardHeader>
-    <CardTitle>Dashboard</CardTitle>
-    <CardDescription>Overview of your data</CardDescription>
-  </CardHeader>
-  <CardContent>
-    {/* Your content */}
-  </CardContent>
-  <CardFooter>
-    <Button>Action</Button>
-  </CardFooter>
-</Card>
-```
-
-### Styling Rules
-
-#### 1. **Spacing & Layout**
-
-Use Tailwind's utility classes for spacing, but stick to the design system:
-
-- Gap: `gap-2`, `gap-4`, `gap-6`, `gap-8`
-- Padding: `p-2`, `p-4`, `p-6`, `p-8`
-- Margins: Prefer `gap` and `space-y-*` over margins
-
-#### 2. **Colors**
-
-All colors come from CSS variables in `app/globals.css`. Use semantic color classes:
-
-- `bg-background`, `bg-foreground`
-- `bg-card`, `text-card-foreground`
-- `bg-primary`, `text-primary-foreground`
-- `bg-secondary`, `text-secondary-foreground`
-- `bg-muted`, `text-muted-foreground`
-- `bg-accent`, `text-accent-foreground`
-- `bg-destructive`, `text-destructive-foreground`
-- `border-border`, `border-input`
-- `ring-ring`
-
-**DO NOT use arbitrary color values** like `bg-blue-500` or `text-red-600`.
-
-#### **CRITICAL: Color Contrast Pairing Rules**
-
-**Always pair background colors with their matching foreground colors.** The color system uses paired variables where each background has a corresponding text color designed for proper contrast.
-
-| Background Class | Text Class to Use | Description |
-|-----------------|-------------------|-------------|
-| `bg-background` | `text-foreground` | Main page background |
-| `bg-card` | `text-card-foreground` | Card containers |
-| `bg-primary` | `text-primary-foreground` | Primary buttons/accents |
-| `bg-secondary` | `text-secondary-foreground` | Secondary elements |
-| `bg-muted` | `text-muted-foreground` | Muted/subtle areas |
-| `bg-accent` | `text-accent-foreground` | Accent highlights |
-| `bg-destructive` | `text-destructive-foreground` | Error/delete actions |
-
-**Examples:**
-
-```typescript
-// ✅ CORRECT - Matching background and foreground pairs
-<div className="bg-card text-card-foreground">Content</div>
-<Button className="bg-primary text-primary-foreground">Click</Button>
-<div className="bg-muted text-muted-foreground">Subtle text</div>
-
-// ❌ WRONG - Mismatched colors causing contrast issues
-<div className="bg-background text-background">Invisible text!</div>
-<div className="bg-card text-foreground">May have poor contrast</div>
-<Button className="bg-primary text-primary">White on white!</Button>
-```
-
-**Key Rules:**
-
-1. **Never use the same color for background and text** (e.g., `bg-foreground text-foreground`)
-2. **Always use the `-foreground` variant for text** when using a colored background
-3. **For text on `bg-background`**, use `text-foreground` (primary) or `text-muted-foreground` (secondary)
-4. **Test visually** - if text is hard to read, you have a contrast problem
-
-#### 3. **Typography**
-
-Use Tailwind text utilities (no separate Typography component):
-
-- Headings: `text-xl font-semibold`, `text-2xl font-bold`, etc.
-- Body: `text-sm`, `text-base`
-- Secondary text: `text-muted-foreground`
-- Use semantic HTML: `<h1>`, `<h2>`, `<p>`, etc.
-- **Always wrap text** - Use `max-w-prose` or `max-w-xl` for readable line lengths
-- **Prevent overflow** - Use `break-words` or `truncate` for long text that might overflow containers
-
-#### 4. **Responsive Design**
-
-Use Tailwind's responsive prefixes:
-
-```typescript
-<div className="grid grid-cols-1 md:grid-cols-2 lg:grid-cols-3 gap-4">
-  {/* Responsive grid */}
-</div>
-```
-
-#### 5. **Icons**
-
-Use Lucide React icons (already configured):
-
-```typescript
-import { Check, X, ChevronDown, User } from "lucide-react";
-
-<Button>
-  <Check className="mr-2 h-4 w-4" />
-  Confirm
-</Button>
-```
-
-### Data Visualization
-
-For charts and data visualization, use the **shadcn/ui Chart components** (`@/components/ui/chart`) which wrap recharts with consistent theming. Charts should be **elegant, informative, and digestible at a glance**.
