refactor: migrate ModalHeader to Content layout

Modal.Header now uses opal Content component for icon + title rendering.
Description passed to Content directly with a hidden
DialogPrimitive.Description for accessibility. Close button absolutely
positioned per Figma mocks.

.github/actions/build-integration-image/action.yml

@@ -54,7 +54,6 @@ runs:
       shell: bash
       env:
         RUNS_ON_ECR_CACHE: ${{ inputs.runs-on-ecr-cache }}
-        INTEGRATION_REPOSITORY: ${{ inputs.runs-on-ecr-cache }}
         TAG: nightly-llm-it-${{ inputs.run-id }}
         CACHE_SUFFIX: ${{ steps.format-branch.outputs.cache-suffix }}
         HEAD_SHA: ${{ inputs.github-sha }}

.github/workflows/deployment.yml

@@ -426,9 +426,8 @@ jobs:
             ONYX_VERSION=${{ github.ref_name }}
             NODE_OPTIONS=--max-old-space-size=8192
           cache-from: |
-            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:web-cache-amd64
-            type=registry,ref=${{ env.REGISTRY_IMAGE }}:edge
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:latest
+            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:web-cache-amd64
           cache-to: |
             type=inline
             type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:web-cache-amd64,mode=max
@@ -500,9 +499,8 @@ jobs:
             ONYX_VERSION=${{ github.ref_name }}
             NODE_OPTIONS=--max-old-space-size=8192
           cache-from: |
-            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:web-cache-arm64
-            type=registry,ref=${{ env.REGISTRY_IMAGE }}:edge
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:latest
+            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:web-cache-arm64
           cache-to: |
             type=inline
             type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:web-cache-arm64,mode=max
@@ -648,8 +646,8 @@ jobs:
             NEXT_PUBLIC_INCLUDE_ERROR_POPUP_SUPPORT_LINK=true
             NODE_OPTIONS=--max-old-space-size=8192
           cache-from: |
-            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:cloudweb-cache-amd64
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:latest
+            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:cloudweb-cache-amd64
           cache-to: |
             type=inline
             type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:cloudweb-cache-amd64,mode=max
@@ -730,8 +728,8 @@ jobs:
             NEXT_PUBLIC_INCLUDE_ERROR_POPUP_SUPPORT_LINK=true
             NODE_OPTIONS=--max-old-space-size=8192
           cache-from: |
-            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:cloudweb-cache-arm64
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:latest
+            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:cloudweb-cache-arm64
           cache-to: |
             type=inline
             type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:cloudweb-cache-arm64,mode=max
@@ -864,9 +862,8 @@ jobs:
           build-args: |
             ONYX_VERSION=${{ github.ref_name }}
           cache-from: |
-            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-cache-amd64
-            type=registry,ref=${{ env.REGISTRY_IMAGE }}:edge
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:latest
+            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-cache-amd64
           cache-to: |
             type=inline
             type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-cache-amd64,mode=max
@@ -937,9 +934,8 @@ jobs:
           build-args: |
             ONYX_VERSION=${{ github.ref_name }}
           cache-from: |
-            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-cache-arm64
-            type=registry,ref=${{ env.REGISTRY_IMAGE }}:edge
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:latest
+            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-cache-arm64
           cache-to: |
             type=inline
             type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-cache-arm64,mode=max
@@ -1076,8 +1072,8 @@ jobs:
             ONYX_VERSION=${{ github.ref_name }}
             ENABLE_CRAFT=true
           cache-from: |
-            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-craft-cache-amd64
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:latest
+            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-craft-cache-amd64
           cache-to: |
             type=inline
             type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-craft-cache-amd64,mode=max
@@ -1149,8 +1145,8 @@ jobs:
             ONYX_VERSION=${{ github.ref_name }}
             ENABLE_CRAFT=true
           cache-from: |
-            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-craft-cache-arm64
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:latest
+            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-craft-cache-arm64
           cache-to: |
             type=inline
             type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:backend-craft-cache-arm64,mode=max
@@ -1291,9 +1287,8 @@ jobs:
           build-args: |
             ONYX_VERSION=${{ github.ref_name }}
           cache-from: |
-            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:model-server-cache-amd64
-            type=registry,ref=${{ env.REGISTRY_IMAGE }}:edge
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:latest
+            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:model-server-cache-amd64
           cache-to: |
             type=inline
             type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:model-server-cache-amd64,mode=max
@@ -1371,9 +1366,8 @@ jobs:
           build-args: |
             ONYX_VERSION=${{ github.ref_name }}
           cache-from: |
-            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:model-server-cache-arm64
-            type=registry,ref=${{ env.REGISTRY_IMAGE }}:edge
             type=registry,ref=${{ env.REGISTRY_IMAGE }}:latest
+            type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:model-server-cache-arm64
           cache-to: |
             type=inline
             type=registry,ref=${{ env.RUNS_ON_ECR_CACHE }}:model-server-cache-arm64,mode=max

.github/workflows/nightly-llm-provider-chat.yml

@@ -15,9 +15,6 @@ permissions:
 jobs:
   provider-chat-test:
     uses: ./.github/workflows/reusable-nightly-llm-provider-chat.yml
-    permissions:
-      contents: read
-      id-token: write
     with:
       openai_models: ${{ vars.NIGHTLY_LLM_OPENAI_MODELS }}
       anthropic_models: ${{ vars.NIGHTLY_LLM_ANTHROPIC_MODELS }}
@@ -28,6 +25,16 @@ jobs:
       ollama_models: ${{ vars.NIGHTLY_LLM_OLLAMA_MODELS }}
       openrouter_models: ${{ vars.NIGHTLY_LLM_OPENROUTER_MODELS }}
       strict: true
+    secrets:
+      openai_api_key: ${{ secrets.OPENAI_API_KEY }}
+      anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+      bedrock_api_key: ${{ secrets.BEDROCK_API_KEY }}
+      vertex_ai_custom_config_json: ${{ secrets.NIGHTLY_LLM_VERTEX_AI_CUSTOM_CONFIG_JSON }}
+      azure_api_key: ${{ secrets.AZURE_API_KEY }}
+      ollama_api_key: ${{ secrets.OLLAMA_API_KEY }}
+      openrouter_api_key: ${{ secrets.OPENROUTER_API_KEY }}
+      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+      DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
 
   notify-slack-on-failure:
     needs: [provider-chat-test]

.github/workflows/pr-external-dependency-unit-tests.yml

@@ -160,7 +160,7 @@ jobs:
           cd deployment/docker_compose
 
           # Get list of running containers
-          containers=$(docker compose -f docker-compose.yml -f docker-compose.dev.yml ps -q)
+          containers=$(docker compose -f docker-compose.yml -f docker-compose.dev.yml -f docker-compose.opensearch.yml ps -q)
 
           # Collect logs from each container
           for container in $containers; do

.github/workflows/pr-python-checks.yml

@@ -8,7 +8,7 @@ on:
   pull_request:
     branches:
       - main
-      - "release/**"
+      - 'release/**'
   push:
     tags:
       - "v*.*.*"
@@ -21,13 +21,7 @@ jobs:
     # See https://runs-on.com/runners/linux/
     # Note: Mypy seems quite optimized for x64 compared to arm64.
     # Similarly, mypy is single-threaded and incremental, so 2cpu is sufficient.
-    runs-on:
-      [
-        runs-on,
-        runner=2cpu-linux-x64,
-        "run-id=${{ github.run_id }}-mypy-check",
-        "extras=s3-cache",
-      ]
+    runs-on: [runs-on, runner=2cpu-linux-x64, "run-id=${{ github.run_id }}-mypy-check", "extras=s3-cache"]
     timeout-minutes: 45
 
     steps:
@@ -58,14 +52,21 @@ jobs:
         if: ${{ vars.DISABLE_MYPY_CACHE != 'true' }}
         uses: runs-on/cache@50350ad4242587b6c8c2baa2e740b1bc11285ff4 # ratchet:runs-on/cache@v4
         with:
-          path: .mypy_cache
-          key: mypy-${{ runner.os }}-${{ github.base_ref || github.event.merge_group.base_ref || 'main' }}-${{ hashFiles('**/*.py', '**/*.pyi', 'pyproject.toml') }}
+          path: backend/.mypy_cache
+          key: mypy-${{ runner.os }}-${{ github.base_ref || github.event.merge_group.base_ref || 'main' }}-${{ hashFiles('**/*.py', '**/*.pyi', 'backend/pyproject.toml') }}
           restore-keys: |
             mypy-${{ runner.os }}-${{ github.base_ref || github.event.merge_group.base_ref || 'main' }}-
             mypy-${{ runner.os }}-
 
       - name: Run MyPy
+        working-directory: ./backend
         env:
           MYPY_FORCE_COLOR: 1
           TERM: xterm-256color
         run: mypy .
+
+      - name: Run MyPy (tools/)
+        env:
+          MYPY_FORCE_COLOR: 1
+          TERM: xterm-256color
+        run: mypy tools/

.github/workflows/reusable-nightly-llm-provider-chat.yml

@@ -48,10 +48,28 @@ on:
         required: false
         default: true
         type: boolean
+    secrets:
+      openai_api_key:
+        required: false
+      anthropic_api_key:
+        required: false
+      bedrock_api_key:
+        required: false
+      vertex_ai_custom_config_json:
+        required: false
+      azure_api_key:
+        required: false
+      ollama_api_key:
+        required: false
+      openrouter_api_key:
+        required: false
+      DOCKER_USERNAME:
+        required: true
+      DOCKER_TOKEN:
+        required: true
 
 permissions:
   contents: read
-  id-token: write
 
 jobs:
   build-backend-image:
@@ -63,7 +81,6 @@ jobs:
         "extras=ecr-cache",
       ]
     timeout-minutes: 45
-    environment: ci-protected
     steps:
       - uses: runs-on/action@cd2b598b0515d39d78c38a02d529db87d2196d1e # ratchet:runs-on/action@v2
 
@@ -72,19 +89,6 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708
-        with:
-          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
-          aws-region: us-east-2
-
-      - name: Get AWS Secrets
-        uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802
-        with:
-          secret-ids: |
-            DOCKER_USERNAME, test/docker-username
-            DOCKER_TOKEN, test/docker-token
-
       - name: Build backend image
         uses: ./.github/actions/build-backend-image
         with:
@@ -93,8 +97,8 @@ jobs:
           pr-number: ${{ github.event.pull_request.number }}
           github-sha: ${{ github.sha }}
           run-id: ${{ github.run_id }}
-          docker-username: ${{ env.DOCKER_USERNAME }}
-          docker-token: ${{ env.DOCKER_TOKEN }}
+          docker-username: ${{ secrets.DOCKER_USERNAME }}
+          docker-token: ${{ secrets.DOCKER_TOKEN }}
           docker-no-cache: ${{ vars.DOCKER_NO_CACHE == 'true' && 'true' || 'false' }}
 
   build-model-server-image:
@@ -106,7 +110,6 @@ jobs:
         "extras=ecr-cache",
       ]
     timeout-minutes: 45
-    environment: ci-protected
     steps:
       - uses: runs-on/action@cd2b598b0515d39d78c38a02d529db87d2196d1e # ratchet:runs-on/action@v2
 
@@ -115,19 +118,6 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708
-        with:
-          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
-          aws-region: us-east-2
-
-      - name: Get AWS Secrets
-        uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802
-        with:
-          secret-ids: |
-            DOCKER_USERNAME, test/docker-username
-            DOCKER_TOKEN, test/docker-token
-
       - name: Build model server image
         uses: ./.github/actions/build-model-server-image
         with:
@@ -136,8 +126,8 @@ jobs:
           pr-number: ${{ github.event.pull_request.number }}
           github-sha: ${{ github.sha }}
           run-id: ${{ github.run_id }}
-          docker-username: ${{ env.DOCKER_USERNAME }}
-          docker-token: ${{ env.DOCKER_TOKEN }}
+          docker-username: ${{ secrets.DOCKER_USERNAME }}
+          docker-token: ${{ secrets.DOCKER_TOKEN }}
 
   build-integration-image:
     runs-on:
@@ -148,7 +138,6 @@ jobs:
         "extras=ecr-cache",
       ]
     timeout-minutes: 45
-    environment: ci-protected
     steps:
       - uses: runs-on/action@cd2b598b0515d39d78c38a02d529db87d2196d1e # ratchet:runs-on/action@v2
 
@@ -157,19 +146,6 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708
-        with:
-          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
-          aws-region: us-east-2
-
-      - name: Get AWS Secrets
-        uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802
-        with:
-          secret-ids: |
-            DOCKER_USERNAME, test/docker-username
-            DOCKER_TOKEN, test/docker-token
-
       - name: Build integration image
         uses: ./.github/actions/build-integration-image
         with:
@@ -178,8 +154,8 @@ jobs:
           pr-number: ${{ github.event.pull_request.number }}
           github-sha: ${{ github.sha }}
           run-id: ${{ github.run_id }}
-          docker-username: ${{ env.DOCKER_USERNAME }}
-          docker-token: ${{ env.DOCKER_TOKEN }}
+          docker-username: ${{ secrets.DOCKER_USERNAME }}
+          docker-token: ${{ secrets.DOCKER_TOKEN }}
 
   provider-chat-test:
     needs:
@@ -194,56 +170,56 @@ jobs:
         include:
           - provider: openai
             models: ${{ inputs.openai_models }}
-            api_key_env: OPENAI_API_KEY
-            custom_config_env: ""
+            api_key_secret: openai_api_key
+            custom_config_secret: ""
             api_base: ""
             api_version: ""
             deployment_name: ""
             required: true
           - provider: anthropic
             models: ${{ inputs.anthropic_models }}
-            api_key_env: ANTHROPIC_API_KEY
-            custom_config_env: ""
+            api_key_secret: anthropic_api_key
+            custom_config_secret: ""
             api_base: ""
             api_version: ""
             deployment_name: ""
             required: true
           - provider: bedrock
             models: ${{ inputs.bedrock_models }}
-            api_key_env: BEDROCK_API_KEY
-            custom_config_env: ""
+            api_key_secret: bedrock_api_key
+            custom_config_secret: ""
             api_base: ""
             api_version: ""
             deployment_name: ""
             required: false
           - provider: vertex_ai
             models: ${{ inputs.vertex_ai_models }}
-            api_key_env: ""
-            custom_config_env: NIGHTLY_LLM_VERTEX_AI_CUSTOM_CONFIG_JSON
+            api_key_secret: ""
+            custom_config_secret: vertex_ai_custom_config_json
             api_base: ""
             api_version: ""
             deployment_name: ""
             required: false
           - provider: azure
             models: ${{ inputs.azure_models }}
-            api_key_env: AZURE_API_KEY
-            custom_config_env: ""
+            api_key_secret: azure_api_key
+            custom_config_secret: ""
             api_base: ${{ inputs.azure_api_base }}
             api_version: "2025-04-01-preview"
             deployment_name: ""
             required: false
           - provider: ollama_chat
             models: ${{ inputs.ollama_models }}
-            api_key_env: OLLAMA_API_KEY
-            custom_config_env: ""
+            api_key_secret: ollama_api_key
+            custom_config_secret: ""
             api_base: "https://ollama.com"
             api_version: ""
             deployment_name: ""
             required: false
           - provider: openrouter
             models: ${{ inputs.openrouter_models }}
-            api_key_env: OPENROUTER_API_KEY
-            custom_config_env: ""
+            api_key_secret: openrouter_api_key
+            custom_config_secret: ""
             api_base: "https://openrouter.ai/api/v1"
             api_version: ""
             deployment_name: ""
@@ -254,7 +230,6 @@ jobs:
       - "run-id=${{ github.run_id }}-nightly-${{ matrix.provider }}-provider-chat-test"
       - extras=ecr-cache
     timeout-minutes: 45
-    environment: ci-protected
     steps:
       - uses: runs-on/action@cd2b598b0515d39d78c38a02d529db87d2196d1e # ratchet:runs-on/action@v2
 
@@ -263,43 +238,21 @@ jobs:
         with:
           persist-credentials: false
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708
-        with:
-          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
-          aws-region: us-east-2
-
-      - name: Get AWS Secrets
-        uses: aws-actions/aws-secretsmanager-get-secrets@a9a7eb4e2f2871d30dc5b892576fde60a2ecc802
-        with:
-          # Keep JSON values unparsed so vertex custom config is passed as raw JSON.
-          parse-json-secrets: false
-          secret-ids: |
-            DOCKER_USERNAME, test/docker-username
-            DOCKER_TOKEN, test/docker-token
-            OPENAI_API_KEY, test/openai-api-key
-            ANTHROPIC_API_KEY, test/anthropic-api-key
-            BEDROCK_API_KEY, test/bedrock-api-key
-            NIGHTLY_LLM_VERTEX_AI_CUSTOM_CONFIG_JSON, test/nightly-llm-vertex-ai-custom-config-json
-            AZURE_API_KEY, test/azure-api-key
-            OLLAMA_API_KEY, test/ollama-api-key
-            OPENROUTER_API_KEY, test/openrouter-api-key
-
       - name: Run nightly provider chat test
         uses: ./.github/actions/run-nightly-provider-chat-test
         with:
           provider: ${{ matrix.provider }}
           models: ${{ matrix.models }}
-          provider-api-key: ${{ matrix.api_key_env && env[matrix.api_key_env] || '' }}
+          provider-api-key: ${{ matrix.api_key_secret && secrets[matrix.api_key_secret] || '' }}
           strict: ${{ inputs.strict && 'true' || 'false' }}
           api-base: ${{ matrix.api_base }}
           api-version: ${{ matrix.api_version }}
           deployment-name: ${{ matrix.deployment_name }}
-          custom-config-json: ${{ matrix.custom_config_env && env[matrix.custom_config_env] || '' }}
+          custom-config-json: ${{ matrix.custom_config_secret && secrets[matrix.custom_config_secret] || '' }}
           runs-on-ecr-cache: ${{ env.RUNS_ON_ECR_CACHE }}
           run-id: ${{ github.run_id }}
-          docker-username: ${{ env.DOCKER_USERNAME }}
-          docker-token: ${{ env.DOCKER_TOKEN }}
+          docker-username: ${{ secrets.DOCKER_USERNAME }}
+          docker-token: ${{ secrets.DOCKER_TOKEN }}
 
       - name: Dump API server logs
         if: always()

backend/alembic/versions/4a1e4b1c89d2_add_indexing_to_userfilestatus.py

@@ -1,51 +0,0 @@
-"""Add INDEXING to UserFileStatus
-
-Revision ID: 4a1e4b1c89d2
-Revises: 6b3b4083c5aa
-Create Date: 2026-02-28 00:00:00.000000
-
-"""
-
-import sqlalchemy as sa
-from alembic import op
-
-revision = "4a1e4b1c89d2"
-down_revision = "6b3b4083c5aa"
-branch_labels = None
-depends_on = None
-
-TABLE = "user_file"
-COLUMN = "status"
-CONSTRAINT_NAME = "ck_user_file_status"
-
-OLD_VALUES = ("PROCESSING", "COMPLETED", "FAILED", "CANCELED", "DELETING")
-NEW_VALUES = ("PROCESSING", "INDEXING", "COMPLETED", "FAILED", "CANCELED", "DELETING")
-
-
-def _drop_status_check_constraint() -> None:
-    """Drop the existing CHECK constraint on user_file.status.
-
-    The constraint name is auto-generated by SQLAlchemy and unknown,
-    so we look it up via the inspector.
-    """
-    inspector = sa.inspect(op.get_bind())
-    for constraint in inspector.get_check_constraints(TABLE):
-        if COLUMN in constraint.get("sqltext", ""):
-            constraint_name = constraint["name"]
-            if constraint_name is not None:
-                op.drop_constraint(constraint_name, TABLE, type_="check")
-
-
-def upgrade() -> None:
-    _drop_status_check_constraint()
-    in_clause = ", ".join(f"'{v}'" for v in NEW_VALUES)
-    op.create_check_constraint(CONSTRAINT_NAME, TABLE, f"{COLUMN} IN ({in_clause})")
-
-
-def downgrade() -> None:
-    op.execute(
-        f"UPDATE {TABLE} SET {COLUMN} = 'PROCESSING' WHERE {COLUMN} = 'INDEXING'"
-    )
-    op.drop_constraint(CONSTRAINT_NAME, TABLE, type_="check")
-    in_clause = ", ".join(f"'{v}'" for v in OLD_VALUES)
-    op.create_check_constraint(CONSTRAINT_NAME, TABLE, f"{COLUMN} IN ({in_clause})")

backend/alembic/versions/6b3b4083c5aa_persona_cleanup_and_featured.py

@@ -1,112 +0,0 @@
-"""persona cleanup and featured
-
-Revision ID: 6b3b4083c5aa
-Revises: 57122d037335
-Create Date: 2026-02-26 12:00:00.000000
-
-"""
-
-from alembic import op
-import sqlalchemy as sa
-
-
-# revision identifiers, used by Alembic.
-revision = "6b3b4083c5aa"
-down_revision = "57122d037335"
-branch_labels = None
-depends_on = None
-
-
-def upgrade() -> None:
-    # Add featured column with nullable=True first
-    op.add_column("persona", sa.Column("featured", sa.Boolean(), nullable=True))
-
-    # Migrate data from is_default_persona to featured
-    op.execute("UPDATE persona SET featured = is_default_persona")
-
-    # Make featured non-nullable with default=False
-    op.alter_column(
-        "persona",
-        "featured",
-        existing_type=sa.Boolean(),
-        nullable=False,
-        server_default=sa.false(),
-    )
-
-    # Drop is_default_persona column
-    op.drop_column("persona", "is_default_persona")
-
-    # Drop unused columns
-    op.drop_column("persona", "num_chunks")
-    op.drop_column("persona", "chunks_above")
-    op.drop_column("persona", "chunks_below")
-    op.drop_column("persona", "llm_relevance_filter")
-    op.drop_column("persona", "llm_filter_extraction")
-    op.drop_column("persona", "recency_bias")
-
-
-def downgrade() -> None:
-    # Add back recency_bias column
-    op.add_column(
-        "persona",
-        sa.Column(
-            "recency_bias",
-            sa.VARCHAR(),
-            nullable=False,
-            server_default="base_decay",
-        ),
-    )
-
-    # Add back llm_filter_extraction column
-    op.add_column(
-        "persona",
-        sa.Column(
-            "llm_filter_extraction",
-            sa.Boolean(),
-            nullable=False,
-            server_default=sa.false(),
-        ),
-    )
-
-    # Add back llm_relevance_filter column
-    op.add_column(
-        "persona",
-        sa.Column(
-            "llm_relevance_filter",
-            sa.Boolean(),
-            nullable=False,
-            server_default=sa.false(),
-        ),
-    )
-
-    # Add back chunks_below column
-    op.add_column(
-        "persona",
-        sa.Column("chunks_below", sa.Integer(), nullable=False, server_default="0"),
-    )
-
-    # Add back chunks_above column
-    op.add_column(
-        "persona",
-        sa.Column("chunks_above", sa.Integer(), nullable=False, server_default="0"),
-    )
-
-    # Add back num_chunks column
-    op.add_column("persona", sa.Column("num_chunks", sa.Float(), nullable=True))
-
-    # Add back is_default_persona column
-    op.add_column(
-        "persona",
-        sa.Column(
-            "is_default_persona",
-            sa.Boolean(),
-            nullable=False,
-            server_default=sa.false(),
-        ),
-    )
-
-    # Migrate data from featured to is_default_persona
-    op.execute("UPDATE persona SET is_default_persona = featured")
-
-    # Drop featured column
-    op.drop_column("persona", "featured")

backend/ee/onyx/main.py

@@ -31,7 +31,6 @@ from ee.onyx.server.query_and_chat.query_backend import (
 from ee.onyx.server.query_and_chat.search_backend import router as search_router
 from ee.onyx.server.query_history.api import router as query_history_router
 from ee.onyx.server.reporting.usage_export_api import router as usage_export_router
-from ee.onyx.server.scim.api import register_scim_exception_handlers
 from ee.onyx.server.scim.api import scim_router
 from ee.onyx.server.seeding import seed_db
 from ee.onyx.server.tenants.api import router as tenants_router
@@ -168,7 +167,6 @@ def get_application() -> FastAPI:
     # they use their own SCIM bearer token auth).
     # Not behind APP_API_PREFIX because IdPs expect /scim/v2/... directly.
     application.include_router(scim_router)
-    register_scim_exception_handlers(application)
 
     # Ensure all routes have auth enabled or are explicitly marked as public
     check_ee_router_auth(application)

backend/ee/onyx/server/scim/api.py

@@ -15,9 +15,7 @@ from uuid import UUID
 
 from fastapi import APIRouter
 from fastapi import Depends
-from fastapi import FastAPI
 from fastapi import Query
-from fastapi import Request
 from fastapi import Response
 from fastapi.responses import JSONResponse
 from fastapi_users.password import PasswordHelper
@@ -26,7 +24,6 @@ from sqlalchemy.exc import IntegrityError
 from sqlalchemy.orm import Session
 
 from ee.onyx.db.scim import ScimDAL
-from ee.onyx.server.scim.auth import ScimAuthError
 from ee.onyx.server.scim.auth import verify_scim_token
 from ee.onyx.server.scim.filtering import parse_scim_filter
 from ee.onyx.server.scim.models import SCIM_LIST_RESPONSE_SCHEMA
@@ -80,22 +77,6 @@ scim_router = APIRouter(prefix="/scim/v2", tags=["SCIM"])
 _pw_helper = PasswordHelper()
 
 
-def register_scim_exception_handlers(app: FastAPI) -> None:
-    """Register SCIM-specific exception handlers on the FastAPI app.
-
-    Call this after ``app.include_router(scim_router)`` so that auth
-    failures from ``verify_scim_token`` return RFC 7644 §3.12 error
-    envelopes (with ``schemas`` and ``status`` fields) instead of
-    FastAPI's default ``{"detail": "..."}`` format.
-    """
-
-    @app.exception_handler(ScimAuthError)
-    async def _handle_scim_auth_error(
-        _request: Request, exc: ScimAuthError
-    ) -> ScimJSONResponse:
-        return _scim_error_response(exc.status_code, exc.detail)
-
-
 def _get_provider(
     _token: ScimToken = Depends(verify_scim_token),
 ) -> ScimProvider:
@@ -423,6 +404,12 @@ def create_user(
 
     email = user_resource.userName.strip()
 
+    # externalId is how the IdP correlates this user on subsequent requests.
+    # Without it, the IdP can't find the user and will try to re-create,
+    # hitting a 409 conflict — so we require it up front.
+    if not user_resource.externalId:
+        return _scim_error_response(400, "externalId is required")
+
     # Enforce seat limit
     seat_error = _check_seat_availability(dal)
     if seat_error:
@@ -449,19 +436,16 @@ def create_user(
         dal.rollback()
         return _scim_error_response(409, f"User with email {email} already exists")
 
-    # Create SCIM mapping when externalId is provided — this is how the IdP
-    # correlates this user on subsequent requests.  Per RFC 7643, externalId
-    # is optional and assigned by the provisioning client.
+    # Create SCIM mapping (externalId is validated above, always present)
     external_id = user_resource.externalId
     scim_username = user_resource.userName.strip()
     fields = _fields_from_resource(user_resource)
-    if external_id:
-        dal.create_user_mapping(
-            external_id=external_id,
-            user_id=user.id,
-            scim_username=scim_username,
-            fields=fields,
-        )
+    dal.create_user_mapping(
+        external_id=external_id,
+        user_id=user.id,
+        scim_username=scim_username,
+        fields=fields,
+    )
 
     dal.commit()
 

backend/ee/onyx/server/scim/auth.py

@@ -19,6 +19,7 @@ import hashlib
 import secrets
 
 from fastapi import Depends
+from fastapi import HTTPException
 from fastapi import Request
 from sqlalchemy.orm import Session
 
@@ -27,21 +28,6 @@ from onyx.auth.utils import get_hashed_bearer_token_from_request
 from onyx.db.engine.sql_engine import get_session
 from onyx.db.models import ScimToken
 
-
-class ScimAuthError(Exception):
-    """Raised when SCIM bearer token authentication fails.
-
-    Unlike HTTPException, this carries the status and detail so the SCIM
-    exception handler can wrap them in an RFC 7644 §3.12 error envelope
-    with ``schemas`` and ``status`` fields.
-    """
-
-    def __init__(self, status_code: int, detail: str) -> None:
-        self.status_code = status_code
-        self.detail = detail
-        super().__init__(detail)
-
-
 SCIM_TOKEN_PREFIX = "onyx_scim_"
 SCIM_TOKEN_LENGTH = 48
 
@@ -96,14 +82,23 @@ def verify_scim_token(
     """
     hashed = _get_hashed_scim_token_from_request(request)
     if not hashed:
-        raise ScimAuthError(401, "Missing or invalid SCIM bearer token")
+        raise HTTPException(
+            status_code=401,
+            detail="Missing or invalid SCIM bearer token",
+        )
 
     token = dal.get_token_by_hash(hashed)
 
     if not token:
-        raise ScimAuthError(401, "Invalid SCIM bearer token")
+        raise HTTPException(
+            status_code=401,
+            detail="Invalid SCIM bearer token",
+        )
 
     if not token.is_active:
-        raise ScimAuthError(401, "SCIM token has been revoked")
+        raise HTTPException(
+            status_code=401,
+            detail="SCIM token has been revoked",
+        )
 
     return token

backend/ee/onyx/server/scim/providers/base.py

@@ -153,28 +153,26 @@ class ScimProvider(ABC):
         self,
         user: User,
         fields: ScimMappingFields,
-    ) -> ScimName:
+    ) -> ScimName | None:
         """Build SCIM name components for the response.
 
         Round-trips stored ``given_name``/``family_name`` when available (so
         the IdP gets back what it sent). Falls back to splitting
         ``personal_name`` for users provisioned before we stored components.
-        Always returns a ScimName — Okta's spec tests expect ``name``
-        (with ``givenName``/``familyName``) on every user resource.
         Providers may override for custom behavior.
         """
         if fields.given_name is not None or fields.family_name is not None:
             return ScimName(
-                givenName=fields.given_name or "",
-                familyName=fields.family_name or "",
-                formatted=user.personal_name or "",
+                givenName=fields.given_name,
+                familyName=fields.family_name,
+                formatted=user.personal_name,
             )
         if not user.personal_name:
-            return ScimName(givenName="", familyName="", formatted="")
+            return None
         parts = user.personal_name.split(" ", 1)
         return ScimName(
             givenName=parts[0],
-            familyName=parts[1] if len(parts) > 1 else "",
+            familyName=parts[1] if len(parts) > 1 else None,
             formatted=user.personal_name,
         )
 

backend/ee/onyx/server/seeding.py

@@ -18,6 +18,7 @@ from ee.onyx.server.enterprise_settings.store import (
     store_settings as store_ee_settings,
 )
 from ee.onyx.server.enterprise_settings.store import upload_logo
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.engine.sql_engine import get_session_with_current_tenant
 from onyx.db.llm import fetch_existing_llm_provider
 from onyx.db.llm import update_default_provider
@@ -160,6 +161,12 @@ def _seed_personas(db_session: Session, personas: list[PersonaUpsertRequest]) ->
                     user=None,  # Seeding is done as admin
                     name=persona.name,
                     description=persona.description,
+                    num_chunks=(
+                        persona.num_chunks if persona.num_chunks is not None else 0.0
+                    ),
+                    llm_relevance_filter=persona.llm_relevance_filter,
+                    llm_filter_extraction=persona.llm_filter_extraction,
+                    recency_bias=RecencyBiasSetting.AUTO,
                     document_set_ids=persona.document_set_ids,
                     llm_model_provider_override=persona.llm_model_provider_override,
                     llm_model_version_override=persona.llm_model_version_override,
@@ -171,7 +178,6 @@ def _seed_personas(db_session: Session, personas: list[PersonaUpsertRequest]) ->
                     system_prompt=persona.system_prompt,
                     task_prompt=persona.task_prompt,
                     datetime_aware=persona.datetime_aware,
-                    featured=persona.featured,
                     commit=False,
                 )
             db_session.commit()

backend/onyx/auth/users.py

@@ -543,7 +543,7 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
         result = await db_session.execute(
             select(Persona.id)
             .where(
-                Persona.featured.is_(True),
+                Persona.is_default_persona.is_(True),
                 Persona.is_public.is_(True),
                 Persona.is_visible.is_(True),
                 Persona.deleted.is_(False),
@@ -725,19 +725,11 @@ class UserManager(UUIDIDMixin, BaseUserManager[User, uuid.UUID]):
                         if user_by_session:
                             user = user_by_session
 
-                # If the user is inactive, check seat availability before
-                # upgrading role — otherwise they'd become an inactive BASIC
-                # user who still can't log in.
-                if not user.is_active:
-                    with get_session_with_current_tenant() as sync_db:
-                        enforce_seat_limit(sync_db)
-
                 await self.user_db.update(
                     user,
                     {
                         "is_verified": is_verified_by_default,
                         "role": UserRole.BASIC,
-                        **({"is_active": True} if not user.is_active else {}),
                     },
                 )
 

backend/onyx/background/celery/tasks/beat_schedule.py

@@ -241,7 +241,8 @@ _VECTOR_DB_BEAT_TASK_NAMES: set[str] = {
     "check-for-index-attempt-cleanup",
     "check-for-doc-permissions-sync",
     "check-for-external-group-sync",
-    "migrate-chunks-from-vespa-to-opensearch",
+    "check-for-documents-for-opensearch-migration",
+    "migrate-documents-from-vespa-to-opensearch",
 }
 
 if DISABLE_VECTOR_DB:

backend/onyx/background/celery/tasks/user_file_processing/tasks.py

@@ -414,31 +414,34 @@ def _process_user_file_with_indexing(
         raise RuntimeError(f"Indexing pipeline failed for user file {user_file_id}")
 
 
-def process_user_file_impl(
-    *, user_file_id: str, tenant_id: str, redis_locking: bool
+@shared_task(
+    name=OnyxCeleryTask.PROCESS_SINGLE_USER_FILE,
+    bind=True,
+    ignore_result=True,
+)
+def process_single_user_file(
+    self: Task, *, user_file_id: str, tenant_id: str  # noqa: ARG001
 ) -> None:
-    """Core implementation for processing a single user file.
-
-    When redis_locking=True, acquires a per-file Redis lock and clears the
-    queued-key guard (Celery path).  When redis_locking=False, skips all Redis
-    operations (BackgroundTask path).
-    """
-    task_logger.info(f"process_user_file_impl - Starting id={user_file_id}")
+    task_logger.info(f"process_single_user_file - Starting id={user_file_id}")
     start = time.monotonic()
 
-    file_lock: RedisLock | None = None
-    if redis_locking:
-        redis_client = get_redis_client(tenant_id=tenant_id)
-        redis_client.delete(_user_file_queued_key(user_file_id))
-        file_lock = redis_client.lock(
-            _user_file_lock_key(user_file_id),
-            timeout=CELERY_USER_FILE_PROCESSING_LOCK_TIMEOUT,
+    redis_client = get_redis_client(tenant_id=tenant_id)
+
+    # Clear the "queued" guard set by the beat generator so that the next beat
+    # cycle can re-enqueue this file if it is still in PROCESSING state after
+    # this task completes or fails.
+    redis_client.delete(_user_file_queued_key(user_file_id))
+
+    file_lock: RedisLock = redis_client.lock(
+        _user_file_lock_key(user_file_id),
+        timeout=CELERY_USER_FILE_PROCESSING_LOCK_TIMEOUT,
+    )
+
+    if not file_lock.acquire(blocking=False):
+        task_logger.info(
+            f"process_single_user_file - Lock held, skipping user_file_id={user_file_id}"
         )
-        if file_lock is not None and not file_lock.acquire(blocking=False):
-            task_logger.info(
-                f"process_user_file_impl - Lock held, skipping user_file_id={user_file_id}"
-            )
-            return
+        return None
 
     documents: list[Document] = []
     try:
@@ -446,18 +449,15 @@ def process_user_file_impl(
             uf = db_session.get(UserFile, _as_uuid(user_file_id))
             if not uf:
                 task_logger.warning(
-                    f"process_user_file_impl - UserFile not found id={user_file_id}"
+                    f"process_single_user_file - UserFile not found id={user_file_id}"
                 )
-                return
+                return None
 
