update

.github/workflows/pr-python-connector-tests.yml

@@ -9,10 +9,6 @@ on:
     - cron: "0 16 * * *"
 
 env:
-  # AWS
-  AWS_ACCESS_KEY_ID_DAILY_CONNECTOR_TESTS: ${{ secrets.AWS_ACCESS_KEY_ID_DAILY_CONNECTOR_TESTS }}
-  AWS_SECRET_ACCESS_KEY_DAILY_CONNECTOR_TESTS: ${{ secrets.AWS_SECRET_ACCESS_KEY_DAILY_CONNECTOR_TESTS }}
-  
   # Confluence
   CONFLUENCE_TEST_SPACE_URL: ${{ secrets.CONFLUENCE_TEST_SPACE_URL }}
   CONFLUENCE_TEST_SPACE: ${{ secrets.CONFLUENCE_TEST_SPACE }}

backend/Dockerfile

@@ -102,7 +102,6 @@ COPY ./alembic /app/alembic
 COPY ./alembic_tenants /app/alembic_tenants
 COPY ./alembic.ini /app/alembic.ini
 COPY supervisord.conf /usr/etc/supervisord.conf
-COPY ./static /app/static
 
 # Escape hatch scripts
 COPY ./scripts/debugging /app/scripts/debugging

backend/alembic/versions/3bd4c84fe72f_improved_index.py

@@ -28,20 +28,6 @@ depends_on = None
 
 
 def upgrade() -> None:
-    # First, drop any existing indexes to avoid conflicts
-    op.execute("COMMIT")
-    op.execute("DROP INDEX CONCURRENTLY IF EXISTS idx_chat_message_tsv;")
-
-    op.execute("COMMIT")
-    op.execute("DROP INDEX CONCURRENTLY IF EXISTS idx_chat_session_desc_tsv;")
-
-    op.execute("COMMIT")
-    op.execute("DROP INDEX IF EXISTS idx_chat_message_message_lower;")
-
-    # Drop existing columns if they exist
-    op.execute("ALTER TABLE chat_message DROP COLUMN IF EXISTS message_tsv;")
-    op.execute("ALTER TABLE chat_session DROP COLUMN IF EXISTS description_tsv;")
-
     # Create a GIN index for full-text search on chat_message.message
     op.execute(
         """

backend/ee/onyx/access/access.py

@@ -93,12 +93,12 @@ def _get_access_for_documents(
         )
 
         # To avoid collisions of group namings between connectors, they need to be prefixed
-        access_map[document_id] = DocumentAccess.build(
-            user_emails=list(non_ee_access.user_emails),
-            user_groups=user_group_info.get(document_id, []),
+        access_map[document_id] = DocumentAccess(
+            user_emails=non_ee_access.user_emails,
+            user_groups=set(user_group_info.get(document_id, [])),
             is_public=is_public_anywhere,
-            external_user_emails=list(ext_u_emails),
-            external_user_group_ids=list(ext_u_groups),
+            external_user_emails=ext_u_emails,
+            external_user_group_ids=ext_u_groups,
         )
     return access_map
 

backend/ee/onyx/chat/process_message.py

@@ -2,6 +2,7 @@ from ee.onyx.server.query_and_chat.models import OneShotQAResponse
 from onyx.chat.models import AllCitations
 from onyx.chat.models import LLMRelevanceFilterResponse
 from onyx.chat.models import OnyxAnswerPiece
+from onyx.chat.models import OnyxContexts
 from onyx.chat.models import QADocsResponse
 from onyx.chat.models import StreamingError
 from onyx.chat.process_message import ChatPacketStream
@@ -31,6 +32,8 @@ def gather_stream_for_answer_api(
             response.llm_selected_doc_indices = packet.llm_selected_doc_indices
         elif isinstance(packet, AllCitations):
             response.citations = packet.citations
+        elif isinstance(packet, OnyxContexts):
+            response.contexts = packet
 
     if answer:
         response.answer = answer

backend/ee/onyx/configs/app_configs.py

@@ -25,10 +25,6 @@ SAML_CONF_DIR = os.environ.get("SAML_CONF_DIR") or "/app/ee/onyx/configs/saml_co
 #####
 # Auto Permission Sync
 #####
-DEFAULT_PERMISSION_DOC_SYNC_FREQUENCY = int(
-    os.environ.get("DEFAULT_PERMISSION_DOC_SYNC_FREQUENCY") or 5 * 60
-)
-
 # In seconds, default is 5 minutes
 CONFLUENCE_PERMISSION_GROUP_SYNC_FREQUENCY = int(
     os.environ.get("CONFLUENCE_PERMISSION_GROUP_SYNC_FREQUENCY") or 5 * 60
@@ -43,7 +39,6 @@ CONFLUENCE_ANONYMOUS_ACCESS_IS_PUBLIC = (
 CONFLUENCE_PERMISSION_DOC_SYNC_FREQUENCY = int(
     os.environ.get("CONFLUENCE_PERMISSION_DOC_SYNC_FREQUENCY") or 5 * 60
 )
-
 NUM_PERMISSION_WORKERS = int(os.environ.get("NUM_PERMISSION_WORKERS") or 2)
 
 
@@ -77,13 +72,6 @@ OAUTH_GOOGLE_DRIVE_CLIENT_SECRET = os.environ.get(
     "OAUTH_GOOGLE_DRIVE_CLIENT_SECRET", ""
 )
 
-GOOGLE_DRIVE_PERMISSION_GROUP_SYNC_FREQUENCY = int(
-    os.environ.get("GOOGLE_DRIVE_PERMISSION_GROUP_SYNC_FREQUENCY") or 5 * 60
-)
-
-SLACK_PERMISSION_DOC_SYNC_FREQUENCY = int(
-    os.environ.get("SLACK_PERMISSION_DOC_SYNC_FREQUENCY") or 5 * 60
-)
 
 # The posthog client does not accept empty API keys or hosts however it fails silently
 # when the capture is called. These defaults prevent Posthog issues from breaking the Onyx app

backend/ee/onyx/external_permissions/sync_params.py

@@ -3,8 +3,6 @@ from collections.abc import Generator
 
 from ee.onyx.configs.app_configs import CONFLUENCE_PERMISSION_DOC_SYNC_FREQUENCY
 from ee.onyx.configs.app_configs import CONFLUENCE_PERMISSION_GROUP_SYNC_FREQUENCY
-from ee.onyx.configs.app_configs import GOOGLE_DRIVE_PERMISSION_GROUP_SYNC_FREQUENCY
-from ee.onyx.configs.app_configs import SLACK_PERMISSION_DOC_SYNC_FREQUENCY
 from ee.onyx.db.external_perm import ExternalUserGroup
 from ee.onyx.external_permissions.confluence.doc_sync import confluence_doc_sync
 from ee.onyx.external_permissions.confluence.group_sync import confluence_group_sync
@@ -68,13 +66,13 @@ GROUP_PERMISSIONS_IS_CC_PAIR_AGNOSTIC: set[DocumentSource] = {
 DOC_PERMISSION_SYNC_PERIODS: dict[DocumentSource, int] = {
     # Polling is not supported so we fetch all doc permissions every 5 minutes
     DocumentSource.CONFLUENCE: CONFLUENCE_PERMISSION_DOC_SYNC_FREQUENCY,
-    DocumentSource.SLACK: SLACK_PERMISSION_DOC_SYNC_FREQUENCY,
+    DocumentSource.SLACK: 5 * 60,
 }
 
 # If nothing is specified here, we run the doc_sync every time the celery beat runs
 EXTERNAL_GROUP_SYNC_PERIODS: dict[DocumentSource, int] = {
     # Polling is not supported so we fetch all group permissions every 30 minutes
-    DocumentSource.GOOGLE_DRIVE: GOOGLE_DRIVE_PERMISSION_GROUP_SYNC_FREQUENCY,
+    DocumentSource.GOOGLE_DRIVE: 5 * 60,
     DocumentSource.CONFLUENCE: CONFLUENCE_PERMISSION_GROUP_SYNC_FREQUENCY,
 }
 

backend/ee/onyx/main.py

@@ -64,15 +64,7 @@ def get_application() -> FastAPI:
         add_tenant_id_middleware(application, logger)
 
     if AUTH_TYPE == AuthType.CLOUD:
-        # For Google OAuth, refresh tokens are requested by:
-        # 1. Adding the right scopes
-        # 2. Properly configuring OAuth in Google Cloud Console to allow offline access
-        oauth_client = GoogleOAuth2(
-            OAUTH_CLIENT_ID,
-            OAUTH_CLIENT_SECRET,
-            # Use standard scopes that include profile and email
-            scopes=["openid", "email", "profile"],
-        )
+        oauth_client = GoogleOAuth2(OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET)
         include_auth_router_with_prefix(
             application,
             create_onyx_oauth_router(
@@ -95,16 +87,6 @@ def get_application() -> FastAPI:
         )
 
     if AUTH_TYPE == AuthType.OIDC:
-        # Ensure we request offline_access for refresh tokens
-        try:
-            oidc_scopes = list(OIDC_SCOPE_OVERRIDE or BASE_SCOPES)
-            if "offline_access" not in oidc_scopes:
-                oidc_scopes.append("offline_access")
-        except Exception as e:
-            logger.warning(f"Error configuring OIDC scopes: {e}")
-            # Fall back to default scopes if there's an error
-            oidc_scopes = BASE_SCOPES
-
         include_auth_router_with_prefix(
             application,
             create_onyx_oauth_router(
@@ -112,8 +94,8 @@ def get_application() -> FastAPI:
                     OAUTH_CLIENT_ID,
                     OAUTH_CLIENT_SECRET,
                     OPENID_CONFIG_URL,
-                    # Use the configured scopes
-                    base_scopes=oidc_scopes,
+                    # BASE_SCOPES is the same as not setting this
+                    base_scopes=OIDC_SCOPE_OVERRIDE or BASE_SCOPES,
                 ),
                 auth_backend,
                 USER_AUTH_SECRET,

backend/ee/onyx/server/query_and_chat/chat_backend.py

@@ -14,6 +14,7 @@ from ee.onyx.server.query_and_chat.models import (
     BasicCreateChatMessageWithHistoryRequest,
 )
 from ee.onyx.server.query_and_chat.models import ChatBasicResponse
+from ee.onyx.server.query_and_chat.models import SimpleDoc
 from onyx.auth.users import current_user
 from onyx.chat.chat_utils import combine_message_thread
 from onyx.chat.chat_utils import create_chat_chain
@@ -55,6 +56,25 @@ logger = setup_logger()
 router = APIRouter(prefix="/chat")
 
 
+def _translate_doc_response_to_simple_doc(
+    doc_response: QADocsResponse,
+) -> list[SimpleDoc]:
+    return [
+        SimpleDoc(
+            id=doc.document_id,
+            semantic_identifier=doc.semantic_identifier,
+            link=doc.link,
+            blurb=doc.blurb,
+            match_highlights=[
+                highlight for highlight in doc.match_highlights if highlight
+            ],
+            source_type=doc.source_type,
+            metadata=doc.metadata,
+        )
+        for doc in doc_response.top_documents
+    ]
+
+
 def _get_final_context_doc_indices(
     final_context_docs: list[LlmDoc] | None,
     top_docs: list[SavedSearchDoc] | None,
@@ -91,6 +111,9 @@ def _convert_packet_stream_to_response(
         elif isinstance(packet, QADocsResponse):
             response.top_documents = packet.top_documents
 
+            # TODO: deprecate `simple_search_docs`
+            response.simple_search_docs = _translate_doc_response_to_simple_doc(packet)
+
             # This is a no-op if agent_sub_questions hasn't already been filled
             if packet.level is not None and packet.level_question_num is not None:
                 id = (packet.level, packet.level_question_num)

backend/ee/onyx/server/query_and_chat/models.py

@@ -8,6 +8,7 @@ from pydantic import model_validator
 
 from ee.onyx.server.manage.models import StandardAnswer
 from onyx.chat.models import CitationInfo
+from onyx.chat.models import OnyxContexts
 from onyx.chat.models import PersonaOverrideConfig
 from onyx.chat.models import QADocsResponse
 from onyx.chat.models import SubQuestionIdentifier
@@ -163,6 +164,8 @@ class ChatBasicResponse(BaseModel):
     cited_documents: dict[int, str] | None = None
 
     # FOR BACKWARDS COMPATIBILITY
+    # TODO: deprecate both of these
+    simple_search_docs: list[SimpleDoc] | None = None
     llm_chunks_indices: list[int] | None = None
 
     # agentic fields
@@ -217,3 +220,4 @@ class OneShotQAResponse(BaseModel):
     llm_selected_doc_indices: list[int] | None = None
     error_msg: str | None = None
     chat_message_id: int | None = None
+    contexts: OnyxContexts | None = None

backend/ee/onyx/server/saml.py

@@ -36,12 +36,8 @@ from onyx.utils.logger import setup_logger
 logger = setup_logger()
 router = APIRouter(prefix="/auth/saml")
 
-# Define non-authenticated user roles that should be re-created during SAML login
-NON_AUTHENTICATED_ROLES = {UserRole.SLACK_USER, UserRole.EXT_PERM_USER}
-
 
 async def upsert_saml_user(email: str) -> User:
-    logger.debug(f"Attempting to upsert SAML user with email: {email}")
     get_async_session_context = contextlib.asynccontextmanager(
         get_async_session
     )  # type:ignore
@@ -52,13 +48,9 @@ async def upsert_saml_user(email: str) -> User:
         async with get_user_db_context(session) as user_db:
             async with get_user_manager_context(user_db) as user_manager:
                 try:
-                    user = await user_manager.get_by_email(email)
-                    # If user has a non-authenticated role, treat as non-existent
-                    if user.role in NON_AUTHENTICATED_ROLES:
-                        raise exceptions.UserNotExists()
-                    return user
+                    return await user_manager.get_by_email(email)
                 except exceptions.UserNotExists:
-                    logger.info("Creating user from SAML login")
+                    logger.notice("Creating user from SAML login")
 
                 user_count = await get_user_count()
                 role = UserRole.ADMIN if user_count == 0 else UserRole.BASIC
@@ -67,10 +59,11 @@ async def upsert_saml_user(email: str) -> User:
                 password = fastapi_users_pw_helper.generate()
                 hashed_pass = fastapi_users_pw_helper.hash(password)
 
-                user = await user_manager.create(
+                user: User = await user_manager.create(
                     UserCreate(
                         email=email,
                         password=hashed_pass,
+                        is_verified=True,
                         role=role,
                     )
                 )

backend/ee/onyx/server/tenants/user_mapping.py

@@ -70,7 +70,6 @@ def add_users_to_tenant(emails: list[str], tenant_id: str) -> None:
     """
     Add users to a tenant with proper transaction handling.
     Checks if users already have a tenant mapping to avoid duplicates.
-    If a user already has an active mapping to any tenant, the new mapping will be added as inactive.
     """
     with get_session_with_tenant(tenant_id=POSTGRES_DEFAULT_SCHEMA) as db_session:
         try:
@@ -89,25 +88,9 @@ def add_users_to_tenant(emails: list[str], tenant_id: str) -> None:
                     .first()
                 )
 
-                # If user already has an active mapping, add this one as inactive
                 if not existing_mapping:
-                    # Check if the user already has an active mapping to any tenant
-                    has_active_mapping = (
-                        db_session.query(UserTenantMapping)
-                        .filter(
-                            UserTenantMapping.email == email,
-                            UserTenantMapping.active == True,  # noqa: E712
-                        )
-                        .first()
-                    )
-
-                    db_session.add(
-                        UserTenantMapping(
-                            email=email,
-                            tenant_id=tenant_id,
-                            active=False if has_active_mapping else True,
-                        )
-                    )
+                    # Only add if mapping doesn't exist
+                    db_session.add(UserTenantMapping(email=email, tenant_id=tenant_id))
 
             # Commit the transaction
             db_session.commit()

backend/onyx/access/access.py

@@ -18,7 +18,7 @@ def _get_access_for_document(
         document_id=document_id,
     )
 
-    doc_access = DocumentAccess.build(
+    return DocumentAccess.build(
         user_emails=info[1] if info and info[1] else [],
         user_groups=[],
         external_user_emails=[],
@@ -26,8 +26,6 @@ def _get_access_for_document(
         is_public=info[2] if info else False,
     )
 
-    return doc_access
-
 
 def get_access_for_document(
     document_id: str,
@@ -40,12 +38,12 @@ def get_access_for_document(
 
 
 def get_null_document_access() -> DocumentAccess:
-    return DocumentAccess.build(
-        user_emails=[],
-        user_groups=[],
+    return DocumentAccess(
+        user_emails=set(),
+        user_groups=set(),
         is_public=False,
-        external_user_emails=[],
-        external_user_group_ids=[],
+        external_user_emails=set(),
+        external_user_group_ids=set(),
     )
 
 
@@ -58,18 +56,18 @@ def _get_access_for_documents(
         document_ids=document_ids,
     )
     doc_access = {
-        document_id: DocumentAccess.build(
-            user_emails=[email for email in user_emails if email],
+        document_id: DocumentAccess(
+            user_emails=set([email for email in user_emails if email]),
             # MIT version will wipe all groups and external groups on update
-            user_groups=[],
+            user_groups=set(),
             is_public=is_public,
-            external_user_emails=[],
-            external_user_group_ids=[],
+            external_user_emails=set(),
+            external_user_group_ids=set(),
         )
         for document_id, user_emails, is_public in document_access_info
     }
 
-    # Sometimes the document has not been indexed by the indexing job yet, in those cases
+    # Sometimes the document has not be indexed by the indexing job yet, in those cases
     # the document does not exist and so we use least permissive. Specifically the EE version
     # checks the MIT version permissions and creates a superset. This ensures that this flow
     # does not fail even if the Document has not yet been indexed.

backend/onyx/access/models.py

@@ -56,45 +56,33 @@ class DocExternalAccess:
         )
 
 
-@dataclass(frozen=True, init=False)
+@dataclass(frozen=True)
 class DocumentAccess(ExternalAccess):
     # User emails for Onyx users, None indicates admin
     user_emails: set[str | None]
-
     # Names of user groups associated with this document
     user_groups: set[str]
 
-    external_user_emails: set[str]
-    external_user_group_ids: set[str]
-    is_public: bool
-
-    def __init__(self) -> None:
-        raise TypeError(
-            "Use `DocumentAccess.build(...)` instead of creating an instance directly."
-        )
-
     def to_acl(self) -> set[str]:
-        # the acl's emitted by this function are prefixed by type
-        # to get the native objects, access the member variables directly
-
-        acl_set: set[str] = set()
-        for user_email in self.user_emails:
-            if user_email:
-                acl_set.add(prefix_user_email(user_email))
-
-        for group_name in self.user_groups:
-            acl_set.add(prefix_user_group(group_name))
-
-        for external_user_email in self.external_user_emails:
-            acl_set.add(prefix_user_email(external_user_email))
-
-        for external_group_id in self.external_user_group_ids:
-            acl_set.add(prefix_external_group(external_group_id))
-
-        if self.is_public:
-            acl_set.add(PUBLIC_DOC_PAT)
-
-        return acl_set
+        return set(
+            [
+                prefix_user_email(user_email)
+                for user_email in self.user_emails
+                if user_email
+            ]
+            + [prefix_user_group(group_name) for group_name in self.user_groups]
+            + [
+                prefix_user_email(user_email)
+                for user_email in self.external_user_emails
+            ]
+            + [
+                # The group names are already prefixed by the source type
+                # This adds an additional prefix of "external_group:"
+                prefix_external_group(group_name)
+                for group_name in self.external_user_group_ids
+            ]
+            + ([PUBLIC_DOC_PAT] if self.is_public else [])
+        )
 
     @classmethod
     def build(
@@ -105,32 +93,29 @@ class DocumentAccess(ExternalAccess):
         external_user_group_ids: list[str],
         is_public: bool,
     ) -> "DocumentAccess":
-        """Don't prefix incoming data wth acl type, prefix on read from to_acl!"""
-
-        obj = object.__new__(cls)
-        object.__setattr__(
-            obj, "user_emails", {user_email for user_email in user_emails if user_email}
+        return cls(
+            external_user_emails={
+                prefix_user_email(external_email)
+                for external_email in external_user_emails
+            },
+            external_user_group_ids={
+                prefix_external_group(external_group_id)
+                for external_group_id in external_user_group_ids
+            },
+            user_emails={
+                prefix_user_email(user_email)
+                for user_email in user_emails
+                if user_email
+            },
+            user_groups=set(user_groups),
+            is_public=is_public,
         )
-        object.__setattr__(obj, "user_groups", set(user_groups))
-        object.__setattr__(
-            obj,
-            "external_user_emails",
-            {external_email for external_email in external_user_emails},
-        )
-        object.__setattr__(
-            obj,
-            "external_user_group_ids",
-            {external_group_id for external_group_id in external_user_group_ids},
-        )
-        object.__setattr__(obj, "is_public", is_public)
-
-        return obj
 
 
-default_public_access = DocumentAccess.build(
-    external_user_emails=[],
-    external_user_group_ids=[],
-    user_emails=[],
-    user_groups=[],
+default_public_access = DocumentAccess(
+    external_user_emails=set(),
+    external_user_group_ids=set(),
+    user_emails=set(),
+    user_groups=set(),
     is_public=True,
 )

backend/onyx/agents/agent_search/basic/utils.py

@@ -7,6 +7,7 @@ from langgraph.types import StreamWriter
 
 from onyx.agents.agent_search.shared_graph_utils.utils import write_custom_event
 from onyx.chat.models import LlmDoc
+from onyx.chat.models import OnyxContext
 from onyx.chat.stream_processing.answer_response_handler import AnswerResponseHandler
 from onyx.chat.stream_processing.answer_response_handler import CitationResponseHandler
 from onyx.chat.stream_processing.answer_response_handler import (
@@ -23,7 +24,7 @@ def process_llm_stream(
     should_stream_answer: bool,
     writer: StreamWriter,
     final_search_results: list[LlmDoc] | None = None,
-    displayed_search_results: list[LlmDoc] | None = None,
+    displayed_search_results: list[OnyxContext] | list[LlmDoc] | None = None,
 ) -> AIMessageChunk:
     tool_call_chunk = AIMessageChunk(content="")
 

backend/onyx/agents/agent_search/deep_search/initial/generate_initial_answer/nodes/generate_initial_answer.py

@@ -156,6 +156,7 @@ def generate_initial_answer(
     for tool_response in yield_search_responses(
         query=question,
         get_retrieved_sections=lambda: answer_generation_documents.context_documents,
+        get_reranked_sections=lambda: answer_generation_documents.streaming_documents,
         get_final_context_sections=lambda: answer_generation_documents.context_documents,
         search_query_info=query_info,
         get_section_relevance=lambda: relevance_list,

backend/onyx/agents/agent_search/deep_search/main/nodes/generate_validate_refined_answer.py

@@ -183,6 +183,7 @@ def generate_validate_refined_answer(
     for tool_response in yield_search_responses(
         query=question,
         get_retrieved_sections=lambda: answer_generation_documents.context_documents,
+        get_reranked_sections=lambda: answer_generation_documents.streaming_documents,
         get_final_context_sections=lambda: answer_generation_documents.context_documents,
         search_query_info=query_info,
         get_section_relevance=lambda: relevance_list,

backend/onyx/agents/agent_search/deep_search/shared/expanded_retrieval/nodes/format_results.py

@@ -57,6 +57,7 @@ def format_results(
         for tool_response in yield_search_responses(
             query=state.question,
             get_retrieved_sections=lambda: reranked_documents,
+            get_reranked_sections=lambda: state.retrieved_documents,
             get_final_context_sections=lambda: reranked_documents,
             search_query_info=query_info,
             get_section_relevance=lambda: relevance_list,

backend/onyx/agents/agent_search/orchestration/nodes/use_tool_response.py

@@ -13,7 +13,9 @@ from onyx.tools.tool_implementations.search.search_tool import (
     SEARCH_RESPONSE_SUMMARY_ID,
 )
 from onyx.tools.tool_implementations.search.search_tool import SearchResponseSummary
-from onyx.tools.tool_implementations.search.search_utils import section_to_llm_doc
+from onyx.tools.tool_implementations.search.search_utils import (
+    context_from_inference_section,
+)
 from onyx.tools.tool_implementations.search_like_tool_utils import (
     FINAL_CONTEXT_DOCUMENTS_ID,
 )
@@ -57,7 +59,9 @@ def basic_use_tool_response(
             search_response_summary = cast(SearchResponseSummary, yield_item.response)
             for section in search_response_summary.top_sections:
                 if section.center_chunk.document_id not in initial_search_results:
-                    initial_search_results.append(section_to_llm_doc(section))
+                    initial_search_results.append(
+                        context_from_inference_section(section)
+                    )
 
     new_tool_call_chunk = AIMessageChunk(content="")
     if not agent_config.behavior.skip_gen_ai_answer_generation:

backend/onyx/auth/email_utils.py

@@ -16,10 +16,10 @@ from onyx.configs.app_configs import WEB_DOMAIN
 from onyx.configs.constants import AuthType
 from onyx.configs.constants import ONYX_DEFAULT_APPLICATION_NAME
 from onyx.configs.constants import ONYX_SLACK_URL
+from onyx.configs.constants import TENANT_ID_COOKIE_NAME
 from onyx.db.models import User
 from onyx.server.runtime.onyx_runtime import OnyxRuntime
 from onyx.utils.file import FileWithMimeType
-from onyx.utils.url import add_url_params
 from onyx.utils.variable_functionality import fetch_versioned_implementation
 from shared_configs.configs import MULTI_TENANT
 
@@ -62,11 +62,6 @@ HTML_EMAIL_TEMPLATE = """\
     }}
     .header img {{
       max-width: 140px;
-      width: 140px;
-      height: auto;
-      filter: brightness(1.1) contrast(1.2);
-      border-radius: 8px;
-      padding: 5px;
     }}
     .body-content {{
       padding: 20px 30px;
@@ -83,16 +78,12 @@ HTML_EMAIL_TEMPLATE = """\
     }}
     .cta-button {{
       display: inline-block;
-      padding: 14px 24px;
-      background-color: #0055FF;
+      padding: 12px 20px;
+      background-color: #000000;
       color: #ffffff !important;
       text-decoration: none;
       border-radius: 4px;
-      font-weight: 600;
-      font-size: 16px;
-      margin-top: 10px;
-      box-shadow: 0 2px 4px rgba(0, 0, 0, 0.1);
-      text-align: center;
+      font-weight: 500;
     }}
     .footer {{
       font-size: 13px;
@@ -175,7 +166,6 @@ def send_email(
     if not EMAIL_CONFIGURED:
         raise ValueError("Email is not configured.")
 