-
-#### Chart Design Principles
-
-1. **Clarity over complexity** - A chart should communicate ONE key insight immediately
-2. **Minimal visual noise** - Remove anything that doesn't add information
-3. **Consistent styling** - Use `ChartConfig` for colors, not arbitrary values
-4. **Responsive** - Always use `ChartContainer` (includes ResponsiveContainer)
-5. **Accessible** - Use `ChartTooltip` with `ChartTooltipContent` for proper styling
-
-#### Chart Type Selection
-
-| Data Type | Recommended Chart | Use Case |
-|-----------|-------------------|----------|
-| Trend over time | `LineChart` or `AreaChart` | Stock prices, user growth, metrics over days/months |
-| Comparing categories | `BarChart` | Revenue by product, users by region |
-| Part of whole | `PieChart` or `RadialBarChart` | Market share, budget allocation |
-| Distribution | `BarChart` (horizontal) | Survey responses, rating distribution |
-| Correlation | `ScatterChart` | Price vs. quality, age vs. income |
-
-#### shadcn/ui Chart Components
-
-Always import from the shadcn chart component:
-
-```typescript
-import {
-  ChartContainer,
-  ChartTooltip,
-  ChartTooltipContent,
-  ChartLegend,
-  ChartLegendContent,
-  type ChartConfig,
-} from "@/components/ui/chart";
-import { LineChart, Line, XAxis, YAxis, CartesianGrid } from "recharts";
-```
-
-#### ChartConfig - Define Colors and Labels
-
-The `ChartConfig` object defines colors and labels for your data series. This ensures consistent theming:
-
-```typescript
-const chartConfig = {
-  revenue: {
-    label: "Revenue",
-    color: "var(--chart-1)",
-  },
-  expenses: {
-    label: "Expenses", 
-    color: "var(--chart-2)",
-  },
-} satisfies ChartConfig;
-```
-
-#### Basic Line Chart Template
-
-```typescript
-import {
-  ChartContainer,
-  ChartTooltip,
-  ChartTooltipContent,
-  type ChartConfig,
-} from "@/components/ui/chart";
-import { LineChart, Line, XAxis, YAxis, CartesianGrid } from "recharts";
-
-const chartConfig = {
-  value: {
-    label: "Value",
-    color: "var(--chart-1)",
-  },
-} satisfies ChartConfig;
-
-<ChartContainer config={chartConfig} className="h-[300px] w-full">
-  <LineChart data={data} accessibilityLayer>
-    <CartesianGrid vertical={false} />
-    <XAxis
-      dataKey="month"
-      tickLine={false}
-      axisLine={false}
-      tickMargin={8}
-    />
-    <YAxis tickLine={false} axisLine={false} tickMargin={8} />
-    <ChartTooltip content={<ChartTooltipContent />} />
-    <Line
-      type="monotone"
-      dataKey="value"
-      stroke="var(--color-value)"
-      strokeWidth={2}
-      dot={false}
-    />
-  </LineChart>
-</ChartContainer>
-```
-
-#### Bar Chart with Multiple Series
-
-```typescript
-const chartConfig = {
-  revenue: {
-    label: "Revenue",
-    color: "var(--chart-1)",
-  },
-  expenses: {
-    label: "Expenses",
-    color: "var(--chart-2)",
-  },
-} satisfies ChartConfig;
-
-<ChartContainer config={chartConfig} className="h-[300px] w-full">
-  <BarChart data={data} accessibilityLayer>
-    <CartesianGrid vertical={false} />
-    <XAxis dataKey="month" tickLine={false} axisLine={false} tickMargin={8} />
-    <YAxis tickLine={false} axisLine={false} tickMargin={8} />
-    <ChartTooltip content={<ChartTooltipContent />} />
-    <ChartLegend content={<ChartLegendContent />} />