-            if uf.status not in (
-                UserFileStatus.PROCESSING,
-                UserFileStatus.INDEXING,
-            ):
+            if uf.status != UserFileStatus.PROCESSING:
                 task_logger.info(
-                    f"process_user_file_impl - Skipping id={user_file_id} status={uf.status}"
+                    f"process_single_user_file - Skipping id={user_file_id} status={uf.status}"
                 )
-                return
+                return None
 
             connector = LocalFileConnector(
                 file_locations=[uf.file_id],
@@ -471,6 +471,7 @@ def process_user_file_impl(
                         [doc for doc in batch if not isinstance(doc, HierarchyNode)]
                     )
 
+                # update the document id to userfile id in the documents
                 for document in documents:
                     document.id = str(user_file_id)
                     document.source = DocumentSource.USER_FILE
@@ -492,8 +493,9 @@ def process_user_file_impl(
 
             except Exception as e:
                 task_logger.exception(
-                    f"process_user_file_impl - Error processing file id={user_file_id} - {e.__class__.__name__}"
+                    f"process_single_user_file - Error processing file id={user_file_id} - {e.__class__.__name__}"
                 )
+                # don't update the status if the user file is being deleted
                 current_user_file = db_session.get(UserFile, _as_uuid(user_file_id))
                 if (
                     current_user_file
@@ -502,42 +504,33 @@ def process_user_file_impl(
                     uf.status = UserFileStatus.FAILED
                     db_session.add(uf)
                     db_session.commit()
-                return
+                return None
 
         elapsed = time.monotonic() - start
         task_logger.info(
-            f"process_user_file_impl - Finished id={user_file_id} docs={len(documents)} elapsed={elapsed:.2f}s"
+            f"process_single_user_file - Finished id={user_file_id} docs={len(documents)} elapsed={elapsed:.2f}s"
         )
+        return None
     except Exception as e:
+        # Attempt to mark the file as failed
         with get_session_with_current_tenant() as db_session:
             uf = db_session.get(UserFile, _as_uuid(user_file_id))
             if uf:
+                # don't update the status if the user file is being deleted
                 if uf.status != UserFileStatus.DELETING:
                     uf.status = UserFileStatus.FAILED
                 db_session.add(uf)
                 db_session.commit()
 
         task_logger.exception(
-            f"process_user_file_impl - Error processing file id={user_file_id} - {e.__class__.__name__}"
+            f"process_single_user_file - Error processing file id={user_file_id} - {e.__class__.__name__}"
         )
+        return None
     finally:
-        if file_lock is not None and file_lock.owned():
+        if file_lock.owned():
             file_lock.release()
 
 
-@shared_task(
-    name=OnyxCeleryTask.PROCESS_SINGLE_USER_FILE,
-    bind=True,
-    ignore_result=True,
-)
-def process_single_user_file(
-    self: Task, *, user_file_id: str, tenant_id: str  # noqa: ARG001
-) -> None:
-    process_user_file_impl(
-        user_file_id=user_file_id, tenant_id=tenant_id, redis_locking=True
-    )
-
-
 @shared_task(
     name=OnyxCeleryTask.CHECK_FOR_USER_FILE_DELETE,
     soft_time_limit=300,
@@ -588,38 +581,36 @@ def check_for_user_file_delete(self: Task, *, tenant_id: str) -> None:
     return None
 
 
-def delete_user_file_impl(
-    *, user_file_id: str, tenant_id: str, redis_locking: bool
+@shared_task(
+    name=OnyxCeleryTask.DELETE_SINGLE_USER_FILE,
+    bind=True,
+    ignore_result=True,
+)
+def process_single_user_file_delete(
+    self: Task, *, user_file_id: str, tenant_id: str  # noqa: ARG001
 ) -> None:
-    """Core implementation for deleting a single user file.
-
-    When redis_locking=True, acquires a per-file Redis lock (Celery path).
-    When redis_locking=False, skips Redis operations (BackgroundTask path).
-    """
-    task_logger.info(f"delete_user_file_impl - Starting id={user_file_id}")
-
-    file_lock: RedisLock | None = None
-    if redis_locking:
-        redis_client = get_redis_client(tenant_id=tenant_id)
-        file_lock = redis_client.lock(
-            _user_file_delete_lock_key(user_file_id),
-            timeout=CELERY_GENERIC_BEAT_LOCK_TIMEOUT,
+    """Process a single user file delete."""
+    task_logger.info(f"process_single_user_file_delete - Starting id={user_file_id}")
+    redis_client = get_redis_client(tenant_id=tenant_id)
+    file_lock: RedisLock = redis_client.lock(
+        _user_file_delete_lock_key(user_file_id),
+        timeout=CELERY_GENERIC_BEAT_LOCK_TIMEOUT,
+    )
+    if not file_lock.acquire(blocking=False):
+        task_logger.info(
+            f"process_single_user_file_delete - Lock held, skipping user_file_id={user_file_id}"
         )
-        if file_lock is not None and not file_lock.acquire(blocking=False):
-            task_logger.info(
-                f"delete_user_file_impl - Lock held, skipping user_file_id={user_file_id}"
-            )
-            return
-
+        return None
     try:
         with get_session_with_current_tenant() as db_session:
             user_file = db_session.get(UserFile, _as_uuid(user_file_id))
             if not user_file:
                 task_logger.info(
-                    f"delete_user_file_impl - User file not found id={user_file_id}"
+                    f"process_single_user_file_delete - User file not found id={user_file_id}"
                 )
-                return
+                return None
 
+            # 1) Delete vector DB chunks (skip when disabled)
             if not DISABLE_VECTOR_DB:
                 if MANAGED_VESPA:
                     httpx_init_vespa_pool(
@@ -657,6 +648,7 @@ def delete_user_file_impl(
                         chunk_count=chunk_count,
                     )
 
+            # 2) Delete the user-uploaded file content from filestore (blob + metadata)
             file_store = get_default_file_store()
             try:
                 file_store.delete_file(user_file.file_id)
@@ -664,33 +656,26 @@ def delete_user_file_impl(
                     user_file_id_to_plaintext_file_name(user_file.id)
                 )
             except Exception as e:
+                # This block executed only if the file is not found in the filestore
                 task_logger.exception(
-                    f"delete_user_file_impl - Error deleting file id={user_file.id} - {e.__class__.__name__}"
+                    f"process_single_user_file_delete - Error deleting file id={user_file.id} - {e.__class__.__name__}"
                 )
 
+            # 3) Finally, delete the UserFile row
             db_session.delete(user_file)
             db_session.commit()
-            task_logger.info(f"delete_user_file_impl - Completed id={user_file_id}")
+            task_logger.info(
+                f"process_single_user_file_delete - Completed id={user_file_id}"
+            )
     except Exception as e:
         task_logger.exception(
-            f"delete_user_file_impl - Error processing file id={user_file_id} - {e.__class__.__name__}"
+            f"process_single_user_file_delete - Error processing file id={user_file_id} - {e.__class__.__name__}"
         )
+        return None
     finally:
-        if file_lock is not None and file_lock.owned():
+        if file_lock.owned():
             file_lock.release()
-
-
-@shared_task(
-    name=OnyxCeleryTask.DELETE_SINGLE_USER_FILE,
-    bind=True,
-    ignore_result=True,
-)
-def process_single_user_file_delete(
-    self: Task, *, user_file_id: str, tenant_id: str  # noqa: ARG001
-) -> None:
-    delete_user_file_impl(
-        user_file_id=user_file_id, tenant_id=tenant_id, redis_locking=True
-    )
+    return None
 
 
 @shared_task(
@@ -762,30 +747,32 @@ def check_for_user_file_project_sync(self: Task, *, tenant_id: str) -> None:
     return None
 
 
-def project_sync_user_file_impl(
-    *, user_file_id: str, tenant_id: str, redis_locking: bool
+@shared_task(
+    name=OnyxCeleryTask.PROCESS_SINGLE_USER_FILE_PROJECT_SYNC,
+    bind=True,
+    ignore_result=True,
+)
+def process_single_user_file_project_sync(
+    self: Task, *, user_file_id: str, tenant_id: str  # noqa: ARG001
 ) -> None:
-    """Core implementation for syncing a user file's project/persona metadata.
+    """Process a single user file project sync."""
+    task_logger.info(
+        f"process_single_user_file_project_sync - Starting id={user_file_id}"
+    )
 
-    When redis_locking=True, acquires a per-file Redis lock and clears the
-    queued-key guard (Celery path).  When redis_locking=False, skips Redis
-    operations (BackgroundTask path).
-    """
-    task_logger.info(f"project_sync_user_file_impl - Starting id={user_file_id}")
+    redis_client = get_redis_client(tenant_id=tenant_id)
+    redis_client.delete(_user_file_project_sync_queued_key(user_file_id))
 
-    file_lock: RedisLock | None = None
-    if redis_locking:
-        redis_client = get_redis_client(tenant_id=tenant_id)
-        redis_client.delete(_user_file_project_sync_queued_key(user_file_id))
-        file_lock = redis_client.lock(
-            user_file_project_sync_lock_key(user_file_id),
-            timeout=CELERY_USER_FILE_PROJECT_SYNC_LOCK_TIMEOUT,
+    file_lock: RedisLock = redis_client.lock(
+        user_file_project_sync_lock_key(user_file_id),
+        timeout=CELERY_USER_FILE_PROJECT_SYNC_LOCK_TIMEOUT,
+    )
+
+    if not file_lock.acquire(blocking=False):
+        task_logger.info(
+            f"process_single_user_file_project_sync - Lock held, skipping user_file_id={user_file_id}"
         )
-        if file_lock is not None and not file_lock.acquire(blocking=False):
-            task_logger.info(
-                f"project_sync_user_file_impl - Lock held, skipping user_file_id={user_file_id}"
-            )
-            return
+        return None
 
     try:
         with get_session_with_current_tenant() as db_session:
@@ -796,10 +783,11 @@ def project_sync_user_file_impl(
             ).scalar_one_or_none()
             if not user_file:
                 task_logger.info(
-                    f"project_sync_user_file_impl - User file not found id={user_file_id}"
+                    f"process_single_user_file_project_sync - User file not found id={user_file_id}"
                 )
-                return
+                return None
 
+            # Sync project metadata to vector DB (skip when disabled)
             if not DISABLE_VECTOR_DB:
                 if MANAGED_VESPA:
                     httpx_init_vespa_pool(
@@ -834,7 +822,7 @@ def project_sync_user_file_impl(
                     )
 
             task_logger.info(
-                f"project_sync_user_file_impl - User file id={user_file_id}"
+                f"process_single_user_file_project_sync - User file id={user_file_id}"
             )
 
             user_file.needs_project_sync = False
@@ -847,21 +835,11 @@ def project_sync_user_file_impl(
 
     except Exception as e:
         task_logger.exception(
-            f"project_sync_user_file_impl - Error syncing project for file id={user_file_id} - {e.__class__.__name__}"
+            f"process_single_user_file_project_sync - Error syncing project for file id={user_file_id} - {e.__class__.__name__}"
         )
+        return None
     finally:
-        if file_lock is not None and file_lock.owned():
+        if file_lock.owned():
             file_lock.release()
 
-
-@shared_task(
-    name=OnyxCeleryTask.PROCESS_SINGLE_USER_FILE_PROJECT_SYNC,
-    bind=True,
-    ignore_result=True,
-)
-def process_single_user_file_project_sync(
-    self: Task, *, user_file_id: str, tenant_id: str  # noqa: ARG001
-) -> None:
-    project_sync_user_file_impl(
-        user_file_id=user_file_id, tenant_id=tenant_id, redis_locking=True
-    )
+    return None

backend/onyx/background/periodic_poller.py

@@ -1,287 +0,0 @@
-"""Periodic poller for NO_VECTOR_DB deployments.
-
-Replaces Celery Beat and background workers with a lightweight daemon thread
-that runs from the API server process.  Two responsibilities:
-
-1. Recovery polling (every 30 s): re-processes user files stuck in
-   PROCESSING / DELETING / needs_sync states via the drain loops defined
-   in ``task_utils.py``.
-
-2. Periodic task execution (configurable intervals): runs LLM model updates
-   and scheduled evals at their configured cadences, with Postgres advisory
-   lock deduplication across multiple API server instances.
-"""
-
-import threading
-import time
-from collections.abc import Callable
-from dataclasses import dataclass
-from dataclasses import field
-
-from onyx.utils.logger import setup_logger
-
-logger = setup_logger()
-
-RECOVERY_INTERVAL_SECONDS = 30
-PERIODIC_TASK_LOCK_BASE = 20_000
-PERIODIC_TASK_KV_PREFIX = "periodic_poller:last_claimed:"
-
-
-# ------------------------------------------------------------------
-# Periodic task definitions
-# ------------------------------------------------------------------
-
-
-_NEVER_RAN: float = -1e18
-
-
-@dataclass
-class _PeriodicTaskDef:
-    name: str
-    interval_seconds: float
-    lock_id: int
-    run_fn: Callable[[], None]
-    last_run_at: float = field(default=_NEVER_RAN)
-
-
-def _run_auto_llm_update() -> None:
-    from onyx.configs.app_configs import AUTO_LLM_CONFIG_URL
-
-    if not AUTO_LLM_CONFIG_URL:
-        return
-
-    from onyx.db.engine.sql_engine import get_session_with_current_tenant
-    from onyx.llm.well_known_providers.auto_update_service import (
-        sync_llm_models_from_github,
-    )
-
-    with get_session_with_current_tenant() as db_session:
-        sync_llm_models_from_github(db_session)
-
-
-def _run_scheduled_eval() -> None:
-    from onyx.configs.app_configs import BRAINTRUST_API_KEY
-    from onyx.configs.app_configs import SCHEDULED_EVAL_DATASET_NAMES
-    from onyx.configs.app_configs import SCHEDULED_EVAL_PERMISSIONS_EMAIL
-    from onyx.configs.app_configs import SCHEDULED_EVAL_PROJECT
-
-    if not all(
-        [
-            BRAINTRUST_API_KEY,
-            SCHEDULED_EVAL_PROJECT,
-            SCHEDULED_EVAL_DATASET_NAMES,
-            SCHEDULED_EVAL_PERMISSIONS_EMAIL,
-        ]
-    ):
-        return
-
-    from datetime import datetime
-    from datetime import timezone
-
-    from onyx.evals.eval import run_eval
-    from onyx.evals.models import EvalConfigurationOptions
-
-    run_timestamp = datetime.now(timezone.utc).strftime("%Y-%m-%d")
-    for dataset_name in SCHEDULED_EVAL_DATASET_NAMES:
-        try:
-            run_eval(
-                configuration=EvalConfigurationOptions(
-                    search_permissions_email=SCHEDULED_EVAL_PERMISSIONS_EMAIL,
-                    dataset_name=dataset_name,
-                    no_send_logs=False,
-                    braintrust_project=SCHEDULED_EVAL_PROJECT,
-                    experiment_name=f"{dataset_name} - {run_timestamp}",
-                ),
-                remote_dataset_name=dataset_name,
-            )
-        except Exception:
-            logger.exception(
-                f"Periodic poller - Failed scheduled eval for dataset {dataset_name}"
-            )
-
-
-def _build_periodic_tasks() -> list[_PeriodicTaskDef]:
-    from onyx.configs.app_configs import AUTO_LLM_CONFIG_URL
-    from onyx.configs.app_configs import AUTO_LLM_UPDATE_INTERVAL_SECONDS
-    from onyx.configs.app_configs import SCHEDULED_EVAL_DATASET_NAMES
-
-    tasks: list[_PeriodicTaskDef] = []
-    if AUTO_LLM_CONFIG_URL:
-        tasks.append(
-            _PeriodicTaskDef(
-                name="auto-llm-update",
-                interval_seconds=AUTO_LLM_UPDATE_INTERVAL_SECONDS,
-                lock_id=PERIODIC_TASK_LOCK_BASE,
-                run_fn=_run_auto_llm_update,
-            )
-        )
-    if SCHEDULED_EVAL_DATASET_NAMES:
-        tasks.append(
-            _PeriodicTaskDef(
-                name="scheduled-eval",
-                interval_seconds=7 * 24 * 3600,
-                lock_id=PERIODIC_TASK_LOCK_BASE + 1,
-                run_fn=_run_scheduled_eval,
-            )
-        )
-    return tasks
-
-
-# ------------------------------------------------------------------
-# Periodic task runner with advisory-lock-guarded claim
-# ------------------------------------------------------------------
-
-
-def _try_claim_task(task_def: _PeriodicTaskDef) -> bool:
-    """Atomically check whether *task_def* should run and record a claim.
-
-    Uses a transaction-scoped advisory lock for atomicity combined with a
-    ``KVStore`` timestamp for cross-instance dedup.  The DB session is held
-    only for this brief claim transaction, not during task execution.
-    """
-    from datetime import datetime
-    from datetime import timezone
-
-    from sqlalchemy import text
-
-    from onyx.db.engine.sql_engine import get_session_with_current_tenant
-    from onyx.db.models import KVStore
-
-    kv_key = PERIODIC_TASK_KV_PREFIX + task_def.name
-
-    with get_session_with_current_tenant() as db_session:
-        acquired = db_session.execute(
-            text("SELECT pg_try_advisory_xact_lock(:id)"),
-            {"id": task_def.lock_id},
-        ).scalar()
-        if not acquired:
-            return False
-
-        row = db_session.query(KVStore).filter_by(key=kv_key).first()
-        if row and row.value is not None:
-            last_claimed = datetime.fromisoformat(str(row.value))
-            elapsed = (datetime.now(timezone.utc) - last_claimed).total_seconds()
-            if elapsed < task_def.interval_seconds:
-                return False
-
-        now_ts = datetime.now(timezone.utc).isoformat()
-        if row:
-            row.value = now_ts
-        else:
-            db_session.add(KVStore(key=kv_key, value=now_ts))
-        db_session.commit()
-
-    return True
-
-
-def _try_run_periodic_task(task_def: _PeriodicTaskDef) -> None:
-    """Run *task_def* if its interval has elapsed and no peer holds the lock."""
-    now = time.monotonic()
-    if now - task_def.last_run_at < task_def.interval_seconds:
-        return
-
-    if not _try_claim_task(task_def):
-        return
-
-    try:
-        task_def.run_fn()
-        task_def.last_run_at = now
-    except Exception:
-        logger.exception(
-            f"Periodic poller - Error running periodic task {task_def.name}"
-        )
-
-
-# ------------------------------------------------------------------
-# Recovery / drain loop runner
-# ------------------------------------------------------------------
-
-
-def _run_drain_loops(tenant_id: str) -> None:
-    from onyx.background.task_utils import drain_delete_loop
-    from onyx.background.task_utils import drain_processing_loop
-    from onyx.background.task_utils import drain_project_sync_loop
-
-    drain_processing_loop(tenant_id)
-    drain_delete_loop(tenant_id)
-    drain_project_sync_loop(tenant_id)
-
-
-# ------------------------------------------------------------------
-# Startup recovery (10g)
-# ------------------------------------------------------------------
-
-
-def recover_stuck_user_files(tenant_id: str) -> None:
-    """Run all drain loops once to re-process files left in intermediate states.
-
-    Called from ``lifespan()`` on startup when ``DISABLE_VECTOR_DB`` is set.
-    """
-    logger.info("recover_stuck_user_files - Checking for stuck user files")
-    try:
-        _run_drain_loops(tenant_id)
-    except Exception:
-        logger.exception("recover_stuck_user_files - Error during recovery")
-
-
-# ------------------------------------------------------------------
-# Daemon thread (10f)
-# ------------------------------------------------------------------
-
-_shutdown_event = threading.Event()
-_poller_thread: threading.Thread | None = None
-
-
-def _poller_loop(tenant_id: str) -> None:
-    from shared_configs.contextvars import CURRENT_TENANT_ID_CONTEXTVAR
-
-    CURRENT_TENANT_ID_CONTEXTVAR.set(tenant_id)
-
-    periodic_tasks = _build_periodic_tasks()
-    logger.info(
-        f"Periodic poller started with {len(periodic_tasks)} periodic task(s): "
-        f"{[t.name for t in periodic_tasks]}"
-    )
-
-    while not _shutdown_event.is_set():
-        try:
-            _run_drain_loops(tenant_id)
-        except Exception:
-            logger.exception("Periodic poller - Error in recovery polling")
-
-        for task_def in periodic_tasks:
-            try:
-                _try_run_periodic_task(task_def)
-            except Exception:
-                logger.exception(
-                    f"Periodic poller - Unhandled error checking task {task_def.name}"
-                )
-
-        _shutdown_event.wait(RECOVERY_INTERVAL_SECONDS)
-
-
-def start_periodic_poller(tenant_id: str) -> None:
-    """Start the periodic poller daemon thread."""
-    global _poller_thread  # noqa: PLW0603
-    _shutdown_event.clear()
-    _poller_thread = threading.Thread(
-        target=_poller_loop,
-        args=(tenant_id,),
-        daemon=True,
-        name="no-vectordb-periodic-poller",
-    )
-    _poller_thread.start()
-    logger.info("Periodic poller thread started")
-
-
-def stop_periodic_poller() -> None:
-    """Signal the periodic poller to stop and wait for it to exit."""
-    global _poller_thread  # noqa: PLW0603
-    if _poller_thread is None:
-        return
-    _shutdown_event.set()
-    _poller_thread.join(timeout=10)
-    if _poller_thread.is_alive():
-        logger.warning("Periodic poller thread did not stop within timeout")
-    _poller_thread = None
-    logger.info("Periodic poller thread stopped")

backend/onyx/background/task_utils.py

@@ -1,33 +1,3 @@
-"""Background task utilities.
-
-Contains query-history report helpers (used by all deployment modes) and
-in-process background task execution helpers for NO_VECTOR_DB mode:
-
-- Atomic claim-and-mark helpers that prevent duplicate processing
-- Drain loops that process all pending user file work
-
-Each claim function runs a short-lived transaction: SELECT ... FOR UPDATE
-SKIP LOCKED, UPDATE the row to remove it from future queries, COMMIT.
-After the commit the row lock is released, but the row is no longer
-eligible for re-claiming.  No long-lived sessions or advisory locks.
-"""
-
-from uuid import UUID
-
-import sqlalchemy as sa
-from sqlalchemy import select
-from sqlalchemy.orm import Session
-
-from onyx.db.enums import UserFileStatus
-from onyx.db.models import UserFile
-from onyx.utils.logger import setup_logger
-
-logger = setup_logger()
-
-# ------------------------------------------------------------------
-# Query-history report helpers (pre-existing, used by all modes)
-# ------------------------------------------------------------------
-
 QUERY_REPORT_NAME_PREFIX = "query-history"
 
 
@@ -39,142 +9,3 @@ def construct_query_history_report_name(
 
 def extract_task_id_from_query_history_report_name(name: str) -> str:
     return name.removeprefix(f"{QUERY_REPORT_NAME_PREFIX}-").removesuffix(".csv")
-
-
-# ------------------------------------------------------------------
-# Atomic claim-and-mark helpers
-# ------------------------------------------------------------------
-# Each function runs inside a single short-lived session/transaction:
-#   1. SELECT ... FOR UPDATE SKIP LOCKED  (locks one eligible row)
-#   2. UPDATE the row so it is no longer eligible
-#   3. COMMIT  (releases the row lock)
-# After the commit, no other drain loop can claim the same row.
-
-
-def _claim_next_processing_file(db_session: Session) -> UUID | None:
-    """Claim the next PROCESSING file by transitioning it to INDEXING.
-
-    Returns the file id, or None when no eligible files remain.
-    """
-    file_id = db_session.execute(
-        select(UserFile.id)
-        .where(UserFile.status == UserFileStatus.PROCESSING)
-        .order_by(UserFile.created_at)
-        .limit(1)
-        .with_for_update(skip_locked=True)
-    ).scalar_one_or_none()
-    if file_id is None:
-        return None
-
-    db_session.execute(
-        sa.update(UserFile)
-        .where(UserFile.id == file_id)
-        .values(status=UserFileStatus.INDEXING)
-    )
-    db_session.commit()
-    return file_id
-
-
-def _claim_next_deleting_file(db_session: Session) -> UUID | None:
-    """Claim the next DELETING file.
-
-    No status transition needed — the impl deletes the row on success.
-    The short-lived FOR UPDATE lock prevents concurrent claims.
-    """
-    file_id = db_session.execute(
-        select(UserFile.id)
-        .where(UserFile.status == UserFileStatus.DELETING)
-        .order_by(UserFile.created_at)
-        .limit(1)
-        .with_for_update(skip_locked=True)
-    ).scalar_one_or_none()
-    # Commit to release the row lock promptly.
-    db_session.commit()
-    return file_id
-
-
-def _claim_next_sync_file(db_session: Session) -> UUID | None:
-    """Claim the next file needing project/persona sync.
-
-    No status transition needed — the impl clears the sync flags on
-    success.  The short-lived FOR UPDATE lock prevents concurrent claims.
-    """
-    file_id = db_session.execute(
-        select(UserFile.id)
-        .where(
-            sa.and_(
-                sa.or_(
-                    UserFile.needs_project_sync.is_(True),
-                    UserFile.needs_persona_sync.is_(True),
-                ),
-                UserFile.status == UserFileStatus.COMPLETED,
-            )
-        )
-        .order_by(UserFile.created_at)
-        .limit(1)
-        .with_for_update(skip_locked=True)
-    ).scalar_one_or_none()
-    db_session.commit()
-    return file_id
-
-
-# ------------------------------------------------------------------
-# Drain loops — process *all* pending work of each type
-# ------------------------------------------------------------------
-
-
-def drain_processing_loop(tenant_id: str) -> None:
-    """Process all pending PROCESSING user files."""
-    from onyx.background.celery.tasks.user_file_processing.tasks import (
-        process_user_file_impl,
-    )
-    from onyx.db.engine.sql_engine import get_session_with_current_tenant
-
-    while True:
-        with get_session_with_current_tenant() as session:
-            file_id = _claim_next_processing_file(session)
-        if file_id is None:
-            break
-        process_user_file_impl(
-            user_file_id=str(file_id),
-            tenant_id=tenant_id,
-            redis_locking=False,
-        )
-
-
-def drain_delete_loop(tenant_id: str) -> None:
-    """Delete all pending DELETING user files."""
-    from onyx.background.celery.tasks.user_file_processing.tasks import (
-        delete_user_file_impl,
-    )
-    from onyx.db.engine.sql_engine import get_session_with_current_tenant
-
-    while True:
-        with get_session_with_current_tenant() as session:
-            file_id = _claim_next_deleting_file(session)
-        if file_id is None:
-            break
-        delete_user_file_impl(
-            user_file_id=str(file_id),
-            tenant_id=tenant_id,
-            redis_locking=False,
-        )
-
-
-def drain_project_sync_loop(tenant_id: str) -> None:
-    """Sync all pending project/persona metadata for user files."""
-    from onyx.background.celery.tasks.user_file_processing.tasks import (
-        project_sync_user_file_impl,
-    )
-    from onyx.db.engine.sql_engine import get_session_with_current_tenant
-
-    while True:
-        with get_session_with_current_tenant() as session:
-            file_id = _claim_next_sync_file(session)
-        if file_id is None:
-            break
-        project_sync_user_file_impl(
-            user_file_id=str(file_id),
-            tenant_id=tenant_id,
-            redis_locking=False,
-        )

backend/onyx/cache/factory.py

@@ -1,45 +0,0 @@
-from collections.abc import Callable
-
-from onyx.cache.interface import CacheBackend
-from onyx.cache.interface import CacheBackendType
-from onyx.configs.app_configs import CACHE_BACKEND
-
-
-def _build_redis_backend(tenant_id: str) -> CacheBackend:
-    from onyx.cache.redis_backend import RedisCacheBackend
-    from onyx.redis.redis_pool import redis_pool
-
-    return RedisCacheBackend(redis_pool.get_client(tenant_id))
-
-
-_BACKEND_BUILDERS: dict[CacheBackendType, Callable[[str], CacheBackend]] = {
-    CacheBackendType.REDIS: _build_redis_backend,
-    # CacheBackendType.POSTGRES will be added in a follow-up PR.
-}
-
-
-def get_cache_backend(*, tenant_id: str | None = None) -> CacheBackend:
-    """Return a tenant-aware ``CacheBackend``.
-
-    If *tenant_id* is ``None``, the current tenant is read from the
-    thread-local context variable (same behaviour as ``get_redis_client``).
-    """
-    if tenant_id is None:
-        from shared_configs.contextvars import get_current_tenant_id
-
-        tenant_id = get_current_tenant_id()
-
-    builder = _BACKEND_BUILDERS.get(CACHE_BACKEND)
-    if builder is None:
-        raise ValueError(
-            f"Unsupported CACHE_BACKEND={CACHE_BACKEND!r}. "
-            f"Supported values: {[t.value for t in CacheBackendType]}"
-        )
-    return builder(tenant_id)
-
-
-def get_shared_cache_backend() -> CacheBackend:
-    """Return a ``CacheBackend`` in the shared (cross-tenant) namespace."""
-    from shared_configs.configs import DEFAULT_REDIS_PREFIX
-
-    return get_cache_backend(tenant_id=DEFAULT_REDIS_PREFIX)

backend/onyx/cache/interface.py

@@ -1,89 +0,0 @@
-import abc
-from enum import Enum
-
-
-class CacheBackendType(str, Enum):
-    REDIS = "redis"
-    POSTGRES = "postgres"
-
-
-class CacheLock(abc.ABC):
-    """Abstract distributed lock returned by CacheBackend.lock()."""
-
-    @abc.abstractmethod
-    def acquire(
-        self,
-        blocking: bool = True,
-        blocking_timeout: float | None = None,
-    ) -> bool:
-        raise NotImplementedError
-
-    @abc.abstractmethod
-    def release(self) -> None:
-        raise NotImplementedError
-
-    @abc.abstractmethod
-    def owned(self) -> bool:
-        raise NotImplementedError
-
-
-class CacheBackend(abc.ABC):
-    """Thin abstraction over a key-value cache with TTL, locks, and blocking lists.
-
-    Covers the subset of Redis operations used outside of Celery. When
-    CACHE_BACKEND=postgres, a PostgreSQL-backed implementation is used instead.
-    """
-
-    # -- basic key/value ---------------------------------------------------
-
-    @abc.abstractmethod
-    def get(self, key: str) -> bytes | None:
-        raise NotImplementedError
-
-    @abc.abstractmethod
-    def set(
-        self,
-        key: str,
-        value: str | bytes | int | float,
-        ex: int | None = None,
-    ) -> None:
-        raise NotImplementedError
-
-    @abc.abstractmethod
-    def delete(self, key: str) -> None:
-        raise NotImplementedError
-
-    @abc.abstractmethod
-    def exists(self, key: str) -> bool:
-        raise NotImplementedError
-
-    # -- TTL ---------------------------------------------------------------
-
-    @abc.abstractmethod
-    def expire(self, key: str, seconds: int) -> None:
-        raise NotImplementedError
-
-    @abc.abstractmethod
-    def ttl(self, key: str) -> int:
-        """Return remaining TTL in seconds. -1 if no expiry, -2 if key missing."""
-        raise NotImplementedError
-
-    # -- distributed lock --------------------------------------------------
-
-    @abc.abstractmethod
-    def lock(self, name: str, timeout: float | None = None) -> CacheLock:
-        raise NotImplementedError
-
-    # -- blocking list (used by MCP OAuth BLPOP pattern) -------------------
-
-    @abc.abstractmethod
-    def rpush(self, key: str, value: str | bytes) -> None:
-        raise NotImplementedError
-
-    @abc.abstractmethod
-    def blpop(self, keys: list[str], timeout: int = 0) -> tuple[bytes, bytes] | None:
-        """Block until a value is available on one of *keys*, or *timeout* expires.
-
-        Returns ``(key, value)`` or ``None`` on timeout.
-        """
-        raise NotImplementedError

backend/onyx/cache/redis_backend.py

@@ -1,92 +0,0 @@
-from typing import cast
-
-from redis.client import Redis
-from redis.lock import Lock as RedisLock
-
-from onyx.cache.interface import CacheBackend
-from onyx.cache.interface import CacheLock
-
-
-class RedisCacheLock(CacheLock):
-    """Wraps ``redis.lock.Lock`` behind the ``CacheLock`` interface."""
-
-    def __init__(self, lock: RedisLock) -> None:
-        self._lock = lock
-
-    def acquire(
-        self,
-        blocking: bool = True,
-        blocking_timeout: float | None = None,
-    ) -> bool:
-        return bool(
-            self._lock.acquire(
-                blocking=blocking,
-                blocking_timeout=blocking_timeout,
-            )
-        )
-
-    def release(self) -> None:
-        self._lock.release()
-
-    def owned(self) -> bool:
-        return bool(self._lock.owned())
-
-
-class RedisCacheBackend(CacheBackend):
-    """``CacheBackend`` implementation that delegates to a ``redis.Redis`` client.
-
-    This is a thin pass-through — every method maps 1-to-1 to the underlying
-    Redis command.  ``TenantRedis`` key-prefixing is handled by the client
-    itself (provided by ``get_redis_client``).
-    """
-
-    def __init__(self, redis_client: Redis) -> None:
-        self._r = redis_client
-
-    # -- basic key/value ---------------------------------------------------
-
-    def get(self, key: str) -> bytes | None:
-        val = self._r.get(key)
-        if val is None:
-            return None
-        if isinstance(val, bytes):
-            return val
-        return str(val).encode()
-
-    def set(
-        self,
-        key: str,
-        value: str | bytes | int | float,
-        ex: int | None = None,
-    ) -> None:
-        self._r.set(key, value, ex=ex)
-
-    def delete(self, key: str) -> None:
-        self._r.delete(key)
-
-    def exists(self, key: str) -> bool:
-        return bool(self._r.exists(key))
-
-    # -- TTL ---------------------------------------------------------------
-
-    def expire(self, key: str, seconds: int) -> None:
-        self._r.expire(key, seconds)
-
-    def ttl(self, key: str) -> int:
-        return cast(int, self._r.ttl(key))
-
-    # -- distributed lock --------------------------------------------------
-
-    def lock(self, name: str, timeout: float | None = None) -> CacheLock:
-        return RedisCacheLock(self._r.lock(name, timeout=timeout))
-
-    # -- blocking list (MCP OAuth BLPOP pattern) ---------------------------
-
-    def rpush(self, key: str, value: str | bytes) -> None:
-        self._r.rpush(key, value)
-
-    def blpop(self, keys: list[str], timeout: int = 0) -> tuple[bytes, bytes] | None:
-        result = cast(list[bytes] | None, self._r.blpop(keys, timeout=timeout))
-        if result is None:
-            return None
-        return (result[0], result[1])

backend/onyx/chat/llm_loop.py

@@ -1,7 +1,6 @@
 import json
 import time
 from collections.abc import Callable
-from typing import Any
 from typing import Literal
 
 from sqlalchemy.orm import Session
@@ -531,13 +530,11 @@ def _create_file_tool_metadata_message(
     """
     lines = [
         "You have access to the following files. Use the read_file tool to "
-        "read sections of any file. You MUST pass the file_id UUID (not the "
-        "filename) to read_file:"
+        "read sections of any file:"
     ]
     for meta in file_metadata:
         lines.append(
-            f'- file_id="{meta.file_id}" filename="{meta.filename}" '
-            f"(~{meta.approx_char_count:,} chars)"
+            f'- {meta.file_id}: "{meta.filename}" (~{meta.approx_char_count:,} chars)'
         )
 
     message_content = "\n".join(lines)
@@ -561,16 +558,12 @@ def _create_context_files_message(
     # Format as documents JSON as described in README
     documents_list = []
     for idx, file_text in enumerate(context_files.file_texts, start=1):
-        title = (
-            context_files.file_metadata[idx - 1].filename
-            if idx - 1 < len(context_files.file_metadata)
-            else None
+        documents_list.append(
+            {
+                "document": idx,
+                "contents": file_text,
+            }
         )
-        entry: dict[str, Any] = {"document": idx}
-        if title:
-            entry["title"] = title
-        entry["contents"] = file_text
-        documents_list.append(entry)
 
     documents_json = json.dumps({"documents": documents_list}, indent=2)
     message_content = f"Here are some documents provided for context, they may not all be relevant:\n{documents_json}"

backend/onyx/configs/app_configs.py

@@ -6,7 +6,6 @@ from datetime import timezone
 from typing import cast
 
 from onyx.auth.schemas import AuthBackend
-from onyx.cache.interface import CacheBackendType
 from onyx.configs.constants import AuthType
 from onyx.configs.constants import QueryHistoryType
 from onyx.file_processing.enums import HtmlBasedConnectorTransformLinksStrategy
@@ -55,12 +54,6 @@ DISABLE_USER_KNOWLEDGE = os.environ.get("DISABLE_USER_KNOWLEDGE", "").lower() ==
 # are disabled but core chat, tools, user file uploads, and Projects still work.
 DISABLE_VECTOR_DB = os.environ.get("DISABLE_VECTOR_DB", "").lower() == "true"
 