-    # Create a multipart/alternative message - this indicates these are alternative versions of the same content
     msg = MIMEMultipart("alternative")
     msg["Subject"] = subject
     msg["To"] = user_email
@@ -184,30 +174,17 @@ def send_email(
     msg["Date"] = formatdate(localtime=True)
     msg["Message-ID"] = make_msgid(domain="onyx.app")
 
-    # Add text part first (lowest priority)
-    text_part = MIMEText(text_body, "plain")
-    msg.attach(text_part)
+    part_text = MIMEText(text_body, "plain")
+    part_html = MIMEText(html_body, "html")
+
+    msg.attach(part_text)
+    msg.attach(part_html)
 
     if inline_png:
-        # For HTML with images, create a multipart/related container
-        related = MIMEMultipart("related")
-
-        # Add the HTML part to the related container
-        html_part = MIMEText(html_body, "html")
-        related.attach(html_part)
-
-        # Add image with proper Content-ID to the related container
         img = MIMEImage(inline_png[1], _subtype="png")
-        img.add_header("Content-ID", f"<{inline_png[0]}>")
+        img.add_header("Content-ID", inline_png[0])  # CID reference
         img.add_header("Content-Disposition", "inline", filename=inline_png[0])
-        related.attach(img)
-
-        # Add the related part to the message (higher priority than text)
-        msg.attach(related)
-    else:
-        # No images, just add HTML directly (higher priority than text)
-        html_part = MIMEText(html_body, "html")
-        msg.attach(html_part)
+        msg.attach(img)
 
     try:
         with smtplib.SMTP(SMTP_SERVER, SMTP_PORT) as s:
@@ -355,23 +332,17 @@ def send_forgot_password_email(
 
     onyx_file = OnyxRuntime.get_emailable_logo()
 
-    subject = f"Reset Your {application_name} Password"
-    heading = "Reset Your Password"
-    tenant_param = f"&tenant={tenant_id}" if tenant_id and MULTI_TENANT else ""
-    message = "<p>Please click the button below to reset your password. This link will expire in 24 hours.</p>"
-    cta_text = "Reset Password"
-    cta_link = f"{WEB_DOMAIN}/auth/reset-password?token={token}{tenant_param}"
+    subject = f"{application_name} Forgot Password"
+    link = f"{WEB_DOMAIN}/auth/reset-password?token={token}"
+    if MULTI_TENANT:
+        link += f"&{TENANT_ID_COOKIE_NAME}={tenant_id}"
+    message = f"<p>Click the following link to reset your password:</p><p>{link}</p>"
     html_content = build_html_email(
         application_name,
-        heading,
+        "Reset Your Password",
         message,
-        cta_text,
-        cta_link,
-    )
-    text_content = (
-        f"Please click the following link to reset your password. This link will expire in 24 hours.\n"
-        f"{WEB_DOMAIN}/auth/reset-password?token={token}{tenant_param}"
     )
+    text_content = f"Click the following link to reset your password: {link}"
     send_email(
         user_email,
         subject,
@@ -385,7 +356,6 @@ def send_forgot_password_email(
 def send_user_verification_email(
     user_email: str,
     token: str,
-    new_organization: bool = False,
     mail_from: str = EMAIL_FROM,
 ) -> None:
     # Builds a verification email
@@ -402,8 +372,6 @@ def send_user_verification_email(
 
     subject = f"{application_name} Email Verification"
     link = f"{WEB_DOMAIN}/auth/verify-email?token={token}"
-    if new_organization:
-        link = add_url_params(link, {"first_user": "true"})
     message = (
         f"<p>Click the following link to verify your email address:</p><p>{link}</p>"
     )

backend/onyx/auth/oauth_refresher.py

@@ -1,211 +0,0 @@
-from datetime import datetime
-from datetime import timezone
-from typing import Any
-from typing import cast
-from typing import Dict
-from typing import List
-from typing import Optional
-
-import httpx
-from fastapi_users.manager import BaseUserManager
-from sqlalchemy.ext.asyncio import AsyncSession
-
-from onyx.configs.app_configs import OAUTH_CLIENT_ID
-from onyx.configs.app_configs import OAUTH_CLIENT_SECRET
-from onyx.configs.app_configs import TRACK_EXTERNAL_IDP_EXPIRY
-from onyx.db.models import OAuthAccount
-from onyx.db.models import User
-from onyx.utils.logger import setup_logger
-
-logger = setup_logger()
-
-# Standard OAuth refresh token endpoints
-REFRESH_ENDPOINTS = {
-    "google": "https://oauth2.googleapis.com/token",
-}
-
-
-# NOTE: Keeping this as a utility function for potential future debugging,
-# but not using it in production code
-async def _test_expire_oauth_token(
-    user: User,
-    oauth_account: OAuthAccount,
-    db_session: AsyncSession,
-    user_manager: BaseUserManager[User, Any],
-    expire_in_seconds: int = 10,
-) -> bool:
-    """
-    Utility function for testing - Sets an OAuth token to expire in a short time
-    to facilitate testing of the refresh flow.
-    Not used in production code.
-    """
-    try:
-        new_expires_at = int(
-            (datetime.now(timezone.utc).timestamp() + expire_in_seconds)
-        )
-
-        updated_data: Dict[str, Any] = {"expires_at": new_expires_at}
-
-        await user_manager.user_db.update_oauth_account(
-            user, cast(Any, oauth_account), updated_data
-        )
-
-        return True
-    except Exception as e:
-        logger.exception(f"Error setting artificial expiration: {str(e)}")
-        return False
-
-
-async def refresh_oauth_token(
-    user: User,
-    oauth_account: OAuthAccount,
-    db_session: AsyncSession,
-    user_manager: BaseUserManager[User, Any],
-) -> bool:
-    """
-    Attempt to refresh an OAuth token that's about to expire or has expired.
-    Returns True if successful, False otherwise.
-    """
-    if not oauth_account.refresh_token:
-        logger.warning(
-            f"No refresh token available for {user.email}'s {oauth_account.oauth_name} account"
-        )
-        return False
-
-    provider = oauth_account.oauth_name
-    if provider not in REFRESH_ENDPOINTS:
-        logger.warning(f"Refresh endpoint not configured for provider: {provider}")
-        return False
-
-    try:
-        logger.info(f"Refreshing OAuth token for {user.email}'s {provider} account")
-
-        async with httpx.AsyncClient() as client:
-            response = await client.post(
-                REFRESH_ENDPOINTS[provider],
-                data={
-                    "client_id": OAUTH_CLIENT_ID,
-                    "client_secret": OAUTH_CLIENT_SECRET,
-                    "refresh_token": oauth_account.refresh_token,
-                    "grant_type": "refresh_token",
-                },
-                headers={"Content-Type": "application/x-www-form-urlencoded"},
-            )
-
-            if response.status_code != 200:
-                logger.error(
-                    f"Failed to refresh OAuth token: Status {response.status_code}"
-                )
-                return False
-
-            token_data = response.json()
-
-            new_access_token = token_data.get("access_token")
-            new_refresh_token = token_data.get(
-                "refresh_token", oauth_account.refresh_token
-            )
-            expires_in = token_data.get("expires_in")
-
-            # Calculate new expiry time if provided
-            new_expires_at: Optional[int] = None
-            if expires_in:
-                new_expires_at = int(
-                    (datetime.now(timezone.utc).timestamp() + expires_in)
-                )
-
-            # Update the OAuth account
-            updated_data: Dict[str, Any] = {
-                "access_token": new_access_token,
-                "refresh_token": new_refresh_token,
-            }
-
-            if new_expires_at:
-                updated_data["expires_at"] = new_expires_at
-
-                # Update oidc_expiry in user model if we're tracking it
-                if TRACK_EXTERNAL_IDP_EXPIRY:
-                    oidc_expiry = datetime.fromtimestamp(
-                        new_expires_at, tz=timezone.utc
-                    )
-                    await user_manager.user_db.update(
-                        user, {"oidc_expiry": oidc_expiry}
-                    )
-
-            # Update the OAuth account
-            await user_manager.user_db.update_oauth_account(
-                user, cast(Any, oauth_account), updated_data
-            )
-
-            logger.info(f"Successfully refreshed OAuth token for {user.email}")
-            return True
-
-    except Exception as e:
-        logger.exception(f"Error refreshing OAuth token: {str(e)}")
-        return False
-
-
-async def check_and_refresh_oauth_tokens(
-    user: User,
-    db_session: AsyncSession,
-    user_manager: BaseUserManager[User, Any],
-) -> None:
-    """
-    Check if any OAuth tokens are expired or about to expire and refresh them.
-    """
-    if not hasattr(user, "oauth_accounts") or not user.oauth_accounts:
-        return
-
-    now_timestamp = datetime.now(timezone.utc).timestamp()
-
-    # Buffer time to refresh tokens before they expire (in seconds)
-    buffer_seconds = 300  # 5 minutes
-
-    for oauth_account in user.oauth_accounts:
-        # Skip accounts without refresh tokens
-        if not oauth_account.refresh_token:
-            continue
-
-        # If token is about to expire, refresh it
-        if (
-            oauth_account.expires_at
-            and oauth_account.expires_at - now_timestamp < buffer_seconds
-        ):
-            logger.info(f"OAuth token for {user.email} is about to expire - refreshing")
-            success = await refresh_oauth_token(
-                user, oauth_account, db_session, user_manager
-            )
-
-            if not success:
-                logger.warning(
-                    "Failed to refresh OAuth token. User may need to re-authenticate."
-                )
-
-
-async def check_oauth_account_has_refresh_token(
-    user: User,
-    oauth_account: OAuthAccount,
-) -> bool:
-    """
-    Check if an OAuth account has a refresh token.
-    Returns True if a refresh token exists, False otherwise.
-    """
-    return bool(oauth_account.refresh_token)
-
-
-async def get_oauth_accounts_requiring_refresh_token(user: User) -> List[OAuthAccount]:
-    """
-    Returns a list of OAuth accounts for a user that are missing refresh tokens.
-    These accounts will need re-authentication to get refresh tokens.
-    """
-    if not hasattr(user, "oauth_accounts") or not user.oauth_accounts:
-        return []
-
-    accounts_needing_refresh = []
-    for oauth_account in user.oauth_accounts:
-        has_refresh_token = await check_oauth_account_has_refresh_token(
-            user, oauth_account
-        )
-        if not has_refresh_token:
-            accounts_needing_refresh.append(oauth_account)
-
-    return accounts_needing_refresh

backend/onyx/auth/users.py

@@ -5,16 +5,12 @@ import string
 import uuid
 from collections.abc import AsyncGenerator
 from datetime import datetime
-from datetime import timedelta
 from datetime import timezone
-from typing import Any
 from typing import cast
 from typing import Dict
 from typing import List
 from typing import Optional
-from typing import Protocol
 from typing import Tuple
-from typing import TypeVar
 
 import jwt
 from email_validator import EmailNotValidError
@@ -585,10 +581,8 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
         logger.notice(
             f"Verification requested for user {user.id}. Verification token: {token}"
         )
-        user_count = await get_user_count()
-        send_user_verification_email(
-            user.email, token, new_organization=user_count == 1
-        )
+
+        send_user_verification_email(user.email, token)
 
     async def authenticate(
         self, credentials: OAuth2PasswordRequestForm
@@ -694,20 +688,16 @@ cookie_transport = CookieTransport(
 )
 
 
-T = TypeVar("T", covariant=True)
-ID = TypeVar("ID", contravariant=True)
+def get_redis_strategy() -> RedisStrategy:
+    return TenantAwareRedisStrategy()
 
 
-# Protocol for strategies that support token refreshing without inheritance.
-class RefreshableStrategy(Protocol):
-    """Protocol for authentication strategies that support token refreshing."""
-
-    async def refresh_token(self, token: Optional[str], user: Any) -> str:
-        """
-        Refresh an existing token by extending its lifetime.
-        Returns either the same token with extended expiration or a new token.
-        """
-        ...
+def get_database_strategy(
+    access_token_db: AccessTokenDatabase[AccessToken] = Depends(get_access_token_db),
+) -> DatabaseStrategy:
+    return DatabaseStrategy(
+        access_token_db, lifetime_seconds=SESSION_EXPIRE_TIME_SECONDS
+    )
 
 
 class TenantAwareRedisStrategy(RedisStrategy[User, uuid.UUID]):
@@ -766,75 +756,6 @@ class TenantAwareRedisStrategy(RedisStrategy[User, uuid.UUID]):
         redis = await get_async_redis_connection()
         await redis.delete(f"{self.key_prefix}{token}")
 
-    async def refresh_token(self, token: Optional[str], user: User) -> str:
-        """Refresh a token by extending its expiration time in Redis."""
-        if token is None:
-            # If no token provided, create a new one
-            return await self.write_token(user)
-
-        redis = await get_async_redis_connection()
-        token_key = f"{self.key_prefix}{token}"
-
-        # Check if token exists
-        token_data_str = await redis.get(token_key)
-        if not token_data_str:
-            # Token not found, create new one
-            return await self.write_token(user)
-
-        # Token exists, extend its lifetime
-        token_data = json.loads(token_data_str)
-        await redis.set(
-            token_key,
-            json.dumps(token_data),
-            ex=self.lifetime_seconds,
-        )
-
-        return token
-
-
-class RefreshableDatabaseStrategy(DatabaseStrategy[User, uuid.UUID, AccessToken]):
-    """Database strategy with token refreshing capabilities."""
-
-    def __init__(
-        self,
-        access_token_db: AccessTokenDatabase[AccessToken],
-        lifetime_seconds: Optional[int] = None,
-    ):
-        super().__init__(access_token_db, lifetime_seconds)
-        self._access_token_db = access_token_db
-
-    async def refresh_token(self, token: Optional[str], user: User) -> str:
-        """Refresh a token by updating its expiration time in the database."""
-        if token is None:
-            return await self.write_token(user)
-
-        # Find the token in database
-        access_token = await self._access_token_db.get_by_token(token)
-
-        if access_token is None:
-            # Token not found, create new one
-            return await self.write_token(user)
-
-        # Update expiration time
-        new_expires = datetime.now(timezone.utc) + timedelta(
-            seconds=float(self.lifetime_seconds or SESSION_EXPIRE_TIME_SECONDS)
-        )
-        await self._access_token_db.update(access_token, {"expires": new_expires})
-
-        return token
-
-
-def get_redis_strategy() -> TenantAwareRedisStrategy:
-    return TenantAwareRedisStrategy()
-
-
-def get_database_strategy(
-    access_token_db: AccessTokenDatabase[AccessToken] = Depends(get_access_token_db),
-) -> RefreshableDatabaseStrategy:
-    return RefreshableDatabaseStrategy(
-        access_token_db, lifetime_seconds=SESSION_EXPIRE_TIME_SECONDS
-    )
-
 
 if AUTH_BACKEND == AuthBackend.REDIS:
     auth_backend = AuthenticationBackend(
@@ -885,88 +806,6 @@ class FastAPIUserWithLogoutRouter(FastAPIUsers[models.UP, models.ID]):
 
         return router
 
-    def get_refresh_router(
-        self,
-        backend: AuthenticationBackend,
-        requires_verification: bool = REQUIRE_EMAIL_VERIFICATION,
-    ) -> APIRouter:
-        """
-        Provide a router for session token refreshing.
-        """
-        # Import the oauth_refresher here to avoid circular imports
-        from onyx.auth.oauth_refresher import check_and_refresh_oauth_tokens
-
-        router = APIRouter()
-
-        get_current_user_token = self.authenticator.current_user_token(
-            active=True, verified=requires_verification
-        )
-
-        refresh_responses: OpenAPIResponseType = {
-            **{
-                status.HTTP_401_UNAUTHORIZED: {
-                    "description": "Missing token or inactive user."
-                }
-            },
-            **backend.transport.get_openapi_login_responses_success(),
-        }
-
-        @router.post(
-            "/refresh", name=f"auth:{backend.name}.refresh", responses=refresh_responses
-        )
-        async def refresh(
-            user_token: Tuple[models.UP, str] = Depends(get_current_user_token),
-            strategy: Strategy[models.UP, models.ID] = Depends(backend.get_strategy),
-            user_manager: BaseUserManager[models.UP, models.ID] = Depends(
-                get_user_manager
-            ),
-            db_session: AsyncSession = Depends(get_async_session),
-        ) -> Response:
-            try:
-                user, token = user_token
-                logger.info(f"Processing token refresh request for user {user.email}")
-
-                # Check if user has OAuth accounts that need refreshing
-                await check_and_refresh_oauth_tokens(
-                    user=cast(User, user),
-                    db_session=db_session,
-                    user_manager=cast(Any, user_manager),
-                )
-
-                # Check if strategy supports refreshing
-                supports_refresh = hasattr(strategy, "refresh_token") and callable(
-                    getattr(strategy, "refresh_token")
-                )
-
-                if supports_refresh:
-                    try:
-                        refresh_method = getattr(strategy, "refresh_token")
-                        new_token = await refresh_method(token, user)
-                        logger.info(
-                            f"Successfully refreshed session token for user {user.email}"
-                        )
-                        return await backend.transport.get_login_response(new_token)
-                    except Exception as e:
-                        logger.error(f"Error refreshing session token: {str(e)}")
-                        # Fallback to logout and login if refresh fails
-                        await backend.logout(strategy, user, token)
-                        return await backend.login(strategy, user)
-
-                # Fallback: logout and login again
-                logger.info(
-                    "Strategy doesn't support refresh - using logout/login flow"
-                )
-                await backend.logout(strategy, user, token)
-                return await backend.login(strategy, user)
-            except Exception as e:
-                logger.error(f"Unexpected error in refresh endpoint: {str(e)}")
-                raise HTTPException(
-                    status_code=status.HTTP_400_BAD_REQUEST,
-                    detail=f"Token refresh failed: {str(e)}",
-                )
-
-        return router
-
 
 fastapi_users = FastAPIUserWithLogoutRouter[User, uuid.UUID](
     get_user_manager, [auth_backend]
@@ -1200,20 +1039,12 @@ def get_oauth_router(
             "referral_source": referral_source or "default_referral",
         }
         state = generate_state_token(state_data, state_secret)
-
-        # Get the basic authorization URL
         authorization_url = await oauth_client.get_authorization_url(
             authorize_redirect_url,
             state,
             scopes,
         )
 
-        # For Google OAuth, add parameters to request refresh tokens
-        if oauth_client.name == "google":
-            authorization_url = add_url_params(
-                authorization_url, {"access_type": "offline", "prompt": "consent"}
-            )
-
         return OAuth2AuthorizeResponse(authorization_url=authorization_url)
 
     @router.get(

backend/onyx/background/celery/apps/app_base.py

@@ -34,6 +34,7 @@ from onyx.redis.redis_connector_ext_group_sync import RedisConnectorExternalGrou
 from onyx.redis.redis_connector_prune import RedisConnectorPrune
 from onyx.redis.redis_document_set import RedisDocumentSet
 from onyx.redis.redis_pool import get_redis_client
+from onyx.redis.redis_pool import get_shared_redis_client
 from onyx.redis.redis_usergroup import RedisUserGroup
 from onyx.utils.logger import ColoredFormatter
 from onyx.utils.logger import PlainFormatter
@@ -224,7 +225,7 @@ def wait_for_redis(sender: Any, **kwargs: Any) -> None:
     Will raise WorkerShutdown to kill the celery worker if the timeout
     is reached."""
 
-    r = get_redis_client(tenant_id=POSTGRES_DEFAULT_SCHEMA)
+    r = get_shared_redis_client()
 
     WAIT_INTERVAL = 5
     WAIT_LIMIT = 60
@@ -310,7 +311,7 @@ def on_secondary_worker_init(sender: Any, **kwargs: Any) -> None:
     # Set up variables for waiting on primary worker
     WAIT_INTERVAL = 5
     WAIT_LIMIT = 60
-    r = get_redis_client(tenant_id=POSTGRES_DEFAULT_SCHEMA)
+    r = get_shared_redis_client()
     time_start = time.monotonic()
 
     logger.info("Waiting for primary worker to be ready...")

backend/onyx/background/celery/apps/beat.py

@@ -1,5 +1,6 @@
 from datetime import timedelta
 from typing import Any
+from typing import cast
 
 from celery import Celery
 from celery import signals
@@ -9,10 +10,12 @@ from celery.utils.log import get_task_logger
 
 import onyx.background.celery.apps.app_base as app_base
 from onyx.background.celery.tasks.beat_schedule import CLOUD_BEAT_MULTIPLIER_DEFAULT
+from onyx.configs.constants import ONYX_CLOUD_REDIS_RUNTIME
+from onyx.configs.constants import ONYX_CLOUD_TENANT_ID
 from onyx.configs.constants import POSTGRES_CELERY_BEAT_APP_NAME
 from onyx.db.engine import get_all_tenant_ids
 from onyx.db.engine import SqlEngine
-from onyx.server.runtime.onyx_runtime import OnyxRuntime
+from onyx.redis.redis_pool import get_redis_replica_client
 from onyx.utils.variable_functionality import fetch_versioned_implementation
 from shared_configs.configs import IGNORED_SYNCING_TENANT_LIST
 from shared_configs.configs import MULTI_TENANT
@@ -138,6 +141,8 @@ class DynamicTenantScheduler(PersistentScheduler):
         """Only updates the actual beat schedule on the celery app when it changes"""
         do_update = False
 
+        r = get_redis_replica_client(tenant_id=ONYX_CLOUD_TENANT_ID)
+
         task_logger.debug("_try_updating_schedule starting")
 
         tenant_ids = get_all_tenant_ids()
@@ -147,7 +152,16 @@ class DynamicTenantScheduler(PersistentScheduler):
         current_schedule = self.schedule.items()
 
         # get potential new state
-        beat_multiplier = OnyxRuntime.get_beat_multiplier()
+        beat_multiplier = CLOUD_BEAT_MULTIPLIER_DEFAULT
+        beat_multiplier_raw = r.get(f"{ONYX_CLOUD_REDIS_RUNTIME}:beat_multiplier")
+        if beat_multiplier_raw is not None:
+            try:
+                beat_multiplier_bytes = cast(bytes, beat_multiplier_raw)
+                beat_multiplier = float(beat_multiplier_bytes.decode())
+            except ValueError:
+                task_logger.error(
+                    f"Invalid beat_multiplier value: {beat_multiplier_raw}"
+                )
 
         new_schedule = self._generate_schedule(tenant_ids, beat_multiplier)
 

backend/onyx/background/celery/apps/primary.py

@@ -38,11 +38,10 @@ from onyx.redis.redis_connector_index import RedisConnectorIndex
 from onyx.redis.redis_connector_prune import RedisConnectorPrune
 from onyx.redis.redis_connector_stop import RedisConnectorStop
 from onyx.redis.redis_document_set import RedisDocumentSet
-from onyx.redis.redis_pool import get_redis_client
+from onyx.redis.redis_pool import get_shared_redis_client
 from onyx.redis.redis_usergroup import RedisUserGroup
 from onyx.utils.logger import setup_logger
 from shared_configs.configs import MULTI_TENANT
-from shared_configs.configs import POSTGRES_DEFAULT_SCHEMA
 
 logger = setup_logger()
 
@@ -103,7 +102,7 @@ def on_worker_init(sender: Worker, **kwargs: Any) -> None:
 
     # This is singleton work that should be done on startup exactly once
     # by the primary worker. This is unnecessary in the multi tenant scenario
-    r = get_redis_client(tenant_id=POSTGRES_DEFAULT_SCHEMA)
+    r = get_shared_redis_client()
 
     # Log the role and slave count - being connected to a slave or slave count > 0 could be problematic
     info: dict[str, Any] = cast(dict, r.info("replication"))
@@ -236,7 +235,7 @@ class HubPeriodicTask(bootsteps.StartStopStep):
 
             lock: RedisLock = worker.primary_worker_lock
 
-            r = get_redis_client(tenant_id=POSTGRES_DEFAULT_SCHEMA)
+            r = get_shared_redis_client()
 
             if lock.owned():
                 task_logger.debug("Reacquiring primary worker lock.")