-    <Bar dataKey="revenue" fill="var(--color-revenue)" radius={4} />
-    <Bar dataKey="expenses" fill="var(--color-expenses)" radius={4} />
-  </BarChart>
-</ChartContainer>
-```
-
-#### Pie/Donut Chart
-
-```typescript
-const chartConfig = {
-  desktop: { label: "Desktop", color: "var(--chart-1)" },
-  mobile: { label: "Mobile", color: "var(--chart-2)" },
-  tablet: { label: "Tablet", color: "var(--chart-3)" },
-} satisfies ChartConfig;
-
-<ChartContainer config={chartConfig} className="h-[300px] w-full">
-  <PieChart>
-    <ChartTooltip content={<ChartTooltipContent hideLabel />} />
-    <Pie
-      data={data}
-      dataKey="value"
-      nameKey="name"
-      innerRadius={60}  // Remove for solid pie, keep for donut
-      strokeWidth={5}
-    />
-    <ChartLegend content={<ChartLegendContent nameKey="name" />} />
-  </PieChart>
-</ChartContainer>
-```
-
-#### Chart Styling Rules
-
-**Colors (use CSS variables from globals.css):**
-- `var(--chart-1)` through `var(--chart-5)` - Primary chart colors
-- `var(--primary)` - For single-series emphasis
-- `var(--muted)` - For de-emphasized data
-
-**Color References in Charts:**
-- In `ChartConfig`: Use `color: "var(--chart-1)"`
-- In chart elements: Use `fill="var(--color-keyname)"` or `stroke="var(--color-keyname)"`
-- The `keyname` matches the key in your `ChartConfig`
-
-**Visual Cleanup:**
-- Set `tickLine={false}` and `axisLine={false}` on axes for cleaner look
-- Use `vertical={false}` on `CartesianGrid` for horizontal-only grid lines
-- Use `dot={false}` on line charts unless individual points matter
-- Add `radius={4}` to bars for rounded corners
-- Limit to 3-5 data series maximum per chart
-
-**Avoid:**
-- ❌ 3D effects
-- ❌ More than 5-6 colors in one chart
-- ❌ Legends with more than 5 items (simplify the data instead)
-- ❌ Dual Y-axes (confusing - use two separate charts)
-- ❌ Pie charts with more than 5-6 slices
-- ❌ Custom tooltip styling - use `ChartTooltipContent`
-
-#### Fallback to Raw Recharts
-
-If shadcn/ui Chart components don't support a specific chart type (e.g., ScatterChart, ComposedChart, RadarChart), you can use recharts directly:
-
-```typescript
-import { ScatterChart, Scatter, XAxis, YAxis, CartesianGrid, Tooltip, ResponsiveContainer } from "recharts";
-
-<ResponsiveContainer width="100%" height={300}>
-  <ScatterChart>
-    <CartesianGrid strokeDasharray="3 3" stroke="var(--border)" />
-    <XAxis dataKey="x" stroke="var(--muted-foreground)" fontSize={12} tickLine={false} axisLine={false} />
-    <YAxis dataKey="y" stroke="var(--muted-foreground)" fontSize={12} tickLine={false} axisLine={false} />
-    <Tooltip 
-      contentStyle={{ 
-        backgroundColor: "var(--card)", 
-        border: "1px solid var(--border)", 
-        borderRadius: "6px" 
-      }} 
-    />
-    <Scatter data={data} fill="var(--chart-1)" />
-  </ScatterChart>
-</ResponsiveContainer>
-```
-
-**When using raw recharts:**
-- Still use CSS variables for colors (`var(--chart-1)`, etc.)
-- Match styling to shadcn conventions (tickLine={false}, axisLine={false})
-- Style tooltips to match the design system
-
-#### Data Accuracy Checklist
-
-Before displaying a chart, verify:
-- [ ] `ChartConfig` keys match your data's `dataKey` values
-- [ ] Data values are correctly mapped to the right axes
-- [ ] Axis labels match the data units (%, $, count, etc.)