-# Which backend to use for caching, locks, and ephemeral state.
-# "redis" (default) or "postgres" (only valid when DISABLE_VECTOR_DB=true).
-CACHE_BACKEND = CacheBackendType(
-    os.environ.get("CACHE_BACKEND", CacheBackendType.REDIS)
-)
-
 # Maximum token count for a single uploaded file. Files exceeding this are rejected.
 # Defaults to 100k tokens (or 10M when vector DB is disabled).
 _DEFAULT_FILE_TOKEN_LIMIT = 10_000_000 if DISABLE_VECTOR_DB else 100_000

backend/onyx/db/chat.py

@@ -98,7 +98,6 @@ def get_chat_sessions_by_user(
     db_session: Session,
     include_onyxbot_flows: bool = False,
     limit: int = 50,
-    before: datetime | None = None,
     project_id: int | None = None,
     only_non_project_chats: bool = False,
     include_failed_chats: bool = False,
@@ -113,9 +112,6 @@ def get_chat_sessions_by_user(
     if deleted is not None:
         stmt = stmt.where(ChatSession.deleted == deleted)
 
-    if before is not None:
-        stmt = stmt.where(ChatSession.time_updated < before)
-
     if limit:
         stmt = stmt.limit(limit)
 

backend/onyx/db/enums.py

@@ -186,7 +186,6 @@ class EmbeddingPrecision(str, PyEnum):
 
 class UserFileStatus(str, PyEnum):
     PROCESSING = "PROCESSING"
-    INDEXING = "INDEXING"
     COMPLETED = "COMPLETED"
     FAILED = "FAILED"
     CANCELED = "CANCELED"

backend/onyx/db/llm.py

@@ -109,38 +109,45 @@ def can_user_access_llm_provider(
         is_admin: If True, bypass user group restrictions but still respect persona restrictions
 
     Access logic:
-    - is_public controls USER access (group bypass): when True, all users can access
-      regardless of group membership. When False, user must be in a whitelisted group
-      (or be admin).
-    - Persona restrictions are ALWAYS enforced when set, regardless of is_public.
-      This allows admins to make a provider available to all users while still
-      restricting which personas (assistants) can use it.
-
-    Decision matrix:
-    1. is_public=True, no personas set → everyone has access
-    2. is_public=True, personas set → all users, but only whitelisted personas
-    3. is_public=False, groups+personas set → must satisfy BOTH (admins bypass groups)
-    4. is_public=False, only groups set → must be in group (admins bypass)
-    5. is_public=False, only personas set → must use whitelisted persona
-    6. is_public=False, neither set → admin-only (locked)
+    1. If is_public=True → everyone has access (public override)
+    2. If is_public=False:
+       - Both groups AND personas set → must satisfy BOTH (AND logic, admins bypass group check)
+       - Only groups set → must be in one of the groups (OR across groups, admins bypass)
+       - Only personas set → must use one of the personas (OR across personas, applies to admins)
+       - Neither set → NOBODY has access unless admin (locked, admin-only)
     """
-    provider_group_ids = {g.id for g in (provider.groups or [])}
-    provider_persona_ids = {p.id for p in (provider.personas or [])}
-    has_groups = bool(provider_group_ids)
-    has_personas = bool(provider_persona_ids)
-
-    # Persona restrictions are always enforced when set, regardless of is_public
-    if has_personas and not (persona and persona.id in provider_persona_ids):
-        return False
-
+    # Public override - everyone has access
     if provider.is_public:
         return True
 
+    # Extract IDs once to avoid multiple iterations
+    provider_group_ids = (
+        {group.id for group in provider.groups} if provider.groups else set()
+    )
+    provider_persona_ids = (
+        {p.id for p in provider.personas} if provider.personas else set()
+    )
+
+    has_groups = bool(provider_group_ids)
+    has_personas = bool(provider_persona_ids)
+
+    # Both groups AND personas set → AND logic (must satisfy both)
+    if has_groups and has_personas:
+        # Admins bypass group check but still must satisfy persona restrictions
+        user_in_group = is_admin or bool(user_group_ids & provider_group_ids)
+        persona_allowed = persona.id in provider_persona_ids if persona else False
+        return user_in_group and persona_allowed
+
+    # Only groups set → user must be in one of the groups (admins bypass)
     if has_groups:
         return is_admin or bool(user_group_ids & provider_group_ids)
 
-    # No groups: either persona-whitelisted (already passed) or admin-only if locked
-    return has_personas or is_admin
+    # Only personas set → persona must be in allowed list (applies to admins too)
+    if has_personas:
+        return persona.id in provider_persona_ids if persona else False
+
+    # Neither groups nor personas set, and not public → admins can access
+    return is_admin
 
 
 def validate_persona_ids_exist(

backend/onyx/db/models.py

@@ -103,6 +103,7 @@ from onyx.utils.encryption import encrypt_string_to_bytes
 from onyx.utils.sensitive import SensitiveValue
 from onyx.utils.headers import HeaderItemDict
 from shared_configs.enums import EmbeddingProvider
+from onyx.context.search.enums import RecencyBiasSetting
 
 # TODO: After anonymous user migration has been deployed, make user_id columns NOT NULL
 # and update Mapped[User | None] relationships to Mapped[User] where needed.
@@ -2822,8 +2823,17 @@ class LLMProvider(Base):
         postgresql.JSONB(), nullable=True
     )
 
+    # Deprecated: use LLMModelFlow with CHAT flow type instead
+    default_model_name: Mapped[str | None] = mapped_column(String, nullable=True)
+
     deployment_name: Mapped[str | None] = mapped_column(String, nullable=True)
 
+    # Deprecated: use LLMModelFlow.is_default with CHAT flow type instead
+    is_default_provider: Mapped[bool | None] = mapped_column(Boolean, nullable=True)
+    # Deprecated: use LLMModelFlow.is_default with VISION flow type instead
+    is_default_vision_provider: Mapped[bool | None] = mapped_column(Boolean)
+    # Deprecated: use LLMModelFlow with VISION flow type instead
+    default_vision_model: Mapped[str | None] = mapped_column(String, nullable=True)
     # EE only
     is_public: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True)
     # Auto mode: models, visibility, and defaults are managed by GitHub config
@@ -3255,6 +3265,19 @@ class Persona(Base):
     )
     name: Mapped[str] = mapped_column(String)
     description: Mapped[str] = mapped_column(String)
+    # Number of chunks to pass to the LLM for generation.
+    num_chunks: Mapped[float | None] = mapped_column(Float, nullable=True)
+    chunks_above: Mapped[int] = mapped_column(Integer)
+    chunks_below: Mapped[int] = mapped_column(Integer)
+    # Pass every chunk through LLM for evaluation, fairly expensive
+    # Can be turned off globally by admin, in which case, this setting is ignored
+    llm_relevance_filter: Mapped[bool] = mapped_column(Boolean)
+    # Enables using LLM to extract time and source type filters
+    # Can also be admin disabled globally
+    llm_filter_extraction: Mapped[bool] = mapped_column(Boolean)
+    recency_bias: Mapped[RecencyBiasSetting] = mapped_column(
+        Enum(RecencyBiasSetting, native_enum=False)
+    )
 
     # Allows the persona to specify a specific default LLM model
     # NOTE: only is applied on the actual response generation - is not used for things like
@@ -3281,8 +3304,11 @@ class Persona(Base):
     # Treated specially (cannot be user edited etc.)
     builtin_persona: Mapped[bool] = mapped_column(Boolean, default=False)
 
-    # Featured personas are highlighted in the UI
-    featured: Mapped[bool] = mapped_column(Boolean, default=False)
+    # Default personas are personas created by admins and are automatically added
+    # to all users' assistants list.
+    is_default_persona: Mapped[bool] = mapped_column(
+        Boolean, default=False, nullable=False
+    )
     # controls whether the persona is available to be selected by users
     is_visible: Mapped[bool] = mapped_column(Boolean, default=True)
     # controls the ordering of personas in the UI

backend/onyx/db/persona.py

@@ -18,8 +18,11 @@ from sqlalchemy.orm import Session
 from onyx.access.hierarchy_access import get_user_external_group_ids
 from onyx.auth.schemas import UserRole
 from onyx.configs.app_configs import CURATORS_CANNOT_VIEW_OR_EDIT_NON_OWNED_ASSISTANTS
+from onyx.configs.chat_configs import CONTEXT_CHUNKS_ABOVE
+from onyx.configs.chat_configs import CONTEXT_CHUNKS_BELOW
 from onyx.configs.constants import DEFAULT_PERSONA_ID
 from onyx.configs.constants import NotificationType
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.constants import SLACK_BOT_PERSONA_PREFIX
 from onyx.db.document_access import get_accessible_documents_by_ids
 from onyx.db.models import ConnectorCredentialPair
@@ -251,15 +254,13 @@ def create_update_persona(
     # Permission to actually use these is checked later
 
     try:
-        # Featured persona validation
-        if create_persona_request.featured:
-
-            # Curators can edit featured personas, but not make them
-            # TODO this will be reworked soon with RBAC permissions feature
+        # Default persona validation
+        if create_persona_request.is_default_persona:
+            # Curators can edit default personas, but not make them
             if user.role == UserRole.CURATOR or user.role == UserRole.GLOBAL_CURATOR:
                 pass
             elif user.role != UserRole.ADMIN:
-                raise ValueError("Only admins can make a featured persona")
+                raise ValueError("Only admins can make a default persona")
 
         # Convert incoming string UUIDs to UUID objects for DB operations
         converted_user_file_ids = None
@@ -280,6 +281,7 @@ def create_update_persona(
             document_set_ids=create_persona_request.document_set_ids,
             tool_ids=create_persona_request.tool_ids,
             is_public=create_persona_request.is_public,
+            recency_bias=create_persona_request.recency_bias,
             llm_model_provider_override=create_persona_request.llm_model_provider_override,
             llm_model_version_override=create_persona_request.llm_model_version_override,
             starter_messages=create_persona_request.starter_messages,
@@ -293,7 +295,10 @@ def create_update_persona(
             remove_image=create_persona_request.remove_image,
             search_start_date=create_persona_request.search_start_date,
             label_ids=create_persona_request.label_ids,
-            featured=create_persona_request.featured,
+            num_chunks=create_persona_request.num_chunks,
+            llm_relevance_filter=create_persona_request.llm_relevance_filter,
+            llm_filter_extraction=create_persona_request.llm_filter_extraction,
+            is_default_persona=create_persona_request.is_default_persona,
             user_file_ids=converted_user_file_ids,
             commit=False,
             hierarchy_node_ids=create_persona_request.hierarchy_node_ids,
@@ -869,6 +874,10 @@ def upsert_persona(
     user: User | None,
     name: str,
     description: str,
+    num_chunks: float,
+    llm_relevance_filter: bool,
+    llm_filter_extraction: bool,
+    recency_bias: RecencyBiasSetting,
     llm_model_provider_override: str | None,
     llm_model_version_override: str | None,
     starter_messages: list[StarterMessage] | None,
@@ -889,11 +898,13 @@ def upsert_persona(
     remove_image: bool | None = None,
     search_start_date: datetime | None = None,
     builtin_persona: bool = False,
-    featured: bool | None = None,
+    is_default_persona: bool | None = None,
     label_ids: list[int] | None = None,
     user_file_ids: list[UUID] | None = None,
     hierarchy_node_ids: list[int] | None = None,
     document_ids: list[str] | None = None,
+    chunks_above: int = CONTEXT_CHUNKS_ABOVE,
+    chunks_below: int = CONTEXT_CHUNKS_BELOW,
     replace_base_system_prompt: bool = False,
 ) -> Persona:
     """
@@ -1004,6 +1015,12 @@ def upsert_persona(
         # `default` and `built-in` properties can only be set when creating a persona.
         existing_persona.name = name
         existing_persona.description = description
+        existing_persona.num_chunks = num_chunks
+        existing_persona.chunks_above = chunks_above
+        existing_persona.chunks_below = chunks_below
+        existing_persona.llm_relevance_filter = llm_relevance_filter
+        existing_persona.llm_filter_extraction = llm_filter_extraction
+        existing_persona.recency_bias = recency_bias
         existing_persona.llm_model_provider_override = llm_model_provider_override
         existing_persona.llm_model_version_override = llm_model_version_override
         existing_persona.starter_messages = starter_messages
@@ -1017,8 +1034,10 @@ def upsert_persona(
         if label_ids is not None:
             existing_persona.labels.clear()
             existing_persona.labels = labels or []
-        existing_persona.featured = (
-            featured if featured is not None else existing_persona.featured
+        existing_persona.is_default_persona = (
+            is_default_persona
+            if is_default_persona is not None
+            else existing_persona.is_default_persona
         )
         # Update embedded prompt fields if provided
         if system_prompt is not None:
@@ -1071,6 +1090,12 @@ def upsert_persona(
             is_public=is_public,
             name=name,
             description=description,
+            num_chunks=num_chunks,
+            chunks_above=chunks_above,
+            chunks_below=chunks_below,
+            llm_relevance_filter=llm_relevance_filter,
+            llm_filter_extraction=llm_filter_extraction,
+            recency_bias=recency_bias,
             builtin_persona=builtin_persona,
             system_prompt=system_prompt or "",
             task_prompt=task_prompt or "",
@@ -1086,7 +1111,9 @@ def upsert_persona(
             display_priority=display_priority,
             is_visible=is_visible,
             search_start_date=search_start_date,
-            featured=(featured if featured is not None else False),
+            is_default_persona=(
+                is_default_persona if is_default_persona is not None else False
+            ),
             user_files=user_files or [],
             labels=labels or [],
             hierarchy_nodes=hierarchy_nodes or [],
@@ -1131,9 +1158,9 @@ def delete_old_default_personas(
     db_session.commit()
 
 
-def update_persona_featured(
+def update_persona_is_default(
     persona_id: int,
-    featured: bool,
+    is_default: bool,
     db_session: Session,
     user: User,
 ) -> None:
@@ -1141,7 +1168,7 @@ def update_persona_featured(
         db_session=db_session, persona_id=persona_id, user=user, get_editable=True
     )
 
-    persona.featured = featured
+    persona.is_default_persona = is_default
     db_session.commit()
 
 

backend/onyx/db/projects.py

@@ -9,9 +9,8 @@ from pydantic import BaseModel
 from pydantic import ConfigDict
 from sqlalchemy import func
 from sqlalchemy.orm import Session
-from starlette.background import BackgroundTasks
 
-from onyx.configs.app_configs import DISABLE_VECTOR_DB
+from onyx.background.celery.versioned_apps.client import app as client_app
 from onyx.configs.constants import FileOrigin
 from onyx.configs.constants import OnyxCeleryPriority
 from onyx.configs.constants import OnyxCeleryQueues
@@ -106,8 +105,8 @@ def upload_files_to_user_files_with_indexing(
     user: User,
     temp_id_map: dict[str, str] | None,
     db_session: Session,
-    background_tasks: BackgroundTasks | None = None,
 ) -> CategorizedFilesResult:
+    # Validate project ownership if a project_id is provided
     if project_id is not None and user is not None:
         if not check_project_ownership(project_id, user.id, db_session):
             raise HTTPException(status_code=404, detail="Project not found")
@@ -128,27 +127,16 @@ def upload_files_to_user_files_with_indexing(
         logger.warning(
             f"File {rejected_file.filename} rejected for {rejected_file.reason}"
         )
-
-    if DISABLE_VECTOR_DB and background_tasks is not None:
-        from onyx.background.task_utils import drain_processing_loop
-
-        background_tasks.add_task(drain_processing_loop, tenant_id)
-        for user_file in user_files:
-            logger.info(f"Queued in-process processing for user_file_id={user_file.id}")
-    else:
-        from onyx.background.celery.versioned_apps.client import app as client_app
-
-        for user_file in user_files:
-            task = client_app.send_task(
-                OnyxCeleryTask.PROCESS_SINGLE_USER_FILE,
-                kwargs={"user_file_id": user_file.id, "tenant_id": tenant_id},
-                queue=OnyxCeleryQueues.USER_FILE_PROCESSING,
-                priority=OnyxCeleryPriority.HIGH,
-            )
-            logger.info(
-                f"Triggered indexing for user_file_id={user_file.id} "
-                f"with task_id={task.id}"
-            )
+    for user_file in user_files:
+        task = client_app.send_task(
+            OnyxCeleryTask.PROCESS_SINGLE_USER_FILE,
+            kwargs={"user_file_id": user_file.id, "tenant_id": tenant_id},
+            queue=OnyxCeleryQueues.USER_FILE_PROCESSING,
+            priority=OnyxCeleryPriority.HIGH,
+        )
+        logger.info(
+            f"Triggered indexing for user_file_id={user_file.id} with task_id={task.id}"
+        )
 
     return CategorizedFilesResult(
         user_files=user_files,

backend/onyx/db/slack_channel_config.py

@@ -5,6 +5,8 @@ from sqlalchemy import select
 from sqlalchemy.orm import joinedload
 from sqlalchemy.orm import Session
 
+from onyx.configs.chat_configs import MAX_CHUNKS_FED_TO_CHAT
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.constants import DEFAULT_PERSONA_SLACK_CHANNEL_NAME
 from onyx.db.constants import SLACK_BOT_PERSONA_PREFIX
 from onyx.db.models import ChannelConfig
@@ -43,6 +45,8 @@ def create_slack_channel_persona(
     channel_name: str | None,
     document_set_ids: list[int],
     existing_persona_id: int | None = None,
+    num_chunks: float = MAX_CHUNKS_FED_TO_CHAT,
+    enable_auto_filters: bool = False,
 ) -> Persona:
     """NOTE: does not commit changes"""
 
@@ -69,13 +73,17 @@ def create_slack_channel_persona(
         system_prompt="",
         task_prompt="",
         datetime_aware=True,
+        num_chunks=num_chunks,
+        llm_relevance_filter=True,
+        llm_filter_extraction=enable_auto_filters,
+        recency_bias=RecencyBiasSetting.AUTO,
         tool_ids=[search_tool.id],
         document_set_ids=document_set_ids,
         llm_model_provider_override=None,
         llm_model_version_override=None,
         starter_messages=None,
         is_public=True,
-        featured=False,
+        is_default_persona=False,
         db_session=db_session,
         commit=False,
     )

backend/onyx/document_index/opensearch/opensearch_document_index.py

@@ -6,6 +6,7 @@ import httpx
 from opensearchpy import NotFoundError
 
 from onyx.access.models import DocumentAccess
+from onyx.configs.app_configs import USING_AWS_MANAGED_OPENSEARCH
 from onyx.configs.app_configs import VERIFY_CREATE_OPENSEARCH_INDEX_ON_INIT_MT
 from onyx.configs.chat_configs import NUM_RETURNED_HITS
 from onyx.configs.chat_configs import TITLE_CONTENT_RATIO
@@ -562,7 +563,12 @@ class OpenSearchDocumentIndex(DocumentIndex):
         )
 
         if not self._client.index_exists():
-            index_settings = DocumentSchema.get_index_settings_based_on_environment()
+            if USING_AWS_MANAGED_OPENSEARCH:
+                index_settings = (
+                    DocumentSchema.get_index_settings_for_aws_managed_opensearch()
+                )
+            else:
+                index_settings = DocumentSchema.get_index_settings()
             self._client.create_index(
                 mappings=expected_mappings,
                 settings=index_settings,

backend/onyx/document_index/opensearch/schema.py

@@ -12,7 +12,6 @@ from pydantic import model_validator
 from pydantic import SerializerFunctionWrapHandler
 
 from onyx.configs.app_configs import OPENSEARCH_TEXT_ANALYZER
-from onyx.configs.app_configs import USING_AWS_MANAGED_OPENSEARCH
 from onyx.document_index.interfaces_new import TenantState
 from onyx.document_index.opensearch.constants import DEFAULT_MAX_CHUNK_SIZE
 from onyx.document_index.opensearch.constants import EF_CONSTRUCTION
@@ -526,7 +525,7 @@ class DocumentSchema:
         }
 
     @staticmethod
-    def get_index_settings_for_aws_managed_opensearch_st_dev() -> dict[str, Any]:
+    def get_index_settings_for_aws_managed_opensearch() -> dict[str, Any]:
         """
         Settings for AWS-managed OpenSearch.
 
@@ -547,41 +546,3 @@ class DocumentSchema:
                 "knn.algo_param.ef_search": EF_SEARCH,
             }
         }
-
-    @staticmethod
-    def get_index_settings_for_aws_managed_opensearch_mt_cloud() -> dict[str, Any]:
-        """
-        Settings for AWS-managed OpenSearch in multi-tenant cloud.
-
-        324 shards very roughly targets a storage load of ~30Gb per shard, which
-        according to AWS OpenSearch documentation is within a good target range.
-
-        As documented above we need 2 replicas for a total of 3 copies of the
-        data because the cluster is configured with 3-AZ awareness.
-        """
-        return {
-            "index": {
-                "number_of_shards": 324,
-                "number_of_replicas": 2,
-                # Required for vector search.
-                "knn": True,
-                "knn.algo_param.ef_search": EF_SEARCH,
-            }
-        }
-
-    @staticmethod
-    def get_index_settings_based_on_environment() -> dict[str, Any]:
-        """
-        Returns the index settings based on the environment.
-        """
-        if USING_AWS_MANAGED_OPENSEARCH:
-            if MULTI_TENANT:
-                return (
-                    DocumentSchema.get_index_settings_for_aws_managed_opensearch_mt_cloud()
-                )
-            else:
-                return (
-                    DocumentSchema.get_index_settings_for_aws_managed_opensearch_st_dev()
-                )
-        else:
-            return DocumentSchema.get_index_settings()

backend/onyx/main.py

@@ -32,14 +32,11 @@ from onyx.auth.schemas import UserUpdate
 from onyx.auth.users import auth_backend
 from onyx.auth.users import create_onyx_oauth_router
 from onyx.auth.users import fastapi_users
-from onyx.cache.interface import CacheBackendType
 from onyx.configs.app_configs import APP_API_PREFIX
 from onyx.configs.app_configs import APP_HOST
 from onyx.configs.app_configs import APP_PORT
 from onyx.configs.app_configs import AUTH_RATE_LIMITING_ENABLED
 from onyx.configs.app_configs import AUTH_TYPE
-from onyx.configs.app_configs import CACHE_BACKEND
-from onyx.configs.app_configs import DISABLE_VECTOR_DB
 from onyx.configs.app_configs import LOG_ENDPOINT_LATENCY
 from onyx.configs.app_configs import OAUTH_CLIENT_ID
 from onyx.configs.app_configs import OAUTH_CLIENT_SECRET
@@ -257,53 +254,8 @@ def include_auth_router_with_prefix(
     )
 
 
-def validate_cache_backend_settings() -> None:
-    """Validate that CACHE_BACKEND=postgres is only used with DISABLE_VECTOR_DB.
-
-    The Postgres cache backend eliminates the Redis dependency, but only works
-    when Celery is not running (which requires DISABLE_VECTOR_DB=true).
-    """
-    if CACHE_BACKEND == CacheBackendType.POSTGRES and not DISABLE_VECTOR_DB:
-        raise RuntimeError(
-            "CACHE_BACKEND=postgres requires DISABLE_VECTOR_DB=true. "
-            "The Postgres cache backend is only supported in no-vector-DB "
-            "deployments where Celery is replaced by the in-process task runner."
-        )
-
-
-def validate_no_vector_db_settings() -> None:
-    """Validate that DISABLE_VECTOR_DB is not combined with incompatible settings.
-
-    Raises RuntimeError if DISABLE_VECTOR_DB is set alongside MULTI_TENANT or ENABLE_CRAFT,
-    since these modes require infrastructure that is removed in no-vector-DB deployments.
-    """
-    if not DISABLE_VECTOR_DB:
-        return
-
-    if MULTI_TENANT:
-        raise RuntimeError(
-            "DISABLE_VECTOR_DB cannot be used with MULTI_TENANT. "
-            "Multi-tenant deployments require the vector database for "
-            "per-tenant document indexing and search. Run in single-tenant "
-            "mode when disabling the vector database."
-        )
-
-    from onyx.server.features.build.configs import ENABLE_CRAFT
-
-    if ENABLE_CRAFT:
-        raise RuntimeError(
-            "DISABLE_VECTOR_DB cannot be used with ENABLE_CRAFT. "
-            "Onyx Craft requires background workers for sandbox lifecycle "
-            "management, which are removed in no-vector-DB deployments. "
-            "Disable Craft (ENABLE_CRAFT=false) when disabling the vector database."
-        )
-
-
 @asynccontextmanager
 async def lifespan(app: FastAPI) -> AsyncGenerator[None, None]:  # noqa: ARG001
-    validate_no_vector_db_settings()
-    validate_cache_backend_settings()
-
     # Set recursion limit
     if SYSTEM_RECURSION_LIMIT is not None:
         sys.setrecursionlimit(SYSTEM_RECURSION_LIMIT)
@@ -372,20 +324,8 @@ async def lifespan(app: FastAPI) -> AsyncGenerator[None, None]:  # noqa: ARG001
     if AUTH_RATE_LIMITING_ENABLED:
         await setup_auth_limiter()
 
-    if DISABLE_VECTOR_DB:
-        from onyx.background.periodic_poller import recover_stuck_user_files
-        from onyx.background.periodic_poller import start_periodic_poller
-
-        recover_stuck_user_files(POSTGRES_DEFAULT_SCHEMA)
-        start_periodic_poller(POSTGRES_DEFAULT_SCHEMA)
-
     yield
 
-    if DISABLE_VECTOR_DB:
-        from onyx.background.periodic_poller import stop_periodic_poller
-
-        stop_periodic_poller()
-
     SqlEngine.reset_engine()
 
     if AUTH_RATE_LIMITING_ENABLED:

backend/onyx/onyxbot/slack/handlers/handle_message.py

@@ -3,12 +3,10 @@ import datetime
 from slack_sdk import WebClient
 from slack_sdk.errors import SlackApiError
 
-from onyx.auth.schemas import UserRole
 from onyx.configs.onyxbot_configs import ONYX_BOT_FEEDBACK_REMINDER
 from onyx.configs.onyxbot_configs import ONYX_BOT_REACT_EMOJI
 from onyx.db.engine.sql_engine import get_session_with_current_tenant
 from onyx.db.models import SlackChannelConfig
-from onyx.db.user_preferences import activate_user
 from onyx.db.users import add_slack_user_if_not_exists
 from onyx.db.users import get_user_by_email
 from onyx.onyxbot.slack.blocks import get_feedback_reminder_blocks
@@ -245,44 +243,6 @@ def handle_message(
                     )
                     return False
 
-            elif (
-                not existing_user.is_active
-                and existing_user.role == UserRole.SLACK_USER
-            ):
-                check_seat_fn = fetch_ee_implementation_or_noop(
-                    "onyx.db.license",
-                    "check_seat_availability",
-                    None,
-                )
-                seat_result = check_seat_fn(db_session=db_session)
-                if seat_result is not None and not seat_result.available:
-                    logger.info(
-                        f"Blocked inactive Slack user {message_info.email}: "
-                        f"{seat_result.error_message}"
-                    )
-                    respond_in_thread_or_channel(
-                        client=client,
-                        channel=channel,
-                        thread_ts=message_info.msg_to_respond,
-                        text=(
-                            "We weren't able to respond because your organization "
-                            "has reached its user seat limit. Your account is "
-                            "currently deactivated and cannot be reactivated "
-                            "until more seats are available. Please contact "
-                            "your Onyx administrator."
-                        ),
-                    )
-                    return False
-
-                activate_user(existing_user, db_session)
-                invalidate_license_cache_fn = fetch_ee_implementation_or_noop(
-                    "onyx.db.license",
-                    "invalidate_license_cache",
-                    None,
-                )
-                invalidate_license_cache_fn()
-                logger.info(f"Reactivated inactive Slack user {message_info.email}")
-
             add_slack_user_if_not_exists(db_session, message_info.email)
 
         # first check if we need to respond with a standard answer

backend/onyx/server/features/persona/api.py

@@ -32,7 +32,7 @@ from onyx.db.persona import get_persona_snapshots_for_user
 from onyx.db.persona import get_persona_snapshots_paginated
 from onyx.db.persona import mark_persona_as_deleted
 from onyx.db.persona import mark_persona_as_not_deleted
-from onyx.db.persona import update_persona_featured
+from onyx.db.persona import update_persona_is_default
 from onyx.db.persona import update_persona_label
 from onyx.db.persona import update_persona_public_status
 from onyx.db.persona import update_persona_shared
@@ -130,8 +130,8 @@ class IsPublicRequest(BaseModel):
     is_public: bool
 
 
-class IsFeaturedRequest(BaseModel):
-    featured: bool
+class IsDefaultRequest(BaseModel):
+    is_default_persona: bool
 
 
 @admin_router.patch("/{persona_id}/visible")
@@ -168,22 +168,22 @@ def patch_user_persona_public_status(
         raise HTTPException(status_code=403, detail=str(e))
 
 
-@admin_router.patch("/{persona_id}/featured")
-def patch_persona_featured_status(
+@admin_router.patch("/{persona_id}/default")
+def patch_persona_default_status(
     persona_id: int,
-    is_featured_request: IsFeaturedRequest,
+    is_default_request: IsDefaultRequest,
     user: User = Depends(current_curator_or_admin_user),
     db_session: Session = Depends(get_session),
 ) -> None:
     try:
-        update_persona_featured(
+        update_persona_is_default(
             persona_id=persona_id,
-            featured=is_featured_request.featured,
+            is_default=is_default_request.is_default_persona,
             db_session=db_session,
             user=user,
         )
     except ValueError as e:
-        logger.exception("Failed to update persona featured status")
+        logger.exception("Failed to update persona default status")
         raise HTTPException(status_code=403, detail=str(e))
 
 

backend/onyx/server/features/persona/models.py

@@ -5,6 +5,7 @@ from pydantic import BaseModel
 from pydantic import Field
 
 from onyx.configs.constants import DocumentSource
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.enums import HierarchyNodeType
 from onyx.db.models import Document
 from onyx.db.models import HierarchyNode
@@ -107,7 +108,11 @@ class PersonaUpsertRequest(BaseModel):
     name: str
     description: str
     document_set_ids: list[int]
+    num_chunks: float
     is_public: bool
+    recency_bias: RecencyBiasSetting
+    llm_filter_extraction: bool
+    llm_relevance_filter: bool
     llm_model_provider_override: str | None = None
     llm_model_version_override: str | None = None
     starter_messages: list[StarterMessage] | None = None
@@ -123,7 +128,7 @@ class PersonaUpsertRequest(BaseModel):
     )
     search_start_date: datetime | None = None
     label_ids: list[int] | None = None
-    featured: bool = False
+    is_default_persona: bool = False
     display_priority: int | None = None
     # Accept string UUIDs from frontend
     user_file_ids: list[str] | None = None
@@ -150,6 +155,9 @@ class MinimalPersonaSnapshot(BaseModel):
     tools: list[ToolSnapshot]
     starter_messages: list[StarterMessage] | None
 
+    llm_relevance_filter: bool
+    llm_filter_extraction: bool
+
     # only show document sets in the UI that the assistant has access to
     document_sets: list[DocumentSetSummary]
     # Counts for knowledge sources (used to determine if search tool should be enabled)
@@ -167,7 +175,7 @@ class MinimalPersonaSnapshot(BaseModel):
     is_public: bool
     is_visible: bool
     display_priority: int | None
-    featured: bool
+    is_default_persona: bool
     builtin_persona: bool
 
     # Used for filtering
@@ -206,6 +214,8 @@ class MinimalPersonaSnapshot(BaseModel):
                 if should_expose_tool_to_fe(tool)
             ],
             starter_messages=persona.starter_messages,
+            llm_relevance_filter=persona.llm_relevance_filter,
+            llm_filter_extraction=persona.llm_filter_extraction,
             document_sets=[
                 DocumentSetSummary.from_model(document_set)
                 for document_set in persona.document_sets
@@ -220,7 +230,7 @@ class MinimalPersonaSnapshot(BaseModel):
             is_public=persona.is_public,
             is_visible=persona.is_visible,
             display_priority=persona.display_priority,
-            featured=persona.featured,
+            is_default_persona=persona.is_default_persona,
             builtin_persona=persona.builtin_persona,
             labels=[PersonaLabelSnapshot.from_model(label) for label in persona.labels],
             owner=(
@@ -242,9 +252,11 @@ class PersonaSnapshot(BaseModel):
     # Return string UUIDs to frontend for consistency
     user_file_ids: list[str]
     display_priority: int | None
-    featured: bool
+    is_default_persona: bool
     builtin_persona: bool
     starter_messages: list[StarterMessage] | None
+    llm_relevance_filter: bool
+    llm_filter_extraction: bool
     tools: list[ToolSnapshot]
     labels: list["PersonaLabelSnapshot"]
     owner: MinimalUserSnapshot | None
@@ -253,6 +265,7 @@ class PersonaSnapshot(BaseModel):
     document_sets: list[DocumentSetSummary]
     llm_model_provider_override: str | None
     llm_model_version_override: str | None
+    num_chunks: float | None
     # Hierarchy nodes attached for scoped search
     hierarchy_nodes: list[HierarchyNodeSnapshot] = Field(default_factory=list)
     # Individual documents attached for scoped search
@@ -276,9 +289,11 @@ class PersonaSnapshot(BaseModel):
             icon_name=persona.icon_name,
             user_file_ids=[str(file.id) for file in persona.user_files],
             display_priority=persona.display_priority,
-            featured=persona.featured,
+            is_default_persona=persona.is_default_persona,
             builtin_persona=persona.builtin_persona,
             starter_messages=persona.starter_messages,
+            llm_relevance_filter=persona.llm_relevance_filter,
+            llm_filter_extraction=persona.llm_filter_extraction,
             tools=[
                 ToolSnapshot.from_model(tool)
                 for tool in persona.tools
@@ -309,6 +324,7 @@ class PersonaSnapshot(BaseModel):
             ],
             llm_model_provider_override=persona.llm_model_provider_override,
             llm_model_version_override=persona.llm_model_version_override,
+            num_chunks=persona.num_chunks,
             system_prompt=persona.system_prompt,
             replace_base_system_prompt=persona.replace_base_system_prompt,
             task_prompt=persona.task_prompt,
@@ -316,10 +332,12 @@ class PersonaSnapshot(BaseModel):
         )
 