backend/onyx/background/celery/memory_monitoring.py

@@ -14,7 +14,7 @@ logger = setup_logger()
 # Only set up memory monitoring in container environment
 if is_running_in_container():
     # Set up a dedicated memory monitoring logger
-    MEMORY_LOG_DIR = "/var/log/memory"
+    MEMORY_LOG_DIR = "/var/log/persisted-logs/memory"
     MEMORY_LOG_FILE = os.path.join(MEMORY_LOG_DIR, "memory_usage.log")
     MEMORY_LOG_MAX_BYTES = 10 * 1024 * 1024  # 10MB
     MEMORY_LOG_BACKUP_COUNT = 5  # Keep 5 backup files

backend/onyx/background/celery/tasks/beat_schedule.py

@@ -21,7 +21,6 @@ BEAT_EXPIRES_DEFAULT = 15 * 60  # 15 minutes (in seconds)
 # we have a better implementation (backpressure, etc)
 # Note that DynamicTenantScheduler can adjust the runtime value for this via Redis
 CLOUD_BEAT_MULTIPLIER_DEFAULT = 8.0
-CLOUD_DOC_PERMISSION_SYNC_MULTIPLIER_DEFAULT = 1.0
 
 # tasks that run in either self-hosted on cloud
 beat_task_templates: list[dict] = []

backend/onyx/background/celery/tasks/connector_deletion/tasks.py

@@ -389,8 +389,6 @@ def monitor_connector_deletion_taskset(
             db_session=db_session,
             cc_pair_id=cc_pair_id,
         )
-        credential_id_to_delete: int | None = None
-        connector_id_to_delete: int | None = None
         if not cc_pair:
             task_logger.warning(
                 f"Connector deletion - cc_pair not found: cc_pair={cc_pair_id}"
@@ -445,35 +443,24 @@ def monitor_connector_deletion_taskset(
                 db_session=db_session,
             )
 
-            # Store IDs before potentially expiring cc_pair
-            connector_id_to_delete = cc_pair.connector_id
-            credential_id_to_delete = cc_pair.credential_id
-
             # Explicitly delete document by connector credential pair records before deleting the connector
             # This is needed because connector_id is a primary key in that table and cascading deletes won't work
             delete_all_documents_by_connector_credential_pair__no_commit(
                 db_session=db_session,
-                connector_id=connector_id_to_delete,
-                credential_id=credential_id_to_delete,
+                connector_id=cc_pair.connector_id,
+                credential_id=cc_pair.credential_id,
             )
 
-            # Flush to ensure document deletion happens before connector deletion
-            db_session.flush()
-
-            # Expire the cc_pair to ensure SQLAlchemy doesn't try to manage its state
-            # related to the deleted DocumentByConnectorCredentialPair during commit
-            db_session.expire(cc_pair)
-
             # finally, delete the cc-pair
             delete_connector_credential_pair__no_commit(
                 db_session=db_session,
-                connector_id=connector_id_to_delete,
-                credential_id=credential_id_to_delete,
+                connector_id=cc_pair.connector_id,
+                credential_id=cc_pair.credential_id,
             )
             # if there are no credentials left, delete the connector
             connector = fetch_connector_by_id(
                 db_session=db_session,
-                connector_id=connector_id_to_delete,
+                connector_id=cc_pair.connector_id,
             )
             if not connector or not len(connector.credentials):
                 task_logger.info(
@@ -506,15 +493,15 @@ def monitor_connector_deletion_taskset(
 
             task_logger.exception(
                 f"Connector deletion exceptioned: "
-                f"cc_pair={cc_pair_id} connector={connector_id_to_delete} credential={credential_id_to_delete}"
+                f"cc_pair={cc_pair_id} connector={cc_pair.connector_id} credential={cc_pair.credential_id}"
             )
             raise e
 
     task_logger.info(
         f"Connector deletion succeeded: "
         f"cc_pair={cc_pair_id} "
-        f"connector={connector_id_to_delete} "
-        f"credential={credential_id_to_delete} "
+        f"connector={cc_pair.connector_id} "
+        f"credential={cc_pair.credential_id} "
         f"docs_deleted={fence_data.num_tasks}"
     )
 
@@ -564,7 +551,7 @@ def validate_connector_deletion_fences(
 def validate_connector_deletion_fence(
     tenant_id: str,
     key_bytes: bytes,
-    queued_upsert_tasks: set[str],
+    queued_tasks: set[str],
     r: Redis,
 ) -> None:
     """Checks for the error condition where an indexing fence is set but the associated celery tasks don't exist.
@@ -651,7 +638,7 @@ def validate_connector_deletion_fence(
 
         member_bytes = cast(bytes, member)
         member_str = member_bytes.decode("utf-8")
-        if member_str in queued_upsert_tasks:
+        if member_str in queued_tasks:
             continue
 
         tasks_not_in_celery += 1

backend/onyx/background/celery/tasks/doc_permission_syncing/tasks.py

@@ -17,7 +17,6 @@ from redis.exceptions import LockError
 from redis.lock import Lock as RedisLock
 from sqlalchemy.orm import Session
 
-from ee.onyx.configs.app_configs import DEFAULT_PERMISSION_DOC_SYNC_FREQUENCY
 from ee.onyx.db.connector_credential_pair import get_all_auto_sync_cc_pairs
 from ee.onyx.db.document import upsert_document_external_perms
 from ee.onyx.external_permissions.sync_params import DOC_PERMISSION_SYNC_PERIODS
@@ -64,14 +63,11 @@ from onyx.redis.redis_connector_doc_perm_sync import RedisConnectorPermissionSyn
 from onyx.redis.redis_pool import get_redis_client
 from onyx.redis.redis_pool import get_redis_replica_client
 from onyx.redis.redis_pool import redis_lock_dump
-from onyx.server.runtime.onyx_runtime import OnyxRuntime
 from onyx.server.utils import make_short_id
 from onyx.utils.logger import doc_permission_sync_ctx
 from onyx.utils.logger import format_error_for_logging
 from onyx.utils.logger import LoggerContextVars
 from onyx.utils.logger import setup_logger
-from onyx.utils.telemetry import optional_telemetry
-from onyx.utils.telemetry import RecordType
 
 
 logger = setup_logger()
@@ -108,10 +104,9 @@ def _is_external_doc_permissions_sync_due(cc_pair: ConnectorCredentialPair) -> b
 
     source_sync_period = DOC_PERMISSION_SYNC_PERIODS.get(cc_pair.connector.source)
 
+    # If RESTRICTED_FETCH_PERIOD[source] is None, we always run the sync.
     if not source_sync_period:
-        source_sync_period = DEFAULT_PERMISSION_DOC_SYNC_FREQUENCY
-
-    source_sync_period *= int(OnyxRuntime.get_doc_permission_sync_multiplier())
+        return True
 
     # If the last sync is greater than the full fetch period, we run the sync
     next_sync = last_perm_sync + timedelta(seconds=source_sync_period)
@@ -289,7 +284,7 @@ def try_creating_permissions_sync_task(
             ),
             queue=OnyxCeleryQueues.CONNECTOR_DOC_PERMISSIONS_SYNC,
             task_id=custom_task_id,
-            priority=OnyxCeleryPriority.MEDIUM,
+            priority=OnyxCeleryPriority.HIGH,
         )
 
         # fill in the celery task id
@@ -880,21 +875,6 @@ def monitor_ccpair_permissions_taskset(
         f"remaining={remaining} "
         f"initial={initial}"
     )
-
-    # Add telemetry for permission syncing progress
-    optional_telemetry(
-        record_type=RecordType.PERMISSION_SYNC_PROGRESS,
-        data={
-            "cc_pair_id": cc_pair_id,
-            "id": payload.id if payload else None,
-            "total_docs": initial if initial is not None else 0,
-            "remaining_docs": remaining,
-            "synced_docs": (initial - remaining) if initial is not None else 0,
-            "is_complete": remaining == 0,
-        },
-        tenant_id=tenant_id,
-    )
-
     if remaining > 0:
         return
 

backend/onyx/background/celery/tasks/external_group_syncing/tasks.py

@@ -271,7 +271,7 @@ def try_creating_external_group_sync_task(
             ),
             queue=OnyxCeleryQueues.CONNECTOR_EXTERNAL_GROUP_SYNC,
             task_id=custom_task_id,
-            priority=OnyxCeleryPriority.MEDIUM,
+            priority=OnyxCeleryPriority.HIGH,
         )
 
         payload.celery_task_id = result.id

backend/onyx/background/celery/tasks/indexing/tasks.py

@@ -72,7 +72,6 @@ from onyx.redis.redis_pool import get_redis_replica_client
 from onyx.redis.redis_pool import redis_lock_dump
 from onyx.redis.redis_pool import SCAN_ITER_COUNT_DEFAULT
 from onyx.redis.redis_utils import is_fence
-from onyx.server.runtime.onyx_runtime import OnyxRuntime
 from onyx.utils.logger import setup_logger
 from onyx.utils.variable_functionality import global_version
 from shared_configs.configs import INDEXING_MODEL_SERVER_HOST
@@ -402,11 +401,7 @@ def check_for_indexing(self: Task, *, tenant_id: str) -> int | None:
                     logger.warning(f"Adding {key_bytes} to the lookup table.")
                     redis_client.sadd(OnyxRedisConstants.ACTIVE_FENCES, key_bytes)
 
-            redis_client.set(
-                OnyxRedisSignals.BLOCK_BUILD_FENCE_LOOKUP_TABLE,
-                1,
-                ex=OnyxRuntime.get_build_fence_lookup_table_interval(),
-            )
+            redis_client.set(OnyxRedisSignals.BLOCK_BUILD_FENCE_LOOKUP_TABLE, 1, ex=300)
 
         # 1/3: KICKOFF
 

backend/onyx/background/indexing/run_indexing.py

@@ -56,12 +56,9 @@ from onyx.indexing.indexing_pipeline import build_indexing_pipeline
 from onyx.natural_language_processing.search_nlp_models import (
     InformationContentClassificationModel,
 )
-from onyx.redis.redis_connector import RedisConnector
 from onyx.utils.logger import setup_logger
 from onyx.utils.logger import TaskAttemptSingleton
 from onyx.utils.telemetry import create_milestone_and_report
-from onyx.utils.telemetry import optional_telemetry
-from onyx.utils.telemetry import RecordType
 from onyx.utils.variable_functionality import global_version
 from shared_configs.configs import MULTI_TENANT
 
@@ -573,22 +570,6 @@ def _run_indexing(
                 if callback:
                     callback.progress("_run_indexing", len(doc_batch_cleaned))
 
-                # Add telemetry for indexing progress
-                optional_telemetry(
-                    record_type=RecordType.INDEXING_PROGRESS,
-                    data={
-                        "index_attempt_id": index_attempt_id,
-                        "cc_pair_id": ctx.cc_pair_id,
-                        "connector_id": ctx.connector_id,
-                        "credential_id": ctx.credential_id,
-                        "total_docs_indexed": document_count,
-                        "total_chunks": chunk_count,
-                        "batch_num": batch_num,
-                        "source": ctx.source.value,
-                    },
-                    tenant_id=tenant_id,
-                )
-
                 memory_tracer.increment_and_maybe_trace()
 
             # `make sure the checkpoints aren't getting too large`at some regular interval
@@ -604,30 +585,6 @@ def _run_indexing(
                     checkpoint=checkpoint,
                 )
 
-        # Add telemetry for completed indexing
-        redis_connector = RedisConnector(tenant_id, ctx.cc_pair_id)
-        redis_connector_index = redis_connector.new_index(
-            index_attempt_start.search_settings_id
-        )
-        final_progress = redis_connector_index.get_progress() or 0
-
-        optional_telemetry(
-            record_type=RecordType.INDEXING_COMPLETE,
-            data={
-                "index_attempt_id": index_attempt_id,
-                "cc_pair_id": ctx.cc_pair_id,
-                "connector_id": ctx.connector_id,
-                "credential_id": ctx.credential_id,
-                "total_docs_indexed": document_count,
-                "total_chunks": chunk_count,
-                "batch_count": batch_num,
-                "time_elapsed_seconds": time.monotonic() - start_time,
-                "source": ctx.source.value,
-                "redis_progress": final_progress,
-            },
-            tenant_id=tenant_id,
-        )
-
     except Exception as e:
         logger.exception(
             "Connector run exceptioned after elapsed time: "

backend/onyx/chat/models.py

@@ -194,6 +194,17 @@ class StreamingError(BaseModel):
     stack_trace: str | None = None
 
 
+class OnyxContext(BaseModel):
+    content: str
+    document_id: str
+    semantic_identifier: str
+    blurb: str
+
+
+class OnyxContexts(BaseModel):
+    contexts: list[OnyxContext]
+
+
 class OnyxAnswer(BaseModel):
     answer: str | None
 
@@ -259,6 +270,7 @@ class PersonaOverrideConfig(BaseModel):
 AnswerQuestionPossibleReturn = (
     OnyxAnswerPiece
     | CitationInfo
+    | OnyxContexts
     | FileChatDisplay
     | CustomToolResponse
     | StreamingError

backend/onyx/chat/process_message.py

@@ -29,6 +29,7 @@ from onyx.chat.models import LLMRelevanceFilterResponse
 from onyx.chat.models import MessageResponseIDInfo
 from onyx.chat.models import MessageSpecificCitations
 from onyx.chat.models import OnyxAnswerPiece
+from onyx.chat.models import OnyxContexts
 from onyx.chat.models import PromptConfig
 from onyx.chat.models import QADocsResponse
 from onyx.chat.models import RefinedAnswerImprovement
@@ -72,7 +73,6 @@ from onyx.db.chat import get_or_create_root_message
 from onyx.db.chat import reserve_message_id
 from onyx.db.chat import translate_db_message_to_chat_message_detail
 from onyx.db.chat import translate_db_search_doc_to_server_search_doc
-from onyx.db.chat import update_chat_session_updated_at_timestamp
 from onyx.db.engine import get_session_context_manager
 from onyx.db.milestone import check_multi_assistant_milestone
 from onyx.db.milestone import create_milestone_if_not_exists
@@ -130,6 +130,7 @@ from onyx.tools.tool_implementations.internet_search.internet_search_tool import
 from onyx.tools.tool_implementations.search.search_tool import (
     FINAL_CONTEXT_DOCUMENTS_ID,
 )
+from onyx.tools.tool_implementations.search.search_tool import SEARCH_DOC_CONTENT_ID
 from onyx.tools.tool_implementations.search.search_tool import (
     SEARCH_RESPONSE_SUMMARY_ID,
 )
@@ -298,6 +299,7 @@ def _get_force_search_settings(
 ChatPacket = (
     StreamingError
     | QADocsResponse
+    | OnyxContexts
     | LLMRelevanceFilterResponse
     | FinalUsedContextDocsResponse
     | ChatMessageDetail
@@ -916,6 +918,8 @@ def stream_chat_message_objects(
                             response=custom_tool_response.tool_result,
                             tool_name=custom_tool_response.tool_name,
                         )
+                elif packet.id == SEARCH_DOC_CONTENT_ID and include_contexts:
+                    yield cast(OnyxContexts, packet.response)
 
             elif isinstance(packet, StreamStopInfo):
                 if packet.stop_reason == StreamStopReason.FINISHED:
@@ -1065,8 +1069,6 @@ def stream_chat_message_objects(
             prev_message = next_answer_message
 
         logger.debug("Committing messages")
-        # Explicitly update the timestamp on the chat session
-        update_chat_session_updated_at_timestamp(chat_session_id, db_session)
         db_session.commit()  # actually save user / assistant message
 
         yield AgenticMessageResponseIDInfo(agentic_message_ids=agentic_message_ids)

backend/onyx/chat/prune_and_merge.py

@@ -301,10 +301,6 @@ def prune_sections(
 
 
 def _merge_doc_chunks(chunks: list[InferenceChunk]) -> InferenceSection:
-    assert (
-        len(set([chunk.document_id for chunk in chunks])) == 1
-    ), "One distinct document must be passed into merge_doc_chunks"
-
     # Assuming there are no duplicates by this point
     sorted_chunks = sorted(chunks, key=lambda x: x.chunk_id)
 

backend/onyx/chat/stream_processing/utils.py

@@ -3,6 +3,7 @@ from collections.abc import Sequence
 from pydantic import BaseModel
 
 from onyx.chat.models import LlmDoc
+from onyx.chat.models import OnyxContext
 from onyx.context.search.models import InferenceChunk
 
 
@@ -11,7 +12,7 @@ class DocumentIdOrderMapping(BaseModel):
 
 
 def map_document_id_order(
-    chunks: Sequence[InferenceChunk | LlmDoc], one_indexed: bool = True
+    chunks: Sequence[InferenceChunk | LlmDoc | OnyxContext], one_indexed: bool = True
 ) -> DocumentIdOrderMapping:
     order_mapping = {}
     current = 1 if one_indexed else 0

backend/onyx/configs/app_configs.py

@@ -1,8 +1,6 @@
 import json
 import os
 import urllib.parse
-from datetime import datetime
-from datetime import timezone
 from typing import cast
 
 from onyx.auth.schemas import AuthBackend
@@ -385,23 +383,10 @@ CONFLUENCE_CONNECTOR_ATTACHMENT_CHAR_COUNT_THRESHOLD = int(
 # https://community.developer.atlassian.com/t/confluence-cloud-time-zone-get-via-rest-api/35954/16
 # https://jira.atlassian.com/browse/CONFCLOUD-69670
 
-
-def get_current_tz_offset() -> int:
-    # datetime now() gets local time, datetime.now(timezone.utc) gets UTC time.
-    # remove tzinfo to compare non-timezone-aware objects.
-    time_diff = datetime.now() - datetime.now(timezone.utc).replace(tzinfo=None)
-    return round(time_diff.total_seconds() / 3600)
-
-
 # enter as a floating point offset from UTC in hours (-24 < val < 24)
 # this will be applied globally, so it probably makes sense to transition this to per
 # connector as some point.
-# For the default value, we assume that the user's local timezone is more likely to be
-# correct (i.e. the configured user's timezone or the default server one) than UTC.
-# https://developer.atlassian.com/cloud/confluence/cql-fields/#created
-CONFLUENCE_TIMEZONE_OFFSET = float(
-    os.environ.get("CONFLUENCE_TIMEZONE_OFFSET", get_current_tz_offset())
-)
+CONFLUENCE_TIMEZONE_OFFSET = float(os.environ.get("CONFLUENCE_TIMEZONE_OFFSET", 0.0))
 
 GOOGLE_DRIVE_CONNECTOR_SIZE_THRESHOLD = int(
     os.environ.get("GOOGLE_DRIVE_CONNECTOR_SIZE_THRESHOLD", 10 * 1024 * 1024)
@@ -692,7 +677,3 @@ IMAGE_ANALYSIS_SYSTEM_PROMPT = os.environ.get(
     "IMAGE_ANALYSIS_SYSTEM_PROMPT",
     DEFAULT_IMAGE_ANALYSIS_SYSTEM_PROMPT,
 )
-
-DISABLE_AUTO_AUTH_REFRESH = (
-    os.environ.get("DISABLE_AUTO_AUTH_REFRESH", "").lower() == "true"
-)

backend/onyx/configs/constants.py

@@ -382,7 +382,6 @@ ONYX_CLOUD_TENANT_ID = "cloud"
 
 # the redis namespace for runtime variables
 ONYX_CLOUD_REDIS_RUNTIME = "runtime"
-CLOUD_BUILD_FENCE_LOOKUP_TABLE_INTERVAL_DEFAULT = 600
 
 
 class OnyxCeleryTask:

backend/onyx/connectors/blob/connector.py

@@ -87,7 +87,7 @@ class BlobStorageConnector(LoadConnector, PollConnector):
                 credentials.get(key)
                 for key in ["aws_access_key_id", "aws_secret_access_key"]
             ):
-                raise ConnectorMissingCredentialError("Amazon S3")
+                raise ConnectorMissingCredentialError("Google Cloud Storage")
 
             session = boto3.Session(
                 aws_access_key_id=credentials["aws_access_key_id"],

backend/onyx/connectors/confluence/connector.py

@@ -65,7 +65,19 @@ _RESTRICTIONS_EXPANSION_FIELDS = [
 
 _SLIM_DOC_BATCH_SIZE = 5000
 
-ONE_HOUR = 3600
+_ATTACHMENT_EXTENSIONS_TO_FILTER_OUT = [
+    "gif",
+    "mp4",
+    "mov",
+    "mp3",
+    "wav",
+]
+_FULL_EXTENSION_FILTER_STRING = "".join(
+    [
+        f" and title!~'*.{extension}'"
+        for extension in _ATTACHMENT_EXTENSIONS_TO_FILTER_OUT
+    ]
+)
 
 
 class ConfluenceConnector(
@@ -195,6 +207,7 @@ class ConfluenceConnector(
     def _construct_attachment_query(self, confluence_page_id: str) -> str:
         attachment_query = f"type=attachment and container='{confluence_page_id}'"
         attachment_query += self.cql_label_filter
+        attachment_query += _FULL_EXTENSION_FILTER_STRING
         return attachment_query
 
     def _get_comment_string_for_page_id(self, page_id: str) -> str:
@@ -359,13 +372,11 @@ class ConfluenceConnector(
                 if not validate_attachment_filetype(
                     attachment,
                 ):
-                    logger.info(f"Skipping attachment: {attachment['title']}")
                     continue
 
-                logger.info(f"Processing attachment: {attachment['title']}")
-
                 # Attempt to get textual content or image summarization:
                 try:
+                    logger.info(f"Processing attachment: {attachment['title']}")
                     response = convert_attachment_to_content(
                         confluence_client=self.confluence_client,
                         attachment=attachment,
@@ -418,17 +429,7 @@ class ConfluenceConnector(
         start: SecondsSinceUnixEpoch | None = None,
         end: SecondsSinceUnixEpoch | None = None,
     ) -> GenerateDocumentsOutput:
-        try:
-            return self._fetch_document_batches(start, end)
-        except Exception as e:
-            if "field 'updated' is invalid" in str(e) and start is not None:
-                logger.warning(
-                    "Confluence says we provided an invalid 'updated' field. This may indicate"
-                    "a real issue, but can also appear during edge cases like daylight"
-                    f"savings time changes. Retrying with a 1 hour offset. Error: {e}"
-                )
-                return self._fetch_document_batches(start - ONE_HOUR, end)
-            raise
+        return self._fetch_document_batches(start, end)
 
     def retrieve_all_slim_documents(
         self,

backend/onyx/connectors/egnyte/connector.py

@@ -28,9 +28,8 @@ from onyx.connectors.models import TextSection
 from onyx.file_processing.extract_file_text import detect_encoding
 from onyx.file_processing.extract_file_text import extract_file_text
 from onyx.file_processing.extract_file_text import get_file_ext
-from onyx.file_processing.extract_file_text import is_accepted_file_ext
 from onyx.file_processing.extract_file_text import is_text_file_extension
-from onyx.file_processing.extract_file_text import OnyxExtensionType
+from onyx.file_processing.extract_file_text import is_valid_file_ext
 from onyx.file_processing.extract_file_text import read_text_file
 from onyx.utils.logger import setup_logger
 from onyx.utils.retry_wrapper import request_with_retries
@@ -70,9 +69,7 @@ def _process_egnyte_file(
 
     file_name = file_metadata["name"]
     extension = get_file_ext(file_name)
-    if not is_accepted_file_ext(
-        extension, OnyxExtensionType.Plain | OnyxExtensionType.Document
-    ):
+    if not is_valid_file_ext(extension):
         logger.warning(f"Skipping file '{file_name}' with extension '{extension}'")
         return None
 

backend/onyx/connectors/file/connector.py

@@ -22,9 +22,8 @@ from onyx.db.engine import get_session_with_current_tenant
 from onyx.db.pg_file_store import get_pgfilestore_by_file_name
 from onyx.file_processing.extract_file_text import extract_text_and_images
 from onyx.file_processing.extract_file_text import get_file_ext
-from onyx.file_processing.extract_file_text import is_accepted_file_ext
+from onyx.file_processing.extract_file_text import is_valid_file_ext
 from onyx.file_processing.extract_file_text import load_files_from_zip
-from onyx.file_processing.extract_file_text import OnyxExtensionType
 from onyx.file_processing.image_utils import store_image_and_create_section
 from onyx.file_store.file_store import get_default_file_store
 from onyx.utils.logger import setup_logger
@@ -52,7 +51,7 @@ def _read_files_and_metadata(
             file_content, ignore_dirs=True
         ):
             yield os.path.join(directory_path, file_info.filename), subfile, metadata
-    elif is_accepted_file_ext(extension, OnyxExtensionType.All):
+    elif is_valid_file_ext(extension):
         yield file_name, file_content, metadata
     else:
         logger.warning(f"Skipping file '{file_name}' with extension '{extension}'")
@@ -123,7 +122,7 @@ def _process_file(
         logger.warning(f"No file record found for '{file_name}' in PG; skipping.")
         return []
 
-    if not is_accepted_file_ext(extension, OnyxExtensionType.All):
+    if not is_valid_file_ext(extension):
         logger.warning(
             f"Skipping file '{file_name}' with unrecognized extension '{extension}'"
         )

backend/onyx/connectors/google_drive/connector.py

@@ -2,11 +2,11 @@ import copy
 import threading
 from collections.abc import Callable
 from collections.abc import Iterator
-from datetime import datetime
+from concurrent.futures import as_completed
+from concurrent.futures import ThreadPoolExecutor
 from enum import Enum
 from functools import partial
 from typing import Any
-from typing import cast
 from typing import Protocol
 from urllib.parse import urlparse
 