-- [ ] Time series data is sorted chronologically
-- [ ] No missing data points that would break the visualization
-- [ ] `ChartTooltip` with `ChartTooltipContent` is included
-- [ ] Chart title/context makes the insight clear
-
-### Common Patterns
-
-#### Loading States
-
-```typescript
-import { Skeleton } from "@/components/ui/skeleton";
-
-{isLoading ? (
-  <Skeleton className="h-12 w-full" />
-) : (
-  <Content />
-)}
-```
-
-#### Empty States
-
-```typescript
-import { Empty, EmptyHeader, EmptyTitle, EmptyDescription, EmptyMedia } from "@/components/ui/empty";
-import { Inbox } from "lucide-react";
-
-<Empty>
-  <EmptyHeader>
-    <EmptyMedia variant="icon">
-      <Inbox />
-    </EmptyMedia>
-    <EmptyTitle>No data available</EmptyTitle>
-    <EmptyDescription>
-      There's nothing to display yet. Add some items to get started.
-    </EmptyDescription>
-  </EmptyHeader>
-</Empty>
-```
-
-#### Interactive Lists
-
-```typescript
-import { ScrollArea } from "@/components/ui/scroll-area";
-import { ItemGroup, Item, ItemContent, ItemTitle, ItemDescription, ItemMedia } from "@/components/ui/item";
-import { FileText } from "lucide-react";
-
-<ScrollArea className="h-[400px]">
-  <ItemGroup>
-    {items.map((item) => (
-      <Item key={item.id} variant="outline">
-        <ItemMedia variant="icon">
-          <FileText />
-        </ItemMedia>
-        <ItemContent>
-          <ItemTitle>{item.name}</ItemTitle>
-          <ItemDescription>{item.description}</ItemDescription>
-        </ItemContent>
-      </Item>
-    ))}
-  </ItemGroup>
-</ScrollArea>
-```
-
-#### Form Fields
-
-```typescript
-import { Field, FieldLabel, FieldDescription, FieldError, FieldGroup } from "@/components/ui/field";
-import { Input } from "@/components/ui/input";
-import { Button } from "@/components/ui/button";
-
-<FieldGroup>
-  <Field>
-    <FieldLabel>Email</FieldLabel>
-    <Input type="email" placeholder="you@example.com" />
-    <FieldDescription>We'll never share your email.</FieldDescription>
-  </Field>
-  <Field>
-    <FieldLabel>Password</FieldLabel>
-    <Input type="password" />
-    <FieldError>Password must be at least 8 characters.</FieldError>
-  </Field>
-  <Button type="submit">Sign up</Button>
-</FieldGroup>
-```
-
-### What NOT To Do
-
-❌ **Don't create custom styled divs when a component exists**
-❌ **Don't use arbitrary Tailwind colors** (use CSS variables)
-❌ **Don't import UI libraries** like Material-UI, Ant Design, etc.
-❌ **Don't use inline styles** except for dynamic values
-❌ **Don't create custom form inputs** (use Field, Input, Select, etc. from components/ui)
-❌ **Don't add new dependencies** without checking if shadcn covers it
-❌ **Don't write everything in page.tsx** - break into separate component files
-❌ **Don't design for light mode** - this site is dark mode only
-❌ **Don't use `dark:` variants** - dark mode is always active, use base classes
-
-### Development Workflow
-
-1. **Plan the component structure** - Identify logical UI sections before writing code
-2. **Create components incrementally** - Write one small component file at a time
-3. **Test each component** - Verify it works before moving to the next
-4. **Compose in page.tsx** - Import and arrange your components in the page
-5. **Iterate** - Refine individual components without touching others
-
-### Summary
-
-This application has a **complete, production-ready component library**. Your job is to:
-1. **Compose** shadcn/ui components (from `components/ui/`)
-2. **Create small, focused component files** (in `components/`)
-3. **Keep pages thin** - pages should orchestrate components, not contain implementation
-
-Think of yourself as assembling LEGO blocks—all the UI pieces you need already exist in `components/ui/`, and you create small, organized structures by composing them into feature-specific components.