 
-# Model with full context on persona's internal settings
+# Model with full context on perona's internal settings
 # This is used for flows which need to know all settings
 class FullPersonaSnapshot(PersonaSnapshot):
     search_start_date: datetime | None = None
+    llm_relevance_filter: bool = False
+    llm_filter_extraction: bool = False
 
     @classmethod
     def from_model(
@@ -342,7 +360,7 @@ class FullPersonaSnapshot(PersonaSnapshot):
             icon_name=persona.icon_name,
             user_file_ids=[str(file.id) for file in persona.user_files],
             display_priority=persona.display_priority,
-            featured=persona.featured,
+            is_default_persona=persona.is_default_persona,
             builtin_persona=persona.builtin_persona,
             starter_messages=persona.starter_messages,
             users=[
@@ -373,7 +391,10 @@ class FullPersonaSnapshot(PersonaSnapshot):
                 DocumentSetSummary.from_model(document_set_model)
                 for document_set_model in persona.document_sets
             ],
+            num_chunks=persona.num_chunks,
             search_start_date=persona.search_start_date,
+            llm_relevance_filter=persona.llm_relevance_filter,
+            llm_filter_extraction=persona.llm_filter_extraction,
             llm_model_provider_override=persona.llm_model_provider_override,
             llm_model_version_override=persona.llm_model_version_override,
             system_prompt=persona.system_prompt,

backend/onyx/server/features/projects/api.py

@@ -2,7 +2,6 @@ import json
 from uuid import UUID
 
 from fastapi import APIRouter
-from fastapi import BackgroundTasks
 from fastapi import Depends
 from fastapi import File
 from fastapi import Form
@@ -13,7 +12,13 @@ from pydantic import BaseModel
 from sqlalchemy.orm import Session
 
 from onyx.auth.users import current_user
-from onyx.configs.app_configs import DISABLE_VECTOR_DB
+from onyx.background.celery.tasks.user_file_processing.tasks import (
+    enqueue_user_file_project_sync_task,
+)
+from onyx.background.celery.tasks.user_file_processing.tasks import (
+    get_user_file_project_sync_queue_depth,
+)
+from onyx.background.celery.versioned_apps.client import app as client_app
 from onyx.configs.constants import OnyxCeleryPriority
 from onyx.configs.constants import OnyxCeleryQueues
 from onyx.configs.constants import OnyxCeleryTask
@@ -29,6 +34,7 @@ from onyx.db.models import UserProject
 from onyx.db.persona import get_personas_by_ids
 from onyx.db.projects import get_project_token_count
 from onyx.db.projects import upload_files_to_user_files_with_indexing
+from onyx.redis.redis_pool import get_redis_client
 from onyx.server.features.projects.models import CategorizedFilesSnapshot
 from onyx.server.features.projects.models import ChatSessionRequest
 from onyx.server.features.projects.models import TokenCountResponse
@@ -49,27 +55,7 @@ class UserFileDeleteResult(BaseModel):
     assistant_names: list[str] = []
 
 
-def _trigger_user_file_project_sync(
-    user_file_id: UUID,
-    tenant_id: str,
-    background_tasks: BackgroundTasks | None = None,
-) -> None:
-    if DISABLE_VECTOR_DB and background_tasks is not None:
-        from onyx.background.task_utils import drain_project_sync_loop
-
-        background_tasks.add_task(drain_project_sync_loop, tenant_id)
-        logger.info(f"Queued in-process project sync for user_file_id={user_file_id}")
-        return
-
-    from onyx.background.celery.tasks.user_file_processing.tasks import (
-        enqueue_user_file_project_sync_task,
-    )
-    from onyx.background.celery.tasks.user_file_processing.tasks import (
-        get_user_file_project_sync_queue_depth,
-    )
-    from onyx.background.celery.versioned_apps.client import app as client_app
-    from onyx.redis.redis_pool import get_redis_client
-
+def _trigger_user_file_project_sync(user_file_id: UUID, tenant_id: str) -> None:
     queue_depth = get_user_file_project_sync_queue_depth(client_app)
     if queue_depth > USER_FILE_PROJECT_SYNC_MAX_QUEUE_DEPTH:
         logger.warning(
@@ -125,7 +111,6 @@ def create_project(
 
 @router.post("/file/upload", tags=PUBLIC_API_TAGS)
 def upload_user_files(
-    bg_tasks: BackgroundTasks,
     files: list[UploadFile] = File(...),
     project_id: int | None = Form(None),
     temp_id_map: str | None = Form(None),  # JSON string mapping hashed key -> temp_id
@@ -152,12 +137,12 @@ def upload_user_files(
             user=user,
             temp_id_map=parsed_temp_id_map,
             db_session=db_session,
-            background_tasks=bg_tasks if DISABLE_VECTOR_DB else None,
         )
 
         return CategorizedFilesSnapshot.from_result(categorized_files_result)
 
     except Exception as e:
+        # Log error with type, message, and stack for easier debugging
         logger.exception(f"Error uploading files - {type(e).__name__}: {str(e)}")
         raise HTTPException(
             status_code=500,
@@ -207,7 +192,6 @@ def get_files_in_project(
 def unlink_user_file_from_project(
     project_id: int,
     file_id: UUID,
-    bg_tasks: BackgroundTasks,
     user: User = Depends(current_user),
     db_session: Session = Depends(get_session),
 ) -> Response:
@@ -224,6 +208,7 @@ def unlink_user_file_from_project(
     if project is None:
         raise HTTPException(status_code=404, detail="Project not found")
 
+    user_id = user.id
     user_file = (
         db_session.query(UserFile)
         .filter(UserFile.id == file_id, UserFile.user_id == user_id)
@@ -239,7 +224,7 @@ def unlink_user_file_from_project(
         db_session.commit()
 
     tenant_id = get_current_tenant_id()
-    _trigger_user_file_project_sync(user_file.id, tenant_id, bg_tasks)
+    _trigger_user_file_project_sync(user_file.id, tenant_id)
 
     return Response(status_code=204)
 
@@ -252,7 +237,6 @@ def unlink_user_file_from_project(
 def link_user_file_to_project(
     project_id: int,
     file_id: UUID,
-    bg_tasks: BackgroundTasks,
     user: User = Depends(current_user),
     db_session: Session = Depends(get_session),
 ) -> UserFileSnapshot:
@@ -284,7 +268,7 @@ def link_user_file_to_project(
         db_session.commit()
 
     tenant_id = get_current_tenant_id()
-    _trigger_user_file_project_sync(user_file.id, tenant_id, bg_tasks)
+    _trigger_user_file_project_sync(user_file.id, tenant_id)
 
     return UserFileSnapshot.from_model(user_file)
 
@@ -351,7 +335,7 @@ def upsert_project_instructions(
 class ProjectPayload(BaseModel):
     project: UserProjectSnapshot
     files: list[UserFileSnapshot] | None = None
-    persona_id_to_featured: dict[int, bool] | None = None
+    persona_id_to_is_default: dict[int, bool] | None = None
 
 
 @router.get(
@@ -370,11 +354,13 @@ def get_project_details(
         if session.persona_id is not None
     ]
     personas = get_personas_by_ids(persona_ids, db_session)
-    persona_id_to_featured = {persona.id: persona.featured for persona in personas}
+    persona_id_to_is_default = {
+        persona.id: persona.is_default_persona for persona in personas
+    }
     return ProjectPayload(
         project=project,
         files=files,
-        persona_id_to_featured=persona_id_to_featured,
+        persona_id_to_is_default=persona_id_to_is_default,
     )
 
 
@@ -440,7 +426,6 @@ def delete_project(
 @router.delete("/file/{file_id}", tags=PUBLIC_API_TAGS)
 def delete_user_file(
     file_id: UUID,
-    bg_tasks: BackgroundTasks,
     user: User = Depends(current_user),
     db_session: Session = Depends(get_session),
 ) -> UserFileDeleteResult:
@@ -473,25 +458,15 @@ def delete_user_file(
     db_session.commit()
 
     tenant_id = get_current_tenant_id()
-    if DISABLE_VECTOR_DB:
-        from onyx.background.task_utils import drain_delete_loop
-
-        bg_tasks.add_task(drain_delete_loop, tenant_id)
-        logger.info(f"Queued in-process delete for user_file_id={user_file.id}")
-    else:
-        from onyx.background.celery.versioned_apps.client import app as client_app
-
-        task = client_app.send_task(
-            OnyxCeleryTask.DELETE_SINGLE_USER_FILE,
-            kwargs={"user_file_id": str(user_file.id), "tenant_id": tenant_id},
-            queue=OnyxCeleryQueues.USER_FILE_DELETE,
-            priority=OnyxCeleryPriority.HIGH,
-        )
-        logger.info(
-            f"Triggered delete for user_file_id={user_file.id} "
-            f"with task_id={task.id}"
-        )
-
+    task = client_app.send_task(
+        OnyxCeleryTask.DELETE_SINGLE_USER_FILE,
+        kwargs={"user_file_id": str(user_file.id), "tenant_id": tenant_id},
+        queue=OnyxCeleryQueues.USER_FILE_DELETE,
+        priority=OnyxCeleryPriority.HIGH,
+    )
+    logger.info(
+        f"Triggered delete for user_file_id={user_file.id} with task_id={task.id}"
+    )
     return UserFileDeleteResult(
         has_associations=False, project_names=[], assistant_names=[]
     )

backend/onyx/server/kg/api.py

@@ -5,6 +5,7 @@ from sqlalchemy.orm import Session
 from onyx.auth.users import current_admin_user
 from onyx.configs.constants import TMP_DRALPHA_PERSONA_NAME
 from onyx.configs.kg_configs import KG_BETA_ASSISTANT_DESCRIPTION
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.engine.sql_engine import get_session
 from onyx.db.entities import get_entity_stats_by_grounded_source_name
 from onyx.db.entity_type import get_configured_entity_types
@@ -133,7 +134,11 @@ def enable_or_disable_kg(
         system_prompt=KG_BETA_ASSISTANT_SYSTEM_PROMPT,
         task_prompt=KG_BETA_ASSISTANT_TASK_PROMPT,
         datetime_aware=False,
+        num_chunks=25,
+        llm_relevance_filter=False,
         is_public=False,
+        llm_filter_extraction=False,
+        recency_bias=RecencyBiasSetting.NO_DECAY,
         document_set_ids=[],
         tool_ids=[search_tool.id, kg_tool.id],
         llm_model_provider_override=None,
@@ -142,7 +147,7 @@ def enable_or_disable_kg(
         users=[user.id],
         groups=[],
         label_ids=[],
-        featured=False,
+        is_default_persona=False,
         display_priority=0,
         user_file_ids=[],
     )

backend/onyx/server/manage/llm/api.py

@@ -603,9 +603,9 @@ def list_llm_provider_basics(
     for provider in all_providers:
         # Use centralized access control logic with persona=None since we're
         # listing providers without a specific persona context. This correctly:
-        # - Includes public providers WITHOUT persona restrictions
+        # - Includes all public providers
         # - Includes providers user can access via group membership
-        # - Excludes providers with persona restrictions (requires specific persona)
+        # - Excludes persona-only restricted providers (requires specific persona)
         # - Excludes non-public providers with no restrictions (admin-only)
         if can_user_access_llm_provider(
             provider, user_group_ids, persona=None, is_admin=is_admin
@@ -638,7 +638,7 @@ def get_valid_model_names_for_persona(
 
     Returns a list of model names (e.g., ["gpt-4o", "claude-3-5-sonnet"]) that are
     available to the user when using this persona, respecting all RBAC restrictions.
-    Public providers are included unless they have persona restrictions that exclude this persona.
+    Public providers are always included.
     """
     persona = fetch_persona_with_groups(db_session, persona_id)
     if not persona:
@@ -652,7 +652,7 @@ def get_valid_model_names_for_persona(
 
     valid_models = []
     for llm_provider_model in all_providers:
-        # Check access with persona context — respects all RBAC restrictions
+        # Public providers always included, restricted checked via RBAC
         if can_user_access_llm_provider(
             llm_provider_model, user_group_ids, persona, is_admin=is_admin
         ):
@@ -673,7 +673,7 @@ def list_llm_providers_for_persona(
     """Get LLM providers for a specific persona.
 
     Returns providers that the user can access when using this persona:
-    - Public providers (respecting persona restrictions if set)
+    - All public providers (is_public=True) - ALWAYS included
     - Restricted providers user can access via group/persona restrictions
 
     This endpoint is used for background fetching of restricted providers
@@ -702,7 +702,7 @@ def list_llm_providers_for_persona(
     llm_provider_list: list[LLMProviderDescriptor] = []
 
     for llm_provider_model in all_providers:
-        # Check access with persona context — respects persona restrictions
+        # Use simplified access check - public providers always included
         if can_user_access_llm_provider(
             llm_provider_model, user_group_ids, persona, is_admin=is_admin
         ):

backend/onyx/server/manage/slack_bot.py

@@ -198,6 +198,7 @@ def patch_slack_channel_config(
             channel_name=channel_config["channel_name"],
             document_set_ids=slack_channel_config_creation_request.document_sets,
             existing_persona_id=existing_persona_id,
+            enable_auto_filters=slack_channel_config_creation_request.enable_auto_filters,
         ).id
 
     slack_channel_config_model = update_slack_channel_config(

backend/onyx/server/query_and_chat/chat_backend.py

@@ -152,20 +152,10 @@ def get_user_chat_sessions(
     project_id: int | None = None,
     only_non_project_chats: bool = True,
     include_failed_chats: bool = False,
-    page_size: int = Query(default=50, ge=1, le=100),
-    before: str | None = Query(default=None),
 ) -> ChatSessionsResponse:
     user_id = user.id
 
     try:
-        before_dt = (
-            datetime.datetime.fromisoformat(before) if before is not None else None
-        )
-    except ValueError:
-        raise HTTPException(status_code=422, detail="Invalid 'before' timestamp format")
-
-    try:
-        # Fetch one extra to determine if there are more results
         chat_sessions = get_chat_sessions_by_user(
             user_id=user_id,
             deleted=False,
@@ -173,16 +163,11 @@ def get_user_chat_sessions(
             project_id=project_id,
             only_non_project_chats=only_non_project_chats,
             include_failed_chats=include_failed_chats,
-            limit=page_size + 1,
-            before=before_dt,
         )
 
     except ValueError:
         raise ValueError("Chat session does not exist or has been deleted")
 
-    has_more = len(chat_sessions) > page_size
-    chat_sessions = chat_sessions[:page_size]
-
     return ChatSessionsResponse(
         sessions=[
             ChatSessionDetails(
@@ -196,8 +181,7 @@ def get_user_chat_sessions(
                 current_temperature_override=chat.temperature_override,
             )
             for chat in chat_sessions
-        ],
-        has_more=has_more,
+        ]
     )
 
 

backend/onyx/server/query_and_chat/models.py

@@ -192,7 +192,6 @@ class ChatSessionDetails(BaseModel):
 
 class ChatSessionsResponse(BaseModel):
     sessions: list[ChatSessionDetails]
-    has_more: bool = False
 
 
 class ChatMessageDetail(BaseModel):

backend/pyproject.toml

@@ -8,3 +8,37 @@ dependencies = [
 
 [tool.uv.sources]
 onyx = { workspace = true }
+
+[tool.mypy]
+plugins = "sqlalchemy.ext.mypy.plugin"
+mypy_path = "backend"
+explicit_package_bases = true
+disallow_untyped_defs = true
+warn_unused_ignores = true
+enable_error_code = ["possibly-undefined"]
+strict_equality = true
+# Patterns match paths whether mypy is run from backend/ (CI) or repo root (e.g. VS Code extension with target ./backend)
+exclude = [
+  "(?:^|/)generated/",
+  "(?:^|/)\\.venv/",
+  "(?:^|/)onyx/server/features/build/sandbox/kubernetes/docker/skills/",
+  "(?:^|/)onyx/server/features/build/sandbox/kubernetes/docker/templates/",
+]
+
+[[tool.mypy.overrides]]
+module = "alembic.versions.*"
+disable_error_code = ["var-annotated"]
+
+[[tool.mypy.overrides]]
+module = "alembic_tenants.versions.*"
+disable_error_code = ["var-annotated"]
+
+[[tool.mypy.overrides]]
+module = "generated.*"
+follow_imports = "silent"
+ignore_errors = true
+
+[[tool.mypy.overrides]]
+module = "transformers.*"
+follow_imports = "skip"
+ignore_errors = true

backend/requirements/default.txt

@@ -528,7 +528,7 @@ lxml==5.3.0
     #   unstructured
     #   xmlsec
     #   zeep
-lxml-html-clean==0.4.4
+lxml-html-clean==0.4.3
     # via lxml
 magika==0.6.3
     # via markitdown
@@ -809,7 +809,7 @@ pypandoc-binary==1.16.2
     # via onyx
 pyparsing==3.2.5
     # via httplib2
-pypdf==6.7.5
+pypdf==6.7.3
     # via
     #   onyx
     #   unstructured-client

backend/tests/external_dependency_unit/answer/test_stream_chat_message_objects.py

@@ -9,6 +9,7 @@ from onyx.chat.models import AnswerStreamPart
 from onyx.chat.models import StreamingError
 from onyx.chat.process_message import handle_stream_message_objects
 from onyx.db.chat import create_chat_session
+from onyx.db.models import RecencyBiasSetting
 from onyx.db.models import User
 from onyx.db.persona import upsert_persona
 from onyx.server.query_and_chat.models import MessageResponseIDInfo
@@ -73,6 +74,10 @@ def test_stream_chat_message_objects_without_web_search(
         user=None,  # System persona
         name=f"Test Persona {uuid.uuid4()}",
         description="Test persona with no tools for web search test",
+        num_chunks=10.0,
+        llm_relevance_filter=True,
+        llm_filter_extraction=True,
+        recency_bias=RecencyBiasSetting.BASE_DECAY,
         llm_model_provider_override=None,
         llm_model_version_override=None,
         starter_messages=None,

backend/tests/external_dependency_unit/background/test_periodic_task_claim.py

@@ -1,257 +0,0 @@
-"""External dependency unit tests for periodic task claiming.
-
-Tests ``_try_claim_task`` and ``_try_run_periodic_task`` against real
-PostgreSQL, verifying happy-path behavior and concurrent-access safety.
-
-The claim mechanism uses a transaction-scoped advisory lock + a KVStore
-timestamp for cross-instance dedup.  The DB session is released before
-the task runs, so long-running tasks don't hold connections.
-"""
-
-import time
-from collections.abc import Generator
-from concurrent.futures import as_completed
-from concurrent.futures import ThreadPoolExecutor
-from datetime import datetime
-from datetime import timedelta
-from datetime import timezone
-from unittest.mock import MagicMock
-from uuid import uuid4
-
-import pytest
-
-from onyx.background.periodic_poller import _PeriodicTaskDef
-from onyx.background.periodic_poller import _try_claim_task
-from onyx.background.periodic_poller import _try_run_periodic_task
-from onyx.background.periodic_poller import PERIODIC_TASK_KV_PREFIX
-from onyx.db.engine.sql_engine import get_session_with_current_tenant
-from onyx.db.engine.sql_engine import SqlEngine
-from onyx.db.models import KVStore
-from shared_configs.contextvars import CURRENT_TENANT_ID_CONTEXTVAR
-from tests.external_dependency_unit.constants import TEST_TENANT_ID
-
-_TEST_LOCK_BASE = 90_000
-
-
-@pytest.fixture(scope="module", autouse=True)
-def _init_engine() -> None:
-    SqlEngine.init_engine(pool_size=10, max_overflow=5)
-
-
-def _make_task(
-    *,
-    name: str | None = None,
-    interval: float = 3600,
-    lock_id: int | None = None,
-    run_fn: MagicMock | None = None,
-) -> _PeriodicTaskDef:
-    return _PeriodicTaskDef(
-        name=name if name is not None else f"test-{uuid4().hex[:8]}",
-        interval_seconds=interval,
-        lock_id=lock_id if lock_id is not None else _TEST_LOCK_BASE,
-        run_fn=run_fn if run_fn is not None else MagicMock(),
-    )
-
-
-@pytest.fixture(autouse=True)
-def _cleanup_kv(
-    tenant_context: None,  # noqa: ARG001
-) -> Generator[None, None, None]:
-    yield
-    with get_session_with_current_tenant() as db_session:
-        db_session.query(KVStore).filter(
-            KVStore.key.like(f"{PERIODIC_TASK_KV_PREFIX}test-%")
-        ).delete(synchronize_session=False)
-        db_session.commit()
-
-
-# ------------------------------------------------------------------
-# Happy-path: _try_claim_task
-# ------------------------------------------------------------------
-
-
-class TestClaimHappyPath:
-    def test_first_claim_succeeds(self) -> None:
-        assert _try_claim_task(_make_task()) is True
-
-    def test_first_claim_creates_kv_row(self) -> None:
-        task = _make_task()
-        _try_claim_task(task)
-
-        with get_session_with_current_tenant() as db_session:
-            row = (
-                db_session.query(KVStore)
-                .filter_by(key=PERIODIC_TASK_KV_PREFIX + task.name)
-                .first()
-            )
-        assert row is not None
-        assert row.value is not None
-
-    def test_second_claim_within_interval_fails(self) -> None:
-        task = _make_task(interval=3600)
-        assert _try_claim_task(task) is True
-        assert _try_claim_task(task) is False
-
-    def test_claim_after_interval_succeeds(self) -> None:
-        task = _make_task(interval=1)
-        assert _try_claim_task(task) is True
-
-        kv_key = PERIODIC_TASK_KV_PREFIX + task.name
-        with get_session_with_current_tenant() as db_session:
-            row = db_session.query(KVStore).filter_by(key=kv_key).first()
-            assert row is not None
-            row.value = (datetime.now(timezone.utc) - timedelta(seconds=10)).isoformat()
-            db_session.commit()
-
-        assert _try_claim_task(task) is True
-
-
-# ------------------------------------------------------------------
-# Happy-path: _try_run_periodic_task
-# ------------------------------------------------------------------
-
-
-class TestRunHappyPath:
-    def test_runs_task_and_updates_last_run_at(self) -> None:
-        mock_fn = MagicMock()
-        task = _make_task(run_fn=mock_fn)
-
-        _try_run_periodic_task(task)
-
-        mock_fn.assert_called_once()
-        assert task.last_run_at > 0
-
-    def test_skips_when_in_memory_interval_not_elapsed(self) -> None:
-        mock_fn = MagicMock()
-        task = _make_task(run_fn=mock_fn, interval=3600)
-        task.last_run_at = time.monotonic()
-
-        _try_run_periodic_task(task)
-
-        mock_fn.assert_not_called()
-
-    def test_skips_when_db_claim_blocked(self) -> None:
-        name = f"test-{uuid4().hex[:8]}"
-        lock_id = _TEST_LOCK_BASE + 10
-
-        _try_claim_task(_make_task(name=name, lock_id=lock_id, interval=3600))
-
-        mock_fn = MagicMock()
-        task = _make_task(name=name, lock_id=lock_id, interval=3600, run_fn=mock_fn)
-        _try_run_periodic_task(task)
-
-        mock_fn.assert_not_called()
-
-    def test_task_exception_does_not_propagate(self) -> None:
-        task = _make_task(run_fn=MagicMock(side_effect=RuntimeError("boom")))
-        _try_run_periodic_task(task)
-
-    def test_claim_committed_before_task_runs(self) -> None:
-        """The KV claim must be visible in the DB when run_fn executes."""
-        task_name = f"test-order-{uuid4().hex[:8]}"
-        kv_key = PERIODIC_TASK_KV_PREFIX + task_name
-        claim_visible: list[bool] = []
-
-        def check_claim() -> None:
-            with get_session_with_current_tenant() as db_session:
-                row = db_session.query(KVStore).filter_by(key=kv_key).first()
-                claim_visible.append(row is not None and row.value is not None)
-
-        task = _PeriodicTaskDef(
-            name=task_name,
-            interval_seconds=3600,
-            lock_id=_TEST_LOCK_BASE + 11,
-            run_fn=check_claim,
-        )
-
-        _try_run_periodic_task(task)
-
-        assert claim_visible == [True]
-
-
-# ------------------------------------------------------------------
-# Concurrency: only one claimer should win
-# ------------------------------------------------------------------
-
-
-class TestClaimConcurrency:
-    def test_concurrent_claims_single_winner(self) -> None:
-        """Many threads claim the same task — exactly one should succeed."""
-        num_threads = 20
-        task_name = f"test-race-{uuid4().hex[:8]}"
-        lock_id = _TEST_LOCK_BASE + 20
-
-        def claim() -> bool:
-            CURRENT_TENANT_ID_CONTEXTVAR.set(TEST_TENANT_ID)
-            return _try_claim_task(
-                _PeriodicTaskDef(
-                    name=task_name,
-                    interval_seconds=3600,
-                    lock_id=lock_id,
-                    run_fn=lambda: None,
-                )
-            )
-
-        results: list[bool] = []
-        with ThreadPoolExecutor(max_workers=num_threads) as executor:
-            futures = [executor.submit(claim) for _ in range(num_threads)]
-            for future in as_completed(futures):
-                results.append(future.result())
-
-        winners = sum(1 for r in results if r)
-        assert winners == 1, f"Expected 1 winner, got {winners}"
-
-    def test_concurrent_run_single_execution(self) -> None:
-        """Many threads run the same task — run_fn fires exactly once."""
-        num_threads = 20
-        task_name = f"test-run-race-{uuid4().hex[:8]}"
-        lock_id = _TEST_LOCK_BASE + 21
-        counter = MagicMock()
-
-        def run() -> None:
-            CURRENT_TENANT_ID_CONTEXTVAR.set(TEST_TENANT_ID)
-            _try_run_periodic_task(
-                _PeriodicTaskDef(
-                    name=task_name,
-                    interval_seconds=3600,
-                    lock_id=lock_id,
-                    run_fn=counter,
-                )
-            )
-
-        with ThreadPoolExecutor(max_workers=num_threads) as executor:
-            futures = [executor.submit(run) for _ in range(num_threads)]
-            for future in as_completed(futures):
-                future.result()
-
-        assert (
-            counter.call_count == 1
-        ), f"Expected run_fn called once, got {counter.call_count}"
-
-    def test_no_errors_under_contention(self) -> None:
-        """All threads complete without exceptions under high contention."""
-        num_threads = 30
-        task_name = f"test-err-{uuid4().hex[:8]}"
-        lock_id = _TEST_LOCK_BASE + 22
-        errors: list[Exception] = []
-
-        def claim() -> bool:
-            CURRENT_TENANT_ID_CONTEXTVAR.set(TEST_TENANT_ID)
-            return _try_claim_task(
-                _PeriodicTaskDef(
-                    name=task_name,
-                    interval_seconds=3600,
-                    lock_id=lock_id,
-                    run_fn=lambda: None,
-                )
-            )
-
-        with ThreadPoolExecutor(max_workers=num_threads) as executor:
-            futures = [executor.submit(claim) for _ in range(num_threads)]
-            for future in as_completed(futures):
-                try:
-                    future.result()
-                except Exception as e:
-                    errors.append(e)
-
-        assert errors == [], f"Got {len(errors)} errors: {errors}"

backend/tests/external_dependency_unit/background/test_startup_recovery.py

@@ -1,219 +0,0 @@
-"""External dependency unit tests for startup recovery (Step 10g).
-
-Seeds ``UserFile`` records in stuck states (PROCESSING, DELETING,
-needs_project_sync) then calls ``recover_stuck_user_files`` and verifies
-the drain loops pick them up via ``FOR UPDATE SKIP LOCKED``.
-
-Uses real PostgreSQL (via ``db_session`` / ``tenant_context`` fixtures).
-The per-file ``*_impl`` functions are mocked so no real file store or
-connector is needed — we only verify that recovery finds and dispatches
-the correct files.
-"""
-
-from collections.abc import Generator
-from unittest.mock import MagicMock
-from unittest.mock import patch
-from uuid import uuid4
-
-import pytest
-from sqlalchemy.orm import Session
-
-from onyx.background.periodic_poller import recover_stuck_user_files
-from onyx.db.enums import UserFileStatus
-from onyx.db.models import UserFile
-from tests.external_dependency_unit.conftest import create_test_user
-from tests.external_dependency_unit.constants import TEST_TENANT_ID
-
-# ---------------------------------------------------------------------------
-# Helpers
-# ---------------------------------------------------------------------------
-
-_IMPL_MODULE = "onyx.background.celery.tasks.user_file_processing.tasks"
-
-
-def _create_user_file(
-    db_session: Session,
-    user_id: object,
-    *,
-    status: UserFileStatus = UserFileStatus.PROCESSING,
-    needs_project_sync: bool = False,
-    needs_persona_sync: bool = False,
-) -> UserFile:
-    uf = UserFile(
-        id=uuid4(),
-        user_id=user_id,
-        file_id=f"test_file_{uuid4().hex[:8]}",
-        name=f"test_{uuid4().hex[:8]}.txt",
-        file_type="text/plain",
-        status=status,
-        needs_project_sync=needs_project_sync,
-        needs_persona_sync=needs_persona_sync,
-    )
-    db_session.add(uf)
-    db_session.commit()
-    db_session.refresh(uf)
-    return uf
-
-
-@pytest.fixture()
-def _cleanup_user_files(db_session: Session) -> Generator[list[UserFile], None, None]:
-    """Track created UserFile rows and delete them after each test."""
-    created: list[UserFile] = []
-    yield created
-    for uf in created:
-        existing = db_session.get(UserFile, uf.id)
-        if existing:
-            db_session.delete(existing)
-    db_session.commit()
-
-
-# ---------------------------------------------------------------------------
-# Tests
-# ---------------------------------------------------------------------------
-
-
-class TestRecoverProcessingFiles:
-    """Files in PROCESSING status are re-processed via the processing drain loop."""
-
-    def test_processing_files_recovered(
-        self,
-        db_session: Session,
-        tenant_context: None,  # noqa: ARG002
-        _cleanup_user_files: list[UserFile],
-    ) -> None:
-        user = create_test_user(db_session, "recovery_proc")
-        uf = _create_user_file(db_session, user.id, status=UserFileStatus.PROCESSING)
-        _cleanup_user_files.append(uf)
-
-        mock_impl = MagicMock()
-        with patch(f"{_IMPL_MODULE}.process_user_file_impl", mock_impl):
-            recover_stuck_user_files(TEST_TENANT_ID)
-
-        called_ids = [call.kwargs["user_file_id"] for call in mock_impl.call_args_list]
-        assert (
-            str(uf.id) in called_ids
-        ), f"Expected file {uf.id} to be recovered but got: {called_ids}"
-
-    def test_completed_files_not_recovered(
-        self,
-        db_session: Session,
-        tenant_context: None,  # noqa: ARG002
-        _cleanup_user_files: list[UserFile],
-    ) -> None:
-        user = create_test_user(db_session, "recovery_comp")
-        uf = _create_user_file(db_session, user.id, status=UserFileStatus.COMPLETED)
-        _cleanup_user_files.append(uf)
-
-        mock_impl = MagicMock()
-        with patch(f"{_IMPL_MODULE}.process_user_file_impl", mock_impl):
-            recover_stuck_user_files(TEST_TENANT_ID)
-
-        called_ids = [call.kwargs["user_file_id"] for call in mock_impl.call_args_list]
-        assert (
-            str(uf.id) not in called_ids
-        ), f"COMPLETED file {uf.id} should not have been recovered"
-
-
-class TestRecoverDeletingFiles:
-    """Files in DELETING status are recovered via the delete drain loop."""
-
-    def test_deleting_files_recovered(
-        self,
-        db_session: Session,
-        tenant_context: None,  # noqa: ARG002
-        _cleanup_user_files: list[UserFile],
-    ) -> None:
-        user = create_test_user(db_session, "recovery_del")
-        uf = _create_user_file(db_session, user.id, status=UserFileStatus.DELETING)
-        _cleanup_user_files.append(uf)
-
-        mock_impl = MagicMock()
-        with patch(f"{_IMPL_MODULE}.delete_user_file_impl", mock_impl):
-            recover_stuck_user_files(TEST_TENANT_ID)
-
-        called_ids = [call.kwargs["user_file_id"] for call in mock_impl.call_args_list]
-        assert (
-            str(uf.id) in called_ids
-        ), f"Expected file {uf.id} to be recovered for deletion but got: {called_ids}"
-
-
-class TestRecoverSyncFiles:
-    """Files needing project/persona sync are recovered via the sync drain loop."""
-
-    def test_needs_project_sync_recovered(
-        self,
-        db_session: Session,
-        tenant_context: None,  # noqa: ARG002
-        _cleanup_user_files: list[UserFile],
-    ) -> None:
-        user = create_test_user(db_session, "recovery_sync")
-        uf = _create_user_file(
-            db_session,
-            user.id,
-            status=UserFileStatus.COMPLETED,
-            needs_project_sync=True,
-        )
-        _cleanup_user_files.append(uf)
-
-        mock_impl = MagicMock()
-        with patch(f"{_IMPL_MODULE}.project_sync_user_file_impl", mock_impl):
-            recover_stuck_user_files(TEST_TENANT_ID)
-
-        called_ids = [call.kwargs["user_file_id"] for call in mock_impl.call_args_list]
-        assert (
-            str(uf.id) in called_ids
-        ), f"Expected file {uf.id} to be recovered for sync but got: {called_ids}"
-
-    def test_needs_persona_sync_recovered(
-        self,
-        db_session: Session,
-        tenant_context: None,  # noqa: ARG002
-        _cleanup_user_files: list[UserFile],
-    ) -> None:
-        user = create_test_user(db_session, "recovery_psync")
-        uf = _create_user_file(
-            db_session,
-            user.id,
-            status=UserFileStatus.COMPLETED,
-            needs_persona_sync=True,
-        )
-        _cleanup_user_files.append(uf)
-
-        mock_impl = MagicMock()
-        with patch(f"{_IMPL_MODULE}.project_sync_user_file_impl", mock_impl):
-            recover_stuck_user_files(TEST_TENANT_ID)
-
-        called_ids = [call.kwargs["user_file_id"] for call in mock_impl.call_args_list]
-        assert (
-            str(uf.id) in called_ids
-        ), f"Expected file {uf.id} to be recovered for persona sync but got: {called_ids}"
-
-
-class TestRecoveryMultipleFiles:
-    """Recovery processes all stuck files in one pass, not just the first."""
-
-    def test_multiple_processing_files(
-        self,
-        db_session: Session,
-        tenant_context: None,  # noqa: ARG002
-        _cleanup_user_files: list[UserFile],
-    ) -> None:
-        user = create_test_user(db_session, "recovery_multi")
-        files = []
-        for _ in range(3):
-            uf = _create_user_file(
-                db_session, user.id, status=UserFileStatus.PROCESSING
-            )
-            _cleanup_user_files.append(uf)
-            files.append(uf)
-
-        mock_impl = MagicMock()
-        with patch(f"{_IMPL_MODULE}.process_user_file_impl", mock_impl):
-            recover_stuck_user_files(TEST_TENANT_ID)
-
-        called_ids = {call.kwargs["user_file_id"] for call in mock_impl.call_args_list}
-        expected_ids = {str(uf.id) for uf in files}
-        assert expected_ids.issubset(called_ids), (
-            f"Expected all {len(files)} files to be recovered. "
-            f"Missing: {expected_ids - called_ids}"
-        )

backend/tests/external_dependency_unit/celery/test_persona_file_sync.py

@@ -36,6 +36,7 @@ from onyx.background.celery.tasks.user_file_processing.tasks import (
 from onyx.background.celery.tasks.user_file_processing.tasks import (
     user_file_project_sync_lock_key,
 )
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.enums import UserFileStatus
 from onyx.db.models import Persona
 from onyx.db.models import Persona__UserFile
@@ -85,6 +86,12 @@ def _create_test_persona(
     persona = Persona(
         name=f"Test Persona {uuid4().hex[:8]}",
         description="Test persona",
+        num_chunks=10.0,
+        chunks_above=0,
+        chunks_below=0,
+        llm_relevance_filter=False,
+        llm_filter_extraction=False,
+        recency_bias=RecencyBiasSetting.NO_DECAY,
         system_prompt="You are a test assistant",
         task_prompt="Answer the question",
         tools=[],
@@ -403,6 +410,10 @@ class TestUpsertPersonaMarksSyncFlag:
             user=user,
             name=f"persona-{uuid4().hex[:8]}",
             description="test",
+            num_chunks=10.0,
+            llm_relevance_filter=False,
+            llm_filter_extraction=False,
+            recency_bias=RecencyBiasSetting.NO_DECAY,
             llm_model_provider_override=None,
             llm_model_version_override=None,
             starter_messages=None,
@@ -431,6 +442,10 @@ class TestUpsertPersonaMarksSyncFlag:
             user=user,
             name=f"persona-{uuid4().hex[:8]}",
             description="test",
+            num_chunks=10.0,
+            llm_relevance_filter=False,
+            llm_filter_extraction=False,
+            recency_bias=RecencyBiasSetting.NO_DECAY,
             llm_model_provider_override=None,
             llm_model_version_override=None,
             starter_messages=None,
@@ -446,11 +461,16 @@ class TestUpsertPersonaMarksSyncFlag:
         uf_old.needs_persona_sync = False
         db_session.commit()
 