@@ -28,9 +28,7 @@ from onyx.connectors.google_drive.doc_conversion import (
 )
 from onyx.connectors.google_drive.file_retrieval import crawl_folders_for_files
 from onyx.connectors.google_drive.file_retrieval import get_all_files_for_oauth
-from onyx.connectors.google_drive.file_retrieval import (
-    get_all_files_in_my_drive_and_shared,
-)
+from onyx.connectors.google_drive.file_retrieval import get_all_files_in_my_drive
 from onyx.connectors.google_drive.file_retrieval import get_files_in_shared_drive
 from onyx.connectors.google_drive.file_retrieval import get_root_folder_id
 from onyx.connectors.google_drive.models import DriveRetrievalStage
@@ -60,13 +58,13 @@ from onyx.connectors.interfaces import SlimConnector
 from onyx.connectors.models import ConnectorFailure
 from onyx.connectors.models import ConnectorMissingCredentialError
 from onyx.connectors.models import Document
+from onyx.connectors.models import DocumentFailure
 from onyx.connectors.models import EntityFailure
 from onyx.indexing.indexing_heartbeat import IndexingHeartbeatInterface
 from onyx.utils.lazy import lazy_eval
 from onyx.utils.logger import setup_logger
 from onyx.utils.retry_wrapper import retry_builder
 from onyx.utils.threadpool_concurrency import parallel_yield
-from onyx.utils.threadpool_concurrency import run_functions_tuples_in_parallel
 from onyx.utils.threadpool_concurrency import ThreadSafeDict
 
 logger = setup_logger()
@@ -88,18 +86,13 @@ def _extract_ids_from_urls(urls: list[str]) -> list[str]:
 
 def _convert_single_file(
     creds: Any,
+    primary_admin_email: str,
     allow_images: bool,
     size_threshold: int,
-    retriever_email: str,
     file: dict[str, Any],
 ) -> Document | ConnectorFailure | None:
-    # We used to always get the user email from the file owners when available,
-    # but this was causing issues with shared folders where the owner was not included in the service account
-    # now we use the email of the account that successfully listed the file. Leaving this in case we end up
-    # wanting to retry with file owners and/or admin email at some point.
-    # user_email = file.get("owners", [{}])[0].get("emailAddress") or primary_admin_email
+    user_email = file.get("owners", [{}])[0].get("emailAddress") or primary_admin_email
 
-    user_email = retriever_email
     # Only construct these services when needed
     user_drive_service = lazy_eval(
         lambda: get_drive_service(creds, user_email=user_email)
@@ -457,11 +450,10 @@ class GoogleDriveConnector(SlimConnector, CheckpointConnector[GoogleDriveCheckpo
                 logger.info(f"Getting all files in my drive as '{user_email}'")
 
                 yield from add_retrieval_info(
-                    get_all_files_in_my_drive_and_shared(
+                    get_all_files_in_my_drive(
                         service=drive_service,
                         update_traversed_ids_func=self._update_traversed_parent_ids,
                         is_slim=is_slim,
-                        include_shared_with_me=self.include_files_shared_with_me,
                         start=curr_stage.completed_until if resuming else start,
                         end=end,
                     ),
@@ -469,7 +461,6 @@ class GoogleDriveConnector(SlimConnector, CheckpointConnector[GoogleDriveCheckpo
                     DriveRetrievalStage.MY_DRIVE_FILES,
                 )
             curr_stage.stage = DriveRetrievalStage.SHARED_DRIVE_FILES
-            resuming = False  # we are starting the next stage for the first time
 
         if curr_stage.stage == DriveRetrievalStage.SHARED_DRIVE_FILES:
 
@@ -505,7 +496,7 @@ class GoogleDriveConnector(SlimConnector, CheckpointConnector[GoogleDriveCheckpo
                 )
                 yield from _yield_from_drive(drive_id, start)
             curr_stage.stage = DriveRetrievalStage.FOLDER_FILES
-            resuming = False  # we are starting the next stage for the first time
+
         if curr_stage.stage == DriveRetrievalStage.FOLDER_FILES:
 
             def _yield_from_folder_crawl(
@@ -558,16 +549,6 @@ class GoogleDriveConnector(SlimConnector, CheckpointConnector[GoogleDriveCheckpo
             checkpoint, is_slim, DriveRetrievalStage.MY_DRIVE_FILES
         )
 
-        # Setup initial completion map on first connector run
-        for email in all_org_emails:
-            # don't overwrite existing completion map on resuming runs
-            if email in checkpoint.completion_map:
-                continue
-            checkpoint.completion_map[email] = StageCompletion(
-                stage=DriveRetrievalStage.START,
-                completed_until=0,
-            )
-
         # we've found all users and drives, now time to actually start
         # fetching stuff
         logger.info(f"Found {len(all_org_emails)} users to impersonate")
@@ -581,6 +562,11 @@ class GoogleDriveConnector(SlimConnector, CheckpointConnector[GoogleDriveCheckpo
             drive_ids_to_retrieve, checkpoint
         )
 
+        for email in all_org_emails:
+            checkpoint.completion_map[email] = StageCompletion(
+                stage=DriveRetrievalStage.START,
+                completed_until=0,
+            )
         user_retrieval_gens = [
             self._impersonate_user_for_retrieval(
                 email,
@@ -811,12 +797,10 @@ class GoogleDriveConnector(SlimConnector, CheckpointConnector[GoogleDriveCheckpo
             return
 
         for file in drive_files:
-            if file.error is None:
+            if file.error is not None:
                 checkpoint.completion_map[file.user_email].update(
                     stage=file.completion_stage,
-                    completed_until=datetime.fromisoformat(
-                        file.drive_file[GoogleFields.MODIFIED_TIME.value]
-                    ).timestamp(),
+                    completed_until=file.drive_file[GoogleFields.MODIFIED_TIME.value],
                     completed_until_parent_id=file.parent_id,
                 )
             yield file
@@ -918,86 +902,118 @@ class GoogleDriveConnector(SlimConnector, CheckpointConnector[GoogleDriveCheckpo
         checkpoint: GoogleDriveCheckpoint,
         start: SecondsSinceUnixEpoch | None = None,
         end: SecondsSinceUnixEpoch | None = None,
-    ) -> Iterator[Document | ConnectorFailure]:
+    ) -> Iterator[list[Document | ConnectorFailure]]:
         try:
-            # Prepare a partial function with the credentials and admin email
-            convert_func = partial(
-                _convert_single_file,
-                self.creds,
-                self.allow_images,
-                self.size_threshold,
-            )
-            # Fetch files in batches
-            batches_complete = 0
-            files_batch: list[RetrievedDriveFile] = []
-
-            def _yield_batch(
-                files_batch: list[RetrievedDriveFile],
-            ) -> Iterator[Document | ConnectorFailure]:
-                nonlocal batches_complete
-                # Process the batch using run_functions_tuples_in_parallel
-                func_with_args = [
-                    (
-                        convert_func,
-                        (
-                            file.user_email,
-                            file.drive_file,
-                        ),
-                    )
-                    for file in files_batch
-                ]
-                results = cast(
-                    list[Document | ConnectorFailure | None],
-                    run_functions_tuples_in_parallel(func_with_args, max_workers=8),
+            # Create a larger process pool for file conversion
+            with ThreadPoolExecutor(max_workers=8) as executor:
+                # Prepare a partial function with the credentials and admin email
+                convert_func = partial(
+                    _convert_single_file,
+                    self.creds,
+                    self.primary_admin_email,
+                    self.allow_images,
+                    self.size_threshold,
                 )
 
-                docs_and_failures = [result for result in results if result is not None]
+                # Fetch files in batches
+                batches_complete = 0
+                files_batch: list[GoogleDriveFileType] = []
+                for retrieved_file in self._fetch_drive_items(
+                    is_slim=False,
+                    checkpoint=checkpoint,
+                    start=start,
+                    end=end,
+                ):
+                    if retrieved_file.error is not None:
+                        failure_stage = retrieved_file.completion_stage.value
+                        failure_message = (
+                            f"retrieval failure during stage: {failure_stage},"
+                        )
+                        failure_message += f"user: {retrieved_file.user_email},"
+                        failure_message += (
+                            f"parent drive/folder: {retrieved_file.parent_id},"
+                        )
+                        failure_message += f"error: {retrieved_file.error}"
+                        logger.error(failure_message)
+                        yield [
+                            ConnectorFailure(
+                                failed_entity=EntityFailure(
+                                    entity_id=failure_stage,
+                                ),
+                                failure_message=failure_message,
+                                exception=retrieved_file.error,
+                            )
+                        ]
+                        continue
+                    files_batch.append(retrieved_file.drive_file)
 
-                if docs_and_failures:
-                    yield from docs_and_failures
-                    batches_complete += 1
+                    if len(files_batch) < self.batch_size:
+                        continue
 
-            for retrieved_file in self._fetch_drive_items(
-                is_slim=False,
-                checkpoint=checkpoint,
-                start=start,
-                end=end,
-            ):
-                if retrieved_file.error is not None:
-                    failure_stage = retrieved_file.completion_stage.value
-                    failure_message = (
-                        f"retrieval failure during stage: {failure_stage},"
-                    )
-                    failure_message += f"user: {retrieved_file.user_email},"
-                    failure_message += (
-                        f"parent drive/folder: {retrieved_file.parent_id},"
-                    )
-                    failure_message += f"error: {retrieved_file.error}"
-                    logger.error(failure_message)
-                    yield ConnectorFailure(
-                        failed_entity=EntityFailure(
-                            entity_id=failure_stage,
-                        ),
-                        failure_message=failure_message,
-                        exception=retrieved_file.error,
-                    )
+                    # Process the batch
+                    futures = [
+                        executor.submit(convert_func, file) for file in files_batch
+                    ]
+                    documents = []
+                    for future in as_completed(futures):
+                        try:
+                            doc = future.result()
+                            if doc is not None:
+                                documents.append(doc)
+                        except Exception as e:
+                            error_str = f"Error converting file: {e}"
+                            logger.error(error_str)
+                            yield [
+                                ConnectorFailure(
+                                    failed_document=DocumentFailure(
+                                        document_id=retrieved_file.drive_file["id"],
+                                        document_link=retrieved_file.drive_file[
+                                            "webViewLink"
+                                        ],
+                                    ),
+                                    failure_message=error_str,
+                                    exception=e,
+                                )
+                            ]
 
-                    continue
-                files_batch.append(retrieved_file)
+                    if documents:
+                        yield documents
+                        batches_complete += 1
+                    files_batch = []
 
-                if len(files_batch) < self.batch_size:
-                    continue
+                    if batches_complete > BATCHES_PER_CHECKPOINT:
+                        checkpoint.retrieved_folder_and_drive_ids = self._retrieved_ids
+                        return  # create a new checkpoint
 
-                yield from _yield_batch(files_batch)
-                files_batch = []
+                # Process any remaining files
+                if files_batch:
+                    futures = [
+                        executor.submit(convert_func, file) for file in files_batch
+                    ]
+                    documents = []
+                    for future in as_completed(futures):
+                        try:
+                            doc = future.result()
+                            if doc is not None:
+                                documents.append(doc)
+                        except Exception as e:
+                            error_str = f"Error converting file: {e}"
+                            logger.error(error_str)
+                            yield [
+                                ConnectorFailure(
+                                    failed_document=DocumentFailure(
+                                        document_id=retrieved_file.drive_file["id"],
+                                        document_link=retrieved_file.drive_file[
+                                            "webViewLink"
+                                        ],
+                                    ),
+                                    failure_message=error_str,
+                                    exception=e,
+                                )
+                            ]
 
-                if batches_complete > BATCHES_PER_CHECKPOINT:
-                    checkpoint.retrieved_folder_and_drive_ids = self._retrieved_ids
-                    return  # create a new checkpoint
-
-            # Process any remaining files
-            if files_batch:
-                yield from _yield_batch(files_batch)
+                    if documents:
+                        yield documents
         except Exception as e:
             logger.exception(f"Error extracting documents from Google Drive: {e}")
             raise e
@@ -1019,7 +1035,10 @@ class GoogleDriveConnector(SlimConnector, CheckpointConnector[GoogleDriveCheckpo
         checkpoint = copy.deepcopy(checkpoint)
         self._retrieved_ids = checkpoint.retrieved_folder_and_drive_ids
         try:
-            yield from self._extract_docs_from_google_drive(checkpoint, start, end)
+            for doc_list in self._extract_docs_from_google_drive(
+                checkpoint, start, end
+            ):
+                yield from doc_list
         except Exception as e:
             if MISSING_SCOPES_ERROR_STR in str(e):
                 raise PermissionError(ONYX_SCOPE_INSTRUCTIONS) from e
@@ -1054,7 +1073,9 @@ class GoogleDriveConnector(SlimConnector, CheckpointConnector[GoogleDriveCheckpo
                         raise RuntimeError(
                             "_extract_slim_docs_from_google_drive: Stop signal detected"
                         )
+
                     callback.progress("_extract_slim_docs_from_google_drive", 1)
+
         yield slim_batch
 
     def retrieve_all_slim_documents(

backend/onyx/connectors/google_drive/doc_conversion.py

@@ -87,17 +87,35 @@ def _download_and_extract_sections_basic(
     mime_type = file["mimeType"]
     link = file.get("webViewLink", "")
 
-    # skip images if not explicitly enabled
-    if not allow_images and is_gdrive_image_mime_type(mime_type):
-        return []
+    try:
+        # skip images if not explicitly enabled
+        if not allow_images and is_gdrive_image_mime_type(mime_type):
+            return []
 
-    # For Google Docs, Sheets, and Slides, export as plain text
-    if mime_type in GOOGLE_MIME_TYPES_TO_EXPORT:
-        export_mime_type = GOOGLE_MIME_TYPES_TO_EXPORT[mime_type]
-        # Use the correct API call for exporting files
-        request = service.files().export_media(
-            fileId=file_id, mimeType=export_mime_type
-        )
+        # For Google Docs, Sheets, and Slides, export as plain text
+        if mime_type in GOOGLE_MIME_TYPES_TO_EXPORT:
+            export_mime_type = GOOGLE_MIME_TYPES_TO_EXPORT[mime_type]
+            # Use the correct API call for exporting files
+            request = service.files().export_media(
+                fileId=file_id, mimeType=export_mime_type
+            )
+            response_bytes = io.BytesIO()
+            downloader = MediaIoBaseDownload(response_bytes, request)
+            done = False
+            while not done:
+                _, done = downloader.next_chunk()
+
+            response = response_bytes.getvalue()
+            if not response:
+                logger.warning(f"Failed to export {file_name} as {export_mime_type}")
+                return []
+
+            text = response.decode("utf-8")
+            return [TextSection(link=link, text=text)]
+
+        # For other file types, download the file
+        # Use the correct API call for downloading files
+        request = service.files().get_media(fileId=file_id)
         response_bytes = io.BytesIO()
         downloader = MediaIoBaseDownload(response_bytes, request)
         done = False
@@ -106,100 +124,88 @@ def _download_and_extract_sections_basic(
 
         response = response_bytes.getvalue()
         if not response:
-            logger.warning(f"Failed to export {file_name} as {export_mime_type}")
+            logger.warning(f"Failed to download {file_name}")
             return []
 
-        text = response.decode("utf-8")
-        return [TextSection(link=link, text=text)]
+        # Process based on mime type
+        if mime_type == "text/plain":
+            text = response.decode("utf-8")
+            return [TextSection(link=link, text=text)]
 
-    # For other file types, download the file
-    # Use the correct API call for downloading files
-    request = service.files().get_media(fileId=file_id)
-    response_bytes = io.BytesIO()
-    downloader = MediaIoBaseDownload(response_bytes, request)
-    done = False
-    while not done:
-        _, done = downloader.next_chunk()
+        elif (
+            mime_type
+            == "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
+        ):
+            text, _ = docx_to_text_and_images(io.BytesIO(response))
+            return [TextSection(link=link, text=text)]
 
-    response = response_bytes.getvalue()
-    if not response:
-        logger.warning(f"Failed to download {file_name}")
-        return []
+        elif (
+            mime_type
+            == "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
+        ):
+            text = xlsx_to_text(io.BytesIO(response))
+            return [TextSection(link=link, text=text)]
 
-    # Process based on mime type
-    if mime_type == "text/plain":
-        text = response.decode("utf-8")
-        return [TextSection(link=link, text=text)]
+        elif (
+            mime_type
+            == "application/vnd.openxmlformats-officedocument.presentationml.presentation"
+        ):
+            text = pptx_to_text(io.BytesIO(response))
+            return [TextSection(link=link, text=text)]
 
-    elif (
-        mime_type
-        == "application/vnd.openxmlformats-officedocument.wordprocessingml.document"
-    ):
-        text, _ = docx_to_text_and_images(io.BytesIO(response))
-        return [TextSection(link=link, text=text)]
-
-    elif (
-        mime_type == "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
-    ):
-        text = xlsx_to_text(io.BytesIO(response))
-        return [TextSection(link=link, text=text)]
-
-    elif (
-        mime_type
-        == "application/vnd.openxmlformats-officedocument.presentationml.presentation"
-    ):
-        text = pptx_to_text(io.BytesIO(response))
-        return [TextSection(link=link, text=text)]
-
-    elif is_gdrive_image_mime_type(mime_type):
-        # For images, store them for later processing
-        sections: list[TextSection | ImageSection] = []
-        try:
-            with get_session_with_current_tenant() as db_session:
-                section, embedded_id = store_image_and_create_section(
-                    db_session=db_session,
-                    image_data=response,
-                    file_name=file_id,
-                    display_name=file_name,
-                    media_type=mime_type,
-                    file_origin=FileOrigin.CONNECTOR,
-                    link=link,
-                )
-                sections.append(section)
-        except Exception as e:
-            logger.error(f"Failed to process image {file_name}: {e}")
-        return sections
-
-    elif mime_type == "application/pdf":
-        text, _pdf_meta, images = read_pdf_file(io.BytesIO(response))
-        pdf_sections: list[TextSection | ImageSection] = [
-            TextSection(link=link, text=text)
-        ]
-
-        # Process embedded images in the PDF
-        try:
-            with get_session_with_current_tenant() as db_session:
-                for idx, (img_data, img_name) in enumerate(images):
+        elif is_gdrive_image_mime_type(mime_type):
+            # For images, store them for later processing
+            sections: list[TextSection | ImageSection] = []
+            try:
+                with get_session_with_current_tenant() as db_session:
                     section, embedded_id = store_image_and_create_section(
                         db_session=db_session,
-                        image_data=img_data,
-                        file_name=f"{file_id}_img_{idx}",
-                        display_name=img_name or f"{file_name} - image {idx}",
+                        image_data=response,
+                        file_name=file_id,
+                        display_name=file_name,
+                        media_type=mime_type,
                         file_origin=FileOrigin.CONNECTOR,
+                        link=link,
                     )
-                    pdf_sections.append(section)
-        except Exception as e:
-            logger.error(f"Failed to process PDF images in {file_name}: {e}")
-        return pdf_sections
+                    sections.append(section)
+            except Exception as e:
+                logger.error(f"Failed to process image {file_name}: {e}")
+            return sections
 
-    else:
-        # For unsupported file types, try to extract text
-        try:
-            text = extract_file_text(io.BytesIO(response), file_name)
-            return [TextSection(link=link, text=text)]
-        except Exception as e:
-            logger.warning(f"Failed to extract text from {file_name}: {e}")
-            return []
+        elif mime_type == "application/pdf":
+            text, _pdf_meta, images = read_pdf_file(io.BytesIO(response))
+            pdf_sections: list[TextSection | ImageSection] = [
+                TextSection(link=link, text=text)
+            ]
+
+            # Process embedded images in the PDF
+            try:
+                with get_session_with_current_tenant() as db_session:
+                    for idx, (img_data, img_name) in enumerate(images):
+                        section, embedded_id = store_image_and_create_section(
+                            db_session=db_session,
+                            image_data=img_data,
+                            file_name=f"{file_id}_img_{idx}",
+                            display_name=img_name or f"{file_name} - image {idx}",
+                            file_origin=FileOrigin.CONNECTOR,
+                        )
+                        pdf_sections.append(section)
+            except Exception as e:
+                logger.error(f"Failed to process PDF images in {file_name}: {e}")
+            return pdf_sections
+
+        else:
+            # For unsupported file types, try to extract text
+            try:
+                text = extract_file_text(io.BytesIO(response), file_name)
+                return [TextSection(link=link, text=text)]
+            except Exception as e:
+                logger.warning(f"Failed to extract text from {file_name}: {e}")
+                return []
+
+    except Exception as e:
+        logger.error(f"Error processing file {file_name}: {e}")
+        return []
 
 
 def convert_drive_item_to_document(

backend/onyx/connectors/google_drive/file_retrieval.py

@@ -123,7 +123,7 @@ def crawl_folders_for_files(
                 end=end,
             ):
                 found_files = True
-                logger.info(f"Found file: {file['name']}, user email: {user_email}")
+                logger.info(f"Found file: {file['name']}")
                 yield RetrievedDriveFile(
                     drive_file=file,
                     user_email=user_email,
@@ -214,11 +214,10 @@ def get_files_in_shared_drive(
         yield file
 
 
-def get_all_files_in_my_drive_and_shared(
+def get_all_files_in_my_drive(
     service: GoogleDriveService,
     update_traversed_ids_func: Callable,
     is_slim: bool,
-    include_shared_with_me: bool,
     start: SecondsSinceUnixEpoch | None = None,
     end: SecondsSinceUnixEpoch | None = None,
 ) -> Iterator[GoogleDriveFileType]:
@@ -230,8 +229,7 @@ def get_all_files_in_my_drive_and_shared(
     # Get all folders being queried and add them to the traversed set
     folder_query = f"mimeType = '{DRIVE_FOLDER_TYPE}'"
     folder_query += " and trashed = false"
-    if not include_shared_with_me:
-        folder_query += " and 'me' in owners"
+    folder_query += " and 'me' in owners"
     found_folders = False
     for file in execute_paginated_retrieval(
         retrieval_function=service.files().list,
@@ -248,8 +246,7 @@ def get_all_files_in_my_drive_and_shared(
     # Then get the files
     file_query = f"mimeType != '{DRIVE_FOLDER_TYPE}'"
     file_query += " and trashed = false"
-    if not include_shared_with_me:
-        file_query += " and 'me' in owners"
+    file_query += " and 'me' in owners"
     file_query += _generate_time_range_filter(start, end)
     yield from execute_paginated_retrieval(
         retrieval_function=service.files().list,

backend/onyx/connectors/highspot/connector.py

@@ -20,8 +20,8 @@ from onyx.connectors.models import ConnectorMissingCredentialError
 from onyx.connectors.models import Document
 from onyx.connectors.models import SlimDocument
 from onyx.connectors.models import TextSection
-from onyx.file_processing.extract_file_text import ALL_ACCEPTED_FILE_EXTENSIONS
 from onyx.file_processing.extract_file_text import extract_file_text
+from onyx.file_processing.extract_file_text import VALID_FILE_EXTENSIONS
 from onyx.indexing.indexing_heartbeat import IndexingHeartbeatInterface
 from onyx.utils.logger import setup_logger
 
@@ -298,7 +298,7 @@ class HighspotConnector(LoadConnector, PollConnector, SlimConnector):
 
             elif (
                 is_valid_format
-                and file_extension in ALL_ACCEPTED_FILE_EXTENSIONS
+                and file_extension in VALID_FILE_EXTENSIONS
                 and can_download
             ):
                 # For documents, try to get the text content

backend/onyx/connectors/zendesk/connector.py

@@ -175,12 +175,9 @@ def _get_tickets_page(
     )
 
 
-def _fetch_author(
-    client: ZendeskClient, author_id: str | int
-) -> BasicExpertInfo | None:
+def _fetch_author(client: ZendeskClient, author_id: str) -> BasicExpertInfo | None:
     # Skip fetching if author_id is invalid
-    # cast to str to avoid issues with zendesk changing their types
-    if not author_id or str(author_id) == "-1":
+    if not author_id or author_id == "-1":
         return None
 
     try:

backend/onyx/context/search/pipeline.py

@@ -339,12 +339,6 @@ class SearchPipeline:
         self._retrieved_sections = self._get_sections()
         return self._retrieved_sections
 