backend/onyx/server/features/build/sandbox/kubernetes/docker/templates/outputs/web/app/globals.css

@@ -1,127 +0,0 @@
-@import "tailwindcss";
-@import "tw-animate-css";
-@import "shadcn/tailwind.css";
-
-@custom-variant dark (&:is(.dark *));
-
-@theme inline {
-  --color-background: var(--background);
-  --color-foreground: var(--foreground);
-  --font-sans: var(--font-sans);
-  --font-mono: var(--font-geist-mono);
-  --color-sidebar-ring: var(--sidebar-ring);
-  --color-sidebar-border: var(--sidebar-border);
-  --color-sidebar-accent-foreground: var(--sidebar-accent-foreground);
-  --color-sidebar-accent: var(--sidebar-accent);
-  --color-sidebar-primary-foreground: var(--sidebar-primary-foreground);
-  --color-sidebar-primary: var(--sidebar-primary);
-  --color-sidebar-foreground: var(--sidebar-foreground);
-  --color-sidebar: var(--sidebar);
-  --color-chart-5: var(--chart-5);
-  --color-chart-4: var(--chart-4);
-  --color-chart-3: var(--chart-3);
-  --color-chart-2: var(--chart-2);
-  --color-chart-1: var(--chart-1);
-  --color-ring: var(--ring);
-  --color-input: var(--input);
-  --color-border: var(--border);
-  --color-destructive: var(--destructive);
-  --color-accent-foreground: var(--accent-foreground);
-  --color-accent: var(--accent);
-  --color-muted-foreground: var(--muted-foreground);
-  --color-muted: var(--muted);
-  --color-secondary-foreground: var(--secondary-foreground);
-  --color-secondary: var(--secondary);
-  --color-primary-foreground: var(--primary-foreground);
-  --color-primary: var(--primary);
-  --color-popover-foreground: var(--popover-foreground);
-  --color-popover: var(--popover);
-  --color-card-foreground: var(--card-foreground);
-  --color-card: var(--card);
-  --radius-sm: calc(var(--radius) - 4px);
-  --radius-md: calc(var(--radius) - 2px);
-  --radius-lg: var(--radius);
-  --radius-xl: calc(var(--radius) + 4px);
-  --radius-2xl: calc(var(--radius) + 8px);
-  --radius-3xl: calc(var(--radius) + 12px);
-  --radius-4xl: calc(var(--radius) + 16px);
-}
-
-:root {
-  --background: oklch(1 0 0);
-  --foreground: oklch(0.145 0 0);
-  --card: oklch(1 0 0);
-  --card-foreground: oklch(0.145 0 0);
-  --popover: oklch(1 0 0);
-  --popover-foreground: oklch(0.145 0 0);
-  --primary: oklch(0.67 0.16 58);
-  --primary-foreground: oklch(0.99 0.02 95);
-  --secondary: oklch(0.967 0.001 286.375);
-  --secondary-foreground: oklch(0.21 0.006 285.885);
-  --muted: oklch(0.97 0 0);
-  --muted-foreground: oklch(0.556 0 0);
-  --accent: oklch(0.97 0 0);
-  --accent-foreground: oklch(0.205 0 0);
-  --destructive: oklch(0.58 0.22 27);
-  --border: oklch(0.922 0 0);
-  --input: oklch(0.922 0 0);
-  --ring: oklch(0.708 0 0);
-  --chart-1: oklch(0.88 0.15 92);
-  --chart-2: oklch(0.77 0.16 70);
-  --chart-3: oklch(0.67 0.16 58);
-  --chart-4: oklch(0.56 0.15 49);
-  --chart-5: oklch(0.47 0.12 46);
-  --radius: 0.625rem;
-  --sidebar: oklch(0.985 0 0);
-  --sidebar-foreground: oklch(0.145 0 0);
-  --sidebar-primary: oklch(0.67 0.16 58);
-  --sidebar-primary-foreground: oklch(0.99 0.02 95);
-  --sidebar-accent: oklch(0.97 0 0);
-  --sidebar-accent-foreground: oklch(0.205 0 0);
-  --sidebar-border: oklch(0.922 0 0);
-  --sidebar-ring: oklch(0.708 0 0);
-}
-
-.dark {
-  --background: oklch(0.145 0 0);
-  --foreground: oklch(0.985 0 0);
-  --card: oklch(0.205 0 0);
-  --card-foreground: oklch(0.985 0 0);
-  --popover: oklch(0.205 0 0);
-  --popover-foreground: oklch(0.985 0 0);
-  --primary: oklch(0.77 0.16 70);
-  --primary-foreground: oklch(0.28 0.07 46);
-  --secondary: oklch(0.274 0.006 286.033);
-  --secondary-foreground: oklch(0.985 0 0);
-  --muted: oklch(0.269 0 0);
-  --muted-foreground: oklch(0.708 0 0);
-  --accent: oklch(0.371 0 0);
-  --accent-foreground: oklch(0.985 0 0);
-  --destructive: oklch(0.704 0.191 22.216);
-  --border: oklch(1 0 0 / 10%);
-  --input: oklch(1 0 0 / 15%);
-  --ring: oklch(0.556 0 0);
-  /* Chart colors optimized for dark backgrounds - brighter and more vibrant */
-  --chart-1: oklch(0.82 0.18 140);
-  --chart-2: oklch(0.75 0.2 200);
-  --chart-3: oklch(0.7 0.22 280);
-  --chart-4: oklch(0.78 0.18 50);
-  --chart-5: oklch(0.72 0.2 330);
-  --sidebar: oklch(0.205 0 0);
-  --sidebar-foreground: oklch(0.985 0 0);
-  --sidebar-primary: oklch(0.77 0.16 70);
-  --sidebar-primary-foreground: oklch(0.28 0.07 46);
-  --sidebar-accent: oklch(0.269 0 0);
-  --sidebar-accent-foreground: oklch(0.985 0 0);
-  --sidebar-border: oklch(1 0 0 / 10%);
-  --sidebar-ring: oklch(0.556 0 0);
-}
-
-@layer base {
-  * {
-    @apply border-border outline-ring/50;
-  }
-  body {
-    @apply bg-background text-foreground;
-  }
-}

backend/onyx/server/features/build/sandbox/kubernetes/docker/templates/outputs/web/app/layout.tsx

@@ -1,36 +0,0 @@
-import type { Metadata } from "next";
-import { Geist, Geist_Mono, Inter } from "next/font/google";
-import "./globals.css";
-
-const inter = Inter({ subsets: ["latin"], variable: "--font-sans" });
-
-const geistSans = Geist({
-  variable: "--font-geist-sans",
-  subsets: ["latin"],
-});
-
-const geistMono = Geist_Mono({
-  variable: "--font-geist-mono",
-  subsets: ["latin"],
-});
-
-export const metadata: Metadata = {
-  title: "Onyx Craft",
-  description: "Crafting your next great idea.",
-};
-
-export default function RootLayout({
-  children,
-}: Readonly<{
-  children: React.ReactNode;
-}>) {
-  return (
-    <html lang="en" className={`${inter.variable} dark`}>
-      <body
-        className={`${geistSans.variable} ${geistMono.variable} antialiased`}
-      >
-        {children}
-      </body>
-    </html>
-  );
-}

backend/onyx/server/features/build/sandbox/kubernetes/docker/templates/outputs/web/app/page.tsx

@@ -1,132 +0,0 @@
-"use client";
-
-import { useState, useEffect, useRef } from "react";
-
-const messages = [
-  "Punching wood...",
-  "Gathering resources...",
-  "Placing blocks...",
-  "Crafting your workspace...",
-  "Mining for dependencies...",
-  "Smelting the code...",
-  "Enchanting with magic...",
-  "World generation complete...",
-  "/gamemode 1",
-];
-
-const MESSAGE_COUNT = messages.length;
-const TYPE_DELAY = 40;
-const LINE_PAUSE = 800;
-const RESET_DELAY = 2000;
-
-export default function CraftingLoader() {
-  const [display, setDisplay] = useState({
-    lines: [] as string[],
-    currentText: "",
-  });
-
-  const lineIndexRef = useRef(0);
-  const charIndexRef = useRef(0);
-  const lastUpdateRef = useRef(0);
-  const timeoutRef = useRef<NodeJS.Timeout | undefined>(undefined);
-  const rafRef = useRef<number | undefined>(undefined);
-
-  useEffect(() => {
-    let isActive = true;
-
-    const update = (now: number) => {
-      if (!isActive) return;
-
-      const lineIdx = lineIndexRef.current;
-      const charIdx = charIndexRef.current;
-
-      if (lineIdx >= MESSAGE_COUNT) {
-        timeoutRef.current = setTimeout(() => {
-          if (!isActive) return;
-          lineIndexRef.current = 0;
-          charIndexRef.current = 0;
-          setDisplay({ lines: [], currentText: "" });
-          lastUpdateRef.current = performance.now();
-          rafRef.current = requestAnimationFrame(update);
-        }, RESET_DELAY);
-        return;
-      }
-
-      const msg = messages[lineIdx];
-      if (!msg) return;
-
-      const elapsed = now - lastUpdateRef.current;
-
-      if (charIdx < msg.length) {
-        if (elapsed >= TYPE_DELAY) {
-          charIndexRef.current = charIdx + 1;
-          setDisplay((prev) => ({
-            lines: prev.lines,
-            currentText: msg.substring(0, charIdx + 1),
-          }));
-          lastUpdateRef.current = now;
-        }
-      } else if (elapsed >= LINE_PAUSE) {
-        setDisplay((prev) => ({
-          lines: [...prev.lines, msg],
-          currentText: "",
-        }));
-        lineIndexRef.current = lineIdx + 1;
-        charIndexRef.current = 0;
-        lastUpdateRef.current = now;
-      }
-
-      rafRef.current = requestAnimationFrame(update);
-    };
-
-    lastUpdateRef.current = performance.now();
-    rafRef.current = requestAnimationFrame(update);
-
-    return () => {
-      isActive = false;
-      if (rafRef.current !== undefined) cancelAnimationFrame(rafRef.current);
-      if (timeoutRef.current !== undefined) clearTimeout(timeoutRef.current);
-    };
-  }, []);
-
-  const { lines, currentText } = display;
-  const hasCurrentText = currentText.length > 0;
-
-  return (
-    <div className="min-h-screen bg-gradient-to-br from-neutral-950 via-neutral-900 to-neutral-950 flex flex-col items-center justify-center p-4">
-      <div className="w-full max-w-md rounded-sm overflow-hidden shadow-2xl border-2 border-neutral-700">
-        <div className="bg-neutral-800 px-4 py-3 flex items-center gap-2 border-b-2 border-neutral-700">
-          <div className="w-3 h-3 rounded-none bg-red-500" />
-          <div className="w-3 h-3 rounded-none bg-yellow-500" />
-          <div className="w-3 h-3 rounded-none bg-green-500" />
-          <span className="ml-4 text-neutral-500 text-sm font-mono">
-            crafting_table
-          </span>
-        </div>
-
-        <div className="bg-neutral-900 p-6 min-h-[250px] font-mono text-sm">
-          {lines.map((line, i) => (
-            <div key={i} className="flex items-center text-neutral-300">
-              <span className="text-emerald-500 mr-2">/&gt;</span>
-              <span>{line}</span>
-            </div>
-          ))}
-          {hasCurrentText && (
-            <div className="flex items-center text-neutral-300">
-              <span className="text-emerald-500 mr-2">/&gt;</span>
-              <span>{currentText}</span>
-            </div>
-          )}
-          <div className="flex items-center text-neutral-300">
-            <span className="text-emerald-500 mr-2">/&gt;</span>
-            <span className="w-2 h-5 bg-emerald-500 animate-pulse" />
-          </div>
-        </div>
-      </div>
-
-      <p className="mt-6 text-neutral-500 text-sm font-mono">
-        Crafting your next great idea...
-      </p>
-    </div>
-  );
-}