+        assert persona.num_chunks is not None
         # Now update the persona to swap files
         upsert_persona(
             user=user,
             name=persona.name,
             description=persona.description,
+            num_chunks=persona.num_chunks,
+            llm_relevance_filter=persona.llm_relevance_filter,
+            llm_filter_extraction=persona.llm_filter_extraction,
+            recency_bias=persona.recency_bias,
             llm_model_provider_override=None,
             llm_model_version_override=None,
             starter_messages=None,
@@ -481,6 +501,10 @@ class TestUpsertPersonaMarksSyncFlag:
             user=user,
             name=f"persona-{uuid4().hex[:8]}",
             description="test",
+            num_chunks=10.0,
+            llm_relevance_filter=False,
+            llm_filter_extraction=False,
+            recency_bias=RecencyBiasSetting.NO_DECAY,
             llm_model_provider_override=None,
             llm_model_version_override=None,
             starter_messages=None,
@@ -495,10 +519,15 @@ class TestUpsertPersonaMarksSyncFlag:
         uf.needs_persona_sync = False
         db_session.commit()
 
+        assert persona.num_chunks is not None
         upsert_persona(
             user=user,
             name=persona.name,
             description=persona.description,
+            num_chunks=persona.num_chunks,
+            llm_relevance_filter=persona.llm_relevance_filter,
+            llm_filter_extraction=persona.llm_filter_extraction,
+            recency_bias=persona.recency_bias,
             llm_model_provider_override=None,
             llm_model_version_override=None,
             starter_messages=None,

backend/tests/external_dependency_unit/celery/test_user_file_indexing_adapter.py

@@ -18,6 +18,7 @@ from sqlalchemy.orm import Session
 from onyx.configs.constants import DocumentSource
 from onyx.connectors.models import Document
 from onyx.connectors.models import TextSection
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.enums import UserFileStatus
 from onyx.db.models import Persona
 from onyx.db.models import Persona__UserFile
@@ -57,6 +58,12 @@ def _create_persona(db_session: Session, user: User) -> Persona:
     persona = Persona(
         name=f"Test Persona {uuid4().hex[:8]}",
         description="Test persona",
+        num_chunks=10.0,
+        chunks_above=0,
+        chunks_below=0,
+        llm_relevance_filter=False,
+        llm_filter_extraction=False,
+        recency_bias=RecencyBiasSetting.NO_DECAY,
         system_prompt="test",
         task_prompt="test",
         tools=[],

backend/tests/external_dependency_unit/slack_bot/test_slack_bot_federated_search.py

@@ -22,6 +22,7 @@ from sqlalchemy.orm import Session
 from slack_sdk.errors import SlackApiError
 
 from onyx.configs.constants import FederatedConnectorSource
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.context.search.federated.slack_search import fetch_and_cache_channel_metadata
 from onyx.db.models import DocumentSet
 from onyx.db.models import FederatedConnector
@@ -54,6 +55,11 @@ def _create_test_persona_with_slack_config(db_session: Session) -> Persona | Non
     persona = Persona(
         name=f"test_slack_persona_{unique_id}",
         description="Test persona for Slack federated search",
+        chunks_above=0,
+        chunks_below=0,
+        llm_relevance_filter=True,
+        llm_filter_extraction=True,
+        recency_bias=RecencyBiasSetting.AUTO,
         system_prompt="You are a helpful assistant.",
         task_prompt="Answer the user's question based on the provided context.",
     )
@@ -812,6 +818,11 @@ def test_slack_channel_config_eager_loads_persona(db_session: Session) -> None:
     persona = Persona(
         name=f"test_eager_load_persona_{unique_id}",
         description="Test persona for eager loading test",
+        chunks_above=0,
+        chunks_below=0,
+        llm_relevance_filter=True,
+        llm_filter_extraction=True,
+        recency_bias=RecencyBiasSetting.AUTO,
         system_prompt="You are a helpful assistant.",
         task_prompt="Answer the user's question.",
     )

backend/tests/external_dependency_unit/tools/test_mcp_passthrough_oauth.py

@@ -21,6 +21,7 @@ import pytest
 from sqlalchemy.orm import Session
 
 from onyx.chat.emitter import get_default_emitter
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.enums import MCPAuthenticationPerformer
 from onyx.db.enums import MCPAuthenticationType
 from onyx.db.enums import MCPTransport
@@ -46,6 +47,12 @@ def _create_test_persona_with_mcp_tool(
     persona = Persona(
         name=f"Test MCP Persona {uuid4().hex[:8]}",
         description="Test persona with MCP tools",
+        num_chunks=10.0,
+        chunks_above=0,
+        chunks_below=0,
+        llm_relevance_filter=False,
+        llm_filter_extraction=False,
+        recency_bias=RecencyBiasSetting.NO_DECAY,
         system_prompt="You are a helpful assistant",
         task_prompt="Answer the user's question",
         tools=tools,

backend/tests/external_dependency_unit/tools/test_oauth_tool_integration.py

@@ -17,6 +17,7 @@ import pytest
 from sqlalchemy.orm import Session
 
 from onyx.chat.emitter import get_default_emitter
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.models import OAuthAccount
 from onyx.db.models import OAuthConfig
 from onyx.db.models import Persona
@@ -56,6 +57,12 @@ def _create_test_persona(db_session: Session, user: User, tools: list[Tool]) ->
     persona = Persona(
         name=f"Test Persona {uuid4().hex[:8]}",
         description="Test persona",
+        num_chunks=10.0,
+        chunks_above=0,
+        chunks_below=0,
+        llm_relevance_filter=False,
+        llm_filter_extraction=False,
+        recency_bias=RecencyBiasSetting.NO_DECAY,
         system_prompt="You are a helpful assistant",
         task_prompt="Answer the user's question",
         tools=tools,

backend/tests/external_dependency_unit/tools/test_python_tool.py

@@ -933,7 +933,6 @@ from unittest.mock import patch
 
 import pytest
 from fastapi import UploadFile
-from fastapi.background import BackgroundTasks
 from sqlalchemy.orm import Session
 from starlette.datastructures import Headers
 
@@ -1140,7 +1139,6 @@ def test_code_interpreter_receives_chat_files(
     # Upload a test CSV
     csv_content = b"name,age,city\nAlice,30,NYC\nBob,25,SF\n"
     result = upload_user_files(
-        bg_tasks=BackgroundTasks(),
         files=[
             UploadFile(
                 file=io.BytesIO(csv_content),

backend/tests/integration/common_utils/managers/persona.py

@@ -3,6 +3,7 @@ from uuid import uuid4
 
 import requests
 
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.server.features.persona.models import FullPersonaSnapshot
 from onyx.server.features.persona.models import PersonaUpsertRequest
 from tests.integration.common_utils.constants import API_SERVER_URL
@@ -19,7 +20,11 @@ class PersonaManager:
         description: str | None = None,
         system_prompt: str | None = None,
         task_prompt: str | None = None,
+        num_chunks: float = 5,
+        llm_relevance_filter: bool = True,
         is_public: bool = True,
+        llm_filter_extraction: bool = True,
+        recency_bias: RecencyBiasSetting = RecencyBiasSetting.AUTO,
         datetime_aware: bool = False,
         document_set_ids: list[int] | None = None,
         tool_ids: list[int] | None = None,
@@ -30,7 +35,6 @@ class PersonaManager:
         label_ids: list[int] | None = None,
         user_file_ids: list[str] | None = None,
         display_priority: int | None = None,
-        featured: bool = False,
     ) -> DATestPersona:
         name = name or f"test-persona-{uuid4()}"
         description = description or f"Description for {name}"
@@ -43,7 +47,11 @@ class PersonaManager:
             system_prompt=system_prompt,
             task_prompt=task_prompt,
             datetime_aware=datetime_aware,
+            num_chunks=num_chunks,
+            llm_relevance_filter=llm_relevance_filter,
             is_public=is_public,
+            llm_filter_extraction=llm_filter_extraction,
+            recency_bias=recency_bias,
             document_set_ids=document_set_ids or [],
             tool_ids=tool_ids or [],
             llm_model_provider_override=llm_model_provider_override,
@@ -53,7 +61,6 @@ class PersonaManager:
             label_ids=label_ids or [],
             user_file_ids=user_file_ids or [],
             display_priority=display_priority,
-            featured=featured,
         )
 
         response = requests.post(
@@ -68,7 +75,11 @@ class PersonaManager:
             id=persona_data["id"],
             name=name,
             description=description,
+            num_chunks=num_chunks,
+            llm_relevance_filter=llm_relevance_filter,
             is_public=is_public,
+            llm_filter_extraction=llm_filter_extraction,
+            recency_bias=recency_bias,
             system_prompt=system_prompt,
             task_prompt=task_prompt,
             datetime_aware=datetime_aware,
@@ -79,7 +90,6 @@ class PersonaManager:
             users=users or [],
             groups=groups or [],
             label_ids=label_ids or [],
-            featured=featured,
         )
 
     @staticmethod
@@ -90,7 +100,11 @@ class PersonaManager:
         description: str | None = None,
         system_prompt: str | None = None,
         task_prompt: str | None = None,
+        num_chunks: float | None = None,
+        llm_relevance_filter: bool | None = None,
         is_public: bool | None = None,
+        llm_filter_extraction: bool | None = None,
+        recency_bias: RecencyBiasSetting | None = None,
         datetime_aware: bool = False,
         document_set_ids: list[int] | None = None,
         tool_ids: list[int] | None = None,
@@ -99,7 +113,6 @@ class PersonaManager:
         users: list[str] | None = None,
         groups: list[int] | None = None,
         label_ids: list[int] | None = None,
-        featured: bool | None = None,
     ) -> DATestPersona:
         system_prompt = system_prompt or f"System prompt for {persona.name}"
         task_prompt = task_prompt or f"Task prompt for {persona.name}"
@@ -110,7 +123,13 @@ class PersonaManager:
             system_prompt=system_prompt,
             task_prompt=task_prompt,
             datetime_aware=datetime_aware,
+            num_chunks=num_chunks or persona.num_chunks,
+            llm_relevance_filter=llm_relevance_filter or persona.llm_relevance_filter,
             is_public=persona.is_public if is_public is None else is_public,
+            llm_filter_extraction=(
+                llm_filter_extraction or persona.llm_filter_extraction
+            ),
+            recency_bias=recency_bias or persona.recency_bias,
             document_set_ids=document_set_ids or persona.document_set_ids,
             tool_ids=tool_ids or persona.tool_ids,
             llm_model_provider_override=(
@@ -122,7 +141,6 @@ class PersonaManager:
             users=[UUID(user) for user in (users or persona.users)],
             groups=groups or persona.groups,
             label_ids=label_ids or persona.label_ids,
-            featured=featured if featured is not None else persona.featured,
         )
 
         response = requests.patch(
@@ -137,12 +155,16 @@ class PersonaManager:
             id=updated_persona_data["id"],
             name=updated_persona_data["name"],
             description=updated_persona_data["description"],
+            num_chunks=updated_persona_data["num_chunks"],
+            llm_relevance_filter=updated_persona_data["llm_relevance_filter"],
             is_public=updated_persona_data["is_public"],
+            llm_filter_extraction=updated_persona_data["llm_filter_extraction"],
+            recency_bias=recency_bias or persona.recency_bias,
             system_prompt=system_prompt,
             task_prompt=task_prompt,
             datetime_aware=datetime_aware,
-            document_set_ids=[ds["id"] for ds in updated_persona_data["document_sets"]],
-            tool_ids=[t["id"] for t in updated_persona_data["tools"]],
+            document_set_ids=updated_persona_data["document_sets"],
+            tool_ids=updated_persona_data["tools"],
             llm_model_provider_override=updated_persona_data[
                 "llm_model_provider_override"
             ],
@@ -151,8 +173,7 @@ class PersonaManager:
             ],
             users=[user["email"] for user in updated_persona_data["users"]],
             groups=updated_persona_data["groups"],
-            label_ids=[label["id"] for label in updated_persona_data["labels"]],
-            featured=updated_persona_data["featured"],
+            label_ids=updated_persona_data["labels"],
         )
 
     @staticmethod
@@ -201,13 +222,32 @@ class PersonaManager:
                             fetched_persona.description,
                         )
                     )
+                if fetched_persona.num_chunks != persona.num_chunks:
+                    mismatches.append(
+                        ("num_chunks", persona.num_chunks, fetched_persona.num_chunks)
+                    )
+                if fetched_persona.llm_relevance_filter != persona.llm_relevance_filter:
+                    mismatches.append(
+                        (
+                            "llm_relevance_filter",
+                            persona.llm_relevance_filter,
+                            fetched_persona.llm_relevance_filter,
+                        )
+                    )
                 if fetched_persona.is_public != persona.is_public:
                     mismatches.append(
                         ("is_public", persona.is_public, fetched_persona.is_public)
                     )
-                if fetched_persona.featured != persona.featured:
+                if (
+                    fetched_persona.llm_filter_extraction
+                    != persona.llm_filter_extraction
+                ):
                     mismatches.append(
-                        ("featured", persona.featured, fetched_persona.featured)
+                        (
+                            "llm_filter_extraction",
+                            persona.llm_filter_extraction,
+                            fetched_persona.llm_filter_extraction,
+                        )
                     )
                 if (
                     fetched_persona.llm_model_provider_override

backend/tests/integration/common_utils/managers/scim_client.py

@@ -1,66 +0,0 @@
-import requests
-
-from tests.integration.common_utils.constants import API_SERVER_URL
-from tests.integration.common_utils.constants import GENERAL_HEADERS
-
-
-class ScimClient:
-    """HTTP client for making authenticated SCIM v2 requests."""
-
-    @staticmethod
-    def _headers(raw_token: str) -> dict[str, str]:
-        return {
-            **GENERAL_HEADERS,
-            "Authorization": f"Bearer {raw_token}",
-        }
-
-    @staticmethod
-    def get(path: str, raw_token: str) -> requests.Response:
-        return requests.get(
-            f"{API_SERVER_URL}/scim/v2{path}",
-            headers=ScimClient._headers(raw_token),
-            timeout=60,
-        )
-
-    @staticmethod
-    def post(path: str, raw_token: str, json: dict) -> requests.Response:
-        return requests.post(
-            f"{API_SERVER_URL}/scim/v2{path}",
-            json=json,
-            headers=ScimClient._headers(raw_token),
-            timeout=60,
-        )
-
-    @staticmethod
-    def put(path: str, raw_token: str, json: dict) -> requests.Response:
-        return requests.put(
-            f"{API_SERVER_URL}/scim/v2{path}",
-            json=json,
-            headers=ScimClient._headers(raw_token),
-            timeout=60,
-        )
-
-    @staticmethod
-    def patch(path: str, raw_token: str, json: dict) -> requests.Response:
-        return requests.patch(
-            f"{API_SERVER_URL}/scim/v2{path}",
-            json=json,
-            headers=ScimClient._headers(raw_token),
-            timeout=60,
-        )
-
-    @staticmethod
-    def delete(path: str, raw_token: str) -> requests.Response:
-        return requests.delete(
-            f"{API_SERVER_URL}/scim/v2{path}",
-            headers=ScimClient._headers(raw_token),
-            timeout=60,
-        )
-
-    @staticmethod
-    def get_no_auth(path: str) -> requests.Response:
-        return requests.get(
-            f"{API_SERVER_URL}/scim/v2{path}",
-            headers=GENERAL_HEADERS,
-            timeout=60,
-        )

backend/tests/integration/common_utils/managers/scim_token.py

@@ -1,6 +1,7 @@
 import requests
 
 from tests.integration.common_utils.constants import API_SERVER_URL
+from tests.integration.common_utils.constants import GENERAL_HEADERS
 from tests.integration.common_utils.test_models import DATestScimToken
 from tests.integration.common_utils.test_models import DATestUser
 
@@ -50,3 +51,29 @@ class ScimTokenManager:
             created_at=data["created_at"],
             last_used_at=data.get("last_used_at"),
         )
+
+    @staticmethod
+    def get_scim_headers(raw_token: str) -> dict[str, str]:
+        return {
+            **GENERAL_HEADERS,
+            "Authorization": f"Bearer {raw_token}",
+        }
+
+    @staticmethod
+    def scim_get(
+        path: str,
+        raw_token: str,
+    ) -> requests.Response:
+        return requests.get(
+            f"{API_SERVER_URL}/scim/v2{path}",
+            headers=ScimTokenManager.get_scim_headers(raw_token),
+            timeout=60,
+        )
+
+    @staticmethod
+    def scim_get_no_auth(path: str) -> requests.Response:
+        return requests.get(
+            f"{API_SERVER_URL}/scim/v2{path}",
+            headers=GENERAL_HEADERS,
+            timeout=60,
+        )

backend/tests/integration/common_utils/test_models.py

@@ -10,6 +10,7 @@ from pydantic import Field
 from onyx.auth.schemas import UserRole
 from onyx.configs.constants import MessageType
 from onyx.configs.constants import QAFeedbackType
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.context.search.models import SavedSearchDoc
 from onyx.context.search.models import SearchDoc
 from onyx.db.enums import AccessType
@@ -161,7 +162,11 @@ class DATestPersona(BaseModel):
     id: int
     name: str
     description: str
+    num_chunks: float
+    llm_relevance_filter: bool
     is_public: bool
+    llm_filter_extraction: bool
+    recency_bias: RecencyBiasSetting
     document_set_ids: list[int]
     tool_ids: list[int]
     llm_model_provider_override: str | None
@@ -169,7 +174,6 @@ class DATestPersona(BaseModel):
     users: list[str]
     groups: list[int]
     label_ids: list[int]
-    featured: bool = False
 
     # Embedded prompt fields (no longer separate prompt_ids)
     system_prompt: str | None = None

backend/tests/integration/tests/discord_bot/test_discord_bot_db.py

@@ -8,6 +8,7 @@ from collections.abc import Generator
 import pytest
 from sqlalchemy.orm import Session
 
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.discord_bot import bulk_create_channel_configs
 from onyx.db.discord_bot import create_discord_bot_config
 from onyx.db.discord_bot import create_guild_config
@@ -35,8 +36,14 @@ def _create_test_persona(db_session: Session, persona_id: int, name: str) -> Per
         id=persona_id,
         name=name,
         description="Test persona for Discord bot tests",
+        num_chunks=5.0,
+        chunks_above=1,
+        chunks_below=1,
+        llm_relevance_filter=False,
+        llm_filter_extraction=False,
+        recency_bias=RecencyBiasSetting.FAVOR_RECENT,
         is_visible=True,
-        featured=False,
+        is_default_persona=False,
         deleted=False,
         builtin_persona=False,
     )

backend/tests/integration/tests/indexing/test_checkpointing.py

@@ -414,24 +414,6 @@ def test_mock_connector_checkpoint_recovery(
     )
     assert finished_index_attempt.status == IndexingStatus.FAILED
 
-    # Pause the connector immediately to prevent check_for_indexing from
-    # creating automatic retry attempts while we reset the mock server.
-    # Without this, the INITIAL_INDEXING status causes immediate retries
-    # that would consume (or fail against) the mock server before we can
-    # set up the recovery behavior.
-    CCPairManager.pause_cc_pair(cc_pair, user_performing_action=admin_user)
-
-    # Collect all index attempt IDs created so far (the initial one plus
-    # any automatic retries that may have started before the pause took effect).
-    all_prior_attempt_ids: list[int] = []
-    index_attempts_page = IndexAttemptManager.get_index_attempt_page(
-        cc_pair_id=cc_pair.id,
-        page=0,
-        page_size=100,
-        user_performing_action=admin_user,
-    )
-    all_prior_attempt_ids = [ia.id for ia in index_attempts_page.items]
-
     # Verify initial state: both docs should be indexed
     with get_session_with_current_tenant() as db_session:
         documents = DocumentManager.fetch_documents_for_cc_pair(
@@ -483,14 +465,17 @@ def test_mock_connector_checkpoint_recovery(
     )
     assert response.status_code == 200
 
-    # Set the manual indexing trigger, then unpause to allow the recovery run.
+    # After the failure, the connector is in repeated error state and paused.
+    # Set the manual indexing trigger first (while paused), then unpause.
+    # This ensures the trigger is set before CHECK_FOR_INDEXING runs, which will
+    # prevent the connector from being re-paused when repeated error state is detected.
     CCPairManager.run_once(
         cc_pair, from_beginning=False, user_performing_action=admin_user
     )
     CCPairManager.unpause_cc_pair(cc_pair, user_performing_action=admin_user)
     recovery_index_attempt = IndexAttemptManager.wait_for_index_attempt_start(
         cc_pair_id=cc_pair.id,
-        index_attempts_to_ignore=all_prior_attempt_ids,
+        index_attempts_to_ignore=[initial_index_attempt.id],
         user_performing_action=admin_user,
     )
     IndexAttemptManager.wait_for_index_attempt_completion(

backend/tests/integration/tests/indexing/test_repeated_error_state.py

@@ -130,8 +130,8 @@ def test_repeated_error_state_detection_and_recovery(
                 #     )
                 break
 
-        if time.monotonic() - start_time > 90:
-            assert False, "CC pair did not enter repeated error state within 90 seconds"
+        if time.monotonic() - start_time > 30:
+            assert False, "CC pair did not enter repeated error state within 30 seconds"
 
         time.sleep(2)
 

backend/tests/integration/tests/llm_provider/test_llm_provider_access_control.py

@@ -4,6 +4,7 @@ import pytest
 import requests
 from sqlalchemy.orm import Session
 
+from onyx.context.search.enums import RecencyBiasSetting
 from onyx.db.engine.sql_engine import get_session_with_current_tenant
 from onyx.db.llm import can_user_access_llm_provider
 from onyx.db.llm import fetch_user_group_ids
@@ -77,6 +78,12 @@ def _create_persona(
     persona = Persona(
         name=name,
         description=f"{name} description",
+        num_chunks=5,
+        chunks_above=2,
+        chunks_below=2,
+        llm_relevance_filter=True,
+        llm_filter_extraction=True,
+        recency_bias=RecencyBiasSetting.AUTO,
         llm_model_provider_override=provider_name,
         llm_model_version_override="gpt-4o-mini",
         system_prompt="System prompt",
@@ -243,116 +250,6 @@ def test_can_user_access_llm_provider_or_logic(
         )
 
 
-def test_public_provider_with_persona_restrictions(
-    users: tuple[DATestUser, DATestUser],
-) -> None:
-    """Public providers should still enforce persona restrictions.
-
-    Regression test for the bug where is_public=True caused
-    can_user_access_llm_provider() to return True immediately,
-    bypassing persona whitelist checks entirely.
-    """
-    admin_user, _basic_user = users
-
-    with get_session_with_current_tenant() as db_session:
-        # Public provider with persona restrictions
-        public_restricted = _create_llm_provider(
-            db_session,
-            name="public-persona-restricted",
-            default_model_name="gpt-4o",
-            is_public=True,
-            is_default=True,
-        )
-
-        whitelisted_persona = _create_persona(
-            db_session,
-            name="whitelisted-persona",
-            provider_name=public_restricted.name,
-        )
-        non_whitelisted_persona = _create_persona(
-            db_session,
-            name="non-whitelisted-persona",
-            provider_name=public_restricted.name,
-        )
-
-        # Only whitelist one persona
-        db_session.add(
-            LLMProvider__Persona(
-                llm_provider_id=public_restricted.id,
-                persona_id=whitelisted_persona.id,
-            )
-        )
-        db_session.flush()
-        db_session.refresh(public_restricted)
-
-        admin_model = db_session.get(User, admin_user.id)
-        assert admin_model is not None
-        admin_group_ids = fetch_user_group_ids(db_session, admin_model)
-
-        # Whitelisted persona — should be allowed
-        assert can_user_access_llm_provider(
-            public_restricted,
-            admin_group_ids,
-            whitelisted_persona,
-        )
-
-        # Non-whitelisted persona — should be denied despite is_public=True
-        assert not can_user_access_llm_provider(
-            public_restricted,
-            admin_group_ids,
-            non_whitelisted_persona,
-        )
-
-        # No persona context (e.g. global provider list) — should be denied
-        # because provider has persona restrictions set
-        assert not can_user_access_llm_provider(
-            public_restricted,
-            admin_group_ids,
-            persona=None,
-        )
-
-
-def test_public_provider_without_persona_restrictions(
-    users: tuple[DATestUser, DATestUser],
-) -> None:
-    """Public providers with no persona restrictions remain accessible to all."""
-    admin_user, basic_user = users
-
-    with get_session_with_current_tenant() as db_session:
-        public_unrestricted = _create_llm_provider(
-            db_session,
-            name="public-unrestricted",
-            default_model_name="gpt-4o",
-            is_public=True,
-            is_default=True,
-        )
-
-        any_persona = _create_persona(
-            db_session,
-            name="any-persona",
-            provider_name=public_unrestricted.name,
-        )
-
-        admin_model = db_session.get(User, admin_user.id)
-        basic_model = db_session.get(User, basic_user.id)
-        assert admin_model is not None
-        assert basic_model is not None
-
-        admin_group_ids = fetch_user_group_ids(db_session, admin_model)
-        basic_group_ids = fetch_user_group_ids(db_session, basic_model)
-
-        # Any user, any persona — all allowed
-        assert can_user_access_llm_provider(
-            public_unrestricted, admin_group_ids, any_persona
-        )
-        assert can_user_access_llm_provider(
-            public_unrestricted, basic_group_ids, any_persona
-        )
-        assert can_user_access_llm_provider(
-            public_unrestricted, admin_group_ids, persona=None
-        )
-
-
 def test_get_llm_for_persona_falls_back_when_access_denied(
     users: tuple[DATestUser, DATestUser],
 ) -> None:

backend/tests/integration/tests/migrations/test_assistant_consolidation_migration.py

@@ -25,7 +25,7 @@ def test_cold_startup_default_assistant() -> None:
         result = db_session.execute(
             text(
                 """
-                SELECT id, name, builtin_persona, featured, deleted
+                SELECT id, name, builtin_persona, is_default_persona, deleted
                 FROM persona
                 WHERE builtin_persona = true
                 ORDER BY id
@@ -40,7 +40,7 @@ def test_cold_startup_default_assistant() -> None:
         assert default[0] == 0, "Default assistant should have ID 0"
         assert default[1] == "Assistant", "Should be named 'Assistant'"
         assert default[2] is True, "Should be builtin"
-        assert default[3] is True, "Should be featured"
+        assert default[3] is True, "Should be default"
         assert default[4] is False, "Should not be deleted"
 
         # Check tools are properly associated

backend/tests/integration/tests/no_vectordb/test_no_vectordb_chat.py

@@ -195,7 +195,11 @@ def _base_persona_body(**overrides: object) -> dict:
         "description": "test",
         "system_prompt": "test",
         "task_prompt": "",
+        "num_chunks": 5,
         "is_public": True,
+        "recency_bias": "auto",
+        "llm_filter_extraction": False,
+        "llm_relevance_filter": False,
         "datetime_aware": False,
         "document_set_ids": [],
         "tool_ids": [],

backend/tests/integration/tests/no_vectordb/test_no_vectordb_file_lifecycle.py

@@ -1,160 +0,0 @@
-"""Integration test for the full user-file lifecycle in no-vector-DB mode.
-
-Covers: upload → COMPLETED → unlink from project → delete → gone.
-
-The entire lifecycle is handled by FastAPI BackgroundTasks (no Celery workers
-needed).  The conftest-level ``pytestmark`` ensures these tests are skipped
-when the server is running with vector DB enabled.
-"""
-
-import time
-from uuid import UUID
-
-import requests
-
-from onyx.db.enums import UserFileStatus
-from tests.integration.common_utils.constants import API_SERVER_URL
-from tests.integration.common_utils.managers.project import ProjectManager
-from tests.integration.common_utils.test_models import DATestLLMProvider
-from tests.integration.common_utils.test_models import DATestUser
-
-POLL_INTERVAL_SECONDS = 1
-POLL_TIMEOUT_SECONDS = 30
-
-
-def _poll_file_status(
-    file_id: UUID,
-    user: DATestUser,
-    target_status: UserFileStatus,
-    timeout: int = POLL_TIMEOUT_SECONDS,
-) -> None:
-    """Poll GET /user/projects/file/{file_id} until the file reaches *target_status*."""
-    deadline = time.time() + timeout
-    while time.time() < deadline:
-        resp = requests.get(
-            f"{API_SERVER_URL}/user/projects/file/{file_id}",
-            headers=user.headers,
-        )
-        if resp.ok:
-            status = resp.json().get("status")
-            if status == target_status.value:
-                return
-        time.sleep(POLL_INTERVAL_SECONDS)
-    raise TimeoutError(
-        f"File {file_id} did not reach {target_status.value} within {timeout}s"
-    )
-
-
-def _file_is_gone(file_id: UUID, user: DATestUser, timeout: int = 15) -> None:
-    """Poll until GET /user/projects/file/{file_id} returns 404."""
-    deadline = time.time() + timeout
-    while time.time() < deadline:
-        resp = requests.get(
-            f"{API_SERVER_URL}/user/projects/file/{file_id}",
-            headers=user.headers,
-        )
-        if resp.status_code == 404:
-            return
-        time.sleep(POLL_INTERVAL_SECONDS)
-    raise TimeoutError(
-        f"File {file_id} still accessible after {timeout}s (expected 404)"
-    )
-
-
-def test_file_upload_process_delete_lifecycle(
-    reset: None,  # noqa: ARG001
-    admin_user: DATestUser,
-    llm_provider: DATestLLMProvider,  # noqa: ARG001
-) -> None:
-    """Full lifecycle: upload → COMPLETED → unlink → delete → 404.
-
-    Validates that the API server handles all background processing
-    (via FastAPI BackgroundTasks) without any Celery workers running.
-    """
-    project = ProjectManager.create(
-        name="lifecycle-test", user_performing_action=admin_user
-    )
-
-    file_content = b"Integration test file content for lifecycle verification."
-    upload_result = ProjectManager.upload_files(
-        project_id=project.id,
-        files=[("lifecycle.txt", file_content)],
-        user_performing_action=admin_user,
-    )
-    assert upload_result.user_files, "Expected at least one file in upload response"
-
-    user_file = upload_result.user_files[0]
-    file_id = user_file.id
-
-    _poll_file_status(file_id, admin_user, UserFileStatus.COMPLETED)
-
-    project_files = ProjectManager.get_project_files(project.id, admin_user)
-    assert any(
-        f.id == file_id for f in project_files
-    ), "File should be listed in project files after processing"
-
-    # Unlink the file from the project so the delete endpoint will proceed
-    unlink_resp = requests.delete(
-        f"{API_SERVER_URL}/user/projects/{project.id}/files/{file_id}",
-        headers=admin_user.headers,
-    )
-    assert (
-        unlink_resp.status_code == 204
-    ), f"Expected 204 on unlink, got {unlink_resp.status_code}: {unlink_resp.text}"
-
-    delete_resp = requests.delete(
-        f"{API_SERVER_URL}/user/projects/file/{file_id}",
-        headers=admin_user.headers,
-    )
-    assert (
-        delete_resp.ok
-    ), f"Delete request failed: {delete_resp.status_code} {delete_resp.text}"
-    body = delete_resp.json()
-    assert (
-        body["has_associations"] is False
-    ), f"File still has associations after unlink: {body}"
-
-    _file_is_gone(file_id, admin_user)
-
-    project_files_after = ProjectManager.get_project_files(project.id, admin_user)
-    assert not any(
-        f.id == file_id for f in project_files_after
-    ), "Deleted file should not appear in project files"
-
-
-def test_delete_blocked_while_associated(
-    reset: None,  # noqa: ARG001
-    admin_user: DATestUser,
-    llm_provider: DATestLLMProvider,  # noqa: ARG001
-) -> None:
-    """Deleting a file that still belongs to a project should return
-    has_associations=True without actually deleting the file."""
-    project = ProjectManager.create(
-        name="assoc-test", user_performing_action=admin_user
-    )
-
-    upload_result = ProjectManager.upload_files(
-        project_id=project.id,
-        files=[("assoc.txt", b"associated file content")],
-        user_performing_action=admin_user,
-    )
-    file_id = upload_result.user_files[0].id
-
-    _poll_file_status(file_id, admin_user, UserFileStatus.COMPLETED)
-
-    # Attempt to delete while still linked
-    delete_resp = requests.delete(
-        f"{API_SERVER_URL}/user/projects/file/{file_id}",
-        headers=admin_user.headers,
-    )
-    assert delete_resp.ok
-    body = delete_resp.json()
-    assert body["has_associations"] is True, "Should report existing associations"
-    assert project.name in body["project_names"]
-
-    # File should still be accessible
-    get_resp = requests.get(
-        f"{API_SERVER_URL}/user/projects/file/{file_id}",
-        headers=admin_user.headers,
-    )
-    assert get_resp.status_code == 200, "File should still exist after blocked delete"

backend/tests/integration/tests/personas/test_persona_creation.py

@@ -40,6 +40,7 @@ def test_persona_create_update_share_delete(
         expected_persona,
         name=f"updated-{expected_persona.name}",
         description=f"updated-{expected_persona.description}",
+        num_chunks=expected_persona.num_chunks + 1,
         is_public=False,
         user_performing_action=admin_user,
     )

backend/tests/integration/tests/personas/test_persona_label_updates.py

@@ -31,7 +31,11 @@ def test_update_persona_with_null_label_ids_preserves_labels(
         task_prompt=persona.task_prompt or "",
         datetime_aware=persona.datetime_aware,
         document_set_ids=persona.document_set_ids,
+        num_chunks=persona.num_chunks,
         is_public=persona.is_public,
+        recency_bias=persona.recency_bias,
+        llm_filter_extraction=persona.llm_filter_extraction,
+        llm_relevance_filter=persona.llm_relevance_filter,
         llm_model_provider_override=persona.llm_model_provider_override,
         llm_model_version_override=persona.llm_model_version_override,
         tool_ids=persona.tool_ids,

backend/tests/integration/tests/personas/test_unified_assistant.py

@@ -31,8 +31,9 @@ def test_unified_assistant(reset: None, admin_user: DATestUser) -> None:  # noqa
         "search, web browsing, and image generation"
         in unified_assistant.description.lower()
     )
-    assert unified_assistant.featured is True
+    assert unified_assistant.is_default_persona is True
     assert unified_assistant.is_visible is True
+    assert unified_assistant.num_chunks == 25
 