-    @property
-    def merged_retrieved_sections(self) -> list[InferenceSection]:
-        """Should be used to display in the UI in order to prevent displaying
-        multiple sections for the same document as separate "documents"."""
-        return _merge_sections(sections=self.retrieved_sections)
-
     @property
     def reranked_sections(self) -> list[InferenceSection]:
         """Reranking is always done at the chunk level since section merging could create arbitrarily
@@ -421,10 +415,6 @@ class SearchPipeline:
                 raise ValueError(
                     "Basic search evaluation operation called while DISABLE_LLM_DOC_RELEVANCE is enabled."
                 )
-            # NOTE: final_context_sections must be accessed before accessing self._postprocessing_generator
-            # since the property sets the generator. DO NOT REMOVE.
-            _ = self.final_context_sections
-
             self._section_relevance = next(
                 cast(
                     Iterator[list[SectionRelevancePiece]],

backend/onyx/db/chat.py

@@ -1089,20 +1089,3 @@ def log_agent_sub_question_results(
             db_session.commit()
 
     return None
-
-
-def update_chat_session_updated_at_timestamp(
-    chat_session_id: UUID, db_session: Session
-) -> None:
-    """
-    Explicitly update the timestamp on a chat session without modifying other fields.
-    This is useful when adding messages to a chat session to reflect recent activity.
-    """
-
-    # Direct SQL update to avoid loading the entire object if it's not already loaded
-    db_session.execute(
-        update(ChatSession)
-        .where(ChatSession.id == chat_session_id)
-        .values(time_updated=func.now())
-    )
-    # No commit - the caller is responsible for committing the transaction

backend/onyx/db/index_attempt.py

@@ -8,31 +8,23 @@ from sqlalchemy import and_
 from sqlalchemy import delete
 from sqlalchemy import desc
 from sqlalchemy import func
-from sqlalchemy import Select
 from sqlalchemy import select
 from sqlalchemy import update
 from sqlalchemy.orm import contains_eager
 from sqlalchemy.orm import joinedload
 from sqlalchemy.orm import Session
+from sqlalchemy.sql import Select
 
 from onyx.connectors.models import ConnectorFailure
-from onyx.db.engine import get_session_with_current_tenant
-from onyx.db.enums import IndexingStatus
-from onyx.db.enums import IndexModelStatus
-from onyx.db.models import ConnectorCredentialPair
+from onyx.db.engine import get_session_context_manager
 from onyx.db.models import IndexAttempt
 from onyx.db.models import IndexAttemptError
+from onyx.db.models import IndexingStatus
+from onyx.db.models import IndexModelStatus
 from onyx.db.models import SearchSettings
+from onyx.server.documents.models import ConnectorCredentialPair
 from onyx.server.documents.models import ConnectorCredentialPairIdentifier
 from onyx.utils.logger import setup_logger
-from onyx.utils.telemetry import optional_telemetry
-from onyx.utils.telemetry import RecordType
-
-# Comment out unused imports that cause mypy errors
-# from onyx.auth.models import UserRole
-# from onyx.configs.constants import MAX_LAST_VALID_CHECKPOINT_AGE_SECONDS
-# from onyx.db.connector_credential_pair import ConnectorCredentialPairIdentifier
-# from onyx.db.engine import async_query_for_dms
 
 logger = setup_logger()
 
@@ -209,17 +201,6 @@ def mark_attempt_in_progress(
         attempt.status = IndexingStatus.IN_PROGRESS
         attempt.time_started = index_attempt.time_started or func.now()  # type: ignore
         db_session.commit()
-
-        # Add telemetry for index attempt status change
-        optional_telemetry(
-            record_type=RecordType.INDEX_ATTEMPT_STATUS,
-            data={
-                "index_attempt_id": index_attempt.id,
-                "status": IndexingStatus.IN_PROGRESS.value,
-                "cc_pair_id": index_attempt.connector_credential_pair_id,
-                "search_settings_id": index_attempt.search_settings_id,
-            },
-        )
     except Exception:
         db_session.rollback()
         raise
@@ -238,19 +219,6 @@ def mark_attempt_succeeded(
 
         attempt.status = IndexingStatus.SUCCESS
         db_session.commit()
-
-        # Add telemetry for index attempt status change
-        optional_telemetry(
-            record_type=RecordType.INDEX_ATTEMPT_STATUS,
-            data={
-                "index_attempt_id": index_attempt_id,
-                "status": IndexingStatus.SUCCESS.value,
-                "cc_pair_id": attempt.connector_credential_pair_id,
-                "search_settings_id": attempt.search_settings_id,
-                "total_docs_indexed": attempt.total_docs_indexed,
-                "new_docs_indexed": attempt.new_docs_indexed,
-            },
-        )
     except Exception:
         db_session.rollback()
         raise
@@ -269,19 +237,6 @@ def mark_attempt_partially_succeeded(
 
         attempt.status = IndexingStatus.COMPLETED_WITH_ERRORS
         db_session.commit()
-
-        # Add telemetry for index attempt status change
-        optional_telemetry(
-            record_type=RecordType.INDEX_ATTEMPT_STATUS,
-            data={
-                "index_attempt_id": index_attempt_id,
-                "status": IndexingStatus.COMPLETED_WITH_ERRORS.value,
-                "cc_pair_id": attempt.connector_credential_pair_id,
-                "search_settings_id": attempt.search_settings_id,
-                "total_docs_indexed": attempt.total_docs_indexed,
-                "new_docs_indexed": attempt.new_docs_indexed,
-            },
-        )
     except Exception:
         db_session.rollback()
         raise
@@ -304,20 +259,6 @@ def mark_attempt_canceled(
         attempt.status = IndexingStatus.CANCELED
         attempt.error_msg = reason
         db_session.commit()
-
-        # Add telemetry for index attempt status change
-        optional_telemetry(
-            record_type=RecordType.INDEX_ATTEMPT_STATUS,
-            data={
-                "index_attempt_id": index_attempt_id,
-                "status": IndexingStatus.CANCELED.value,
-                "cc_pair_id": attempt.connector_credential_pair_id,
-                "search_settings_id": attempt.search_settings_id,
-                "reason": reason,
-                "total_docs_indexed": attempt.total_docs_indexed,
-                "new_docs_indexed": attempt.new_docs_indexed,
-            },
-        )
     except Exception:
         db_session.rollback()
         raise
@@ -342,20 +283,6 @@ def mark_attempt_failed(
         attempt.error_msg = failure_reason
         attempt.full_exception_trace = full_exception_trace
         db_session.commit()
-
-        # Add telemetry for index attempt status change
-        optional_telemetry(
-            record_type=RecordType.INDEX_ATTEMPT_STATUS,
-            data={
-                "index_attempt_id": index_attempt_id,
-                "status": IndexingStatus.FAILED.value,
-                "cc_pair_id": attempt.connector_credential_pair_id,
-                "search_settings_id": attempt.search_settings_id,
-                "reason": failure_reason,
-                "total_docs_indexed": attempt.total_docs_indexed,
-                "new_docs_indexed": attempt.new_docs_indexed,
-            },
-        )
     except Exception:
         db_session.rollback()
         raise
@@ -507,7 +434,7 @@ def get_latest_index_attempts_parallel(
     eager_load_cc_pair: bool = False,
     only_finished: bool = False,
 ) -> Sequence[IndexAttempt]:
-    with get_session_with_current_tenant() as db_session:
+    with get_session_context_manager() as db_session:
         return get_latest_index_attempts(
             secondary_index,
             db_session,

backend/onyx/db/users.py

@@ -24,9 +24,7 @@ from onyx.db.models import User__UserGroup
 from onyx.utils.variable_functionality import fetch_ee_implementation_or_noop
 
 
-def validate_user_role_update(
-    requested_role: UserRole, current_role: UserRole, explicit_override: bool = False
-) -> None:
+def validate_user_role_update(requested_role: UserRole, current_role: UserRole) -> None:
     """
     Validate that a user role update is valid.
     Assumed only admins can hit this endpoint.
@@ -59,9 +57,6 @@ def validate_user_role_update(
             detail="To change a Limited User's role, they must first login to Onyx via the web app.",
         )
 
-    if explicit_override:
-        return
-
     if requested_role == UserRole.CURATOR:
         # This shouldn't happen, but just in case
         raise HTTPException(

backend/onyx/file_processing/extract_file_text.py

@@ -7,8 +7,6 @@ from collections.abc import Callable
 from collections.abc import Iterator
 from collections.abc import Sequence
 from email.parser import Parser as EmailParser
-from enum import auto
-from enum import IntFlag
 from io import BytesIO
 from pathlib import Path
 from typing import Any
@@ -37,7 +35,7 @@ logger = setup_logger()
 
 TEXT_SECTION_SEPARATOR = "\n\n"
 
-ACCEPTED_PLAIN_TEXT_FILE_EXTENSIONS = [
+PLAIN_TEXT_FILE_EXTENSIONS = [
     ".txt",
     ".md",
     ".mdx",
@@ -51,7 +49,7 @@ ACCEPTED_PLAIN_TEXT_FILE_EXTENSIONS = [
     ".yaml",
 ]
 
-ACCEPTED_DOCUMENT_FILE_EXTENSIONS = [
+VALID_FILE_EXTENSIONS = PLAIN_TEXT_FILE_EXTENSIONS + [
     ".pdf",
     ".docx",
     ".pptx",
@@ -59,21 +57,12 @@ ACCEPTED_DOCUMENT_FILE_EXTENSIONS = [
     ".eml",
     ".epub",
     ".html",
-]
-
-ACCEPTED_IMAGE_FILE_EXTENSIONS = [
     ".png",
     ".jpg",
     ".jpeg",
     ".webp",
 ]
 
-ALL_ACCEPTED_FILE_EXTENSIONS = (
-    ACCEPTED_PLAIN_TEXT_FILE_EXTENSIONS
-    + ACCEPTED_DOCUMENT_FILE_EXTENSIONS
-    + ACCEPTED_IMAGE_FILE_EXTENSIONS
-)
-
 IMAGE_MEDIA_TYPES = [
     "image/png",
     "image/jpeg",
@@ -81,15 +70,8 @@ IMAGE_MEDIA_TYPES = [
 ]
 
 
-class OnyxExtensionType(IntFlag):
-    Plain = auto()
-    Document = auto()
-    Multimedia = auto()
-    All = Plain | Document | Multimedia
-
-
 def is_text_file_extension(file_name: str) -> bool:
-    return any(file_name.endswith(ext) for ext in ACCEPTED_PLAIN_TEXT_FILE_EXTENSIONS)
+    return any(file_name.endswith(ext) for ext in PLAIN_TEXT_FILE_EXTENSIONS)
 
 
 def get_file_ext(file_path_or_name: str | Path) -> str:
@@ -101,20 +83,8 @@ def is_valid_media_type(media_type: str) -> bool:
     return media_type in IMAGE_MEDIA_TYPES
 
 
-def is_accepted_file_ext(ext: str, ext_type: OnyxExtensionType) -> bool:
-    if ext_type & OnyxExtensionType.Plain:
-        if ext in ACCEPTED_PLAIN_TEXT_FILE_EXTENSIONS:
-            return True
-
-    if ext_type & OnyxExtensionType.Document:
-        if ext in ACCEPTED_DOCUMENT_FILE_EXTENSIONS:
-            return True
-
-    if ext_type & OnyxExtensionType.Multimedia:
-        if ext in ACCEPTED_IMAGE_FILE_EXTENSIONS:
-            return True
-
-    return False
+def is_valid_file_ext(ext: str) -> bool:
+    return ext in VALID_FILE_EXTENSIONS
 
 
 def is_text_file(file: IO[bytes]) -> bool:
@@ -412,9 +382,6 @@ def extract_file_text(
     """
     Legacy function that returns *only text*, ignoring embedded images.
     For backward-compatibility in code that only wants text.
-
-    NOTE: Ignoring seems to be defined as returning an empty string for files it can't
-    handle (such as images).
     """
     extension_to_function: dict[str, Callable[[IO[Any]], str]] = {
         ".pdf": pdf_to_text,
@@ -438,9 +405,7 @@ def extract_file_text(
         if extension is None:
             extension = get_file_ext(file_name)
 
-        if is_accepted_file_ext(
-            extension, OnyxExtensionType.Plain | OnyxExtensionType.Document
-        ):
+        if is_valid_file_ext(extension):
             func = extension_to_function.get(extension, file_io_to_text)
             file.seek(0)
             return func(file)

backend/onyx/file_processing/file_validation.py

@@ -15,7 +15,6 @@ EXCLUDED_IMAGE_TYPES = [
     "image/tiff",
     "image/gif",
     "image/svg+xml",
-    "image/avif",
 ]
 
 

backend/onyx/main.py

@@ -361,15 +361,7 @@ def get_application() -> FastAPI:
         )
 
     if AUTH_TYPE == AuthType.GOOGLE_OAUTH:
-        # For Google OAuth, refresh tokens are requested by:
-        # 1. Adding the right scopes
-        # 2. Properly configuring OAuth in Google Cloud Console to allow offline access
-        oauth_client = GoogleOAuth2(
-            OAUTH_CLIENT_ID,
-            OAUTH_CLIENT_SECRET,
-            # Use standard scopes that include profile and email
-            scopes=["openid", "email", "profile"],
-        )
+        oauth_client = GoogleOAuth2(OAUTH_CLIENT_ID, OAUTH_CLIENT_SECRET)
         include_auth_router_with_prefix(
             application,
             create_onyx_oauth_router(
@@ -391,13 +383,6 @@ def get_application() -> FastAPI:
             prefix="/auth",
         )
 
-        # Add refresh token endpoint for OAuth as well
-        include_auth_router_with_prefix(
-            application,
-            fastapi_users.get_refresh_router(auth_backend),
-            prefix="/auth",
-        )
-
     application.add_exception_handler(
         RequestValidationError, validation_exception_handler
     )

backend/onyx/onyxbot/slack/handlers/handle_buttons.py

@@ -15,6 +15,7 @@ from onyx.configs.constants import MessageType
 from onyx.configs.constants import SearchFeedbackType
 from onyx.configs.onyxbot_configs import DANSWER_FOLLOWUP_EMOJI
 from onyx.connectors.slack.utils import expert_info_from_slack_id
+from onyx.connectors.slack.utils import make_slack_api_rate_limited
 from onyx.context.search.models import SavedSearchDoc
 from onyx.db.chat import get_chat_message
 from onyx.db.chat import translate_db_message_to_chat_message_detail
@@ -552,7 +553,8 @@ def handle_followup_resolved_button(
 
     # Delete the message with the option to mark resolved
     if not immediate:
-        response = client.web_client.chat_delete(
+        slack_call = make_slack_api_rate_limited(client.web_client.chat_delete)
+        response = slack_call(
             channel=channel_id,
             ts=message_ts,
         )

backend/onyx/onyxbot/slack/listener.py

@@ -18,9 +18,6 @@ from prometheus_client import start_http_server
 from redis.lock import Lock
 from slack_sdk import WebClient
 from slack_sdk.errors import SlackApiError
-from slack_sdk.http_retry import ConnectionErrorRetryHandler
-from slack_sdk.http_retry import RateLimitErrorRetryHandler
-from slack_sdk.http_retry import RetryHandler
 from slack_sdk.socket_mode.request import SocketModeRequest
 from slack_sdk.socket_mode.response import SocketModeResponse
 from sqlalchemy.orm import Session
@@ -947,21 +944,10 @@ def _get_socket_client(
 ) -> TenantSocketModeClient:
     # For more info on how to set this up, checkout the docs:
     # https://docs.onyx.app/slack_bot_setup
-
-    # use the retry handlers built into the slack sdk
-    connection_error_retry_handler = ConnectionErrorRetryHandler()
-    rate_limit_error_retry_handler = RateLimitErrorRetryHandler(max_retry_count=7)
-    slack_retry_handlers: list[RetryHandler] = [
-        connection_error_retry_handler,
-        rate_limit_error_retry_handler,
-    ]
-
     return TenantSocketModeClient(
         # This app-level token will be used only for establishing a connection
         app_token=slack_bot_tokens.app_token,
-        web_client=WebClient(
-            token=slack_bot_tokens.bot_token, retry_handlers=slack_retry_handlers
-        ),
+        web_client=WebClient(token=slack_bot_tokens.bot_token),
         tenant_id=tenant_id,
         slack_bot_id=slack_bot_id,
     )

backend/onyx/onyxbot/slack/utils.py

@@ -30,6 +30,7 @@ from onyx.configs.onyxbot_configs import (
 from onyx.configs.onyxbot_configs import (
     DANSWER_BOT_RESPONSE_LIMIT_TIME_PERIOD_SECONDS,
 )
+from onyx.connectors.slack.utils import make_slack_api_rate_limited
 from onyx.connectors.slack.utils import SlackTextCleaner
 from onyx.db.engine import get_session_with_current_tenant
 from onyx.db.users import get_user_by_email
@@ -124,18 +125,13 @@ def update_emote_react(
             )
             return
 
-        if remove:
-            client.reactions_remove(
-                name=emoji,
-                channel=channel,
-                timestamp=message_ts,
-            )
-        else:
-            client.reactions_add(
-                name=emoji,
-                channel=channel,
-                timestamp=message_ts,
-            )
+        func = client.reactions_remove if remove else client.reactions_add
+        slack_call = make_slack_api_rate_limited(func)  # type: ignore
+        slack_call(
+            name=emoji,
+            channel=channel,
+            timestamp=message_ts,
+        )
     except SlackApiError as e:
         if remove:
             logger.error(f"Failed to remove Reaction due to: {e}")
@@ -204,8 +200,9 @@ def respond_in_thread_or_channel(
 
     message_ids: list[str] = []
     if not receiver_ids:
+        slack_call = make_slack_api_rate_limited(client.chat_postMessage)
         try:
-            response = client.chat_postMessage(
+            response = slack_call(
                 channel=channel,
                 text=text,
                 blocks=blocks,
@@ -227,7 +224,7 @@ def respond_in_thread_or_channel(
             blocks_without_urls.append(_build_error_block(str(e)))
 
             # Try again wtihout blocks containing url
-            response = client.chat_postMessage(
+            response = slack_call(
                 channel=channel,
                 text=text,
                 blocks=blocks_without_urls,
@@ -239,9 +236,11 @@ def respond_in_thread_or_channel(
 
         message_ids.append(response["message_ts"])
     else:
+        slack_call = make_slack_api_rate_limited(client.chat_postEphemeral)
+
         for receiver in receiver_ids:
             try:
-                response = client.chat_postEphemeral(
+                response = slack_call(
                     channel=channel,
                     user=receiver,
                     text=text,
@@ -264,7 +263,7 @@ def respond_in_thread_or_channel(
                 blocks_without_urls.append(_build_error_block(str(e)))
 
                 # Try again wtihout blocks containing url
-                response = client.chat_postEphemeral(
+                response = slack_call(
                     channel=channel,
                     user=receiver,
                     text=text,
@@ -501,7 +500,7 @@ def fetch_user_semantic_id_from_id(
     if not user_id:
         return None
 
-    response = client.users_info(user=user_id)
+    response = make_slack_api_rate_limited(client.users_info)(user=user_id)
     if not response["ok"]:
         return None
 

backend/onyx/server/auth_check.py

@@ -31,7 +31,6 @@ PUBLIC_ENDPOINT_SPECS = [
     # just gets the version of Onyx (e.g. 0.3.11)
     ("/version", {"GET"}),
     # stuff related to basic auth
-    ("/auth/refresh", {"POST"}),
     ("/auth/register", {"POST"}),
     ("/auth/login", {"POST"}),
     ("/auth/logout", {"POST"}),

backend/onyx/server/manage/models.py

@@ -132,7 +132,6 @@ class UserByEmail(BaseModel):
 class UserRoleUpdateRequest(BaseModel):
     user_email: str
     new_role: UserRole
-    explicit_override: bool = False
 
 
 class UserRoleResponse(BaseModel):

backend/onyx/server/manage/users.py

@@ -102,7 +102,6 @@ def set_user_role(
     validate_user_role_update(
         requested_role=requested_role,
         current_role=current_role,
-        explicit_override=user_role_update_request.explicit_override,
     )
 
     if user_to_update.id == current_user.id:
@@ -123,22 +122,6 @@ def set_user_role(
     db_session.commit()
 
 
-class TestUpsertRequest(BaseModel):
-    email: str
-
-
-@router.post("/manage/users/test-upsert-user")
-async def test_upsert_user(
-    request: TestUpsertRequest,
-    _: User = Depends(current_admin_user),
-) -> None | FullUserSnapshot:
-    """Test endpoint for upsert_saml_user. Only used for integration testing."""
-    user = await fetch_ee_implementation_or_noop(
-        "onyx.server.saml", "upsert_saml_user", None
-    )(email=request.email)
-    return FullUserSnapshot.from_user_model(user) if user else None
-
-
 @router.get("/manage/users/accepted")
 def list_accepted_users(
     q: str | None = Query(default=None),
@@ -313,7 +296,7 @@ def bulk_invite_users(
             detail=f"Invalid email address: {email} - {str(e)}",
         )
 
-    if MULTI_TENANT:
+    if MULTI_TENANT and not DEV_MODE:
         try:
             fetch_ee_implementation_or_noop(
                 "onyx.server.tenants.provisioning", "add_users_to_tenant", None
@@ -335,7 +318,7 @@ def bulk_invite_users(
         except Exception as e:
             logger.error(f"Error sending email invite to invited users: {e}")
 
-    if not MULTI_TENANT or DEV_MODE:
+    if not MULTI_TENANT:
         return number_of_invited_users
 
     # for billing purposes, write to the control plane about the number of new users
@@ -376,7 +359,7 @@ def remove_invited_user(
     number_of_invited_users = write_invited_users(remaining_users)
 
     try:
-        if MULTI_TENANT and not DEV_MODE:
+        if MULTI_TENANT:
             fetch_ee_implementation_or_noop(
                 "onyx.server.tenants.billing", "register_tenant_users", None
             )(tenant_id, get_total_users_count(db_session))

backend/onyx/server/runtime/onyx_runtime.py

@@ -1,19 +1,10 @@
 import io
-from typing import cast
 
 from PIL import Image
 
-from onyx.background.celery.tasks.beat_schedule import CLOUD_BEAT_MULTIPLIER_DEFAULT
-from onyx.background.celery.tasks.beat_schedule import (
-    CLOUD_DOC_PERMISSION_SYNC_MULTIPLIER_DEFAULT,
-)
-from onyx.configs.constants import CLOUD_BUILD_FENCE_LOOKUP_TABLE_INTERVAL_DEFAULT
-from onyx.configs.constants import ONYX_CLOUD_REDIS_RUNTIME
-from onyx.configs.constants import ONYX_CLOUD_TENANT_ID
 from onyx.configs.constants import ONYX_EMAILABLE_LOGO_MAX_DIM
 from onyx.db.engine import get_session_with_shared_schema
 from onyx.file_store.file_store import PostgresBackedFileStore
-from onyx.redis.redis_pool import get_redis_replica_client
 from onyx.utils.file import FileWithMimeType
 from onyx.utils.file import OnyxStaticFileManager
 from onyx.utils.variable_functionality import (
@@ -96,72 +87,3 @@ class OnyxRuntime:
         )
 
         return OnyxRuntime._get_with_static_fallback(db_filename, STATIC_FILENAME)
-
-    @staticmethod
-    def get_beat_multiplier() -> float:
-        """the beat multiplier is used to scale up or down the frequency of certain beat
-        tasks in the cloud. It has a significant effect on load and is useful to adjust
-        in real time."""
-
-        beat_multiplier: float = CLOUD_BEAT_MULTIPLIER_DEFAULT
-
-        r = get_redis_replica_client(tenant_id=ONYX_CLOUD_TENANT_ID)
-
-        beat_multiplier_raw = r.get(f"{ONYX_CLOUD_REDIS_RUNTIME}:beat_multiplier")
-        if beat_multiplier_raw is not None:
-            try:
-                beat_multiplier_bytes = cast(bytes, beat_multiplier_raw)
-                beat_multiplier = float(beat_multiplier_bytes.decode())
-            except ValueError:
-                pass
-
-        if beat_multiplier <= 0.0:
-            return 1.0
-
-        return beat_multiplier
-
-    @staticmethod
-    def get_doc_permission_sync_multiplier() -> float:
-        """Permission syncs are a significant source of load / queueing in the cloud."""
-
-        value: float = CLOUD_DOC_PERMISSION_SYNC_MULTIPLIER_DEFAULT
-
-        r = get_redis_replica_client(tenant_id=ONYX_CLOUD_TENANT_ID)
-
-        value_raw = r.get(f"{ONYX_CLOUD_REDIS_RUNTIME}:doc_permission_sync_multiplier")
-        if value_raw is not None:
-            try:
-                value_bytes = cast(bytes, value_raw)
-                value = float(value_bytes.decode())
-            except ValueError:
-                pass
-
-        if value <= 0.0:
-            return 1.0
-
-        return value
-
-    @staticmethod
-    def get_build_fence_lookup_table_interval() -> int:
-        """We maintain an active fence table to make lookups of existing fences efficient.
-        However, reconstructing the table is expensive, so adjusting it in realtime is useful.
-        """
-
-        interval: int = CLOUD_BUILD_FENCE_LOOKUP_TABLE_INTERVAL_DEFAULT
-
-        r = get_redis_replica_client(tenant_id=ONYX_CLOUD_TENANT_ID)
-
-        interval_raw = r.get(
-            f"{ONYX_CLOUD_REDIS_RUNTIME}:build_fence_lookup_table_interval"
-        )
-        if interval_raw is not None:
-            try:
-                interval_bytes = cast(bytes, interval_raw)
-                interval = int(interval_bytes.decode())
-            except ValueError:
-                pass
-
-        if interval <= 0.0:
-            return CLOUD_BUILD_FENCE_LOOKUP_TABLE_INTERVAL_DEFAULT
-
-        return interval

backend/onyx/tools/tool_implementations/search/search_tool.py

@@ -12,6 +12,7 @@ from onyx.chat.models import AnswerStyleConfig
 from onyx.chat.models import ContextualPruningConfig
 from onyx.chat.models import DocumentPruningConfig
 from onyx.chat.models import LlmDoc
+from onyx.chat.models import OnyxContexts
 from onyx.chat.models import PromptConfig
 from onyx.chat.models import SectionRelevancePiece
 from onyx.chat.prompt_builder.answer_prompt_builder import AnswerPromptBuilder
@@ -41,6 +42,9 @@ from onyx.tools.models import SearchQueryInfo
 from onyx.tools.models import SearchToolOverrideKwargs
 from onyx.tools.models import ToolResponse
 from onyx.tools.tool import Tool
+from onyx.tools.tool_implementations.search.search_utils import (
+    context_from_inference_section,
+)
 from onyx.tools.tool_implementations.search.search_utils import llm_doc_to_dict
 from onyx.tools.tool_implementations.search_like_tool_utils import (
     build_next_prompt_for_search_like_tool,
@@ -54,6 +58,7 @@ from onyx.utils.special_types import JSON_ro
 logger = setup_logger()
 
 SEARCH_RESPONSE_SUMMARY_ID = "search_response_summary"
+SEARCH_DOC_CONTENT_ID = "search_doc_content"
 SECTION_RELEVANCE_LIST_ID = "section_relevance_list"
 SEARCH_EVALUATION_ID = "llm_doc_eval"
 QUERY_FIELD = "query"
@@ -352,13 +357,13 @@ class SearchTool(Tool[SearchToolOverrideKwargs]):
             recency_bias_multiplier=search_pipeline.search_query.recency_bias_multiplier,
         )
         yield from yield_search_responses(
-            query=query,
-            # give back the merged sections to prevent duplicate docs from appearing in the UI
-            get_retrieved_sections=lambda: search_pipeline.merged_retrieved_sections,
-            get_final_context_sections=lambda: search_pipeline.final_context_sections,
-            search_query_info=search_query_info,
-            get_section_relevance=lambda: search_pipeline.section_relevance,
-            search_tool=self,
+            query,
+            lambda: search_pipeline.retrieved_sections,
+            lambda: search_pipeline.reranked_sections,
+            lambda: search_pipeline.final_context_sections,
+            search_query_info,
+            lambda: search_pipeline.section_relevance,
+            self,
         )
 
     def final_result(self, *args: ToolResponse) -> JSON_ro:
@@ -400,6 +405,7 @@ class SearchTool(Tool[SearchToolOverrideKwargs]):
 def yield_search_responses(
     query: str,
     get_retrieved_sections: Callable[[], list[InferenceSection]],
+    get_reranked_sections: Callable[[], list[InferenceSection]],
     get_final_context_sections: Callable[[], list[InferenceSection]],
     search_query_info: SearchQueryInfo,
     get_section_relevance: Callable[[], list[SectionRelevancePiece] | None],
@@ -417,6 +423,16 @@ def yield_search_responses(
         ),
     )
 
+    yield ToolResponse(
+        id=SEARCH_DOC_CONTENT_ID,
+        response=OnyxContexts(
+            contexts=[
+                context_from_inference_section(section)
+                for section in get_reranked_sections()
+            ]
+        ),
+    )
+
     section_relevance = get_section_relevance()
     yield ToolResponse(
         id=SECTION_RELEVANCE_LIST_ID,

backend/onyx/tools/tool_implementations/search/search_utils.py

@@ -1,4 +1,5 @@
 from onyx.chat.models import LlmDoc
+from onyx.chat.models import OnyxContext
 from onyx.context.search.models import InferenceSection
 from onyx.prompts.prompt_utils import clean_up_source
 
@@ -31,23 +32,10 @@ def section_to_dict(section: InferenceSection, section_num: int) -> dict:
     return doc_dict
 
 
-def section_to_llm_doc(section: InferenceSection) -> LlmDoc:
-    possible_link_chunks = [section.center_chunk] + section.chunks
-    link: str | None = None
-    for chunk in possible_link_chunks:
-        if chunk.source_links:
-            link = list(chunk.source_links.values())[0]
-            break
-
-    return LlmDoc(
-        document_id=section.center_chunk.document_id,
+def context_from_inference_section(section: InferenceSection) -> OnyxContext:
+    return OnyxContext(
         content=section.combined_content,
-        source_type=section.center_chunk.source_type,
+        document_id=section.center_chunk.document_id,
         semantic_identifier=section.center_chunk.semantic_identifier,
-        metadata=section.center_chunk.metadata,
-        updated_at=section.center_chunk.updated_at,
         blurb=section.center_chunk.blurb,
-        link=link,
-        source_links=section.center_chunk.source_links,
-        match_highlights=section.center_chunk.match_highlights,
     )

backend/onyx/utils/telemetry.py

@@ -36,10 +36,6 @@ class RecordType(str, Enum):
     LATENCY = "latency"
     FAILURE = "failure"
     METRIC = "metric"
-    INDEXING_PROGRESS = "indexing_progress"
-    INDEXING_COMPLETE = "indexing_complete"
-    PERMISSION_SYNC_PROGRESS = "permission_sync_progress"
-    INDEX_ATTEMPT_STATUS = "index_attempt_status"
 
 
 def _get_or_generate_customer_id_mt(tenant_id: str) -> str:

backend/onyx/utils/threadpool_concurrency.py

@@ -6,17 +6,14 @@ import uuid
 from collections.abc import Callable
 from collections.abc import Iterator
 from collections.abc import MutableMapping
-from collections.abc import Sequence
 from concurrent.futures import as_completed
 from concurrent.futures import FIRST_COMPLETED
 from concurrent.futures import Future
 from concurrent.futures import ThreadPoolExecutor
 from concurrent.futures import wait
 from typing import Any
-from typing import cast
 from typing import Generic
 from typing import overload
-from typing import Protocol
 from typing import TypeVar
 
 from pydantic import GetCoreSchemaHandler
@@ -148,20 +145,13 @@ class ThreadSafeDict(MutableMapping[KT, VT]):
             return collections.abc.ValuesView(self)
 
 
-class CallableProtocol(Protocol):
-    def __call__(self, *args: Any, **kwargs: Any) -> Any:
-        ...
-
-
 def run_functions_tuples_in_parallel(
-    functions_with_args: Sequence[tuple[CallableProtocol, tuple[Any, ...]]],
+    functions_with_args: list[tuple[Callable, tuple]],
     allow_failures: bool = False,
     max_workers: int | None = None,
 ) -> list[Any]:
     """
     Executes multiple functions in parallel and returns a list of the results for each function.
-    This function preserves contextvars across threads, which is important for maintaining
-    context like tenant IDs in database sessions.
 
     Args:
         functions_with_args: List of tuples each containing the function callable and a tuple of arguments.
@@ -169,7 +159,7 @@ def run_functions_tuples_in_parallel(
         max_workers: Max number of worker threads
 
     Returns:
-        list: A list of results from each function, in the same order as the input functions.
+        dict: A dictionary mapping function names to their results or error messages.
     """
     workers = (
         min(max_workers, len(functions_with_args))
@@ -196,7 +186,7 @@ def run_functions_tuples_in_parallel(
                 results.append((index, future.result()))
             except Exception as e:
                 logger.exception(f"Function at index {index} failed due to {e}")
-                results.append((index, None))  # type: ignore
+                results.append((index, None))
 
                 if not allow_failures:
                     raise
@@ -298,7 +288,7 @@ def run_with_timeout(
     if task.is_alive():
         task.end()
 
-    return task.result  # type: ignore
+    return task.result
 
 
 # NOTE: this function should really only be used when run_functions_tuples_in_parallel is
@@ -314,9 +304,9 @@ def run_in_background(
     """
     context = contextvars.copy_context()
     # Timeout not used in the non-blocking case
-    task = TimeoutThread(-1, context.run, func, *args, **kwargs)  # type: ignore
+    task = TimeoutThread(-1, context.run, func, *args, **kwargs)
     task.start()
-    return cast(TimeoutThread[R], task)
+    return task
 
 
 def wait_on_background(task: TimeoutThread[R]) -> R:

backend/scripts/query_time_check/seed_dummy_docs.py

@@ -78,19 +78,19 @@ def generate_dummy_chunk(
     for i in range(number_of_document_sets):
         document_set_names.append(f"Document Set {i}")
 
-    user_emails: list[str | None] = []
-    user_groups: list[str] = []
-    external_user_emails: list[str] = []
-    external_user_group_ids: list[str] = []
+    user_emails: set[str | None] = set()
+    user_groups: set[str] = set()
+    external_user_emails: set[str] = set()
+    external_user_group_ids: set[str] = set()
     for i in range(number_of_acl_entries):
-        user_emails.append(f"user_{i}@example.com")
-        user_groups.append(f"group_{i}")
-        external_user_emails.append(f"external_user_{i}@example.com")
-        external_user_group_ids.append(f"external_group_{i}")
+        user_emails.add(f"user_{i}@example.com")
+        user_groups.add(f"group_{i}")
+        external_user_emails.add(f"external_user_{i}@example.com")
+        external_user_group_ids.add(f"external_group_{i}")
 
     return DocMetadataAwareIndexChunk.from_index_chunk(
         index_chunk=chunk,
-        access=DocumentAccess.build(
+        access=DocumentAccess(
             user_emails=user_emails,
             user_groups=user_groups,
             external_user_emails=external_user_emails,

backend/tests/daily/connectors/blob/test_blob_connector.py

@@ -1,77 +0,0 @@
-import os
-from unittest.mock import MagicMock
-from unittest.mock import patch
-
-import pytest
-
-from onyx.configs.constants import BlobType
-from onyx.connectors.blob.connector import BlobStorageConnector
-from onyx.connectors.models import Document
-from onyx.connectors.models import TextSection
-from onyx.file_processing.extract_file_text import ACCEPTED_DOCUMENT_FILE_EXTENSIONS
-from onyx.file_processing.extract_file_text import ACCEPTED_IMAGE_FILE_EXTENSIONS
-from onyx.file_processing.extract_file_text import ACCEPTED_PLAIN_TEXT_FILE_EXTENSIONS
-from onyx.file_processing.extract_file_text import get_file_ext
-
-
-@pytest.fixture
-def blob_connector(request: pytest.FixtureRequest) -> BlobStorageConnector:
-    connector = BlobStorageConnector(
-        bucket_type=BlobType.S3, bucket_name="onyx-connector-tests"
-    )
-
-    connector.load_credentials(
-        {
-            "aws_access_key_id": os.environ["AWS_ACCESS_KEY_ID_DAILY_CONNECTOR_TESTS"],
-            "aws_secret_access_key": os.environ[
-                "AWS_SECRET_ACCESS_KEY_DAILY_CONNECTOR_TESTS"
-            ],
-        }
-    )
-
-    return connector
-
-
-@patch(
-    "onyx.file_processing.extract_file_text.get_unstructured_api_key",
-    return_value=None,
-)
-def test_blob_s3_connector(
-    mock_get_api_key: MagicMock, blob_connector: BlobStorageConnector
-) -> None:
-    """
-    Plain and document file types should be fully indexed.
-
-    Multimedia and unknown file types will be indexed by title only with one empty section.
-
-    This is intentional in order to allow searching by just the title even if we can't
-    index the file content.
-    """
-    all_docs: list[Document] = []
-    document_batches = blob_connector.load_from_state()
-    for doc_batch in document_batches:
-        for doc in doc_batch:
-            all_docs.append(doc)
-
-    #
-    assert len(all_docs) == 19
-
-    for doc in all_docs:
-        section = doc.sections[0]
-        assert isinstance(section, TextSection)
-
-        file_extension = get_file_ext(doc.semantic_identifier)
-        if file_extension in ACCEPTED_PLAIN_TEXT_FILE_EXTENSIONS:
-            assert len(section.text) > 0
-            continue
-
-        if file_extension in ACCEPTED_DOCUMENT_FILE_EXTENSIONS:
-            assert len(section.text) > 0
-            continue
-
-        if file_extension in ACCEPTED_IMAGE_FILE_EXTENSIONS:
-            assert len(section.text) == 0
-            continue
-
-        # unknown extension
-        assert len(section.text) == 0

backend/tests/daily/connectors/google_drive/consts_and_utils.py

@@ -58,16 +58,6 @@ SECTIONS_FOLDER_URL = (
     "https://drive.google.com/drive/u/5/folders/1loe6XJ-pJxu9YYPv7cF3Hmz296VNzA33"
 )
 
-EXTERNAL_SHARED_FOLDER_URL = (
-    "https://drive.google.com/drive/folders/1sWC7Oi0aQGgifLiMnhTjvkhRWVeDa-XS"
-)
-EXTERNAL_SHARED_DOCS_IN_FOLDER = [
-    "https://docs.google.com/document/d/1Sywmv1-H6ENk2GcgieKou3kQHR_0te1mhIUcq8XlcdY"
-]
-EXTERNAL_SHARED_DOC_SINGLETON = (
-    "https://docs.google.com/document/d/11kmisDfdvNcw5LYZbkdPVjTOdj-Uc5ma6Jep68xzeeA"
-)
-
 SHARED_DRIVE_3_URL = "https://drive.google.com/drive/folders/0AJYm2K_I_vtNUk9PVA"
 
 ADMIN_EMAIL = "admin@onyx-test.com"

backend/tests/daily/connectors/google_drive/test_service_acct.py

@@ -1,7 +1,6 @@
 from collections.abc import Callable
 from unittest.mock import MagicMock
 from unittest.mock import patch
-from urllib.parse import urlparse
 
 from onyx.connectors.google_drive.connector import GoogleDriveConnector
 from tests.daily.connectors.google_drive.consts_and_utils import ADMIN_EMAIL
@@ -10,15 +9,6 @@ from tests.daily.connectors.google_drive.consts_and_utils import ADMIN_FOLDER_3_
 from tests.daily.connectors.google_drive.consts_and_utils import (
     assert_expected_docs_in_retrieved_docs,
 )
-from tests.daily.connectors.google_drive.consts_and_utils import (
-    EXTERNAL_SHARED_DOC_SINGLETON,
-)
-from tests.daily.connectors.google_drive.consts_and_utils import (
-    EXTERNAL_SHARED_DOCS_IN_FOLDER,
-)
-from tests.daily.connectors.google_drive.consts_and_utils import (
-    EXTERNAL_SHARED_FOLDER_URL,
-)
 from tests.daily.connectors.google_drive.consts_and_utils import FOLDER_1_1_FILE_IDS
 from tests.daily.connectors.google_drive.consts_and_utils import FOLDER_1_1_URL
 from tests.daily.connectors.google_drive.consts_and_utils import FOLDER_1_2_FILE_IDS
@@ -110,8 +100,7 @@ def test_include_shared_drives_only_with_size_threshold(
 
     retrieved_docs = load_all_docs(connector)
 
-    # 2 extra files from shared drive owned by non-admin and not shared with admin
-    assert len(retrieved_docs) == 52
+    assert len(retrieved_docs) == 50
 
 
 @patch(
@@ -148,8 +137,7 @@ def test_include_shared_drives_only(
         + SECTIONS_FILE_IDS
     )
 
-    # 2 extra files from shared drive owned by non-admin and not shared with admin
-    assert len(retrieved_docs) == 53
+    assert len(retrieved_docs) == 51
 
     assert_expected_docs_in_retrieved_docs(
         retrieved_docs=retrieved_docs,
@@ -306,64 +294,6 @@ def test_folders_only(
     )
 
 
-def test_shared_folder_owned_by_external_user(
-    google_drive_service_acct_connector_factory: Callable[..., GoogleDriveConnector],
-) -> None:
-    print("\n\nRunning test_shared_folder_owned_by_external_user")
-    connector = google_drive_service_acct_connector_factory(
-        primary_admin_email=ADMIN_EMAIL,
-        include_shared_drives=False,
-        include_my_drives=False,
-        include_files_shared_with_me=False,
-        shared_drive_urls=None,
-        shared_folder_urls=EXTERNAL_SHARED_FOLDER_URL,
-        my_drive_emails=None,
-    )
-    retrieved_docs = load_all_docs(connector)
-
-    expected_docs = EXTERNAL_SHARED_DOCS_IN_FOLDER
-
-    assert len(retrieved_docs) == len(expected_docs)  # 1 for now
-    assert expected_docs[0] in retrieved_docs[0].id
-
-
-def test_shared_with_me(
-    google_drive_service_acct_connector_factory: Callable[..., GoogleDriveConnector],
-) -> None:
-    print("\n\nRunning test_shared_with_me")
-    connector = google_drive_service_acct_connector_factory(
-        primary_admin_email=ADMIN_EMAIL,
-        include_shared_drives=False,
-        include_my_drives=True,
-        include_files_shared_with_me=True,
-        shared_drive_urls=None,
-        shared_folder_urls=None,
-        my_drive_emails=None,
-    )
-    retrieved_docs = load_all_docs(connector)
-
-    print(retrieved_docs)
-
-    expected_file_ids = (
-        ADMIN_FILE_IDS
-        + ADMIN_FOLDER_3_FILE_IDS
-        + TEST_USER_1_FILE_IDS
-        + TEST_USER_2_FILE_IDS
-        + TEST_USER_3_FILE_IDS
-    )
-    assert_expected_docs_in_retrieved_docs(
-        retrieved_docs=retrieved_docs,
-        expected_file_ids=expected_file_ids,
-    )
-
-    retrieved_ids = {urlparse(doc.id).path.split("/")[-2] for doc in retrieved_docs}
-    for id in retrieved_ids:
-        print(id)
-
-    assert EXTERNAL_SHARED_DOC_SINGLETON.split("/")[-1] in retrieved_ids
-    assert EXTERNAL_SHARED_DOCS_IN_FOLDER[0].split("/")[-1] in retrieved_ids
-
-
 @patch(
     "onyx.file_processing.extract_file_text.get_unstructured_api_key",
     return_value=None,

backend/tests/integration/common_utils/constants.py

@@ -6,7 +6,7 @@ API_SERVER_PROTOCOL = os.getenv("API_SERVER_PROTOCOL") or "http"
 API_SERVER_HOST = os.getenv("API_SERVER_HOST") or "localhost"
 API_SERVER_PORT = os.getenv("API_SERVER_PORT") or "8080"
 API_SERVER_URL = f"{API_SERVER_PROTOCOL}://{API_SERVER_HOST}:{API_SERVER_PORT}"
-MAX_DELAY = 60
+MAX_DELAY = 45
 
 GENERAL_HEADERS = {"Content-Type": "application/json"}
 

backend/tests/integration/common_utils/managers/chat.py

@@ -5,7 +5,6 @@ import requests
 from requests.models import Response
 
 from onyx.context.search.models import RetrievalDetails
-from onyx.context.search.models import SavedSearchDoc
 from onyx.file_store.models import FileDescriptor
 from onyx.llm.override_models import LLMOverride
 from onyx.llm.override_models import PromptOverride
@@ -98,24 +97,17 @@ class ChatSessionManager:
         for data in response_data:
             if "rephrased_query" in data:
                 analyzed.rephrased_query = data["rephrased_query"]
-            if "tool_name" in data:
+            elif "tool_name" in data:
                 analyzed.tool_name = data["tool_name"]
                 analyzed.tool_result = (
                     data.get("tool_result")
                     if analyzed.tool_name == "run_search"
                     else None
                 )
-            if "relevance_summaries" in data:
+            elif "relevance_summaries" in data:
                 analyzed.relevance_summaries = data["relevance_summaries"]
-            if "answer_piece" in data and data["answer_piece"]:
+            elif "answer_piece" in data and data["answer_piece"]:
                 analyzed.full_message += data["answer_piece"]
-            if "top_documents" in data:
-                assert (
-                    analyzed.top_documents is None
-                ), "top_documents should only be set once"
-                analyzed.top_documents = [
-                    SavedSearchDoc(**doc) for doc in data["top_documents"]
-                ]
 
         return analyzed
 

backend/tests/integration/common_utils/managers/user.py

@@ -9,9 +9,7 @@ from requests import HTTPError
 from onyx.auth.schemas import UserRole
 from onyx.configs.constants import FASTAPI_USERS_AUTH_COOKIE_NAME
 from onyx.server.documents.models import PaginatedReturn
-from onyx.server.manage.models import UserInfo
 from onyx.server.models import FullUserSnapshot
-from onyx.server.models import InvitedUserSnapshot
 from tests.integration.common_utils.constants import API_SERVER_URL
 from tests.integration.common_utils.constants import GENERAL_HEADERS
 from tests.integration.common_utils.test_models import DATestUser
@@ -125,15 +123,10 @@ class UserManager:
         user_to_set: DATestUser,
         target_role: UserRole,
         user_performing_action: DATestUser,
-        explicit_override: bool = False,
     ) -> DATestUser:
         response = requests.patch(
             url=f"{API_SERVER_URL}/manage/set-user-role",
-            json={
-                "user_email": user_to_set.email,
-                "new_role": target_role.value,
-                "explicit_override": explicit_override,
-            },
+            json={"user_email": user_to_set.email, "new_role": target_role.value},
             headers=user_performing_action.headers,
         )
         response.raise_for_status()
@@ -247,69 +240,3 @@ class UserManager:
             total_items=data["total_items"],
         )
         return paginated_result
-
-    @staticmethod
-    def invite_user(
-        user_to_invite_email: str, user_performing_action: DATestUser
-    ) -> None:
-        """Invite a user by email to join the organization.
-
-        Args:
-            user_to_invite_email: Email of the user to invite
-            user_performing_action: User with admin permissions performing the invitation
-        """
-        response = requests.put(
-            url=f"{API_SERVER_URL}/manage/admin/users",
-            headers=user_performing_action.headers,
-            json={"emails": [user_to_invite_email]},
-        )
-        response.raise_for_status()
-
-    @staticmethod
-    def accept_invitation(tenant_id: str, user_performing_action: DATestUser) -> None:
-        """Accept an invitation to join the organization.
-
-        Args:
-            tenant_id: ID of the tenant/organization to accept invitation for
-            user_performing_action: User accepting the invitation
-        """
-        response = requests.post(
-            url=f"{API_SERVER_URL}/tenants/users/invite/accept",
-            headers=user_performing_action.headers,
-            json={"tenant_id": tenant_id},
-        )
-        response.raise_for_status()
-
-    @staticmethod
-    def get_invited_users(
-        user_performing_action: DATestUser,
-    ) -> list[InvitedUserSnapshot]:
-        """Get a list of all invited users.
-
-        Args:
-            user_performing_action: User with admin permissions performing the action
-
-        Returns:
-            List of invited user snapshots
-        """
-        response = requests.get(
-            url=f"{API_SERVER_URL}/manage/users/invited",
-            headers=user_performing_action.headers,
-        )
-        response.raise_for_status()
-
-        return [InvitedUserSnapshot(**user) for user in response.json()]
-
-    @staticmethod
-    def get_user_info(user_performing_action: DATestUser) -> UserInfo:
-        """Get user info for the current user.
-
-        Args:
-            user_performing_action: User performing the action
-        """
-        response = requests.get(
-            url=f"{API_SERVER_URL}/me",
-            headers=user_performing_action.headers,
-        )
-        response.raise_for_status()
-        return UserInfo(**response.json())

backend/tests/integration/common_utils/test_models.py

@@ -10,7 +10,6 @@ from pydantic import Field
 from onyx.auth.schemas import UserRole
 from onyx.configs.constants import QAFeedbackType
 from onyx.context.search.enums import RecencyBiasSetting
-from onyx.context.search.models import SavedSearchDoc
 from onyx.db.enums import AccessType
 from onyx.server.documents.models import DocumentSource
 from onyx.server.documents.models import IndexAttemptSnapshot
@@ -158,7 +157,7 @@ class StreamedResponse(BaseModel):
     full_message: str = ""
     rephrased_query: str | None = None
     tool_name: str | None = None
-    top_documents: list[SavedSearchDoc] | None = None
+    top_documents: list[dict[str, Any]] | None = None
     relevance_summaries: list[dict[str, Any]] | None = None
     tool_result: Any | None = None
     user: str | None = None

backend/tests/integration/multitenant_tests/invitation/invite_various_organizations.py