     # Verify tools
     tools = unified_assistant.tools

backend/tests/integration/tests/scim/test_scim_groups.py

@@ -1,552 +0,0 @@
-"""Integration tests for SCIM group provisioning endpoints.
-
-Covers the full group lifecycle as driven by an IdP (Okta / Azure AD):
-1. Create a group via POST /Groups
-2. Retrieve a group via GET /Groups/{id}
-3. List, filter, and paginate groups via GET /Groups
-4. Replace a group via PUT /Groups/{id}
-5. Patch a group (add/remove members, rename) via PATCH /Groups/{id}
-6. Delete a group via DELETE /Groups/{id}
-7. Error cases: duplicate name, not-found, invalid member IDs
-
-All tests are parameterized across IdP request styles (Okta sends lowercase
-PATCH ops; Entra sends capitalized ops like ``"Replace"``). The server
-normalizes both — these tests verify that.
-
-Auth tests live in test_scim_tokens.py.
-User lifecycle tests live in test_scim_users.py.
-"""
-
-import pytest
-import requests
-
-from onyx.auth.schemas import UserRole
-from tests.integration.common_utils.managers.scim_client import ScimClient
-from tests.integration.common_utils.managers.scim_token import ScimTokenManager
-
-
-SCIM_GROUP_SCHEMA = "urn:ietf:params:scim:schemas:core:2.0:Group"
-SCIM_USER_SCHEMA = "urn:ietf:params:scim:schemas:core:2.0:User"
-SCIM_PATCH_SCHEMA = "urn:ietf:params:scim:api:messages:2.0:PatchOp"
-
-
-@pytest.fixture(scope="module", params=["okta", "entra"])
-def idp_style(request: pytest.FixtureRequest) -> str:
-    """Parameterized IdP style — runs every test with both Okta and Entra request formats."""
-    return request.param
-
-
-@pytest.fixture(scope="module")
-def scim_token(idp_style: str) -> str:
-    """Create a single SCIM token shared across all tests in this module.
-
-    Creating a new token revokes the previous one, so we create exactly once
-    per IdP-style run and reuse. Uses UserManager directly to avoid
-    fixture-scope conflicts with the function-scoped admin_user fixture.
-    """
-    from tests.integration.common_utils.constants import ADMIN_USER_NAME
-    from tests.integration.common_utils.constants import GENERAL_HEADERS
-    from tests.integration.common_utils.managers.user import build_email
-    from tests.integration.common_utils.managers.user import DEFAULT_PASSWORD
-    from tests.integration.common_utils.managers.user import UserManager
-    from tests.integration.common_utils.test_models import DATestUser
-
-    try:
-        admin = UserManager.create(name=ADMIN_USER_NAME)
-    except Exception:
-        admin = UserManager.login_as_user(
-            DATestUser(
-                id="",
-                email=build_email(ADMIN_USER_NAME),
-                password=DEFAULT_PASSWORD,
-                headers=GENERAL_HEADERS,
-                role=UserRole.ADMIN,
-                is_active=True,
-            )
-        )
-
-    token = ScimTokenManager.create(
-        name=f"scim-group-tests-{idp_style}",
-        user_performing_action=admin,
-    ).raw_token
-    assert token is not None
-    return token
-
-
-def _make_group_resource(
-    display_name: str,
-    external_id: str | None = None,
-    members: list[dict] | None = None,
-) -> dict:
-    """Build a minimal SCIM GroupResource payload."""
-    resource: dict = {
-        "schemas": [SCIM_GROUP_SCHEMA],
-        "displayName": display_name,
-    }
-    if external_id is not None:
-        resource["externalId"] = external_id
-    if members is not None:
-        resource["members"] = members
-    return resource
-
-
-def _make_user_resource(email: str, external_id: str) -> dict:
-    """Build a minimal SCIM UserResource payload for member creation."""
-    return {
-        "schemas": [SCIM_USER_SCHEMA],
-        "userName": email,
-        "externalId": external_id,
-        "name": {"givenName": "Test", "familyName": "User"},
-        "active": True,
-    }
-
-
-def _make_patch_request(operations: list[dict], idp_style: str = "okta") -> dict:
-    """Build a SCIM PatchOp payload, applying IdP-specific operation casing.
-
-    Entra sends capitalized operations (e.g. ``"Replace"`` instead of
-    ``"replace"``). The server's ``normalize_operation`` validator lowercases
-    them — these tests verify that both casings are accepted.
-    """
-    cased_operations = []
-    for operation in operations:
-        cased = dict(operation)
-        if idp_style == "entra":
-            cased["op"] = operation["op"].capitalize()
-        cased_operations.append(cased)
-    return {
-        "schemas": [SCIM_PATCH_SCHEMA],
-        "Operations": cased_operations,
-    }
-
-
-def _create_scim_user(token: str, email: str, external_id: str) -> requests.Response:
-    return ScimClient.post(
-        "/Users", token, json=_make_user_resource(email, external_id)
-    )
-
-
-def _create_scim_group(
-    token: str,
-    display_name: str,
-    external_id: str | None = None,
-    members: list[dict] | None = None,
-) -> requests.Response:
-    return ScimClient.post(
-        "/Groups",
-        token,
-        json=_make_group_resource(display_name, external_id, members),
-    )
-
-
-# ------------------------------------------------------------------
-# Lifecycle: create → get → list → replace → patch → delete
-# ------------------------------------------------------------------
-
-
-def test_create_group(scim_token: str, idp_style: str) -> None:
-    """POST /Groups creates a group and returns 201."""
-    name = f"Engineering {idp_style}"
-    resp = _create_scim_group(scim_token, name, external_id=f"ext-eng-{idp_style}")
-    assert resp.status_code == 201
-
-    body = resp.json()
-    assert body["displayName"] == name
-    assert body["externalId"] == f"ext-eng-{idp_style}"
-    assert body["id"]  # integer ID assigned by server
-    assert body["meta"]["resourceType"] == "Group"
-
-
-def test_create_group_with_members(scim_token: str, idp_style: str) -> None:
-    """POST /Groups with members populates the member list."""
-    user = _create_scim_user(
-        scim_token, f"grp_member1_{idp_style}@example.com", f"ext-gm-{idp_style}"
-    ).json()
-
-    resp = _create_scim_group(
-        scim_token,
-        f"Backend Team {idp_style}",
-        external_id=f"ext-backend-{idp_style}",
-        members=[{"value": user["id"]}],
-    )
-    assert resp.status_code == 201
-
-    body = resp.json()
-    member_ids = [m["value"] for m in body["members"]]
-    assert user["id"] in member_ids
-
-
-def test_get_group(scim_token: str, idp_style: str) -> None:
-    """GET /Groups/{id} returns the group resource including members."""
-    user = _create_scim_user(
-        scim_token, f"grp_get_m_{idp_style}@example.com", f"ext-ggm-{idp_style}"
-    ).json()
-    created = _create_scim_group(
-        scim_token,
-        f"Frontend Team {idp_style}",
-        external_id=f"ext-fe-{idp_style}",
-        members=[{"value": user["id"]}],
-    ).json()
-
-    resp = ScimClient.get(f"/Groups/{created['id']}", scim_token)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["id"] == created["id"]
-    assert body["displayName"] == f"Frontend Team {idp_style}"
-    assert body["externalId"] == f"ext-fe-{idp_style}"
-    member_ids = [m["value"] for m in body["members"]]
-    assert user["id"] in member_ids
-
-
-def test_list_groups(scim_token: str, idp_style: str) -> None:
-    """GET /Groups returns a ListResponse containing provisioned groups."""
-    name = f"DevOps Team {idp_style}"
-    _create_scim_group(scim_token, name, external_id=f"ext-devops-{idp_style}")
-
-    resp = ScimClient.get("/Groups", scim_token)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["totalResults"] >= 1
-    names = [r["displayName"] for r in body["Resources"]]
-    assert name in names
-
-
-def test_list_groups_pagination(scim_token: str, idp_style: str) -> None:
-    """GET /Groups with startIndex and count returns correct pagination."""
-    _create_scim_group(
-        scim_token, f"Page Group A {idp_style}", external_id=f"ext-page-a-{idp_style}"
-    )
-    _create_scim_group(
-        scim_token, f"Page Group B {idp_style}", external_id=f"ext-page-b-{idp_style}"
-    )
-
-    resp = ScimClient.get("/Groups?startIndex=1&count=1", scim_token)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["startIndex"] == 1
-    assert body["itemsPerPage"] == 1
-    assert body["totalResults"] >= 2
-    assert len(body["Resources"]) == 1
-
-
-def test_filter_groups_by_display_name(scim_token: str, idp_style: str) -> None:
-    """GET /Groups?filter=displayName eq '...' returns only matching groups."""
-    name = f"Unique QA Team {idp_style}"
-    _create_scim_group(scim_token, name, external_id=f"ext-qa-filter-{idp_style}")
-
-    resp = ScimClient.get(f'/Groups?filter=displayName eq "{name}"', scim_token)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["totalResults"] == 1
-    assert body["Resources"][0]["displayName"] == name
-
-
-def test_filter_groups_by_external_id(scim_token: str, idp_style: str) -> None:
-    """GET /Groups?filter=externalId eq '...' returns the matching group."""
-    ext_id = f"ext-unique-group-id-{idp_style}"
-    _create_scim_group(
-        scim_token, f"ExtId Filter Group {idp_style}", external_id=ext_id
-    )
-
-    resp = ScimClient.get(f'/Groups?filter=externalId eq "{ext_id}"', scim_token)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["totalResults"] == 1
-    assert body["Resources"][0]["externalId"] == ext_id
-
-
-def test_replace_group(scim_token: str, idp_style: str) -> None:
-    """PUT /Groups/{id} replaces the group resource."""
-    created = _create_scim_group(
-        scim_token,
-        f"Original Name {idp_style}",
-        external_id=f"ext-replace-g-{idp_style}",
-    ).json()
-
-    user = _create_scim_user(
-        scim_token, f"grp_replace_m_{idp_style}@example.com", f"ext-grm-{idp_style}"
-    ).json()
-
-    updated_resource = _make_group_resource(
-        display_name=f"Renamed Group {idp_style}",
-        external_id=f"ext-replace-g-{idp_style}",
-        members=[{"value": user["id"]}],
-    )
-    resp = ScimClient.put(f"/Groups/{created['id']}", scim_token, json=updated_resource)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["displayName"] == f"Renamed Group {idp_style}"
-    member_ids = [m["value"] for m in body["members"]]
-    assert user["id"] in member_ids
-
-
-def test_replace_group_clears_members(scim_token: str, idp_style: str) -> None:
-    """PUT /Groups/{id} with empty members removes all memberships."""
-    user = _create_scim_user(
-        scim_token, f"grp_clear_m_{idp_style}@example.com", f"ext-gcm-{idp_style}"
-    ).json()
-    created = _create_scim_group(
-        scim_token,
-        f"Clear Members Group {idp_style}",
-        external_id=f"ext-clear-g-{idp_style}",
-        members=[{"value": user["id"]}],
-    ).json()
-
-    assert len(created["members"]) == 1
-
-    resp = ScimClient.put(
-        f"/Groups/{created['id']}",
-        scim_token,
-        json=_make_group_resource(
-            f"Clear Members Group {idp_style}", f"ext-clear-g-{idp_style}", members=[]
-        ),
-    )
-    assert resp.status_code == 200
-    assert resp.json()["members"] == []
-
-
-def test_patch_add_member(scim_token: str, idp_style: str) -> None:
-    """PATCH /Groups/{id} with op=add adds a member."""
-    created = _create_scim_group(
-        scim_token,
-        f"Patch Add Group {idp_style}",
-        external_id=f"ext-patch-add-{idp_style}",
-    ).json()
-    user = _create_scim_user(
-        scim_token, f"grp_patch_add_{idp_style}@example.com", f"ext-gpa-{idp_style}"
-    ).json()
-
-    resp = ScimClient.patch(
-        f"/Groups/{created['id']}",
-        scim_token,
-        json=_make_patch_request(
-            [{"op": "add", "path": "members", "value": [{"value": user["id"]}]}],
-            idp_style,
-        ),
-    )
-    assert resp.status_code == 200
-
-    member_ids = [m["value"] for m in resp.json()["members"]]
-    assert user["id"] in member_ids
-
-
-def test_patch_remove_member(scim_token: str, idp_style: str) -> None:
-    """PATCH /Groups/{id} with op=remove removes a specific member."""
-    user = _create_scim_user(
-        scim_token, f"grp_patch_rm_{idp_style}@example.com", f"ext-gpr-{idp_style}"
-    ).json()
-    created = _create_scim_group(
-        scim_token,
-        f"Patch Remove Group {idp_style}",
-        external_id=f"ext-patch-rm-{idp_style}",
-        members=[{"value": user["id"]}],
-    ).json()
-    assert len(created["members"]) == 1
-
-    resp = ScimClient.patch(
-        f"/Groups/{created['id']}",
-        scim_token,
-        json=_make_patch_request(
-            [
-                {
-                    "op": "remove",
-                    "path": f'members[value eq "{user["id"]}"]',
-                }
-            ],
-            idp_style,
-        ),
-    )
-    assert resp.status_code == 200
-    assert resp.json()["members"] == []
-
-
-def test_patch_replace_members(scim_token: str, idp_style: str) -> None:
-    """PATCH /Groups/{id} with op=replace on members swaps the entire list."""
-    user_a = _create_scim_user(
-        scim_token, f"grp_repl_a_{idp_style}@example.com", f"ext-gra-{idp_style}"
-    ).json()
-    user_b = _create_scim_user(
-        scim_token, f"grp_repl_b_{idp_style}@example.com", f"ext-grb-{idp_style}"
-    ).json()
-    created = _create_scim_group(
-        scim_token,
-        f"Patch Replace Group {idp_style}",
-        external_id=f"ext-patch-repl-{idp_style}",
-        members=[{"value": user_a["id"]}],
-    ).json()
-
-    # Replace member list: swap A for B
-    resp = ScimClient.patch(
-        f"/Groups/{created['id']}",
-        scim_token,
-        json=_make_patch_request(
-            [
-                {
-                    "op": "replace",
-                    "path": "members",
-                    "value": [{"value": user_b["id"]}],
-                }
-            ],
-            idp_style,
-        ),
-    )
-    assert resp.status_code == 200
-
-    member_ids = [m["value"] for m in resp.json()["members"]]
-    assert user_b["id"] in member_ids
-    assert user_a["id"] not in member_ids
-
-
-def test_patch_rename_group(scim_token: str, idp_style: str) -> None:
-    """PATCH /Groups/{id} with op=replace on displayName renames the group."""
-    created = _create_scim_group(
-        scim_token,
-        f"Old Group Name {idp_style}",
-        external_id=f"ext-rename-g-{idp_style}",
-    ).json()
-
-    new_name = f"New Group Name {idp_style}"
-    resp = ScimClient.patch(
-        f"/Groups/{created['id']}",
-        scim_token,
-        json=_make_patch_request(
-            [{"op": "replace", "path": "displayName", "value": new_name}],
-            idp_style,
-        ),
-    )
-    assert resp.status_code == 200
-    assert resp.json()["displayName"] == new_name
-
-    # Confirm via GET
-    get_resp = ScimClient.get(f"/Groups/{created['id']}", scim_token)
-    assert get_resp.json()["displayName"] == new_name
-
-
-def test_delete_group(scim_token: str, idp_style: str) -> None:
-    """DELETE /Groups/{id} removes the group."""
-    created = _create_scim_group(
-        scim_token,
-        f"Delete Me Group {idp_style}",
-        external_id=f"ext-del-g-{idp_style}",
-    ).json()
-
-    resp = ScimClient.delete(f"/Groups/{created['id']}", scim_token)
-    assert resp.status_code == 204
-
-    # Second DELETE returns 404 (group hard-deleted)
-    resp2 = ScimClient.delete(f"/Groups/{created['id']}", scim_token)
-    assert resp2.status_code == 404
-
-
-def test_delete_group_preserves_members(scim_token: str, idp_style: str) -> None:
-    """DELETE /Groups/{id} removes memberships but does not deactivate users."""
-    user = _create_scim_user(
-        scim_token, f"grp_del_member_{idp_style}@example.com", f"ext-gdm-{idp_style}"
-    ).json()
-    created = _create_scim_group(
-        scim_token,
-        f"Delete With Members {idp_style}",
-        external_id=f"ext-del-wm-{idp_style}",
-        members=[{"value": user["id"]}],
-    ).json()
-
-    resp = ScimClient.delete(f"/Groups/{created['id']}", scim_token)
-    assert resp.status_code == 204
-
-    # User should still be active and retrievable
-    user_resp = ScimClient.get(f"/Users/{user['id']}", scim_token)
-    assert user_resp.status_code == 200
-    assert user_resp.json()["active"] is True
-
-
-# ------------------------------------------------------------------
-# Error cases
-# ------------------------------------------------------------------
-
-
-def test_create_group_duplicate_name(scim_token: str, idp_style: str) -> None:
-    """POST /Groups with an already-taken displayName returns 409."""
-    name = f"Dup Name Group {idp_style}"
-    resp1 = _create_scim_group(scim_token, name, external_id=f"ext-dup-g1-{idp_style}")
-    assert resp1.status_code == 201
-
-    resp2 = _create_scim_group(scim_token, name, external_id=f"ext-dup-g2-{idp_style}")
-    assert resp2.status_code == 409
-
-
-def test_get_nonexistent_group(scim_token: str) -> None:
-    """GET /Groups/{bad-id} returns 404."""
-    resp = ScimClient.get("/Groups/999999999", scim_token)
-    assert resp.status_code == 404
-
-
-def test_create_group_with_invalid_member(scim_token: str, idp_style: str) -> None:
-    """POST /Groups with a non-existent member UUID returns 400."""
-    resp = _create_scim_group(
-        scim_token,
-        f"Bad Member Group {idp_style}",
-        external_id=f"ext-bad-m-{idp_style}",
-        members=[{"value": "00000000-0000-0000-0000-000000000000"}],
-    )
-    assert resp.status_code == 400
-    assert "not found" in resp.json()["detail"].lower()
-
-
-def test_patch_add_nonexistent_member(scim_token: str, idp_style: str) -> None:
-    """PATCH /Groups/{id} adding a non-existent member returns 400."""
-    created = _create_scim_group(
-        scim_token,
-        f"Patch Bad Member Group {idp_style}",
-        external_id=f"ext-pbm-{idp_style}",
-    ).json()
-
-    resp = ScimClient.patch(
-        f"/Groups/{created['id']}",
-        scim_token,
-        json=_make_patch_request(
-            [
-                {
-                    "op": "add",
-                    "path": "members",
-                    "value": [{"value": "00000000-0000-0000-0000-000000000000"}],
-                }
-            ],
-            idp_style,
-        ),
-    )
-    assert resp.status_code == 400
-    assert "not found" in resp.json()["detail"].lower()
-
-
-def test_patch_add_duplicate_member_is_idempotent(
-    scim_token: str, idp_style: str
-) -> None:
-    """PATCH /Groups/{id} adding an already-present member succeeds silently."""
-    user = _create_scim_user(
-        scim_token, f"grp_dup_add_{idp_style}@example.com", f"ext-gda-{idp_style}"
-    ).json()
-    created = _create_scim_group(
-        scim_token,
-        f"Idempotent Add Group {idp_style}",
-        external_id=f"ext-idem-g-{idp_style}",
-        members=[{"value": user["id"]}],
-    ).json()
-    assert len(created["members"]) == 1
-
-    # Add same member again
-    resp = ScimClient.patch(
-        f"/Groups/{created['id']}",
-        scim_token,
-        json=_make_patch_request(
-            [{"op": "add", "path": "members", "value": [{"value": user["id"]}]}],
-            idp_style,
-        ),
-    )
-    assert resp.status_code == 200
-    assert len(resp.json()["members"]) == 1  # still just one member

backend/tests/integration/tests/scim/test_scim_tokens.py

@@ -15,7 +15,6 @@ import time
 import requests
 
 from tests.integration.common_utils.constants import API_SERVER_URL
-from tests.integration.common_utils.managers.scim_client import ScimClient
 from tests.integration.common_utils.managers.scim_token import ScimTokenManager
 from tests.integration.common_utils.managers.user import UserManager
 from tests.integration.common_utils.test_models import DATestUser
@@ -40,7 +39,7 @@ def test_scim_token_lifecycle(admin_user: DATestUser) -> None:
     assert active == token.model_copy(update={"raw_token": None})
 
     # Token works for SCIM requests
-    response = ScimClient.get("/Users", token.raw_token)
+    response = ScimTokenManager.scim_get("/Users", token.raw_token)
     assert response.status_code == 200
     body = response.json()
     assert "Resources" in body
@@ -55,7 +54,7 @@ def test_scim_token_rotation_revokes_previous(admin_user: DATestUser) -> None:
     )
     assert first.raw_token is not None
 
-    response = ScimClient.get("/Users", first.raw_token)
+    response = ScimTokenManager.scim_get("/Users", first.raw_token)
     assert response.status_code == 200
 
     # Create second token — should revoke first
@@ -70,22 +69,25 @@ def test_scim_token_rotation_revokes_previous(admin_user: DATestUser) -> None:
     assert active == second.model_copy(update={"raw_token": None})
 
     # First token rejected, second works
-    assert ScimClient.get("/Users", first.raw_token).status_code == 401
-    assert ScimClient.get("/Users", second.raw_token).status_code == 200
+    assert ScimTokenManager.scim_get("/Users", first.raw_token).status_code == 401
+    assert ScimTokenManager.scim_get("/Users", second.raw_token).status_code == 200
 
 
 def test_scim_request_without_token_rejected(
     admin_user: DATestUser,  # noqa: ARG001
 ) -> None:
     """SCIM endpoints reject requests with no Authorization header."""
-    assert ScimClient.get_no_auth("/Users").status_code == 401
+    assert ScimTokenManager.scim_get_no_auth("/Users").status_code == 401
 
 
 def test_scim_request_with_bad_token_rejected(
     admin_user: DATestUser,  # noqa: ARG001
 ) -> None:
     """SCIM endpoints reject requests with an invalid token."""
-    assert ScimClient.get("/Users", "onyx_scim_bogus_token_value").status_code == 401
+    assert (
+        ScimTokenManager.scim_get("/Users", "onyx_scim_bogus_token_value").status_code
+        == 401
+    )
 
 
 def test_non_admin_cannot_create_token(
@@ -137,7 +139,7 @@ def test_service_discovery_no_auth_required(
 ) -> None:
     """Service discovery endpoints work without any authentication."""
     for path in ["/ServiceProviderConfig", "/ResourceTypes", "/Schemas"]:
-        response = ScimClient.get_no_auth(path)
+        response = ScimTokenManager.scim_get_no_auth(path)
         assert response.status_code == 200, f"{path} returned {response.status_code}"
 
 
@@ -156,7 +158,7 @@ def test_last_used_at_updated_after_scim_request(
     assert active.last_used_at is None
 
     # Make a SCIM request, then verify last_used_at is set
-    assert ScimClient.get("/Users", token.raw_token).status_code == 200
+    assert ScimTokenManager.scim_get("/Users", token.raw_token).status_code == 200
     time.sleep(0.5)
 
     active_after = ScimTokenManager.get_active(user_performing_action=admin_user)

backend/tests/integration/tests/scim/test_scim_users.py

@@ -1,520 +0,0 @@
-"""Integration tests for SCIM user provisioning endpoints.
-
-Covers the full user lifecycle as driven by an IdP (Okta / Azure AD):
-1. Create a user via POST /Users
-2. Retrieve a user via GET /Users/{id}
-3. List, filter, and paginate users via GET /Users
-4. Replace a user via PUT /Users/{id}
-5. Patch a user (deactivate/reactivate) via PATCH /Users/{id}
-6. Delete a user via DELETE /Users/{id}
-7. Error cases: missing externalId, duplicate email, not-found, seat limit
-
-All tests are parameterized across IdP request styles:
-- **Okta**: lowercase PATCH ops, minimal payloads (core schema only).
-- **Entra**: capitalized ops (``"Replace"``), enterprise extension data
-  (department, manager), and structured email arrays.
-
-The server normalizes both — these tests verify that all IdP-specific fields
-are accepted and round-tripped correctly.
-
-Auth, revoked-token, and service-discovery tests live in test_scim_tokens.py.
-"""
-
-from datetime import datetime
-from datetime import timedelta
-from datetime import timezone
-
-import pytest
-import redis
-import requests
-
-from ee.onyx.server.license.models import LicenseMetadata
-from ee.onyx.server.license.models import LicenseSource
-from ee.onyx.server.license.models import PlanType
-from onyx.auth.schemas import UserRole
-from onyx.configs.app_configs import REDIS_DB_NUMBER
-from onyx.configs.app_configs import REDIS_HOST
-from onyx.configs.app_configs import REDIS_PORT
-from onyx.server.settings.models import ApplicationStatus
-from tests.integration.common_utils.managers.scim_client import ScimClient
-from tests.integration.common_utils.managers.scim_token import ScimTokenManager
-
-
-SCIM_USER_SCHEMA = "urn:ietf:params:scim:schemas:core:2.0:User"
-SCIM_ENTERPRISE_USER_SCHEMA = (
-    "urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
-)
-SCIM_PATCH_SCHEMA = "urn:ietf:params:scim:api:messages:2.0:PatchOp"
-
-_LICENSE_REDIS_KEY = "public:license:metadata"
-
-
-@pytest.fixture(scope="module", params=["okta", "entra"])
-def idp_style(request: pytest.FixtureRequest) -> str:
-    """Parameterized IdP style — runs every test with both Okta and Entra request formats."""
-    return request.param
-
-
-@pytest.fixture(scope="module")
-def scim_token(idp_style: str) -> str:
-    """Create a single SCIM token shared across all tests in this module.
-
-    Creating a new token revokes the previous one, so we create exactly once
-    per IdP-style run and reuse. Uses UserManager directly to avoid
-    fixture-scope conflicts with the function-scoped admin_user fixture.
-    """
-    from tests.integration.common_utils.constants import ADMIN_USER_NAME
-    from tests.integration.common_utils.constants import GENERAL_HEADERS
-    from tests.integration.common_utils.managers.user import build_email
-    from tests.integration.common_utils.managers.user import DEFAULT_PASSWORD
-    from tests.integration.common_utils.managers.user import UserManager
-    from tests.integration.common_utils.test_models import DATestUser
-
-    try:
-        admin = UserManager.create(name=ADMIN_USER_NAME)
-    except Exception:
-        admin = UserManager.login_as_user(
-            DATestUser(
-                id="",
-                email=build_email(ADMIN_USER_NAME),
-                password=DEFAULT_PASSWORD,
-                headers=GENERAL_HEADERS,
-                role=UserRole.ADMIN,
-                is_active=True,
-            )
-        )
-
-    token = ScimTokenManager.create(
-        name=f"scim-user-tests-{idp_style}",
-        user_performing_action=admin,
-    ).raw_token
-    assert token is not None
-    return token
-
-
-def _make_user_resource(
-    email: str,
-    external_id: str,
-    given_name: str = "Test",
-    family_name: str = "User",
-    active: bool = True,
-    idp_style: str = "okta",
-    department: str | None = None,
-    manager_id: str | None = None,
-) -> dict:
-    """Build a SCIM UserResource payload appropriate for the IdP style.
-
-    Entra sends richer payloads including enterprise extension data (department,
-    manager), structured email arrays, and the enterprise schema URN. Okta sends
-    minimal payloads with just core user fields.
-    """
-    resource: dict = {
-        "schemas": [SCIM_USER_SCHEMA],
-        "userName": email,
-        "externalId": external_id,
-        "name": {
-            "givenName": given_name,
-            "familyName": family_name,
-        },
-        "active": active,
-    }
-    if idp_style == "entra":
-        dept = department or "Engineering"
-        mgr = manager_id or "mgr-ext-001"
-        resource["schemas"].append(SCIM_ENTERPRISE_USER_SCHEMA)
-        resource[SCIM_ENTERPRISE_USER_SCHEMA] = {
-            "department": dept,
-            "manager": {"value": mgr},
-        }
-        resource["emails"] = [
-            {"value": email, "type": "work", "primary": True},
-        ]
-    return resource
-
-
-def _make_patch_request(operations: list[dict], idp_style: str = "okta") -> dict:
-    """Build a SCIM PatchOp payload, applying IdP-specific operation casing.
-
-    Entra sends capitalized operations (e.g. ``"Replace"`` instead of
-    ``"replace"``). The server's ``normalize_operation`` validator lowercases
-    them — these tests verify that both casings are accepted.
-    """
-    cased_operations = []
-    for operation in operations:
-        cased = dict(operation)
-        if idp_style == "entra":
-            cased["op"] = operation["op"].capitalize()
-        cased_operations.append(cased)
-    return {
-        "schemas": [SCIM_PATCH_SCHEMA],
-        "Operations": cased_operations,
-    }
-
-
-def _create_scim_user(
-    token: str,
-    email: str,
-    external_id: str,
-    idp_style: str = "okta",
-) -> requests.Response:
-    return ScimClient.post(
-        "/Users",
-        token,
-        json=_make_user_resource(email, external_id, idp_style=idp_style),
-    )
-
-
-def _assert_entra_extension(
-    body: dict,
-    expected_department: str = "Engineering",
-    expected_manager: str = "mgr-ext-001",
-) -> None:
-    """Assert that Entra enterprise extension fields round-tripped correctly."""
-    assert SCIM_ENTERPRISE_USER_SCHEMA in body["schemas"]
-    ext = body[SCIM_ENTERPRISE_USER_SCHEMA]
-    assert ext["department"] == expected_department
-    assert ext["manager"]["value"] == expected_manager
-
-
-def _assert_entra_emails(body: dict, expected_email: str) -> None:
-    """Assert that structured email metadata round-tripped correctly."""
-    emails = body["emails"]
-    assert len(emails) >= 1
-    work_email = next(e for e in emails if e.get("type") == "work")
-    assert work_email["value"] == expected_email
-    assert work_email["primary"] is True
-
-
-# ------------------------------------------------------------------
-# Lifecycle: create -> get -> list -> replace -> patch -> delete
-# ------------------------------------------------------------------
-
-
-def test_create_user(scim_token: str, idp_style: str) -> None:
-    """POST /Users creates a provisioned user and returns 201."""
-    email = f"scim_create_{idp_style}@example.com"
-    ext_id = f"ext-create-{idp_style}"
-    resp = _create_scim_user(scim_token, email, ext_id, idp_style)
-    assert resp.status_code == 201
-
-    body = resp.json()
-    assert body["userName"] == email
-    assert body["externalId"] == ext_id
-    assert body["active"] is True
-    assert body["id"]  # UUID assigned by server
-    assert body["meta"]["resourceType"] == "User"
-    assert body["name"]["givenName"] == "Test"
-    assert body["name"]["familyName"] == "User"
-
-    if idp_style == "entra":
-        _assert_entra_extension(body)
-        _assert_entra_emails(body, email)
-
-
-def test_get_user(scim_token: str, idp_style: str) -> None:
-    """GET /Users/{id} returns the user resource with all stored fields."""
-    email = f"scim_get_{idp_style}@example.com"
-    ext_id = f"ext-get-{idp_style}"
-    created = _create_scim_user(scim_token, email, ext_id, idp_style).json()
-
-    resp = ScimClient.get(f"/Users/{created['id']}", scim_token)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["id"] == created["id"]
-    assert body["userName"] == email
-    assert body["externalId"] == ext_id
-    assert body["name"]["givenName"] == "Test"
-    assert body["name"]["familyName"] == "User"
-
-    if idp_style == "entra":
-        _assert_entra_extension(body)
-        _assert_entra_emails(body, email)
-
-
-def test_list_users(scim_token: str, idp_style: str) -> None:
-    """GET /Users returns a ListResponse containing provisioned users."""
-    email = f"scim_list_{idp_style}@example.com"
-    _create_scim_user(scim_token, email, f"ext-list-{idp_style}", idp_style)
-
-    resp = ScimClient.get("/Users", scim_token)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["totalResults"] >= 1
-    emails = [r["userName"] for r in body["Resources"]]
-    assert email in emails
-
-
-def test_list_users_pagination(scim_token: str, idp_style: str) -> None:
-    """GET /Users with startIndex and count returns correct pagination."""
-    _create_scim_user(
-        scim_token,
-        f"scim_page1_{idp_style}@example.com",
-        f"ext-page-1-{idp_style}",
-        idp_style,
-    )
-    _create_scim_user(
-        scim_token,
-        f"scim_page2_{idp_style}@example.com",
-        f"ext-page-2-{idp_style}",
-        idp_style,
-    )
-
-    resp = ScimClient.get("/Users?startIndex=1&count=1", scim_token)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["startIndex"] == 1
-    assert body["itemsPerPage"] == 1
-    assert body["totalResults"] >= 2
-    assert len(body["Resources"]) == 1
-
-
-def test_filter_users_by_username(scim_token: str, idp_style: str) -> None:
-    """GET /Users?filter=userName eq '...' returns only matching users."""
-    email = f"scim_filter_{idp_style}@example.com"
-    _create_scim_user(scim_token, email, f"ext-filter-{idp_style}", idp_style)
-
-    resp = ScimClient.get(f'/Users?filter=userName eq "{email}"', scim_token)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["totalResults"] == 1
-    assert body["Resources"][0]["userName"] == email
-
-
-def test_replace_user(scim_token: str, idp_style: str) -> None:
-    """PUT /Users/{id} replaces the user resource including enterprise fields."""
-    email = f"scim_replace_{idp_style}@example.com"
-    ext_id = f"ext-replace-{idp_style}"
-    created = _create_scim_user(scim_token, email, ext_id, idp_style).json()
-
-    updated_resource = _make_user_resource(
-        email=email,
-        external_id=ext_id,
-        given_name="Updated",
-        family_name="Name",
-        idp_style=idp_style,
-        department="Product",
-    )
-    resp = ScimClient.put(f"/Users/{created['id']}", scim_token, json=updated_resource)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["name"]["givenName"] == "Updated"
-    assert body["name"]["familyName"] == "Name"
-
-    if idp_style == "entra":
-        _assert_entra_extension(body, expected_department="Product")
-        _assert_entra_emails(body, email)
-
-
-def test_patch_deactivate_user(scim_token: str, idp_style: str) -> None:
-    """PATCH /Users/{id} with active=false deactivates the user."""
-    created = _create_scim_user(
-        scim_token,
-        f"scim_deactivate_{idp_style}@example.com",
-        f"ext-deactivate-{idp_style}",
-        idp_style,
-    ).json()
-    assert created["active"] is True
-
-    resp = ScimClient.patch(
-        f"/Users/{created['id']}",
-        scim_token,
-        json=_make_patch_request(
-            [{"op": "replace", "path": "active", "value": False}], idp_style
-        ),
-    )
-    assert resp.status_code == 200
-    assert resp.json()["active"] is False
-
-    # Confirm via GET
-    get_resp = ScimClient.get(f"/Users/{created['id']}", scim_token)
-    assert get_resp.json()["active"] is False
-
-
-def test_patch_reactivate_user(scim_token: str, idp_style: str) -> None:
-    """PATCH active=true reactivates a previously deactivated user."""
-    created = _create_scim_user(
-        scim_token,
-        f"scim_reactivate_{idp_style}@example.com",
-        f"ext-reactivate-{idp_style}",
-        idp_style,
-    ).json()
-
-    # Deactivate
-    deactivate_resp = ScimClient.patch(
-        f"/Users/{created['id']}",
-        scim_token,
-        json=_make_patch_request(
-            [{"op": "replace", "path": "active", "value": False}], idp_style
-        ),
-    )
-    assert deactivate_resp.status_code == 200
-    assert deactivate_resp.json()["active"] is False
-
-    # Reactivate
-    resp = ScimClient.patch(
-        f"/Users/{created['id']}",
-        scim_token,
-        json=_make_patch_request(
-            [{"op": "replace", "path": "active", "value": True}], idp_style
-        ),
-    )
-    assert resp.status_code == 200
-    assert resp.json()["active"] is True
-
-
-def test_delete_user(scim_token: str, idp_style: str) -> None:
-    """DELETE /Users/{id} deactivates and removes the SCIM mapping."""
-    created = _create_scim_user(
-        scim_token,
-        f"scim_delete_{idp_style}@example.com",
-        f"ext-delete-{idp_style}",
-        idp_style,
-    ).json()
-
-    resp = ScimClient.delete(f"/Users/{created['id']}", scim_token)
-    assert resp.status_code == 204
-
-    # Second DELETE returns 404 per RFC 7644 §3.6 (mapping removed)
-    resp2 = ScimClient.delete(f"/Users/{created['id']}", scim_token)
-    assert resp2.status_code == 404
-
-
-# ------------------------------------------------------------------
-# Error cases
-# ------------------------------------------------------------------
-
-
-def test_create_user_missing_external_id(scim_token: str, idp_style: str) -> None:
-    """POST /Users without externalId succeeds (RFC 7643: externalId is optional)."""
-    email = f"scim_no_extid_{idp_style}@example.com"
-    resp = ScimClient.post(
-        "/Users",
-        scim_token,
-        json={
-            "schemas": [SCIM_USER_SCHEMA],
-            "userName": email,
-            "active": True,
-        },
-    )
-    assert resp.status_code == 201
-    body = resp.json()
-    assert body["userName"] == email
-    assert body.get("externalId") is None
-
-
-def test_create_user_duplicate_email(scim_token: str, idp_style: str) -> None:
-    """POST /Users with an already-taken email returns 409."""
-    email = f"scim_dup_{idp_style}@example.com"
-    resp1 = _create_scim_user(scim_token, email, f"ext-dup-1-{idp_style}", idp_style)
-    assert resp1.status_code == 201
-
-    resp2 = _create_scim_user(scim_token, email, f"ext-dup-2-{idp_style}", idp_style)
-    assert resp2.status_code == 409
-
-
-def test_get_nonexistent_user(scim_token: str) -> None:
-    """GET /Users/{bad-id} returns 404."""
-    resp = ScimClient.get("/Users/00000000-0000-0000-0000-000000000000", scim_token)
-    assert resp.status_code == 404
-
-
-def test_filter_users_by_external_id(scim_token: str, idp_style: str) -> None:
-    """GET /Users?filter=externalId eq '...' returns the matching user."""
-    ext_id = f"ext-unique-filter-id-{idp_style}"
-    _create_scim_user(
-        scim_token, f"scim_extfilter_{idp_style}@example.com", ext_id, idp_style
-    )
-
-    resp = ScimClient.get(f'/Users?filter=externalId eq "{ext_id}"', scim_token)
-    assert resp.status_code == 200
-
-    body = resp.json()
-    assert body["totalResults"] == 1
-    assert body["Resources"][0]["externalId"] == ext_id
-
-
-# ------------------------------------------------------------------
-# Seat-limit enforcement
-# ------------------------------------------------------------------
-
-
-def _seed_license(r: redis.Redis, seats: int) -> None:
-    """Write a LicenseMetadata entry into Redis with the given seat cap."""
-    now = datetime.now(timezone.utc)
-    metadata = LicenseMetadata(
-        tenant_id="public",
-        organization_name="Test Org",
-        seats=seats,
-        used_seats=0,  # check_seat_availability recalculates from DB
-        plan_type=PlanType.ANNUAL,
-        issued_at=now,
-        expires_at=now + timedelta(days=365),
-        status=ApplicationStatus.ACTIVE,
-        source=LicenseSource.MANUAL_UPLOAD,
-    )
-    r.set(_LICENSE_REDIS_KEY, metadata.model_dump_json(), ex=300)
-
-
-def test_create_user_seat_limit(scim_token: str, idp_style: str) -> None:
-    """POST /Users returns 403 when the seat limit is reached."""
-    r = redis.Redis(host=REDIS_HOST, port=REDIS_PORT, db=REDIS_DB_NUMBER)
-
-    # admin_user already occupies 1 seat; cap at 1 -> full
-    _seed_license(r, seats=1)
-
-    try:
-        resp = _create_scim_user(
-            scim_token,
-            f"scim_blocked_{idp_style}@example.com",
-            f"ext-blocked-{idp_style}",
-            idp_style,
-        )
-        assert resp.status_code == 403
-        assert "seat" in resp.json()["detail"].lower()
-    finally:
-        r.delete(_LICENSE_REDIS_KEY)
-
-
-def test_reactivate_user_seat_limit(scim_token: str, idp_style: str) -> None:
-    """PATCH active=true returns 403 when the seat limit is reached."""
-    # Create and deactivate a user (before license is seeded)
-    created = _create_scim_user(
-        scim_token,
-        f"scim_reactivate_blocked_{idp_style}@example.com",
-        f"ext-reactivate-blocked-{idp_style}",
-        idp_style,
-    ).json()
-    assert created["active"] is True
-
-    deactivate_resp = ScimClient.patch(
-        f"/Users/{created['id']}",
-        scim_token,
-        json=_make_patch_request(
-            [{"op": "replace", "path": "active", "value": False}], idp_style
-        ),
-    )
-    assert deactivate_resp.status_code == 200
-    assert deactivate_resp.json()["active"] is False
-
-    r = redis.Redis(host=REDIS_HOST, port=REDIS_PORT, db=REDIS_DB_NUMBER)
-
-    # Seed license capped at current active users -> reactivation should fail
-    _seed_license(r, seats=1)
-
-    try:
-        resp = ScimClient.patch(
-            f"/Users/{created['id']}",
-            scim_token,
-            json=_make_patch_request(
-                [{"op": "replace", "path": "active", "value": True}], idp_style
-            ),
-        )
-        assert resp.status_code == 403
-        assert "seat" in resp.json()["detail"].lower()
-    finally:
-        r.delete(_LICENSE_REDIS_KEY)