@@ -1,70 +0,0 @@
-from onyx.db.models import UserRole
-from tests.integration.common_utils.managers.user import UserManager
-from tests.integration.common_utils.test_models import DATestUser
-
-INVITED_BASIC_USER = "basic_user"
-INVITED_BASIC_USER_EMAIL = "basic_user@test.com"
-
-
-def test_user_invitation_flow(reset_multitenant: None) -> None:
-    # Create first user (admin)
-    admin_user: DATestUser = UserManager.create(name="admin")
-    assert UserManager.is_role(admin_user, UserRole.ADMIN)
-
-    # Create second user
-    invited_user: DATestUser = UserManager.create(name="admin_invited")
-    assert UserManager.is_role(invited_user, UserRole.ADMIN)
-
-    # Admin user invites the previously registered and non-registered user
-    UserManager.invite_user(invited_user.email, admin_user)
-    UserManager.invite_user(INVITED_BASIC_USER_EMAIL, admin_user)
-
-    invited_basic_user: DATestUser = UserManager.create(
-        name=INVITED_BASIC_USER, email=INVITED_BASIC_USER_EMAIL
-    )
-    assert UserManager.is_role(invited_basic_user, UserRole.BASIC)
-
-    # Verify the user is in the invited users list
-    invited_users = UserManager.get_invited_users(admin_user)
-    assert invited_user.email in [
-        user.email for user in invited_users
-    ], f"User {invited_user.email} not found in invited users list"
-
-    # Get user info to check tenant information
-    user_info = UserManager.get_user_info(invited_user)
-
-    # Extract the tenant_id from the invitation
-    invited_tenant_id = (
-        user_info.tenant_info.invitation.tenant_id
-        if user_info.tenant_info and user_info.tenant_info.invitation
-        else None
-    )
-    assert invited_tenant_id is not None, "Expected to find an invitation tenant_id"
-
-    UserManager.accept_invitation(invited_tenant_id, invited_user)
-
-    # Get updated user info after accepting invitation
-    updated_user_info = UserManager.get_user_info(invited_user)
-
-    # Verify the user is no longer in the invited users list
-    updated_invited_users = UserManager.get_invited_users(admin_user)
-    assert invited_user.email not in [
-        user.email for user in updated_invited_users
-    ], f"User {invited_user.email} should not be in invited users list after accepting"
-
-    # Verify the user has BASIC role in the organization
-    assert (
-        updated_user_info.role == UserRole.BASIC
-    ), f"Expected user to have BASIC role, but got {updated_user_info.role}"
-
-    # Verify user is in the organization
-    user_page = UserManager.get_user_page(
-        user_performing_action=admin_user, role_filter=[UserRole.BASIC]
-    )
-
-    # Check if the invited user is in the list of users with BASIC role
-    invited_user_emails = [user.email for user in user_page.items]
-    assert invited_user.email in invited_user_emails, (
-        f"User {invited_user.email} not found in the list of basic users "
-        f"in the organization. Available users: {invited_user_emails}"
-    )

backend/tests/integration/tests/auth/test_saml_user_conversion.py

@@ -1,90 +0,0 @@
-import requests
-
-from onyx.auth.schemas import UserRole
-from tests.integration.common_utils.constants import API_SERVER_URL
-from tests.integration.common_utils.managers.user import UserManager
-from tests.integration.common_utils.test_models import DATestUser
-
-
-def test_saml_user_conversion(reset: None) -> None:
-    """
-    Test that SAML login correctly converts users with non-authenticated roles
-    (SLACK_USER or EXT_PERM_USER) to authenticated roles (BASIC).
-
-    This test:
-    1. Creates an admin and a regular user
-    2. Changes the regular user's role to EXT_PERM_USER
-    3. Simulates a SAML login by calling the test endpoint
-    4. Verifies the user's role is converted to BASIC
-
-    This tests the fix that ensures users with non-authenticated roles (SLACK_USER or EXT_PERM_USER)
-    are properly converted to authenticated roles during SAML login.
-    """
-    # Create an admin user (first user created is automatically an admin)
-    admin_user: DATestUser = UserManager.create(email="admin@onyx-test.com")
-
-    # Create a regular user that we'll convert to EXT_PERM_USER
-    test_user_email = "ext_perm_user@example.com"
-    test_user = UserManager.create(email=test_user_email)
-
-    # Verify the user was created with BASIC role initially
-    assert UserManager.is_role(test_user, UserRole.BASIC)
-
-    # Change the user's role to EXT_PERM_USER using the UserManager
-    UserManager.set_role(
-        user_to_set=test_user,
-        target_role=UserRole.EXT_PERM_USER,
-        user_performing_action=admin_user,
-        explicit_override=True,
-    )
-
-    # Verify the user has EXT_PERM_USER role now
-    assert UserManager.is_role(test_user, UserRole.EXT_PERM_USER)
-
-    # Simulate SAML login by calling the test endpoint
-    response = requests.post(
-        f"{API_SERVER_URL}/manage/users/test-upsert-user",
-        json={"email": test_user_email},
-        headers=admin_user.headers,  # Use admin headers for authorization
-    )
-    response.raise_for_status()
-
-    # Verify the response indicates the role changed to BASIC
-    user_data = response.json()
-    assert user_data["role"] == UserRole.BASIC.value
-
-    # Verify user role was changed in the database
-    assert UserManager.is_role(test_user, UserRole.BASIC)
-
-    # Do the same test with SLACK_USER
-    slack_user_email = "slack_user@example.com"
-    slack_user = UserManager.create(email=slack_user_email)
-
-    # Verify the user was created with BASIC role initially
-    assert UserManager.is_role(slack_user, UserRole.BASIC)
-
-    # Change the user's role to SLACK_USER
-    UserManager.set_role(
-        user_to_set=slack_user,
-        target_role=UserRole.SLACK_USER,
-        user_performing_action=admin_user,
-        explicit_override=True,
-    )
-
-    # Verify the user has SLACK_USER role
-    assert UserManager.is_role(slack_user, UserRole.SLACK_USER)
-
-    # Simulate SAML login again
-    response = requests.post(
-        f"{API_SERVER_URL}/manage/users/test-upsert-user",
-        json={"email": slack_user_email},
-        headers=admin_user.headers,
-    )
-    response.raise_for_status()
-
-    # Verify the response indicates the role changed to BASIC
-    user_data = response.json()
-    assert user_data["role"] == UserRole.BASIC.value
-
-    # Verify the user's role was changed in the database
-    assert UserManager.is_role(slack_user, UserRole.BASIC)

backend/tests/integration/tests/connector/test_connector_deletion.py

@@ -5,7 +5,6 @@ This file contains tests for the following:
     - updates the document sets and user groups to remove the connector
 - Ensure that deleting a connector that is part of an overlapping document set and/or user group works as expected
 """
-import os
 from uuid import uuid4
 
 from sqlalchemy.orm import Session
@@ -33,13 +32,6 @@ from tests.integration.common_utils.vespa import vespa_fixture
 
 
 def test_connector_deletion(reset: None, vespa_client: vespa_fixture) -> None:
-    user_group_1: DATestUserGroup
-    user_group_2: DATestUserGroup
-
-    is_ee = (
-        os.environ.get("ENABLE_PAID_ENTERPRISE_EDITION_FEATURES", "").lower() == "true"
-    )
-
     # Creating an admin user (first user created is automatically an admin)
     admin_user: DATestUser = UserManager.create(name="admin_user")
     # create api key
@@ -86,17 +78,16 @@ def test_connector_deletion(reset: None, vespa_client: vespa_fixture) -> None:
 
     print("Document sets created and synced")
 
-    if is_ee:
-        # create user groups
-        user_group_1 = UserGroupManager.create(
-            cc_pair_ids=[cc_pair_1.id],
-            user_performing_action=admin_user,
-        )
-        user_group_2 = UserGroupManager.create(
-            cc_pair_ids=[cc_pair_1.id, cc_pair_2.id],
-            user_performing_action=admin_user,
-        )
-        UserGroupManager.wait_for_sync(user_performing_action=admin_user)
+    # create user groups
+    user_group_1: DATestUserGroup = UserGroupManager.create(
+        cc_pair_ids=[cc_pair_1.id],
+        user_performing_action=admin_user,
+    )
+    user_group_2: DATestUserGroup = UserGroupManager.create(
+        cc_pair_ids=[cc_pair_1.id, cc_pair_2.id],
+        user_performing_action=admin_user,
+    )
+    UserGroupManager.wait_for_sync(user_performing_action=admin_user)
 
     # inject a finished index attempt and index attempt error (exercises foreign key errors)
     with Session(get_sqlalchemy_engine()) as db_session:
@@ -156,13 +147,12 @@ def test_connector_deletion(reset: None, vespa_client: vespa_fixture) -> None:
         )
 
     # Update local records to match the database for later comparison
+    user_group_1.cc_pair_ids = []
+    user_group_2.cc_pair_ids = [cc_pair_2.id]
     doc_set_1.cc_pair_ids = []
     doc_set_2.cc_pair_ids = [cc_pair_2.id]
     cc_pair_1.groups = []
-    if is_ee:
-        cc_pair_2.groups = [user_group_2.id]
-    else:
-        cc_pair_2.groups = []
+    cc_pair_2.groups = [user_group_2.id]
 
     CCPairManager.wait_for_deletion_completion(
         cc_pair_id=cc_pair_1.id, user_performing_action=admin_user
@@ -178,15 +168,11 @@ def test_connector_deletion(reset: None, vespa_client: vespa_fixture) -> None:
         verify_deleted=True,
     )
 
-    cc_pair_2_group_name_expected = []
-    if is_ee:
-        cc_pair_2_group_name_expected = [user_group_2.name]
-
     DocumentManager.verify(
         vespa_client=vespa_client,
         cc_pair=cc_pair_2,
         doc_set_names=[doc_set_2.name],
-        group_names=cc_pair_2_group_name_expected,
+        group_names=[user_group_2.name],
         doc_creating_user=admin_user,
         verify_deleted=False,
     )
@@ -207,19 +193,15 @@ def test_connector_deletion(reset: None, vespa_client: vespa_fixture) -> None:
         user_performing_action=admin_user,
     )
 
-    if is_ee:
-        user_group_1.cc_pair_ids = []
-        user_group_2.cc_pair_ids = [cc_pair_2.id]
-
-        # validate user groups
-        UserGroupManager.verify(
-            user_group=user_group_1,
-            user_performing_action=admin_user,
-        )
-        UserGroupManager.verify(
-            user_group=user_group_2,
-            user_performing_action=admin_user,
-        )
+    # validate user groups
+    UserGroupManager.verify(
+        user_group=user_group_1,
+        user_performing_action=admin_user,
+    )
+    UserGroupManager.verify(
+        user_group=user_group_2,
+        user_performing_action=admin_user,
+    )
 
 
 def test_connector_deletion_for_overlapping_connectors(
@@ -228,13 +210,6 @@ def test_connector_deletion_for_overlapping_connectors(
     """Checks to make sure that connectors with overlapping documents work properly. Specifically, that the overlapping
     document (1) still exists and (2) has the right document set / group post-deletion of one of the connectors.
     """
-    user_group_1: DATestUserGroup
-    user_group_2: DATestUserGroup
-
-    is_ee = (
-        os.environ.get("ENABLE_PAID_ENTERPRISE_EDITION_FEATURES", "").lower() == "true"
-    )
-
     # Creating an admin user (first user created is automatically an admin)
     admin_user: DATestUser = UserManager.create(name="admin_user")
     # create api key
@@ -306,48 +281,47 @@ def test_connector_deletion_for_overlapping_connectors(
         doc_creating_user=admin_user,
     )
 
-    if is_ee:
-        # create a user group and attach it to connector 1
-        user_group_1 = UserGroupManager.create(
-            name="Test User Group 1",
-            cc_pair_ids=[cc_pair_1.id],
-            user_performing_action=admin_user,
-        )
-        UserGroupManager.wait_for_sync(
-            user_groups_to_check=[user_group_1],
-            user_performing_action=admin_user,
-        )
-        cc_pair_1.groups = [user_group_1.id]
+    # create a user group and attach it to connector 1
+    user_group_1: DATestUserGroup = UserGroupManager.create(
+        name="Test User Group 1",
+        cc_pair_ids=[cc_pair_1.id],
+        user_performing_action=admin_user,
+    )
+    UserGroupManager.wait_for_sync(
+        user_groups_to_check=[user_group_1],
+        user_performing_action=admin_user,
+    )
+    cc_pair_1.groups = [user_group_1.id]
 
-        print("User group 1 created and synced")
+    print("User group 1 created and synced")
 
-        # create a user group and attach it to connector 2
-        user_group_2 = UserGroupManager.create(
-            name="Test User Group 2",
-            cc_pair_ids=[cc_pair_2.id],
-            user_performing_action=admin_user,
-        )
-        UserGroupManager.wait_for_sync(
-            user_groups_to_check=[user_group_2],
-            user_performing_action=admin_user,
-        )
-        cc_pair_2.groups = [user_group_2.id]
+    # create a user group and attach it to connector 2
+    user_group_2: DATestUserGroup = UserGroupManager.create(
+        name="Test User Group 2",
+        cc_pair_ids=[cc_pair_2.id],
+        user_performing_action=admin_user,
+    )
+    UserGroupManager.wait_for_sync(
+        user_groups_to_check=[user_group_2],
+        user_performing_action=admin_user,
+    )
+    cc_pair_2.groups = [user_group_2.id]
 
-        print("User group 2 created and synced")
+    print("User group 2 created and synced")
 
-        # verify vespa document is in the user group
-        DocumentManager.verify(
-            vespa_client=vespa_client,
-            cc_pair=cc_pair_1,
-            group_names=[user_group_1.name, user_group_2.name],
-            doc_creating_user=admin_user,
-        )
-        DocumentManager.verify(
-            vespa_client=vespa_client,
-            cc_pair=cc_pair_2,
-            group_names=[user_group_1.name, user_group_2.name],
-            doc_creating_user=admin_user,
-        )
+    # verify vespa document is in the user group
+    DocumentManager.verify(
+        vespa_client=vespa_client,
+        cc_pair=cc_pair_1,
+        group_names=[user_group_1.name, user_group_2.name],
+        doc_creating_user=admin_user,
+    )
+    DocumentManager.verify(
+        vespa_client=vespa_client,
+        cc_pair=cc_pair_2,
+        group_names=[user_group_1.name, user_group_2.name],
+        doc_creating_user=admin_user,
+    )
 
     # delete connector 1
     CCPairManager.pause_cc_pair(
@@ -380,15 +354,11 @@ def test_connector_deletion_for_overlapping_connectors(
 
     # verify the document is not in any document sets
     # verify the document is only in user group 2
-    group_names_expected = []
-    if is_ee:
-        group_names_expected = [user_group_2.name]
-
     DocumentManager.verify(
         vespa_client=vespa_client,
         cc_pair=cc_pair_2,
         doc_set_names=[],
-        group_names=group_names_expected,
+        group_names=[user_group_2.name],
         doc_creating_user=admin_user,
         verify_deleted=False,
     )

backend/tests/integration/tests/dev_apis/test_simple_chat_api.py

@@ -16,7 +16,10 @@ from tests.integration.common_utils.test_models import DATestCCPair
 from tests.integration.common_utils.test_models import DATestUser
 
 
-def test_send_message_simple_with_history(reset: None, admin_user: DATestUser) -> None:
+def test_send_message_simple_with_history(reset: None) -> None:
+    # Creating an admin user (first user created is automatically an admin)
+    admin_user: DATestUser = UserManager.create(name="admin_user")
+
     # create connectors
     cc_pair_1: DATestCCPair = CCPairManager.create_from_scratch(
         user_performing_action=admin_user,
@@ -50,13 +53,13 @@ def test_send_message_simple_with_history(reset: None, admin_user: DATestUser) -
     response_json = response.json()
 
     # Check that the top document is the correct document
+    assert response_json["simple_search_docs"][0]["id"] == cc_pair_1.documents[0].id
     assert response_json["top_documents"][0]["document_id"] == cc_pair_1.documents[0].id
 
     # assert that the metadata is correct
     for doc in cc_pair_1.documents:
         found_doc = next(
-            (x for x in response_json["top_documents"] if x["document_id"] == doc.id),
-            None,
+            (x for x in response_json["simple_search_docs"] if x["id"] == doc.id), None
         )
         assert found_doc
         assert found_doc["metadata"]["document_id"] == doc.id

backend/tests/integration/tests/streaming_endpoints/conftest.py

@@ -1,42 +0,0 @@
-from collections.abc import Callable
-
-import pytest
-
-from onyx.configs.constants import DocumentSource
-from tests.integration.common_utils.managers.api_key import APIKeyManager
-from tests.integration.common_utils.managers.cc_pair import CCPairManager
-from tests.integration.common_utils.managers.document import DocumentManager
-from tests.integration.common_utils.test_models import DATestAPIKey
-from tests.integration.common_utils.test_models import DATestUser
-from tests.integration.common_utils.test_models import SimpleTestDocument
-
-
-DocumentBuilderType = Callable[[list[str]], list[SimpleTestDocument]]
-
-
-@pytest.fixture
-def document_builder(admin_user: DATestUser) -> DocumentBuilderType:
-    api_key: DATestAPIKey = APIKeyManager.create(
-        user_performing_action=admin_user,
-    )
-
-    # create connector
-    cc_pair_1 = CCPairManager.create_from_scratch(
-        source=DocumentSource.INGESTION_API,
-        user_performing_action=admin_user,
-    )
-
-    def _document_builder(contents: list[str]) -> list[SimpleTestDocument]:
-        # seed documents
-        docs: list[SimpleTestDocument] = [
-            DocumentManager.seed_doc_with_content(
-                cc_pair=cc_pair_1,
-                content=content,
-                api_key=api_key,
-            )
-            for content in contents
-        ]
-
-        return docs
-
-    return _document_builder

backend/tests/integration/tests/streaming_endpoints/test_chat_stream.py

@@ -5,11 +5,12 @@ import pytest
 from tests.integration.common_utils.constants import API_SERVER_URL
 from tests.integration.common_utils.managers.chat import ChatSessionManager
 from tests.integration.common_utils.managers.llm_provider import LLMProviderManager
+from tests.integration.common_utils.managers.user import UserManager
 from tests.integration.common_utils.test_models import DATestUser
-from tests.integration.tests.streaming_endpoints.conftest import DocumentBuilderType
 
 
-def test_send_message_simple_with_history(reset: None, admin_user: DATestUser) -> None:
+def test_send_message_simple_with_history(reset: None) -> None:
+    admin_user: DATestUser = UserManager.create(name="admin_user")
     LLMProviderManager.create(user_performing_action=admin_user)
 
     test_chat_session = ChatSessionManager.create(user_performing_action=admin_user)
@@ -23,44 +24,6 @@ def test_send_message_simple_with_history(reset: None, admin_user: DATestUser) -
     assert len(response.full_message) > 0
 
 
-def test_send_message__basic_searches(
-    reset: None, admin_user: DATestUser, document_builder: DocumentBuilderType
-) -> None:
-    MESSAGE = "run a search for 'test'"
-    SHORT_DOC_CONTENT = "test"
-    LONG_DOC_CONTENT = "blah blah blah blah" * 100
-
-    LLMProviderManager.create(user_performing_action=admin_user)
-
-    short_doc = document_builder([SHORT_DOC_CONTENT])[0]
-
-    test_chat_session = ChatSessionManager.create(user_performing_action=admin_user)
-    response = ChatSessionManager.send_message(
-        chat_session_id=test_chat_session.id,
-        message=MESSAGE,
-        user_performing_action=admin_user,
-    )
-    assert response.top_documents is not None
-    assert len(response.top_documents) == 1
-    assert response.top_documents[0].document_id == short_doc.id
-
-    # make sure this doc is really long so that it will be split into multiple chunks
-    long_doc = document_builder([LONG_DOC_CONTENT])[0]
-
-    # new chat session for simplicity
-    test_chat_session = ChatSessionManager.create(user_performing_action=admin_user)
-    response = ChatSessionManager.send_message(
-        chat_session_id=test_chat_session.id,
-        message=MESSAGE,
-        user_performing_action=admin_user,
-    )
-    assert response.top_documents is not None
-    assert len(response.top_documents) == 2
-    # short doc should be more relevant and thus first
-    assert response.top_documents[0].document_id == short_doc.id
-    assert response.top_documents[1].document_id == long_doc.id
-
-
 @pytest.mark.skip(
     reason="enable for autorun when we have a testing environment with semantically useful data"
 )

backend/tests/unit/onyx/auth/conftest.py

@@ -1,43 +0,0 @@
-from unittest.mock import AsyncMock
-from unittest.mock import MagicMock
-
-import pytest
-
-from onyx.db.models import OAuthAccount
-from onyx.db.models import User
-
-
-@pytest.fixture
-def mock_user() -> MagicMock:
-    """Creates a mock User instance for testing."""
-    user = MagicMock(spec=User)
-    user.email = "test@example.com"
-    user.id = "test-user-id"
-    return user
-
-
-@pytest.fixture
-def mock_oauth_account() -> MagicMock:
-    """Creates a mock OAuthAccount instance for testing."""
-    oauth_account = MagicMock(spec=OAuthAccount)
-    oauth_account.oauth_name = "google"
-    oauth_account.refresh_token = "test-refresh-token"
-    oauth_account.access_token = "test-access-token"
-    oauth_account.expires_at = None
-    return oauth_account
-
-
-@pytest.fixture
-def mock_user_manager() -> MagicMock:
-    """Creates a mock user manager for testing."""
-    user_manager = MagicMock()
-    user_manager.user_db = MagicMock()
-    user_manager.user_db.update_oauth_account = AsyncMock()
-    user_manager.user_db.update = AsyncMock()
-    return user_manager
-
-
-@pytest.fixture
-def mock_db_session() -> MagicMock:
-    """Creates a mock database session for testing."""
-    return MagicMock()

backend/tests/unit/onyx/auth/test_oauth_refresher.py

@@ -1,273 +0,0 @@
-from datetime import datetime
-from datetime import timezone
-from unittest.mock import AsyncMock
-from unittest.mock import MagicMock
-from unittest.mock import patch
-
-import pytest
-from sqlalchemy.ext.asyncio import AsyncSession
-
-from onyx.auth.oauth_refresher import _test_expire_oauth_token
-from onyx.auth.oauth_refresher import check_and_refresh_oauth_tokens
-from onyx.auth.oauth_refresher import check_oauth_account_has_refresh_token
-from onyx.auth.oauth_refresher import get_oauth_accounts_requiring_refresh_token
-from onyx.auth.oauth_refresher import refresh_oauth_token
-from onyx.db.models import OAuthAccount
-
-
-@pytest.mark.asyncio
-async def test_refresh_oauth_token_success(
-    mock_user: MagicMock,
-    mock_oauth_account: MagicMock,
-    mock_user_manager: MagicMock,
-    mock_db_session: AsyncSession,
-) -> None:
-    """Test successful OAuth token refresh."""
-    # Mock HTTP client and response
-    mock_response = MagicMock()
-    mock_response.status_code = 200
-    mock_response.json.return_value = {
-        "access_token": "new_token",
-        "refresh_token": "new_refresh_token",
-        "expires_in": 3600,
-    }
-
-    # Create async mock for the client post method
-    mock_client = AsyncMock()
-    mock_client.post.return_value = mock_response
-
-    # Use fixture values but ensure refresh token exists
-    mock_oauth_account.oauth_name = (
-        "google"  # Ensure it's google to match the refresh endpoint
-    )
-    mock_oauth_account.refresh_token = "old_refresh_token"
-
-    # Patch at the module level where it's actually being used
-    with patch("onyx.auth.oauth_refresher.httpx.AsyncClient") as client_class_mock:
-        # Configure the context manager
-        client_instance = mock_client
-        client_class_mock.return_value.__aenter__.return_value = client_instance
-
-        # Call the function under test
-        result = await refresh_oauth_token(
-            mock_user, mock_oauth_account, mock_db_session, mock_user_manager
-        )
-
-    # Assertions
-    assert result is True
-    mock_client.post.assert_called_once()
-    mock_user_manager.user_db.update_oauth_account.assert_called_once()
-
-    # Verify token data was updated correctly
-    update_data = mock_user_manager.user_db.update_oauth_account.call_args[0][2]
-    assert update_data["access_token"] == "new_token"
-    assert update_data["refresh_token"] == "new_refresh_token"
-    assert "expires_at" in update_data
-
-
-@pytest.mark.asyncio
-async def test_refresh_oauth_token_failure(
-    mock_user: MagicMock,
-    mock_oauth_account: MagicMock,
-    mock_user_manager: MagicMock,
-    mock_db_session: AsyncSession,
-) -> bool:
-    """Test OAuth token refresh failure due to HTTP error."""
-    # Mock HTTP client with error response
-    mock_response = MagicMock()
-    mock_response.status_code = 400  # Simulate error
-
-    # Create async mock for the client post method
-    mock_client = AsyncMock()
-    mock_client.post.return_value = mock_response
-
-    # Ensure refresh token exists and provider is supported
-    mock_oauth_account.oauth_name = "google"
-    mock_oauth_account.refresh_token = "old_refresh_token"
-
-    # Patch at the module level where it's actually being used
-    with patch("onyx.auth.oauth_refresher.httpx.AsyncClient") as client_class_mock:
-        # Configure the context manager
-        client_class_mock.return_value.__aenter__.return_value = mock_client
-
-        # Call the function under test
-        result = await refresh_oauth_token(
-            mock_user, mock_oauth_account, mock_db_session, mock_user_manager
-        )
-
-    # Assertions
-    assert result is False
-    mock_client.post.assert_called_once()
-    mock_user_manager.user_db.update_oauth_account.assert_not_called()
-    return True
-
-
-@pytest.mark.asyncio
-async def test_refresh_oauth_token_no_refresh_token(
-    mock_user: MagicMock,
-    mock_oauth_account: MagicMock,
-    mock_user_manager: MagicMock,
-    mock_db_session: AsyncSession,
-) -> None:
-    """Test OAuth token refresh when no refresh token is available."""
-    # Set refresh token to None
-    mock_oauth_account.refresh_token = None
-    mock_oauth_account.oauth_name = "google"
-
-    # No need to mock httpx since it shouldn't be called
-    result = await refresh_oauth_token(
-        mock_user, mock_oauth_account, mock_db_session, mock_user_manager
-    )
-
-    # Assertions
-    assert result is False
-
-
-@pytest.mark.asyncio
-async def test_check_and_refresh_oauth_tokens(
-    mock_user: MagicMock,
-    mock_user_manager: MagicMock,
-    mock_db_session: AsyncSession,
-) -> None:
-    """Test checking and refreshing multiple OAuth tokens."""
-    # Create mock user with OAuth accounts
-    now_timestamp = datetime.now(timezone.utc).timestamp()
-
-    # Create an account that needs refreshing (expiring soon)
-    expiring_account = MagicMock(spec=OAuthAccount)
-    expiring_account.oauth_name = "google"
-    expiring_account.refresh_token = "refresh_token_1"
-    expiring_account.expires_at = now_timestamp + 60  # Expires in 1 minute
-
-    # Create an account that doesn't need refreshing (expires later)
-    valid_account = MagicMock(spec=OAuthAccount)
-    valid_account.oauth_name = "google"
-    valid_account.refresh_token = "refresh_token_2"
-    valid_account.expires_at = now_timestamp + 3600  # Expires in 1 hour
-
-    # Create an account without a refresh token
-    no_refresh_account = MagicMock(spec=OAuthAccount)
-    no_refresh_account.oauth_name = "google"
-    no_refresh_account.refresh_token = None
-    no_refresh_account.expires_at = (
-        now_timestamp + 60
-    )  # Expiring soon but no refresh token
-
-    # Set oauth_accounts on the mock user
-    mock_user.oauth_accounts = [expiring_account, valid_account, no_refresh_account]
-
-    # Mock refresh_oauth_token function
-    with patch(
-        "onyx.auth.oauth_refresher.refresh_oauth_token", AsyncMock(return_value=True)
-    ) as mock_refresh:
-        # Call the function under test
-        await check_and_refresh_oauth_tokens(
-            mock_user, mock_db_session, mock_user_manager
-        )
-
-    # Assertions
-    assert mock_refresh.call_count == 1  # Should only refresh the expiring account
-    # Check it was called with the expiring account
-    mock_refresh.assert_called_once_with(
-        mock_user, expiring_account, mock_db_session, mock_user_manager
-    )
-
-
-@pytest.mark.asyncio
-async def test_get_oauth_accounts_requiring_refresh_token(mock_user: MagicMock) -> None:
-    """Test identifying OAuth accounts that need refresh tokens."""
-    # Create accounts with and without refresh tokens
-    account_with_token = MagicMock(spec=OAuthAccount)
-    account_with_token.oauth_name = "google"
-    account_with_token.refresh_token = "refresh_token"
-
-    account_without_token = MagicMock(spec=OAuthAccount)
-    account_without_token.oauth_name = "google"
-    account_without_token.refresh_token = None
-
-    second_account_without_token = MagicMock(spec=OAuthAccount)
-    second_account_without_token.oauth_name = "github"
-    second_account_without_token.refresh_token = (
-        ""  # Empty string should also be treated as missing
-    )
-
-    # Set accounts on user
-    mock_user.oauth_accounts = [
-        account_with_token,
-        account_without_token,
-        second_account_without_token,
-    ]
-
-    # Call the function under test
-    accounts_needing_refresh = await get_oauth_accounts_requiring_refresh_token(
-        mock_user
-    )
-
-    # Assertions
-    assert len(accounts_needing_refresh) == 2
-    assert account_without_token in accounts_needing_refresh
-    assert second_account_without_token in accounts_needing_refresh
-    assert account_with_token not in accounts_needing_refresh
-
-
-@pytest.mark.asyncio
-async def test_check_oauth_account_has_refresh_token(
-    mock_user: MagicMock, mock_oauth_account: MagicMock
-) -> None:
-    """Test checking if an OAuth account has a refresh token."""
-    # Test with refresh token
-    mock_oauth_account.refresh_token = "refresh_token"
-    has_token = await check_oauth_account_has_refresh_token(
-        mock_user, mock_oauth_account
-    )
-    assert has_token is True
-
-    # Test with None refresh token
-    mock_oauth_account.refresh_token = None
-    has_token = await check_oauth_account_has_refresh_token(
-        mock_user, mock_oauth_account
-    )
-    assert has_token is False
-
-    # Test with empty string refresh token
-    mock_oauth_account.refresh_token = ""
-    has_token = await check_oauth_account_has_refresh_token(
-        mock_user, mock_oauth_account
-    )
-    assert has_token is False
-
-
-@pytest.mark.asyncio
-async def test_test_expire_oauth_token(
-    mock_user: MagicMock,
-    mock_oauth_account: MagicMock,
-    mock_user_manager: MagicMock,
-    mock_db_session: AsyncSession,
-) -> None:
-    """Test the testing utility function for token expiration."""
-    # Set up the mock account
-    mock_oauth_account.oauth_name = "google"
-    mock_oauth_account.refresh_token = "test_refresh_token"
-    mock_oauth_account.access_token = "test_access_token"
-
-    # Call the function under test
-    result = await _test_expire_oauth_token(
-        mock_user,
-        mock_oauth_account,
-        mock_db_session,
-        mock_user_manager,
-        expire_in_seconds=10,
-    )
-
-    # Assertions
-    assert result is True
-    mock_user_manager.user_db.update_oauth_account.assert_called_once()
-
-    # Verify the expiration time was set correctly
-    update_data = mock_user_manager.user_db.update_oauth_account.call_args[0][2]
-    assert "expires_at" in update_data
-
-    # Now should be within 10-11 seconds of the set expiration
-    now = datetime.now(timezone.utc).timestamp()
-    assert update_data["expires_at"] - now >= 8.9  # Allow 1 second for test execution
-    assert update_data["expires_at"] - now <= 11.1  # Allow 1 second for test execution

backend/tests/unit/onyx/chat/conftest.py

@@ -9,6 +9,8 @@ from onyx.chat.chat_utils import llm_doc_from_inference_section
 from onyx.chat.models import AnswerStyleConfig
 from onyx.chat.models import CitationConfig
 from onyx.chat.models import LlmDoc
+from onyx.chat.models import OnyxContext
+from onyx.chat.models import OnyxContexts
 from onyx.chat.models import PromptConfig
 from onyx.chat.prompt_builder.answer_prompt_builder import AnswerPromptBuilder
 from onyx.configs.constants import DocumentSource
@@ -17,6 +19,7 @@ from onyx.context.search.models import InferenceSection
 from onyx.llm.interfaces import LLM
 from onyx.llm.interfaces import LLMConfig
 from onyx.tools.models import ToolResponse
+from onyx.tools.tool_implementations.search.search_tool import SEARCH_DOC_CONTENT_ID
 from onyx.tools.tool_implementations.search.search_tool import SearchTool
 from onyx.tools.tool_implementations.search_like_tool_utils import (
     FINAL_CONTEXT_DOCUMENTS_ID,
@@ -117,7 +120,24 @@ def mock_search_results(
 
 
 @pytest.fixture
-def mock_search_tool(mock_search_results: list[LlmDoc]) -> MagicMock:
+def mock_contexts(mock_inference_sections: list[InferenceSection]) -> OnyxContexts:
+    return OnyxContexts(
+        contexts=[
+            OnyxContext(
+                content=section.combined_content,
+                document_id=section.center_chunk.document_id,
+                semantic_identifier=section.center_chunk.semantic_identifier,
+                blurb=section.center_chunk.blurb,
+            )
+            for section in mock_inference_sections
+        ]
+    )
+
+
+@pytest.fixture
+def mock_search_tool(
+    mock_contexts: OnyxContexts, mock_search_results: list[LlmDoc]
+) -> MagicMock:
     mock_tool = MagicMock(spec=SearchTool)
     mock_tool.name = "search"
     mock_tool.build_tool_message_content.return_value = "search_response"
@@ -126,6 +146,7 @@ def mock_search_tool(mock_search_results: list[LlmDoc]) -> MagicMock:
         json.loads(doc.model_dump_json()) for doc in mock_search_results
     ]
     mock_tool.run.return_value = [
+        ToolResponse(id=SEARCH_DOC_CONTENT_ID, response=mock_contexts),
         ToolResponse(id=FINAL_CONTEXT_DOCUMENTS_ID, response=mock_search_results),
     ]
     mock_tool.tool_definition.return_value = {

backend/tests/unit/onyx/chat/test_answer.py

@@ -19,6 +19,7 @@ from onyx.chat.models import AnswerStyleConfig
 from onyx.chat.models import CitationInfo
 from onyx.chat.models import LlmDoc
 from onyx.chat.models import OnyxAnswerPiece
+from onyx.chat.models import OnyxContexts
 from onyx.chat.models import PromptConfig
 from onyx.chat.models import StreamStopInfo
 from onyx.chat.models import StreamStopReason
@@ -32,6 +33,7 @@ from onyx.tools.force import ForceUseTool
 from onyx.tools.models import ToolCallFinalResult
 from onyx.tools.models import ToolCallKickoff
 from onyx.tools.models import ToolResponse
+from onyx.tools.tool_implementations.search.search_tool import SEARCH_DOC_CONTENT_ID
 from onyx.tools.tool_implementations.search_like_tool_utils import (
     FINAL_CONTEXT_DOCUMENTS_ID,
 )
@@ -139,6 +141,7 @@ def test_basic_answer(answer_instance: Answer, mocker: MockerFixture) -> None:
 def test_answer_with_search_call(
     answer_instance: Answer,
     mock_search_results: list[LlmDoc],
+    mock_contexts: OnyxContexts,
     mock_search_tool: MagicMock,
     force_use_tool: ForceUseTool,
     expected_tool_args: dict,
@@ -194,21 +197,25 @@ def test_answer_with_search_call(
         tool_name="search", tool_args=expected_tool_args
     )
     assert output[1] == ToolResponse(
+        id=SEARCH_DOC_CONTENT_ID,
+        response=mock_contexts,
+    )
+    assert output[2] == ToolResponse(
         id="final_context_documents",
         response=mock_search_results,
     )
-    assert output[2] == ToolCallFinalResult(
+    assert output[3] == ToolCallFinalResult(
         tool_name="search",
         tool_args=expected_tool_args,
         tool_result=[json.loads(doc.model_dump_json()) for doc in mock_search_results],
     )
-    assert output[3] == OnyxAnswerPiece(answer_piece="Based on the search results, ")
+    assert output[4] == OnyxAnswerPiece(answer_piece="Based on the search results, ")
     expected_citation = CitationInfo(citation_num=1, document_id="doc1")
-    assert output[4] == expected_citation
-    assert output[5] == OnyxAnswerPiece(
+    assert output[5] == expected_citation
+    assert output[6] == OnyxAnswerPiece(
         answer_piece="the answer is abc[[1]](https://example.com/doc1). "
     )
-    assert output[6] == OnyxAnswerPiece(answer_piece="This is some other stuff.")
+    assert output[7] == OnyxAnswerPiece(answer_piece="This is some other stuff.")
 
     expected_answer = (
         "Based on the search results, "
@@ -261,6 +268,7 @@ def test_answer_with_search_call(
 def test_answer_with_search_no_tool_calling(
     answer_instance: Answer,
     mock_search_results: list[LlmDoc],
+    mock_contexts: OnyxContexts,
     mock_search_tool: MagicMock,
 ) -> None:
     answer_instance.graph_config.tooling.tools = [mock_search_tool]
@@ -280,26 +288,30 @@ def test_answer_with_search_no_tool_calling(
     output = list(answer_instance.processed_streamed_output)
 
     # Assertions
-    assert len(output) == 7
+    assert len(output) == 8
     assert output[0] == ToolCallKickoff(
         tool_name="search", tool_args=DEFAULT_SEARCH_ARGS
     )
     assert output[1] == ToolResponse(
+        id=SEARCH_DOC_CONTENT_ID,
+        response=mock_contexts,
+    )
+    assert output[2] == ToolResponse(
         id=FINAL_CONTEXT_DOCUMENTS_ID,
         response=mock_search_results,
     )
-    assert output[2] == ToolCallFinalResult(
+    assert output[3] == ToolCallFinalResult(
         tool_name="search",
         tool_args=DEFAULT_SEARCH_ARGS,
         tool_result=[json.loads(doc.model_dump_json()) for doc in mock_search_results],
     )
-    assert output[3] == OnyxAnswerPiece(answer_piece="Based on the search results, ")
+    assert output[4] == OnyxAnswerPiece(answer_piece="Based on the search results, ")
     expected_citation = CitationInfo(citation_num=1, document_id="doc1")
-    assert output[4] == expected_citation
-    assert output[5] == OnyxAnswerPiece(
+    assert output[5] == expected_citation
+    assert output[6] == OnyxAnswerPiece(
         answer_piece="the answer is abc[[1]](https://example.com/doc1). "
     )
-    assert output[6] == OnyxAnswerPiece(answer_piece="This is some other stuff.")
+    assert output[7] == OnyxAnswerPiece(answer_piece="This is some other stuff.")
 
     expected_answer = (
         "Based on the search results, "

backend/tests/unit/onyx/chat/test_skip_gen_ai.py

@@ -79,7 +79,7 @@ def test_skip_gen_ai_answer_generation_flag(
     for res in results:
         print(res)
 
-    expected_count = 3 if skip_gen_ai_answer_generation else 4
+    expected_count = 4 if skip_gen_ai_answer_generation else 5
     assert len(results) == expected_count
     if not skip_gen_ai_answer_generation:
         mock_llm.stream.assert_called_once()

backend/tests/unit/onyx/utils/test_threadpool_concurrency.py

@@ -89,8 +89,7 @@ def test_run_in_background_and_wait_success() -> None:
     elapsed = time.time() - start_time
 
     assert result == 42
-    # sometimes slightly flaky
-    assert elapsed >= 0.095  # Verify we actually waited for the sleep
+    assert elapsed >= 0.1  # Verify we actually waited for the sleep
 
 
 @pytest.mark.filterwarnings("ignore::pytest.PytestUnhandledThreadExceptionWarning")

deployment/data/nginx/run-nginx.sh

@@ -5,7 +5,7 @@ envsubst '$DOMAIN $SSL_CERT_FILE_NAME $SSL_CERT_KEY_FILE_NAME' < "/etc/nginx/con
 echo "Waiting for API server to boot up; this may take a minute or two..."
 echo "If this takes more than ~5 minutes, check the logs of the API server container for errors with the following command:"
 echo
-echo "docker logs onyx-stack-api_server-1"
+echo "docker logs onyx-stack_api_server-1"
 echo
 
 while true; do

deployment/docker_compose/docker-compose.dev.yml

@@ -129,9 +129,6 @@ services:
       options:
         max-size: "50m"
         max-file: "6"
-    # optional, only for debugging purposes
-    volumes:
-      - api_server_logs:/var/log
 
   background:
     image: onyxdotapp/onyx-backend:${IMAGE_TAG:-latest}
@@ -259,7 +256,7 @@ services:
       - "host.docker.internal:host-gateway"
     # optional, only for debugging purposes
     volumes:
-      - background_logs:/var/log
+      - log_store:/var/log/persisted-logs
     logging:
       driver: json-file
       options:
@@ -328,8 +325,6 @@ services:
     volumes:
       # Not necessary, this is just to reduce download time during startup
       - model_cache_huggingface:/root/.cache/huggingface/
-      # optional, only for debugging purposes
-      - inference_model_server_logs:/var/log
     logging:
       driver: json-file
       options:
@@ -362,8 +357,6 @@ services:
     volumes:
       # Not necessary, this is just to reduce download time during startup
       - indexing_huggingface_model_cache:/root/.cache/huggingface/
-      # optional, only for debugging purposes
-      - indexing_model_server_logs:/var/log
     logging:
       driver: json-file
       options:
@@ -441,8 +434,4 @@ volumes:
 
   model_cache_huggingface:
   indexing_huggingface_model_cache:
-  # for logs that we don't want to lose on container restarts
-  api_server_logs:
-  background_logs:
-  inference_model_server_logs:
-  indexing_model_server_logs:
+  log_store:  # for logs that we don't want to lose on container restarts

deployment/docker_compose/docker-compose.gpu-dev.yml

@@ -106,9 +106,6 @@ services:
       options:
         max-size: "50m"
         max-file: "6"
-    volumes:
-      # optional, only for debugging purposes
-      - api_server_logs:/var/log
 
   background:
     image: onyxdotapp/onyx-backend:${IMAGE_TAG:-latest}
@@ -214,7 +211,7 @@ services:
       - "host.docker.internal:host-gateway"
     # optional, only for debugging purposes
     volumes:
-      - background_logs:/var/log
+      - log_store:/var/log/persisted-logs
     logging:
       driver: json-file
       options:
@@ -276,8 +273,6 @@ services:
     volumes:
       # Not necessary, this is just to reduce download time during startup
       - model_cache_huggingface:/root/.cache/huggingface/
-      # optional, only for debugging purposes
-      - inference_model_server_logs:/var/log
     logging:
       driver: json-file
       options:
@@ -315,8 +310,6 @@ services:
     volumes:
       # Not necessary, this is just to reduce download time during startup
       - indexing_huggingface_model_cache:/root/.cache/huggingface/
-      # optional, only for debugging purposes
-      - indexing_model_server_logs:/var/log
     logging:
       driver: json-file
       options:
@@ -394,8 +387,4 @@ volumes:
   # Created by the container itself
   model_cache_huggingface:
   indexing_huggingface_model_cache:
-  # for logs that we don't want to lose on container restarts
-  api_server_logs:
-  background_logs:
-  inference_model_server_logs:
-  indexing_model_server_logs:
+  log_store:  # for logs that we don't want to lose on container restarts

deployment/docker_compose/docker-compose.multitenant-dev.yml

@@ -244,6 +244,8 @@ services:
     #   - ./bundle.pem:/app/bundle.pem:ro
     extra_hosts:
       - "host.docker.internal:host-gateway"
+    volumes:
+      - log_store:/var/log/persisted-logs
     logging:
       driver: json-file
       options:
@@ -421,3 +423,4 @@ volumes:
 
   model_cache_huggingface:
   indexing_huggingface_model_cache:
+  log_store:  # for logs that we don't want to lose on container restarts

deployment/docker_compose/docker-compose.prod-cloud.yml

@@ -54,6 +54,9 @@ services:
       - INDEXING_MODEL_SERVER_HOST=${INDEXING_MODEL_SERVER_HOST:-indexing_model_server}
     extra_hosts:
       - "host.docker.internal:host-gateway"
+    # optional, only for debugging purposes
+    volumes:
+      - log_store:/var/log/persisted-logs
     logging:
       driver: json-file
       options:
@@ -233,3 +236,4 @@ volumes:
   # Created by the container itself
   model_cache_huggingface:
   indexing_huggingface_model_cache:
+  log_store:  # for logs that we don't want to lose on container restarts

deployment/docker_compose/docker-compose.prod-no-letsencrypt.yml

@@ -36,10 +36,6 @@ services:
       options:
         max-size: "50m"
         max-file: "6"
-    volumes:
-      # optional, only for debugging purposes
-      - api_server_logs:/var/log
-
 
   background:
     image: onyxdotapp/onyx-backend:${IMAGE_TAG:-latest}
@@ -73,7 +69,7 @@ services:
     extra_hosts:
       - "host.docker.internal:host-gateway"
     volumes:
-      - background_logs:/var/log
+      - log_store:/var/log/persisted-logs
     logging:
       driver: json-file
       options:
@@ -126,8 +122,6 @@ services:
     volumes:
       # Not necessary, this is just to reduce download time during startup
       - model_cache_huggingface:/root/.cache/huggingface/
-      # optional, only for debugging purposes
-      - inference_model_server_logs:/var/log
     logging:
       driver: json-file
       options:
@@ -156,8 +150,6 @@ services:
     volumes:
       # Not necessary, this is just to reduce download time during startup
       - indexing_huggingface_model_cache:/root/.cache/huggingface/
-      # optional, only for debugging purposes
-      - indexing_model_server_logs:/var/log
     logging:
       driver: json-file
       options:
@@ -239,8 +231,4 @@ volumes:
   # Created by the container itself
   model_cache_huggingface:
   indexing_huggingface_model_cache:
-  # for logs that we don't want to lose on container restarts
-  api_server_logs:  
-  background_logs:
-  inference_model_server_logs:
-  indexing_model_server_logs:
+  log_store:  # for logs that we don't want to lose on container restarts

deployment/docker_compose/docker-compose.prod.yml

@@ -32,14 +32,13 @@ services:
     #   - ./bundle.pem:/app/bundle.pem:ro
     extra_hosts:
       - "host.docker.internal:host-gateway"
+    volumes:
+      - log_store:/var/log/persisted-logs
     logging:
       driver: json-file
       options:
         max-size: "50m"
         max-file: "6"
-    volumes:
-      - api_server_logs:/var/log
-
   background:
     image: onyxdotapp/onyx-backend:${IMAGE_TAG:-latest}
     build:
@@ -77,7 +76,7 @@ services:
     extra_hosts:
       - "host.docker.internal:host-gateway"
     volumes:
-      - background_logs:/var/log
+      - log_store:/var/log/persisted-logs
     logging:
       driver: json-file
       options:
@@ -153,8 +152,6 @@ services:
     volumes:
       # Not necessary, this is just to reduce download time during startup
       - model_cache_huggingface:/root/.cache/huggingface/
-      # optional, only for debugging purposes
-      - inference_model_server_logs:/var/log
     logging:
       driver: json-file
       options:
@@ -183,8 +180,6 @@ services:
     volumes:
       # Not necessary, this is just to reduce download time during startup
       - indexing_huggingface_model_cache:/root/.cache/huggingface/
-      # optional, only for debugging purposes
-      - indexing_model_server_logs:/var/log
     logging:
       driver: json-file
       options:
@@ -269,8 +264,4 @@ volumes:
   # Created by the container itself
   model_cache_huggingface:
   indexing_huggingface_model_cache:
-  # for logs that we don't want to lose on container restarts
-  api_server_logs:
-  background_logs:
-  inference_model_server_logs:
-  indexing_model_server_logs:
+  log_store:  # for logs that we don't want to lose on container restarts

deployment/docker_compose/docker-compose.search-testing.yml

@@ -63,7 +63,7 @@ services:
     extra_hosts:
       - "host.docker.internal:host-gateway"
     volumes:
-      - log_store:/var/log
+      - log_store:/var/log/persisted-logs
     logging:
       driver: json-file
       options:

web/src/app/admin/actions/ActionTable.tsx

@@ -45,7 +45,7 @@ export function ActionsTable({ tools }: { tools: ToolSnapshot[] }) {
                       className="mr-1 my-auto cursor-pointer"
                       onClick={() =>
                         router.push(
-                          `/admin/actions/edit/${tool.id}?u=${Date.now()}`
+                          `/admin/tools/edit/${tool.id}?u=${Date.now()}`
                         )
                       }
                     />

web/src/app/admin/assistants/AssistantEditor.tsx

@@ -1079,7 +1079,7 @@ export function AssistantEditor({
                           </Tooltip>
                         </TooltipProvider>
                         <span className="text-sm ml-2">
-                          Organization Public
+                          {values.is_public ? "Public" : "Private"}
                         </span>
                       </div>
 
@@ -1088,22 +1088,17 @@ export function AssistantEditor({
                           <InfoIcon size={16} className="mr-2" />
                           <span className="text-sm">
                             Default persona must be public. Visibility has been
-                            automatically set to organization public.
+                            automatically set to public.
                           </span>
                         </div>
                       )}
 
                       {values.is_public ? (
                         <p className="text-sm text-text-dark">
-                          This assistant will be available to everyone in your
-                          organization
+                          Anyone from your team can view and use this assistant
                         </p>
                       ) : (
                         <>
-                          <p className="text-sm text-text-dark mb-2">
-                            This assistant will only be available to specific
-                            users and groups
-                          </p>
                           <div className="mt-2">
                             <Label className="mb-2" small>
                               Share with Users and Groups

web/src/app/admin/connectors/[connector]/AddConnectorPage.tsx

@@ -281,7 +281,7 @@ export default function AddConnector({
   return (
     <Formik
       initialValues={{
-        ...createConnectorInitialValues(connector, currentCredential),
+        ...createConnectorInitialValues(connector),
         ...Object.fromEntries(
           connectorConfigs[connector].advanced_values.map((field) => [
             field.name,

web/src/app/auth/login/EmailPasswordForm.tsx

@@ -100,10 +100,7 @@ export function EmailPasswordForm({
               // server-side provider values)
               window.location.href = "/auth/waiting-on-verification";
             } else {
-              // The searchparam is purely for multi tenant developement purposes.
-              // It replicates the behavior of the case where a user
-              // has signed up with email / password as the only user to an instance
-              // and has just completed verification
+              // See above comment
               window.location.href = nextUrl
                 ? encodeURI(nextUrl)
                 : `/chat${isSignup && !isJoin ? "?new_team=true" : ""}`;

web/src/app/auth/verify-email/Verify.tsx

@@ -7,7 +7,7 @@ import Text from "@/components/ui/text";
 import { RequestNewVerificationEmail } from "../waiting-on-verification/RequestNewVerificationEmail";
 import { User } from "@/lib/types";
 import { Logo } from "@/components/logo/Logo";
-import { NEXT_PUBLIC_CLOUD_ENABLED } from "@/lib/constants";
+
 export function Verify({ user }: { user: User | null }) {
   const searchParams = useSearchParams();
   const router = useRouter();
@@ -16,8 +16,6 @@ export function Verify({ user }: { user: User | null }) {
 
   const verify = useCallback(async () => {
     const token = searchParams.get("token");
-    const firstUser =
-      searchParams.get("first_user") && NEXT_PUBLIC_CLOUD_ENABLED;
     if (!token) {
       setError(
         "Missing verification token. Try requesting a new verification email."
@@ -37,7 +35,7 @@ export function Verify({ user }: { user: User | null }) {
       // Use window.location.href to force a full page reload,
       // ensuring app re-initializes with the new state (including
       // server-side provider values)
-      window.location.href = firstUser ? "/chat?new_team=true" : "/chat";
+      window.location.href = "/";
     } else {
       const errorDetail = (await response.json()).detail;
       setError(