backend/tests/integration/tests/users/test_slack_user_deactivation.py

@@ -1,121 +0,0 @@
-"""Integration tests for Slack user deactivation and reactivation via admin endpoints.
-
-Verifies that:
-- Slack users can be deactivated by admins
-- Deactivated Slack users can be reactivated by admins
-- Reactivation is blocked when the seat limit is reached
-"""
-
-from datetime import datetime
-from datetime import timedelta
-
-import redis
-import requests
-
-from ee.onyx.server.license.models import LicenseMetadata
-from ee.onyx.server.license.models import LicenseSource
-from ee.onyx.server.license.models import PlanType
-from onyx.auth.schemas import UserRole
-from onyx.configs.app_configs import REDIS_DB_NUMBER
-from onyx.configs.app_configs import REDIS_HOST
-from onyx.configs.app_configs import REDIS_PORT
-from onyx.server.settings.models import ApplicationStatus
-from tests.integration.common_utils.constants import API_SERVER_URL
-from tests.integration.common_utils.managers.user import UserManager
-from tests.integration.common_utils.test_models import DATestUser
-
-_LICENSE_REDIS_KEY = "public:license:metadata"
-
-
-def _seed_license(r: redis.Redis, seats: int) -> None:
-    now = datetime.utcnow()
-    metadata = LicenseMetadata(
-        tenant_id="public",
-        organization_name="Test Org",
-        seats=seats,
-        used_seats=0,
-        plan_type=PlanType.ANNUAL,
-        issued_at=now,
-        expires_at=now + timedelta(days=365),
-        status=ApplicationStatus.ACTIVE,
-        source=LicenseSource.MANUAL_UPLOAD,
-    )
-    r.set(_LICENSE_REDIS_KEY, metadata.model_dump_json(), ex=300)
-
-
-def _clear_license(r: redis.Redis) -> None:
-    r.delete(_LICENSE_REDIS_KEY)
-
-
-def _redis() -> redis.Redis:
-    return redis.Redis(host=REDIS_HOST, port=REDIS_PORT, db=REDIS_DB_NUMBER)
-
-
-def _get_user_is_active(email: str, admin_user: DATestUser) -> bool:
-    """Look up a user's is_active flag via the admin users list endpoint."""
-    result = UserManager.get_user_page(
-        user_performing_action=admin_user,
-        search_query=email,
-    )
-    matching = [u for u in result.items if u.email == email]
-    assert len(matching) == 1, f"Expected exactly 1 user with email {email}"
-    return matching[0].is_active
-
-
-def test_slack_user_deactivate_and_reactivate(reset: None) -> None:  # noqa: ARG001
-    """Admin can deactivate and then reactivate a Slack user."""
-    admin_user = UserManager.create(name="admin_user")
-
-    slack_user = UserManager.create(name="slack_test_user")
-    slack_user = UserManager.set_role(
-        user_to_set=slack_user,
-        target_role=UserRole.SLACK_USER,
-        user_performing_action=admin_user,
-        explicit_override=True,
-    )
-
-    # Deactivate the Slack user
-    UserManager.set_status(
-        slack_user, target_status=False, user_performing_action=admin_user
-    )
-    assert _get_user_is_active(slack_user.email, admin_user) is False
-
-    # Reactivate the Slack user
-    UserManager.set_status(
-        slack_user, target_status=True, user_performing_action=admin_user
-    )
-    assert _get_user_is_active(slack_user.email, admin_user) is True
-
-
-def test_slack_user_reactivation_blocked_by_seat_limit(
-    reset: None,  # noqa: ARG001
-) -> None:
-    """Reactivating a deactivated Slack user returns 402 when seats are full."""
-    r = _redis()
-
-    admin_user = UserManager.create(name="admin_user")
-
-    slack_user = UserManager.create(name="slack_test_user")
-    slack_user = UserManager.set_role(
-        user_to_set=slack_user,
-        target_role=UserRole.SLACK_USER,
-        user_performing_action=admin_user,
-        explicit_override=True,
-    )
-
-    UserManager.set_status(
-        slack_user, target_status=False, user_performing_action=admin_user
-    )
-
-    # License allows 1 seat — only admin counts
-    _seed_license(r, seats=1)
-
-    try:
-        response = requests.patch(
-            url=f"{API_SERVER_URL}/manage/admin/activate-user",
-            json={"user_email": slack_user.email},
-            headers=admin_user.headers,
-        )
-        assert response.status_code == 402
-    finally:
-        _clear_license(r)

backend/tests/unit/ee/onyx/db/test_license.py

@@ -1,20 +1,11 @@
 """Tests for license database CRUD operations."""
 
-from datetime import datetime
-from datetime import timedelta
-from datetime import timezone
 from unittest.mock import MagicMock
-from unittest.mock import patch
 
-from ee.onyx.db.license import check_seat_availability
 from ee.onyx.db.license import delete_license
 from ee.onyx.db.license import get_license
 from ee.onyx.db.license import upsert_license
-from ee.onyx.server.license.models import LicenseMetadata
-from ee.onyx.server.license.models import LicenseSource
-from ee.onyx.server.license.models import PlanType
 from onyx.db.models import License
-from onyx.server.settings.models import ApplicationStatus
 
 
 class TestGetLicense:
@@ -109,108 +100,3 @@ class TestDeleteLicense:
         assert result is False
         mock_session.delete.assert_not_called()
         mock_session.commit.assert_not_called()
-
-
-def _make_license_metadata(seats: int = 10) -> LicenseMetadata:
-    now = datetime.now(timezone.utc)
-    return LicenseMetadata(
-        tenant_id="public",
-        seats=seats,
-        used_seats=0,
-        plan_type=PlanType.ANNUAL,
-        issued_at=now,
-        expires_at=now + timedelta(days=365),
-        status=ApplicationStatus.ACTIVE,
-        source=LicenseSource.MANUAL_UPLOAD,
-    )
-
-
-class TestCheckSeatAvailabilitySelfHosted:
-    """Seat checks for self-hosted (MULTI_TENANT=False)."""
-
-    @patch("ee.onyx.db.license.get_license_metadata", return_value=None)
-    def test_no_license_means_unlimited(self, _mock_meta: MagicMock) -> None:
-        result = check_seat_availability(MagicMock(), seats_needed=1)
-        assert result.available is True
-
-    @patch("ee.onyx.db.license.get_used_seats", return_value=5)
-    @patch("ee.onyx.db.license.get_license_metadata")
-    def test_seats_available(self, mock_meta: MagicMock, _mock_used: MagicMock) -> None:
-        mock_meta.return_value = _make_license_metadata(seats=10)
-        result = check_seat_availability(MagicMock(), seats_needed=1)
-        assert result.available is True
-
-    @patch("ee.onyx.db.license.get_used_seats", return_value=10)
-    @patch("ee.onyx.db.license.get_license_metadata")
-    def test_seats_full_blocks_creation(
-        self, mock_meta: MagicMock, _mock_used: MagicMock
-    ) -> None:
-        mock_meta.return_value = _make_license_metadata(seats=10)
-        result = check_seat_availability(MagicMock(), seats_needed=1)
-        assert result.available is False
-        assert result.error_message is not None
-        assert "10 of 10" in result.error_message
-
-    @patch("ee.onyx.db.license.get_used_seats", return_value=10)
-    @patch("ee.onyx.db.license.get_license_metadata")
-    def test_exactly_at_capacity_allows_no_more(
-        self, mock_meta: MagicMock, _mock_used: MagicMock
-    ) -> None:
-        """Filling to 100% is allowed; exceeding is not."""
-        mock_meta.return_value = _make_license_metadata(seats=10)
-        result = check_seat_availability(MagicMock(), seats_needed=1)
-        assert result.available is False
-
-    @patch("ee.onyx.db.license.get_used_seats", return_value=9)
-    @patch("ee.onyx.db.license.get_license_metadata")
-    def test_filling_to_capacity_is_allowed(
-        self, mock_meta: MagicMock, _mock_used: MagicMock
-    ) -> None:
-        mock_meta.return_value = _make_license_metadata(seats=10)
-        result = check_seat_availability(MagicMock(), seats_needed=1)
-        assert result.available is True
-
-
-class TestCheckSeatAvailabilityMultiTenant:
-    """Seat checks for multi-tenant cloud (MULTI_TENANT=True).
-
-    Verifies that get_used_seats takes the MULTI_TENANT branch
-    and delegates to get_tenant_count.
-    """
-
-    @patch("ee.onyx.db.license.MULTI_TENANT", True)
-    @patch(
-        "ee.onyx.server.tenants.user_mapping.get_tenant_count",
-        return_value=5,
-    )
-    @patch("ee.onyx.db.license.get_license_metadata")
-    def test_seats_available_multi_tenant(
-        self,
-        mock_meta: MagicMock,
-        mock_tenant_count: MagicMock,
-    ) -> None:
-        mock_meta.return_value = _make_license_metadata(seats=10)
-        result = check_seat_availability(
-            MagicMock(), seats_needed=1, tenant_id="tenant-abc"
-        )
-        assert result.available is True
-        mock_tenant_count.assert_called_once_with("tenant-abc")
-
-    @patch("ee.onyx.db.license.MULTI_TENANT", True)
-    @patch(
-        "ee.onyx.server.tenants.user_mapping.get_tenant_count",
-        return_value=10,
-    )
-    @patch("ee.onyx.db.license.get_license_metadata")
-    def test_seats_full_multi_tenant(
-        self,
-        mock_meta: MagicMock,
-        mock_tenant_count: MagicMock,
-    ) -> None:
-        mock_meta.return_value = _make_license_metadata(seats=10)
-        result = check_seat_availability(
-            MagicMock(), seats_needed=1, tenant_id="tenant-abc"
-        )
-        assert result.available is False
-        assert result.error_message is not None
-        mock_tenant_count.assert_called_once_with("tenant-abc")

backend/tests/unit/onyx/background/celery/tasks/test_user_file_impl_redis_locking.py

@@ -1,291 +0,0 @@
-"""Tests for the _impl functions' redis_locking parameter.
-
-Verifies that:
-- redis_locking=True acquires/releases Redis locks and clears queued keys
-- redis_locking=False skips all Redis operations entirely
-- Both paths execute the same business logic (DB lookup, status check)
-"""
-
-from unittest.mock import MagicMock
-from unittest.mock import patch
-from uuid import uuid4
-
-from onyx.background.celery.tasks.user_file_processing.tasks import (
-    delete_user_file_impl,
-)
-from onyx.background.celery.tasks.user_file_processing.tasks import (
-    process_user_file_impl,
-)
-from onyx.background.celery.tasks.user_file_processing.tasks import (
-    project_sync_user_file_impl,
-)
-
-TASKS_MODULE = "onyx.background.celery.tasks.user_file_processing.tasks"
-
-
-def _mock_session_returning_none() -> MagicMock:
-    """Return a mock session whose .get() returns None (file not found)."""
-    session = MagicMock()
-    session.get.return_value = None
-    session.execute.return_value.scalar_one_or_none.return_value = None
-    return session
-
-
-# ------------------------------------------------------------------
-# process_user_file_impl
-# ------------------------------------------------------------------
-
-
-class TestProcessUserFileImpl:
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TASKS_MODULE}.get_redis_client")
-    def test_redis_locking_true_acquires_and_releases_lock(
-        self,
-        mock_get_redis: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        redis_client = MagicMock()
-        lock = MagicMock()
-        lock.acquire.return_value = True
-        lock.owned.return_value = True
-        redis_client.lock.return_value = lock
-        mock_get_redis.return_value = redis_client
-
-        session = _mock_session_returning_none()
-        mock_get_session.return_value.__enter__.return_value = session
-
-        user_file_id = str(uuid4())
-        process_user_file_impl(
-            user_file_id=user_file_id,
-            tenant_id="test-tenant",
-            redis_locking=True,
-        )
-
-        mock_get_redis.assert_called_once_with(tenant_id="test-tenant")
-        redis_client.delete.assert_called_once()
-        lock.acquire.assert_called_once_with(blocking=False)
-        lock.release.assert_called_once()
-
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TASKS_MODULE}.get_redis_client")
-    def test_redis_locking_true_skips_when_lock_held(
-        self,
-        mock_get_redis: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        redis_client = MagicMock()
-        lock = MagicMock()
-        lock.acquire.return_value = False
-        redis_client.lock.return_value = lock
-        mock_get_redis.return_value = redis_client
-
-        process_user_file_impl(
-            user_file_id=str(uuid4()),
-            tenant_id="test-tenant",
-            redis_locking=True,
-        )
-
-        lock.acquire.assert_called_once()
-        mock_get_session.assert_not_called()
-
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TASKS_MODULE}.get_redis_client")
-    def test_redis_locking_false_skips_redis_entirely(
-        self,
-        mock_get_redis: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        session = _mock_session_returning_none()
-        mock_get_session.return_value.__enter__.return_value = session
-
-        process_user_file_impl(
-            user_file_id=str(uuid4()),
-            tenant_id="test-tenant",
-            redis_locking=False,
-        )
-
-        mock_get_redis.assert_not_called()
-        mock_get_session.assert_called_once()
-
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TASKS_MODULE}.get_redis_client")
-    def test_both_paths_call_db_get(
-        self,
-        mock_get_redis: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        """Both redis_locking=True and False should call db_session.get(UserFile, ...)."""
-        redis_client = MagicMock()
-        lock = MagicMock()
-        lock.acquire.return_value = True
-        lock.owned.return_value = True
-        redis_client.lock.return_value = lock
-        mock_get_redis.return_value = redis_client
-
-        session = _mock_session_returning_none()
-        mock_get_session.return_value.__enter__.return_value = session
-
-        uid = str(uuid4())
-
-        process_user_file_impl(user_file_id=uid, tenant_id="t", redis_locking=True)
-        call_count_true = session.get.call_count
-
-        session.reset_mock()
-        mock_get_session.reset_mock()
-        mock_get_session.return_value.__enter__.return_value = session
-
-        process_user_file_impl(user_file_id=uid, tenant_id="t", redis_locking=False)
-        call_count_false = session.get.call_count
-
-        assert call_count_true == call_count_false == 1
-
-
-# ------------------------------------------------------------------
-# delete_user_file_impl
-# ------------------------------------------------------------------
-
-
-class TestDeleteUserFileImpl:
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TASKS_MODULE}.get_redis_client")
-    def test_redis_locking_true_acquires_and_releases_lock(
-        self,
-        mock_get_redis: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        redis_client = MagicMock()
-        lock = MagicMock()
-        lock.acquire.return_value = True
-        lock.owned.return_value = True
-        redis_client.lock.return_value = lock
-        mock_get_redis.return_value = redis_client
-
-        session = _mock_session_returning_none()
-        mock_get_session.return_value.__enter__.return_value = session
-
-        delete_user_file_impl(
-            user_file_id=str(uuid4()),
-            tenant_id="test-tenant",
-            redis_locking=True,
-        )
-
-        mock_get_redis.assert_called_once()
-        lock.acquire.assert_called_once_with(blocking=False)
-        lock.release.assert_called_once()
-
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TASKS_MODULE}.get_redis_client")
-    def test_redis_locking_true_skips_when_lock_held(
-        self,
-        mock_get_redis: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        redis_client = MagicMock()
-        lock = MagicMock()
-        lock.acquire.return_value = False
-        redis_client.lock.return_value = lock
-        mock_get_redis.return_value = redis_client
-
-        delete_user_file_impl(
-            user_file_id=str(uuid4()),
-            tenant_id="test-tenant",
-            redis_locking=True,
-        )
-
-        lock.acquire.assert_called_once()
-        mock_get_session.assert_not_called()
-
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TASKS_MODULE}.get_redis_client")
-    def test_redis_locking_false_skips_redis_entirely(
-        self,
-        mock_get_redis: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        session = _mock_session_returning_none()
-        mock_get_session.return_value.__enter__.return_value = session
-
-        delete_user_file_impl(
-            user_file_id=str(uuid4()),
-            tenant_id="test-tenant",
-            redis_locking=False,
-        )
-
-        mock_get_redis.assert_not_called()
-        mock_get_session.assert_called_once()
-
-
-# ------------------------------------------------------------------
-# project_sync_user_file_impl
-# ------------------------------------------------------------------
-
-
-class TestProjectSyncUserFileImpl:
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TASKS_MODULE}.get_redis_client")
-    def test_redis_locking_true_acquires_and_releases_lock(
-        self,
-        mock_get_redis: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        redis_client = MagicMock()
-        lock = MagicMock()
-        lock.acquire.return_value = True
-        lock.owned.return_value = True
-        redis_client.lock.return_value = lock
-        mock_get_redis.return_value = redis_client
-
-        session = _mock_session_returning_none()
-        mock_get_session.return_value.__enter__.return_value = session
-
-        project_sync_user_file_impl(
-            user_file_id=str(uuid4()),
-            tenant_id="test-tenant",
-            redis_locking=True,
-        )
-
-        mock_get_redis.assert_called_once()
-        redis_client.delete.assert_called_once()
-        lock.acquire.assert_called_once_with(blocking=False)
-        lock.release.assert_called_once()
-
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TASKS_MODULE}.get_redis_client")
-    def test_redis_locking_true_skips_when_lock_held(
-        self,
-        mock_get_redis: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        redis_client = MagicMock()
-        lock = MagicMock()
-        lock.acquire.return_value = False
-        redis_client.lock.return_value = lock
-        mock_get_redis.return_value = redis_client
-
-        project_sync_user_file_impl(
-            user_file_id=str(uuid4()),
-            tenant_id="test-tenant",
-            redis_locking=True,
-        )
-
-        lock.acquire.assert_called_once()
-        mock_get_session.assert_not_called()
-
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TASKS_MODULE}.get_redis_client")
-    def test_redis_locking_false_skips_redis_entirely(
-        self,
-        mock_get_redis: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        session = _mock_session_returning_none()
-        mock_get_session.return_value.__enter__.return_value = session
-
-        project_sync_user_file_impl(
-            user_file_id=str(uuid4()),
-            tenant_id="test-tenant",
-            redis_locking=False,
-        )
-
-        mock_get_redis.assert_not_called()
-        mock_get_session.assert_called_once()

backend/tests/unit/onyx/background/celery/tasks/test_user_file_processing_no_vectordb.py

@@ -1,421 +0,0 @@
-"""Tests for no-vector-DB user file processing paths.
-
-Verifies that when DISABLE_VECTOR_DB is True:
-- process_user_file_impl calls _process_user_file_without_vector_db (not indexing)
-- _process_user_file_without_vector_db extracts text, counts tokens, stores plaintext,
-  sets status=COMPLETED and chunk_count=0
-- delete_user_file_impl skips vector DB chunk deletion
-- project_sync_user_file_impl skips vector DB metadata update
-"""
-
-from unittest.mock import MagicMock
-from unittest.mock import patch
-from uuid import uuid4
-
-from onyx.background.celery.tasks.user_file_processing.tasks import (
-    _process_user_file_without_vector_db,
-)
-from onyx.background.celery.tasks.user_file_processing.tasks import (
-    delete_user_file_impl,
-)
-from onyx.background.celery.tasks.user_file_processing.tasks import (
-    process_user_file_impl,
-)
-from onyx.background.celery.tasks.user_file_processing.tasks import (
-    project_sync_user_file_impl,
-)
-from onyx.configs.constants import DocumentSource
-from onyx.connectors.models import Document
-from onyx.connectors.models import TextSection
-from onyx.db.enums import UserFileStatus
-
-TASKS_MODULE = "onyx.background.celery.tasks.user_file_processing.tasks"
-LLM_FACTORY_MODULE = "onyx.llm.factory"
-
-
-def _make_documents(texts: list[str]) -> list[Document]:
-    """Build a list of Document objects with the given section texts."""
-    return [
-        Document(
-            id=str(uuid4()),
-            source=DocumentSource.USER_FILE,
-            sections=[TextSection(text=t)],
-            semantic_identifier=f"test-doc-{i}",
-            metadata={},
-        )
-        for i, t in enumerate(texts)
-    ]
-
-
-def _make_user_file(
-    *,
-    status: UserFileStatus = UserFileStatus.PROCESSING,
-    file_id: str = "test-file-id",
-    name: str = "test.txt",
-) -> MagicMock:
-    """Return a MagicMock mimicking a UserFile ORM instance."""
-    uf = MagicMock()
-    uf.id = uuid4()
-    uf.file_id = file_id
-    uf.name = name
-    uf.status = status
-    uf.token_count = None
-    uf.chunk_count = None
-    uf.last_project_sync_at = None
-    uf.projects = []
-    uf.assistants = []
-    uf.needs_project_sync = True
-    uf.needs_persona_sync = True
-    return uf
-
-
-# ------------------------------------------------------------------
-# _process_user_file_without_vector_db — direct tests
-# ------------------------------------------------------------------
-
-
-class TestProcessUserFileWithoutVectorDb:
-    @patch(f"{TASKS_MODULE}.store_user_file_plaintext")
-    @patch(f"{LLM_FACTORY_MODULE}.get_llm_tokenizer_encode_func")
-    @patch(f"{LLM_FACTORY_MODULE}.get_default_llm")
-    def test_extracts_and_combines_text(
-        self,
-        mock_get_llm: MagicMock,  # noqa: ARG002
-        mock_get_encode: MagicMock,
-        mock_store_plaintext: MagicMock,
-    ) -> None:
-        mock_encode = MagicMock(return_value=[1, 2, 3, 4, 5])
-        mock_get_encode.return_value = mock_encode
-
-        uf = _make_user_file()
-        docs = _make_documents(["hello world", "foo bar"])
-        db_session = MagicMock()
-
-        _process_user_file_without_vector_db(uf, docs, db_session)
-
-        stored_text = mock_store_plaintext.call_args.kwargs["plaintext_content"]
-        assert "hello world" in stored_text
-        assert "foo bar" in stored_text
-
-    @patch(f"{TASKS_MODULE}.store_user_file_plaintext")
-    @patch(f"{LLM_FACTORY_MODULE}.get_llm_tokenizer_encode_func")
-    @patch(f"{LLM_FACTORY_MODULE}.get_default_llm")
-    def test_computes_token_count(
-        self,
-        mock_get_llm: MagicMock,  # noqa: ARG002
-        mock_get_encode: MagicMock,
-        mock_store_plaintext: MagicMock,  # noqa: ARG002
-    ) -> None:
-        mock_encode = MagicMock(return_value=list(range(42)))
-        mock_get_encode.return_value = mock_encode
-
-        uf = _make_user_file()
-        docs = _make_documents(["some text content"])
-        db_session = MagicMock()
-
-        _process_user_file_without_vector_db(uf, docs, db_session)
-
-        assert uf.token_count == 42
-
-    @patch(f"{TASKS_MODULE}.store_user_file_plaintext")
-    @patch(f"{LLM_FACTORY_MODULE}.get_llm_tokenizer_encode_func")
-    @patch(f"{LLM_FACTORY_MODULE}.get_default_llm")
-    def test_token_count_falls_back_to_none_on_error(
-        self,
-        mock_get_llm: MagicMock,
-        mock_get_encode: MagicMock,  # noqa: ARG002
-        mock_store_plaintext: MagicMock,  # noqa: ARG002
-    ) -> None:
-        mock_get_llm.side_effect = RuntimeError("No LLM configured")
-
-        uf = _make_user_file()
-        docs = _make_documents(["text"])
-        db_session = MagicMock()
-
-        _process_user_file_without_vector_db(uf, docs, db_session)
-
-        assert uf.token_count is None
-
-    @patch(f"{TASKS_MODULE}.store_user_file_plaintext")
-    @patch(f"{LLM_FACTORY_MODULE}.get_llm_tokenizer_encode_func")
-    @patch(f"{LLM_FACTORY_MODULE}.get_default_llm")
-    def test_stores_plaintext(
-        self,
-        mock_get_llm: MagicMock,  # noqa: ARG002
-        mock_get_encode: MagicMock,
-        mock_store_plaintext: MagicMock,
-    ) -> None:
-        mock_get_encode.return_value = MagicMock(return_value=[1])
-
-        uf = _make_user_file()
-        docs = _make_documents(["content to store"])
-        db_session = MagicMock()
-
-        _process_user_file_without_vector_db(uf, docs, db_session)
-
-        mock_store_plaintext.assert_called_once_with(
-            user_file_id=uf.id,
-            plaintext_content="content to store",
-        )
-
-    @patch(f"{TASKS_MODULE}.store_user_file_plaintext")
-    @patch(f"{LLM_FACTORY_MODULE}.get_llm_tokenizer_encode_func")
-    @patch(f"{LLM_FACTORY_MODULE}.get_default_llm")
-    def test_sets_completed_status_and_zero_chunk_count(
-        self,
-        mock_get_llm: MagicMock,  # noqa: ARG002
-        mock_get_encode: MagicMock,
-        mock_store_plaintext: MagicMock,  # noqa: ARG002
-    ) -> None:
-        mock_get_encode.return_value = MagicMock(return_value=[1])
-
-        uf = _make_user_file()
-        docs = _make_documents(["text"])
-        db_session = MagicMock()
-
-        _process_user_file_without_vector_db(uf, docs, db_session)
-
-        assert uf.status == UserFileStatus.COMPLETED
-        assert uf.chunk_count == 0
-        assert uf.last_project_sync_at is not None
-        db_session.add.assert_called_once_with(uf)
-        db_session.commit.assert_called_once()
-
-    @patch(f"{TASKS_MODULE}.store_user_file_plaintext")
-    @patch(f"{LLM_FACTORY_MODULE}.get_llm_tokenizer_encode_func")
-    @patch(f"{LLM_FACTORY_MODULE}.get_default_llm")
-    def test_preserves_deleting_status(
-        self,
-        mock_get_llm: MagicMock,  # noqa: ARG002
-        mock_get_encode: MagicMock,
-        mock_store_plaintext: MagicMock,  # noqa: ARG002
-    ) -> None:
-        mock_get_encode.return_value = MagicMock(return_value=[1])
-
-        uf = _make_user_file(status=UserFileStatus.DELETING)
-        docs = _make_documents(["text"])
-        db_session = MagicMock()
-
-        _process_user_file_without_vector_db(uf, docs, db_session)
-
-        assert uf.status == UserFileStatus.DELETING
-        assert uf.chunk_count == 0
-
-
-# ------------------------------------------------------------------
-# process_user_file_impl — branching on DISABLE_VECTOR_DB
-# ------------------------------------------------------------------
-
-
-class TestProcessImplBranching:
-    @patch(f"{TASKS_MODULE}._process_user_file_without_vector_db")
-    @patch(f"{TASKS_MODULE}._process_user_file_with_indexing")
-    @patch(f"{TASKS_MODULE}.DISABLE_VECTOR_DB", True)
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    def test_calls_without_vector_db_when_disabled(
-        self,
-        mock_get_session: MagicMock,
-        mock_with_indexing: MagicMock,
-        mock_without_vdb: MagicMock,
-    ) -> None:
-        uf = _make_user_file()
-        session = MagicMock()
-        session.get.return_value = uf
-        mock_get_session.return_value.__enter__.return_value = session
-
-        connector_mock = MagicMock()
-        connector_mock.load_from_state.return_value = [_make_documents(["hello"])]
-
-        with patch(f"{TASKS_MODULE}.LocalFileConnector", return_value=connector_mock):
-            process_user_file_impl(
-                user_file_id=str(uf.id),
-                tenant_id="test-tenant",
-                redis_locking=False,
-            )
-
-        mock_without_vdb.assert_called_once()
-        mock_with_indexing.assert_not_called()
-
-    @patch(f"{TASKS_MODULE}._process_user_file_without_vector_db")
-    @patch(f"{TASKS_MODULE}._process_user_file_with_indexing")
-    @patch(f"{TASKS_MODULE}.DISABLE_VECTOR_DB", False)
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    def test_calls_with_indexing_when_vector_db_enabled(
-        self,
-        mock_get_session: MagicMock,
-        mock_with_indexing: MagicMock,
-        mock_without_vdb: MagicMock,
-    ) -> None:
-        uf = _make_user_file()
-        session = MagicMock()
-        session.get.return_value = uf
-        mock_get_session.return_value.__enter__.return_value = session
-
-        connector_mock = MagicMock()
-        connector_mock.load_from_state.return_value = [_make_documents(["hello"])]
-
-        with patch(f"{TASKS_MODULE}.LocalFileConnector", return_value=connector_mock):
-            process_user_file_impl(
-                user_file_id=str(uf.id),
-                tenant_id="test-tenant",
-                redis_locking=False,
-            )
-
-        mock_with_indexing.assert_called_once()
-        mock_without_vdb.assert_not_called()
-
-    @patch(f"{TASKS_MODULE}.run_indexing_pipeline")
-    @patch(f"{TASKS_MODULE}.store_user_file_plaintext")
-    @patch(f"{TASKS_MODULE}.DISABLE_VECTOR_DB", True)
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    def test_indexing_pipeline_not_called_when_disabled(
-        self,
-        mock_get_session: MagicMock,
-        mock_store_plaintext: MagicMock,  # noqa: ARG002
-        mock_run_pipeline: MagicMock,
-    ) -> None:
-        """End-to-end: verify run_indexing_pipeline is never invoked."""
-        uf = _make_user_file()
-        session = MagicMock()
-        session.get.return_value = uf
-        mock_get_session.return_value.__enter__.return_value = session
-
-        connector_mock = MagicMock()
-        connector_mock.load_from_state.return_value = [_make_documents(["content"])]
-
-        with (
-            patch(f"{TASKS_MODULE}.LocalFileConnector", return_value=connector_mock),
-            patch(f"{LLM_FACTORY_MODULE}.get_default_llm"),
-            patch(
-                f"{LLM_FACTORY_MODULE}.get_llm_tokenizer_encode_func",
-                return_value=MagicMock(return_value=[1, 2, 3]),
-            ),
-        ):
-            process_user_file_impl(
-                user_file_id=str(uf.id),
-                tenant_id="test-tenant",
-                redis_locking=False,
-            )
-
-        mock_run_pipeline.assert_not_called()
-
-
-# ------------------------------------------------------------------
-# delete_user_file_impl — vector DB skip
-# ------------------------------------------------------------------
-
-
-class TestDeleteImplNoVectorDb:
-    @patch(f"{TASKS_MODULE}.DISABLE_VECTOR_DB", True)
-    @patch(f"{TASKS_MODULE}.get_default_file_store")
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    def test_skips_vector_db_deletion(
-        self,
-        mock_get_session: MagicMock,
-        mock_get_file_store: MagicMock,
-    ) -> None:
-        uf = _make_user_file(status=UserFileStatus.DELETING)
-        session = MagicMock()
-        session.get.return_value = uf
-        mock_get_session.return_value.__enter__.return_value = session
-        mock_get_file_store.return_value = MagicMock()
-
-        with (
-            patch(f"{TASKS_MODULE}.get_all_document_indices") as mock_get_indices,
-            patch(f"{TASKS_MODULE}.get_active_search_settings") as mock_get_ss,
-            patch(f"{TASKS_MODULE}.httpx_init_vespa_pool") as mock_vespa_pool,
-        ):
-            delete_user_file_impl(
-                user_file_id=str(uf.id),
-                tenant_id="test-tenant",
-                redis_locking=False,
-            )
-
-            mock_get_indices.assert_not_called()
-            mock_get_ss.assert_not_called()
-            mock_vespa_pool.assert_not_called()
-
-        session.delete.assert_called_once_with(uf)
-        session.commit.assert_called_once()
-
-    @patch(f"{TASKS_MODULE}.DISABLE_VECTOR_DB", True)
-    @patch(f"{TASKS_MODULE}.get_default_file_store")
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    def test_still_deletes_file_store_and_db_record(
-        self,
-        mock_get_session: MagicMock,
-        mock_get_file_store: MagicMock,
-    ) -> None:
-        uf = _make_user_file(status=UserFileStatus.DELETING)
-        session = MagicMock()
-        session.get.return_value = uf
-        mock_get_session.return_value.__enter__.return_value = session
-
-        file_store = MagicMock()
-        mock_get_file_store.return_value = file_store
-
-        delete_user_file_impl(
-            user_file_id=str(uf.id),
-            tenant_id="test-tenant",
-            redis_locking=False,
-        )
-
-        assert file_store.delete_file.call_count == 2
-        session.delete.assert_called_once_with(uf)
-        session.commit.assert_called_once()
-
-
-# ------------------------------------------------------------------
-# project_sync_user_file_impl — vector DB skip
-# ------------------------------------------------------------------
-
-
-class TestProjectSyncImplNoVectorDb:
-    @patch(f"{TASKS_MODULE}.DISABLE_VECTOR_DB", True)
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    def test_skips_vector_db_update(
-        self,
-        mock_get_session: MagicMock,
-    ) -> None:
-        uf = _make_user_file(status=UserFileStatus.COMPLETED)
-        session = MagicMock()
-        session.execute.return_value.scalar_one_or_none.return_value = uf
-        mock_get_session.return_value.__enter__.return_value = session
-
-        with (
-            patch(f"{TASKS_MODULE}.get_all_document_indices") as mock_get_indices,
-            patch(f"{TASKS_MODULE}.get_active_search_settings") as mock_get_ss,
-            patch(f"{TASKS_MODULE}.httpx_init_vespa_pool") as mock_vespa_pool,
-        ):
-            project_sync_user_file_impl(
-                user_file_id=str(uf.id),
-                tenant_id="test-tenant",
-                redis_locking=False,
-            )
-
-            mock_get_indices.assert_not_called()
-            mock_get_ss.assert_not_called()
-            mock_vespa_pool.assert_not_called()
-
-    @patch(f"{TASKS_MODULE}.DISABLE_VECTOR_DB", True)
-    @patch(f"{TASKS_MODULE}.get_session_with_current_tenant")
-    def test_still_clears_sync_flags(
-        self,
-        mock_get_session: MagicMock,
-    ) -> None:
-        uf = _make_user_file(status=UserFileStatus.COMPLETED)
-        session = MagicMock()
-        session.execute.return_value.scalar_one_or_none.return_value = uf
-        mock_get_session.return_value.__enter__.return_value = session
-
-        project_sync_user_file_impl(
-            user_file_id=str(uf.id),
-            tenant_id="test-tenant",
-            redis_locking=False,
-        )
-
-        assert uf.needs_project_sync is False
-        assert uf.needs_persona_sync is False
-        assert uf.last_project_sync_at is not None
-        session.add.assert_called_once_with(uf)
-        session.commit.assert_called_once()

backend/tests/unit/onyx/server/scim/conftest.py

@@ -19,7 +19,6 @@ from ee.onyx.server.scim.models import ScimListResponse
 from ee.onyx.server.scim.models import ScimName
 from ee.onyx.server.scim.models import ScimUserResource
 from ee.onyx.server.scim.providers.base import ScimProvider
-from ee.onyx.server.scim.providers.entra import EntraProvider
 from ee.onyx.server.scim.providers.okta import OktaProvider
 from onyx.db.models import ScimToken
 from onyx.db.models import ScimUserMapping
@@ -27,10 +26,6 @@ from onyx.db.models import User
 from onyx.db.models import UserGroup
 from onyx.db.models import UserRole
 
-# Every supported SCIM provider must appear here so that all endpoint tests
-# run against it.  When adding a new provider, add its class to this list.
-SCIM_PROVIDERS: list[type[ScimProvider]] = [OktaProvider, EntraProvider]
-
 
 @pytest.fixture
 def mock_db_session() -> MagicMock:
@@ -46,10 +41,10 @@ def mock_token() -> MagicMock:
     return token
 
 
-@pytest.fixture(params=SCIM_PROVIDERS, ids=[p.__name__ for p in SCIM_PROVIDERS])
-def provider(request: pytest.FixtureRequest) -> ScimProvider:
-    """Parameterized provider — runs each test with every provider in SCIM_PROVIDERS."""
-    return request.param()
+@pytest.fixture
+def provider() -> ScimProvider:
+    """An OktaProvider instance for endpoint tests."""
+    return OktaProvider()
 
 
 @pytest.fixture

backend/tests/unit/onyx/server/scim/test_auth.py

@@ -1,11 +1,11 @@
 from unittest.mock import MagicMock
 
 import pytest
+from fastapi import HTTPException
 
 from ee.onyx.server.scim.auth import _hash_scim_token
 from ee.onyx.server.scim.auth import generate_scim_token
 from ee.onyx.server.scim.auth import SCIM_TOKEN_PREFIX
-from ee.onyx.server.scim.auth import ScimAuthError
 from ee.onyx.server.scim.auth import verify_scim_token
 
 
@@ -60,7 +60,7 @@ class TestVerifyScimToken:
     def test_missing_header_raises_401(self) -> None:
         request = self._make_request(None)
         dal = self._make_dal()
-        with pytest.raises(ScimAuthError) as exc_info:
+        with pytest.raises(HTTPException) as exc_info:
             verify_scim_token(request, dal)
         assert exc_info.value.status_code == 401
         assert "Missing" in str(exc_info.value.detail)
@@ -68,7 +68,7 @@ class TestVerifyScimToken:
     def test_wrong_prefix_raises_401(self) -> None:
         request = self._make_request("Bearer on_some_api_key")
         dal = self._make_dal()
-        with pytest.raises(ScimAuthError) as exc_info:
+        with pytest.raises(HTTPException) as exc_info:
             verify_scim_token(request, dal)
         assert exc_info.value.status_code == 401
 
@@ -76,7 +76,7 @@ class TestVerifyScimToken:
         raw, _, _ = generate_scim_token()
         request = self._make_request(f"Bearer {raw}")
         dal = self._make_dal(token=None)
-        with pytest.raises(ScimAuthError) as exc_info:
+        with pytest.raises(HTTPException) as exc_info:
             verify_scim_token(request, dal)
         assert exc_info.value.status_code == 401
         assert "Invalid" in str(exc_info.value.detail)
@@ -87,7 +87,7 @@ class TestVerifyScimToken:
         mock_token = MagicMock()
         mock_token.is_active = False
         dal = self._make_dal(token=mock_token)
-        with pytest.raises(ScimAuthError) as exc_info:
+        with pytest.raises(HTTPException) as exc_info:
             verify_scim_token(request, dal)
         assert exc_info.value.status_code == 401
         assert "revoked" in str(exc_info.value.detail)

backend/tests/unit/onyx/server/scim/test_providers.py

@@ -109,7 +109,7 @@ class TestOktaProvider:
         result = provider.build_user_resource(user, None)
 
         assert result.name == ScimName(
-            givenName="Madonna", familyName="", formatted="Madonna"
+            givenName="Madonna", familyName=None, formatted="Madonna"
         )
 
     def test_build_user_resource_no_name(self) -> None:
@@ -117,7 +117,7 @@ class TestOktaProvider:
         user = _make_mock_user(personal_name=None)
         result = provider.build_user_resource(user, None)
 
-        assert result.name == ScimName(givenName="", familyName="", formatted="")
+        assert result.name is None
         assert result.displayName is None
 
     def test_build_user_resource_scim_username_preserves_case(self) -> None:

backend/tests/unit/onyx/server/scim/test_user_endpoints.py

@@ -214,16 +214,13 @@ class TestCreateUser:
         mock_dal.add_user.assert_called_once()
         mock_dal.commit.assert_called_once()
 
-    @patch("ee.onyx.server.scim.api._check_seat_availability", return_value=None)
-    def test_missing_external_id_creates_user_without_mapping(
+    def test_missing_external_id_returns_400(
         self,
-        mock_seats: MagicMock,  # noqa: ARG002
         mock_db_session: MagicMock,
         mock_token: MagicMock,
-        mock_dal: MagicMock,
+        mock_dal: MagicMock,  # noqa: ARG002
         provider: ScimProvider,
     ) -> None:
-        mock_dal.get_user_by_email.return_value = None
         resource = make_scim_user(externalId=None)
 
         result = create_user(
@@ -233,11 +230,7 @@ class TestCreateUser:
             db_session=mock_db_session,
         )
 
-        parsed = parse_scim_user(result, status=201)
-        assert parsed.userName is not None
-        mock_dal.add_user.assert_called_once()
-        mock_dal.create_user_mapping.assert_not_called()
-        mock_dal.commit.assert_called_once()
+        assert_scim_error(result, 400)
 
     @patch("ee.onyx.server.scim.api._check_seat_availability", return_value=None)
     def test_duplicate_email_returns_409(

backend/tests/unit/onyx/test_startup_validation.py

@@ -1,52 +0,0 @@
-"""Tests for startup validation in no-vector-DB mode.
-
-Verifies that DISABLE_VECTOR_DB raises RuntimeError when combined with
-incompatible settings (MULTI_TENANT, ENABLE_CRAFT).
-"""
-
-from unittest.mock import patch
-
-import pytest
-
-
-class TestValidateNoVectorDbSettings:
-    @patch("onyx.main.DISABLE_VECTOR_DB", False)
-    def test_no_error_when_vector_db_enabled(self) -> None:
-        from onyx.main import validate_no_vector_db_settings
-
-        validate_no_vector_db_settings()
-
-    @patch("onyx.main.DISABLE_VECTOR_DB", True)
-    @patch("onyx.main.MULTI_TENANT", False)
-    @patch("onyx.server.features.build.configs.ENABLE_CRAFT", False)
-    def test_no_error_when_no_conflicts(self) -> None:
-        from onyx.main import validate_no_vector_db_settings
-
-        validate_no_vector_db_settings()
-
-    @patch("onyx.main.DISABLE_VECTOR_DB", True)
-    @patch("onyx.main.MULTI_TENANT", True)
-    def test_raises_on_multi_tenant(self) -> None:
-        from onyx.main import validate_no_vector_db_settings
-
-        with pytest.raises(RuntimeError, match="MULTI_TENANT"):
-            validate_no_vector_db_settings()
-
-    @patch("onyx.main.DISABLE_VECTOR_DB", True)
-    @patch("onyx.main.MULTI_TENANT", False)
-    @patch("onyx.server.features.build.configs.ENABLE_CRAFT", True)
-    def test_raises_on_enable_craft(self) -> None:
-        from onyx.main import validate_no_vector_db_settings
-
-        with pytest.raises(RuntimeError, match="ENABLE_CRAFT"):
-            validate_no_vector_db_settings()
-
-    @patch("onyx.main.DISABLE_VECTOR_DB", True)
-    @patch("onyx.main.MULTI_TENANT", True)
-    @patch("onyx.server.features.build.configs.ENABLE_CRAFT", True)
-    def test_multi_tenant_checked_before_craft(self) -> None:
-        """MULTI_TENANT is checked first, so it should be the error raised."""
-        from onyx.main import validate_no_vector_db_settings
-
-        with pytest.raises(RuntimeError, match="MULTI_TENANT"):
-            validate_no_vector_db_settings()

backend/tests/unit/onyx/tools/test_construct_tools_no_vectordb.py

@@ -1,196 +0,0 @@
-"""Tests for tool construction when DISABLE_VECTOR_DB is True.
-
-Verifies that:
-- SearchTool.is_available() returns False when vector DB is disabled
-- OpenURLTool.is_available() returns False when vector DB is disabled
-- The force-add SearchTool block is suppressed when DISABLE_VECTOR_DB
-- FileReaderTool.is_available() returns True when vector DB is disabled
-"""
-
-from unittest.mock import MagicMock
-from unittest.mock import patch
-
-from onyx.tools.tool_implementations.file_reader.file_reader_tool import FileReaderTool
-
-APP_CONFIGS_MODULE = "onyx.configs.app_configs"
-FILE_READER_MODULE = "onyx.tools.tool_implementations.file_reader.file_reader_tool"
-
-
-# ------------------------------------------------------------------
-# SearchTool.is_available()
-# ------------------------------------------------------------------
-
-
-class TestSearchToolAvailability:
-    @patch(f"{APP_CONFIGS_MODULE}.DISABLE_VECTOR_DB", True)
-    def test_unavailable_when_vector_db_disabled(self) -> None:
-        from onyx.tools.tool_implementations.search.search_tool import SearchTool
-
-        assert SearchTool.is_available(MagicMock()) is False
-
-    @patch("onyx.db.connector.check_user_files_exist", return_value=True)
-    @patch(
-        "onyx.tools.tool_implementations.search.search_tool.check_federated_connectors_exist",
-        return_value=False,
-    )
-    @patch(
-        "onyx.tools.tool_implementations.search.search_tool.check_connectors_exist",
-        return_value=False,
-    )
-    @patch(f"{APP_CONFIGS_MODULE}.DISABLE_VECTOR_DB", False)
-    def test_available_when_vector_db_enabled_and_files_exist(
-        self,
-        mock_connectors: MagicMock,  # noqa: ARG002
-        mock_federated: MagicMock,  # noqa: ARG002
-        mock_user_files: MagicMock,  # noqa: ARG002
-    ) -> None:
-        from onyx.tools.tool_implementations.search.search_tool import SearchTool
-
-        assert SearchTool.is_available(MagicMock()) is True
-
-
-# ------------------------------------------------------------------
-# OpenURLTool.is_available()
-# ------------------------------------------------------------------
-
-
-class TestOpenURLToolAvailability:
-    @patch(f"{APP_CONFIGS_MODULE}.DISABLE_VECTOR_DB", True)
-    def test_unavailable_when_vector_db_disabled(self) -> None:
-        from onyx.tools.tool_implementations.open_url.open_url_tool import OpenURLTool
-
-        assert OpenURLTool.is_available(MagicMock()) is False
-
-    @patch(f"{APP_CONFIGS_MODULE}.DISABLE_VECTOR_DB", False)
-    def test_available_when_vector_db_enabled(self) -> None:
-        from onyx.tools.tool_implementations.open_url.open_url_tool import OpenURLTool
-
-        assert OpenURLTool.is_available(MagicMock()) is True
-
-
-# ------------------------------------------------------------------
-# FileReaderTool.is_available()
-# ------------------------------------------------------------------
-
-
-class TestFileReaderToolAvailability:
-    @patch(f"{FILE_READER_MODULE}.DISABLE_VECTOR_DB", True)
-    def test_available_when_vector_db_disabled(self) -> None:
-        assert FileReaderTool.is_available(MagicMock()) is True
-
-    @patch(f"{FILE_READER_MODULE}.DISABLE_VECTOR_DB", False)
-    def test_unavailable_when_vector_db_enabled(self) -> None:
-        assert FileReaderTool.is_available(MagicMock()) is False
-
-
-# ------------------------------------------------------------------
-# Force-add SearchTool suppression
-# ------------------------------------------------------------------
-
-
-class TestForceAddSearchToolGuard:
-    def test_force_add_block_checks_disable_vector_db(self) -> None:
-        """The force-add SearchTool block in construct_tools should include
-        `not DISABLE_VECTOR_DB` so that forced search is also suppressed
-        without a vector DB."""
-        import inspect
-
-        from onyx.tools.tool_constructor import construct_tools
-
-        source = inspect.getsource(construct_tools)
-        assert "DISABLE_VECTOR_DB" in source, (
-            "construct_tools should reference DISABLE_VECTOR_DB "
-            "to suppress force-adding SearchTool"
-        )
-
-
-# ------------------------------------------------------------------
-# Persona API — _validate_vector_db_knowledge
-# ------------------------------------------------------------------
-
-
-class TestValidateVectorDbKnowledge:
-    @patch(
-        "onyx.server.features.persona.api.DISABLE_VECTOR_DB",
-        True,
-    )
-    def test_rejects_document_set_ids(self) -> None:
-        from fastapi import HTTPException
-
-        from onyx.server.features.persona.api import _validate_vector_db_knowledge
-
-        request = MagicMock()
-        request.document_set_ids = [1]
-        request.hierarchy_node_ids = []
-        request.document_ids = []
-
-        with __import__("pytest").raises(HTTPException) as exc_info:
-            _validate_vector_db_knowledge(request)
-        assert exc_info.value.status_code == 400
-        assert "document sets" in exc_info.value.detail
-
-    @patch(
-        "onyx.server.features.persona.api.DISABLE_VECTOR_DB",
-        True,
-    )
-    def test_rejects_hierarchy_node_ids(self) -> None:
-        from fastapi import HTTPException
-
-        from onyx.server.features.persona.api import _validate_vector_db_knowledge
-
-        request = MagicMock()
-        request.document_set_ids = []
-        request.hierarchy_node_ids = [1]
-        request.document_ids = []
-
-        with __import__("pytest").raises(HTTPException) as exc_info:
-            _validate_vector_db_knowledge(request)
-        assert exc_info.value.status_code == 400
-        assert "hierarchy nodes" in exc_info.value.detail
-
-    @patch(
-        "onyx.server.features.persona.api.DISABLE_VECTOR_DB",
-        True,
-    )
-    def test_rejects_document_ids(self) -> None:
-        from fastapi import HTTPException
-
-        from onyx.server.features.persona.api import _validate_vector_db_knowledge
-
-        request = MagicMock()
-        request.document_set_ids = []
-        request.hierarchy_node_ids = []
-        request.document_ids = ["doc-abc"]
-
-        with __import__("pytest").raises(HTTPException) as exc_info:
-            _validate_vector_db_knowledge(request)
-        assert exc_info.value.status_code == 400
-        assert "documents" in exc_info.value.detail
-
-    @patch(
-        "onyx.server.features.persona.api.DISABLE_VECTOR_DB",
-        True,
-    )
-    def test_allows_user_files_only(self) -> None:
-        from onyx.server.features.persona.api import _validate_vector_db_knowledge
-
-        request = MagicMock()
-        request.document_set_ids = []
-        request.hierarchy_node_ids = []
-        request.document_ids = []
-
-        _validate_vector_db_knowledge(request)
-
-    @patch(
-        "onyx.server.features.persona.api.DISABLE_VECTOR_DB",
-        False,
-    )
-    def test_allows_everything_when_vector_db_enabled(self) -> None:
-        from onyx.server.features.persona.api import _validate_vector_db_knowledge
-
-        request = MagicMock()
-        request.document_set_ids = [1, 2]
-        request.hierarchy_node_ids = [3]
-        request.document_ids = ["doc-x"]
-
-        _validate_vector_db_knowledge(request)

backend/tests/unit/onyx/tools/test_file_reader_tool.py

@@ -1,237 +0,0 @@
-"""Tests for the FileReaderTool.
-
-Verifies:
-- Tool definition schema is well-formed
-- File ID validation (allowlist, UUID format)
-- Character range extraction and clamping
-- Error handling for missing parameters and non-text files
-- is_available() reflects DISABLE_VECTOR_DB
-"""
-
-from unittest.mock import MagicMock
-from unittest.mock import patch
-from uuid import uuid4
-
-import pytest
-
-from onyx.file_store.models import ChatFileType
-from onyx.file_store.models import InMemoryChatFile
-from onyx.server.query_and_chat.placement import Placement
-from onyx.tools.models import ToolCallException
-from onyx.tools.tool_implementations.file_reader.file_reader_tool import FILE_ID_FIELD
-from onyx.tools.tool_implementations.file_reader.file_reader_tool import FileReaderTool
-from onyx.tools.tool_implementations.file_reader.file_reader_tool import MAX_NUM_CHARS
-from onyx.tools.tool_implementations.file_reader.file_reader_tool import NUM_CHARS_FIELD
-from onyx.tools.tool_implementations.file_reader.file_reader_tool import (
-    START_CHAR_FIELD,
-)
-
-TOOL_MODULE = "onyx.tools.tool_implementations.file_reader.file_reader_tool"
-_PLACEMENT = Placement(turn_index=0)
-
-
-def _make_tool(
-    user_file_ids: list | None = None,
-    chat_file_ids: list | None = None,
-) -> FileReaderTool:
-    emitter = MagicMock()
-    return FileReaderTool(
-        tool_id=99,
-        emitter=emitter,
-        user_file_ids=user_file_ids or [],
-        chat_file_ids=chat_file_ids or [],
-    )
-
-
-def _text_file(content: str, filename: str = "test.txt") -> InMemoryChatFile:
-    return InMemoryChatFile(
-        file_id="some-file-id",
-        content=content.encode("utf-8"),
-        file_type=ChatFileType.PLAIN_TEXT,
-        filename=filename,
-    )
-
-
-# ------------------------------------------------------------------
-# Tool metadata
-# ------------------------------------------------------------------
-
-
-class TestToolMetadata:
-    def test_tool_name(self) -> None:
-        tool = _make_tool()
-        assert tool.name == "read_file"
-
-    def test_tool_definition_schema(self) -> None:
-        tool = _make_tool()
-        defn = tool.tool_definition()
-        assert defn["type"] == "function"
-        func = defn["function"]
-        assert func["name"] == "read_file"
-        props = func["parameters"]["properties"]
-        assert FILE_ID_FIELD in props
-        assert START_CHAR_FIELD in props
-        assert NUM_CHARS_FIELD in props
-        assert func["parameters"]["required"] == [FILE_ID_FIELD]
-
-
-# ------------------------------------------------------------------
-# File ID validation
-# ------------------------------------------------------------------
-
-
-class TestFileIdValidation:
-    def test_rejects_invalid_uuid(self) -> None:
-        tool = _make_tool()
-        with pytest.raises(ToolCallException, match="Invalid file_id"):
-            tool._validate_file_id("not-a-uuid")
-
-    def test_rejects_file_not_in_allowlist(self) -> None:
-        tool = _make_tool(user_file_ids=[uuid4()])
-        other_id = uuid4()
-        with pytest.raises(ToolCallException, match="not in available files"):
-            tool._validate_file_id(str(other_id))
-
-    def test_accepts_user_file_id(self) -> None:
-        uid = uuid4()
-        tool = _make_tool(user_file_ids=[uid])
-        assert tool._validate_file_id(str(uid)) == uid
-
-    def test_accepts_chat_file_id(self) -> None:
-        cid = uuid4()
-        tool = _make_tool(chat_file_ids=[cid])
-        assert tool._validate_file_id(str(cid)) == cid
-
-
-# ------------------------------------------------------------------
-# run() — character range extraction
-# ------------------------------------------------------------------
-
-
-class TestRun:
-    @patch(f"{TOOL_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TOOL_MODULE}.load_user_file")
-    def test_returns_full_content_by_default(
-        self,
-        mock_load_user_file: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        uid = uuid4()
-        content = "Hello, world!"
-        mock_load_user_file.return_value = _text_file(content)
-        mock_get_session.return_value.__enter__.return_value = MagicMock()
-
-        tool = _make_tool(user_file_ids=[uid])
-        resp = tool.run(
-            placement=_PLACEMENT,
-            override_kwargs=MagicMock(),
-            **{FILE_ID_FIELD: str(uid)},
-        )
-        assert content in resp.llm_facing_response
-
-    @patch(f"{TOOL_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TOOL_MODULE}.load_user_file")
-    def test_respects_start_char_and_num_chars(
-        self,
-        mock_load_user_file: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        uid = uuid4()
-        content = "abcdefghijklmnop"
-        mock_load_user_file.return_value = _text_file(content)
-        mock_get_session.return_value.__enter__.return_value = MagicMock()
-
-        tool = _make_tool(user_file_ids=[uid])
-        resp = tool.run(
-            placement=_PLACEMENT,
-            override_kwargs=MagicMock(),
-            **{FILE_ID_FIELD: str(uid), START_CHAR_FIELD: 4, NUM_CHARS_FIELD: 6},
-        )
-        assert "efghij" in resp.llm_facing_response
-
-    @patch(f"{TOOL_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TOOL_MODULE}.load_user_file")
-    def test_clamps_num_chars_to_max(
-        self,
-        mock_load_user_file: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        uid = uuid4()
-        content = "x" * (MAX_NUM_CHARS + 500)
-        mock_load_user_file.return_value = _text_file(content)
-        mock_get_session.return_value.__enter__.return_value = MagicMock()
-
-        tool = _make_tool(user_file_ids=[uid])
-        resp = tool.run(
-            placement=_PLACEMENT,
-            override_kwargs=MagicMock(),
-            **{FILE_ID_FIELD: str(uid), NUM_CHARS_FIELD: MAX_NUM_CHARS + 9999},
-        )
-        assert f"Characters 0-{MAX_NUM_CHARS}" in resp.llm_facing_response
-
-    @patch(f"{TOOL_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TOOL_MODULE}.load_user_file")
-    def test_includes_continuation_hint(
-        self,
-        mock_load_user_file: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        uid = uuid4()
-        content = "x" * 100
-        mock_load_user_file.return_value = _text_file(content)
-        mock_get_session.return_value.__enter__.return_value = MagicMock()
-
-        tool = _make_tool(user_file_ids=[uid])
-        resp = tool.run(
-            placement=_PLACEMENT,
-            override_kwargs=MagicMock(),
-            **{FILE_ID_FIELD: str(uid), NUM_CHARS_FIELD: 10},
-        )
-        assert "use start_char=10 to continue reading" in resp.llm_facing_response
-
-    def test_raises_on_missing_file_id(self) -> None:
-        tool = _make_tool()
-        with pytest.raises(ToolCallException, match="Missing required"):
-            tool.run(
-                placement=_PLACEMENT,
-                override_kwargs=MagicMock(),
-            )
-
-    @patch(f"{TOOL_MODULE}.get_session_with_current_tenant")
-    @patch(f"{TOOL_MODULE}.load_user_file")
-    def test_raises_on_non_text_file(
-        self,
-        mock_load_user_file: MagicMock,
-        mock_get_session: MagicMock,
-    ) -> None:
-        uid = uuid4()
-        mock_load_user_file.return_value = InMemoryChatFile(
-            file_id="img",
-            content=b"\x89PNG",
-            file_type=ChatFileType.IMAGE,
-            filename="photo.png",
-        )
-        mock_get_session.return_value.__enter__.return_value = MagicMock()
-
-        tool = _make_tool(user_file_ids=[uid])
-        with pytest.raises(ToolCallException, match="not a text file"):
-            tool.run(
-                placement=_PLACEMENT,
-                override_kwargs=MagicMock(),
-                **{FILE_ID_FIELD: str(uid)},
-            )
-
-
-# ------------------------------------------------------------------
-# is_available()
-# ------------------------------------------------------------------
-
-
-class TestIsAvailable:
-    @patch(f"{TOOL_MODULE}.DISABLE_VECTOR_DB", True)
-    def test_available_when_vector_db_disabled(self) -> None:
-        assert FileReaderTool.is_available(MagicMock()) is True
-
-    @patch(f"{TOOL_MODULE}.DISABLE_VECTOR_DB", False)
-    def test_unavailable_when_vector_db_enabled(self) -> None:
-        assert FileReaderTool.is_available(MagicMock()) is False

deployment/docker_compose/docker-compose.no-vectordb.yml

@@ -16,15 +16,12 @@
 # This overlay:
 #   - Moves Vespa (index), both model servers, and code-interpreter to profiles
 #     so they do not start by default
-#   - Moves the background worker to the "background" profile (the API server
-#     handles all background work via FastAPI BackgroundTasks)
-#   - Makes the depends_on references to removed services optional
-#   - Sets DISABLE_VECTOR_DB=true on the api_server
+#   - Makes the depends_on references to those services optional
+#   - Sets DISABLE_VECTOR_DB=true on backend services
 #
 # To selectively bring services back:
 #   --profile vectordb          Vespa + indexing model server
 #   --profile inference         Inference model server
-#   --profile background        Background worker (Celery)
 #   --profile code-interpreter  Code interpreter
 # =============================================================================
 
@@ -46,20 +43,20 @@ services:
       - DISABLE_VECTOR_DB=true
       - FILE_STORE_BACKEND=postgres
 
-  # Move the background worker to a profile so it does not start by default.
-  # The API server handles all background work in NO_VECTOR_DB mode.
   background:
-    profiles: ["background"]
     depends_on:
       index:
         condition: service_started
         required: false
-      inference_model_server:
-        condition: service_started
-        required: false
       indexing_model_server:
         condition: service_started
         required: false
+      inference_model_server:
+        condition: service_started
+        required: false
+    environment:
+      - DISABLE_VECTOR_DB=true
+      - FILE_STORE_BACKEND=postgres
 
   # Move Vespa and indexing model server to a profile so they do not start.
   index:

deployment/helm/charts/onyx/Chart.lock

@@ -19,6 +19,6 @@ dependencies:
   version: 5.4.0
 - name: code-interpreter
   repository: https://onyx-dot-app.github.io/python-sandbox/
-  version: 0.3.1
-digest: sha256:4965b6ea3674c37163832a2192cd3bc8004f2228729fca170af0b9f457e8f987
-generated: "2026-03-02T15:29:39.632344-08:00"
+  version: 0.3.0
+digest: sha256:cf8f01906d46034962c6ce894770621ee183ac761e6942951118aeb48540eddd
+generated: "2026-02-24T10:59:38.78318-08:00"

deployment/helm/charts/onyx/Chart.yaml

@@ -45,6 +45,6 @@ dependencies:
     repository: https://charts.min.io/
     condition: minio.enabled
   - name: code-interpreter
-    version: 0.3.1
+    version: 0.3.0
     repository: https://onyx-dot-app.github.io/python-sandbox/
     condition: codeInterpreter.enabled

deployment/helm/charts/onyx/templates/celery-beat.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (gt (int .Values.celery_beat.replicaCount) 0) }}
+{{- if gt (int .Values.celery_beat.replicaCount) 0 }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-heavy-hpa.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (.Values.celery_worker_heavy.autoscaling.enabled) (ne (include "onyx.autoscaling.engine" .) "keda") }}
+{{- if and (.Values.celery_worker_heavy.autoscaling.enabled) (ne (include "onyx.autoscaling.engine" .) "keda") }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-heavy-scaledobject.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (.Values.celery_worker_heavy.autoscaling.enabled) (eq (include "onyx.autoscaling.engine" .) "keda") }}
+{{- if and (.Values.celery_worker_heavy.autoscaling.enabled) (eq (include "onyx.autoscaling.engine" .) "keda") }}
 apiVersion: keda.sh/v1alpha1
 kind: ScaledObject
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-heavy.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (gt (int .Values.celery_worker_heavy.replicaCount) 0) }}
+{{- if gt (int .Values.celery_worker_heavy.replicaCount) 0 }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-light-hpa.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (.Values.celery_worker_light.autoscaling.enabled) (ne (include "onyx.autoscaling.engine" .) "keda") }}
+{{- if and (.Values.celery_worker_light.autoscaling.enabled) (ne (include "onyx.autoscaling.engine" .) "keda") }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-light-scaledobject.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (.Values.celery_worker_light.autoscaling.enabled) (eq (include "onyx.autoscaling.engine" .) "keda") }}
+{{- if and (.Values.celery_worker_light.autoscaling.enabled) (eq (include "onyx.autoscaling.engine" .) "keda") }}
 apiVersion: keda.sh/v1alpha1
 kind: ScaledObject
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-light.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (gt (int .Values.celery_worker_light.replicaCount) 0) }}
+{{- if gt (int .Values.celery_worker_light.replicaCount) 0 }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-monitoring-hpa.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (.Values.celery_worker_monitoring.autoscaling.enabled) (ne (include "onyx.autoscaling.engine" .) "keda") }}
+{{- if and (.Values.celery_worker_monitoring.autoscaling.enabled) (ne (include "onyx.autoscaling.engine" .) "keda") }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-monitoring-scaledobject.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (.Values.celery_worker_monitoring.autoscaling.enabled) (eq (include "onyx.autoscaling.engine" .) "keda") }}
+{{- if and (.Values.celery_worker_monitoring.autoscaling.enabled) (eq (include "onyx.autoscaling.engine" .) "keda") }}
 apiVersion: keda.sh/v1alpha1
 kind: ScaledObject
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-monitoring.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (gt (int .Values.celery_worker_monitoring.replicaCount) 0) }}
+{{- if gt (int .Values.celery_worker_monitoring.replicaCount) 0 }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-primary-hpa.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (.Values.celery_worker_primary.autoscaling.enabled) (ne (include "onyx.autoscaling.engine" .) "keda") }}
+{{- if and (.Values.celery_worker_primary.autoscaling.enabled) (ne (include "onyx.autoscaling.engine" .) "keda") }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-primary-scaledobject.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (.Values.celery_worker_primary.autoscaling.enabled) (eq (include "onyx.autoscaling.engine" .) "keda") }}
+{{- if and (.Values.celery_worker_primary.autoscaling.enabled) (eq (include "onyx.autoscaling.engine" .) "keda") }}
 apiVersion: keda.sh/v1alpha1
 kind: ScaledObject
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-primary.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (gt (int .Values.celery_worker_primary.replicaCount) 0) }}
+{{- if gt (int .Values.celery_worker_primary.replicaCount) 0 }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-user-file-processing-hpa.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (.Values.celery_worker_user_file_processing.autoscaling.enabled) (ne (include "onyx.autoscaling.engine" .) "keda") }}
+{{- if and (.Values.celery_worker_user_file_processing.autoscaling.enabled) (ne (include "onyx.autoscaling.engine" .) "keda") }}
 apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-user-file-processing-scaledobject.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (.Values.celery_worker_user_file_processing.autoscaling.enabled) (eq (include "onyx.autoscaling.engine" .) "keda") }}
+{{- if and (.Values.celery_worker_user_file_processing.autoscaling.enabled) (eq (include "onyx.autoscaling.engine" .) "keda") }}
 apiVersion: keda.sh/v1alpha1
 kind: ScaledObject
 metadata:

deployment/helm/charts/onyx/templates/celery-worker-user-file-processing.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.vectorDB.enabled (gt (int .Values.celery_worker_user_file_processing.replicaCount) 0) }}
+{{- if gt (int .Values.celery_worker_user_file_processing.replicaCount) 0 }}
 apiVersion: apps/v1
 kind: Deployment
 metadata: