The latest articles on DEV Community by Martin Palopoli (@martin_palopoli). https://dev.to/martin_palopoli https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1593262%2F2a20804d-cfef-442e-ba10-0cf77928f348.jpg https://dev.to/martin_palopoli en Martin Palopoli Tue, 07 Apr 2026 13:10:00 +0000 https://dev.to/martin_palopoli/cache-semantico-y-faq-matching-como-reduje-un-40-el-costo-de-llm-en-mi-motor-rag-gg3 https://dev.to/martin_palopoli/cache-semantico-y-faq-matching-como-reduje-un-40-el-costo-de-llm-en-mi-motor-rag-gg3 <p>Cada query RAG cuesta dinero: embedding + tokens de LLM. Implementé tres capas de optimización que reducen el costo real un 30-45%: <strong>FAQ matching</strong> (respuestas curadas a costo cero), <strong>cache semántico</strong> (pgvector con similaridad &gt;= 0.95), y <strong>auto-generación de FAQs</strong> desde queries frecuentes sin respuesta. Todo con código de producción y un fallback que mantiene el servicio activo cuando el presupuesto de LLM se agota.</p> <h2> El problema: cada query cuesta dinero real </h2> <p>En los artículos anteriores construí un pipeline RAG con búsqueda híbrida, reranking y streaming. Funciona bien. Pero en producción:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Query típica: embedding + búsqueda + LLM (~800 tokens) ≈ $0.0003 1,000 queries/día × 30 días = 30,000 queries/mes 30,000 × $0.0003 = ~$9/mes por tenant 50 tenants = ~$450/mes solo en LLM </code></pre> </div> <p>El insight clave: <strong>el 35-40% de las queries son repetidas o muy similares</strong>. Cada una es dinero quemado.</p> <h2> Arquitectura de las 3 capas de ahorro </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Query del usuario │ ▼ ┌─────────────┐ │ FAQ Match │──→ Si score ≥ 0.85: respuesta curada (costo LLM = $0) └─────┬───────┘ │ No match ▼ ┌─────────────────┐ │ Semantic Cache │──→ Si similaridad ≥ 0.95: respuesta cacheada ($0) └─────┬───────────┘ │ Cache miss ▼ ┌─────────────────┐ │ Budget Check │──→ Si presupuesto agotado: fallback FAQ-only └─────┬───────────┘ │ Budget OK ▼ Pipeline RAG completo → fire-and-forget: guardar en cache </code></pre> </div> <h2> Capa 1: FAQ Matching — la inversión más rentable </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">match_faq</span><span class="p">(</span> <span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">query</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="n">UUID</span><span class="p">],</span> <span class="n">threshold</span><span class="p">:</span> <span class="nb">float</span> <span class="o">=</span> <span class="mf">0.85</span><span class="p">,</span> <span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span> <span class="o">|</span> <span class="bp">None</span><span class="p">:</span> <span class="n">query_embedding</span> <span class="o">=</span> <span class="n">embedding_service</span><span class="p">.</span><span class="nf">embed_query</span><span class="p">(</span><span class="n">query</span><span class="p">)</span> <span class="n">kb_ids_str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">,</span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="sa">f</span><span class="sh">"'</span><span class="si">{</span><span class="nf">str</span><span class="p">(</span><span class="n">kb_id</span><span class="p">)</span><span class="si">}</span><span class="sh">'"</span> <span class="k">for</span> <span class="n">kb_id</span> <span class="ow">in</span> <span class="n">kb_ids</span><span class="p">)</span> <span class="n">stmt</span> <span class="o">=</span> <span class="nf">text</span><span class="p">(</span><span class="sa">f</span><span class="sh">"""</span><span class="s"> SELECT id, question, answer, attachments, 1 - (embedding &lt;=&gt; CAST(:embedding AS vector)) as score FROM faqs WHERE knowledge_base_id IN (</span><span class="si">{</span><span class="n">kb_ids_str</span><span class="si">}</span><span class="s">) AND is_active = true AND embedding IS NOT NULL ORDER BY embedding &lt;=&gt; CAST(:embedding AS vector) LIMIT 1 </span><span class="sh">"""</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">stmt</span><span class="p">,</span> <span class="p">{</span><span class="sh">"</span><span class="s">embedding</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">)})</span> <span class="n">row</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">mappings</span><span class="p">().</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">row</span> <span class="ow">or</span> <span class="nf">float</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">])</span> <span class="o">&lt;</span> <span class="n">threshold</span><span class="p">:</span> <span class="k">return</span> <span class="bp">None</span> <span class="c1"># Increment hit_count atomically </span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="nf">update</span><span class="p">(</span><span class="n">FAQ</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span><span class="n">FAQ</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]).</span><span class="nf">values</span><span class="p">(</span><span class="n">hit_count</span><span class="o">=</span><span class="n">FAQ</span><span class="p">.</span><span class="n">hit_count</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">faq_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">]),</span> <span class="sh">"</span><span class="s">question</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">question</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">answer</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">answer</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="nf">float</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">])}</span> </code></pre> </div> <p>El modelo usa un índice HNSW sobre el embedding para que la búsqueda sea ~15ms:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">FAQ</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">faqs</span><span class="sh">"</span> <span class="n">embedding</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">Vector</span><span class="p">(</span><span class="mi">384</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">hit_count</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">server_default</span><span class="o">=</span><span class="sh">"</span><span class="s">0</span><span class="sh">"</span><span class="p">)</span> <span class="n">__table_args__</span> <span class="o">=</span> <span class="p">(</span> <span class="nc">Index</span><span class="p">(</span><span class="sh">"</span><span class="s">ix_faqs_embedding</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">embedding</span><span class="sh">"</span><span class="p">,</span> <span class="n">postgresql_using</span><span class="o">=</span><span class="sh">"</span><span class="s">hnsw</span><span class="sh">"</span><span class="p">,</span> <span class="n">postgresql_ops</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">embedding</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">vector_cosine_ops</span><span class="sh">"</span><span class="p">},</span> <span class="n">postgresql_with</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">m</span><span class="sh">"</span><span class="p">:</span> <span class="mi">16</span><span class="p">,</span> <span class="sh">"</span><span class="s">ef_construction</span><span class="sh">"</span><span class="p">:</span> <span class="mi">64</span><span class="p">}),</span> <span class="p">)</span> </code></pre> </div> <h3> Threshold tuning: de 0.75 a 0.85 </h3> <p>Empecé con 0.75. Demasiado bajo — obtuve false positives donde "¿Cómo configuro el widget?" matcheaba con "¿Qué es un widget?". Subí a 0.85 y los falsos positivos desaparecieron:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Query</th> <th>FAQ almacenada</th> <th>Score</th> <th>Match?</th> </tr> </thead> <tbody> <tr> <td>"como reseteo mi clave"</td> <td>"¿Cómo cambio mi contraseña?"</td> <td>0.91</td> <td>Si</td> </tr> <tr> <td>"aceptan visa?"</td> <td>"¿Qué medios de pago aceptan?"</td> <td>0.87</td> <td>Si</td> </tr> <tr> <td>"como configuro el widget"</td> <td>"¿Qué es un widget?"</td> <td>0.72</td> <td>No</td> </tr> </tbody> </table></div> <p>Cuando hay match, el pipeline completo no se ejecuta:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">faq_match</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">faq_match</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">faq_match</span><span class="p">)}</span> <span class="c1"># FAQ matches are free — don't increment billing counters </span> <span class="nf">fire_and_forget_log_usage</span><span class="p">(</span> <span class="n">query_type</span><span class="o">=</span><span class="sh">"</span><span class="s">faq</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_tokens</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">provider</span><span class="o">=</span><span class="bp">None</span><span class="p">,</span> <span class="bp">...</span> <span class="p">)</span> </code></pre> </div> <p><strong><code>response_tokens=0</code> y <code>query_type="faq"</code></strong> — fundamental para las métricas de ahorro.</p> <h2> Capa 2: Cache Semántico — pgvector como cache inteligente </h2> <h3> El concepto </h3> <p>Si alguien pregunta "¿Cómo reseteo mi contraseña?" y hace 2 horas otro preguntó "¿Cómo puedo cambiar mi password?", la respuesta es la misma. El cache semántico detecta esa equivalencia comparando embeddings, no strings exactos.</p> <p>El modelo almacena el embedding del query, la respuesta, las fuentes, y un hash de la configuración RAG:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">ResponseCache</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">response_cache</span><span class="sh">"</span> <span class="n">query_embedding</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">Vector</span><span class="p">(</span><span class="mi">384</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">query_text</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">500</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">response_text</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Text</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">sources</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">JSONB</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="nb">list</span><span class="p">)</span> <span class="n">confidence</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Float</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">knowledge_base_ids</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">ARRAY</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">)),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">rag_config_hash</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">64</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">hit_count</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">0</span><span class="p">,</span> <span class="n">server_default</span><span class="o">=</span><span class="sh">"</span><span class="s">0</span><span class="sh">"</span><span class="p">)</span> <span class="n">expires_at</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">DateTime</span><span class="p">(</span><span class="n">timezone</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> </code></pre> </div> <h3> Config hash: scoping por configuración </h3> <p>Si el admin cambia parámetros de RAG, las respuestas cacheadas ya no son válidas:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">compute_config_hash</span><span class="p">(</span><span class="n">retrieval_config</span><span class="p">,</span> <span class="n">language</span><span class="p">:</span> <span class="nb">str</span> <span class="o">|</span> <span class="bp">None</span> <span class="o">=</span> <span class="bp">None</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">key_fields</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">candidate_k</span><span class="sh">"</span><span class="p">:</span> <span class="n">retrieval_config</span><span class="p">.</span><span class="n">candidate_k</span><span class="p">,</span> <span class="sh">"</span><span class="s">rerank_top_n</span><span class="sh">"</span><span class="p">:</span> <span class="n">retrieval_config</span><span class="p">.</span><span class="n">rerank_top_n</span><span class="p">,</span> <span class="sh">"</span><span class="s">top_k</span><span class="sh">"</span><span class="p">:</span> <span class="n">retrieval_config</span><span class="p">.</span><span class="n">top_k</span><span class="p">,</span> <span class="sh">"</span><span class="s">lambda_param</span><span class="sh">"</span><span class="p">:</span> <span class="n">retrieval_config</span><span class="p">.</span><span class="n">lambda_param</span><span class="p">,</span> <span class="sh">"</span><span class="s">max_per_doc</span><span class="sh">"</span><span class="p">:</span> <span class="n">retrieval_config</span><span class="p">.</span><span class="n">max_per_doc</span><span class="p">,</span> <span class="sh">"</span><span class="s">bm25_weight</span><span class="sh">"</span><span class="p">:</span> <span class="n">retrieval_config</span><span class="p">.</span><span class="n">bm25_weight</span><span class="p">,</span> <span class="sh">"</span><span class="s">language</span><span class="sh">"</span><span class="p">:</span> <span class="n">language</span> <span class="ow">or</span> <span class="sh">"</span><span class="s">es</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="k">return</span> <span class="n">hashlib</span><span class="p">.</span><span class="nf">sha256</span><span class="p">(</span><span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">key_fields</span><span class="p">,</span> <span class="n">sort_keys</span><span class="o">=</span><span class="bp">True</span><span class="p">).</span><span class="nf">encode</span><span class="p">()).</span><span class="nf">hexdigest</span><span class="p">()</span> </code></pre> </div> <h3> Lookup: similaridad &gt;= 0.95 </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">CACHE_SIMILARITY_THRESHOLD</span> <span class="o">=</span> <span class="mf">0.95</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">lookup_cache</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">rag_config_hash</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">):</span> <span class="n">stmt</span> <span class="o">=</span> <span class="nf">text</span><span class="p">(</span><span class="sa">f</span><span class="sh">"""</span><span class="s"> SELECT id, response_text, sources, confidence, 1 - (query_embedding &lt;=&gt; CAST(:embedding AS vector)) AS similarity FROM response_cache WHERE tenant_id = :tid AND expires_at &gt; now() AND rag_config_hash = :config_hash AND knowledge_base_ids @&gt; </span><span class="si">{</span><span class="n">kb_array</span><span class="si">}</span><span class="s"> ORDER BY query_embedding &lt;=&gt; CAST(:embedding AS vector) LIMIT 1 </span><span class="sh">"""</span><span class="p">)</span> <span class="n">row</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">mappings</span><span class="p">().</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">row</span> <span class="ow">or</span> <span class="nf">float</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">similarity</span><span class="sh">"</span><span class="p">])</span> <span class="o">&lt;</span> <span class="n">CACHE_SIMILARITY_THRESHOLD</span><span class="p">:</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="nf">text</span><span class="p">(</span><span class="sh">"</span><span class="s">UPDATE response_cache SET hit_count = hit_count + 1 WHERE id = :cid</span><span class="sh">"</span><span class="p">),</span> <span class="p">{</span><span class="sh">"</span><span class="s">cid</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">])},</span> <span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">response_text</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">response_text</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">:</span> <span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">:</span> <span class="nf">float</span><span class="p">(</span><span class="n">row</span><span class="p">[</span><span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">])}</span> </code></pre> </div> <p><strong>¿Por qué 0.95?</strong> Con 0.90 tuve cache hits incorrectos:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Query A</th> <th>Query B</th> <th>Similaridad</th> <th>¿Misma respuesta?</th> </tr> </thead> <tbody> <tr> <td>"Cómo exporto a CSV"</td> <td>"Cómo descargo datos en CSV"</td> <td>0.97</td> <td>Si</td> </tr> <tr> <td>"Cómo configuro el webhook"</td> <td>"Cómo pruebo el webhook"</td> <td>0.92</td> <td><strong>No</strong></td> </tr> <tr> <td>"Cómo agrego usuarios"</td> <td>"Cómo elimino usuarios"</td> <td>0.91</td> <td><strong>No</strong></td> </tr> </tbody> </table></div> <h3> Fire-and-forget storage </h3> <p>No podés bloquear el streaming SSE para guardar en cache:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">fire_and_forget_store_cache</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">query_text</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">rag_config_hash</span><span class="p">,</span> <span class="n">response_text</span><span class="p">,</span> <span class="n">sources</span><span class="p">,</span> <span class="n">confidence</span><span class="p">,</span> <span class="n">ttl_hours</span><span class="o">=</span><span class="mi">168</span><span class="p">):</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">_store</span><span class="p">():</span> <span class="k">try</span><span class="p">:</span> <span class="k">async</span> <span class="k">with</span> <span class="nf">async_session</span><span class="p">()</span> <span class="k">as</span> <span class="n">db</span><span class="p">:</span> <span class="k">await</span> <span class="nf">store_cache</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="p">...)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">logger</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="sh">"</span><span class="s">Failed to store cache: %s</span><span class="sh">"</span><span class="p">,</span> <span class="n">e</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">loop</span> <span class="o">=</span> <span class="n">asyncio</span><span class="p">.</span><span class="nf">get_running_loop</span><span class="p">()</span> <span class="n">loop</span><span class="p">.</span><span class="nf">create_task</span><span class="p">(</span><span class="nf">_store</span><span class="p">())</span> <span class="k">except</span> <span class="nb">RuntimeError</span><span class="p">:</span> <span class="k">pass</span> <span class="c1"># No event loop (tests) — skip </span></code></pre> </div> <p>Y la condición para cachear:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">rag_config</span><span class="p">.</span><span class="n">retrieval</span><span class="p">.</span><span class="n">cache_enabled</span> <span class="ow">and</span> <span class="n">kb_ids</span> <span class="ow">and</span> <span class="ow">not</span> <span class="n">low_confidence</span><span class="p">:</span> <span class="nf">fire_and_forget_store_cache</span><span class="p">(...)</span> </code></pre> </div> <p><strong><code>not low_confidence</code></strong>: no cacheamos respuestas malas.</p> <h2> Invalidación proactiva: el cache que no miente </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">invalidate_kb_cache</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">kb_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="nf">text</span><span class="p">(</span><span class="sh">"</span><span class="s">DELETE FROM response_cache WHERE CAST(:kb_id AS UUID) = ANY(knowledge_base_ids)</span><span class="sh">"</span><span class="p">),</span> <span class="p">{</span><span class="sh">"</span><span class="s">kb_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">kb_id</span><span class="p">)},</span> <span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">return</span> <span class="n">result</span><span class="p">.</span><span class="n">rowcount</span> </code></pre> </div> <p>Se llama automáticamente en cada operación que cambia contenido de una KB:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># En faq_service.py — al crear, actualizar o importar FAQs </span><span class="k">async</span> <span class="k">def</span> <span class="nf">create_faq</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">kb_id</span><span class="p">,</span> <span class="n">data</span><span class="p">):</span> <span class="n">faq</span> <span class="o">=</span> <span class="nc">FAQ</span><span class="p">(</span><span class="n">knowledge_base_id</span><span class="o">=</span><span class="n">kb_id</span><span class="p">,</span> <span class="p">...)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">faq</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">await</span> <span class="nf">invalidate_kb_cache</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">kb_id</span><span class="p">)</span> <span class="c1"># Cache muere </span> <span class="k">return</span> <span class="n">faq</span> </code></pre> </div> <p>Lo mismo ocurre al subir o reprocesar documentos. Regla simple: <strong>si el contenido de una KB cambió, el cache de esa KB muere</strong>.</p> <h2> Auto-FAQ: convertir preguntas frecuentes en FAQs reales </h2> <p>El sistema registra queries con baja confianza. Cuando una aparece múltiples veces, el admin puede auto-generar una FAQ:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">generate_faq_suggestion</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">unanswered_query_id</span><span class="p">,</span> <span class="n">kb_id</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">):</span> <span class="n">uq</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">UnansweredQuery</span><span class="p">,</span> <span class="n">unanswered_query_id</span><span class="p">)</span> <span class="c1"># Dedup: skip si ya hay sugerencia pendiente o FAQ similar (&gt;= 0.85) </span> <span class="n">similar_faq</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nf">text</span><span class="p">(</span><span class="sh">"""</span><span class="s"> SELECT 1 - (embedding &lt;=&gt; CAST(:embedding AS vector)) AS score FROM faqs WHERE knowledge_base_id = :kb_id AND is_active = true ORDER BY embedding &lt;=&gt; CAST(:embedding AS vector) LIMIT 1 </span><span class="sh">"""</span><span class="p">),</span> <span class="p">...)</span> <span class="k">if</span> <span class="n">faq_row</span> <span class="ow">and</span> <span class="nf">float</span><span class="p">(</span><span class="n">faq_row</span><span class="p">[</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">])</span> <span class="o">&gt;=</span> <span class="mf">0.85</span><span class="p">:</span> <span class="k">return</span> <span class="bp">None</span> <span class="c1"># Similar FAQ already exists </span> <span class="c1"># Search KB for context, then call LLM </span> <span class="n">sources</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">search_chunks</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">uq</span><span class="p">.</span><span class="n">query_text</span><span class="p">,</span> <span class="p">[</span><span class="n">kb_id</span><span class="p">],</span> <span class="p">...)</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generate_playground_response</span><span class="p">(</span> <span class="n">query</span><span class="o">=</span><span class="n">uq</span><span class="p">.</span><span class="n">query_text</span><span class="p">,</span> <span class="n">sources</span><span class="o">=</span><span class="n">sources</span><span class="p">[:</span><span class="mi">5</span><span class="p">],</span> <span class="n">temperature</span><span class="o">=</span><span class="mf">0.2</span><span class="p">,</span> <span class="n">max_tokens</span><span class="o">=</span><span class="mi">512</span><span class="p">,</span> <span class="n">system_prompt</span><span class="o">=</span><span class="sh">"</span><span class="s">Responde SOLO con información del contexto. </span><span class="sh">"</span> <span class="sh">"</span><span class="s">2-4 oraciones. Si no hay info suficiente: NO_ANSWER</span><span class="sh">"</span> <span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">result</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">response</span><span class="sh">"</span><span class="p">)</span> <span class="ow">or</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">response</span><span class="sh">"</span><span class="p">].</span><span class="nf">strip</span><span class="p">()</span> <span class="o">==</span> <span class="sh">"</span><span class="s">NO_ANSWER</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="bp">None</span> <span class="k">return</span> <span class="nc">SuggestedFAQ</span><span class="p">(</span> <span class="n">tenant_id</span><span class="o">=</span><span class="n">tenant_id</span><span class="p">,</span> <span class="n">knowledge_base_id</span><span class="o">=</span><span class="n">kb_id</span><span class="p">,</span> <span class="n">question</span><span class="o">=</span><span class="n">uq</span><span class="p">.</span><span class="n">query_text</span><span class="p">,</span> <span class="n">generated_answer</span><span class="o">=</span><span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">response</span><span class="sh">"</span><span class="p">].</span><span class="nf">strip</span><span class="p">(),</span> <span class="n">embedding</span><span class="o">=</span><span class="n">query_embedding</span><span class="p">,</span> <span class="n">status</span><span class="o">=</span><span class="sh">"</span><span class="s">pending</span><span class="sh">"</span><span class="p">,</span> <span class="p">)</span> </code></pre> </div> <p>Batch generation prioriza por frecuencia:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">batch_generate_suggestions</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">kb_id</span><span class="p">,</span> <span class="n">limit</span><span class="o">=</span><span class="mi">5</span><span class="p">):</span> <span class="n">stmt</span> <span class="o">=</span> <span class="nf">text</span><span class="p">(</span><span class="sh">"""</span><span class="s"> SELECT uq.id FROM unanswered_queries uq WHERE uq.tenant_id = :tid AND uq.resolved = false AND NOT EXISTS ( SELECT 1 FROM suggested_faqs sf WHERE sf.source_query_id = uq.id AND sf.status = </span><span class="sh">'</span><span class="s">pending</span><span class="sh">'</span><span class="s"> ) ORDER BY uq.occurrence_count DESC LIMIT :lim </span><span class="sh">"""</span><span class="p">)</span> <span class="c1"># Generate suggestions for each... </span></code></pre> </div> <p>Al aprobar, se crea la FAQ real, se invalida el cache, y la query se marca como resuelta. Ciclo cerrado.</p> <h2> Fallback FAQ-only: servicio degradado sin corte </h2> <p>Plan Free: 50 queries de IA/mes. Cuando se agotan, las FAQs siguen activas:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">is_llm_budget_exhausted</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Soft check — enables FAQ-only fallback, does NOT raise.</span><span class="sh">"""</span> <span class="n">plan</span><span class="p">,</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">_get_plan_and_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">plan</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="n">usage</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_monthly_usage</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span> <span class="o">!=</span> <span class="o">-</span><span class="mi">1</span> <span class="ow">and</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">messages_month</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">return</span> <span class="bp">False</span> </code></pre> </div> <p>En el flujo principal:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">faq_only_mode</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">is_llm_budget_exhausted</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># FAQ matching funciona siempre </span><span class="k">if</span> <span class="n">faq_match</span><span class="p">:</span> <span class="k">return</span> <span class="nf">faq_response</span><span class="p">(</span><span class="n">faq_match</span><span class="p">)</span> <span class="c1"># Gratis </span> <span class="c1"># Sin match + sin presupuesto → upgrade card </span><span class="k">if</span> <span class="n">faq_only_mode</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">upgrade_required</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Has alcanzado el límite de consultas de IA. </span><span class="sh">"</span> <span class="sh">"</span><span class="s">Las FAQs siguen disponibles sin costo.</span><span class="sh">"</span> <span class="p">})}</span> </code></pre> </div> <h2> Métricas de costo </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">_get_cost_metrics</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">cutoff</span><span class="p">):</span> <span class="c1"># Tokens by provider </span> <span class="c1"># ...configurable prices from settings... </span> <span class="n">groq_price</span> <span class="o">=</span> <span class="k">await</span> <span class="n">settings_service</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="sh">"</span><span class="s">cost.groq.price_per_1k_tokens</span><span class="sh">"</span><span class="p">,</span> <span class="mf">0.00027</span><span class="p">)</span> <span class="c1"># FAQ savings estimation </span> <span class="n">avg_llm_tokens</span> <span class="o">=</span> <span class="n">total_tokens</span> <span class="o">/</span> <span class="nf">max</span><span class="p">(</span><span class="n">llm_query_count</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="n">estimated_faq_tokens_saved</span> <span class="o">=</span> <span class="nf">int</span><span class="p">(</span><span class="n">faq_count</span> <span class="o">*</span> <span class="n">avg_llm_tokens</span><span class="p">)</span> <span class="n">estimated_faq_cost_saved</span> <span class="o">=</span> <span class="n">estimated_faq_tokens_saved</span> <span class="o">/</span> <span class="mi">1000</span> <span class="o">*</span> <span class="n">groq_price</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">by_provider</span><span class="sh">"</span><span class="p">:</span> <span class="n">by_provider</span><span class="p">,</span> <span class="sh">"</span><span class="s">total_estimated_cost</span><span class="sh">"</span><span class="p">:</span> <span class="nf">round</span><span class="p">(</span><span class="n">total_cost</span><span class="p">,</span> <span class="mi">4</span><span class="p">),</span> <span class="sh">"</span><span class="s">faq_savings</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">queries_without_llm</span><span class="sh">"</span><span class="p">:</span> <span class="n">faq_count</span><span class="p">,</span> <span class="sh">"</span><span class="s">estimated_tokens_saved</span><span class="sh">"</span><span class="p">:</span> <span class="n">estimated_faq_tokens_saved</span><span class="p">,</span> <span class="sh">"</span><span class="s">estimated_cost_saved</span><span class="sh">"</span><span class="p">:</span> <span class="nf">round</span><span class="p">(</span><span class="n">estimated_faq_cost_saved</span><span class="p">,</span> <span class="mi">4</span><span class="p">),</span> <span class="p">},</span> <span class="sh">"</span><span class="s">avg_cost_per_conversation</span><span class="sh">"</span><span class="p">:</span> <span class="nf">round</span><span class="p">(</span><span class="n">total_cost</span> <span class="o">/</span> <span class="n">conv_count</span><span class="p">,</span> <span class="mi">6</span><span class="p">),</span> <span class="p">}</span> </code></pre> </div> <p>Cache hit rate como 7ma stat card en el dashboard:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">get_cache_stats</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">):</span> <span class="n">rate_result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nf">text</span><span class="p">(</span><span class="sh">"""</span><span class="s"> SELECT COUNT(*) FILTER (WHERE query_type = </span><span class="sh">'</span><span class="s">cached</span><span class="sh">'</span><span class="s">) AS cached_queries, COUNT(*) FILTER (WHERE query_type IN (</span><span class="sh">'</span><span class="s">chat</span><span class="sh">'</span><span class="s">,</span><span class="sh">'</span><span class="s">widget</span><span class="sh">'</span><span class="s">,</span><span class="sh">'</span><span class="s">cached</span><span class="sh">'</span><span class="s">)) AS total_queries FROM usage_logs WHERE tenant_id = :tid </span><span class="sh">"""</span><span class="p">))</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">hit_rate</span><span class="sh">"</span><span class="p">:</span> <span class="nf">round</span><span class="p">(</span><span class="n">cached</span> <span class="o">/</span> <span class="n">total</span><span class="p">,</span> <span class="mi">3</span><span class="p">),</span> <span class="p">...}</span> </code></pre> </div> <h2> El flujo completo en el endpoint de chat </h2> <p>Para ver cómo encajan las 3 capas, este es el orden real en <code>chat.py</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># 1. Budget check (soft — no lanza excepción) </span><span class="n">faq_only_mode</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">is_llm_budget_exhausted</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># 2. FAQ match (funciona siempre, incluso en faq_only_mode) </span><span class="n">faq_match</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">match_faq</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">data</span><span class="p">.</span><span class="n">content</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">threshold</span><span class="o">=</span><span class="mf">0.85</span><span class="p">)</span> <span class="k">if</span> <span class="n">faq_match</span><span class="p">:</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">faq_event_generator</span><span class="p">())</span> <span class="c1"># $0 </span> <span class="c1"># 3. Budget exhausted + no FAQ match → upgrade card </span><span class="k">if</span> <span class="n">faq_only_mode</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">upgrade_required</span><span class="sh">"</span><span class="p">,</span> <span class="p">...}</span> <span class="k">return</span> <span class="c1"># 4. Semantic cache lookup </span><span class="n">query_embedding</span> <span class="o">=</span> <span class="n">embedding_service</span><span class="p">.</span><span class="nf">embed_query</span><span class="p">(</span><span class="n">effective_query</span><span class="p">)</span> <span class="n">config_hash</span> <span class="o">=</span> <span class="nf">compute_config_hash</span><span class="p">(</span><span class="n">rag_config</span><span class="p">.</span><span class="n">retrieval</span><span class="p">,</span> <span class="n">detected_lang</span><span class="p">)</span> <span class="n">cache_hit</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">lookup_cache</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">config_hash</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">cache_hit</span><span class="p">:</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">cache_event_generator</span><span class="p">())</span> <span class="c1"># $0 </span> <span class="c1"># 5. Full RAG pipeline (vector + BM25 + rerank + LLM) # ... streaming response ... </span> <span class="c1"># 6. Fire-and-forget: store in cache for next time </span><span class="k">if</span> <span class="ow">not</span> <span class="n">low_confidence</span><span class="p">:</span> <span class="nf">fire_and_forget_store_cache</span><span class="p">(...)</span> </code></pre> </div> <h2> Números reales </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Métrica</th> <th>Valor</th> </tr> </thead> <tbody> <tr> <td>Threshold FAQ</td> <td>0.85</td> </tr> <tr> <td>Threshold cache</td> <td>0.95</td> </tr> <tr> <td>TTL cache default</td> <td>7 días</td> </tr> <tr> <td>Latencia FAQ match</td> <td>~15ms</td> </tr> <tr> <td>Latencia cache lookup</td> <td>~20ms</td> </tr> <tr> <td>Latencia pipeline completo</td> <td>~2-4s</td> </tr> <tr> <td>% queries resueltas por FAQ</td> <td>15-25%</td> </tr> <tr> <td>% queries resueltas por cache</td> <td>10-20%</td> </tr> <tr> <td>% queries que llegan al LLM</td> <td>55-75%</td> </tr> <tr> <td>Ahorro estimado total</td> <td>30-45%</td> </tr> </tbody> </table></div> <h2> Lecciones aprendidas </h2> <h3> 1. Las FAQs son la mejor inversión </h3> <p>No es sexy. Es una tabla con preguntas y respuestas. Pero cada FAQ es una respuesta perfecta servida en 15ms a costo cero, para siempre.</p> <h3> 2. El threshold del cache debe ser muy alto </h3> <p>Con 0.90 tuve falsos positivos que sirvieron respuestas incorrectas. 0.95 es el mínimo seguro.</p> <h3> 3. Fire-and-forget es obligatorio para cache storage </h3> <p>El primer intento fue síncrono. Si el INSERT tarda, el último token del streaming se demora. Fire-and-forget elimina esa latencia.</p> <h3> 4. La invalidación proactiva vale la pena </h3> <p>Es tentador dejar que el cache expire solo (TTL). Pero el admin que sube un documento espera respuestas actualizadas inmediatamente.</p> <h3> 5. Auto-FAQ cierra el ciclo </h3> <p>Sin auto-FAQ, las knowledge gaps se acumulan. Con auto-FAQ, en 2 clicks la pregunta frecuente pasa de gap a FAQ activa.</p> <h3> 6. Fallback FAQ-only &gt; cortar el servicio </h3> <p>Los usuarios free siguen haciendo preguntas que matchean FAQs. Reduce churn y da incentivo real para upgradear.</p> <h3> 7. Los precios de LLM deben ser configurables </h3> <p>Hardcodear <code>$0.00027/1K tokens</code> es una trampa. Los precios cambian. Guardarlos en una tabla de settings permite ajustarlos sin deploy.</p> <h2> Conclusión </h2> <p>Optimizar costos en RAG es un problema de <strong>evitar trabajo innecesario</strong>. Las tres capas (FAQ, cache, auto-FAQ) atacan el mismo principio: si la respuesta ya existe, no pagues por generarla de nuevo.</p> <p>Lo interesante: también mejoran la experiencia. FAQ match en 15ms vs 2-4s del pipeline. Cache hit en 20ms con la misma calidad. Y pgvector ya estaba en el stack — no necesitás Redis ni Elasticsearch.</p> <p><em>Este es el quinto artículo de la serie. Si te sirvió, un like ayuda a que llegue a más personas. ¿Tenés preguntas sobre cache semántico o FAQ matching? Dejá un comentario.</em></p> rag python ai postgres Martin Palopoli Tue, 07 Apr 2026 13:10:00 +0000 https://dev.to/martin_palopoli/how-i-implemented-end-to-end-sse-streaming-from-llm-to-browser-through-nginx-4bjo https://dev.to/martin_palopoli/how-i-implemented-end-to-end-sse-streaming-from-llm-to-browser-through-nginx-4bjo <p>I implemented end-to-end SSE streaming for a RAG engine: an async generator in FastAPI emits custom events (token, sources, confidence, done, error, etc.), the frontend consumes them with <code>fetch</code> + <code>ReadableStream</code>, an embeddable widget in vanilla JS does the same inside a closed Shadow DOM, and Nginx needs 6 specific directives to not ruin everything. Here's the real code, the event protocol, and the lessons learned.</p> <h2> Why SSE and Not WebSockets </h2> <p>When you need streaming in a RAG app, the first question is: WebSockets or SSE.</p> <p>For an LLM chat, the answer is clear: <strong>SSE</strong>.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Criterion</th> <th>SSE</th> <th>WebSockets</th> </tr> </thead> <tbody> <tr> <td>Flow direction</td> <td>Server → client (unidirectional)</td> <td>Bidirectional</td> </tr> <tr> <td>Protocol</td> <td>Standard HTTP</td> <td>Custom protocol (ws://)</td> </tr> <tr> <td>Reconnection</td> <td>Automatic (built-in)</td> <td>Manual</td> </tr> <tr> <td>Proxy/CDN compat</td> <td>Excellent (it's HTTP)</td> <td>Problematic</td> </tr> <tr> <td>Server complexity</td> <td>Low (async generator)</td> <td>High (state management)</td> </tr> <tr> <td>Auth</td> <td>Normal HTTP headers</td> <td>Hack in query params or first message</td> </tr> </tbody> </table></div> <p>A RAG chat is fundamentally <strong>unidirectional during streaming</strong>: the user sends a message (a normal POST) and the server responds with a stream of tokens. You don't need a permanent bidirectional channel.</p> <p>Also, SSE travels over standard HTTP. That means it works with any reverse proxy, CDN, load balancer, and firewall without special configuration (beyond disabling buffering, which we'll cover).</p> <p>With WebSockets you'd need to handle: manual reconnection, handshake authentication, connection state, heartbeats, and proxies that close idle connections. All of that is complexity that adds nothing in this use case.</p> <h2> The Stack </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────┐ POST /messages ┌─────────────┐ │ Browser │ ──────────────────────►│ Nginx │ │ (Vue/Widget)│ │ (reverse │ │ │◄──── SSE stream ───────│ proxy) │ └─────────────┘ └──────┬──────┘ │ ┌──────▼──────┐ │ FastAPI │ │ (uvicorn) │ │ │ │ async gen │──► Groq/OpenAI/Ollama │ → SSE │──► PostgreSQL │ │──► Redis └─────────────┘ </code></pre> </div> <h2> Backend: The Async Generator That Emits SSE </h2> <h3> The Base: EventSourceResponse </h3> <p>FastAPI doesn't have native SSE support, but <code>sse-starlette</code> solves it in one line:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sse_starlette.sse</span> <span class="kn">import</span> <span class="n">EventSourceResponse</span> <span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/conversations/{conv_id}/messages</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">send_message</span><span class="p">(</span><span class="n">conv_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">MessageCreate</span><span class="p">,</span> <span class="p">...):</span> <span class="c1"># ... validations, RAG search, etc. </span> <span class="k">async</span> <span class="k">def</span> <span class="nf">event_generator</span><span class="p">():</span> <span class="k">async</span> <span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="nf">_build_stream</span><span class="p">(</span><span class="n">conv_id</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="p">...):</span> <span class="k">yield</span> <span class="n">event</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">event_generator</span><span class="p">())</span> </code></pre> </div> <p><code>EventSourceResponse</code> takes an async generator and converts it to an SSE stream with the correct format:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">event: token data: {"content": "The "} event: token data: {"content": "answer "} event: token data: {"content": "is..."} event: done data: {"message_id": "abc-123"} </span></code></pre> </div> <p>Each <code>yield</code> from the generator becomes an <code>event:</code> + <code>data:</code> block separated by <code>\n\n</code>.</p> <h3> The Event Protocol </h3> <p>I designed a protocol with <strong>10 event types</strong>, each with a specific JSON payload:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># SSE Protocol Events # ───────────────────────────────────────── # user_message_id → Real ID of message saved in DB # sources → Chunks retrieved from RAG pipeline # confidence → Confidence score (0-1) from reranking # token → Text fragment from LLM # faq_match → Direct FAQ answer (no LLM) # searching → Agentic search in progress (round N) # suggestions → Suggested follow-up questions # error → Error during streaming # upgrade_required → Plan limit reached # content_blocked → Content blocked by rules # done → Stream finished, with message_id </span></code></pre> </div> <p><strong>Why typed events and not just <code>data:</code>?</strong> Because the frontend needs to know <strong>what it's receiving</strong> before parsing it. A token renders differently than a source, an error is handled differently than a confidence event. Without types, the frontend would have to guess the JSON content.</p> <h3> The Full Generator </h3> <p>Here's the real generator (simplified for readability, but with the exact structure):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">event_generator</span><span class="p">():</span> <span class="c1"># Track concurrent stream with Redis </span> <span class="k">await</span> <span class="nf">increment_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">))</span> <span class="k">try</span><span class="p">:</span> <span class="k">async</span> <span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="nf">_event_generator_inner</span><span class="p">():</span> <span class="k">yield</span> <span class="n">event</span> <span class="k">finally</span><span class="p">:</span> <span class="c1"># ALWAYS decrement, even if client disconnects </span> <span class="k">await</span> <span class="nf">decrement_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">))</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">_event_generator_inner</span><span class="p">():</span> <span class="c1"># 1. Real user message ID (to sync with optimistic UI) </span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user_message_id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">user_msg</span><span class="p">.</span><span class="nb">id</span><span class="p">)})</span> <span class="p">}</span> <span class="c1"># 2. Sources retrieved from RAG pipeline </span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">:</span> <span class="n">sources</span><span class="p">})</span> <span class="p">}</span> <span class="c1"># 3. Confidence score </span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="nf">round</span><span class="p">(</span><span class="n">confidence</span><span class="p">,</span> <span class="mi">3</span><span class="p">)})</span> <span class="p">}</span> <span class="c1"># 4. LLM tokens (the heart of streaming) </span> <span class="n">full_response</span> <span class="o">=</span> <span class="sh">""</span> <span class="nb">buffer</span> <span class="o">=</span> <span class="sh">""</span> <span class="n">stream</span> <span class="o">=</span> <span class="nf">stream_chat_response</span><span class="p">(</span><span class="n">query</span><span class="p">,</span> <span class="n">sources</span><span class="p">,</span> <span class="n">history</span><span class="p">,</span> <span class="n">provider</span><span class="p">,</span> <span class="p">...)</span> <span class="k">if</span> <span class="n">inspect</span><span class="p">.</span><span class="nf">isasyncgen</span><span class="p">(</span><span class="n">stream</span><span class="p">):</span> <span class="k">async</span> <span class="k">for</span> <span class="n">token</span> <span class="ow">in</span> <span class="n">stream</span><span class="p">:</span> <span class="nb">buffer</span> <span class="o">+=</span> <span class="n">token</span> <span class="n">full_response</span> <span class="o">+=</span> <span class="n">token</span> <span class="c1"># Buffer for agentic search: don't emit if [SEARCH:] might be coming </span> <span class="k">if</span> <span class="nb">buffer</span> <span class="ow">and</span> <span class="sh">'</span><span class="s">[</span><span class="sh">'</span> <span class="ow">not</span> <span class="ow">in</span> <span class="nb">buffer</span><span class="p">[</span><span class="o">-</span><span class="mi">20</span><span class="p">:]:</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="nb">buffer</span><span class="p">})</span> <span class="p">}</span> <span class="nb">buffer</span> <span class="o">=</span> <span class="sh">""</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Flush final buffer </span> <span class="k">if</span> <span class="nb">buffer</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="nb">buffer</span><span class="p">})</span> <span class="p">}</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Synchronous stream (Groq, OpenAI) </span> <span class="k">for</span> <span class="n">token</span> <span class="ow">in</span> <span class="n">stream</span><span class="p">:</span> <span class="nb">buffer</span> <span class="o">+=</span> <span class="n">token</span> <span class="n">full_response</span> <span class="o">+=</span> <span class="n">token</span> <span class="k">if</span> <span class="nb">buffer</span> <span class="ow">and</span> <span class="sh">'</span><span class="s">[</span><span class="sh">'</span> <span class="ow">not</span> <span class="ow">in</span> <span class="nb">buffer</span><span class="p">[</span><span class="o">-</span><span class="mi">20</span><span class="p">:]:</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="nb">buffer</span><span class="p">})</span> <span class="p">}</span> <span class="nb">buffer</span> <span class="o">=</span> <span class="sh">""</span> <span class="k">else</span><span class="p">:</span> <span class="k">if</span> <span class="nb">buffer</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="nb">buffer</span><span class="p">})</span> <span class="p">}</span> <span class="c1"># 5. Follow-up suggestions (post-stream) </span> <span class="n">suggestion_list</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generate_suggestions</span><span class="p">(</span><span class="n">full_response</span><span class="p">,</span> <span class="n">sources</span><span class="p">,</span> <span class="n">provider</span><span class="p">)</span> <span class="k">if</span> <span class="n">suggestion_list</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">suggestions</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">suggestions</span><span class="sh">"</span><span class="p">:</span> <span class="n">suggestion_list</span><span class="p">})</span> <span class="p">}</span> <span class="c1"># 6. Save message and signal completion </span> <span class="n">msg</span> <span class="o">=</span> <span class="k">await</span> <span class="n">chat_service</span><span class="p">.</span><span class="nf">save_message</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">conv_id</span><span class="p">,</span> <span class="n">MessageRole</span><span class="p">.</span><span class="n">ASSISTANT</span><span class="p">,</span> <span class="n">full_response</span><span class="p">,</span> <span class="p">...)</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="nb">id</span><span class="p">)})</span> <span class="p">}</span> </code></pre> </div> <h3> The Buffer Detail for Agentic Search </h3> <p>The system supports <strong>agentic search</strong>: the LLM can emit <code>[SEARCH: new query]</code> mid-response to request more information. The problem: if you emit tokens one by one, the frontend could render a partial <code>[SEARCH:</code> as visible text.</p> <p>The solution is a buffer that holds the last 20 characters if they contain <code>[</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="nb">buffer</span> <span class="ow">and</span> <span class="sh">'</span><span class="s">[</span><span class="sh">'</span> <span class="ow">not</span> <span class="ow">in</span> <span class="nb">buffer</span><span class="p">[</span><span class="o">-</span><span class="mi">20</span><span class="p">:]:</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="nb">buffer</span><span class="p">})}</span> <span class="nb">buffer</span> <span class="o">=</span> <span class="sh">""</span> </code></pre> </div> <p>If the full marker <code>[SEARCH: ...]</code> is detected, the stream is interrupted, a new search is executed, and generation continues with expanded context:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">match</span> <span class="o">=</span> <span class="n">SEARCH_PATTERN</span><span class="p">.</span><span class="nf">search</span><span class="p">(</span><span class="n">accumulated</span><span class="p">)</span> <span class="k">if</span> <span class="n">match</span> <span class="ow">and</span> <span class="n">search_round</span> <span class="o">&lt;</span> <span class="n">MAX_SEARCH_ROUNDS</span><span class="p">:</span> <span class="n">search_query</span> <span class="o">=</span> <span class="n">match</span><span class="p">.</span><span class="nf">group</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">strip</span><span class="p">()</span> <span class="n">search_round</span> <span class="o">+=</span> <span class="mi">1</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">searching</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">"</span><span class="s">query</span><span class="sh">"</span><span class="p">:</span> <span class="n">search_query</span><span class="p">,</span> <span class="sh">"</span><span class="s">round</span><span class="sh">"</span><span class="p">:</span> <span class="n">search_round</span> <span class="p">})}</span> <span class="c1"># Execute new search with the LLM's query </span> <span class="n">new_sources</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">search_chunks</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">search_query</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">rag_config</span><span class="o">=</span><span class="n">rag_config</span><span class="p">)</span> <span class="c1"># Deduplicate sources </span> <span class="n">existing_ids</span> <span class="o">=</span> <span class="p">{</span><span class="n">s</span><span class="p">[</span><span class="sh">"</span><span class="s">chunk_id</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">all_sources</span><span class="p">}</span> <span class="n">unique_new</span> <span class="o">=</span> <span class="p">[</span><span class="n">s</span> <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">new_sources</span> <span class="k">if</span> <span class="n">s</span><span class="p">[</span><span class="sh">"</span><span class="s">chunk_id</span><span class="sh">"</span><span class="p">]</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">existing_ids</span><span class="p">]</span> <span class="k">if</span> <span class="n">unique_new</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">:</span> <span class="n">unique_new</span><span class="p">,</span> <span class="sh">"</span><span class="s">round</span><span class="sh">"</span><span class="p">:</span> <span class="n">search_round</span> <span class="p">})}</span> <span class="c1"># Continue generation with expanded context </span> <span class="c1"># (max 3 search rounds) </span></code></pre> </div> <h3> Short-Circuits: FAQ, Cache and Upgrade </h3> <p>Before the full RAG pipeline, there are several "shortcuts" that return a different <code>EventSourceResponse</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># FAQ match → instant response without LLM </span><span class="k">if</span> <span class="n">faq_match</span><span class="p">:</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">faq_event_generator</span><span class="p">():</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user_message_id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">user_msg</span><span class="p">.</span><span class="nb">id</span><span class="p">)})}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">faq_match</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">faq_match</span><span class="p">)}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="nb">id</span><span class="p">)})}</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">faq_event_generator</span><span class="p">())</span> <span class="c1"># Cache hit → cached response, simulate streaming </span><span class="k">if</span> <span class="n">cache_hit</span><span class="p">:</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">cache_event_generator</span><span class="p">():</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">:</span> <span class="n">cache_hit</span><span class="p">[</span><span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">]})}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="n">cache_hit</span><span class="p">[</span><span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">]})}</span> <span class="c1"># Simulate streaming word by word </span> <span class="k">for</span> <span class="n">token</span> <span class="ow">in</span> <span class="n">cache_hit</span><span class="p">[</span><span class="sh">"</span><span class="s">response_text</span><span class="sh">"</span><span class="p">].</span><span class="nf">split</span><span class="p">(</span><span class="sh">"</span><span class="s"> </span><span class="sh">"</span><span class="p">):</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">token</span> <span class="o">+</span> <span class="sh">"</span><span class="s"> </span><span class="sh">"</span><span class="p">})}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="nb">id</span><span class="p">),</span> <span class="sh">"</span><span class="s">cached</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">})}</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">cache_event_generator</span><span class="p">())</span> <span class="c1"># Budget exhausted → upgrade signal </span><span class="k">if</span> <span class="n">faq_only_mode</span><span class="p">:</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">upgrade_event_generator</span><span class="p">():</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">upgrade_required</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">You</span><span class="sh">'</span><span class="s">ve reached your AI query limit for this plan.</span><span class="sh">"</span> <span class="p">})}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="nb">id</span><span class="p">)})}</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">upgrade_event_generator</span><span class="p">())</span> </code></pre> </div> <p><strong>Why simulate streaming for cache hits?</strong> Because the frontend has a single rendering path. If cache returned all the text at once, it would need special logic. Simulating streaming keeps the frontend code simple.</p> <h2> Streaming from LLM Providers </h2> <p>Each provider has its own format. The abstraction layer unifies everything into generators that yield strings:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Groq and OpenAI: SYNCHRONOUS generator (SDK compatible) </span><span class="k">def</span> <span class="nf">_stream_groq</span><span class="p">(</span><span class="n">messages</span><span class="p">,</span> <span class="n">temperature</span><span class="o">=</span><span class="mf">0.3</span><span class="p">,</span> <span class="n">max_tokens</span><span class="o">=</span><span class="mi">4096</span><span class="p">):</span> <span class="n">stream</span> <span class="o">=</span> <span class="n">groq_client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="n">settings</span><span class="p">.</span><span class="n">groq_model</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="n">messages</span><span class="p">,</span> <span class="n">stream</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">temperature</span><span class="o">=</span><span class="n">temperature</span><span class="p">,</span> <span class="n">max_tokens</span><span class="o">=</span><span class="n">max_tokens</span><span class="p">,</span> <span class="p">)</span> <span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">stream</span><span class="p">:</span> <span class="n">delta</span> <span class="o">=</span> <span class="n">chunk</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">delta</span> <span class="k">if</span> <span class="n">delta</span><span class="p">.</span><span class="n">content</span><span class="p">:</span> <span class="k">yield</span> <span class="n">delta</span><span class="p">.</span><span class="n">content</span> <span class="c1"># Ollama: ASYNC generator (NDJSON over HTTP streaming) </span><span class="k">async</span> <span class="k">def</span> <span class="nf">_stream_ollama</span><span class="p">(</span><span class="n">messages</span><span class="p">,</span> <span class="n">temperature</span><span class="o">=</span><span class="mf">0.3</span><span class="p">,</span> <span class="n">max_tokens</span><span class="o">=</span><span class="mi">4096</span><span class="p">):</span> <span class="k">async</span> <span class="k">with</span> <span class="n">httpx</span><span class="p">.</span><span class="nc">AsyncClient</span><span class="p">(</span><span class="n">timeout</span><span class="o">=</span><span class="n">httpx</span><span class="p">.</span><span class="nc">Timeout</span><span class="p">(</span><span class="mf">300.0</span><span class="p">))</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="k">async</span> <span class="k">with</span> <span class="n">client</span><span class="p">.</span><span class="nf">stream</span><span class="p">(</span><span class="sh">"</span><span class="s">POST</span><span class="sh">"</span><span class="p">,</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">settings</span><span class="p">.</span><span class="n">ollama_url</span><span class="si">}</span><span class="s">/api/chat</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">model</span><span class="sh">"</span><span class="p">:</span> <span class="n">settings</span><span class="p">.</span><span class="n">ollama_model</span><span class="p">,</span> <span class="sh">"</span><span class="s">messages</span><span class="sh">"</span><span class="p">:</span> <span class="n">messages</span><span class="p">,</span> <span class="sh">"</span><span class="s">stream</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">})</span> <span class="k">as</span> <span class="n">response</span><span class="p">:</span> <span class="k">async</span> <span class="k">for</span> <span class="n">line</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="nf">aiter_lines</span><span class="p">():</span> <span class="n">data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">line</span><span class="p">)</span> <span class="n">content</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">,</span> <span class="p">{}).</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">)</span> <span class="k">if</span> <span class="n">content</span><span class="p">:</span> <span class="k">yield</span> <span class="n">content</span> <span class="k">if</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">):</span> <span class="k">break</span> </code></pre> </div> <p><strong>The key detail</strong>: Groq/OpenAI return <strong>synchronous</strong> generators, Ollama returns <strong>async</strong>. The SSE generator needs to handle both with <code>inspect.isasyncgen()</code>. It's ugly, but wrapping sync in async adds complexity and indirection that makes debugging harder.</p> <h2> Frontend: Consuming with fetch + ReadableStream </h2> <h3> Why Not EventSource </h3> <p>The browser's <code>EventSource</code> API has a fatal flaw for this use case: <strong>it only supports GET</strong>. Our chat endpoint is a POST with JSON body (message content, knowledge base IDs, provider, etc.).</p> <p>The alternative: <code>fetch</code> + <code>ReadableStream</code>. More code, but total control.</p> <h3> The SSE Parser </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">sendMessage</span><span class="p">(</span> <span class="nx">convId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">content</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">knowledgeBaseIds</span><span class="p">:</span> <span class="kr">string</span><span class="p">[],</span> <span class="nx">callbacks</span><span class="p">:</span> <span class="nx">StreamCallbacks</span><span class="p">,</span> <span class="nx">provider</span><span class="p">?:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">access_token</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`/api/v1/conversations/</span><span class="p">${</span><span class="nx">convId</span><span class="p">}</span><span class="s2">/messages`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">...(</span><span class="nx">token</span> <span class="p">?</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">:</span> <span class="p">{}),</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">content</span><span class="p">,</span> <span class="na">knowledge_base_ids</span><span class="p">:</span> <span class="nx">knowledgeBaseIds</span><span class="p">,</span> <span class="nx">provider</span><span class="p">,</span> <span class="p">}),</span> <span class="p">})</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Detect plan limit error (403)</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">403</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">errorData</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="nx">errorData</span><span class="p">.</span><span class="nx">detail</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">limit</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="s2">`__PLAN_LIMIT__:</span><span class="p">${</span><span class="nx">errorData</span><span class="p">.</span><span class="nx">detail</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="s2">`Error: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">reader</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nx">body</span><span class="p">?.</span><span class="nf">getReader</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">reader</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="dl">'</span><span class="s1">No response stream</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">decoder</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextDecoder</span><span class="p">()</span> <span class="kd">let</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="dl">''</span> <span class="kd">let</span> <span class="nx">receivedDone</span> <span class="o">=</span> <span class="kc">false</span> <span class="k">try</span> <span class="p">{</span> <span class="k">while </span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">done</span><span class="p">,</span> <span class="nx">value</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">reader</span><span class="p">.</span><span class="nf">read</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="nx">done</span><span class="p">)</span> <span class="k">break</span> <span class="nx">buffer</span> <span class="o">+=</span> <span class="nx">decoder</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="nx">value</span><span class="p">,</span> <span class="p">{</span> <span class="na">stream</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> <span class="kd">const</span> <span class="nx">lines</span> <span class="o">=</span> <span class="nx">buffer</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="se">\n</span><span class="dl">'</span><span class="p">)</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="nx">lines</span><span class="p">.</span><span class="nf">pop</span><span class="p">()</span> <span class="o">||</span> <span class="dl">''</span> <span class="c1">// Last incomplete line → to buffer</span> <span class="kd">let</span> <span class="nx">currentEvent</span> <span class="o">=</span> <span class="dl">''</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">line</span> <span class="k">of</span> <span class="nx">lines</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">event: </span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="nx">currentEvent</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">7</span><span class="p">).</span><span class="nf">trim</span><span class="p">()</span> <span class="k">continue</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">data: </span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">parsed</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">6</span><span class="p">))</span> <span class="c1">// Dispatch by event type</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onToken</span><span class="p">(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">content</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">sources</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onSources</span><span class="p">(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">sources</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">confidence</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onConfidence</span><span class="p">?.(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">score</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">faq_match</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onFaqMatch</span><span class="p">?.(</span><span class="nx">parsed</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">upgrade_required</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onUpgradeRequired</span><span class="p">?.(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">message</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">content_blocked</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onContentBlocked</span><span class="p">?.(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">response</span><span class="p">,</span> <span class="nx">parsed</span><span class="p">.</span><span class="kd">type</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">error</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">done</span><span class="dl">'</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">message_id</span><span class="dl">'</span> <span class="k">in</span> <span class="nx">parsed</span><span class="p">)</span> <span class="p">{</span> <span class="nx">receivedDone</span> <span class="o">=</span> <span class="kc">true</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onDone</span><span class="p">(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">message_id</span><span class="p">)</span> <span class="p">}</span> <span class="nx">currentEvent</span> <span class="o">=</span> <span class="dl">''</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="s2">`Connection error: </span><span class="p">${</span><span class="nx">err</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="c1">// If stream ended without "done" event, something went wrong</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">receivedDone</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Connection was interrupted before completing the response</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> The Callbacks Interface </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kr">interface</span> <span class="nx">StreamCallbacks</span> <span class="p">{</span> <span class="nl">onSources</span><span class="p">:</span> <span class="p">(</span><span class="nx">sources</span><span class="p">:</span> <span class="nx">Source</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onToken</span><span class="p">:</span> <span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onCodeResult</span><span class="p">:</span> <span class="p">(</span><span class="nx">result</span><span class="p">:</span> <span class="nx">CodeResult</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onSearching</span><span class="p">:</span> <span class="p">(</span><span class="nx">query</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">round</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onExecuting</span><span class="p">:</span> <span class="p">(</span><span class="nx">count</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onSuggestions</span><span class="p">:</span> <span class="p">(</span><span class="nx">suggestions</span><span class="p">:</span> <span class="kr">string</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onUserMessageId</span><span class="p">:</span> <span class="p">(</span><span class="nx">messageId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onFaqMatch</span><span class="p">?:</span> <span class="p">(</span><span class="nx">match</span><span class="p">:</span> <span class="nx">FAQMatch</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onConfidence</span><span class="p">?:</span> <span class="p">(</span><span class="nx">score</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onUpgradeRequired</span><span class="p">?:</span> <span class="p">(</span><span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onContentBlocked</span><span class="p">?:</span> <span class="p">(</span><span class="nx">response</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">blockType</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onDone</span><span class="p">:</span> <span class="p">(</span><span class="nx">messageId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onError</span><span class="p">:</span> <span class="p">(</span><span class="nx">error</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="p">}</span> </code></pre> </div> <p>The <code>useChat</code> composable connects these callbacks with Vue's reactive state:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">api</span><span class="p">.</span><span class="nf">sendMessage</span><span class="p">(</span><span class="nx">conversationId</span><span class="p">,</span> <span class="nx">content</span><span class="p">,</span> <span class="nx">kbIds</span><span class="p">,</span> <span class="p">{</span> <span class="na">onToken</span><span class="p">:</span> <span class="p">(</span><span class="nx">token</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">streamingContent</span><span class="p">.</span><span class="nx">value</span> <span class="o">+=</span> <span class="nx">token</span> <span class="kd">const</span> <span class="nx">last</span> <span class="o">=</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">[</span><span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="k">if </span><span class="p">(</span><span class="nx">last</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">assistant</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">last</span><span class="p">.</span><span class="nx">content</span> <span class="o">=</span> <span class="nx">streamingContent</span><span class="p">.</span><span class="nx">value</span> <span class="p">}</span> <span class="p">},</span> <span class="na">onSources</span><span class="p">:</span> <span class="p">(</span><span class="nx">s</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">sources</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">sources</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="p">...</span><span class="nx">s</span><span class="p">]</span> <span class="p">},</span> <span class="na">onConfidence</span><span class="p">:</span> <span class="p">(</span><span class="nx">score</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">last</span> <span class="o">=</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">[</span><span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="k">if </span><span class="p">(</span><span class="nx">last</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">assistant</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">last</span><span class="p">.</span><span class="nx">confidenceScore</span> <span class="o">=</span> <span class="nx">score</span> <span class="p">}</span> <span class="p">},</span> <span class="na">onDone</span><span class="p">:</span> <span class="p">(</span><span class="nx">messageId</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">last</span> <span class="o">=</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">[</span><span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="k">if </span><span class="p">(</span><span class="nx">last</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">assistant</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">last</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">messageId</span> <span class="nx">last</span><span class="p">.</span><span class="nx">sources</span> <span class="o">=</span> <span class="nx">sources</span><span class="p">.</span><span class="nx">value</span> <span class="p">}</span> <span class="nx">streaming</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="kc">false</span> <span class="p">},</span> <span class="na">onError</span><span class="p">:</span> <span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">last</span> <span class="o">=</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">[</span><span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="k">if </span><span class="p">(</span><span class="nx">last</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">assistant</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">last</span><span class="p">.</span><span class="nx">content</span> <span class="o">=</span> <span class="s2">`Error: </span><span class="p">${</span><span class="nx">err</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="nx">streaming</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="kc">false</span> <span class="p">},</span> <span class="p">})</span> </code></pre> </div> <h3> Optimistic UI with Reconciliation </h3> <p>A subtle detail: when the user sends a message, we add it immediately to the UI with a temporary ID (<code>crypto.randomUUID()</code>). But the real ID is generated by the database. The <code>user_message_id</code> event syncs both:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">userMsg</span><span class="p">:</span> <span class="nx">Message</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">(),</span> <span class="c1">// Optimistic temporary ID</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="nx">content</span><span class="p">,</span> <span class="p">...</span> <span class="p">}</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">userMsg</span><span class="p">)</span> <span class="c1">// When the real ID arrives from the server:</span> <span class="nx">onUserMessageId</span><span class="p">:</span> <span class="p">(</span><span class="nx">realId</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">userMsg</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">realId</span> <span class="c1">// Replace temporary ID with DB ID</span> <span class="p">},</span> </code></pre> </div> <p>This matters for feedback: when the user gives a thumbs-up to a message, it needs the real ID so the PATCH reaches the correct message.</p> <h2> Embeddable Widget: SSE in Vanilla JS </h2> <p>The widget is ~970 lines of vanilla JS running inside a <strong>closed Shadow DOM</strong> (<code>mode: 'closed'</code>). The SSE parsing is identical to the TypeScript frontend, but with <code>var</code> instead of <code>const</code> and no types:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">reader</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nf">getReader</span><span class="p">();</span> <span class="kd">var</span> <span class="nx">decoder</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextDecoder</span><span class="p">();</span> <span class="kd">var</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">assistantContent</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="k">while </span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">readResult</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">reader</span><span class="p">.</span><span class="nf">read</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">readResult</span><span class="p">.</span><span class="nx">done</span><span class="p">)</span> <span class="k">break</span><span class="p">;</span> <span class="nx">buffer</span> <span class="o">+=</span> <span class="nx">decoder</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="nx">readResult</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="p">{</span> <span class="na">stream</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="kd">var</span> <span class="nx">lines</span> <span class="o">=</span> <span class="nx">buffer</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="se">\n</span><span class="dl">'</span><span class="p">);</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="nx">lines</span><span class="p">.</span><span class="nf">pop</span><span class="p">()</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">event</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">var</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">lines</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">line</span> <span class="o">=</span> <span class="nx">lines</span><span class="p">[</span><span class="nx">i</span><span class="p">].</span><span class="nf">trim</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">event:</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="nx">event</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">6</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">data:</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">5</span><span class="p">).</span><span class="nf">trim</span><span class="p">());</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">session</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">sessionToken</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">session_token</span><span class="p">;</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="nx">STORAGE_KEY</span><span class="p">,</span> <span class="nx">sessionToken</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">assistantContent</span> <span class="o">+=</span> <span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">content</span> <span class="o">||</span> <span class="dl">''</span><span class="p">);</span> <span class="nx">messages</span><span class="p">[</span><span class="nx">assistantMsgIndex</span><span class="p">].</span><span class="nx">content</span> <span class="o">=</span> <span class="nx">assistantContent</span><span class="p">;</span> <span class="nf">renderMessages</span><span class="p">();</span> <span class="c1">// Re-render on each token</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">faq_match</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">messages</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">assistant</span><span class="dl">'</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">answer</span><span class="p">,</span> <span class="na">faqMatch</span><span class="p">:</span> <span class="nx">data</span> <span class="p">});</span> <span class="nf">renderMessages</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Key Differences from the Main App </h3> <ol> <li> <strong>Auth</strong>: The widget uses <code>X-API-Key</code> (SHA-256 hashed) instead of JWT. No login.</li> <li> <strong>First event</strong>: Instead of <code>user_message_id</code>, the widget receives <code>session</code> with a token persisted in <code>localStorage</code> to maintain history across visits.</li> <li> <strong>Closed Shadow DOM</strong>: <code>host.attachShadow({ mode: 'closed' })</code> completely isolates styles and DOM from the host page. Not even <code>document.querySelector</code> can access the widget from outside.</li> </ol> <h2> Nginx: The 6 Directives That Make It Work </h2> <p>This is the section that caused me the most headaches. Without the correct Nginx configuration, SSE streaming <strong>doesn't work</strong>. Tokens accumulate in Nginx's buffer and arrive all at once at the end.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">location</span> <span class="n">/api/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:8000</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="c1"># === The 6 SSE directives ===</span> <span class="kn">proxy_buffering</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># 1. Don't buffer the response</span> <span class="kn">proxy_cache</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># 2. Don't cache</span> <span class="kn">proxy_read_timeout</span> <span class="s">300s</span><span class="p">;</span> <span class="c1"># 3. Long timeout (streams last minutes)</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">''</span><span class="p">;</span> <span class="c1"># 4. Disable upstream keep-alive</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="c1"># 5. HTTP/1.1 (required for chunked)</span> <span class="kn">chunked_transfer_encoding</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># 6. Disable Nginx's chunked encoding</span> <span class="p">}</span> </code></pre> </div> <h3> What Each One Does </h3> <p><strong>1. <code>proxy_buffering off</code></strong> — The most important one. By default, Nginx buffers the complete upstream response before sending it to the client. With SSE, each event must reach the client immediately.</p> <p><strong>2. <code>proxy_cache off</code></strong> — Nginx can cache upstream responses. A cached SSE stream is... a very bad idea.</p> <p><strong>3. <code>proxy_read_timeout 300s</code></strong> — The default is 60 seconds. An LLM response with agentic search (3 rounds) can take 2-3 minutes. Without this timeout, Nginx closes the connection mid-response.</p> <p><strong>4. <code>proxy_set_header Connection ''</code></strong> — Clears the Connection header to prevent Nginx from maintaining the upstream connection with keep-alive, which can cause data to be held back.</p> <p><strong>5. <code>proxy_http_version 1.1</code></strong> — HTTP/1.1 is required for chunked transfer-encoding. Nginx's default for upstream is HTTP/1.0.</p> <p><strong>6. <code>chunked_transfer_encoding off</code></strong> — Seems contradictory to the previous point, but this disables chunked encoding <strong>from Nginx</strong>, not from upstream. Without this, Nginx can re-chunk the response and alter event timing.</p> <h3> The Symptom You'll See Without These Directives </h3> <p>If you're missing any of them, you'll see this behavior:</p> <ol> <li>The user sends a message</li> <li>The "loading" spinner stays for 5-30 seconds</li> <li>Suddenly, <strong>the entire response appears at once</strong> </li> <li>Streaming "works" on localhost (without Nginx) but not in production</li> </ol> <p>If this happens to you, it's Nginx buffering. Add the 6 directives and it resolves immediately.</p> <h3> Cloudflare: The Other Invisible Proxy </h3> <p>If you use Cloudflare as proxy (orange cloud), there's a detail: Cloudflare can also buffer responses. But in practice, Cloudflare detects SSE automatically by the <code>Content-Type: text/event-stream</code> and disables buffering. No special configuration needed.</p> <h2> Redis: Stream Concurrency </h2> <p>A user could open 10 tabs and launch 10 simultaneous streams. Each stream consumes LLM resources, DB connections, and memory. Concurrency control uses Redis as an atomic counter:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">_CONCURRENT_TTL</span> <span class="o">=</span> <span class="mi">300</span> <span class="c1"># 5-minute TTL as safety net </span> <span class="k">async</span> <span class="k">def</span> <span class="nf">increment_concurrent</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">client</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> <span class="c1"># Fail-open: without Redis, allow </span> <span class="n">redis_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">concurrent:</span><span class="si">{</span><span class="n">tenant_id</span><span class="si">}</span><span class="sh">"</span> <span class="n">pipe</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">pipeline</span><span class="p">()</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">incr</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="n">_CONCURRENT_TTL</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="k">await</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">execute</span><span class="p">()</span> <span class="k">return</span> <span class="n">results</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">decrement_concurrent</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">client</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> <span class="n">redis_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">concurrent:</span><span class="si">{</span><span class="n">tenant_id</span><span class="si">}</span><span class="sh">"</span> <span class="n">count</span> <span class="o">=</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">decr</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="k">if</span> <span class="n">count</span> <span class="o">&lt;=</span> <span class="mi">0</span><span class="p">:</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="c1"># Clean dead keys </span> <span class="k">return</span> <span class="mi">0</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="n">_CONCURRENT_TTL</span><span class="p">)</span> <span class="k">return</span> <span class="n">count</span> </code></pre> </div> <h3> The try/finally Pattern </h3> <p>Increment and decrement are in a <code>try/finally</code> to guarantee the counter decrements <strong>always</strong>, even if the client disconnects mid-stream:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">event_generator</span><span class="p">():</span> <span class="k">await</span> <span class="nf">increment_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">))</span> <span class="k">try</span><span class="p">:</span> <span class="k">async</span> <span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="nf">_event_generator_inner</span><span class="p">():</span> <span class="k">yield</span> <span class="n">event</span> <span class="k">finally</span><span class="p">:</span> <span class="k">await</span> <span class="nf">decrement_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">))</span> </code></pre> </div> <h3> TTL as Safety Net </h3> <p>What happens if the server crashes mid-stream? The <code>decrement</code> never executes and the counter stays inflated. The 5-minute TTL solves this: if it's not renewed with <code>expire</code>, the key self-deletes. The system self-heals.</p> <h3> Fail-Open and Rate Limiting </h3> <p>Two important principles:</p> <ol> <li><p><strong>Fail-open</strong>: If Redis is down, the rate limiter allows everything. I prefer serving requests without rate limiting to rejecting everything because Redis went down. Redis is a guard, not a gate.</p></li> <li><p><strong>Sliding window per API key</strong>: Besides per-tenant concurrency, each widget API key has its own rate limit using Redis sorted sets. Timestamps as scores, <code>zremrangebyscore</code> to clean expired entries, <code>zcard</code> to count — all in an atomic pipeline.</p></li> </ol> <h2> Error Handling: The 3 Layers </h2> <p><strong>Backend</strong>: Always emit <code>done</code> after <code>error</code>. Without this, the frontend gets stuck in "streaming" state indefinitely:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">LLM error: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">})}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">})}</span> <span class="k">return</span> </code></pre> </div> <p><strong>Frontend</strong>: Detect incomplete streams. If the reader returns <code>done: true</code> but we never received a <code>done</code> event, something went wrong (Nginx timeout, backend crash):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">receivedDone</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="dl">'</span><span class="s1">Connection was interrupted before completing the response</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p><strong>Pre-stream</strong>: 403 errors (plan limit) arrive as normal HTTP before the SSE stream. The frontend uses a <code>__PLAN_LIMIT__:</code> prefix as internal convention so the composable distinguishes plan errors from generic errors and shows different UI (upgrade card vs. error message).</p> <h2> Real Numbers </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>First token latency (Groq)</td> <td>~200-400ms</td> </tr> <tr> <td>First token latency (Ollama local)</td> <td>~1-2s</td> </tr> <tr> <td>Typical total response time</td> <td>~3-8s</td> </tr> <tr> <td>Total time with agentic search (3 rounds)</td> <td>~15-30s</td> </tr> <tr> <td>FAQ match (no LLM)</td> <td>~15ms</td> </tr> <tr> <td>Cache hit (simulated)</td> <td>~50ms</td> </tr> <tr> <td>Nginx SSE overhead</td> <td>&lt;1ms per event</td> </tr> <tr> <td>Concurrent streams per tenant (Free plan)</td> <td>2</td> </tr> <tr> <td>API key rate limit (default)</td> <td>30 req/min</td> </tr> </tbody> </table></div> <h2> Lessons Learned </h2> <h3> 1. SSE &gt; WebSockets for LLM Streaming </h3> <p>Don't try to shove WebSockets where SSE is sufficient. For a unidirectional flow (server → client), SSE is simpler, more proxy-compatible, and easier to debug. The browser's automatic reconnection is a bonus.</p> <h3> 2. Always Emit "done" at the End </h3> <p>Without an explicit termination event, the frontend can't distinguish between "the stream ended" and "the stream was cut off". Emitting <code>done</code> always — even after errors — is what makes the protocol robust.</p> <h3> 3. Nginx Buffering Is the Silent Enemy </h3> <p>In development without Nginx everything works perfectly. In production, tokens arrive all at once. The first time it happened, I spent 2 hours thinking the problem was in the backend. It was 6 lines of Nginx.</p> <h3> 4. Buffer for Inline Markers </h3> <p>If your LLM can emit special markers (<code>[SEARCH:]</code>, executable code, etc.), you need a buffer that holds text until you're sure there's no partial marker. Without this, the user sees artifacts like <code>[SEAR</code> in the chat.</p> <h3> 5. Try/Finally with Redis Counters </h3> <p>Every counter that's incremented before a stream must be decremented in a <code>finally</code>. Not in the happy path, not in the error handler: in <code>finally</code>. Clients disconnect without warning, servers crash, and generators get interrupted.</p> <h3> 6. Fail-Open for Auxiliary Services </h3> <p>Redis for rate limiting should be fail-open. If Redis goes down, it's better to serve without rate limiting than to reject all requests. The same applies to logging, analytics, and any non-critical service.</p> <h3> 7. fetch + ReadableStream &gt; EventSource </h3> <p><code>EventSource</code> is elegant but limited (GET only, minimal headers). <code>fetch</code> + <code>ReadableStream</code> requires more code but supports POST, custom headers (JWT), and fine-grained error handling. For a real-world case, the flexibility justifies the ~30 extra lines.</p> <h2> What's Next </h2> <ul> <li> <strong>Optional WebSocket upgrade</strong>: For future bidirectional features (typing indicators, presence), evaluate a selective upgrade without replacing SSE</li> <li> <strong>Backpressure</strong>: If the frontend can't render as fast as the LLM generates, implement backpressure signaling</li> <li> <strong>Compression</strong>: Evaluate SSE over HTTP/2 with frame compression to reduce bandwidth for high-traffic widgets</li> </ul> <h2> Conclusion </h2> <p>SSE for LLM streaming isn't hard to implement — but it's easy to implement poorly. The pitfalls are in the details: Nginx that buffers, generators that don't clean up counters, frontends that don't detect incomplete streams, and widgets that don't handle all event types.</p> <p>The custom event protocol (token, sources, confidence, done, error, etc.) is what transforms a text stream into a usable system: the frontend knows <strong>what</strong> it's receiving and can render it correctly, show confidence indicators, accumulate sources from different search rounds, and handle edge cases like plan limits or blocked content.</p> <p>Most importantly: <strong>always test through Nginx</strong>. What works on localhost without a proxy is not representative of production. Those 6 Nginx directives are the difference between "real token-by-token streaming" and "all text at once after 10 seconds".</p> sse python fastapi javascript Martin Palopoli Tue, 31 Mar 2026 13:10:00 +0000 https://dev.to/martin_palopoli/como-implemente-streaming-sse-de-extremo-a-extremo-desde-el-llm-hasta-el-navegador-pasando-por-3839 https://dev.to/martin_palopoli/como-implemente-streaming-sse-de-extremo-a-extremo-desde-el-llm-hasta-el-navegador-pasando-por-3839 <p>TL;DR</p> <p>Implementé streaming SSE de extremo a extremo para un motor RAG: un generador async en FastAPI emite eventos custom (token, sources, confidence, done, error, etc.), el frontend los consume con <code>fetch</code> + <code>ReadableStream</code>, un widget embebible en vanilla JS hace lo mismo dentro de un Shadow DOM cerrado, y Nginx necesita 6 directivas específicas para no arruinar todo. Comparto el código real, el protocolo de eventos, y las lecciones aprendidas.</p> <h2> Por qué SSE y no WebSockets </h2> <p>Cuando necesitás streaming en una app RAG, la primera pregunta es: WebSockets o SSE.</p> <p>Para un chat con LLM, la respuesta es clara: <strong>SSE</strong>.</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Criterio</th> <th>SSE</th> <th>WebSockets</th> </tr> </thead> <tbody> <tr> <td>Dirección del flujo</td> <td>Servidor → cliente (unidireccional)</td> <td>Bidireccional</td> </tr> <tr> <td>Protocolo</td> <td>HTTP estándar</td> <td>Protocolo propio (ws://)</td> </tr> <tr> <td>Reconexión</td> <td>Automática (built-in)</td> <td>Manual</td> </tr> <tr> <td>Proxy/CDN compat</td> <td>Excelente (es HTTP)</td> <td>Problemática</td> </tr> <tr> <td>Complejidad server</td> <td>Baja (generador async)</td> <td>Alta (state management)</td> </tr> <tr> <td>Auth</td> <td>Headers HTTP normales</td> <td>Hack en query params o primer mensaje</td> </tr> </tbody> </table></div> <p>Un chat RAG es fundamentalmente <strong>unidireccional durante el streaming</strong>: el usuario envía un mensaje (un POST normal) y el servidor responde con un stream de tokens. No necesitás un canal bidireccional permanente.</p> <p>Además, SSE viaja sobre HTTP estándar. Eso significa que funciona con cualquier reverse proxy, CDN, load balancer, y firewall sin configuración especial (más allá de desactivar buffering, que ya veremos).</p> <p>Con WebSockets tenés que manejar: reconexión manual, autenticación en el handshake, estado de la conexión, heartbeats, y proxies que cierran conexiones idle. Todo eso es complejidad que no aporta nada en este caso de uso.</p> <h2> El stack </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌─────────────┐ POST /messages ┌─────────────┐ │ Browser │ ──────────────────────►│ Nginx │ │ (Vue/Widget)│ │ (reverse │ │ │◄──── SSE stream ───────│ proxy) │ └─────────────┘ └──────┬──────┘ │ ┌──────▼──────┐ │ FastAPI │ │ (uvicorn) │ │ │ │ async gen │──► Groq/OpenAI/Ollama │ → SSE │──► PostgreSQL │ │──► Redis └─────────────┘ </code></pre> </div> <h2> Backend: el generador async que emite SSE </h2> <h3> La base: EventSourceResponse </h3> <p>FastAPI no tiene soporte nativo para SSE, pero <code>sse-starlette</code> lo resuelve con una línea:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sse_starlette.sse</span> <span class="kn">import</span> <span class="n">EventSourceResponse</span> <span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/conversations/{conv_id}/messages</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">send_message</span><span class="p">(</span><span class="n">conv_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">MessageCreate</span><span class="p">,</span> <span class="p">...):</span> <span class="c1"># ... validaciones, búsqueda RAG, etc. </span> <span class="k">async</span> <span class="k">def</span> <span class="nf">event_generator</span><span class="p">():</span> <span class="k">async</span> <span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="nf">_build_stream</span><span class="p">(</span><span class="n">conv_id</span><span class="p">,</span> <span class="n">data</span><span class="p">,</span> <span class="p">...):</span> <span class="k">yield</span> <span class="n">event</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">event_generator</span><span class="p">())</span> </code></pre> </div> <p><code>EventSourceResponse</code> toma un generador async y lo convierte en un stream SSE con el formato correcto:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">event: token data: {"content": "La "} event: token data: {"content": "respuesta "} event: token data: {"content": "es..."} event: done data: {"message_id": "abc-123"} </span></code></pre> </div> <p>Cada <code>yield</code> del generador se convierte en un bloque <code>event:</code> + <code>data:</code> separado por <code>\n\n</code>.</p> <h3> El protocolo de eventos </h3> <p>Diseñé un protocolo con <strong>10 tipos de eventos</strong>, cada uno con un payload JSON específico:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Eventos del protocolo SSE # ───────────────────────────────────────── # user_message_id → ID real del mensaje guardado en DB # sources → Chunks recuperados del RAG pipeline # confidence → Score de confianza (0-1) del reranking # token → Fragmento de texto del LLM # faq_match → Respuesta FAQ directa (sin LLM) # searching → Búsqueda agentic en progreso (round N) # suggestions → Preguntas de seguimiento sugeridas # error → Error durante el streaming # upgrade_required → Límite de plan alcanzado # content_blocked → Contenido bloqueado por reglas # done → Stream finalizado, con message_id </span></code></pre> </div> <p><strong>¿Por qué eventos tipados y no solo <code>data:</code>?</strong> Porque el frontend necesita saber <strong>qué está recibiendo</strong> antes de parsearlo. Un token se renderiza diferente a una fuente, un error se maneja diferente a un evento de confianza. Sin tipos, el frontend tendría que adivinar el contenido del JSON.</p> <h3> El generador completo </h3> <p>Así se ve el generador real (simplificado para legibilidad, pero con la estructura exacta):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">event_generator</span><span class="p">():</span> <span class="c1"># Trackear stream concurrente con Redis </span> <span class="k">await</span> <span class="nf">increment_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">))</span> <span class="k">try</span><span class="p">:</span> <span class="k">async</span> <span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="nf">_event_generator_inner</span><span class="p">():</span> <span class="k">yield</span> <span class="n">event</span> <span class="k">finally</span><span class="p">:</span> <span class="c1"># SIEMPRE decrementar, incluso si el cliente desconecta </span> <span class="k">await</span> <span class="nf">decrement_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">))</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">_event_generator_inner</span><span class="p">():</span> <span class="c1"># 1. ID real del mensaje del usuario (para sincronizar con el optimistic UI) </span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user_message_id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">user_msg</span><span class="p">.</span><span class="nb">id</span><span class="p">)})</span> <span class="p">}</span> <span class="c1"># 2. Fuentes recuperadas del pipeline RAG </span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">:</span> <span class="n">sources</span><span class="p">})</span> <span class="p">}</span> <span class="c1"># 3. Score de confianza </span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="nf">round</span><span class="p">(</span><span class="n">confidence</span><span class="p">,</span> <span class="mi">3</span><span class="p">)})</span> <span class="p">}</span> <span class="c1"># 4. Tokens del LLM (el corazón del streaming) </span> <span class="n">full_response</span> <span class="o">=</span> <span class="sh">""</span> <span class="nb">buffer</span> <span class="o">=</span> <span class="sh">""</span> <span class="n">stream</span> <span class="o">=</span> <span class="nf">stream_chat_response</span><span class="p">(</span><span class="n">query</span><span class="p">,</span> <span class="n">sources</span><span class="p">,</span> <span class="n">history</span><span class="p">,</span> <span class="n">provider</span><span class="p">,</span> <span class="p">...)</span> <span class="k">if</span> <span class="n">inspect</span><span class="p">.</span><span class="nf">isasyncgen</span><span class="p">(</span><span class="n">stream</span><span class="p">):</span> <span class="k">async</span> <span class="k">for</span> <span class="n">token</span> <span class="ow">in</span> <span class="n">stream</span><span class="p">:</span> <span class="nb">buffer</span> <span class="o">+=</span> <span class="n">token</span> <span class="n">full_response</span> <span class="o">+=</span> <span class="n">token</span> <span class="c1"># Buffer para agentic search: no emitir si puede venir [SEARCH:] </span> <span class="k">if</span> <span class="nb">buffer</span> <span class="ow">and</span> <span class="sh">'</span><span class="s">[</span><span class="sh">'</span> <span class="ow">not</span> <span class="ow">in</span> <span class="nb">buffer</span><span class="p">[</span><span class="o">-</span><span class="mi">20</span><span class="p">:]:</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="nb">buffer</span><span class="p">})</span> <span class="p">}</span> <span class="nb">buffer</span> <span class="o">=</span> <span class="sh">""</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Flush del buffer final </span> <span class="k">if</span> <span class="nb">buffer</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="nb">buffer</span><span class="p">})</span> <span class="p">}</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Stream sincrónico (Groq, OpenAI) </span> <span class="k">for</span> <span class="n">token</span> <span class="ow">in</span> <span class="n">stream</span><span class="p">:</span> <span class="nb">buffer</span> <span class="o">+=</span> <span class="n">token</span> <span class="n">full_response</span> <span class="o">+=</span> <span class="n">token</span> <span class="k">if</span> <span class="nb">buffer</span> <span class="ow">and</span> <span class="sh">'</span><span class="s">[</span><span class="sh">'</span> <span class="ow">not</span> <span class="ow">in</span> <span class="nb">buffer</span><span class="p">[</span><span class="o">-</span><span class="mi">20</span><span class="p">:]:</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="nb">buffer</span><span class="p">})</span> <span class="p">}</span> <span class="nb">buffer</span> <span class="o">=</span> <span class="sh">""</span> <span class="k">else</span><span class="p">:</span> <span class="k">if</span> <span class="nb">buffer</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="nb">buffer</span><span class="p">})</span> <span class="p">}</span> <span class="c1"># 5. Sugerencias de seguimiento (post-stream) </span> <span class="n">suggestion_list</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">generate_suggestions</span><span class="p">(</span><span class="n">full_response</span><span class="p">,</span> <span class="n">sources</span><span class="p">,</span> <span class="n">provider</span><span class="p">)</span> <span class="k">if</span> <span class="n">suggestion_list</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">suggestions</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">suggestions</span><span class="sh">"</span><span class="p">:</span> <span class="n">suggestion_list</span><span class="p">})</span> <span class="p">}</span> <span class="c1"># 6. Guardar mensaje y señalizar fin </span> <span class="n">msg</span> <span class="o">=</span> <span class="k">await</span> <span class="n">chat_service</span><span class="p">.</span><span class="nf">save_message</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">conv_id</span><span class="p">,</span> <span class="n">MessageRole</span><span class="p">.</span><span class="n">ASSISTANT</span><span class="p">,</span> <span class="n">full_response</span><span class="p">,</span> <span class="p">...)</span> <span class="k">yield</span> <span class="p">{</span> <span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="nb">id</span><span class="p">)})</span> <span class="p">}</span> </code></pre> </div> <h3> El detalle del buffer para agentic search </h3> <p>El sistema soporta <strong>búsqueda agentic</strong>: el LLM puede emitir <code>[SEARCH: nueva consulta]</code> en medio de su respuesta para pedir más información. El problema: si emitís tokens uno a uno, el frontend podría renderizar <code>[SEARCH:</code> parcial como texto visible.</p> <p>La solución es un buffer que retiene los últimos 20 caracteres si contienen <code>[</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="nb">buffer</span> <span class="ow">and</span> <span class="sh">'</span><span class="s">[</span><span class="sh">'</span> <span class="ow">not</span> <span class="ow">in</span> <span class="nb">buffer</span><span class="p">[</span><span class="o">-</span><span class="mi">20</span><span class="p">:]:</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="nb">buffer</span><span class="p">})}</span> <span class="nb">buffer</span> <span class="o">=</span> <span class="sh">""</span> </code></pre> </div> <p>Si se detecta el marcador completo <code>[SEARCH: ...]</code>, se interrumpe el stream, se ejecuta una nueva búsqueda, y se continúa con contexto expandido:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">match</span> <span class="o">=</span> <span class="n">SEARCH_PATTERN</span><span class="p">.</span><span class="nf">search</span><span class="p">(</span><span class="n">accumulated</span><span class="p">)</span> <span class="k">if</span> <span class="n">match</span> <span class="ow">and</span> <span class="n">search_round</span> <span class="o">&lt;</span> <span class="n">MAX_SEARCH_ROUNDS</span><span class="p">:</span> <span class="n">search_query</span> <span class="o">=</span> <span class="n">match</span><span class="p">.</span><span class="nf">group</span><span class="p">(</span><span class="mi">1</span><span class="p">).</span><span class="nf">strip</span><span class="p">()</span> <span class="n">search_round</span> <span class="o">+=</span> <span class="mi">1</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">searching</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">"</span><span class="s">query</span><span class="sh">"</span><span class="p">:</span> <span class="n">search_query</span><span class="p">,</span> <span class="sh">"</span><span class="s">round</span><span class="sh">"</span><span class="p">:</span> <span class="n">search_round</span> <span class="p">})}</span> <span class="c1"># Ejecutar nueva búsqueda con el query del LLM </span> <span class="n">new_sources</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">search_chunks</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">search_query</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">rag_config</span><span class="o">=</span><span class="n">rag_config</span><span class="p">)</span> <span class="c1"># Deduplicar fuentes </span> <span class="n">existing_ids</span> <span class="o">=</span> <span class="p">{</span><span class="n">s</span><span class="p">[</span><span class="sh">"</span><span class="s">chunk_id</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">all_sources</span><span class="p">}</span> <span class="n">unique_new</span> <span class="o">=</span> <span class="p">[</span><span class="n">s</span> <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">new_sources</span> <span class="k">if</span> <span class="n">s</span><span class="p">[</span><span class="sh">"</span><span class="s">chunk_id</span><span class="sh">"</span><span class="p">]</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">existing_ids</span><span class="p">]</span> <span class="k">if</span> <span class="n">unique_new</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">:</span> <span class="n">unique_new</span><span class="p">,</span> <span class="sh">"</span><span class="s">round</span><span class="sh">"</span><span class="p">:</span> <span class="n">search_round</span> <span class="p">})}</span> <span class="c1"># Continuar generación con contexto expandido </span> <span class="c1"># (máximo 3 rounds de búsqueda) </span></code></pre> </div> <h3> Short-circuits: FAQ, cache y upgrade </h3> <p>Antes del pipeline RAG completo, hay varios "atajos" que retornan un <code>EventSourceResponse</code> diferente:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># FAQ match → respuesta instantánea sin LLM </span><span class="k">if</span> <span class="n">faq_match</span><span class="p">:</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">faq_event_generator</span><span class="p">():</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">user_message_id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">user_msg</span><span class="p">.</span><span class="nb">id</span><span class="p">)})}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">faq_match</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">faq_match</span><span class="p">)}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="nb">id</span><span class="p">)})}</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">faq_event_generator</span><span class="p">())</span> <span class="c1"># Cache hit → respuesta cacheada, simular streaming </span><span class="k">if</span> <span class="n">cache_hit</span><span class="p">:</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">cache_event_generator</span><span class="p">():</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">:</span> <span class="n">cache_hit</span><span class="p">[</span><span class="sh">"</span><span class="s">sources</span><span class="sh">"</span><span class="p">]})}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">:</span> <span class="n">cache_hit</span><span class="p">[</span><span class="sh">"</span><span class="s">confidence</span><span class="sh">"</span><span class="p">]})}</span> <span class="c1"># Simular streaming palabra por palabra </span> <span class="k">for</span> <span class="n">token</span> <span class="ow">in</span> <span class="n">cache_hit</span><span class="p">[</span><span class="sh">"</span><span class="s">response_text</span><span class="sh">"</span><span class="p">].</span><span class="nf">split</span><span class="p">(</span><span class="sh">"</span><span class="s"> </span><span class="sh">"</span><span class="p">):</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">:</span> <span class="n">token</span> <span class="o">+</span> <span class="sh">"</span><span class="s"> </span><span class="sh">"</span><span class="p">})}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="nb">id</span><span class="p">),</span> <span class="sh">"</span><span class="s">cached</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">})}</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">cache_event_generator</span><span class="p">())</span> <span class="c1"># Budget agotado → señal de upgrade </span><span class="k">if</span> <span class="n">faq_only_mode</span><span class="p">:</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">upgrade_event_generator</span><span class="p">():</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">upgrade_required</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span> <span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Has alcanzado el límite de consultas de IA de tu plan.</span><span class="sh">"</span> <span class="p">})}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="nf">str</span><span class="p">(</span><span class="n">msg</span><span class="p">.</span><span class="nb">id</span><span class="p">)})}</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">upgrade_event_generator</span><span class="p">())</span> </code></pre> </div> <p><strong>¿Por qué simular streaming en cache hits?</strong> Porque el frontend tiene una sola ruta de renderizado. Si el cache devolviera todo el texto de golpe, necesitaría lógica especial. Simular el streaming mantiene el código del frontend simple.</p> <h2> Streaming desde los providers LLM </h2> <p>Cada provider tiene su propio formato. La capa de abstracción unifica todo en generadores que yield strings:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Groq y OpenAI: generador SINCRÓNICO (SDK compatible) </span><span class="k">def</span> <span class="nf">_stream_groq</span><span class="p">(</span><span class="n">messages</span><span class="p">,</span> <span class="n">temperature</span><span class="o">=</span><span class="mf">0.3</span><span class="p">,</span> <span class="n">max_tokens</span><span class="o">=</span><span class="mi">4096</span><span class="p">):</span> <span class="n">stream</span> <span class="o">=</span> <span class="n">groq_client</span><span class="p">.</span><span class="n">chat</span><span class="p">.</span><span class="n">completions</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="n">settings</span><span class="p">.</span><span class="n">groq_model</span><span class="p">,</span> <span class="n">messages</span><span class="o">=</span><span class="n">messages</span><span class="p">,</span> <span class="n">stream</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">temperature</span><span class="o">=</span><span class="n">temperature</span><span class="p">,</span> <span class="n">max_tokens</span><span class="o">=</span><span class="n">max_tokens</span><span class="p">,</span> <span class="p">)</span> <span class="k">for</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="n">stream</span><span class="p">:</span> <span class="n">delta</span> <span class="o">=</span> <span class="n">chunk</span><span class="p">.</span><span class="n">choices</span><span class="p">[</span><span class="mi">0</span><span class="p">].</span><span class="n">delta</span> <span class="k">if</span> <span class="n">delta</span><span class="p">.</span><span class="n">content</span><span class="p">:</span> <span class="k">yield</span> <span class="n">delta</span><span class="p">.</span><span class="n">content</span> <span class="c1"># Ollama: generador ASYNC (NDJSON sobre HTTP streaming) </span><span class="k">async</span> <span class="k">def</span> <span class="nf">_stream_ollama</span><span class="p">(</span><span class="n">messages</span><span class="p">,</span> <span class="n">temperature</span><span class="o">=</span><span class="mf">0.3</span><span class="p">,</span> <span class="n">max_tokens</span><span class="o">=</span><span class="mi">4096</span><span class="p">):</span> <span class="k">async</span> <span class="k">with</span> <span class="n">httpx</span><span class="p">.</span><span class="nc">AsyncClient</span><span class="p">(</span><span class="n">timeout</span><span class="o">=</span><span class="n">httpx</span><span class="p">.</span><span class="nc">Timeout</span><span class="p">(</span><span class="mf">300.0</span><span class="p">))</span> <span class="k">as</span> <span class="n">client</span><span class="p">:</span> <span class="k">async</span> <span class="k">with</span> <span class="n">client</span><span class="p">.</span><span class="nf">stream</span><span class="p">(</span><span class="sh">"</span><span class="s">POST</span><span class="sh">"</span><span class="p">,</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">settings</span><span class="p">.</span><span class="n">ollama_url</span><span class="si">}</span><span class="s">/api/chat</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">model</span><span class="sh">"</span><span class="p">:</span> <span class="n">settings</span><span class="p">.</span><span class="n">ollama_model</span><span class="p">,</span> <span class="sh">"</span><span class="s">messages</span><span class="sh">"</span><span class="p">:</span> <span class="n">messages</span><span class="p">,</span> <span class="sh">"</span><span class="s">stream</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">})</span> <span class="k">as</span> <span class="n">response</span><span class="p">:</span> <span class="k">async</span> <span class="k">for</span> <span class="n">line</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="nf">aiter_lines</span><span class="p">():</span> <span class="n">data</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">line</span><span class="p">)</span> <span class="n">content</span> <span class="o">=</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">message</span><span class="sh">"</span><span class="p">,</span> <span class="p">{}).</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">)</span> <span class="k">if</span> <span class="n">content</span><span class="p">:</span> <span class="k">yield</span> <span class="n">content</span> <span class="k">if</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">):</span> <span class="k">break</span> </code></pre> </div> <p><strong>El detalle clave</strong>: Groq/OpenAI retornan generadores <strong>sincrónicos</strong>, Ollama retorna <strong>async</strong>. El generador SSE necesita manejar ambos con <code>inspect.isasyncgen()</code>. Es feo, pero wrappear sync en async agrega complejidad e indirección que dificulta el debugging.</p> <h2> Frontend: consumo con fetch + ReadableStream </h2> <h3> Por qué no EventSource </h3> <p>La API <code>EventSource</code> del browser tiene un problema fatal para este caso de uso: <strong>solo soporta GET</strong>. Nuestro endpoint de chat es un POST con body JSON (contenido del mensaje, IDs de knowledge bases, provider, etc.).</p> <p>La alternativa: <code>fetch</code> + <code>ReadableStream</code>. Es más código, pero da control total.</p> <h3> El parser SSE </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">sendMessage</span><span class="p">(</span> <span class="nx">convId</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">content</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">knowledgeBaseIds</span><span class="p">:</span> <span class="kr">string</span><span class="p">[],</span> <span class="nx">callbacks</span><span class="p">:</span> <span class="nx">StreamCallbacks</span><span class="p">,</span> <span class="nx">provider</span><span class="p">?:</span> <span class="kr">string</span><span class="p">,</span> <span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="k">void</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">getItem</span><span class="p">(</span><span class="dl">'</span><span class="s1">access_token</span><span class="dl">'</span><span class="p">)</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="s2">`/api/v1/conversations/</span><span class="p">${</span><span class="nx">convId</span><span class="p">}</span><span class="s2">/messages`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">...(</span><span class="nx">token</span> <span class="p">?</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">:</span> <span class="p">{}),</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="nx">content</span><span class="p">,</span> <span class="na">knowledge_base_ids</span><span class="p">:</span> <span class="nx">knowledgeBaseIds</span><span class="p">,</span> <span class="nx">provider</span><span class="p">,</span> <span class="p">}),</span> <span class="p">})</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">response</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Detectar error de límite de plan (403)</span> <span class="k">if </span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span> <span class="o">===</span> <span class="mi">403</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">errorData</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="nx">errorData</span><span class="p">.</span><span class="nx">detail</span><span class="p">?.</span><span class="nf">includes</span><span class="p">(</span><span class="dl">'</span><span class="s1">Limite de</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="s2">`__PLAN_LIMIT__:</span><span class="p">${</span><span class="nx">errorData</span><span class="p">.</span><span class="nx">detail</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="s2">`Error: </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nx">status</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">reader</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nx">body</span><span class="p">?.</span><span class="nf">getReader</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">reader</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="dl">'</span><span class="s1">No response stream</span><span class="dl">'</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">decoder</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextDecoder</span><span class="p">()</span> <span class="kd">let</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="dl">''</span> <span class="kd">let</span> <span class="nx">receivedDone</span> <span class="o">=</span> <span class="kc">false</span> <span class="k">try</span> <span class="p">{</span> <span class="k">while </span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">done</span><span class="p">,</span> <span class="nx">value</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">reader</span><span class="p">.</span><span class="nf">read</span><span class="p">()</span> <span class="k">if </span><span class="p">(</span><span class="nx">done</span><span class="p">)</span> <span class="k">break</span> <span class="nx">buffer</span> <span class="o">+=</span> <span class="nx">decoder</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="nx">value</span><span class="p">,</span> <span class="p">{</span> <span class="na">stream</span><span class="p">:</span> <span class="kc">true</span> <span class="p">})</span> <span class="kd">const</span> <span class="nx">lines</span> <span class="o">=</span> <span class="nx">buffer</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="se">\n</span><span class="dl">'</span><span class="p">)</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="nx">lines</span><span class="p">.</span><span class="nf">pop</span><span class="p">()</span> <span class="o">||</span> <span class="dl">''</span> <span class="c1">// Última línea incompleta → al buffer</span> <span class="kd">let</span> <span class="nx">currentEvent</span> <span class="o">=</span> <span class="dl">''</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">line</span> <span class="k">of</span> <span class="nx">lines</span><span class="p">)</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">event: </span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="nx">currentEvent</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">7</span><span class="p">).</span><span class="nf">trim</span><span class="p">()</span> <span class="k">continue</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">data: </span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">parsed</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">6</span><span class="p">))</span> <span class="c1">// Despachar según tipo de evento</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onToken</span><span class="p">(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">content</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">sources</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onSources</span><span class="p">(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">sources</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">confidence</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onConfidence</span><span class="p">?.(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">score</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">faq_match</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onFaqMatch</span><span class="p">?.(</span><span class="nx">parsed</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">upgrade_required</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onUpgradeRequired</span><span class="p">?.(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">message</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">content_blocked</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nx">onContentBlocked</span><span class="p">?.(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">response</span><span class="p">,</span> <span class="nx">parsed</span><span class="p">.</span><span class="kd">type</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">error</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">error</span><span class="p">)</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">currentEvent</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">done</span><span class="dl">'</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">message_id</span><span class="dl">'</span> <span class="k">in</span> <span class="nx">parsed</span><span class="p">)</span> <span class="p">{</span> <span class="nx">receivedDone</span> <span class="o">=</span> <span class="kc">true</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onDone</span><span class="p">(</span><span class="nx">parsed</span><span class="p">.</span><span class="nx">message_id</span><span class="p">)</span> <span class="p">}</span> <span class="nx">currentEvent</span> <span class="o">=</span> <span class="dl">''</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="s2">`Error de conexión: </span><span class="p">${</span><span class="nx">err</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="k">return</span> <span class="p">}</span> <span class="c1">// Si el stream terminó sin evento "done", hubo un problema</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">receivedDone</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="dl">'</span><span class="s1">La conexión se interrumpió antes de completar la respuesta</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> La interfaz de callbacks </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">export</span> <span class="kr">interface</span> <span class="nx">StreamCallbacks</span> <span class="p">{</span> <span class="nl">onSources</span><span class="p">:</span> <span class="p">(</span><span class="nx">sources</span><span class="p">:</span> <span class="nx">Source</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onToken</span><span class="p">:</span> <span class="p">(</span><span class="nx">token</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onCodeResult</span><span class="p">:</span> <span class="p">(</span><span class="nx">result</span><span class="p">:</span> <span class="nx">CodeResult</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onSearching</span><span class="p">:</span> <span class="p">(</span><span class="nx">query</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">round</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onExecuting</span><span class="p">:</span> <span class="p">(</span><span class="nx">count</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onSuggestions</span><span class="p">:</span> <span class="p">(</span><span class="nx">suggestions</span><span class="p">:</span> <span class="kr">string</span><span class="p">[])</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onUserMessageId</span><span class="p">:</span> <span class="p">(</span><span class="nx">messageId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onFaqMatch</span><span class="p">?:</span> <span class="p">(</span><span class="nx">match</span><span class="p">:</span> <span class="nx">FAQMatch</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onConfidence</span><span class="p">?:</span> <span class="p">(</span><span class="nx">score</span><span class="p">:</span> <span class="kr">number</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onUpgradeRequired</span><span class="p">?:</span> <span class="p">(</span><span class="nx">message</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onContentBlocked</span><span class="p">?:</span> <span class="p">(</span><span class="nx">response</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">blockType</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onDone</span><span class="p">:</span> <span class="p">(</span><span class="nx">messageId</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="nx">onError</span><span class="p">:</span> <span class="p">(</span><span class="nx">error</span><span class="p">:</span> <span class="kr">string</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="k">void</span> <span class="p">}</span> </code></pre> </div> <p>El composable <code>useChat</code> conecta estos callbacks con el estado reactivo de Vue:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">await</span> <span class="nx">api</span><span class="p">.</span><span class="nf">sendMessage</span><span class="p">(</span><span class="nx">conversationId</span><span class="p">,</span> <span class="nx">content</span><span class="p">,</span> <span class="nx">kbIds</span><span class="p">,</span> <span class="p">{</span> <span class="na">onToken</span><span class="p">:</span> <span class="p">(</span><span class="nx">token</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">streamingContent</span><span class="p">.</span><span class="nx">value</span> <span class="o">+=</span> <span class="nx">token</span> <span class="kd">const</span> <span class="nx">last</span> <span class="o">=</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">[</span><span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="k">if </span><span class="p">(</span><span class="nx">last</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">assistant</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">last</span><span class="p">.</span><span class="nx">content</span> <span class="o">=</span> <span class="nx">streamingContent</span><span class="p">.</span><span class="nx">value</span> <span class="p">}</span> <span class="p">},</span> <span class="na">onSources</span><span class="p">:</span> <span class="p">(</span><span class="nx">s</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">sources</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="p">[...</span><span class="nx">sources</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="p">...</span><span class="nx">s</span><span class="p">]</span> <span class="p">},</span> <span class="na">onConfidence</span><span class="p">:</span> <span class="p">(</span><span class="nx">score</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">last</span> <span class="o">=</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">[</span><span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="k">if </span><span class="p">(</span><span class="nx">last</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">assistant</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">last</span><span class="p">.</span><span class="nx">confidenceScore</span> <span class="o">=</span> <span class="nx">score</span> <span class="p">}</span> <span class="p">},</span> <span class="na">onDone</span><span class="p">:</span> <span class="p">(</span><span class="nx">messageId</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">last</span> <span class="o">=</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">[</span><span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="k">if </span><span class="p">(</span><span class="nx">last</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">assistant</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">last</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">messageId</span> <span class="nx">last</span><span class="p">.</span><span class="nx">sources</span> <span class="o">=</span> <span class="nx">sources</span><span class="p">.</span><span class="nx">value</span> <span class="p">}</span> <span class="nx">streaming</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="kc">false</span> <span class="p">},</span> <span class="na">onError</span><span class="p">:</span> <span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">last</span> <span class="o">=</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">[</span><span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nx">length</span> <span class="o">-</span> <span class="mi">1</span><span class="p">]</span> <span class="k">if </span><span class="p">(</span><span class="nx">last</span><span class="p">.</span><span class="nx">role</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">assistant</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">last</span><span class="p">.</span><span class="nx">content</span> <span class="o">=</span> <span class="s2">`Error: </span><span class="p">${</span><span class="nx">err</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="nx">streaming</span><span class="p">.</span><span class="nx">value</span> <span class="o">=</span> <span class="kc">false</span> <span class="p">},</span> <span class="p">})</span> </code></pre> </div> <h3> Optimistic UI con reconciliación </h3> <p>Un detalle sutil: cuando el usuario envía un mensaje, lo agregamos inmediatamente a la UI con un ID temporal (<code>crypto.randomUUID()</code>). Pero el ID real lo genera la base de datos. El evento <code>user_message_id</code> sincroniza ambos:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">const</span> <span class="nx">userMsg</span><span class="p">:</span> <span class="nx">Message</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">crypto</span><span class="p">.</span><span class="nf">randomUUID</span><span class="p">(),</span> <span class="c1">// ID temporal optimista</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="nx">content</span><span class="p">,</span> <span class="p">...</span> <span class="p">}</span> <span class="nx">messages</span><span class="p">.</span><span class="nx">value</span><span class="p">.</span><span class="nf">push</span><span class="p">(</span><span class="nx">userMsg</span><span class="p">)</span> <span class="c1">// Cuando llega el ID real del server:</span> <span class="nx">onUserMessageId</span><span class="p">:</span> <span class="p">(</span><span class="nx">realId</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">userMsg</span><span class="p">.</span><span class="nx">id</span> <span class="o">=</span> <span class="nx">realId</span> <span class="c1">// Reemplazar ID temporal con ID de DB</span> <span class="p">},</span> </code></pre> </div> <p>Esto es importante para el feedback: cuando el usuario le da thumbs-up a un mensaje, necesita el ID real para que el PATCH llegue al mensaje correcto.</p> <h2> Widget embebible: SSE en vanilla JS </h2> <p>El widget es ~970 líneas de vanilla JS corriendo dentro de un <strong>Shadow DOM cerrado</strong> (<code>mode: 'closed'</code>). El parsing SSE es idéntico al del frontend TypeScript, pero con <code>var</code> en lugar de <code>const</code> y sin types:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">var</span> <span class="nx">reader</span> <span class="o">=</span> <span class="nx">res</span><span class="p">.</span><span class="nx">body</span><span class="p">.</span><span class="nf">getReader</span><span class="p">();</span> <span class="kd">var</span> <span class="nx">decoder</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">TextDecoder</span><span class="p">();</span> <span class="kd">var</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">assistantContent</span> <span class="o">=</span> <span class="dl">''</span><span class="p">;</span> <span class="k">while </span><span class="p">(</span><span class="kc">true</span><span class="p">)</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">readResult</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">reader</span><span class="p">.</span><span class="nf">read</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">readResult</span><span class="p">.</span><span class="nx">done</span><span class="p">)</span> <span class="k">break</span><span class="p">;</span> <span class="nx">buffer</span> <span class="o">+=</span> <span class="nx">decoder</span><span class="p">.</span><span class="nf">decode</span><span class="p">(</span><span class="nx">readResult</span><span class="p">.</span><span class="nx">value</span><span class="p">,</span> <span class="p">{</span> <span class="na">stream</span><span class="p">:</span> <span class="kc">true</span> <span class="p">});</span> <span class="kd">var</span> <span class="nx">lines</span> <span class="o">=</span> <span class="nx">buffer</span><span class="p">.</span><span class="nf">split</span><span class="p">(</span><span class="dl">'</span><span class="se">\n</span><span class="dl">'</span><span class="p">);</span> <span class="nx">buffer</span> <span class="o">=</span> <span class="nx">lines</span><span class="p">.</span><span class="nf">pop</span><span class="p">()</span> <span class="o">||</span> <span class="dl">''</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">event</span> <span class="o">=</span> <span class="kc">null</span><span class="p">;</span> <span class="k">for </span><span class="p">(</span><span class="kd">var</span> <span class="nx">i</span> <span class="o">=</span> <span class="mi">0</span><span class="p">;</span> <span class="nx">i</span> <span class="o">&lt;</span> <span class="nx">lines</span><span class="p">.</span><span class="nx">length</span><span class="p">;</span> <span class="nx">i</span><span class="o">++</span><span class="p">)</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">line</span> <span class="o">=</span> <span class="nx">lines</span><span class="p">[</span><span class="nx">i</span><span class="p">].</span><span class="nf">trim</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">event:</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="nx">event</span> <span class="o">=</span> <span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">6</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">startsWith</span><span class="p">(</span><span class="dl">'</span><span class="s1">data:</span><span class="dl">'</span><span class="p">))</span> <span class="p">{</span> <span class="kd">var</span> <span class="nx">data</span> <span class="o">=</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">parse</span><span class="p">(</span><span class="nx">line</span><span class="p">.</span><span class="nf">slice</span><span class="p">(</span><span class="mi">5</span><span class="p">).</span><span class="nf">trim</span><span class="p">());</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">session</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">sessionToken</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">session_token</span><span class="p">;</span> <span class="nx">localStorage</span><span class="p">.</span><span class="nf">setItem</span><span class="p">(</span><span class="nx">STORAGE_KEY</span><span class="p">,</span> <span class="nx">sessionToken</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">assistantContent</span> <span class="o">+=</span> <span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">content</span> <span class="o">||</span> <span class="dl">''</span><span class="p">);</span> <span class="nx">messages</span><span class="p">[</span><span class="nx">assistantMsgIndex</span><span class="p">].</span><span class="nx">content</span> <span class="o">=</span> <span class="nx">assistantContent</span><span class="p">;</span> <span class="nf">renderMessages</span><span class="p">();</span> <span class="c1">// Re-render en cada token</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if </span><span class="p">(</span><span class="nx">event</span> <span class="o">===</span> <span class="dl">'</span><span class="s1">faq_match</span><span class="dl">'</span><span class="p">)</span> <span class="p">{</span> <span class="nx">messages</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">role</span><span class="p">:</span> <span class="dl">'</span><span class="s1">assistant</span><span class="dl">'</span><span class="p">,</span> <span class="na">content</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">answer</span><span class="p">,</span> <span class="na">faqMatch</span><span class="p">:</span> <span class="nx">data</span> <span class="p">});</span> <span class="nf">renderMessages</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h3> Diferencias clave con la app principal </h3> <ol> <li> <strong>Auth</strong>: El widget usa <code>X-API-Key</code> (SHA-256 hasheada) en vez de JWT. No hay login.</li> <li> <strong>Primer evento</strong>: En vez de <code>user_message_id</code>, el widget recibe <code>session</code> con un token que se persiste en <code>localStorage</code> para mantener historial entre visitas.</li> <li> <strong>Shadow DOM cerrado</strong>: <code>host.attachShadow({ mode: 'closed' })</code> aísla estilos y DOM completamente de la página host. Ni <code>document.querySelector</code> puede acceder al widget desde afuera.</li> </ol> <h2> Nginx: las 6 directivas que lo hacen funcionar </h2> <p>Esta es la sección que más dolores de cabeza me dio. Sin la configuración correcta de Nginx, el streaming SSE <strong>no funciona</strong>. Los tokens se acumulan en el buffer de Nginx y llegan todos juntos al final.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">location</span> <span class="n">/api/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:8000</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="c1"># === Las 6 directivas SSE ===</span> <span class="kn">proxy_buffering</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># 1. No buffear la respuesta</span> <span class="kn">proxy_cache</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># 2. No cachear</span> <span class="kn">proxy_read_timeout</span> <span class="s">300s</span><span class="p">;</span> <span class="c1"># 3. Timeout largo (streams duran minutos)</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">''</span><span class="p">;</span> <span class="c1"># 4. Deshabilitar keep-alive del upstream</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="c1"># 5. HTTP/1.1 (requerido para chunked)</span> <span class="kn">chunked_transfer_encoding</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># 6. Evitar chunked encoding de Nginx</span> <span class="p">}</span> </code></pre> </div> <h3> Qué hace cada una </h3> <p><strong>1. <code>proxy_buffering off</code></strong> — La más importante. Por default, Nginx buferea la respuesta completa del upstream antes de enviarla al cliente. Con SSE, cada evento debe llegar al cliente inmediatamente.</p> <p><strong>2. <code>proxy_cache off</code></strong> — Nginx puede cachear respuestas de upstream. Un stream SSE cacheado es... una muy mala idea.</p> <p><strong>3. <code>proxy_read_timeout 300s</code></strong> — El default es 60 segundos. Una respuesta de LLM con búsqueda agentic (3 rounds) puede tardar 2-3 minutos. Sin este timeout, Nginx cierra la conexión a la mitad de la respuesta.</p> <p><strong>4. <code>proxy_set_header Connection ''</code></strong> — Limpia el header Connection para evitar que Nginx mantenga la conexión upstream con keep-alive, lo que puede causar que los datos se retengan.</p> <p><strong>5. <code>proxy_http_version 1.1</code></strong> — HTTP/1.1 es requerido para transfer-encoding chunked. El default de Nginx para upstream es HTTP/1.0.</p> <p><strong>6. <code>chunked_transfer_encoding off</code></strong> — Parece contradictorio con el punto anterior, pero esto desactiva el chunked encoding <strong>de Nginx</strong>, no del upstream. Sin esto, Nginx puede re-chunked la respuesta y alterar el timing de los eventos.</p> <h3> El síntoma que vas a ver sin estas directivas </h3> <p>Si te falta alguna, vas a ver este comportamiento:</p> <ol> <li>El usuario envía un mensaje</li> <li>El spinner de "cargando" se queda 5-30 segundos</li> <li>De repente, <strong>toda la respuesta aparece de golpe</strong> </li> <li>El streaming "funciona" en localhost (sin Nginx) pero no en producción</li> </ol> <p>Si te pasa esto, es Nginx buffereando. Agregá las 6 directivas y se resuelve inmediatamente.</p> <h3> Cloudflare: el otro proxy invisible </h3> <p>Si usás Cloudflare como proxy (nube naranja), hay un detalle: Cloudflare también puede buffear responses. Pero en la práctica, Cloudflare detecta SSE automáticamente por el <code>Content-Type: text/event-stream</code> y desactiva el buffering. No necesité configuración especial.</p> <h2> Redis: concurrencia de streams </h2> <p>Un usuario podría abrir 10 tabs y lanzar 10 streams simultáneos. Cada stream consume recursos del LLM, conexiones de DB, y memoria. El control de concurrencia usa Redis como contador atómico:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">_CONCURRENT_TTL</span> <span class="o">=</span> <span class="mi">300</span> <span class="c1"># 5 minutos de TTL como red de seguridad </span> <span class="k">async</span> <span class="k">def</span> <span class="nf">increment_concurrent</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">client</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> <span class="c1"># Fail-open: sin Redis, permitir </span> <span class="n">redis_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">concurrent:</span><span class="si">{</span><span class="n">tenant_id</span><span class="si">}</span><span class="sh">"</span> <span class="n">pipe</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">pipeline</span><span class="p">()</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">incr</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="n">_CONCURRENT_TTL</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="k">await</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">execute</span><span class="p">()</span> <span class="k">return</span> <span class="n">results</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">decrement_concurrent</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">client</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> <span class="n">redis_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">concurrent:</span><span class="si">{</span><span class="n">tenant_id</span><span class="si">}</span><span class="sh">"</span> <span class="n">count</span> <span class="o">=</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">decr</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="k">if</span> <span class="n">count</span> <span class="o">&lt;=</span> <span class="mi">0</span><span class="p">:</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="c1"># Limpiar keys muertos </span> <span class="k">return</span> <span class="mi">0</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="n">_CONCURRENT_TTL</span><span class="p">)</span> <span class="k">return</span> <span class="n">count</span> </code></pre> </div> <h3> El patrón try/finally </h3> <p>El incremento y decremento están en un <code>try/finally</code> para garantizar que el contador se decrementa <strong>siempre</strong>, incluso si el cliente desconecta a mitad del stream:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">event_generator</span><span class="p">():</span> <span class="k">await</span> <span class="nf">increment_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">))</span> <span class="k">try</span><span class="p">:</span> <span class="k">async</span> <span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="nf">_event_generator_inner</span><span class="p">():</span> <span class="k">yield</span> <span class="n">event</span> <span class="k">finally</span><span class="p">:</span> <span class="k">await</span> <span class="nf">decrement_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">))</span> </code></pre> </div> <h3> TTL como red de seguridad </h3> <p>¿Qué pasa si el servidor crashea a mitad de un stream? El <code>decrement</code> nunca se ejecuta y el contador queda inflado. El TTL de 5 minutos resuelve esto: si no se renueva con <code>expire</code>, la key se auto-elimina. El sistema se auto-sana.</p> <h3> Fail-open y rate limiting </h3> <p>Dos principios importantes:</p> <ol> <li><p><strong>Fail-open</strong>: Si Redis está caído, el rate limiter permite todo. Prefiero servir requests sin rate limiting a rechazar todo porque Redis se cayó. Redis es un guardia, no una puerta.</p></li> <li><p><strong>Sliding window por API key</strong>: Además de la concurrencia por tenant, cada API key del widget tiene su propio rate limit usando sorted sets de Redis. Timestamps como scores, <code>zremrangebyscore</code> para limpiar expirados, <code>zcard</code> para contar — todo en un pipeline atómico.</p></li> </ol> <h2> Error handling: las 3 capas </h2> <p><strong>Backend</strong>: Siempre emitir <code>done</code> después de <code>error</code>. Sin esto, el frontend se queda en estado "streaming" indefinidamente:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Error del LLM: </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="sh">"</span><span class="p">})}</span> <span class="k">yield</span> <span class="p">{</span><span class="sh">"</span><span class="s">event</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">done</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">data</span><span class="sh">"</span><span class="p">:</span> <span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">({</span><span class="sh">"</span><span class="s">message_id</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">})}</span> <span class="k">return</span> </code></pre> </div> <p><strong>Frontend</strong>: Detectar streams incompletos. Si el reader retorna <code>done: true</code> pero nunca recibimos un evento <code>done</code>, algo salió mal (timeout de Nginx, crash del backend):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">receivedDone</span><span class="p">)</span> <span class="p">{</span> <span class="nx">callbacks</span><span class="p">.</span><span class="nf">onError</span><span class="p">(</span><span class="dl">'</span><span class="s1">La conexión se interrumpió antes de completar la respuesta</span><span class="dl">'</span><span class="p">)</span> <span class="p">}</span> </code></pre> </div> <p><strong>Pre-stream</strong>: Los errores 403 (límite de plan) llegan como HTTP normal antes del stream SSE. El frontend usa un prefijo <code>__PLAN_LIMIT__:</code> como convención interna para que el composable distinga errores de plan de errores genéricos y muestre UI diferente (card de upgrade vs. mensaje de error).</p> <h2> Números reales </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Métrica</th> <th>Valor</th> </tr> </thead> <tbody> <tr> <td>Latencia primer token (Groq)</td> <td>~200-400ms</td> </tr> <tr> <td>Latencia primer token (Ollama local)</td> <td>~1-2s</td> </tr> <tr> <td>Tiempo total respuesta típica</td> <td>~3-8s</td> </tr> <tr> <td>Tiempo total con agentic search (3 rounds)</td> <td>~15-30s</td> </tr> <tr> <td>FAQ match (sin LLM)</td> <td>~15ms</td> </tr> <tr> <td>Cache hit (simulado)</td> <td>~50ms</td> </tr> <tr> <td>Overhead de Nginx SSE</td> <td>&lt;1ms por evento</td> </tr> <tr> <td>Concurrent streams por tenant (Free plan)</td> <td>2</td> </tr> <tr> <td>Rate limit API key (default)</td> <td>30 req/min</td> </tr> </tbody> </table></div> <h2> Lecciones aprendidas </h2> <h3> 1. SSE &gt; WebSockets para LLM streaming </h3> <p>No intentés meter WebSockets donde SSE alcanza. Para un flujo unidireccional (servidor → cliente), SSE es más simple, más compatible con proxies, y más fácil de debuggear. La reconexión automática del browser es un bonus.</p> <h3> 2. Siempre emitir "done" al final </h3> <p>Sin un evento de terminación explícito, el frontend no puede distinguir entre "el stream terminó" y "el stream se cortó". Emitir <code>done</code> siempre — incluso después de errores — es lo que hace al protocolo robusto.</p> <h3> 3. Nginx buffering es el enemigo silencioso </h3> <p>En desarrollo sin Nginx todo funciona perfecto. En producción, los tokens llegan todos juntos. La primera vez que me pasó, perdí 2 horas pensando que el problema era en el backend. Eran 6 líneas de Nginx.</p> <h3> 4. Buffer para marcadores inline </h3> <p>Si tu LLM puede emitir marcadores especiales (<code>[SEARCH:]</code>, código ejecutable, etc.), necesitás un buffer que retenga texto hasta estar seguro de que no hay un marcador parcial. Sin esto, el usuario ve artefactos como <code>[SEAR</code> en el chat.</p> <h3> 5. Try/finally con contadores Redis </h3> <p>Todo counter que se incrementa antes de un stream debe decrementarse en un <code>finally</code>. No en el happy path, no en el error handler: en <code>finally</code>. Los clientes desconectan sin aviso, los servidores crashean, y los generadores se interrumpen.</p> <h3> 6. Fail-open en servicios auxiliares </h3> <p>Redis para rate limiting debe ser fail-open. Si Redis se cae, es mejor servir sin rate limiting que rechazar todos los requests. Lo mismo aplica para logging, analytics, y cualquier servicio que no sea crítico para la respuesta.</p> <h3> 7. fetch + ReadableStream &gt; EventSource </h3> <p><code>EventSource</code> es elegante pero limitado (solo GET, headers mínimos). <code>fetch</code> + <code>ReadableStream</code> requiere más código pero soporta POST, headers custom (JWT), y manejo fino de errores. Para un caso real, la flexibilidad justifica las ~30 líneas extra.</p> <h2> Lo que sigue </h2> <ul> <li> <strong>WebSocket upgrade opcional</strong>: Para features bidireccionales futuras (typing indicators, presencia), evaluar un upgrade selectivo sin reemplazar SSE</li> <li> <strong>Backpressure</strong>: Si el frontend no puede renderizar tan rápido como el LLM genera, implementar señalización de backpressure</li> <li> <strong>Compression</strong>: Evaluar SSE sobre HTTP/2 con compresión de frames para reducir bandwidth en widgets con alto tráfico</li> </ul> <h2> Conclusión </h2> <p>SSE para streaming de LLM no es difícil de implementar — pero sí es fácil de implementar mal. Las trampas están en los detalles: Nginx que buferea, generadores que no limpian contadores, frontends que no detectan streams incompletos, y widgets que no manejan todos los tipos de evento.</p> <p>El protocolo de eventos custom (token, sources, confidence, done, error, etc.) es lo que transforma un stream de texto en un sistema usable: el frontend sabe <strong>qué</strong> está recibiendo y puede renderizarlo correctamente, mostrar indicadores de confianza, acumular fuentes de diferentes rounds de búsqueda, y manejar edge cases como límites de plan o contenido bloqueado.</p> <p>Lo más importante: <strong>testear siempre a través de Nginx</strong>. Lo que funciona en localhost sin proxy no es representativo de producción. Esas 6 directivas de Nginx son la diferencia entre "streaming real token por token" y "todo el texto de golpe después de 10 segundos".</p> sse python fastapi javascript Martin Palopoli Tue, 31 Mar 2026 13:00:00 +0000 https://dev.to/martin_palopoli/real-multi-tenancy-with-fastapi-and-postgresql-plans-quotas-and-data-isolation-36ah https://dev.to/martin_palopoli/real-multi-tenancy-with-fastapi-and-postgresql-plans-quotas-and-data-isolation-36ah <p>I implemented real multi-tenancy in a RAG SaaS engine: tenants with plans, quota enforcement with atomic counters (UPSERT), Redis rate limiting (sliding window), RBAC with 3 roles, and data isolation where <strong>every query is filtered by tenant_id</strong>. This article covers the full architecture, the pitfalls I avoided, and the key code.</p> <h2> Why "Adding a tenant_id" Isn't Multi-Tenancy </h2> <p>Most multi-tenancy tutorials stop at "add a tenant_id column and filter every query". That's 10% of the problem. In production you'll need:</p> <ul> <li> <strong>Plans with real limits</strong> that can't be bypassed with concurrent requests</li> <li> <strong>Atomic counters</strong> that don't lose increments under load</li> <li> <strong>Rate limiting</strong> that survives server restarts</li> <li> <strong>Roles</strong> that restrict actions, not just visibility</li> <li> <strong>Real isolation</strong> where a bug in one service doesn't expose another tenant's data</li> <li> <strong>Billing cycles</strong> that reset correctly each month</li> </ul> <p>This article shows how I solved each one in a real system with async FastAPI and PostgreSQL.</p> <h2> The Stack </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td>Backend</td> <td>Python 3.12 + FastAPI (100% async)</td> </tr> <tr> <td>Database</td> <td>PostgreSQL 16</td> </tr> <tr> <td>ORM</td> <td>SQLAlchemy async + Alembic</td> </tr> <tr> <td>Cache/Rate limit</td> <td>Redis 7</td> </tr> <tr> <td>Auth</td> <td>JWT (access 30min, refresh 7d with rotation)</td> </tr> <tr> <td>Passwords</td> <td>bcrypt (via passlib)</td> </tr> </tbody> </table></div> <h2> Database Design </h2> <h3> The 4 Fundamental Tables </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌──────────────┐ ┌──────────────┐ │ plans │ │ tenants │ ├──────────────┤ ├──────────────┤ │ id (UUID) │◄────│ plan_id (FK) │ │ name │ │ id (UUID) │ │ slug │ │ name │ │ max_users │ │ slug (unique)│ │ max_kbs │ │ is_active │ │ max_documents│ │ plan_started │ │ max_storage │ │ created_at │ │ max_messages │ └──────┬───────┘ │ max_tokens │ │ │ max_api_keys │ ┌──────┴───────┐ │ price_monthly│ │ users │ │ max_concurrent│ ├──────────────┤ └──────────────┘ │ id (UUID) │ │ tenant_id(FK)│ │ email │ │ role (enum) │ │ is_active │ └──────────────┘ ┌───────────────────────┐ │ tenant_monthly_usage │ ├───────────────────────┤ │ id (UUID) │ │ tenant_id (FK) │ │ billing_period (str) │ │ messages_count (int) │ │ tokens_used (bigint) │ │ UNIQUE(tenant_id, │ │ billing_period) │ └───────────────────────┘ </code></pre> </div> <h3> Plan Model </h3> <p>Each plan defines <strong>all</strong> the limits the system will enforce:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Plan</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">plans</span><span class="sh">"</span> <span class="nb">id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">name</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">slug</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">50</span><span class="p">),</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">max_users</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">3</span><span class="p">)</span> <span class="n">max_concurrent</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">2</span><span class="p">)</span> <span class="n">max_kbs</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">3</span><span class="p">)</span> <span class="n">max_documents</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">20</span><span class="p">)</span> <span class="n">max_storage_mb</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="n">max_messages_month</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">500</span><span class="p">)</span> <span class="n">max_tokens_month</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">BigInteger</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">200000</span><span class="p">)</span> <span class="n">max_api_keys</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> <span class="n">price_monthly</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">float</span> <span class="o">|</span> <span class="bp">None</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">Numeric</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">2</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">is_active</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p><strong>Key decision: <code>-1</code> means unlimited.</strong> Instead of having an <code>is_unlimited</code> boolean per resource, I use <code>-1</code> as a convention. Simplifies all comparisons:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_users</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">:</span> <span class="k">return</span> <span class="c1"># Unlimited, skip check </span></code></pre> </div> <h3> Tenant Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Tenant</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tenants</span><span class="sh">"</span> <span class="nb">id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">name</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">255</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">slug</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">is_active</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">plan_id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span> <span class="o">|</span> <span class="bp">None</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">plans.id</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="n">plan_started_at</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">datetime</span> <span class="o">|</span> <span class="bp">None</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">DateTime</span><span class="p">(</span><span class="n">timezone</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">None</span> <span class="p">)</span> <span class="n">notification_preferences</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">dict</span> <span class="o">|</span> <span class="bp">None</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">JSONB</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p><code>plan_started_at</code> is crucial: it defines the <strong>billing cycle anchor</strong>. When a tenant upgrades from Free to a paid plan, it resets to the payment timestamp. This determines when monthly counters reset.</p> <h3> User Model </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">UserRole</span><span class="p">(</span><span class="nb">str</span><span class="p">,</span> <span class="n">PyEnum</span><span class="p">):</span> <span class="n">SUPER_ADMIN</span> <span class="o">=</span> <span class="sh">"</span><span class="s">super_admin</span><span class="sh">"</span> <span class="n">TENANT_ADMIN</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tenant_admin</span><span class="sh">"</span> <span class="n">MEMBER</span> <span class="o">=</span> <span class="sh">"</span><span class="s">member</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">User</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">users</span><span class="sh">"</span> <span class="nb">id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">email</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">255</span><span class="p">),</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">hashed_password</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">255</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">full_name</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">255</span><span class="p">),</span> <span class="n">default</span><span class="o">=</span><span class="sh">""</span><span class="p">)</span> <span class="n">role</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">UserRole</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">Enum</span><span class="p">(</span><span class="n">UserRole</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">"</span><span class="s">user_role</span><span class="sh">"</span><span class="p">,</span> <span class="n">values_callable</span><span class="o">=</span><span class="k">lambda</span> <span class="n">e</span><span class="p">:</span> <span class="p">[</span><span class="n">x</span><span class="p">.</span><span class="n">value</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="n">e</span><span class="p">]),</span> <span class="n">default</span><span class="o">=</span><span class="n">UserRole</span><span class="p">.</span><span class="n">MEMBER</span><span class="p">,</span> <span class="p">)</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tenants.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span> <span class="p">)</span> <span class="n">is_active</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">email_verified</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> </code></pre> </div> <p><strong>A user belongs to exactly one tenant.</strong> No multi-tenant users. If someone needs access to two organizations, create two accounts. This enormously simplifies the permissions model.</p> <h2> RBAC: 3 Roles, Zero Ambiguity </h2> <h3> The Roles </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Role</th> <th>Scope</th> <th>Can Do</th> </tr> </thead> <tbody> <tr> <td><code>super_admin</code></td> <td>Platform</td> <td>View all tenants, change plans, view global metrics</td> </tr> <tr> <td><code>tenant_admin</code></td> <td>Their tenant</td> <td>CRUD KBs, documents, FAQs, invite users, view analytics</td> </tr> <tr> <td><code>member</code></td> <td>Their tenant (restricted)</td> <td>Chat, view assigned KBs, feedback</td> </tr> </tbody> </table></div> <h3> Dependency Injection for Authorization </h3> <p>FastAPI has a dependency system that's perfect for RBAC. I created a dependency factory:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">Depends</span> <span class="kn">from</span> <span class="n">fastapi.security</span> <span class="kn">import</span> <span class="n">OAuth2PasswordBearer</span> <span class="n">oauth2_scheme</span> <span class="o">=</span> <span class="nc">OAuth2PasswordBearer</span><span class="p">(</span><span class="n">tokenUrl</span><span class="o">=</span><span class="sh">"</span><span class="s">/api/v1/auth/login</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_current_user</span><span class="p">(</span> <span class="n">token</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">oauth2_scheme</span><span class="p">),</span> <span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="p">):</span> <span class="n">payload</span> <span class="o">=</span> <span class="nf">decode_access_token</span><span class="p">(</span><span class="n">token</span><span class="p">)</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">payload</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">sub</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user_id</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">Invalid token payload</span><span class="sh">"</span><span class="p">)</span> <span class="n">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_user_by_id</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">user_id</span><span class="p">))</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">User not found</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span><span class="p">.</span><span class="n">is_active</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">Account deactivated</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Verify tenant is active (super_admin bypasses) </span> <span class="k">if</span> <span class="n">user</span><span class="p">.</span><span class="n">role</span> <span class="o">!=</span> <span class="n">UserRole</span><span class="p">.</span><span class="n">SUPER_ADMIN</span><span class="p">:</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">Tenant</span><span class="p">,</span> <span class="n">user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">tenant</span> <span class="ow">or</span> <span class="ow">not</span> <span class="n">tenant</span><span class="p">.</span><span class="n">is_active</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">Tenant deactivated</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">user</span> </code></pre> </div> <p><strong>Subtle detail</strong>: <code>super_admin</code> bypasses the active tenant check. If we deactivate a malicious tenant, the super_admin can still get in to investigate.</p> <h3> Role Restriction Factory </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">require_role</span><span class="p">(</span><span class="o">*</span><span class="n">roles</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Dependency factory: restricts endpoint to specific roles.</span><span class="sh">"""</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">_check</span><span class="p">(</span><span class="n">current_user</span><span class="o">=</span><span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)):</span> <span class="k">if</span> <span class="n">current_user</span><span class="p">.</span><span class="n">role</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">roles</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ForbiddenException</span><span class="p">(</span><span class="sh">"</span><span class="s">You don</span><span class="sh">'</span><span class="s">t have permission for this action</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">current_user</span> <span class="k">return</span> <span class="n">_check</span> <span class="c1"># Shortcuts </span><span class="k">def</span> <span class="nf">require_super_admin</span><span class="p">():</span> <span class="k">return</span> <span class="nf">require_role</span><span class="p">(</span><span class="n">UserRole</span><span class="p">.</span><span class="n">SUPER_ADMIN</span><span class="p">)</span> <span class="k">def</span> <span class="nf">require_tenant_admin_or_above</span><span class="p">():</span> <span class="k">return</span> <span class="nf">require_role</span><span class="p">(</span><span class="n">UserRole</span><span class="p">.</span><span class="n">SUPER_ADMIN</span><span class="p">,</span> <span class="n">UserRole</span><span class="p">.</span><span class="n">TENANT_ADMIN</span><span class="p">)</span> </code></pre> </div> <p>Usage in endpoints:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tenants</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="nb">list</span><span class="p">[</span><span class="n">TenantResponse</span><span class="p">])</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">list_tenants</span><span class="p">(</span> <span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">),</span> <span class="p">):</span> <span class="k">if</span> <span class="n">current_user</span><span class="p">.</span><span class="n">role</span> <span class="o">!=</span> <span class="n">UserRole</span><span class="p">.</span><span class="n">SUPER_ADMIN</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ForbiddenException</span><span class="p">(</span><span class="sh">"</span><span class="s">Only super_admin can list all tenants</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="k">await</span> <span class="n">tenant_service</span><span class="p">.</span><span class="nf">list_tenants</span><span class="p">(</span><span class="n">db</span><span class="p">)</span> <span class="nd">@router.put</span><span class="p">(</span><span class="sh">"</span><span class="s">/{kb_id}/access</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">update_kb_access</span><span class="p">(</span> <span class="n">kb_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">KBAccessConfig</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="nf">require_tenant_admin_or_above</span><span class="p">()),</span> <span class="p">):</span> <span class="c1"># Only tenant_admin or super_admin reach here </span> <span class="bp">...</span> </code></pre> </div> <h2> Data Isolation: tenant_id Everywhere </h2> <h3> The Pattern </h3> <p><strong>Every table containing user data has a <code>tenant_id</code> column</strong> (direct or transitive). No exceptions.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">KnowledgeBase</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">knowledge_bases</span><span class="sh">"</span> <span class="c1"># ... </span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tenants.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">ApiKey</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">api_keys</span><span class="sh">"</span> <span class="c1"># ... </span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tenants.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span> <span class="p">)</span> </code></pre> </div> <h3> Filtering in Every Service </h3> <p>Every function that lists or searches data filters by the authenticated user's <code>tenant_id</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">list_knowledge_bases</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">user</span><span class="p">:</span> <span class="n">User</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">]:</span> <span class="n">stmt</span> <span class="o">=</span> <span class="p">(</span> <span class="nf">select</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">,</span> <span class="n">func</span><span class="p">.</span><span class="nf">count</span><span class="p">(</span><span class="n">Document</span><span class="p">.</span><span class="nb">id</span><span class="p">).</span><span class="nf">label</span><span class="p">(</span><span class="sh">"</span><span class="s">document_count</span><span class="sh">"</span><span class="p">))</span> <span class="p">.</span><span class="nf">outerjoin</span><span class="p">(</span><span class="n">Document</span><span class="p">,</span> <span class="n">Document</span><span class="p">.</span><span class="n">knowledge_base_id</span> <span class="o">==</span> <span class="n">KnowledgeBase</span><span class="p">.</span><span class="nb">id</span><span class="p">)</span> <span class="p">)</span> <span class="k">if</span> <span class="n">user</span><span class="p">.</span><span class="n">role</span> <span class="o">==</span> <span class="n">UserRole</span><span class="p">.</span><span class="n">SUPER_ADMIN</span><span class="p">:</span> <span class="c1"># Super admin sees only their own KBs + system KBs </span> <span class="n">stmt</span> <span class="o">=</span> <span class="n">stmt</span><span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">or_</span><span class="p">(</span> <span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">tenant_id</span> <span class="o">==</span> <span class="n">user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">,</span> <span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">is_system</span> <span class="o">==</span> <span class="bp">True</span><span class="p">,</span> <span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="n">stmt</span> <span class="o">=</span> <span class="n">stmt</span><span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">or_</span><span class="p">(</span> <span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">tenant_id</span> <span class="o">==</span> <span class="n">user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">,</span> <span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">is_system</span> <span class="o">==</span> <span class="bp">True</span><span class="p">,</span> <span class="p">))</span> <span class="c1"># For members, apply access filter </span> <span class="n">access_filter</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_accessible_kb_filter</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">if</span> <span class="n">access_filter</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">stmt</span> <span class="o">=</span> <span class="n">stmt</span><span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">or_</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">is_system</span> <span class="o">==</span> <span class="bp">True</span><span class="p">,</span> <span class="n">access_filter</span><span class="p">))</span> <span class="n">stmt</span> <span class="o">=</span> <span class="n">stmt</span><span class="p">.</span><span class="nf">group_by</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">.</span><span class="nb">id</span><span class="p">).</span><span class="nf">order_by</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">created_at</span><span class="p">.</span><span class="nf">desc</span><span class="p">())</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">stmt</span><span class="p">)</span> <span class="c1"># ... </span></code></pre> </div> <p><strong>Important lesson</strong>: the <code>super_admin</code> does NOT see other tenants' data. They're the platform operator. They see aggregate statistics (total tenants, revenue, etc.) but can't read other tenants' conversations or KBs. This was a deliberate privacy decision.</p> <h3> Granular KB Access </h3> <p>Within the same tenant, not all members see all KBs. There's an access control system:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">_check_kb_access</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">kb</span><span class="p">:</span> <span class="n">KnowledgeBase</span><span class="p">,</span> <span class="n">user</span><span class="p">:</span> <span class="n">User</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">has_access</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">user_can_access_kb</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">user</span><span class="p">,</span> <span class="n">kb</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">has_access</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ForbiddenException</span><span class="p">(</span><span class="sh">"</span><span class="s">You don</span><span class="sh">'</span><span class="s">t have access to this knowledge base</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>KBs can be:</p> <ul> <li> <strong>Public within the tenant</strong>: all members can see them</li> <li> <strong>Private</strong>: only members assigned via groups can see them</li> <li> <strong>System</strong>: system KBs, visible to all, only modifiable by super_admin</li> </ul> <h3> CASCADE: Clean Deletion </h3> <p>All foreign keys use <code>ondelete="CASCADE"</code>. When a tenant is deleted, <strong>everything</strong> cascades: users, KBs, documents, chunks, conversations, API keys, usage logs. A single operation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">delete_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">User</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span><span class="p">:</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># Safety checks </span> <span class="k">if</span> <span class="n">current_user</span><span class="p">.</span><span class="n">tenant_id</span> <span class="o">==</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">BadRequestException</span><span class="p">(</span><span class="sh">"</span><span class="s">You cannot delete your own tenant</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">tenant</span><span class="p">.</span><span class="n">slug</span> <span class="o">==</span> <span class="sh">"</span><span class="s">system-tenant</span><span class="sh">"</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ForbiddenException</span><span class="p">(</span><span class="sh">"</span><span class="s">Cannot delete the system tenant</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># 1. Cancel active subscription </span> <span class="k">try</span><span class="p">:</span> <span class="k">await</span> <span class="nf">admin_cancel_subscription</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">immediate</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">except</span> <span class="n">NotFoundException</span><span class="p">:</span> <span class="k">pass</span> <span class="c1"># 2. Clean Redis cache </span> <span class="n">redis</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">redis</span><span class="p">:</span> <span class="n">keys</span> <span class="o">=</span> <span class="k">await</span> <span class="n">redis</span><span class="p">.</span><span class="nf">keys</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">*:</span><span class="si">{</span><span class="n">tenant_id</span><span class="si">}</span><span class="s">:*</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">keys</span><span class="p">:</span> <span class="k">await</span> <span class="n">redis</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="o">*</span><span class="n">keys</span><span class="p">)</span> <span class="c1"># 3. DELETE → CASCADE handles the rest </span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="n">tenant</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <h2> Plan Enforcement: Atomic Counters with UPSERT </h2> <h3> The Problem </h3> <p>Imagine a Free-plan tenant has a limit of 50 messages/month. Two users send a message at the same time. If you do <code>SELECT count → check → INSERT</code>, you have a race condition: both read 49, both pass the check, both insert. Now there are 51.</p> <h3> The Solution: Atomic UPSERT </h3> <p>The <code>tenant_monthly_usage</code> table uses a UNIQUE constraint on <code>(tenant_id, billing_period)</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">TenantMonthlyUsage</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tenant_monthly_usage</span><span class="sh">"</span> <span class="nb">id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tenants.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span> <span class="p">)</span> <span class="n">billing_period</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">10</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">messages_count</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">0</span><span class="p">)</span> <span class="n">tokens_used</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">BigInteger</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">0</span><span class="p">)</span> <span class="n">__table_args__</span> <span class="o">=</span> <span class="p">(</span> <span class="nc">UniqueConstraint</span><span class="p">(</span><span class="sh">"</span><span class="s">tenant_id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">billing_period</span><span class="sh">"</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">"</span><span class="s">uq_tenant_billing_usage</span><span class="sh">"</span><span class="p">),</span> <span class="p">)</span> </code></pre> </div> <p>The increment uses <code>INSERT ... ON CONFLICT DO UPDATE</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">increment_message_count</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">anchor</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">_get_billing_anchor</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="n">bp</span> <span class="o">=</span> <span class="nf">_get_billing_period_key</span><span class="p">(</span><span class="n">anchor</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nf">text</span><span class="p">(</span><span class="sh">"""</span><span class="s"> INSERT INTO tenant_monthly_usage (id, tenant_id, billing_period, messages_count, tokens_used) VALUES (gen_random_uuid(), :tid, :bp, 1, 0) ON CONFLICT (tenant_id, billing_period) DO UPDATE SET messages_count = tenant_monthly_usage.messages_count + 1, updated_at = now() </span><span class="sh">"""</span><span class="p">),</span> <span class="p">{</span><span class="sh">"</span><span class="s">tid</span><span class="sh">"</span><span class="p">:</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">bp</span><span class="sh">"</span><span class="p">:</span> <span class="n">bp</span><span class="p">})</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <p><strong>Why does this work?</strong> PostgreSQL executes <code>INSERT ... ON CONFLICT DO UPDATE</code> atomically. There's no race condition window. If two requests arrive at the same time, one will INSERT and the other will UPDATE, but the counter will always be correct.</p> <p><strong>Anti-fraud detail</strong>: counters <strong>only increment</strong>. There's no endpoint to decrement. No way for a user to manipulate their usage. The only way to "reset" is when the billing period changes (i.e., a month passes).</p> <h3> Billing Period Calculation </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_get_billing_period_key</span><span class="p">(</span><span class="n">anchor</span><span class="p">:</span> <span class="n">datetime</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">now</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">timezone</span><span class="p">.</span><span class="n">utc</span><span class="p">)</span> <span class="n">billing_day</span> <span class="o">=</span> <span class="n">anchor</span><span class="p">.</span><span class="n">day</span> <span class="c1"># Clamping: if anchor is day 31 and we're in February (28 days), </span> <span class="c1"># effective billing day is 28 </span> <span class="n">max_day</span> <span class="o">=</span> <span class="n">calendar</span><span class="p">.</span><span class="nf">monthrange</span><span class="p">(</span><span class="n">now</span><span class="p">.</span><span class="n">year</span><span class="p">,</span> <span class="n">now</span><span class="p">.</span><span class="n">month</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="n">effective_day</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="n">billing_day</span><span class="p">,</span> <span class="n">max_day</span><span class="p">)</span> <span class="k">if</span> <span class="n">now</span><span class="p">.</span><span class="n">day</span> <span class="o">&gt;=</span> <span class="n">effective_day</span><span class="p">:</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">now</span><span class="p">.</span><span class="n">year</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">now</span><span class="p">.</span><span class="n">month</span><span class="si">:</span><span class="mi">02</span><span class="n">d</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">effective_day</span><span class="si">:</span><span class="mi">02</span><span class="n">d</span><span class="si">}</span><span class="sh">"</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Current period started last month </span> <span class="k">if</span> <span class="n">now</span><span class="p">.</span><span class="n">month</span> <span class="o">==</span> <span class="mi">1</span><span class="p">:</span> <span class="n">prev_year</span><span class="p">,</span> <span class="n">prev_month</span> <span class="o">=</span> <span class="n">now</span><span class="p">.</span><span class="n">year</span> <span class="o">-</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">12</span> <span class="k">else</span><span class="p">:</span> <span class="n">prev_year</span><span class="p">,</span> <span class="n">prev_month</span> <span class="o">=</span> <span class="n">now</span><span class="p">.</span><span class="n">year</span><span class="p">,</span> <span class="n">now</span><span class="p">.</span><span class="n">month</span> <span class="o">-</span> <span class="mi">1</span> <span class="n">max_day_prev</span> <span class="o">=</span> <span class="n">calendar</span><span class="p">.</span><span class="nf">monthrange</span><span class="p">(</span><span class="n">prev_year</span><span class="p">,</span> <span class="n">prev_month</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="n">effective_day_prev</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="n">billing_day</span><span class="p">,</span> <span class="n">max_day_prev</span><span class="p">)</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">prev_year</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">prev_month</span><span class="si">:</span><span class="mi">02</span><span class="n">d</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">effective_day_prev</span><span class="si">:</span><span class="mi">02</span><span class="n">d</span><span class="si">}</span><span class="sh">"</span> </code></pre> </div> <p><strong>Why is this complex?</strong> Because months don't have the same number of days. If a tenant paid on January 31st, their next cycle doesn't start on February 31st (doesn't exist). The clamping handles this.</p> <h3> Limit Verification </h3> <p>Before executing the RAG pipeline, I verify limits:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">check_message_limit</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">plan</span><span class="p">,</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">_get_plan_and_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">plan</span><span class="p">:</span> <span class="k">return</span> <span class="k">if</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">:</span> <span class="k">return</span> <span class="c1"># Unlimited </span> <span class="n">usage</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_monthly_usage</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">messages_month</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">PlanLimitException</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Monthly message limit reached </span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">(</span><span class="si">{</span><span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span><span class="si">}</span><span class="s"> max for </span><span class="si">{</span><span class="n">plan</span><span class="p">.</span><span class="n">name</span><span class="si">}</span><span class="s"> plan)</span><span class="sh">"</span> <span class="p">)</span> </code></pre> </div> <p><strong>PlanLimitException</strong> returns HTTP 403, not 429. It's a plan restriction, not rate limiting. The frontend distinguishes between "upgrade your plan" (403) and "wait a moment" (429).</p> <h3> Limits on All Resources </h3> <p>Not just messages. Every resource has its check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Before creating a user </span><span class="k">await</span> <span class="nf">check_user_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># Before creating a KB </span><span class="k">await</span> <span class="nf">check_kb_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># Before uploading a document </span><span class="k">await</span> <span class="nf">check_document_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">await</span> <span class="nf">check_storage_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">new_file_size_bytes</span><span class="o">=</span><span class="n">file_size</span><span class="p">)</span> <span class="c1"># Before creating an API key </span><span class="k">await</span> <span class="nf">check_api_key_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># Before sending a message to the LLM </span><span class="k">await</span> <span class="nf">check_message_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">await</span> <span class="nf">check_concurrent_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> </code></pre> </div> <p>The pattern is always the same:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">check_kb_limit</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">tenant</span><span class="p">.</span><span class="n">plan_id</span><span class="p">:</span> <span class="k">return</span> <span class="n">plan</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">Plan</span><span class="p">,</span> <span class="n">tenant</span><span class="p">.</span><span class="n">plan_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">plan</span> <span class="ow">or</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_kbs</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">:</span> <span class="k">return</span> <span class="n">stmt</span> <span class="o">=</span> <span class="nf">select</span><span class="p">(</span><span class="n">func</span><span class="p">.</span><span class="nf">count</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">.</span><span class="nb">id</span><span class="p">)).</span><span class="nf">where</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">tenant_id</span> <span class="o">==</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">stmt</span><span class="p">)</span> <span class="n">current_count</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">scalar</span><span class="p">()</span> <span class="ow">or</span> <span class="mi">0</span> <span class="k">if</span> <span class="n">current_count</span> <span class="o">&gt;=</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_kbs</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">PlanLimitException</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Knowledge base limit reached (</span><span class="si">{</span><span class="n">plan</span><span class="p">.</span><span class="n">max_kbs</span><span class="si">}</span><span class="s"> max)</span><span class="sh">"</span> <span class="p">)</span> </code></pre> </div> <h2> Rate Limiting with Redis: Sliding Window </h2> <h3> Why Redis and Not PostgreSQL </h3> <p>Billing period counters are in PostgreSQL because they need durability. Rate limiting is in Redis because it needs <strong>speed</strong> and <strong>automatic TTL</strong>.</p> <p>If the server restarts mid-stream, I don't want a "phantom" counter in PostgreSQL blocking the tenant. Redis with TTL self-cleans.</p> <h3> Sliding Window with Sorted Sets </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">redis.asyncio</span> <span class="k">as</span> <span class="n">redis</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">is_allowed</span><span class="p">(</span><span class="n">key</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">max_requests</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">window_seconds</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">60</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">client</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="c1"># Fail-open </span> <span class="n">redis_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">ratelimit:</span><span class="si">{</span><span class="n">key</span><span class="si">}</span><span class="sh">"</span> <span class="n">now</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="n">cutoff</span> <span class="o">=</span> <span class="n">now</span> <span class="o">-</span> <span class="n">window_seconds</span> <span class="k">try</span><span class="p">:</span> <span class="n">pipe</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">pipeline</span><span class="p">()</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">zremrangebyscore</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="n">cutoff</span><span class="p">)</span> <span class="c1"># Clean expired </span> <span class="n">pipe</span><span class="p">.</span><span class="nf">zcard</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="c1"># Count current </span> <span class="n">pipe</span><span class="p">.</span><span class="nf">zadd</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="p">{</span><span class="nf">str</span><span class="p">(</span><span class="n">now</span><span class="p">):</span> <span class="n">now</span><span class="p">})</span> <span class="c1"># Add this request </span> <span class="n">pipe</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="n">window_seconds</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="c1"># TTL safety net </span> <span class="n">results</span> <span class="o">=</span> <span class="k">await</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">execute</span><span class="p">()</span> <span class="n">current_count</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="k">if</span> <span class="n">current_count</span> <span class="o">&gt;=</span> <span class="n">max_requests</span><span class="p">:</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">zrem</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="nf">str</span><span class="p">(</span><span class="n">now</span><span class="p">))</span> <span class="c1"># Rollback </span> <span class="k">return</span> <span class="bp">False</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="c1"># Fail-open </span></code></pre> </div> <p><strong>Why sorted sets and not a simple INCR?</strong> Because I need a <strong>sliding window</strong>, not a fixed window. With INCR, if a user sends 60 requests at second 59 of the minute, and 60 more at second 1 of the next minute, 120 requests pass in 2 seconds. With sorted sets, each request has its timestamp and the window slides continuously.</p> <p><strong>Why fail-open?</strong> If Redis goes down, I prefer to let requests through (graceful degradation) than to block all users. Billing limits in PostgreSQL are still active as a safety net.</p> <h3> Stream Concurrency </h3> <p>To limit simultaneous SSE connections per tenant, I use a different pattern: INCR/DECR with safety TTL.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">_CONCURRENT_TTL</span> <span class="o">=</span> <span class="mi">300</span> <span class="c1"># 5 minutes </span> <span class="k">async</span> <span class="k">def</span> <span class="nf">increment_concurrent</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">client</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> <span class="n">redis_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">concurrent:</span><span class="si">{</span><span class="n">tenant_id</span><span class="si">}</span><span class="sh">"</span> <span class="k">try</span><span class="p">:</span> <span class="n">pipe</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">pipeline</span><span class="p">()</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">incr</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="n">_CONCURRENT_TTL</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="k">await</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">execute</span><span class="p">()</span> <span class="k">return</span> <span class="n">results</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">decrement_concurrent</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">client</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> <span class="n">redis_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">concurrent:</span><span class="si">{</span><span class="n">tenant_id</span><span class="si">}</span><span class="sh">"</span> <span class="k">try</span><span class="p">:</span> <span class="n">count</span> <span class="o">=</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">decr</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="k">if</span> <span class="n">count</span> <span class="o">&lt;=</span> <span class="mi">0</span><span class="p">:</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="k">return</span> <span class="mi">0</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="n">_CONCURRENT_TTL</span><span class="p">)</span> <span class="k">return</span> <span class="n">count</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> </code></pre> </div> <p><strong>Why 5-minute TTL?</strong> If the server crashes during a stream, the DECR never executes and the counter stays inflated. The TTL self-heals: after 5 minutes without activity, the counter deletes itself.</p> <p>Usage in the chat endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/conversations/{conv_id}/messages/stream</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">stream_chat</span><span class="p">(</span><span class="n">conv_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">MessageCreate</span><span class="p">,</span> <span class="p">...):</span> <span class="c1"># Check LLM budget (soft check) </span> <span class="n">faq_only_mode</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">is_llm_budget_exhausted</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">current_user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">faq_only_mode</span><span class="p">:</span> <span class="k">await</span> <span class="nf">check_concurrent_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">current_user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># ... prepare pipeline ... </span> <span class="k">async</span> <span class="k">def</span> <span class="nf">event_generator</span><span class="p">():</span> <span class="k">await</span> <span class="nf">increment_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">current_user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">))</span> <span class="k">try</span><span class="p">:</span> <span class="k">async</span> <span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="nf">_event_generator_inner</span><span class="p">():</span> <span class="k">yield</span> <span class="n">event</span> <span class="k">finally</span><span class="p">:</span> <span class="c1"># ALWAYS decrement, even on error </span> <span class="k">await</span> <span class="nf">decrement_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">current_user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">))</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">event_generator</span><span class="p">())</span> </code></pre> </div> <p>The <code>finally</code> is critical. Without it, any exception during streaming would leave the counter inflated.</p> <h2> Registration: One Tenant Per User, Automatic </h2> <p>When someone registers, a tenant with the Free plan is automatically created:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">register</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">UserRegister</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">User</span><span class="p">:</span> <span class="n">existing</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_user_by_email</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">data</span><span class="p">.</span><span class="n">email</span><span class="p">)</span> <span class="k">if</span> <span class="n">existing</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">BadRequestException</span><span class="p">(</span><span class="sh">"</span><span class="s">Email already registered</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Create tenant automatically </span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">create_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">data</span><span class="p">.</span><span class="n">tenant_name</span><span class="p">,</span> <span class="n">plan_slug</span><span class="o">=</span><span class="sh">"</span><span class="s">free</span><span class="sh">"</span><span class="p">)</span> <span class="n">user</span> <span class="o">=</span> <span class="nc">User</span><span class="p">(</span> <span class="n">email</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="n">email</span><span class="p">,</span> <span class="n">hashed_password</span><span class="o">=</span><span class="nf">hash_password</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="n">password</span><span class="p">),</span> <span class="n">full_name</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="n">full_name</span><span class="p">,</span> <span class="n">role</span><span class="o">=</span><span class="n">UserRole</span><span class="p">.</span><span class="n">TENANT_ADMIN</span><span class="p">,</span> <span class="c1"># Creator is admin </span> <span class="n">tenant_id</span><span class="o">=</span><span class="n">tenant</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">email_verified</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">return</span> <span class="n">user</span> </code></pre> </div> <p>The tenant slug is auto-generated with deduplication:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_generate_slug</span><span class="p">(</span><span class="n">name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">slug</span> <span class="o">=</span> <span class="n">re</span><span class="p">.</span><span class="nf">sub</span><span class="p">(</span><span class="sa">r</span><span class="sh">'</span><span class="s">[^a-z0-9]+</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">-</span><span class="sh">'</span><span class="p">,</span> <span class="n">name</span><span class="p">.</span><span class="nf">lower</span><span class="p">()).</span><span class="nf">strip</span><span class="p">(</span><span class="sh">'</span><span class="s">-</span><span class="sh">'</span><span class="p">)</span> <span class="k">return</span> <span class="n">slug</span><span class="p">[:</span><span class="mi">80</span><span class="p">]</span> <span class="k">if</span> <span class="n">slug</span> <span class="k">else</span> <span class="sh">'</span><span class="s">tenant</span><span class="sh">'</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">create_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">plan_slug</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">free</span><span class="sh">"</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Tenant</span><span class="p">:</span> <span class="c1"># Find plan </span> <span class="n">stmt</span> <span class="o">=</span> <span class="nf">select</span><span class="p">(</span><span class="n">Plan</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span><span class="n">Plan</span><span class="p">.</span><span class="n">slug</span> <span class="o">==</span> <span class="n">plan_slug</span><span class="p">,</span> <span class="n">Plan</span><span class="p">.</span><span class="n">is_active</span> <span class="o">==</span> <span class="bp">True</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">stmt</span><span class="p">)</span> <span class="n">plan</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">scalar_one_or_none</span><span class="p">()</span> <span class="n">base_slug</span> <span class="o">=</span> <span class="nf">_generate_slug</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="n">slug</span> <span class="o">=</span> <span class="n">base_slug</span> <span class="c1"># If exists, add random suffix </span> <span class="n">existing</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nf">select</span><span class="p">(</span><span class="n">Tenant</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span><span class="n">Tenant</span><span class="p">.</span><span class="n">slug</span> <span class="o">==</span> <span class="n">slug</span><span class="p">))</span> <span class="k">if</span> <span class="n">existing</span><span class="p">.</span><span class="nf">scalar_one_or_none</span><span class="p">():</span> <span class="n">slug</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">base_slug</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">uuid</span><span class="p">.</span><span class="nf">uuid4</span><span class="p">().</span><span class="nb">hex</span><span class="p">[</span><span class="si">:</span><span class="mi">6</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span> <span class="n">tenant</span> <span class="o">=</span> <span class="nc">Tenant</span><span class="p">(</span><span class="n">name</span><span class="o">=</span><span class="n">name</span><span class="p">,</span> <span class="n">slug</span><span class="o">=</span><span class="n">slug</span><span class="p">,</span> <span class="n">plan_id</span><span class="o">=</span><span class="n">plan</span><span class="p">.</span><span class="nb">id</span> <span class="k">if</span> <span class="n">plan</span> <span class="k">else</span> <span class="bp">None</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">tenant</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">flush</span><span class="p">()</span> <span class="k">return</span> <span class="n">tenant</span> </code></pre> </div> <h2> JWT: tenant_id in the Token </h2> <p>The access token includes <code>tenant_id</code> and <code>role</code> directly in the payload:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">create_access_token</span><span class="p">(</span><span class="n">user_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">role</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">expire_minutes</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="bp">None</span> <span class="o">=</span> <span class="bp">None</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">minutes</span> <span class="o">=</span> <span class="n">expire_minutes</span> <span class="ow">or</span> <span class="n">settings</span><span class="p">.</span><span class="n">access_token_expire_minutes</span> <span class="n">expire</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">timezone</span><span class="p">.</span><span class="n">utc</span><span class="p">)</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="n">minutes</span><span class="p">)</span> <span class="n">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">sub</span><span class="sh">"</span><span class="p">:</span> <span class="n">user_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">tenant_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="n">role</span><span class="p">,</span> <span class="sh">"</span><span class="s">exp</span><span class="sh">"</span><span class="p">:</span> <span class="n">expire</span><span class="p">,</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">access</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="k">return</span> <span class="n">jwt</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="n">payload</span><span class="p">,</span> <span class="n">settings</span><span class="p">.</span><span class="n">jwt_secret</span><span class="p">,</span> <span class="n">algorithm</span><span class="o">=</span><span class="n">settings</span><span class="p">.</span><span class="n">jwt_algorithm</span><span class="p">)</span> </code></pre> </div> <p><strong>Why include tenant_id in the JWT?</strong> To avoid a DB query on every request just to find out which tenant the user belongs to. In <code>get_current_user</code> I still verify against the DB (in case the user was deactivated), but the token's tenant_id serves as a quick hint.</p> <h3> Refresh Token Rotation </h3> <p>Every time a refresh token is used, it's <strong>revoked</strong> and a new one is issued:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">refresh_access_token</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">refresh_token_value</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">stmt</span> <span class="o">=</span> <span class="nf">select</span><span class="p">(</span><span class="n">RefreshToken</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span> <span class="n">RefreshToken</span><span class="p">.</span><span class="n">token</span> <span class="o">==</span> <span class="n">refresh_token_value</span><span class="p">,</span> <span class="n">RefreshToken</span><span class="p">.</span><span class="n">revoked</span> <span class="o">==</span> <span class="bp">False</span><span class="p">,</span> <span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">stmt</span><span class="p">)</span> <span class="n">token_record</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">scalar_one_or_none</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">token_record</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">Invalid refresh token</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Revoke the old one (rotation) </span> <span class="n">token_record</span><span class="p">.</span><span class="n">revoked</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_user_by_id</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">token_record</span><span class="p">.</span><span class="n">user_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span> <span class="ow">or</span> <span class="ow">not</span> <span class="n">user</span><span class="p">.</span><span class="n">is_active</span><span class="p">:</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">User not found or deactivated</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Issue new tokens </span> <span class="n">new_access</span> <span class="o">=</span> <span class="nf">create_access_token</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="nb">id</span><span class="p">),</span> <span class="nf">str</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">),</span> <span class="n">user</span><span class="p">.</span><span class="n">role</span><span class="p">.</span><span class="n">value</span><span class="p">)</span> <span class="n">new_refresh_value</span> <span class="o">=</span> <span class="nf">create_refresh_token_value</span><span class="p">()</span> <span class="n">new_refresh</span> <span class="o">=</span> <span class="nc">RefreshToken</span><span class="p">(</span> <span class="n">user_id</span><span class="o">=</span><span class="n">user</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">token</span><span class="o">=</span><span class="n">new_refresh_value</span><span class="p">,</span> <span class="n">expires_at</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">timezone</span><span class="p">.</span><span class="n">utc</span><span class="p">)</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="n">settings</span><span class="p">.</span><span class="n">refresh_token_expire_days</span><span class="p">),</span> <span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">new_refresh</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">return</span> <span class="n">new_access</span><span class="p">,</span> <span class="n">new_refresh_value</span> </code></pre> </div> <p>If someone intercepts a refresh token and uses it, the original token gets revoked. When the legitimate user tries to refresh, it will fail and they'll know there was a compromise.</p> <h2> Threshold Warnings: Alert Before It Breaks </h2> <p>I don't wait until the tenant hits 100% of their limit. I implemented warnings at 80% and 95%:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">get_usage_warnings</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">]:</span> <span class="n">plan</span><span class="p">,</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">_get_plan_and_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">plan</span><span class="p">:</span> <span class="k">return</span> <span class="p">[]</span> <span class="n">usage</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_monthly_usage</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="n">warnings</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">resources</span> <span class="o">=</span> <span class="p">[</span> <span class="p">(</span><span class="sh">"</span><span class="s">messages</span><span class="sh">"</span><span class="p">,</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">messages_month</span><span class="sh">"</span><span class="p">],</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span><span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">tokens</span><span class="sh">"</span><span class="p">,</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">tokens_month</span><span class="sh">"</span><span class="p">],</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_tokens_month</span><span class="p">),</span> <span class="p">]</span> <span class="k">for</span> <span class="n">resource</span><span class="p">,</span> <span class="n">used</span><span class="p">,</span> <span class="n">max_val</span> <span class="ow">in</span> <span class="n">resources</span><span class="p">:</span> <span class="k">if</span> <span class="n">max_val</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span> <span class="ow">or</span> <span class="n">max_val</span> <span class="o">&lt;=</span> <span class="mi">0</span><span class="p">:</span> <span class="k">continue</span> <span class="n">pct</span> <span class="o">=</span> <span class="nf">round</span><span class="p">((</span><span class="n">used</span> <span class="o">/</span> <span class="n">max_val</span><span class="p">)</span> <span class="o">*</span> <span class="mi">100</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="k">if</span> <span class="n">pct</span> <span class="o">&gt;=</span> <span class="mi">95</span><span class="p">:</span> <span class="n">warnings</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">resource</span><span class="sh">"</span><span class="p">:</span> <span class="n">resource</span><span class="p">,</span> <span class="sh">"</span><span class="s">used</span><span class="sh">"</span><span class="p">:</span> <span class="n">used</span><span class="p">,</span> <span class="sh">"</span><span class="s">max</span><span class="sh">"</span><span class="p">:</span> <span class="n">max_val</span><span class="p">,</span> <span class="sh">"</span><span class="s">pct</span><span class="sh">"</span><span class="p">:</span> <span class="n">pct</span><span class="p">,</span> <span class="sh">"</span><span class="s">level</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">critical</span><span class="sh">"</span> <span class="p">})</span> <span class="k">elif</span> <span class="n">pct</span> <span class="o">&gt;=</span> <span class="mi">80</span><span class="p">:</span> <span class="n">warnings</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">resource</span><span class="sh">"</span><span class="p">:</span> <span class="n">resource</span><span class="p">,</span> <span class="sh">"</span><span class="s">used</span><span class="sh">"</span><span class="p">:</span> <span class="n">used</span><span class="p">,</span> <span class="sh">"</span><span class="s">max</span><span class="sh">"</span><span class="p">:</span> <span class="n">max_val</span><span class="p">,</span> <span class="sh">"</span><span class="s">pct</span><span class="sh">"</span><span class="p">:</span> <span class="n">pct</span><span class="p">,</span> <span class="sh">"</span><span class="s">level</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">warning</span><span class="sh">"</span> <span class="p">})</span> <span class="k">return</span> <span class="n">warnings</span> </code></pre> </div> <p>Warnings are sent by email to tenant admins, with deduplication to avoid spamming:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Only send if: # 1. Not sent for this billing period, OR # 2. Escalating from warning → critical </span><span class="k">if</span> <span class="n">last_sent</span> <span class="o">==</span> <span class="n">bp</span> <span class="ow">and</span> <span class="n">last_level</span> <span class="o">==</span> <span class="sh">"</span><span class="s">critical</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="c1"># Already sent critical for this period </span> <span class="c1"># Save dedup marker </span><span class="n">updated_prefs</span><span class="p">[</span><span class="sh">"</span><span class="s">_last_warning_bp</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">bp</span> <span class="n">updated_prefs</span><span class="p">[</span><span class="sh">"</span><span class="s">_last_warning_level</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">most_severe</span><span class="p">[</span><span class="sh">"</span><span class="s">level</span><span class="sh">"</span><span class="p">]</span> </code></pre> </div> <h2> FAQ-Only Fallback: Graceful Degradation </h2> <p>When a tenant exhausts their LLM budget, I don't block everything. FAQs keep working:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">is_llm_budget_exhausted</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="n">plan</span><span class="p">,</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">_get_plan_and_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">plan</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="n">usage</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_monthly_usage</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span> <span class="o">!=</span> <span class="o">-</span><span class="mi">1</span> <span class="ow">and</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">messages_month</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">if</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_tokens_month</span> <span class="o">!=</span> <span class="o">-</span><span class="mi">1</span> <span class="ow">and</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">tokens_month</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_tokens_month</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">return</span> <span class="bp">False</span> </code></pre> </div> <p>In the chat flow, if <code>is_llm_budget_exhausted</code> returns <code>True</code>, FAQ match is attempted first. If it matches, free response. If not, an <code>upgrade_required</code> SSE event is sent and the frontend shows an upgrade card.</p> <h2> Custom Exceptions: Semantic Errors </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">PlanLimitException</span><span class="p">(</span><span class="n">HTTPException</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">detail</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Plan limit reached</span><span class="sh">"</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_403_FORBIDDEN</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="n">detail</span><span class="p">)</span> <span class="k">class</span> <span class="nc">TooManyRequestsException</span><span class="p">(</span><span class="n">HTTPException</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">detail</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Too many requests</span><span class="sh">"</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">429</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="n">detail</span><span class="p">)</span> </code></pre> </div> <p>The frontend distinguishes:</p> <ul> <li> <strong>403 PlanLimit</strong>: "You've reached your plan limit. Upgrade available."</li> <li> <strong>429 RateLimit</strong>: "Too many requests. Try again in a few seconds."</li> <li> <strong>401 Unauthorized</strong>: "Session expired. Please log in again."</li> </ul> <h2> Numbers That Matter </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Resource</th> <th>Free</th> <th>Starter</th> <th>Pro</th> </tr> </thead> <tbody> <tr> <td>Users</td> <td>3</td> <td>10</td> <td>50</td> </tr> <tr> <td>Knowledge Bases</td> <td>3</td> <td>10</td> <td>-1 (unlimited)</td> </tr> <tr> <td>Documents</td> <td>20</td> <td>100</td> <td>-1</td> </tr> <tr> <td>Storage</td> <td>200 MB</td> <td>1 GB</td> <td>10 GB</td> </tr> <tr> <td>AI Messages/month</td> <td>50</td> <td>500</td> <td>5000</td> </tr> <tr> <td>API Keys</td> <td>1</td> <td>5</td> <td>20</td> </tr> <tr> <td>Concurrency</td> <td>2</td> <td>5</td> <td>20</td> </tr> </tbody> </table></div> <h2> Lessons Learned </h2> <h3> 1. UPSERT &gt; SELECT + INSERT </h3> <p>Never do "read count → check → insert" for usage counters. The race condition is inevitable under load. PostgreSQL's atomic UPSERT is the only correct approach. Saved me hours of debugging "why does the tenant have 51 messages when the limit is 50".</p> <h3> 2. Fail-Open for Rate Limiting, Fail-Closed for Billing </h3> <p>If Redis goes down, rate limits relax (fail-open) but plan limits in PostgreSQL remain active (fail-closed). Never let a downed dependency block all your users.</p> <h3> 3. The Super Admin Isn't an Omniscient God </h3> <p>My first design gave the super_admin full access to all tenants' data. Bad. The super_admin is the platform operator, not the data owner. They see aggregate metrics, not individual conversations. This simplifies compliance and builds trust.</p> <h3> 4. <code>-1</code> for Unlimited Is Better Than a Boolean </h3> <p>Having <code>max_kbs: int</code> with <code>-1 = unlimited</code> is cleaner than <code>max_kbs: int</code> + <code>is_kbs_unlimited: bool</code>. One column, one check. Applied it to all plan limits.</p> <h3> 5. Billing Period Based on Payment Date, Not Calendar Month </h3> <p>If a tenant paid on March 15th, their cycle runs from 3/15 to 4/14, not 3/1 to 3/31. Seems like a minor detail until a user complains that "I paid yesterday and already used half my quota".</p> <h3> 6. TTL as Safety Net for Redis Counters </h3> <p>Redis concurrency counters need TTL. Without it, a server crash leaves "zombie" counters that block the tenant. With a 5-minute TTL, the system self-heals.</p> <h3> 7. CASCADE Simplifies Deletion But You Must Clean Redis Too </h3> <p>PostgreSQL's <code>ON DELETE CASCADE</code> is wonderful for deleting everything related to a tenant. But it doesn't clean Redis. You have to do it explicitly. Found out when a deleted tenant was still counting rate limits.</p> <h2> What's Next </h2> <ul> <li> <strong>Audit log</strong>: Record who did what, when, on what resource</li> <li> <strong>Fine-grained permissions</strong>: Permissions per KB and per action (not just global role)</li> <li> <strong>Multi-region</strong>: Tenants assigned to specific regions for compliance</li> </ul> <h2> Conclusion </h2> <p>Real multi-tenancy isn't an extra column in the database. It's an enforcement system spanning from the data model to rate limiting, through authorization and billing. The most critical points:</p> <ol> <li> <strong>Atomic counters</strong> (UPSERT) so limits are respected under concurrency</li> <li> <strong>Redis for the ephemeral</strong> (rate limits, concurrency) and <strong>PostgreSQL for the durable</strong> (billing, usage)</li> <li> <strong>Clear roles</strong> with dependency injection that makes authorization impossible to skip</li> <li><strong>Fail-open where it hurts little, fail-closed where it hurts a lot</strong></li> <li> <strong>Isolation by default</strong> — every query filters by tenant_id, no exceptions</li> </ol> <p>If you're building a multi-tenant SaaS, invest in enforcement from day 1. Refactoring this later is orders of magnitude more painful than doing it right from the start.</p> <p><em>If you're building something multi-tenant and hit a problem I didn't cover, drop a comment. And if this article saved you time, a like helps it reach more people.</em></p> python saas fastapi postgres Martin Palopoli Tue, 24 Mar 2026 13:28:00 +0000 https://dev.to/martin_palopoli/how-i-deployed-a-rag-engine-to-production-with-docker-nginx-and-digitalocean-48jd https://dev.to/martin_palopoli/how-i-deployed-a-rag-engine-to-production-with-docker-nginx-and-digitalocean-48jd <p>I deployed a full RAG engine (FastAPI + PostgreSQL + pgvector + Redis) on a <strong>4GB RAM</strong> VPS for $24/month. This article covers the real deployment architecture: Docker multi-stage builds, PostgreSQL tuned for limited resources, Nginx as reverse proxy with SSE support, zero-downtime deploys with maintenance mode, automated backups and cron monitoring.</p> <h2> The Context </h2> <p>In the <a href="https://dev.to/martin_palopoli/how-i-built-a-production-rag-pipeline-with-fastapi-pgvector-and-cross-encoder-reranking-j2o">previous article</a> I built a production RAG pipeline with hybrid search, cross-encoder reranking and semantic cache. Everything worked perfectly in local Docker.</p> <p>The problem: <strong>getting it to production on a budget VPS without it exploding</strong>.</p> <p>A RAG system isn't a typical CRUD app. It has:</p> <ul> <li>Embedding models that consume ~500MB of RAM per worker</li> <li>PostgreSQL with heavy extensions (pgvector + HNSW indexes)</li> <li>SSE streaming that needs long-lived connections</li> <li>Redis for rate limiting and cache</li> <li>All of that competing for 4GB of RAM</li> </ul> <h2> Chosen Infrastructure </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Specification</th> </tr> </thead> <tbody> <tr> <td>VPS</td> <td>DigitalOcean 4GB RAM / 2 vCPU / 80GB SSD</td> </tr> <tr> <td>OS</td> <td>Ubuntu 24.04 LTS</td> </tr> <tr> <td>Containers</td> <td>Docker Compose (5 services)</td> </tr> <tr> <td>SSL</td> <td>Cloudflare (proxy + origin certificates)</td> </tr> <tr> <td>DNS</td> <td>Cloudflare</td> </tr> <tr> <td>Total cost</td> <td>~$24/month</td> </tr> </tbody> </table></div> <p><strong>Why not Kubernetes?</strong> Because for a single VPS it's overkill. Docker Compose with restart policies and health checks covers 95% of what you need for a web service with a few thousand users.</p> <h2> Docker Compose: Dev vs Production </h2> <h3> Development </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.yml</span> <span class="na">services</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">pgvector/pgvector:pg16</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5433:5432"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">ragdb</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">raguser</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">localpass123</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pgdata:/var/lib/postgresql/data</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">raguser</span><span class="nv"> </span><span class="s">-d</span><span class="nv"> </span><span class="s">ragdb"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7-alpine</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">6379:6379"</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">./backend</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8000:8000"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./backend/app:/app/app</span> <span class="c1"># Hot reload</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_started</span> <span class="na">frontend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">./frontend</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5173:5173"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./frontend/src:/app/src</span> <span class="c1"># Hot reload</span> </code></pre> </div> <p>Nothing surprising: exposed ports, volumes for hot reload, basic health checks.</p> <h3> Production: The Differences That Matter </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.prod.yml</span> <span class="na">services</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">pgvector/pgvector:pg16</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">app-db</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">env_file</span><span class="pi">:</span> <span class="s">.env.production</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:5432:5432"</span> <span class="c1"># Localhost only</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pgdata:/var/lib/postgresql/data</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">&gt;</span> <span class="s">postgres</span> <span class="s">-c shared_buffers=128MB</span> <span class="s">-c effective_cache_size=256MB</span> <span class="s">-c max_connections=50</span> <span class="s">-c work_mem=4MB</span> <span class="s">-c maintenance_work_mem=64MB</span> <span class="s">-c random_page_cost=1.1</span> <span class="s">-c effective_io_concurrency=200</span> <span class="s">-c wal_buffers=4MB</span> <span class="s">-c checkpoint_completion_target=0.9</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">$$POSTGRES_USER</span><span class="nv"> </span><span class="s">-d</span><span class="nv"> </span><span class="s">$$POSTGRES_DB"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7-alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">app-redis</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">command</span><span class="pi">:</span> <span class="s">redis-server --maxmemory 64mb --maxmemory-policy allkeys-lru</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:6379:6379"</span> <span class="c1"># Localhost only</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">redisdata:/data</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./backend</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">app-backend</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">env_file</span><span class="pi">:</span> <span class="s">.env.production</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:8000:8000"</span> <span class="c1"># Localhost only, Nginx in front</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">1536M</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_started</span> <span class="na">frontend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./frontend</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile.prod</span> <span class="c1"># Multi-stage with Nginx</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">app-frontend</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:5173:5173"</span> <span class="c1"># Localhost only</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">64M</span> </code></pre> </div> <h3> The Key Differences </h3> <p><strong>1. Ports bound to localhost only</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:8000:8000"</span> <span class="c1"># ✅ Only Nginx can access</span> <span class="c1"># vs</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8000:8000"</span> <span class="c1"># ❌ Open to the world</span> </code></pre> </div> <p>If you publish a port without <code>127.0.0.1</code>, Docker modifies iptables and <strong>bypasses the system firewall</strong>. This is a classic mistake.</p> <p><strong>2. PostgreSQL tuned for 4GB</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="n">shared_buffers</span>=<span class="m">128</span><span class="n">MB</span> <span class="c"># ~25% of RAM available for PG (~512MB) </span><span class="n">effective_cache_size</span>=<span class="m">256</span><span class="n">MB</span> <span class="c"># What the OS can cache </span><span class="n">max_connections</span>=<span class="m">50</span> <span class="c"># You don't need 100 with an async backend </span><span class="n">work_mem</span>=<span class="m">4</span><span class="n">MB</span> <span class="c"># Careful: multiplied by connection × sort ops </span><span class="n">random_page_cost</span>=<span class="m">1</span>.<span class="m">1</span> <span class="c"># SSD, not spinning disk </span></code></pre> </div> <p>PostgreSQL defaults assume a dedicated server with 1GB+ of RAM just for PG. On a shared VPS with 4 other services, you need to be conservative.</p> <p><strong>3. Redis with strict limits</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="n">maxmemory</span> <span class="m">64</span><span class="n">mb</span> <span class="n">maxmemory</span>-<span class="n">policy</span> <span class="n">allkeys</span>-<span class="n">lru</span> </code></pre> </div> <p>Redis without <code>maxmemory</code> can grow indefinitely and trigger the OOM killer. With <code>allkeys-lru</code>, when it hits the limit, it evicts the least recently used keys instead of returning errors.</p> <p><strong>4. Memory limits on the backend</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">deploy</span><span class="pi">:</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">1536M</span> </code></pre> </div> <p>The backend with loaded embedding models uses ~800MB-1.2GB. The 1536MB limit gives it headroom without allowing a memory leak to consume the entire VPS.</p> <h2> Dockerfiles: Multi-Stage Builds </h2> <h3> Backend: Pre-Download Models </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># === Stage 1: Builder ===</span> <span class="k">FROM</span><span class="w"> </span><span class="s">python:3.12-slim</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /build</span> <span class="k">COPY</span><span class="s"> requirements.txt .</span> <span class="c"># PyTorch CPU-only (saves ~1.5GB vs CUDA version)</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> torch <span class="nt">--index-url</span> https://download.pytorch.org/whl/cpu <span class="se">\ </span> <span class="o">&amp;&amp;</span> pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">-r</span> requirements.txt <span class="c"># Pre-download embedding and cross-encoder models</span> <span class="k">RUN </span>python <span class="nt">-c</span> <span class="s2">"</span> <span class="k">from</span><span class="s"> sentence_transformers import SentenceTransformer, CrossEncoder</span> SentenceTransformer('paraphrase-multilingual-MiniLM-L12-v2') CrossEncoder('cross-encoder/ms-marco-MiniLM-L-6-v2') " # === Stage 2: Runtime === <span class="k">FROM</span><span class="w"> </span><span class="s">python:3.12-slim</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">runtime</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">RUN </span>apt-get update <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> <span class="nt">--no-install-recommends</span> <span class="se">\ </span> libfontconfig1 curl ca-certificates <span class="o">&amp;&amp;</span> <span class="nb">rm</span> <span class="nt">-rf</span> /var/lib/apt/lists/<span class="k">*</span> <span class="c"># Copy dependencies and pre-downloaded models</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/local/bin /usr/local/bin</span> <span class="k">COPY</span><span class="s"> --from=builder /root/.cache /root/.cache</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span><span class="nb">chmod</span> +x start.sh <span class="k">EXPOSE</span><span class="s"> 8000</span> <span class="k">CMD</span><span class="s"> ["./start.sh"]</span> </code></pre> </div> <p><strong>Why pre-download models during build?</strong> Without it, the first request after each deploy takes 30-60 seconds while models download. With pre-download, the container starts ready to serve.</p> <p><strong>Why PyTorch CPU-only?</strong> The CUDA version weighs ~2GB extra. On a VPS without GPU it's dead weight.</p> <h3> Frontend: Build + Static Nginx </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># === Stage 1: Build ===</span> <span class="k">FROM</span><span class="w"> </span><span class="s">node:20-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">build</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm ci <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>npm run build <span class="c"># === Stage 2: Serve ===</span> <span class="k">FROM</span><span class="s"> nginx:1.27-alpine</span> <span class="c"># Copy static build</span> <span class="k">COPY</span><span class="s"> --from=build /app/dist /usr/share/nginx/html</span> <span class="c"># SPA config</span> <span class="k">COPY</span><span class="s"> nginx.conf /etc/nginx/conf.d/default.conf</span> <span class="k">EXPOSE</span><span class="s"> 5173</span> <span class="k">CMD</span><span class="s"> ["nginx", "-g", "daemon off;"]</span> </code></pre> </div> <p>The production frontend does NOT run Vite. It's Nginx serving static files. The image goes from ~400MB (node + deps) to ~25MB (nginx alpine + dist).</p> <h3> Internal Frontend Nginx (SPA) </h3> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">5173</span><span class="p">;</span> <span class="kn">root</span> <span class="n">/usr/share/nginx/html</span><span class="p">;</span> <span class="kn">index</span> <span class="s">index.html</span><span class="p">;</span> <span class="c1"># Vite-hashed assets → aggressive cache</span> <span class="kn">location</span> <span class="n">/assets/</span> <span class="p">{</span> <span class="kn">expires</span> <span class="s">1y</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">Cache-Control</span> <span class="s">"public,</span> <span class="s">immutable"</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># index.html → never cache (so new deploys are reflected)</span> <span class="kn">location</span> <span class="p">=</span> <span class="n">/index.html</span> <span class="p">{</span> <span class="kn">add_header</span> <span class="s">Cache-Control</span> <span class="s">"no-cache"</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># SPA fallback: all routes → index.html</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">try_files</span> <span class="nv">$uri</span> <span class="nv">$uri</span><span class="n">/</span> <span class="n">/index.html</span><span class="p">;</span> <span class="p">}</span> <span class="kn">gzip</span> <span class="no">on</span><span class="p">;</span> <span class="kn">gzip_types</span> <span class="nc">text/plain</span> <span class="nc">text/css</span> <span class="nc">application/json</span> <span class="nc">application/javascript</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Nginx: The Reverse Proxy That Connects Everything </h2> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="c1"># === Main HTTPS ===</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">your-domain.com</span><span class="p">;</span> <span class="c1"># Origin certificates (Cloudflare → VPS)</span> <span class="kn">ssl_certificate</span> <span class="n">/etc/ssl/certs/origin.pem</span><span class="p">;</span> <span class="kn">ssl_certificate_key</span> <span class="n">/etc/ssl/private/origin.key</span><span class="p">;</span> <span class="kn">ssl_protocols</span> <span class="s">TLSv1.2</span> <span class="s">TLSv1.3</span><span class="p">;</span> <span class="kn">client_max_body_size</span> <span class="mi">50M</span><span class="p">;</span> <span class="c1"># For document uploads</span> <span class="c1"># === Maintenance mode ===</span> <span class="kn">set</span> <span class="nv">$maintenance</span> <span class="mi">0</span><span class="p">;</span> <span class="kn">if</span> <span class="s">(-f</span> <span class="n">/etc/nginx/maintenance.on</span><span class="s">)</span> <span class="p">{</span> <span class="kn">set</span> <span class="nv">$maintenance</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># Health check always available (for monitoring)</span> <span class="kn">location</span> <span class="p">=</span> <span class="n">/api/v1/health</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:8000</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># If maintenance mode → 503</span> <span class="kn">if</span> <span class="s">(</span><span class="nv">$maintenance</span><span class="s">)</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">503</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === API Backend ===</span> <span class="kn">location</span> <span class="n">/api/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:8000</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="c1"># SSE streaming: CRITICAL</span> <span class="kn">proxy_buffering</span> <span class="no">off</span><span class="p">;</span> <span class="kn">proxy_cache</span> <span class="no">off</span><span class="p">;</span> <span class="kn">proxy_read_timeout</span> <span class="s">300s</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">''</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">chunked_transfer_encoding</span> <span class="no">off</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === Widget JS (cacheable) ===</span> <span class="kn">location</span> <span class="p">=</span> <span class="n">/widget.js</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:8000</span><span class="p">;</span> <span class="kn">proxy_cache_valid</span> <span class="mi">200</span> <span class="s">1h</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === Frontend SPA ===</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:5173</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === Gzip ===</span> <span class="kn">gzip</span> <span class="no">on</span><span class="p">;</span> <span class="kn">gzip_comp_level</span> <span class="mi">4</span><span class="p">;</span> <span class="kn">gzip_min_length</span> <span class="mi">256</span><span class="p">;</span> <span class="kn">gzip_types</span> <span class="nc">text/plain</span> <span class="nc">text/css</span> <span class="nc">application/json</span> <span class="nc">application/javascript</span> <span class="nc">text/xml</span> <span class="nc">application/xml</span> <span class="nc">text/javascript</span> <span class="nc">image/svg</span><span class="s">+xml</span><span class="p">;</span> <span class="c1"># === Security headers ===</span> <span class="kn">add_header</span> <span class="s">X-Frame-Options</span> <span class="s">"SAMEORIGIN"</span> <span class="s">always</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">X-Content-Type-Options</span> <span class="s">"nosniff"</span> <span class="s">always</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">Referrer-Policy</span> <span class="s">"strict-origin-when-cross-origin"</span> <span class="s">always</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === HTTP → HTTPS redirect ===</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">your-domain.com</span><span class="p">;</span> <span class="kn">return</span> <span class="mi">301</span> <span class="s">https://</span><span class="nv">$server_name$request_uri</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === www → non-www ===</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">www.your-domain.com</span><span class="p">;</span> <span class="kn">ssl_certificate</span> <span class="n">/etc/ssl/certs/origin.pem</span><span class="p">;</span> <span class="kn">ssl_certificate_key</span> <span class="n">/etc/ssl/private/origin.key</span><span class="p">;</span> <span class="kn">return</span> <span class="mi">301</span> <span class="s">https://your-domain.com</span><span class="nv">$request_uri</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === 503 Maintenance page ===</span> <span class="k">error_page</span> <span class="mi">503</span> <span class="s">@maintenance</span><span class="p">;</span> <span class="k">location</span> <span class="s">@maintenance</span> <span class="p">{</span> <span class="kn">default_type</span> <span class="nc">text/html</span><span class="p">;</span> <span class="kn">return</span> <span class="mi">503</span> <span class="s">'&lt;!DOCTYPE</span> <span class="s">html&gt;</span> <span class="s">&lt;html&gt;&lt;head&gt;&lt;meta</span> <span class="s">charset="UTF-8"&gt;&lt;title&gt;Maintenance&lt;/title&gt;</span> <span class="s">&lt;style&gt;body</span><span class="p">{</span><span class="kn">font-family:system-ui</span><span class="p">;</span><span class="kn">display:flex</span><span class="p">;</span><span class="kn">justify-content:center</span><span class="p">;</span> <span class="kn">align-items:center</span><span class="p">;</span><span class="kn">min-height:100vh</span><span class="p">;</span><span class="kn">background:</span><span class="c1">#0f172a;color:#e2e8f0;</span> <span class="s">text-align:center</span><span class="err">}</span><span class="s">h1</span><span class="p">{</span><span class="kn">font-size:2rem</span><span class="err">}</span><span class="s">p</span><span class="p">{</span><span class="kn">color:</span><span class="c1">#94a3b8}&lt;/style&gt;&lt;/head&gt;</span> <span class="s">&lt;body&gt;&lt;div&gt;&lt;h1&gt;Under</span> <span class="s">Maintenance&lt;/h1&gt;</span> <span class="s">&lt;p&gt;We</span> <span class="s">will</span> <span class="s">be</span> <span class="s">back</span> <span class="s">in</span> <span class="s">a</span> <span class="s">few</span> <span class="s">minutes.&lt;/p&gt;&lt;/div&gt;&lt;/body&gt;&lt;/html&gt;'</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> The SSE Block That Almost Broke Everything </h3> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">location</span> <span class="n">/api/</span> <span class="p">{</span> <span class="kn">proxy_buffering</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># Nginx must NOT buffer the response</span> <span class="kn">proxy_cache</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># Nor cache it</span> <span class="kn">proxy_read_timeout</span> <span class="s">300s</span><span class="p">;</span> <span class="c1"># SSE can last minutes</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">''</span><span class="p">;</span> <span class="c1"># Disable upstream keep-alive</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="c1"># HTTP/1.1 required for chunked</span> <span class="kn">chunked_transfer_encoding</span> <span class="no">off</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Without these headers, Nginx buffers SSE tokens and sends them all at once at the end. The user sees "nothing nothing nothing... entire text at once". These 6 parameters are <strong>mandatory</strong> for real streaming through a reverse proxy.</p> <h2> The Deploy Script </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nv">SERVER</span><span class="o">=</span><span class="s2">"user@server-ip"</span> <span class="nv">SSH_KEY</span><span class="o">=</span><span class="s2">"~/.ssh/deploy_key"</span> <span class="nv">PROJECT_DIR</span><span class="o">=</span><span class="s2">"/opt/my-app"</span> <span class="nv">BACKUP_DIR</span><span class="o">=</span><span class="s2">"/opt/my-app/backups/db"</span> <span class="nv">DEPLOY_MODE</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">1</span><span class="k">:-</span><span class="nv">full</span><span class="k">}</span><span class="s2">"</span> <span class="c"># frontend | backend | full</span> ssh_cmd<span class="o">()</span> <span class="o">{</span> ssh <span class="nt">-i</span> <span class="s2">"</span><span class="nv">$SSH_KEY</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$SERVER</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">}</span> <span class="nb">echo</span> <span class="s2">"=== Deploy: </span><span class="nv">$DEPLOY_MODE</span><span class="s2"> ==="</span> <span class="c"># 1. Push code</span> git push origin main <span class="c"># 2. Pull on server</span> ssh_cmd <span class="s2">"cd </span><span class="nv">$PROJECT_DIR</span><span class="s2"> &amp;&amp; git fetch origin &amp;&amp; git reset --hard origin/main"</span> <span class="c"># 3. Database backup (backend/full only)</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$DEPLOY_MODE</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"frontend"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Creating DB backup..."</span> <span class="nv">TIMESTAMP</span><span class="o">=</span><span class="si">$(</span><span class="nb">date</span> +%Y%m%d_%H%M%S<span class="si">)</span> ssh_cmd <span class="s2">"docker exec app-db pg_dump -U </span><span class="se">\$</span><span class="s2">POSTGRES_USER </span><span class="se">\$</span><span class="s2">POSTGRES_DB </span><span class="se">\</span><span class="s2"> | gzip &gt; </span><span class="nv">$BACKUP_DIR</span><span class="s2">/backup_</span><span class="k">${</span><span class="nv">TIMESTAMP</span><span class="k">}</span><span class="s2">.gz"</span> <span class="c"># Enable maintenance mode</span> ssh_cmd <span class="s2">"touch /etc/nginx/maintenance.on &amp;&amp; nginx -s reload"</span> <span class="nb">echo</span> <span class="s2">"Maintenance mode: ON"</span> <span class="k">fi</span> <span class="c"># 4. Rebuild and restart</span> <span class="k">case</span> <span class="nv">$DEPLOY_MODE</span> <span class="k">in </span>frontend<span class="p">)</span> ssh_cmd <span class="s2">"cd </span><span class="nv">$PROJECT_DIR</span><span class="s2"> &amp;&amp; docker compose -f docker-compose.prod.yml </span><span class="se">\</span><span class="s2"> build frontend &amp;&amp; docker compose -f docker-compose.prod.yml </span><span class="se">\</span><span class="s2"> up -d frontend"</span> <span class="p">;;</span> backend<span class="p">)</span> ssh_cmd <span class="s2">"cd </span><span class="nv">$PROJECT_DIR</span><span class="s2"> &amp;&amp; docker compose -f docker-compose.prod.yml </span><span class="se">\</span><span class="s2"> build backend &amp;&amp; docker compose -f docker-compose.prod.yml </span><span class="se">\</span><span class="s2"> up -d backend"</span> <span class="p">;;</span> full<span class="p">)</span> ssh_cmd <span class="s2">"cd </span><span class="nv">$PROJECT_DIR</span><span class="s2"> &amp;&amp; docker compose -f docker-compose.prod.yml </span><span class="se">\</span><span class="s2"> up -d --build"</span> <span class="p">;;</span> <span class="k">esac</span> <span class="c"># 5. Disable maintenance mode</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$DEPLOY_MODE</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"frontend"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">sleep </span>15 <span class="c"># Wait for backend to load models</span> ssh_cmd <span class="s2">"rm -f /etc/nginx/maintenance.on &amp;&amp; nginx -s reload"</span> <span class="nb">echo</span> <span class="s2">"Maintenance mode: OFF"</span> <span class="k">fi</span> <span class="c"># 6. Health check</span> <span class="nb">echo</span> <span class="s2">"Checking health..."</span> <span class="nv">MAX_RETRIES</span><span class="o">=</span>30 <span class="k">for </span>i <span class="k">in</span> <span class="si">$(</span><span class="nb">seq </span>1 <span class="nv">$MAX_RETRIES</span><span class="si">)</span><span class="p">;</span> <span class="k">do </span><span class="nv">STATUS</span><span class="o">=</span><span class="si">$(</span>ssh_cmd <span class="s2">"curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1:8000/api/v1/health"</span><span class="si">)</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$STATUS</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"200"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Deploy successful. Health: OK"</span> <span class="nb">exit </span>0 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Attempt </span><span class="nv">$i</span><span class="s2">/</span><span class="nv">$MAX_RETRIES</span><span class="s2">... (status: </span><span class="nv">$STATUS</span><span class="s2">)"</span> <span class="nb">sleep </span>5 <span class="k">done </span><span class="nb">echo</span> <span class="s2">"ERROR: Health check failed after </span><span class="nv">$MAX_RETRIES</span><span class="s2"> attempts"</span> <span class="nb">exit </span>1 </code></pre> </div> <h3> Why Maintenance Mode? </h3> <p>The backend takes ~15 seconds to start: it runs Alembic migrations and then Uvicorn loads the embedding models. Without maintenance mode, during those 15 seconds Nginx returns 502 Bad Gateway.</p> <p>With the <code>/etc/nginx/maintenance.on</code> file, Nginx returns a styled 503 page. The health check (<code>/api/v1/health</code>) is exempted so the script can verify when the backend is ready.</p> <h2> Backend Start Script </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nb">echo</span> <span class="s2">"Running database migrations..."</span> alembic upgrade <span class="nb">head echo</span> <span class="s2">"Starting FastAPI server..."</span> <span class="c"># 1 worker = ~800MB with loaded models</span> <span class="c"># 2 workers = ~1.3GB (only if you have RAM to spare)</span> <span class="nv">WORKERS</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">UVICORN_WORKERS</span><span class="k">:-</span><span class="nv">1</span><span class="k">}</span><span class="s2">"</span> <span class="nb">exec </span>uvicorn app.main:app <span class="se">\</span> <span class="nt">--host</span> 0.0.0.0 <span class="se">\</span> <span class="nt">--port</span> 8000 <span class="se">\</span> <span class="nt">--workers</span> <span class="s2">"</span><span class="nv">$WORKERS</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--log-level</span> <span class="s2">"</span><span class="k">${</span><span class="nv">UVICORN_LOG_LEVEL</span><span class="k">:-</span><span class="nv">info</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="s2">"</span><span class="nv">$@</span><span class="s2">"</span> </code></pre> </div> <p><strong>Why 1 worker?</strong> Each Uvicorn worker loads its own copy of the embedding models (~500MB). With 2 workers you're already at 1.3GB for backend alone. On a 4GB VPS with PostgreSQL, Redis and Nginx, 1 worker is the safe choice.</p> <p>FastAPI is async, so 1 worker handles concurrency well — I/O operations (DB, LLM API, Redis) don't block the event loop.</p> <h2> Automated Maintenance with Cron </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># Run: crontab -e → 0 4 * * 0 /opt/my-app/scripts/maintenance.sh</span> <span class="nv">LOG</span><span class="o">=</span><span class="s2">"/var/log/app-maintenance.log"</span> <span class="nb">echo</span> <span class="s2">"=== Maintenance </span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2"> ==="</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> <span class="c"># 1. Clean orphaned Docker images (&gt;7 days)</span> docker image prune <span class="nt">-f</span> <span class="nt">--filter</span> <span class="s2">"until=168h"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> 2&gt;&amp;1 <span class="c"># 2. Clean stopped containers</span> docker container prune <span class="nt">-f</span> <span class="nt">--filter</span> <span class="s2">"until=168h"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> 2&gt;&amp;1 <span class="c"># 3. Check disk usage</span> <span class="nv">DISK_USAGE</span><span class="o">=</span><span class="si">$(</span><span class="nb">df</span> / <span class="nt">--output</span><span class="o">=</span>pcent | <span class="nb">tail</span> <span class="nt">-1</span> | <span class="nb">tr</span> <span class="nt">-dc</span> <span class="s1">'0-9'</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$DISK_USAGE</span><span class="s2">"</span> <span class="nt">-gt</span> 80 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"ALERT: Disk at </span><span class="k">${</span><span class="nv">DISK_USAGE</span><span class="k">}</span><span class="s2">%"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># 4. Check memory</span> <span class="nv">MEM_USAGE</span><span class="o">=</span><span class="si">$(</span>free | <span class="nb">awk</span> <span class="s1">'/Mem:/ {printf("%.0f"), $3/$2 * 100}'</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$MEM_USAGE</span><span class="s2">"</span> <span class="nt">-gt</span> 90 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"ALERT: RAM at </span><span class="k">${</span><span class="nv">MEM_USAGE</span><span class="k">}</span><span class="s2">%"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># 5. Container status</span> docker ps <span class="nt">--format</span> <span class="s2">"table {{.Names}}</span><span class="se">\t</span><span class="s2">{{.Status}}</span><span class="se">\t</span><span class="s2">{{.Size}}"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> <span class="c"># 6. Backup inventory</span> <span class="nv">BACKUP_COUNT</span><span class="o">=</span><span class="si">$(</span><span class="nb">ls</span> /opt/my-app/backups/db/<span class="k">*</span>.gz 2&gt;/dev/null | <span class="nb">wc</span> <span class="nt">-l</span><span class="si">)</span> <span class="nv">LATEST</span><span class="o">=</span><span class="si">$(</span><span class="nb">ls</span> <span class="nt">-t</span> /opt/my-app/backups/db/<span class="k">*</span>.gz 2&gt;/dev/null | <span class="nb">head</span> <span class="nt">-1</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"Backups: </span><span class="nv">$BACKUP_COUNT</span><span class="s2"> files. Latest: </span><span class="nv">$LATEST</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"=== Done ==="</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> </code></pre> </div> <p>This runs every Sunday at 4am. It cleans Docker garbage, checks disk and RAM, and logs everything. Simple but effective — it saved me twice from running out of disk due to accumulated Docker images.</p> <h2> Cloudflare + SSL: The Configuration </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Internet → Cloudflare (proxy) → VPS (Nginx 443) → Docker containers </code></pre> </div> <h3> Setup </h3> <ol> <li> <strong>DNS on Cloudflare</strong>: A record pointing to VPS, proxy enabled (orange cloud)</li> <li> <strong>SSL on Cloudflare</strong>: "Full (strict)" — encrypts both browser→Cloudflare and Cloudflare→VPS</li> <li> <strong>Origin certificate</strong>: Generated in Cloudflare Dashboard → SSL/TLS → Origin Server → Create Certificate</li> <li> <strong>On the VPS</strong>: Copy the certificate and key to <code>/etc/ssl/certs/origin.pem</code> and <code>/etc/ssl/private/origin.key</code> </li> </ol> <p><strong>Why not Let's Encrypt?</strong> With Cloudflare proxy enabled, Let's Encrypt can't verify the domain via HTTP challenge (Cloudflare intercepts). Cloudflare origin certificates last 15 years and are configured in 2 minutes.</p> <h3> Bonus: Cloudflare as Free CDN </h3> <p>With the proxy enabled, Cloudflare automatically caches static assets (JS, CSS, images). The VPS only receives API requests and HTML. This significantly reduces server traffic.</p> <h2> RAM Distribution </h2> <p>Here's how it looks on a 4GB VPS:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌──────────────────────────────────────────┐ │ 4GB RAM Total │ ├──────────────────────────────────────────┤ │ OS + Docker Engine ~400MB │ │ PostgreSQL ~200-400MB │ │ Backend (1 worker) ~800MB-1.2GB │ │ Redis ≤64MB │ │ Nginx + Frontend ~30MB │ │ Free / Buffer ~1.5-2GB │ ├──────────────────────────────────────────┤ │ Swap (2GB) emergency │ └──────────────────────────────────────────┘ </code></pre> </div> <p>The ~1.5-2GB free are for:</p> <ul> <li>OS filesystem cache (helps PostgreSQL)</li> <li>Traffic spikes</li> <li>Maintenance operations (backups, builds)</li> </ul> <p><strong>Tip</strong>: Always configure swap (2GB) as a safety net. Without swap, the OOM killer terminates processes without warning when RAM fills up.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>fallocate <span class="nt">-l</span> 2G /swapfile <span class="nb">chmod </span>600 /swapfile mkswap /swapfile swapon /swapfile <span class="nb">echo</span> <span class="s1">'/swapfile none swap sw 0 0'</span> <span class="o">&gt;&gt;</span> /etc/fstab </code></pre> </div> <h2> Security Checklist </h2> <p>Before considering the deploy "ready":</p> <ul> <li>[x] <strong>Docker ports on localhost only</strong> (<code>127.0.0.1:port:port</code>)</li> <li>[x] <strong>Firewall active</strong> (<code>ufw allow 22,80,443/tcp &amp;&amp; ufw enable</code>)</li> <li>[x] <strong>SSH key-only</strong> (disable password auth in <code>/etc/ssh/sshd_config</code>)</li> <li>[x] <strong>.env.production</strong> outside the repo (<code>.gitignore</code>)</li> <li>[x] <strong>Secrets never in compose files</strong> (use <code>env_file</code> reference)</li> <li>[x] <strong>DB without external port</strong> (only accessible via Docker network)</li> <li>[x] <strong>Automated backups</strong> with periodic verification</li> <li>[x] <strong>Health check</strong> in the deploy script</li> <li>[x] <strong>Swap configured</strong> to prevent OOM kills</li> </ul> <h2> Real Numbers </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>Build time (backend)</td> <td>~3-4 min (first time), ~1 min (cached)</td> </tr> <tr> <td>Build time (frontend)</td> <td>~30s</td> </tr> <tr> <td>Full deploy time</td> <td>~2-3 min</td> </tr> <tr> <td>Visible downtime</td> <td>0s (maintenance page during rebuild)</td> </tr> <tr> <td>Backend image size</td> <td>~2.1GB (includes PyTorch CPU + models)</td> </tr> <tr> <td>Frontend image size</td> <td>~25MB (nginx + dist)</td> </tr> <tr> <td>Stable RAM usage</td> <td>~2-2.5GB of 4GB</td> </tr> <tr> <td>Monthly cost</td> <td>~$24 (VPS) + $0 (Cloudflare free)</td> </tr> <tr> <td>Uptime last month</td> <td>99.8% (one outage for OS update)</td> </tr> </tbody> </table></div> <h2> Lessons Learned </h2> <h3> 1. Docker + Firewall = Be Careful </h3> <p>Docker modifies iptables directly. If you publish a port without <code>127.0.0.1</code>, <code>ufw deny</code> won't block it. Always use <code>127.0.0.1:</code> in production and let Nginx be the only entry point.</p> <h3> 2. Pre-Download ML Models in the Build </h3> <p>If models download at runtime, the first cold start takes a minute. Worse: if HuggingFace has downtime, your deploy fails. Pre-downloading in the Dockerfile eliminates both problems.</p> <h3> 3. 1 Uvicorn Worker Is Enough (If It's Async) </h3> <p>The temptation is to set 4 workers "just in case". But each one loads ~500MB of models. With async FastAPI, a single worker handles hundreds of concurrent requests. Scale workers only when you have evidence that CPU is the bottleneck.</p> <h3> 4. Maintenance Mode &gt; Zero-Downtime Rolling Deploys </h3> <p>For a single-node VPS, a rolling deploy requires complex orchestration. A 503 page for 15 seconds is infinitely simpler and nobody complains — especially if the health check guarantees automatic deactivation.</p> <h3> 5. PostgreSQL Defaults Are for Dedicated Servers </h3> <p>PostgreSQL defaults assume it has all the RAM to itself. On a shared VPS with 4 other services, not tuning PostgreSQL is a guaranteed OOM kill. <code>shared_buffers</code>, <code>effective_cache_size</code> and <code>max_connections</code> are the first parameters to adjust.</p> <h3> 6. Cloudflare Origin Certs &gt; Let's Encrypt </h3> <p>With proxy enabled, Let's Encrypt is more complicated to configure and renew. Cloudflare origin certs last 15 years, are configured once and forgotten.</p> <h2> What's Next </h2> <ul> <li> <strong>Monitoring with Prometheus + Grafana</strong>: Latency, errors, and resource usage metrics (currently logs + cron only)</li> <li> <strong>Offsite backup</strong>: Copy backups to an S3/R2 bucket instead of storing them only on the same VPS</li> <li> <strong>Blue-green deploys</strong>: When traffic justifies a second VPS</li> <li> <strong>CI/CD with GitHub Actions</strong>: Automate the deploy script (currently a manual <code>./deploy.sh backend</code>)</li> </ul> <h2> Conclusion </h2> <p>Deploying a RAG system isn't like deploying a CRUD app. Embedding models consume real RAM, SSE streaming needs specific Nginx configuration, and PostgreSQL with pgvector needs careful tuning on limited servers.</p> <p>But you also don't need Kubernetes or a $200/month cluster. A $24 VPS with well-configured Docker Compose, Nginx as reverse proxy, and deploy scripts with maintenance mode + health checks is enough to serve thousands of queries per day with consistent latencies.</p> <p>Most importantly: <strong>measure first, scale later</strong>. Starting with 1 worker, 4GB of RAM and basic monitoring gives you all the information you need to make infrastructure decisions based on real data, not estimates.</p> <p><em>This is the second article in the series. The first covers <a href="https://dev.to/tu-usuario/how-i-built-a-production-rag-pipeline-with-fastapi-pgvector-and-cross-encoder-reranking">the RAG pipeline architecture</a>. If it was useful, a like helps it reach more people. Questions about any part of the deploy? Drop a comment.</em></p> docker devops python postgres Martin Palopoli Tue, 24 Mar 2026 13:21:00 +0000 https://dev.to/martin_palopoli/multi-tenancy-real-con-fastapi-y-postgresql-planes-cuotas-y-aislamiento-de-datos-5adh https://dev.to/martin_palopoli/multi-tenancy-real-con-fastapi-y-postgresql-planes-cuotas-y-aislamiento-de-datos-5adh <p>Implementé multi-tenancy real en un motor RAG SaaS: tenants con planes, enforcement de cuotas con contadores atómicos (UPSERT), rate limiting con Redis (sliding window), RBAC con 3 roles, y aislamiento de datos donde <strong>cada query se filtra por tenant_id</strong>. En este artículo comparto la arquitectura completa, las trampas que evité, y el código clave.</p> <h2> Por qué "agregar un tenant_id" no es multi-tenancy </h2> <p>La mayoría de los tutoriales de multi-tenancy se quedan en "agrega una columna tenant_id y filtra en cada query". Eso es el 10% del problema. En producción vas a necesitar:</p> <ul> <li> <strong>Planes con límites reales</strong> que no se puedan burlar con requests concurrentes</li> <li> <strong>Contadores atómicos</strong> que no pierdan incrementos bajo carga</li> <li> <strong>Rate limiting</strong> que sobreviva a reinicios del servidor</li> <li> <strong>Roles</strong> que restrinjan acciones, no solo visibilidad</li> <li> <strong>Aislamiento real</strong> donde un bug en un service no exponga datos de otro tenant</li> <li> <strong>Billing cycles</strong> que se reinicien correctamente cada mes</li> </ul> <p>Este artículo muestra cómo resolví cada uno en un sistema real con FastAPI async y PostgreSQL.</p> <h2> El stack </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Componente</th> <th>Tecnología</th> </tr> </thead> <tbody> <tr> <td>Backend</td> <td>Python 3.12 + FastAPI (100% async)</td> </tr> <tr> <td>Base de datos</td> <td>PostgreSQL 16</td> </tr> <tr> <td>ORM</td> <td>SQLAlchemy async + Alembic</td> </tr> <tr> <td>Cache/Rate limit</td> <td>Redis 7</td> </tr> <tr> <td>Auth</td> <td>JWT (access 30min, refresh 7d con rotación)</td> </tr> <tr> <td>Passwords</td> <td>bcrypt (via passlib)</td> </tr> </tbody> </table></div> <h2> Diseño de base de datos </h2> <h3> Las 4 tablas fundamentales </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌──────────────┐ ┌──────────────┐ │ plans │ │ tenants │ ├──────────────┤ ├──────────────┤ │ id (UUID) │◄────│ plan_id (FK) │ │ name │ │ id (UUID) │ │ slug │ │ name │ │ max_users │ │ slug (unique)│ │ max_kbs │ │ is_active │ │ max_documents│ │ plan_started │ │ max_storage │ │ created_at │ │ max_messages │ └──────┬───────┘ │ max_tokens │ │ │ max_api_keys │ ┌──────┴───────┐ │ price_monthly│ │ users │ │ max_concurrent│ ├──────────────┤ └──────────────┘ │ id (UUID) │ │ tenant_id(FK)│ │ email │ │ role (enum) │ │ is_active │ └──────────────┘ ┌───────────────────────┐ │ tenant_monthly_usage │ ├───────────────────────┤ │ id (UUID) │ │ tenant_id (FK) │ │ billing_period (str) │ │ messages_count (int) │ │ tokens_used (bigint) │ │ UNIQUE(tenant_id, │ │ billing_period) │ └───────────────────────┘ </code></pre> </div> <h3> Modelo del Plan </h3> <p>Cada plan define <strong>todos</strong> los límites que el sistema va a enforcar:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Plan</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">plans</span><span class="sh">"</span> <span class="nb">id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">name</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">slug</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">50</span><span class="p">),</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">max_users</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">3</span><span class="p">)</span> <span class="n">max_concurrent</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">2</span><span class="p">)</span> <span class="n">max_kbs</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">3</span><span class="p">)</span> <span class="n">max_documents</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">20</span><span class="p">)</span> <span class="n">max_storage_mb</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">200</span><span class="p">)</span> <span class="n">max_messages_month</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">500</span><span class="p">)</span> <span class="n">max_tokens_month</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">BigInteger</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">200000</span><span class="p">)</span> <span class="n">max_api_keys</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">1</span><span class="p">)</span> <span class="n">price_monthly</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">float</span> <span class="o">|</span> <span class="bp">None</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">Numeric</span><span class="p">(</span><span class="mi">10</span><span class="p">,</span> <span class="mi">2</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">is_active</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p><strong>Decisión clave: <code>-1</code> significa ilimitado.</strong> En vez de tener un booleano <code>is_unlimited</code> por cada recurso, uso <code>-1</code> como convención. Simplifica todas las comparaciones:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">if</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_users</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">:</span> <span class="k">return</span> <span class="c1"># Ilimitado, no verificar </span></code></pre> </div> <h3> Modelo del Tenant </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">Tenant</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tenants</span><span class="sh">"</span> <span class="nb">id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">name</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">255</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">slug</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">100</span><span class="p">),</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">is_active</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">plan_id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span> <span class="o">|</span> <span class="bp">None</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">plans.id</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span> <span class="p">)</span> <span class="n">plan_started_at</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">datetime</span> <span class="o">|</span> <span class="bp">None</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">DateTime</span><span class="p">(</span><span class="n">timezone</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">None</span> <span class="p">)</span> <span class="n">notification_preferences</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">dict</span> <span class="o">|</span> <span class="bp">None</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">JSONB</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p><code>plan_started_at</code> es crucial: define el <strong>ancla del ciclo de billing</strong>. Cuando un tenant pasa de Free a un plan pago, se resetea al momento del pago. Esto determina cuándo se reinician los contadores mensuales.</p> <h3> Modelo del Usuario </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">UserRole</span><span class="p">(</span><span class="nb">str</span><span class="p">,</span> <span class="n">PyEnum</span><span class="p">):</span> <span class="n">SUPER_ADMIN</span> <span class="o">=</span> <span class="sh">"</span><span class="s">super_admin</span><span class="sh">"</span> <span class="n">TENANT_ADMIN</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tenant_admin</span><span class="sh">"</span> <span class="n">MEMBER</span> <span class="o">=</span> <span class="sh">"</span><span class="s">member</span><span class="sh">"</span> <span class="k">class</span> <span class="nc">User</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">users</span><span class="sh">"</span> <span class="nb">id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">email</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">255</span><span class="p">),</span> <span class="n">unique</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">hashed_password</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">255</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">full_name</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">255</span><span class="p">),</span> <span class="n">default</span><span class="o">=</span><span class="sh">""</span><span class="p">)</span> <span class="n">role</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">UserRole</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">Enum</span><span class="p">(</span><span class="n">UserRole</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">"</span><span class="s">user_role</span><span class="sh">"</span><span class="p">,</span> <span class="n">values_callable</span><span class="o">=</span><span class="k">lambda</span> <span class="n">e</span><span class="p">:</span> <span class="p">[</span><span class="n">x</span><span class="p">.</span><span class="n">value</span> <span class="k">for</span> <span class="n">x</span> <span class="ow">in</span> <span class="n">e</span><span class="p">]),</span> <span class="n">default</span><span class="o">=</span><span class="n">UserRole</span><span class="p">.</span><span class="n">MEMBER</span><span class="p">,</span> <span class="p">)</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tenants.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span> <span class="p">)</span> <span class="n">is_active</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">email_verified</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">bool</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Boolean</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> </code></pre> </div> <p><strong>Un usuario pertenece a exactamente un tenant.</strong> No hay usuarios multi-tenant. Si necesitás que alguien acceda a dos organizaciones, crea dos cuentas. Simplifica enormemente el modelo de permisos.</p> <h2> RBAC: 3 roles, 0 ambiguedad </h2> <h3> Los roles </h3> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Rol</th> <th>Alcance</th> <th>Puede hacer</th> </tr> </thead> <tbody> <tr> <td><code>super_admin</code></td> <td>Plataforma</td> <td>Ver todos los tenants, cambiar planes, ver métricas globales</td> </tr> <tr> <td><code>tenant_admin</code></td> <td>Su tenant</td> <td>CRUD de KBs, documentos, FAQs, invitar usuarios, ver analytics</td> </tr> <tr> <td><code>member</code></td> <td>Su tenant (restringido)</td> <td>Chat, ver KBs asignadas, feedback</td> </tr> </tbody> </table></div> <h3> Dependency injection para autorización </h3> <p>FastAPI tiene un sistema de dependencias que es perfecto para RBAC. Creé un factory de dependencias:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">Depends</span> <span class="kn">from</span> <span class="n">fastapi.security</span> <span class="kn">import</span> <span class="n">OAuth2PasswordBearer</span> <span class="n">oauth2_scheme</span> <span class="o">=</span> <span class="nc">OAuth2PasswordBearer</span><span class="p">(</span><span class="n">tokenUrl</span><span class="o">=</span><span class="sh">"</span><span class="s">/api/v1/auth/login</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">get_current_user</span><span class="p">(</span> <span class="n">token</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">oauth2_scheme</span><span class="p">),</span> <span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="p">):</span> <span class="n">payload</span> <span class="o">=</span> <span class="nf">decode_access_token</span><span class="p">(</span><span class="n">token</span><span class="p">)</span> <span class="n">user_id</span> <span class="o">=</span> <span class="n">payload</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">sub</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user_id</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">Token payload invalido</span><span class="sh">"</span><span class="p">)</span> <span class="n">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_user_by_id</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">user_id</span><span class="p">))</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">Usuario no encontrado</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span><span class="p">.</span><span class="n">is_active</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">Cuenta desactivada</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Verificar que el tenant esté activo (super_admin bypasses) </span> <span class="k">if</span> <span class="n">user</span><span class="p">.</span><span class="n">role</span> <span class="o">!=</span> <span class="n">UserRole</span><span class="p">.</span><span class="n">SUPER_ADMIN</span><span class="p">:</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">Tenant</span><span class="p">,</span> <span class="n">user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">tenant</span> <span class="ow">or</span> <span class="ow">not</span> <span class="n">tenant</span><span class="p">.</span><span class="n">is_active</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">Tenant desactivado</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">user</span> </code></pre> </div> <p><strong>Detalle sutil</strong>: el <code>super_admin</code> bypasea la verificación de tenant activo. Si desactivamos un tenant malicioso, el super_admin todavía puede entrar a investigar.</p> <h3> Factory para restricción por rol </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">require_role</span><span class="p">(</span><span class="o">*</span><span class="n">roles</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Dependency factory: restringe endpoint a roles específicos.</span><span class="sh">"""</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">_check</span><span class="p">(</span><span class="n">current_user</span><span class="o">=</span><span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">)):</span> <span class="k">if</span> <span class="n">current_user</span><span class="p">.</span><span class="n">role</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">roles</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ForbiddenException</span><span class="p">(</span><span class="sh">"</span><span class="s">No tienes permisos para esta accion</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="n">current_user</span> <span class="k">return</span> <span class="n">_check</span> <span class="c1"># Shortcuts </span><span class="k">def</span> <span class="nf">require_super_admin</span><span class="p">():</span> <span class="k">return</span> <span class="nf">require_role</span><span class="p">(</span><span class="n">UserRole</span><span class="p">.</span><span class="n">SUPER_ADMIN</span><span class="p">)</span> <span class="k">def</span> <span class="nf">require_tenant_admin_or_above</span><span class="p">():</span> <span class="k">return</span> <span class="nf">require_role</span><span class="p">(</span><span class="n">UserRole</span><span class="p">.</span><span class="n">SUPER_ADMIN</span><span class="p">,</span> <span class="n">UserRole</span><span class="p">.</span><span class="n">TENANT_ADMIN</span><span class="p">)</span> </code></pre> </div> <p>Uso en los endpoints:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/tenants</span><span class="sh">"</span><span class="p">,</span> <span class="n">response_model</span><span class="o">=</span><span class="nb">list</span><span class="p">[</span><span class="n">TenantResponse</span><span class="p">])</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">list_tenants</span><span class="p">(</span> <span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_db</span><span class="p">),</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">User</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="n">get_current_user</span><span class="p">),</span> <span class="p">):</span> <span class="k">if</span> <span class="n">current_user</span><span class="p">.</span><span class="n">role</span> <span class="o">!=</span> <span class="n">UserRole</span><span class="p">.</span><span class="n">SUPER_ADMIN</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ForbiddenException</span><span class="p">(</span><span class="sh">"</span><span class="s">Solo super_admin puede listar todos los tenants</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="k">await</span> <span class="n">tenant_service</span><span class="p">.</span><span class="nf">list_tenants</span><span class="p">(</span><span class="n">db</span><span class="p">)</span> <span class="nd">@router.put</span><span class="p">(</span><span class="sh">"</span><span class="s">/{kb_id}/access</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">update_kb_access</span><span class="p">(</span> <span class="n">kb_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">KBAccessConfig</span><span class="p">,</span> <span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span> <span class="o">=</span> <span class="nc">Depends</span><span class="p">(</span><span class="nf">require_tenant_admin_or_above</span><span class="p">()),</span> <span class="p">):</span> <span class="c1"># Solo tenant_admin o super_admin llegan acá </span> <span class="bp">...</span> </code></pre> </div> <h2> Aislamiento de datos: tenant_id en todo </h2> <h3> El patrón </h3> <p><strong>Cada tabla que contiene datos de usuario tiene una columna <code>tenant_id</code></strong> (directa o transitiva). No hay excepciones.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">KnowledgeBase</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">knowledge_bases</span><span class="sh">"</span> <span class="c1"># ... </span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tenants.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span> <span class="p">)</span> <span class="k">class</span> <span class="nc">ApiKey</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">api_keys</span><span class="sh">"</span> <span class="c1"># ... </span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tenants.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span> <span class="p">)</span> </code></pre> </div> <h3> Filtrado en cada service </h3> <p>Cada función que lista o busca datos filtra por <code>tenant_id</code> del usuario autenticado:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">list_knowledge_bases</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">user</span><span class="p">:</span> <span class="n">User</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">]:</span> <span class="n">stmt</span> <span class="o">=</span> <span class="p">(</span> <span class="nf">select</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">,</span> <span class="n">func</span><span class="p">.</span><span class="nf">count</span><span class="p">(</span><span class="n">Document</span><span class="p">.</span><span class="nb">id</span><span class="p">).</span><span class="nf">label</span><span class="p">(</span><span class="sh">"</span><span class="s">document_count</span><span class="sh">"</span><span class="p">))</span> <span class="p">.</span><span class="nf">outerjoin</span><span class="p">(</span><span class="n">Document</span><span class="p">,</span> <span class="n">Document</span><span class="p">.</span><span class="n">knowledge_base_id</span> <span class="o">==</span> <span class="n">KnowledgeBase</span><span class="p">.</span><span class="nb">id</span><span class="p">)</span> <span class="p">)</span> <span class="k">if</span> <span class="n">user</span><span class="p">.</span><span class="n">role</span> <span class="o">==</span> <span class="n">UserRole</span><span class="p">.</span><span class="n">SUPER_ADMIN</span><span class="p">:</span> <span class="c1"># Super admin ve solo sus propias KBs + system KBs </span> <span class="n">stmt</span> <span class="o">=</span> <span class="n">stmt</span><span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">or_</span><span class="p">(</span> <span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">tenant_id</span> <span class="o">==</span> <span class="n">user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">,</span> <span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">is_system</span> <span class="o">==</span> <span class="bp">True</span><span class="p">,</span> <span class="p">))</span> <span class="k">else</span><span class="p">:</span> <span class="n">stmt</span> <span class="o">=</span> <span class="n">stmt</span><span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">or_</span><span class="p">(</span> <span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">tenant_id</span> <span class="o">==</span> <span class="n">user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">,</span> <span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">is_system</span> <span class="o">==</span> <span class="bp">True</span><span class="p">,</span> <span class="p">))</span> <span class="c1"># Para members, aplicar filtro de acceso </span> <span class="n">access_filter</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_accessible_kb_filter</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">if</span> <span class="n">access_filter</span> <span class="ow">is</span> <span class="ow">not</span> <span class="bp">None</span><span class="p">:</span> <span class="n">stmt</span> <span class="o">=</span> <span class="n">stmt</span><span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="nf">or_</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">is_system</span> <span class="o">==</span> <span class="bp">True</span><span class="p">,</span> <span class="n">access_filter</span><span class="p">))</span> <span class="n">stmt</span> <span class="o">=</span> <span class="n">stmt</span><span class="p">.</span><span class="nf">group_by</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">.</span><span class="nb">id</span><span class="p">).</span><span class="nf">order_by</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">created_at</span><span class="p">.</span><span class="nf">desc</span><span class="p">())</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">stmt</span><span class="p">)</span> <span class="c1"># ... </span></code></pre> </div> <p><strong>Leccion importante</strong>: el <code>super_admin</code> NO ve los datos de otros tenants. Es el operador de la plataforma. Ve estadisticas agregadas (total tenants, revenue, etc.) pero no puede leer las conversaciones ni KBs de otros. Esto fue una decision deliberada de privacidad.</p> <h3> Acceso granular a KBs </h3> <p>Dentro de un mismo tenant, no todos los miembros ven todas las KBs. Hay un sistema de control de acceso:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">_check_kb_access</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">kb</span><span class="p">:</span> <span class="n">KnowledgeBase</span><span class="p">,</span> <span class="n">user</span><span class="p">:</span> <span class="n">User</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">has_access</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">user_can_access_kb</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">user</span><span class="p">,</span> <span class="n">kb</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">has_access</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ForbiddenException</span><span class="p">(</span><span class="sh">"</span><span class="s">No tienes acceso a esta base de conocimiento</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <p>Las KBs pueden ser:</p> <ul> <li> <strong>Publicas dentro del tenant</strong>: todos los miembros las ven</li> <li> <strong>Privadas</strong>: solo miembros asignados via grupos las ven</li> <li> <strong>System</strong>: KBs del sistema, visibles para todos, solo modificables por super_admin</li> </ul> <h3> CASCADE: borrado limpio </h3> <p>Todas las foreign keys usan <code>ondelete="CASCADE"</code>. Cuando se borra un tenant, <strong>todo</strong> se borra en cascada: usuarios, KBs, documentos, chunks, conversaciones, API keys, usage logs. Una sola operacion:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">delete_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">current_user</span><span class="p">:</span> <span class="n">User</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span><span class="p">:</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># Safety checks </span> <span class="k">if</span> <span class="n">current_user</span><span class="p">.</span><span class="n">tenant_id</span> <span class="o">==</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">BadRequestException</span><span class="p">(</span><span class="sh">"</span><span class="s">No puedes eliminar tu propio tenant</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">tenant</span><span class="p">.</span><span class="n">slug</span> <span class="o">==</span> <span class="sh">"</span><span class="s">system-tenant</span><span class="sh">"</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ForbiddenException</span><span class="p">(</span><span class="sh">"</span><span class="s">No se puede eliminar el tenant del sistema</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># 1. Cancelar suscripcion activa </span> <span class="k">try</span><span class="p">:</span> <span class="k">await</span> <span class="nf">admin_cancel_subscription</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">immediate</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">except</span> <span class="n">NotFoundException</span><span class="p">:</span> <span class="k">pass</span> <span class="c1"># 2. Limpiar cache Redis </span> <span class="n">redis</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">redis</span><span class="p">:</span> <span class="n">keys</span> <span class="o">=</span> <span class="k">await</span> <span class="n">redis</span><span class="p">.</span><span class="nf">keys</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">*:</span><span class="si">{</span><span class="n">tenant_id</span><span class="si">}</span><span class="s">:*</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">keys</span><span class="p">:</span> <span class="k">await</span> <span class="n">redis</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="o">*</span><span class="n">keys</span><span class="p">)</span> <span class="c1"># 3. DELETE → CASCADE hace el resto </span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="n">tenant</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <h2> Plan enforcement: contadores atomicos con UPSERT </h2> <h3> El problema </h3> <p>Imaginate que un tenant en plan Free tiene limite de 50 mensajes/mes. Dos usuarios mandan un mensaje al mismo tiempo. Si hacés <code>SELECT count → check → INSERT</code>, tenés una race condition: ambos leen 49, ambos pasan el check, ambos insertan. Ahora hay 51.</p> <h3> La solucion: UPSERT atomico </h3> <p>La tabla <code>tenant_monthly_usage</code> usa un constraint UNIQUE en <code>(tenant_id, billing_period)</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">TenantMonthlyUsage</span><span class="p">(</span><span class="n">Base</span><span class="p">):</span> <span class="n">__tablename__</span> <span class="o">=</span> <span class="sh">"</span><span class="s">tenant_monthly_usage</span><span class="sh">"</span> <span class="nb">id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="n">primary_key</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="n">uuid</span><span class="p">.</span><span class="n">uuid4</span><span class="p">)</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="n">uuid</span><span class="p">.</span><span class="n">UUID</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span> <span class="nc">UUID</span><span class="p">(</span><span class="n">as_uuid</span><span class="o">=</span><span class="bp">True</span><span class="p">),</span> <span class="nc">ForeignKey</span><span class="p">(</span><span class="sh">"</span><span class="s">tenants.id</span><span class="sh">"</span><span class="p">,</span> <span class="n">ondelete</span><span class="o">=</span><span class="sh">"</span><span class="s">CASCADE</span><span class="sh">"</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span> <span class="p">)</span> <span class="n">billing_period</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">str</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="nc">String</span><span class="p">(</span><span class="mi">10</span><span class="p">),</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">)</span> <span class="n">messages_count</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">Integer</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">0</span><span class="p">)</span> <span class="n">tokens_used</span><span class="p">:</span> <span class="n">Mapped</span><span class="p">[</span><span class="nb">int</span><span class="p">]</span> <span class="o">=</span> <span class="nf">mapped_column</span><span class="p">(</span><span class="n">BigInteger</span><span class="p">,</span> <span class="n">nullable</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="n">default</span><span class="o">=</span><span class="mi">0</span><span class="p">)</span> <span class="n">__table_args__</span> <span class="o">=</span> <span class="p">(</span> <span class="nc">UniqueConstraint</span><span class="p">(</span><span class="sh">"</span><span class="s">tenant_id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">billing_period</span><span class="sh">"</span><span class="p">,</span> <span class="n">name</span><span class="o">=</span><span class="sh">"</span><span class="s">uq_tenant_billing_usage</span><span class="sh">"</span><span class="p">),</span> <span class="p">)</span> </code></pre> </div> <p>El incremento usa <code>INSERT ... ON CONFLICT DO UPDATE</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">increment_message_count</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">anchor</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">_get_billing_anchor</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="n">bp</span> <span class="o">=</span> <span class="nf">_get_billing_period_key</span><span class="p">(</span><span class="n">anchor</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nf">text</span><span class="p">(</span><span class="sh">"""</span><span class="s"> INSERT INTO tenant_monthly_usage (id, tenant_id, billing_period, messages_count, tokens_used) VALUES (gen_random_uuid(), :tid, :bp, 1, 0) ON CONFLICT (tenant_id, billing_period) DO UPDATE SET messages_count = tenant_monthly_usage.messages_count + 1, updated_at = now() </span><span class="sh">"""</span><span class="p">),</span> <span class="p">{</span><span class="sh">"</span><span class="s">tid</span><span class="sh">"</span><span class="p">:</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">bp</span><span class="sh">"</span><span class="p">:</span> <span class="n">bp</span><span class="p">})</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <p><strong>¿Por qué esto funciona?</strong> PostgreSQL ejecuta el <code>INSERT ... ON CONFLICT DO UPDATE</code> de forma atómica. No hay ventana de race condition. Si dos requests llegan al mismo tiempo, uno hara INSERT y el otro hara UPDATE, pero el contador siempre será correcto.</p> <p><strong>Detalle anti-fraude</strong>: los contadores <strong>solo incrementan</strong>. No hay endpoint para decrementar. No hay forma de que un usuario manipule su usage. La unica forma de "resetear" es que cambie el billing period (es decir, que pase un mes).</p> <h3> Calculo del billing period </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_get_billing_period_key</span><span class="p">(</span><span class="n">anchor</span><span class="p">:</span> <span class="n">datetime</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">now</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">timezone</span><span class="p">.</span><span class="n">utc</span><span class="p">)</span> <span class="n">billing_day</span> <span class="o">=</span> <span class="n">anchor</span><span class="p">.</span><span class="n">day</span> <span class="c1"># Clamping: si el anchor es dia 31 y estamos en febrero (28 dias), </span> <span class="c1"># el billing day efectivo es 28 </span> <span class="n">max_day</span> <span class="o">=</span> <span class="n">calendar</span><span class="p">.</span><span class="nf">monthrange</span><span class="p">(</span><span class="n">now</span><span class="p">.</span><span class="n">year</span><span class="p">,</span> <span class="n">now</span><span class="p">.</span><span class="n">month</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="n">effective_day</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="n">billing_day</span><span class="p">,</span> <span class="n">max_day</span><span class="p">)</span> <span class="k">if</span> <span class="n">now</span><span class="p">.</span><span class="n">day</span> <span class="o">&gt;=</span> <span class="n">effective_day</span><span class="p">:</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">now</span><span class="p">.</span><span class="n">year</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">now</span><span class="p">.</span><span class="n">month</span><span class="si">:</span><span class="mi">02</span><span class="n">d</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">effective_day</span><span class="si">:</span><span class="mi">02</span><span class="n">d</span><span class="si">}</span><span class="sh">"</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># El periodo actual empezo el mes pasado </span> <span class="k">if</span> <span class="n">now</span><span class="p">.</span><span class="n">month</span> <span class="o">==</span> <span class="mi">1</span><span class="p">:</span> <span class="n">prev_year</span><span class="p">,</span> <span class="n">prev_month</span> <span class="o">=</span> <span class="n">now</span><span class="p">.</span><span class="n">year</span> <span class="o">-</span> <span class="mi">1</span><span class="p">,</span> <span class="mi">12</span> <span class="k">else</span><span class="p">:</span> <span class="n">prev_year</span><span class="p">,</span> <span class="n">prev_month</span> <span class="o">=</span> <span class="n">now</span><span class="p">.</span><span class="n">year</span><span class="p">,</span> <span class="n">now</span><span class="p">.</span><span class="n">month</span> <span class="o">-</span> <span class="mi">1</span> <span class="n">max_day_prev</span> <span class="o">=</span> <span class="n">calendar</span><span class="p">.</span><span class="nf">monthrange</span><span class="p">(</span><span class="n">prev_year</span><span class="p">,</span> <span class="n">prev_month</span><span class="p">)[</span><span class="mi">1</span><span class="p">]</span> <span class="n">effective_day_prev</span> <span class="o">=</span> <span class="nf">min</span><span class="p">(</span><span class="n">billing_day</span><span class="p">,</span> <span class="n">max_day_prev</span><span class="p">)</span> <span class="k">return</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">prev_year</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">prev_month</span><span class="si">:</span><span class="mi">02</span><span class="n">d</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">effective_day_prev</span><span class="si">:</span><span class="mi">02</span><span class="n">d</span><span class="si">}</span><span class="sh">"</span> </code></pre> </div> <p><strong>¿Por qué es complicado?</strong> Porque los meses no tienen la misma cantidad de dias. Si un tenant pagó el 31 de enero, su siguiente ciclo no empieza el 31 de febrero (no existe). El clamping maneja esto.</p> <h3> Verificacion de limites </h3> <p>Antes de ejecutar el pipeline RAG, verifico los limites:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">check_message_limit</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">plan</span><span class="p">,</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">_get_plan_and_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">plan</span><span class="p">:</span> <span class="k">return</span> <span class="k">if</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">:</span> <span class="k">return</span> <span class="c1"># Ilimitado </span> <span class="n">usage</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_monthly_usage</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">messages_month</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">PlanLimitException</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Limite de mensajes mensuales alcanzado </span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">(</span><span class="si">{</span><span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span><span class="si">}</span><span class="s"> max para plan </span><span class="si">{</span><span class="n">plan</span><span class="p">.</span><span class="n">name</span><span class="si">}</span><span class="s">)</span><span class="sh">"</span> <span class="p">)</span> </code></pre> </div> <p><strong>PlanLimitException</strong> devuelve HTTP 403, no 429. Es una restriccion de plan, no de rate limiting. El frontend distingue entre "pagá mas" (403) y "esperá un rato" (429).</p> <h3> Limites en todos los recursos </h3> <p>No solo mensajes. Cada recurso tiene su check:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Antes de crear un usuario </span><span class="k">await</span> <span class="nf">check_user_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># Antes de crear una KB </span><span class="k">await</span> <span class="nf">check_kb_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># Antes de subir un documento </span><span class="k">await</span> <span class="nf">check_document_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">await</span> <span class="nf">check_storage_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">new_file_size_bytes</span><span class="o">=</span><span class="n">file_size</span><span class="p">)</span> <span class="c1"># Antes de crear una API key </span><span class="k">await</span> <span class="nf">check_api_key_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># Antes de enviar un mensaje al LLM </span><span class="k">await</span> <span class="nf">check_message_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">await</span> <span class="nf">check_concurrent_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> </code></pre> </div> <p>El patron es siempre el mismo:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">check_kb_limit</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">tenant</span><span class="p">.</span><span class="n">plan_id</span><span class="p">:</span> <span class="k">return</span> <span class="n">plan</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">Plan</span><span class="p">,</span> <span class="n">tenant</span><span class="p">.</span><span class="n">plan_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">plan</span> <span class="ow">or</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_kbs</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span><span class="p">:</span> <span class="k">return</span> <span class="n">stmt</span> <span class="o">=</span> <span class="nf">select</span><span class="p">(</span><span class="n">func</span><span class="p">.</span><span class="nf">count</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">.</span><span class="nb">id</span><span class="p">)).</span><span class="nf">where</span><span class="p">(</span><span class="n">KnowledgeBase</span><span class="p">.</span><span class="n">tenant_id</span> <span class="o">==</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">stmt</span><span class="p">)</span> <span class="n">current_count</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">scalar</span><span class="p">()</span> <span class="ow">or</span> <span class="mi">0</span> <span class="k">if</span> <span class="n">current_count</span> <span class="o">&gt;=</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_kbs</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">PlanLimitException</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Limite de bases de conocimiento alcanzado (</span><span class="si">{</span><span class="n">plan</span><span class="p">.</span><span class="n">max_kbs</span><span class="si">}</span><span class="s"> max)</span><span class="sh">"</span> <span class="p">)</span> </code></pre> </div> <h2> Rate limiting con Redis: sliding window </h2> <h3> Por que Redis y no PostgreSQL </h3> <p>Los contadores de billing period estan en PostgreSQL porque necesitan durabilidad. El rate limiting esta en Redis porque necesita <strong>velocidad</strong> y <strong>TTL automatico</strong>.</p> <p>Si el servidor se reinicia a mitad de un stream, no quiero un contador "fantasma" en PostgreSQL que bloquee al tenant. Redis con TTL se limpia solo.</p> <h3> Sliding window con sorted sets </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">time</span> <span class="kn">import</span> <span class="n">redis.asyncio</span> <span class="k">as</span> <span class="n">redis</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">is_allowed</span><span class="p">(</span><span class="n">key</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">max_requests</span><span class="p">:</span> <span class="nb">int</span><span class="p">,</span> <span class="n">window_seconds</span><span class="p">:</span> <span class="nb">int</span> <span class="o">=</span> <span class="mi">60</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">client</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="c1"># Fail-open </span> <span class="n">redis_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">ratelimit:</span><span class="si">{</span><span class="n">key</span><span class="si">}</span><span class="sh">"</span> <span class="n">now</span> <span class="o">=</span> <span class="n">time</span><span class="p">.</span><span class="nf">time</span><span class="p">()</span> <span class="n">cutoff</span> <span class="o">=</span> <span class="n">now</span> <span class="o">-</span> <span class="n">window_seconds</span> <span class="k">try</span><span class="p">:</span> <span class="n">pipe</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">pipeline</span><span class="p">()</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">zremrangebyscore</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="mi">0</span><span class="p">,</span> <span class="n">cutoff</span><span class="p">)</span> <span class="c1"># Limpiar expirados </span> <span class="n">pipe</span><span class="p">.</span><span class="nf">zcard</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="c1"># Contar actuales </span> <span class="n">pipe</span><span class="p">.</span><span class="nf">zadd</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="p">{</span><span class="nf">str</span><span class="p">(</span><span class="n">now</span><span class="p">):</span> <span class="n">now</span><span class="p">})</span> <span class="c1"># Agregar este request </span> <span class="n">pipe</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="n">window_seconds</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="c1"># TTL safety net </span> <span class="n">results</span> <span class="o">=</span> <span class="k">await</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">execute</span><span class="p">()</span> <span class="n">current_count</span> <span class="o">=</span> <span class="n">results</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span> <span class="k">if</span> <span class="n">current_count</span> <span class="o">&gt;=</span> <span class="n">max_requests</span><span class="p">:</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">zrem</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="nf">str</span><span class="p">(</span><span class="n">now</span><span class="p">))</span> <span class="c1"># Rollback </span> <span class="k">return</span> <span class="bp">False</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="c1"># Fail-open </span></code></pre> </div> <p><strong>¿Por qué sorted sets y no un simple INCR?</strong> Porque necesito una <strong>ventana deslizante</strong>, no una ventana fija. Con INCR, si un usuario manda 60 requests en el segundo 59 del minuto, y 60 mas en el segundo 1 del siguiente minuto, pasaría 120 requests en 2 segundos. Con sorted sets, cada request tiene su timestamp y la ventana se desliza continuamente.</p> <p><strong>¿Por qué fail-open?</strong> Si Redis se cae, prefiero dejar pasar requests (degradacion graciosa) que bloquear a todos los usuarios. Los limites de billing en PostgreSQL siguen activos como red de seguridad.</p> <h3> Concurrencia de streams </h3> <p>Para limitar conexiones SSE simultaneas por tenant, uso un patron diferente: INCR/DECR con TTL de seguridad.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">_CONCURRENT_TTL</span> <span class="o">=</span> <span class="mi">300</span> <span class="c1"># 5 minutos </span> <span class="k">async</span> <span class="k">def</span> <span class="nf">increment_concurrent</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">client</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> <span class="n">redis_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">concurrent:</span><span class="si">{</span><span class="n">tenant_id</span><span class="si">}</span><span class="sh">"</span> <span class="k">try</span><span class="p">:</span> <span class="n">pipe</span> <span class="o">=</span> <span class="n">client</span><span class="p">.</span><span class="nf">pipeline</span><span class="p">()</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">incr</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="n">_CONCURRENT_TTL</span><span class="p">)</span> <span class="n">results</span> <span class="o">=</span> <span class="k">await</span> <span class="n">pipe</span><span class="p">.</span><span class="nf">execute</span><span class="p">()</span> <span class="k">return</span> <span class="n">results</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">decrement_concurrent</span><span class="p">(</span><span class="n">tenant_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">int</span><span class="p">:</span> <span class="n">client</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_redis</span><span class="p">()</span> <span class="k">if</span> <span class="n">client</span> <span class="ow">is</span> <span class="bp">None</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> <span class="n">redis_key</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="s">concurrent:</span><span class="si">{</span><span class="n">tenant_id</span><span class="si">}</span><span class="sh">"</span> <span class="k">try</span><span class="p">:</span> <span class="n">count</span> <span class="o">=</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">decr</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="k">if</span> <span class="n">count</span> <span class="o">&lt;=</span> <span class="mi">0</span><span class="p">:</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">delete</span><span class="p">(</span><span class="n">redis_key</span><span class="p">)</span> <span class="k">return</span> <span class="mi">0</span> <span class="k">await</span> <span class="n">client</span><span class="p">.</span><span class="nf">expire</span><span class="p">(</span><span class="n">redis_key</span><span class="p">,</span> <span class="n">_CONCURRENT_TTL</span><span class="p">)</span> <span class="k">return</span> <span class="n">count</span> <span class="k">except</span> <span class="nb">Exception</span><span class="p">:</span> <span class="k">return</span> <span class="mi">0</span> </code></pre> </div> <p><strong>¿Por qué TTL de 5 minutos?</strong> Si el servidor crashea durante un stream, el DECR nunca se ejecuta y el contador queda inflado. El TTL auto-cura esta situacion: despues de 5 minutos sin actividad, el contador se borra solo.</p> <p>El uso en el endpoint de chat:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="nd">@router.post</span><span class="p">(</span><span class="sh">"</span><span class="s">/conversations/{conv_id}/messages/stream</span><span class="sh">"</span><span class="p">)</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">stream_chat</span><span class="p">(</span><span class="n">conv_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">MessageCreate</span><span class="p">,</span> <span class="p">...):</span> <span class="c1"># Verificar presupuesto LLM (soft check) </span> <span class="n">faq_only_mode</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">is_llm_budget_exhausted</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">current_user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">faq_only_mode</span><span class="p">:</span> <span class="k">await</span> <span class="nf">check_concurrent_limit</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">current_user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">)</span> <span class="c1"># ... preparar pipeline ... </span> <span class="k">async</span> <span class="k">def</span> <span class="nf">event_generator</span><span class="p">():</span> <span class="k">await</span> <span class="nf">increment_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">current_user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">))</span> <span class="k">try</span><span class="p">:</span> <span class="k">async</span> <span class="k">for</span> <span class="n">event</span> <span class="ow">in</span> <span class="nf">_event_generator_inner</span><span class="p">():</span> <span class="k">yield</span> <span class="n">event</span> <span class="k">finally</span><span class="p">:</span> <span class="c1"># SIEMPRE decrementa, incluso si hay error </span> <span class="k">await</span> <span class="nf">decrement_concurrent</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">current_user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">))</span> <span class="k">return</span> <span class="nc">EventSourceResponse</span><span class="p">(</span><span class="nf">event_generator</span><span class="p">())</span> </code></pre> </div> <p>El <code>finally</code> es critico. Sin el, cualquier excepcion durante el streaming dejaria el contador inflado.</p> <h2> Registro: un tenant por usuario, automatico </h2> <p>Cuando alguien se registra, se crea automaticamente un tenant con plan Free:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">register</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">data</span><span class="p">:</span> <span class="n">UserRegister</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">User</span><span class="p">:</span> <span class="n">existing</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_user_by_email</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">data</span><span class="p">.</span><span class="n">email</span><span class="p">)</span> <span class="k">if</span> <span class="n">existing</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">BadRequestException</span><span class="p">(</span><span class="sh">"</span><span class="s">El email ya esta registrado</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Crear tenant automaticamente </span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">create_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">data</span><span class="p">.</span><span class="n">tenant_name</span><span class="p">,</span> <span class="n">plan_slug</span><span class="o">=</span><span class="sh">"</span><span class="s">free</span><span class="sh">"</span><span class="p">)</span> <span class="n">user</span> <span class="o">=</span> <span class="nc">User</span><span class="p">(</span> <span class="n">email</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="n">email</span><span class="p">,</span> <span class="n">hashed_password</span><span class="o">=</span><span class="nf">hash_password</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="n">password</span><span class="p">),</span> <span class="n">full_name</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="n">full_name</span><span class="p">,</span> <span class="n">role</span><span class="o">=</span><span class="n">UserRole</span><span class="p">.</span><span class="n">TENANT_ADMIN</span><span class="p">,</span> <span class="c1"># El creador es admin </span> <span class="n">tenant_id</span><span class="o">=</span><span class="n">tenant</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">email_verified</span><span class="o">=</span><span class="bp">False</span><span class="p">,</span> <span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">refresh</span><span class="p">(</span><span class="n">user</span><span class="p">)</span> <span class="k">return</span> <span class="n">user</span> </code></pre> </div> <p>El slug del tenant se genera automaticamente con deduplicacion:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_generate_slug</span><span class="p">(</span><span class="n">name</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">slug</span> <span class="o">=</span> <span class="n">re</span><span class="p">.</span><span class="nf">sub</span><span class="p">(</span><span class="sa">r</span><span class="sh">'</span><span class="s">[^a-z0-9]+</span><span class="sh">'</span><span class="p">,</span> <span class="sh">'</span><span class="s">-</span><span class="sh">'</span><span class="p">,</span> <span class="n">name</span><span class="p">.</span><span class="nf">lower</span><span class="p">()).</span><span class="nf">strip</span><span class="p">(</span><span class="sh">'</span><span class="s">-</span><span class="sh">'</span><span class="p">)</span> <span class="k">return</span> <span class="n">slug</span><span class="p">[:</span><span class="mi">80</span><span class="p">]</span> <span class="k">if</span> <span class="n">slug</span> <span class="k">else</span> <span class="sh">'</span><span class="s">tenant</span><span class="sh">'</span> <span class="k">async</span> <span class="k">def</span> <span class="nf">create_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">name</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">plan_slug</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">free</span><span class="sh">"</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">Tenant</span><span class="p">:</span> <span class="c1"># Buscar plan </span> <span class="n">stmt</span> <span class="o">=</span> <span class="nf">select</span><span class="p">(</span><span class="n">Plan</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span><span class="n">Plan</span><span class="p">.</span><span class="n">slug</span> <span class="o">==</span> <span class="n">plan_slug</span><span class="p">,</span> <span class="n">Plan</span><span class="p">.</span><span class="n">is_active</span> <span class="o">==</span> <span class="bp">True</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">stmt</span><span class="p">)</span> <span class="n">plan</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">scalar_one_or_none</span><span class="p">()</span> <span class="n">base_slug</span> <span class="o">=</span> <span class="nf">_generate_slug</span><span class="p">(</span><span class="n">name</span><span class="p">)</span> <span class="n">slug</span> <span class="o">=</span> <span class="n">base_slug</span> <span class="c1"># Si ya existe, agregar sufijo aleatorio </span> <span class="n">existing</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="nf">select</span><span class="p">(</span><span class="n">Tenant</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span><span class="n">Tenant</span><span class="p">.</span><span class="n">slug</span> <span class="o">==</span> <span class="n">slug</span><span class="p">))</span> <span class="k">if</span> <span class="n">existing</span><span class="p">.</span><span class="nf">scalar_one_or_none</span><span class="p">():</span> <span class="n">slug</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">base_slug</span><span class="si">}</span><span class="s">-</span><span class="si">{</span><span class="n">uuid</span><span class="p">.</span><span class="nf">uuid4</span><span class="p">().</span><span class="nb">hex</span><span class="p">[</span><span class="si">:</span><span class="mi">6</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span> <span class="n">tenant</span> <span class="o">=</span> <span class="nc">Tenant</span><span class="p">(</span><span class="n">name</span><span class="o">=</span><span class="n">name</span><span class="p">,</span> <span class="n">slug</span><span class="o">=</span><span class="n">slug</span><span class="p">,</span> <span class="n">plan_id</span><span class="o">=</span><span class="n">plan</span><span class="p">.</span><span class="nb">id</span> <span class="k">if</span> <span class="n">plan</span> <span class="k">else</span> <span class="bp">None</span><span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">tenant</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">flush</span><span class="p">()</span> <span class="k">return</span> <span class="n">tenant</span> </code></pre> </div> <h2> JWT: tenant_id en el token </h2> <p>El access token incluye <code>tenant_id</code> y <code>role</code> directamente en el payload:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">create_access_token</span><span class="p">(</span><span class="n">user_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">role</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">expire_minutes</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="bp">None</span> <span class="o">=</span> <span class="bp">None</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">minutes</span> <span class="o">=</span> <span class="n">expire_minutes</span> <span class="ow">or</span> <span class="n">settings</span><span class="p">.</span><span class="n">access_token_expire_minutes</span> <span class="n">expire</span> <span class="o">=</span> <span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">timezone</span><span class="p">.</span><span class="n">utc</span><span class="p">)</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">minutes</span><span class="o">=</span><span class="n">minutes</span><span class="p">)</span> <span class="n">payload</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">sub</span><span class="sh">"</span><span class="p">:</span> <span class="n">user_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">tenant_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">role</span><span class="sh">"</span><span class="p">:</span> <span class="n">role</span><span class="p">,</span> <span class="sh">"</span><span class="s">exp</span><span class="sh">"</span><span class="p">:</span> <span class="n">expire</span><span class="p">,</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">access</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="k">return</span> <span class="n">jwt</span><span class="p">.</span><span class="nf">encode</span><span class="p">(</span><span class="n">payload</span><span class="p">,</span> <span class="n">settings</span><span class="p">.</span><span class="n">jwt_secret</span><span class="p">,</span> <span class="n">algorithm</span><span class="o">=</span><span class="n">settings</span><span class="p">.</span><span class="n">jwt_algorithm</span><span class="p">)</span> </code></pre> </div> <p><strong>¿Por qué incluir tenant_id en el JWT?</strong> Para no tener que hacer una query a la DB en cada request solo para saber de qué tenant es el usuario. En <code>get_current_user</code> igual verifico contra la DB (por si el usuario fue desactivado), pero el tenant_id del token sirve como hint rápido.</p> <h3> Refresh token rotation </h3> <p>Cada vez que se usa un refresh token, se <strong>revoca</strong> y se emite uno nuevo:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">refresh_access_token</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">refresh_token_value</span><span class="p">:</span> <span class="nb">str</span><span class="p">):</span> <span class="n">stmt</span> <span class="o">=</span> <span class="nf">select</span><span class="p">(</span><span class="n">RefreshToken</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span> <span class="n">RefreshToken</span><span class="p">.</span><span class="n">token</span> <span class="o">==</span> <span class="n">refresh_token_value</span><span class="p">,</span> <span class="n">RefreshToken</span><span class="p">.</span><span class="n">revoked</span> <span class="o">==</span> <span class="bp">False</span><span class="p">,</span> <span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span><span class="n">stmt</span><span class="p">)</span> <span class="n">token_record</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">scalar_one_or_none</span><span class="p">()</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">token_record</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">Refresh token invalido</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Revocar el viejo (rotacion) </span> <span class="n">token_record</span><span class="p">.</span><span class="n">revoked</span> <span class="o">=</span> <span class="bp">True</span> <span class="n">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_user_by_id</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">token_record</span><span class="p">.</span><span class="n">user_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">user</span> <span class="ow">or</span> <span class="ow">not</span> <span class="n">user</span><span class="p">.</span><span class="n">is_active</span><span class="p">:</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">raise</span> <span class="nc">UnauthorizedException</span><span class="p">(</span><span class="sh">"</span><span class="s">Usuario no encontrado o desactivado</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Emitir nuevos tokens </span> <span class="n">new_access</span> <span class="o">=</span> <span class="nf">create_access_token</span><span class="p">(</span><span class="nf">str</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="nb">id</span><span class="p">),</span> <span class="nf">str</span><span class="p">(</span><span class="n">user</span><span class="p">.</span><span class="n">tenant_id</span><span class="p">),</span> <span class="n">user</span><span class="p">.</span><span class="n">role</span><span class="p">.</span><span class="n">value</span><span class="p">)</span> <span class="n">new_refresh_value</span> <span class="o">=</span> <span class="nf">create_refresh_token_value</span><span class="p">()</span> <span class="n">new_refresh</span> <span class="o">=</span> <span class="nc">RefreshToken</span><span class="p">(</span> <span class="n">user_id</span><span class="o">=</span><span class="n">user</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">token</span><span class="o">=</span><span class="n">new_refresh_value</span><span class="p">,</span> <span class="n">expires_at</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="nf">now</span><span class="p">(</span><span class="n">timezone</span><span class="p">.</span><span class="n">utc</span><span class="p">)</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">days</span><span class="o">=</span><span class="n">settings</span><span class="p">.</span><span class="n">refresh_token_expire_days</span><span class="p">),</span> <span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">new_refresh</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> <span class="k">return</span> <span class="n">new_access</span><span class="p">,</span> <span class="n">new_refresh_value</span> </code></pre> </div> <p>Si alguien intercepta un refresh token y lo usa, el token original queda revocado. Cuando el usuario legítimo intente refrescar, va a fallar y sabrá que hubo un compromiso.</p> <h2> Threshold warnings: avisar antes de que explote </h2> <p>No espero a que el tenant llegue al 100% del límite para avisarle. Implementé warnings en 80% y 95%:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">get_usage_warnings</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">]:</span> <span class="n">plan</span><span class="p">,</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">_get_plan_and_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">plan</span><span class="p">:</span> <span class="k">return</span> <span class="p">[]</span> <span class="n">usage</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_monthly_usage</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="n">warnings</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">resources</span> <span class="o">=</span> <span class="p">[</span> <span class="p">(</span><span class="sh">"</span><span class="s">messages</span><span class="sh">"</span><span class="p">,</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">messages_month</span><span class="sh">"</span><span class="p">],</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span><span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">tokens</span><span class="sh">"</span><span class="p">,</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">tokens_month</span><span class="sh">"</span><span class="p">],</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_tokens_month</span><span class="p">),</span> <span class="p">]</span> <span class="k">for</span> <span class="n">resource</span><span class="p">,</span> <span class="n">used</span><span class="p">,</span> <span class="n">max_val</span> <span class="ow">in</span> <span class="n">resources</span><span class="p">:</span> <span class="k">if</span> <span class="n">max_val</span> <span class="o">==</span> <span class="o">-</span><span class="mi">1</span> <span class="ow">or</span> <span class="n">max_val</span> <span class="o">&lt;=</span> <span class="mi">0</span><span class="p">:</span> <span class="k">continue</span> <span class="n">pct</span> <span class="o">=</span> <span class="nf">round</span><span class="p">((</span><span class="n">used</span> <span class="o">/</span> <span class="n">max_val</span><span class="p">)</span> <span class="o">*</span> <span class="mi">100</span><span class="p">,</span> <span class="mi">1</span><span class="p">)</span> <span class="k">if</span> <span class="n">pct</span> <span class="o">&gt;=</span> <span class="mi">95</span><span class="p">:</span> <span class="n">warnings</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">resource</span><span class="sh">"</span><span class="p">:</span> <span class="n">resource</span><span class="p">,</span> <span class="sh">"</span><span class="s">used</span><span class="sh">"</span><span class="p">:</span> <span class="n">used</span><span class="p">,</span> <span class="sh">"</span><span class="s">max</span><span class="sh">"</span><span class="p">:</span> <span class="n">max_val</span><span class="p">,</span> <span class="sh">"</span><span class="s">pct</span><span class="sh">"</span><span class="p">:</span> <span class="n">pct</span><span class="p">,</span> <span class="sh">"</span><span class="s">level</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">critical</span><span class="sh">"</span> <span class="p">})</span> <span class="k">elif</span> <span class="n">pct</span> <span class="o">&gt;=</span> <span class="mi">80</span><span class="p">:</span> <span class="n">warnings</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span> <span class="sh">"</span><span class="s">resource</span><span class="sh">"</span><span class="p">:</span> <span class="n">resource</span><span class="p">,</span> <span class="sh">"</span><span class="s">used</span><span class="sh">"</span><span class="p">:</span> <span class="n">used</span><span class="p">,</span> <span class="sh">"</span><span class="s">max</span><span class="sh">"</span><span class="p">:</span> <span class="n">max_val</span><span class="p">,</span> <span class="sh">"</span><span class="s">pct</span><span class="sh">"</span><span class="p">:</span> <span class="n">pct</span><span class="p">,</span> <span class="sh">"</span><span class="s">level</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">warning</span><span class="sh">"</span> <span class="p">})</span> <span class="k">return</span> <span class="n">warnings</span> </code></pre> </div> <p>Los warnings se envian por email a los admins del tenant, con deduplicacion para no spammear:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Solo enviar si: # 1. No se envió para este billing period, O # 2. Se está escalando de warning → critical </span><span class="k">if</span> <span class="n">last_sent</span> <span class="o">==</span> <span class="n">bp</span> <span class="ow">and</span> <span class="n">last_level</span> <span class="o">==</span> <span class="sh">"</span><span class="s">critical</span><span class="sh">"</span><span class="p">:</span> <span class="k">return</span> <span class="c1"># Ya envié critical para este periodo </span> <span class="c1"># Guardar marker de dedup </span><span class="n">updated_prefs</span><span class="p">[</span><span class="sh">"</span><span class="s">_last_warning_bp</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">bp</span> <span class="n">updated_prefs</span><span class="p">[</span><span class="sh">"</span><span class="s">_last_warning_level</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="n">most_severe</span><span class="p">[</span><span class="sh">"</span><span class="s">level</span><span class="sh">"</span><span class="p">]</span> </code></pre> </div> <h2> FAQ-only fallback: degradacion graciosa </h2> <p>Cuando un tenant agota su presupuesto de LLM, no bloqueo todo. Las FAQs siguen funcionando:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">is_llm_budget_exhausted</span><span class="p">(</span><span class="n">db</span><span class="p">:</span> <span class="n">AsyncSession</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">:</span> <span class="n">UUID</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">bool</span><span class="p">:</span> <span class="n">plan</span><span class="p">,</span> <span class="n">tenant</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">_get_plan_and_tenant</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">plan</span><span class="p">:</span> <span class="k">return</span> <span class="bp">False</span> <span class="n">usage</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">get_monthly_usage</span><span class="p">(</span><span class="n">db</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">)</span> <span class="k">if</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span> <span class="o">!=</span> <span class="o">-</span><span class="mi">1</span> <span class="ow">and</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">messages_month</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_messages_month</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">if</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_tokens_month</span> <span class="o">!=</span> <span class="o">-</span><span class="mi">1</span> <span class="ow">and</span> <span class="n">usage</span><span class="p">[</span><span class="sh">"</span><span class="s">tokens_month</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="n">plan</span><span class="p">.</span><span class="n">max_tokens_month</span><span class="p">:</span> <span class="k">return</span> <span class="bp">True</span> <span class="k">return</span> <span class="bp">False</span> </code></pre> </div> <p>En el chat, si <code>is_llm_budget_exhausted</code> devuelve <code>True</code>, se intenta FAQ match primero. Si matchea, respuesta gratuita. Si no, se envia un evento SSE <code>upgrade_required</code> y el frontend muestra un card de upgrade.</p> <h2> Custom exceptions: errores semánticos </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">class</span> <span class="nc">PlanLimitException</span><span class="p">(</span><span class="n">HTTPException</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">detail</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Plan limit reached</span><span class="sh">"</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="n">status</span><span class="p">.</span><span class="n">HTTP_403_FORBIDDEN</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="n">detail</span><span class="p">)</span> <span class="k">class</span> <span class="nc">TooManyRequestsException</span><span class="p">(</span><span class="n">HTTPException</span><span class="p">):</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">detail</span><span class="p">:</span> <span class="nb">str</span> <span class="o">=</span> <span class="sh">"</span><span class="s">Too many requests</span><span class="sh">"</span><span class="p">):</span> <span class="nf">super</span><span class="p">().</span><span class="nf">__init__</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">429</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="n">detail</span><span class="p">)</span> </code></pre> </div> <p>El frontend distingue:</p> <ul> <li> <strong>403 PlanLimit</strong>: "Llegaste al limite de tu plan. Upgrade disponible."</li> <li> <strong>429 RateLimit</strong>: "Demasiados requests. Reintentá en unos segundos."</li> <li> <strong>401 Unauthorized</strong>: "Sesion expirada. Volvé a iniciar sesion."</li> </ul> <h2> Numeros que importan </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Recurso</th> <th>Free</th> <th>Starter</th> <th>Pro</th> </tr> </thead> <tbody> <tr> <td>Usuarios</td> <td>3</td> <td>10</td> <td>50</td> </tr> <tr> <td>Knowledge Bases</td> <td>3</td> <td>10</td> <td>-1 (ilimitado)</td> </tr> <tr> <td>Documentos</td> <td>20</td> <td>100</td> <td>-1</td> </tr> <tr> <td>Storage</td> <td>200 MB</td> <td>1 GB</td> <td>10 GB</td> </tr> <tr> <td>Mensajes IA/mes</td> <td>50</td> <td>500</td> <td>5000</td> </tr> <tr> <td>API Keys</td> <td>1</td> <td>5</td> <td>20</td> </tr> <tr> <td>Concurrencia</td> <td>2</td> <td>5</td> <td>20</td> </tr> </tbody> </table></div> <h2> Lecciones aprendidas </h2> <h3> 1. UPSERT &gt; SELECT + INSERT </h3> <p>Nunca hagas "read count → check → insert" para contadores de uso. La race condition es inevitable bajo carga. El UPSERT atomico de PostgreSQL es la unica forma correcta. Me ahorré horas de debugging de "por qué el tenant tiene 51 mensajes si el limite es 50".</p> <h3> 2. Fail-open para rate limiting, fail-closed para billing </h3> <p>Si Redis se cae, los rate limits se relajan (fail-open) pero los limites de plan en PostgreSQL siguen activos (fail-closed). Nunca dejes que una dependencia caida bloquee a todos tus usuarios.</p> <h3> 3. El super_admin no es un dios omnisciente </h3> <p>Mi primer diseño daba acceso total al super_admin sobre los datos de todos los tenants. Mal. El super_admin es el operador de la plataforma, no el dueño de los datos. Ve metricas agregadas, no conversaciones individuales. Esto simplifica compliance y genera confianza.</p> <h3> 4. <code>-1</code> para ilimitado es mejor que un booleano </h3> <p>Tener <code>max_kbs: int</code> con <code>-1 = ilimitado</code> es mas limpio que <code>max_kbs: int</code> + <code>is_kbs_unlimited: bool</code>. Una sola columna, un solo check. Lo apliqué a todos los limites de plan.</p> <h3> 5. Billing period basado en fecha de pago, no en mes calendario </h3> <p>Si un tenant pagó el 15 de marzo, su ciclo va del 15/3 al 14/4, no del 1/3 al 31/3. Parece un detalle menor hasta que un usuario se queja de que "pagué ayer y ya usé la mitad de mi cuota".</p> <h3> 6. TTL como safety net para contadores en Redis </h3> <p>Los contadores de concurrencia en Redis necesitan TTL. Sin el, un crash del servidor deja contadores "zombie" que bloquean al tenant. Con TTL de 5 minutos, el sistema se auto-cura.</p> <h3> 7. CASCADE simplifica el borrado pero hay que limpiar Redis tambien </h3> <p>El <code>ON DELETE CASCADE</code> de PostgreSQL es maravilloso para borrar todo lo relacionado a un tenant. Pero no limpia Redis. Hay que hacerlo explicitamente. Me enteré cuando un tenant borrado seguia contando rate limits.</p> <h2> Lo que sigue </h2> <ul> <li> <strong>Audit log</strong>: registrar quién hizo qué, cuándo, sobre qué recurso</li> <li> <strong>Fine-grained permissions</strong>: permisos por KB y por accion (no solo por rol global)</li> <li> <strong>Multi-region</strong>: tenants asignados a regiones especificas para compliance</li> </ul> <h2> Conclusion </h2> <p>Multi-tenancy real no es una columna extra en la base de datos. Es un sistema de enforcement que abarca desde el modelo de datos hasta el rate limiting, pasando por la autorizacion y el billing. Los puntos mas criticos:</p> <ol> <li> <strong>Contadores atomicos</strong> (UPSERT) para que los limites se respeten bajo concurrencia</li> <li> <strong>Redis para lo efimero</strong> (rate limits, concurrencia) y <strong>PostgreSQL para lo durable</strong> (billing, usage)</li> <li> <strong>Roles claros</strong> con dependency injection que haga imposible saltear la autorizacion</li> <li><strong>Fail-open donde duele poco, fail-closed donde duele mucho</strong></li> <li> <strong>Aislamiento por defecto</strong> — cada query filtra por tenant_id, sin excepciones</li> </ol> <p>Si estas construyendo un SaaS multi-tenant, invertí en el enforcement desde el dia 1. Refactorear esto despues es ordenes de magnitud mas doloroso que hacerlo bien desde el principio.</p> <p><em>Si estas construyendo algo multi-tenant y te chocaste con un problema que no cubrí, dejá un comentario. Y si este articulo te ahorro tiempo, un like ayuda a que llegue a mas personas.</em></p> python postgres fastapi saas Martin Palopoli Tue, 17 Mar 2026 12:28:14 +0000 https://dev.to/martin_palopoli/como-desplegue-un-motor-rag-en-produccion-con-docker-nginx-y-digitalocean-35ak https://dev.to/martin_palopoli/como-desplegue-un-motor-rag-en-produccion-con-docker-nginx-y-digitalocean-35ak <p>Desplegué un motor RAG completo (FastAPI + PostgreSQL + pgvector + Redis) en un VPS de <strong>4GB de RAM</strong> por $24/mes. En este artículo comparto la arquitectura de deploy real: Docker multi-stage builds, PostgreSQL tuneado para recursos limitados, Nginx como reverse proxy con soporte SSE, zero-downtime deploys con maintenance mode, backups automáticos y monitoreo con cron.</p> <h2> El contexto </h2> <p>En el <a href="https://dev.to/martin_palopoli/como-construi-un-pipeline-rag-de-produccion-con-fastapi-pgvector-y-cross-encoder-reranking-4f3c">artículo anterior</a> construí un pipeline RAG de producción con búsqueda híbrida, cross-encoder reranking y cache semántico. Todo funcionaba perfecto en Docker local.</p> <p>El problema: <strong>pasarlo a producción en un VPS económico sin que explote</strong>.</p> <p>Un sistema RAG no es un CRUD típico. Tiene:</p> <ul> <li>Modelos de embeddings que consumen ~500MB de RAM por worker</li> <li>PostgreSQL con extensiones pesadas (pgvector + HNSW indexes)</li> <li>Streaming SSE que necesita conexiones long-lived</li> <li>Redis para rate limiting y cache</li> <li>Todo eso compitiendo por 4GB de RAM</li> </ul> <h2> Infraestructura elegida </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Componente</th> <th>Especificación</th> </tr> </thead> <tbody> <tr> <td>VPS</td> <td>DigitalOcean 4GB RAM / 2 vCPU / 80GB SSD</td> </tr> <tr> <td>OS</td> <td>Ubuntu 24.04 LTS</td> </tr> <tr> <td>Containers</td> <td>Docker Compose (5 servicios)</td> </tr> <tr> <td>SSL</td> <td>Cloudflare (proxy + certificados origin)</td> </tr> <tr> <td>DNS</td> <td>Cloudflare</td> </tr> <tr> <td>Costo total</td> <td>~$24/mes</td> </tr> </tbody> </table></div> <p><strong>¿Por qué no Kubernetes?</strong> Porque para un solo VPS es overkill. Docker Compose con restart policies y health checks cubre el 95% de lo que necesitás para un servicio web con pocos miles de usuarios.</p> <h2> Docker Compose: dev vs producción </h2> <h3> Desarrollo </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.yml</span> <span class="na">services</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">pgvector/pgvector:pg16</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5433:5432"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">POSTGRES_DB</span><span class="pi">:</span> <span class="s">ragdb</span> <span class="na">POSTGRES_USER</span><span class="pi">:</span> <span class="s">raguser</span> <span class="na">POSTGRES_PASSWORD</span><span class="pi">:</span> <span class="s">localpass123</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pgdata:/var/lib/postgresql/data</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">raguser</span><span class="nv"> </span><span class="s">-d</span><span class="nv"> </span><span class="s">ragdb"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">5s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7-alpine</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">6379:6379"</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">./backend</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8000:8000"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./backend/app:/app/app</span> <span class="c1"># Hot reload</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_started</span> <span class="na">frontend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="s">./frontend</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">5173:5173"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./frontend/src:/app/src</span> <span class="c1"># Hot reload</span> </code></pre> </div> <p>Nada sorprendente: puertos expuestos, volúmenes para hot reload, health checks básicos.</p> <h3> Producción: las diferencias que importan </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># docker-compose.prod.yml</span> <span class="na">services</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">pgvector/pgvector:pg16</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">app-db</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">env_file</span><span class="pi">:</span> <span class="s">.env.production</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:5432:5432"</span> <span class="c1"># Solo localhost</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pgdata:/var/lib/postgresql/data</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">&gt;</span> <span class="s">postgres</span> <span class="s">-c shared_buffers=128MB</span> <span class="s">-c effective_cache_size=256MB</span> <span class="s">-c max_connections=50</span> <span class="s">-c work_mem=4MB</span> <span class="s">-c maintenance_work_mem=64MB</span> <span class="s">-c random_page_cost=1.1</span> <span class="s">-c effective_io_concurrency=200</span> <span class="s">-c wal_buffers=4MB</span> <span class="s">-c checkpoint_completion_target=0.9</span> <span class="na">healthcheck</span><span class="pi">:</span> <span class="na">test</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">CMD-SHELL"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">pg_isready</span><span class="nv"> </span><span class="s">-U</span><span class="nv"> </span><span class="s">$$POSTGRES_USER</span><span class="nv"> </span><span class="s">-d</span><span class="nv"> </span><span class="s">$$POSTGRES_DB"</span><span class="pi">]</span> <span class="na">interval</span><span class="pi">:</span> <span class="s">10s</span> <span class="na">retries</span><span class="pi">:</span> <span class="m">5</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">redis:7-alpine</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">app-redis</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">command</span><span class="pi">:</span> <span class="s">redis-server --maxmemory 64mb --maxmemory-policy allkeys-lru</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:6379:6379"</span> <span class="c1"># Solo localhost</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">redisdata:/data</span> <span class="na">backend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./backend</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">app-backend</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">env_file</span><span class="pi">:</span> <span class="s">.env.production</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:8000:8000"</span> <span class="c1"># Solo localhost, Nginx al frente</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">1536M</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="na">db</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_healthy</span> <span class="na">redis</span><span class="pi">:</span> <span class="na">condition</span><span class="pi">:</span> <span class="s">service_started</span> <span class="na">frontend</span><span class="pi">:</span> <span class="na">build</span><span class="pi">:</span> <span class="na">context</span><span class="pi">:</span> <span class="s">./frontend</span> <span class="na">dockerfile</span><span class="pi">:</span> <span class="s">Dockerfile.prod</span> <span class="c1"># Multi-stage con Nginx</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">app-frontend</span> <span class="na">restart</span><span class="pi">:</span> <span class="s">always</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:5173:5173"</span> <span class="c1"># Solo localhost</span> <span class="na">deploy</span><span class="pi">:</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">64M</span> </code></pre> </div> <h3> Las diferencias clave </h3> <p><strong>1. Puertos solo en localhost</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">127.0.0.1:8000:8000"</span> <span class="c1"># ✅ Solo Nginx puede acceder</span> <span class="c1"># vs</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">8000:8000"</span> <span class="c1"># ❌ Abierto al mundo</span> </code></pre> </div> <p>Si publicás el puerto sin <code>127.0.0.1</code>, Docker modifica iptables y <strong>bypassea el firewall del sistema</strong>. Es un error clásico.</p> <p><strong>2. PostgreSQL tuneado para 4GB</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="n">shared_buffers</span>=<span class="m">128</span><span class="n">MB</span> <span class="c"># 25% de la RAM disponible para PG (~512MB) </span><span class="n">effective_cache_size</span>=<span class="m">256</span><span class="n">MB</span> <span class="c"># Lo que el OS puede cachear </span><span class="n">max_connections</span>=<span class="m">50</span> <span class="c"># No necesitás 100 con un backend async </span><span class="n">work_mem</span>=<span class="m">4</span><span class="n">MB</span> <span class="c"># Cuidado: se multiplica por conexión × sort ops </span><span class="n">random_page_cost</span>=<span class="m">1</span>.<span class="m">1</span> <span class="c"># SSD, no disco rotacional </span></code></pre> </div> <p>Los defaults de PostgreSQL asumen un servidor dedicado con 1GB+ de RAM solo para PG. En un VPS compartido con 4 servicios más, necesitás ser conservador.</p> <p><strong>3. Redis con límite estricto</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code><span class="n">maxmemory</span> <span class="m">64</span><span class="n">mb</span> <span class="n">maxmemory</span>-<span class="n">policy</span> <span class="n">allkeys</span>-<span class="n">lru</span> </code></pre> </div> <p>Redis sin <code>maxmemory</code> puede crecer indefinidamente y matar el OOM killer. Con <code>allkeys-lru</code>, cuando llega al límite, elimina las keys menos usadas en vez de devolver errores.</p> <p><strong>4. Memory limits en el backend</strong><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">deploy</span><span class="pi">:</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s">1536M</span> </code></pre> </div> <p>El backend con modelos de embeddings cargados usa ~800MB-1.2GB. El límite de 1536MB le da margen sin permitir que un memory leak se coma todo el VPS.</p> <h2> Dockerfiles: multi-stage builds </h2> <h3> Backend: pre-descargar modelos </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># === Stage 1: Builder ===</span> <span class="k">FROM</span><span class="w"> </span><span class="s">python:3.12-slim</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /build</span> <span class="k">COPY</span><span class="s"> requirements.txt .</span> <span class="c"># PyTorch CPU-only (ahorro ~1.5GB vs versión con CUDA)</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> torch <span class="nt">--index-url</span> https://download.pytorch.org/whl/cpu <span class="se">\ </span> <span class="o">&amp;&amp;</span> pip <span class="nb">install</span> <span class="nt">--no-cache-dir</span> <span class="nt">-r</span> requirements.txt <span class="c"># Pre-descargar modelos de embeddings y cross-encoder</span> <span class="k">RUN </span>python <span class="nt">-c</span> <span class="s2">"</span> <span class="k">from</span><span class="s"> sentence_transformers import SentenceTransformer, CrossEncoder</span> SentenceTransformer('paraphrase-multilingual-MiniLM-L12-v2') CrossEncoder('cross-encoder/ms-marco-MiniLM-L-6-v2') " # === Stage 2: Runtime === <span class="k">FROM</span><span class="w"> </span><span class="s">python:3.12-slim</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">runtime</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">RUN </span>apt-get update <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> <span class="nt">--no-install-recommends</span> <span class="se">\ </span> libfontconfig1 curl ca-certificates <span class="o">&amp;&amp;</span> <span class="nb">rm</span> <span class="nt">-rf</span> /var/lib/apt/lists/<span class="k">*</span> <span class="c"># Copiar dependencias y modelos pre-descargados</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/local/lib/python3.12/site-packages /usr/local/lib/python3.12/site-packages</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/local/bin /usr/local/bin</span> <span class="k">COPY</span><span class="s"> --from=builder /root/.cache /root/.cache</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span><span class="nb">chmod</span> +x start.sh <span class="k">EXPOSE</span><span class="s"> 8000</span> <span class="k">CMD</span><span class="s"> ["./start.sh"]</span> </code></pre> </div> <p><strong>¿Por qué pre-descargar modelos en build?</strong> Si no lo hacés, el primer request después de cada deploy va a tardar 30-60 segundos mientras se descargan los modelos. Con pre-descarga, el contenedor arranca listo para servir.</p> <p><strong>¿Por qué PyTorch CPU-only?</strong> La versión con CUDA pesa ~2GB extra. En un VPS sin GPU es peso muerto.</p> <h3> Frontend: build + Nginx estático </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># === Stage 1: Build ===</span> <span class="k">FROM</span><span class="w"> </span><span class="s">node:20-alpine</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">build</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm ci <span class="k">COPY</span><span class="s"> . .</span> <span class="k">RUN </span>npm run build <span class="c"># === Stage 2: Serve ===</span> <span class="k">FROM</span><span class="s"> nginx:1.27-alpine</span> <span class="c"># Copiar build estático</span> <span class="k">COPY</span><span class="s"> --from=build /app/dist /usr/share/nginx/html</span> <span class="c"># Config para SPA</span> <span class="k">COPY</span><span class="s"> nginx.conf /etc/nginx/conf.d/default.conf</span> <span class="k">EXPOSE</span><span class="s"> 5173</span> <span class="k">CMD</span><span class="s"> ["nginx", "-g", "daemon off;"]</span> </code></pre> </div> <p>El frontend en producción NO corre Vite. Es Nginx sirviendo archivos estáticos. La imagen pasa de ~400MB (node + deps) a ~25MB (nginx alpine + dist).</p> <h3> Nginx interno del frontend (SPA) </h3> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">5173</span><span class="p">;</span> <span class="kn">root</span> <span class="n">/usr/share/nginx/html</span><span class="p">;</span> <span class="kn">index</span> <span class="s">index.html</span><span class="p">;</span> <span class="c1"># Assets con hash de Vite → cache agresivo</span> <span class="kn">location</span> <span class="n">/assets/</span> <span class="p">{</span> <span class="kn">expires</span> <span class="s">1y</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">Cache-Control</span> <span class="s">"public,</span> <span class="s">immutable"</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># index.html → nunca cachear (para que nuevos deploys se reflejen)</span> <span class="kn">location</span> <span class="p">=</span> <span class="n">/index.html</span> <span class="p">{</span> <span class="kn">add_header</span> <span class="s">Cache-Control</span> <span class="s">"no-cache"</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># SPA fallback: toda ruta → index.html</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">try_files</span> <span class="nv">$uri</span> <span class="nv">$uri</span><span class="n">/</span> <span class="n">/index.html</span><span class="p">;</span> <span class="p">}</span> <span class="kn">gzip</span> <span class="no">on</span><span class="p">;</span> <span class="kn">gzip_types</span> <span class="nc">text/plain</span> <span class="nc">text/css</span> <span class="nc">application/json</span> <span class="nc">application/javascript</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> Nginx: el reverse proxy que lo conecta todo </h2> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="c1"># === HTTPS principal ===</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">tu-dominio.com</span><span class="p">;</span> <span class="c1"># Certificados origin (Cloudflare → VPS)</span> <span class="kn">ssl_certificate</span> <span class="n">/etc/ssl/certs/origin.pem</span><span class="p">;</span> <span class="kn">ssl_certificate_key</span> <span class="n">/etc/ssl/private/origin.key</span><span class="p">;</span> <span class="kn">ssl_protocols</span> <span class="s">TLSv1.2</span> <span class="s">TLSv1.3</span><span class="p">;</span> <span class="kn">client_max_body_size</span> <span class="mi">50M</span><span class="p">;</span> <span class="c1"># Para upload de documentos</span> <span class="c1"># === Maintenance mode ===</span> <span class="kn">set</span> <span class="nv">$maintenance</span> <span class="mi">0</span><span class="p">;</span> <span class="kn">if</span> <span class="s">(-f</span> <span class="n">/etc/nginx/maintenance.on</span><span class="s">)</span> <span class="p">{</span> <span class="kn">set</span> <span class="nv">$maintenance</span> <span class="mi">1</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># Health check siempre disponible (para monitoreo)</span> <span class="kn">location</span> <span class="p">=</span> <span class="n">/api/v1/health</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:8000</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># Si maintenance mode → 503</span> <span class="kn">if</span> <span class="s">(</span><span class="nv">$maintenance</span><span class="s">)</span> <span class="p">{</span> <span class="kn">return</span> <span class="mi">503</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === API Backend ===</span> <span class="kn">location</span> <span class="n">/api/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:8000</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Real-IP</span> <span class="nv">$remote_addr</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-For</span> <span class="nv">$proxy_add_x_forwarded_for</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="c1"># SSE streaming: CRÍTICO</span> <span class="kn">proxy_buffering</span> <span class="no">off</span><span class="p">;</span> <span class="kn">proxy_cache</span> <span class="no">off</span><span class="p">;</span> <span class="kn">proxy_read_timeout</span> <span class="s">300s</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">''</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">chunked_transfer_encoding</span> <span class="no">off</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === Widget JS (cacheable) ===</span> <span class="kn">location</span> <span class="p">=</span> <span class="n">/widget.js</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:8000</span><span class="p">;</span> <span class="kn">proxy_cache_valid</span> <span class="mi">200</span> <span class="s">1h</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === Frontend SPA ===</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:5173</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === Gzip ===</span> <span class="kn">gzip</span> <span class="no">on</span><span class="p">;</span> <span class="kn">gzip_comp_level</span> <span class="mi">4</span><span class="p">;</span> <span class="kn">gzip_min_length</span> <span class="mi">256</span><span class="p">;</span> <span class="kn">gzip_types</span> <span class="nc">text/plain</span> <span class="nc">text/css</span> <span class="nc">application/json</span> <span class="nc">application/javascript</span> <span class="nc">text/xml</span> <span class="nc">application/xml</span> <span class="nc">text/javascript</span> <span class="nc">image/svg</span><span class="s">+xml</span><span class="p">;</span> <span class="c1"># === Security headers ===</span> <span class="kn">add_header</span> <span class="s">X-Frame-Options</span> <span class="s">"SAMEORIGIN"</span> <span class="s">always</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">X-Content-Type-Options</span> <span class="s">"nosniff"</span> <span class="s">always</span><span class="p">;</span> <span class="kn">add_header</span> <span class="s">Referrer-Policy</span> <span class="s">"strict-origin-when-cross-origin"</span> <span class="s">always</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === HTTP → HTTPS redirect ===</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">80</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">tu-dominio.com</span><span class="p">;</span> <span class="kn">return</span> <span class="mi">301</span> <span class="s">https://</span><span class="nv">$server_name$request_uri</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === www → non-www ===</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span> <span class="s">http2</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">www.tu-dominio.com</span><span class="p">;</span> <span class="kn">ssl_certificate</span> <span class="n">/etc/ssl/certs/origin.pem</span><span class="p">;</span> <span class="kn">ssl_certificate_key</span> <span class="n">/etc/ssl/private/origin.key</span><span class="p">;</span> <span class="kn">return</span> <span class="mi">301</span> <span class="s">https://tu-dominio.com</span><span class="nv">$request_uri</span><span class="p">;</span> <span class="p">}</span> <span class="c1"># === Página 503 de mantenimiento ===</span> <span class="k">error_page</span> <span class="mi">503</span> <span class="s">@maintenance</span><span class="p">;</span> <span class="k">location</span> <span class="s">@maintenance</span> <span class="p">{</span> <span class="kn">default_type</span> <span class="nc">text/html</span><span class="p">;</span> <span class="kn">return</span> <span class="mi">503</span> <span class="s">'&lt;!DOCTYPE</span> <span class="s">html&gt;</span> <span class="s">&lt;html&gt;&lt;head&gt;&lt;meta</span> <span class="s">charset="UTF-8"&gt;&lt;title&gt;Mantenimiento&lt;/title&gt;</span> <span class="s">&lt;style&gt;body</span><span class="p">{</span><span class="kn">font-family:system-ui</span><span class="p">;</span><span class="kn">display:flex</span><span class="p">;</span><span class="kn">justify-content:center</span><span class="p">;</span> <span class="kn">align-items:center</span><span class="p">;</span><span class="kn">min-height:100vh</span><span class="p">;</span><span class="kn">background:</span><span class="c1">#0f172a;color:#e2e8f0;</span> <span class="s">text-align:center</span><span class="err">}</span><span class="s">h1</span><span class="p">{</span><span class="kn">font-size:2rem</span><span class="err">}</span><span class="s">p</span><span class="p">{</span><span class="kn">color:</span><span class="c1">#94a3b8}&lt;/style&gt;&lt;/head&gt;</span> <span class="s">&lt;body&gt;&lt;div&gt;&lt;h1&gt;En</span> <span class="s">mantenimiento&lt;/h1&gt;</span> <span class="s">&lt;p&gt;Volvemos</span> <span class="s">en</span> <span class="s">unos</span> <span class="s">minutos.&lt;/p&gt;&lt;/div&gt;&lt;/body&gt;&lt;/html&gt;'</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h3> El bloque SSE que casi me rompe todo </h3> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">location</span> <span class="n">/api/</span> <span class="p">{</span> <span class="kn">proxy_buffering</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># Nginx NO debe buffear la respuesta</span> <span class="kn">proxy_cache</span> <span class="no">off</span><span class="p">;</span> <span class="c1"># Ni cachearla</span> <span class="kn">proxy_read_timeout</span> <span class="s">300s</span><span class="p">;</span> <span class="c1"># SSE puede durar minutos</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">''</span><span class="p">;</span> <span class="c1"># Deshabilitar keep-alive del upstream</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="c1"># HTTP/1.1 requerido para chunked</span> <span class="kn">chunked_transfer_encoding</span> <span class="no">off</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>Sin estos headers, Nginx buferea los tokens del SSE y los envía todos juntos al final. El usuario ve "nada nada nada... texto completo de golpe". Estos 6 parámetros son <strong>obligatorios</strong> para streaming real a través de un reverse proxy.</p> <h2> El script de deploy </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nv">SERVER</span><span class="o">=</span><span class="s2">"usuario@ip-del-servidor"</span> <span class="nv">SSH_KEY</span><span class="o">=</span><span class="s2">"~/.ssh/deploy_key"</span> <span class="nv">PROJECT_DIR</span><span class="o">=</span><span class="s2">"/opt/mi-app"</span> <span class="nv">BACKUP_DIR</span><span class="o">=</span><span class="s2">"/opt/mi-app/backups/db"</span> <span class="nv">DEPLOY_MODE</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">1</span><span class="k">:-</span><span class="nv">full</span><span class="k">}</span><span class="s2">"</span> <span class="c"># frontend | backend | full</span> ssh_cmd<span class="o">()</span> <span class="o">{</span> ssh <span class="nt">-i</span> <span class="s2">"</span><span class="nv">$SSH_KEY</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$SERVER</span><span class="s2">"</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">}</span> <span class="nb">echo</span> <span class="s2">"=== Deploy: </span><span class="nv">$DEPLOY_MODE</span><span class="s2"> ==="</span> <span class="c"># 1. Push código</span> git push origin main <span class="c"># 2. Pull en servidor</span> ssh_cmd <span class="s2">"cd </span><span class="nv">$PROJECT_DIR</span><span class="s2"> &amp;&amp; git fetch origin &amp;&amp; git reset --hard origin/main"</span> <span class="c"># 3. Backup de base de datos (solo backend/full)</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$DEPLOY_MODE</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"frontend"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Creando backup de DB..."</span> <span class="nv">TIMESTAMP</span><span class="o">=</span><span class="si">$(</span><span class="nb">date</span> +%Y%m%d_%H%M%S<span class="si">)</span> ssh_cmd <span class="s2">"docker exec app-db pg_dump -U </span><span class="se">\$</span><span class="s2">POSTGRES_USER </span><span class="se">\$</span><span class="s2">POSTGRES_DB </span><span class="se">\</span><span class="s2"> | gzip &gt; </span><span class="nv">$BACKUP_DIR</span><span class="s2">/backup_</span><span class="k">${</span><span class="nv">TIMESTAMP</span><span class="k">}</span><span class="s2">.gz"</span> <span class="c"># Activar maintenance mode</span> ssh_cmd <span class="s2">"touch /etc/nginx/maintenance.on &amp;&amp; nginx -s reload"</span> <span class="nb">echo</span> <span class="s2">"Maintenance mode: ON"</span> <span class="k">fi</span> <span class="c"># 4. Rebuild y restart</span> <span class="k">case</span> <span class="nv">$DEPLOY_MODE</span> <span class="k">in </span>frontend<span class="p">)</span> ssh_cmd <span class="s2">"cd </span><span class="nv">$PROJECT_DIR</span><span class="s2"> &amp;&amp; docker compose -f docker-compose.prod.yml </span><span class="se">\</span><span class="s2"> build frontend &amp;&amp; docker compose -f docker-compose.prod.yml </span><span class="se">\</span><span class="s2"> up -d frontend"</span> <span class="p">;;</span> backend<span class="p">)</span> ssh_cmd <span class="s2">"cd </span><span class="nv">$PROJECT_DIR</span><span class="s2"> &amp;&amp; docker compose -f docker-compose.prod.yml </span><span class="se">\</span><span class="s2"> build backend &amp;&amp; docker compose -f docker-compose.prod.yml </span><span class="se">\</span><span class="s2"> up -d backend"</span> <span class="p">;;</span> full<span class="p">)</span> ssh_cmd <span class="s2">"cd </span><span class="nv">$PROJECT_DIR</span><span class="s2"> &amp;&amp; docker compose -f docker-compose.prod.yml </span><span class="se">\</span><span class="s2"> up -d --build"</span> <span class="p">;;</span> <span class="k">esac</span> <span class="c"># 5. Desactivar maintenance mode</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$DEPLOY_MODE</span><span class="s2">"</span> <span class="o">!=</span> <span class="s2">"frontend"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">sleep </span>15 <span class="c"># Esperar a que el backend cargue modelos</span> ssh_cmd <span class="s2">"rm -f /etc/nginx/maintenance.on &amp;&amp; nginx -s reload"</span> <span class="nb">echo</span> <span class="s2">"Maintenance mode: OFF"</span> <span class="k">fi</span> <span class="c"># 6. Health check</span> <span class="nb">echo</span> <span class="s2">"Verificando salud..."</span> <span class="nv">MAX_RETRIES</span><span class="o">=</span>30 <span class="k">for </span>i <span class="k">in</span> <span class="si">$(</span><span class="nb">seq </span>1 <span class="nv">$MAX_RETRIES</span><span class="si">)</span><span class="p">;</span> <span class="k">do </span><span class="nv">STATUS</span><span class="o">=</span><span class="si">$(</span>ssh_cmd <span class="s2">"curl -s -o /dev/null -w '%{http_code}' http://127.0.0.1:8000/api/v1/health"</span><span class="si">)</span> <span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$STATUS</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">"200"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Deploy exitoso. Health: OK"</span> <span class="nb">exit </span>0 <span class="k">fi </span><span class="nb">echo</span> <span class="s2">"Intento </span><span class="nv">$i</span><span class="s2">/</span><span class="nv">$MAX_RETRIES</span><span class="s2">... (status: </span><span class="nv">$STATUS</span><span class="s2">)"</span> <span class="nb">sleep </span>5 <span class="k">done </span><span class="nb">echo</span> <span class="s2">"ERROR: Health check falló después de </span><span class="nv">$MAX_RETRIES</span><span class="s2"> intentos"</span> <span class="nb">exit </span>1 </code></pre> </div> <h3> ¿Por qué maintenance mode? </h3> <p>El backend tarda ~15 segundos en arrancar: corre migraciones de Alembic y luego Uvicorn carga los modelos de embeddings. Sin maintenance mode, durante esos 15 segundos Nginx devuelve 502 Bad Gateway.</p> <p>Con el archivo <code>/etc/nginx/maintenance.on</code>, Nginx devuelve una página 503 estilizada. El health check (<code>/api/v1/health</code>) queda exento para que el script pueda verificar cuándo el backend está listo.</p> <h2> Start script del backend </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="nb">set</span> <span class="nt">-e</span> <span class="nb">echo</span> <span class="s2">"Running database migrations..."</span> alembic upgrade <span class="nb">head echo</span> <span class="s2">"Starting FastAPI server..."</span> <span class="c"># 1 worker = ~800MB con modelos cargados</span> <span class="c"># 2 workers = ~1.3GB (solo si tenés RAM disponible)</span> <span class="nv">WORKERS</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">UVICORN_WORKERS</span><span class="k">:-</span><span class="nv">1</span><span class="k">}</span><span class="s2">"</span> <span class="nb">exec </span>uvicorn app.main:app <span class="se">\</span> <span class="nt">--host</span> 0.0.0.0 <span class="se">\</span> <span class="nt">--port</span> 8000 <span class="se">\</span> <span class="nt">--workers</span> <span class="s2">"</span><span class="nv">$WORKERS</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--log-level</span> <span class="s2">"</span><span class="k">${</span><span class="nv">UVICORN_LOG_LEVEL</span><span class="k">:-</span><span class="nv">info</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="s2">"</span><span class="nv">$@</span><span class="s2">"</span> </code></pre> </div> <p><strong>¿Por qué 1 worker?</strong> Cada worker de Uvicorn carga su propia copia de los modelos de embeddings (~500MB). Con 2 workers ya estás en 1.3GB solo de backend. En un VPS de 4GB con PostgreSQL, Redis y Nginx, 1 worker es lo seguro.</p> <p>FastAPI es async, así que 1 worker maneja bien la concurrencia — las operaciones de I/O (DB, LLM API, Redis) no bloquean el event loop.</p> <h2> Mantenimiento automático con Cron </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c">#!/bin/bash</span> <span class="c"># Ejecutar: crontab -e → 0 4 * * 0 /opt/mi-app/scripts/maintenance.sh</span> <span class="nv">LOG</span><span class="o">=</span><span class="s2">"/var/log/app-maintenance.log"</span> <span class="nb">echo</span> <span class="s2">"=== Mantenimiento </span><span class="si">$(</span><span class="nb">date</span><span class="si">)</span><span class="s2"> ==="</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> <span class="c"># 1. Limpiar imágenes Docker huérfanas (&gt;7 días)</span> docker image prune <span class="nt">-f</span> <span class="nt">--filter</span> <span class="s2">"until=168h"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> 2&gt;&amp;1 <span class="c"># 2. Limpiar contenedores parados</span> docker container prune <span class="nt">-f</span> <span class="nt">--filter</span> <span class="s2">"until=168h"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> 2&gt;&amp;1 <span class="c"># 3. Verificar uso de disco</span> <span class="nv">DISK_USAGE</span><span class="o">=</span><span class="si">$(</span><span class="nb">df</span> / <span class="nt">--output</span><span class="o">=</span>pcent | <span class="nb">tail</span> <span class="nt">-1</span> | <span class="nb">tr</span> <span class="nt">-dc</span> <span class="s1">'0-9'</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$DISK_USAGE</span><span class="s2">"</span> <span class="nt">-gt</span> 80 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"ALERTA: Disco al </span><span class="k">${</span><span class="nv">DISK_USAGE</span><span class="k">}</span><span class="s2">%"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># 4. Verificar memoria</span> <span class="nv">MEM_USAGE</span><span class="o">=</span><span class="si">$(</span>free | <span class="nb">awk</span> <span class="s1">'/Mem:/ {printf("%.0f"), $3/$2 * 100}'</span><span class="si">)</span> <span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$MEM_USAGE</span><span class="s2">"</span> <span class="nt">-gt</span> 90 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"ALERTA: RAM al </span><span class="k">${</span><span class="nv">MEM_USAGE</span><span class="k">}</span><span class="s2">%"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> <span class="k">fi</span> <span class="c"># 5. Estado de contenedores</span> docker ps <span class="nt">--format</span> <span class="s2">"table {{.Names}}</span><span class="se">\t</span><span class="s2">{{.Status}}</span><span class="se">\t</span><span class="s2">{{.Size}}"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> <span class="c"># 6. Inventario de backups</span> <span class="nv">BACKUP_COUNT</span><span class="o">=</span><span class="si">$(</span><span class="nb">ls</span> /opt/mi-app/backups/db/<span class="k">*</span>.gz 2&gt;/dev/null | <span class="nb">wc</span> <span class="nt">-l</span><span class="si">)</span> <span class="nv">LATEST</span><span class="o">=</span><span class="si">$(</span><span class="nb">ls</span> <span class="nt">-t</span> /opt/mi-app/backups/db/<span class="k">*</span>.gz 2&gt;/dev/null | <span class="nb">head</span> <span class="nt">-1</span><span class="si">)</span> <span class="nb">echo</span> <span class="s2">"Backups: </span><span class="nv">$BACKUP_COUNT</span><span class="s2"> archivos. Último: </span><span class="nv">$LATEST</span><span class="s2">"</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"=== Fin ==="</span> <span class="o">&gt;&gt;</span> <span class="s2">"</span><span class="nv">$LOG</span><span class="s2">"</span> </code></pre> </div> <p>Esto corre cada domingo a las 4am. Limpia basura de Docker, verifica disco y RAM, y loguea todo. Simple pero efectivo — me salvó dos veces de quedarme sin disco por imágenes Docker acumuladas.</p> <h2> Cloudflare + SSL: la configuración </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Internet → Cloudflare (proxy) → VPS (Nginx 443) → Docker containers </code></pre> </div> <h3> Setup </h3> <ol> <li> <strong>DNS en Cloudflare</strong>: A record apuntando al VPS, proxy habilitado (nube naranja)</li> <li> <strong>SSL en Cloudflare</strong>: "Full (strict)" — encripta tanto el tramo browser→Cloudflare como Cloudflare→VPS</li> <li> <strong>Certificado origin</strong>: Generado en Cloudflare Dashboard → SSL/TLS → Origin Server → Create Certificate</li> <li> <strong>En el VPS</strong>: Copiar el certificado y key a <code>/etc/ssl/certs/origin.pem</code> y <code>/etc/ssl/private/origin.key</code> </li> </ol> <p><strong>¿Por qué no Let's Encrypt?</strong> Con Cloudflare proxy activado, Let's Encrypt no puede verificar el dominio por HTTP challenge (Cloudflare intercepta). Los certificados origin de Cloudflare duran 15 años y se configuran en 2 minutos.</p> <h3> Bonus: Cloudflare como CDN gratis </h3> <p>Con el proxy activado, Cloudflare cachea automáticamente assets estáticos (JS, CSS, imágenes). El VPS solo recibe requests de API y HTML. Esto reduce significativamente el tráfico al servidor.</p> <h2> Distribución de RAM </h2> <p>Así queda la distribución en un VPS de 4GB:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>┌──────────────────────────────────────────┐ │ 4GB RAM Total │ ├──────────────────────────────────────────┤ │ OS + Docker Engine ~400MB │ │ PostgreSQL ~200-400MB │ │ Backend (1 worker) ~800MB-1.2GB │ │ Redis ≤64MB │ │ Nginx + Frontend ~30MB │ │ Libre / Buffer ~1.5-2GB │ ├──────────────────────────────────────────┤ │ Swap (2GB) emergencia │ └──────────────────────────────────────────┘ </code></pre> </div> <p>Los ~1.5-2GB libres son para:</p> <ul> <li>Cache de filesystem del OS (ayuda a PostgreSQL)</li> <li>Picos de tráfico</li> <li>Operaciones de mantenimiento (backups, builds)</li> </ul> <p><strong>Tip</strong>: Siempre configurá swap (2GB) como red de seguridad. Sin swap, el OOM killer mata procesos sin aviso cuando la RAM se llena.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>fallocate <span class="nt">-l</span> 2G /swapfile <span class="nb">chmod </span>600 /swapfile mkswap /swapfile swapon /swapfile <span class="nb">echo</span> <span class="s1">'/swapfile none swap sw 0 0'</span> <span class="o">&gt;&gt;</span> /etc/fstab </code></pre> </div> <h2> Checklist de seguridad </h2> <p>Antes de considerar el deploy "listo":</p> <ul> <li>[x] <strong>Puertos Docker solo en localhost</strong> (<code>127.0.0.1:puerto:puerto</code>)</li> <li>[x] <strong>Firewall activo</strong> (<code>ufw allow 22,80,443/tcp &amp;&amp; ufw enable</code>)</li> <li>[x] <strong>SSH solo por key</strong> (deshabilitar password auth en <code>/etc/ssh/sshd_config</code>)</li> <li>[x] <strong>.env.production</strong> fuera del repo (<code>.gitignore</code>)</li> <li>[x] <strong>Secretos nunca en compose files</strong> (usar <code>env_file</code> reference)</li> <li>[x] <strong>DB sin puerto externo</strong> (solo accesible via Docker network)</li> <li>[x] <strong>Backups automatizados</strong> con verificación periódica</li> <li>[x] <strong>Health check</strong> en el script de deploy</li> <li>[x] <strong>Swap configurado</strong> para evitar OOM kills</li> </ul> <h2> Números reales </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Métrica</th> <th>Valor</th> </tr> </thead> <tbody> <tr> <td>Tiempo de build (backend)</td> <td>~3-4 min (primera vez), ~1 min (cache)</td> </tr> <tr> <td>Tiempo de build (frontend)</td> <td>~30s</td> </tr> <tr> <td>Tiempo de deploy completo</td> <td>~2-3 min</td> </tr> <tr> <td>Downtime visible</td> <td>0s (maintenance page durante rebuild)</td> </tr> <tr> <td>Tamaño imagen backend</td> <td>~2.1GB (incluye PyTorch CPU + modelos)</td> </tr> <tr> <td>Tamaño imagen frontend</td> <td>~25MB (nginx + dist)</td> </tr> <tr> <td>RAM en uso estable</td> <td>~2-2.5GB de 4GB</td> </tr> <tr> <td>Costo mensual</td> <td>~$24 (VPS) + $0 (Cloudflare free)</td> </tr> <tr> <td>Uptime último mes</td> <td>99.8% (una caída por actualización de OS)</td> </tr> </tbody> </table></div> <h2> Lecciones aprendidas </h2> <h3> 1. Docker + firewall = cuidado </h3> <p>Docker modifica iptables directamente. Si publicás un puerto sin <code>127.0.0.1</code>, <code>ufw deny</code> no lo bloquea. Siempre usá <code>127.0.0.1:</code> en producción y dejá que Nginx sea el único punto de entrada.</p> <h3> 2. Pre-descargar modelos de ML en el build </h3> <p>Si los modelos se descargan en runtime, el primer cold start tarda un minuto. Peor: si HuggingFace tiene downtime, tu deploy falla. Pre-descargar en el Dockerfile elimina ambos problemas.</p> <h3> 3. 1 Uvicorn worker es suficiente (si es async) </h3> <p>La tentación es poner 4 workers "por las dudas". Pero cada uno carga ~500MB de modelos. Con FastAPI async, un solo worker maneja cientos de requests concurrentes. Escalá en workers solo cuando tengas evidencia de que el CPU es el cuello de botella.</p> <h3> 4. Maintenance mode &gt; zero-downtime rolling deploys </h3> <p>Para un VPS single-node, un rolling deploy requiere orquestación compleja. Una página 503 por 15 segundos es infinitamente más simple y nadie se queja — especialmente si el health check garantiza que se desactiva automáticamente.</p> <h3> 5. PostgreSQL defaults son para servidores dedicados </h3> <p>Los defaults de PostgreSQL asumen que tiene toda la RAM para sí. En un VPS compartido con otros 4 servicios, no tunear PostgreSQL es garantía de OOM kills. Los parámetros <code>shared_buffers</code>, <code>effective_cache_size</code> y <code>max_connections</code> son los primeros que hay que ajustar.</p> <h3> 6. Cloudflare origin certs &gt; Let's Encrypt </h3> <p>Con proxy activado, Let's Encrypt es más complicado de configurar y renovar. Los origin certs de Cloudflare duran 15 años, se configuran una vez y te olvidás.</p> <h2> Lo que sigue </h2> <ul> <li> <strong>Monitoring con Prometheus + Grafana</strong>: Métricas de latencia, errores, y uso de recursos (actualmente solo logs + cron)</li> <li> <strong>Backup offsite</strong>: Copiar backups a un bucket S3/R2 en vez de guardarlos solo en el mismo VPS</li> <li> <strong>Blue-green deploys</strong>: Cuando el tráfico justifique un segundo VPS</li> <li> <strong>CI/CD con GitHub Actions</strong>: Automatizar el deploy script (actualmente es un <code>./deploy.sh backend</code> manual)</li> </ul> <h2> Conclusión </h2> <p>Desplegar un sistema RAG no es como desplegar un CRUD. Los modelos de embeddings consumen RAM real, el streaming SSE necesita configuración específica en Nginx, y PostgreSQL con pgvector necesita tuning cuidadoso en servidores limitados.</p> <p>Pero tampoco necesitás Kubernetes ni un cluster de $200/mes. Un VPS de $24 con Docker Compose bien configurado, Nginx como reverse proxy, y scripts de deploy con maintenance mode + health checks es suficiente para servir miles de queries al día con latencias consistentes.</p> <p>Lo más importante: <strong>medí primero, escalá después</strong>. Empezar con 1 worker, 4GB de RAM y monitoreo básico te da toda la información que necesitás para tomar decisiones de infraestructura basadas en datos reales, no en estimaciones.</p> docker devops python postgres Martin Palopoli Tue, 17 Mar 2026 11:00:00 +0000 https://dev.to/martin_palopoli/how-i-built-a-production-rag-pipeline-with-fastapi-pgvector-and-cross-encoder-reranking-j2o https://dev.to/martin_palopoli/how-i-built-a-production-rag-pipeline-with-fastapi-pgvector-and-cross-encoder-reranking-j2o <p>I built a production RAG engine that combines <strong>hybrid search</strong> (pgvector + BM25), <strong>cross-encoder reranking</strong>, <strong>MMR diversity</strong>, <strong>semantic caching</strong> and <strong>automatic language detection</strong> — all on top of async FastAPI and PostgreSQL. This article covers the real architecture, technical decisions, and key code.</p> <h2> Why Another RAG Article </h2> <p>Most RAG tutorials stop at "embed → cosine search → prompt". That works for a demo, but in production you'll run into:</p> <ul> <li>Queries in Spanish that match English chunks (or vice versa)</li> <li>The top 10 most similar chunks come from the same document</li> <li>Semantic search fails with proper nouns or exact codes</li> <li>Repeated answers burn tokens unnecessarily</li> <li>No way to know if the answer is actually reliable</li> </ul> <p>This article shows how I solved each of these problems in a real multi-tenant system.</p> <h2> The Stack </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Component</th> <th>Technology</th> </tr> </thead> <tbody> <tr> <td>Backend</td> <td>Python 3.12 + FastAPI (100% async)</td> </tr> <tr> <td>Database</td> <td>PostgreSQL 16 + pgvector + tsvector</td> </tr> <tr> <td>Embeddings</td> <td> <code>paraphrase-multilingual-MiniLM-L12-v2</code> (384d)</td> </tr> <tr> <td>Reranker</td> <td><code>cross-encoder/ms-marco-MiniLM-L-6-v2</code></td> </tr> <tr> <td>LLM</td> <td>Groq (<code>llama-3.3-70b-versatile</code>)</td> </tr> <tr> <td>Cache</td> <td>Redis + PostgreSQL (semantic cache)</td> </tr> <tr> <td>Streaming</td> <td>Server-Sent Events (SSE)</td> </tr> </tbody> </table></div> <h2> Pipeline Architecture </h2> <p>The pipeline has <strong>3 fixed stages</strong> with pre and post filters:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User query │ ▼ ┌─────────────┐ │ FAQ Match │──→ If score ≥ 0.75: instant answer (LLM cost = 0) └─────┬───────┘ │ No match ▼ ┌─────────────┐ │ Cache Check │──→ If similarity ≥ 0.95: cached response └─────┬───────┘ │ Cache miss ▼ ┌─────────────────────────────────────┐ │ STAGE 1: Hybrid Search │ │ pgvector (semantic) + BM25 (lexical)│ │ Fusion with Reciprocal Rank Fusion │ └─────────────┬───────────────────────┘ │ ▼ ┌─────────────────────────────────────┐ │ STAGE 2: Cross-Encoder Reranking │ │ Re-evaluates actual relevance │ │ Computes confidence score │ └─────────────┬───────────────────────┘ │ ▼ ┌─────────────────────────────────────┐ │ STAGE 3: MMR (Diversity) │ │ Balances relevance vs variety │ │ Max 3 chunks per document │ └─────────────┬───────────────────────┘ │ ▼ LLM + SSE streaming </code></pre> </div> <p>Let's look at each part in detail.</p> <h2> Stage 1: Hybrid Search (Vector + BM25) </h2> <h3> The Problem with Vector-Only Search </h3> <p>Embedding-based search is excellent at capturing <strong>semantic meaning</strong>, but fails with:</p> <ul> <li>Proper nouns: "What did John Smith say?"</li> <li>Codes or IDs: "HTTP 403 error"</li> <li>Exact technical terms the embedding model doesn't know well</li> </ul> <h3> The Solution: Hybrid Search </h3> <p>I run <strong>two searches in parallel</strong> and merge the results:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">search_chunks</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">int</span><span class="p">],</span> <span class="n">embedding</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">float</span><span class="p">],</span> <span class="n">config</span><span class="p">:</span> <span class="n">RetrievalConfig</span><span class="p">):</span> <span class="c1"># Vector search (pgvector HNSW, cosine distance) </span> <span class="n">vector_results</span> <span class="o">=</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="nf">_vector_search</span><span class="p">(</span> <span class="n">embedding</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">config</span><span class="p">.</span><span class="n">candidate_k</span> <span class="p">)</span> <span class="c1"># Lexical search (PostgreSQL tsvector + ts_rank_cd) </span> <span class="n">bm25_results</span> <span class="o">=</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="nf">_bm25_search</span><span class="p">(</span> <span class="n">query</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">config</span><span class="p">.</span><span class="n">candidate_k</span> <span class="p">)</span> <span class="c1"># Fusion with Reciprocal Rank Fusion </span> <span class="n">merged</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">_rrf_merge</span><span class="p">(</span><span class="n">vector_results</span><span class="p">,</span> <span class="n">bm25_results</span><span class="p">,</span> <span class="n">config</span><span class="p">.</span><span class="n">bm25_weight</span><span class="p">)</span> <span class="k">return</span> <span class="n">merged</span> </code></pre> </div> <h3> Reciprocal Rank Fusion (RRF) </h3> <p>RRF is elegant in its simplicity. Instead of comparing scores from different systems (which have different scales), it uses <strong>ranking positions</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_rrf_merge</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">vector_results</span><span class="p">,</span> <span class="n">bm25_results</span><span class="p">,</span> <span class="n">bm25_weight</span><span class="o">=</span><span class="mf">0.3</span><span class="p">):</span> <span class="n">k</span> <span class="o">=</span> <span class="mi">60</span> <span class="c1"># Smoothing constant </span> <span class="n">vector_weight</span> <span class="o">=</span> <span class="mf">1.0</span> <span class="o">-</span> <span class="n">bm25_weight</span> <span class="n">scores</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">for</span> <span class="n">rank</span><span class="p">,</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="nf">enumerate</span><span class="p">(</span><span class="n">vector_results</span><span class="p">):</span> <span class="n">scores</span><span class="p">[</span><span class="n">chunk</span><span class="p">.</span><span class="nb">id</span><span class="p">]</span> <span class="o">=</span> <span class="n">vector_weight</span> <span class="o">/</span> <span class="p">(</span><span class="n">k</span> <span class="o">+</span> <span class="n">rank</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="k">for</span> <span class="n">rank</span><span class="p">,</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="nf">enumerate</span><span class="p">(</span><span class="n">bm25_results</span><span class="p">):</span> <span class="n">scores</span><span class="p">[</span><span class="n">chunk</span><span class="p">.</span><span class="nb">id</span><span class="p">]</span> <span class="o">=</span> <span class="n">scores</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">chunk</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="o">+</span> <span class="n">bm25_weight</span> <span class="o">/</span> <span class="p">(</span><span class="n">k</span> <span class="o">+</span> <span class="n">rank</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="k">return</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">scores</span><span class="p">.</span><span class="nf">items</span><span class="p">(),</span> <span class="n">key</span><span class="o">=</span><span class="k">lambda</span> <span class="n">x</span><span class="p">:</span> <span class="n">x</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="n">reverse</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p><strong>Why <code>k=60</code>?</strong> It prevents the #1 chunk from having a disproportionately high score relative to #2. With <code>k=60</code>, the difference between position 1 and 2 is minimal, making the fusion more stable.</p> <p><strong>Why 70/30?</strong> In my tests, semantic search is more robust for most queries. The 30% BM25 rescues the cases where you need exact lexical matching. This is configurable per Knowledge Base.</p> <h3> BM25 with Fallback </h3> <p>An important detail: BM25 search first tries an AND query, and if it finds no results, falls back to OR:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># First: AND (all terms must be present) </span><span class="n">ts_query</span> <span class="o">=</span> <span class="n">func</span><span class="p">.</span><span class="nf">plainto_tsquery</span><span class="p">(</span><span class="sh">'</span><span class="s">spanish</span><span class="sh">'</span><span class="p">,</span> <span class="n">query</span><span class="p">)</span> <span class="c1"># If no results: OR (any term) </span><span class="n">words</span> <span class="o">=</span> <span class="p">[</span><span class="n">w</span> <span class="k">for</span> <span class="n">w</span> <span class="ow">in</span> <span class="n">query</span><span class="p">.</span><span class="nf">split</span><span class="p">()</span> <span class="k">if</span> <span class="n">w</span><span class="p">.</span><span class="nf">lower</span><span class="p">()</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">STOP_WORDS</span><span class="p">]</span> <span class="n">or_query</span> <span class="o">=</span> <span class="sh">"</span><span class="s"> | </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">words</span><span class="p">)</span> <span class="n">ts_query</span> <span class="o">=</span> <span class="n">func</span><span class="p">.</span><span class="nf">to_tsquery</span><span class="p">(</span><span class="sh">'</span><span class="s">spanish</span><span class="sh">'</span><span class="p">,</span> <span class="n">or_query</span><span class="p">)</span> </code></pre> </div> <h2> Stage 2: Cross-Encoder Reranking </h2> <h3> Why Embeddings Aren't Enough </h3> <p>Bi-encoder embeddings (like MiniLM) encode query and document <strong>separately</strong>. They're fast but miss subtle interactions between query and chunk words.</p> <p>A cross-encoder processes <strong>query + chunk together</strong> as a single input, capturing cross-attention relationships. It's slower but significantly more accurate.</p> <h3> Implementation </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sentence_transformers</span> <span class="kn">import</span> <span class="n">CrossEncoder</span> <span class="n">reranker</span> <span class="o">=</span> <span class="nc">CrossEncoder</span><span class="p">(</span><span class="sh">"</span><span class="s">cross-encoder/ms-marco-MiniLM-L-6-v2</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">rerank</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">candidates</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">]:</span> <span class="n">pairs</span> <span class="o">=</span> <span class="p">[(</span><span class="n">query</span><span class="p">,</span> <span class="n">c</span><span class="p">[</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">])</span> <span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">candidates</span><span class="p">]</span> <span class="n">scores</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">reranker</span><span class="p">.</span><span class="nf">predict</span><span class="p">(</span><span class="n">pairs</span><span class="p">)</span> <span class="k">for</span> <span class="n">candidate</span><span class="p">,</span> <span class="n">score</span> <span class="ow">in</span> <span class="nf">zip</span><span class="p">(</span><span class="n">candidates</span><span class="p">,</span> <span class="n">scores</span><span class="p">):</span> <span class="n">candidate</span><span class="p">[</span><span class="sh">"</span><span class="s">rerank_score</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="nf">float</span><span class="p">(</span><span class="n">score</span><span class="p">)</span> <span class="c1"># Sort by rerank_score descending </span> <span class="k">return</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">candidates</span><span class="p">,</span> <span class="n">key</span><span class="o">=</span><span class="k">lambda</span> <span class="n">x</span><span class="p">:</span> <span class="n">x</span><span class="p">[</span><span class="sh">"</span><span class="s">rerank_score</span><span class="sh">"</span><span class="p">],</span> <span class="n">reverse</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p>We reduce from ~60 candidates (RRF output) to the <strong>top 15</strong> after reranking.</p> <h3> Confidence Score: How Reliable Is the Answer? </h3> <p>Using cross-encoder scores, I compute a <strong>confidence score</strong> that indicates how confident we are that the retrieved chunks are relevant:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">math</span> <span class="kn">import</span> <span class="n">exp</span> <span class="k">def</span> <span class="nf">compute_confidence</span><span class="p">(</span><span class="n">sources</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">float</span><span class="p">:</span> <span class="n">scores</span> <span class="o">=</span> <span class="nf">sorted</span><span class="p">([</span><span class="n">s</span><span class="p">[</span><span class="sh">"</span><span class="s">rerank_score</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">sources</span><span class="p">],</span> <span class="n">reverse</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">max_score</span> <span class="o">=</span> <span class="n">scores</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="n">top3_avg</span> <span class="o">=</span> <span class="nf">sum</span><span class="p">(</span><span class="n">scores</span><span class="p">[:</span><span class="mi">3</span><span class="p">])</span> <span class="o">/</span> <span class="nf">min</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">scores</span><span class="p">),</span> <span class="mi">3</span><span class="p">)</span> <span class="n">median</span> <span class="o">=</span> <span class="n">scores</span><span class="p">[</span><span class="nf">len</span><span class="p">(</span><span class="n">scores</span><span class="p">)</span> <span class="o">//</span> <span class="mi">2</span><span class="p">]</span> <span class="c1"># Blend: 40% best score, 30% top-3 average, 30% median </span> <span class="n">blended</span> <span class="o">=</span> <span class="mf">0.4</span> <span class="o">*</span> <span class="n">max_score</span> <span class="o">+</span> <span class="mf">0.3</span> <span class="o">*</span> <span class="n">top3_avg</span> <span class="o">+</span> <span class="mf">0.3</span> <span class="o">*</span> <span class="n">median</span> <span class="c1"># Sigmoid → [0, 1] </span> <span class="k">return</span> <span class="mf">1.0</span> <span class="o">/</span> <span class="p">(</span><span class="mf">1.0</span> <span class="o">+</span> <span class="nf">exp</span><span class="p">(</span><span class="o">-</span><span class="n">blended</span><span class="p">))</span> </code></pre> </div> <p><strong>Why a blend and not just the max?</strong> If the best chunk scores 0.9 but the rest are at -0.5, the answer is probably weak — a single good chunk doesn't compensate for bad context. The blend captures the <strong>overall quality</strong> of the retrieved context.</p> <p>The confidence score is sent to the frontend, which uses it to:</p> <ul> <li>Display visual confidence indicators</li> <li>Decide whether to suggest alternative FAQs</li> <li>Trigger automatic escalation when below threshold</li> </ul> <h2> Stage 3: MMR (Maximum Marginal Relevance) </h2> <h3> The Redundancy Problem </h3> <p>Without MMR, the top 10 most relevant chunks could come <strong>from the same document</strong> or be consecutive paragraphs saying essentially the same thing. That wastes LLM context.</p> <h3> The Formula </h3> <div class="highlight js-code-highlight"> <pre class="highlight mathematica"><code><span class="nv">MMR</span><span class="p">(</span><span class="nv">chunk</span><span class="p">)</span><span class="w"> </span><span class="o">=</span><span class="w"> </span><span class="err">λ</span><span class="w"> </span><span class="err">×</span><span class="w"> </span><span class="nv">relevance</span><span class="p">(</span><span class="nv">chunk</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="p">(</span><span class="m">1</span><span class="o">-</span><span class="err">λ</span><span class="p">)</span><span class="w"> </span><span class="err">×</span><span class="w"> </span><span class="nv">max</span><span class="o">_</span><span class="nv">similarity</span><span class="p">(</span><span class="nv">chunk</span><span class="o">,</span><span class="w"> </span><span class="nv">already</span><span class="o">_</span><span class="nv">selected</span><span class="p">)</span><span class="w"> </span><span class="o">-</span><span class="w"> </span><span class="nv">document</span><span class="o">_</span><span class="nv">penalty</span><span class="w"> </span></code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_mmr_select</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">candidates</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">config</span><span class="p">):</span> <span class="n">selected</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">remaining</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="n">candidates</span><span class="p">)</span> <span class="n">lambda_param</span> <span class="o">=</span> <span class="n">config</span><span class="p">.</span><span class="n">lambda_param</span> <span class="c1"># Default: 0.6 </span> <span class="n">doc_counts</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">config</span><span class="p">.</span><span class="n">top_k</span><span class="p">):</span> <span class="c1"># Default: 10 </span> <span class="n">best_score</span> <span class="o">=</span> <span class="o">-</span><span class="nf">float</span><span class="p">(</span><span class="sh">'</span><span class="s">inf</span><span class="sh">'</span><span class="p">)</span> <span class="n">best_idx</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">i</span><span class="p">,</span> <span class="n">candidate</span> <span class="ow">in</span> <span class="nf">enumerate</span><span class="p">(</span><span class="n">remaining</span><span class="p">):</span> <span class="c1"># Relevance to query </span> <span class="n">relevance</span> <span class="o">=</span> <span class="nf">cosine_similarity</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">,</span> <span class="n">candidate</span><span class="p">[</span><span class="sh">"</span><span class="s">embedding</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># Max similarity with already selected chunks </span> <span class="n">max_sim</span> <span class="o">=</span> <span class="nf">max</span><span class="p">(</span> <span class="p">(</span><span class="nf">cosine_similarity</span><span class="p">(</span><span class="n">candidate</span><span class="p">[</span><span class="sh">"</span><span class="s">embedding</span><span class="sh">"</span><span class="p">],</span> <span class="n">s</span><span class="p">[</span><span class="sh">"</span><span class="s">embedding</span><span class="sh">"</span><span class="p">])</span> <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">selected</span><span class="p">),</span> <span class="n">default</span><span class="o">=</span><span class="mi">0</span> <span class="p">)</span> <span class="c1"># Penalty for repeated document </span> <span class="n">doc_name</span> <span class="o">=</span> <span class="n">candidate</span><span class="p">[</span><span class="sh">"</span><span class="s">document_name</span><span class="sh">"</span><span class="p">]</span> <span class="n">penalty</span> <span class="o">=</span> <span class="n">doc_counts</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">doc_name</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="o">*</span> <span class="mf">0.1</span> <span class="c1"># Hard cap: max 3 chunks per document </span> <span class="k">if</span> <span class="n">doc_counts</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">doc_name</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="o">&gt;=</span> <span class="n">config</span><span class="p">.</span><span class="n">max_per_doc</span><span class="p">:</span> <span class="k">continue</span> <span class="n">score</span> <span class="o">=</span> <span class="n">lambda_param</span> <span class="o">*</span> <span class="n">relevance</span> <span class="o">-</span> <span class="p">(</span><span class="mi">1</span> <span class="o">-</span> <span class="n">lambda_param</span><span class="p">)</span> <span class="o">*</span> <span class="n">max_sim</span> <span class="o">-</span> <span class="n">penalty</span> <span class="k">if</span> <span class="n">score</span> <span class="o">&gt;</span> <span class="n">best_score</span><span class="p">:</span> <span class="n">best_score</span> <span class="o">=</span> <span class="n">score</span> <span class="n">best_idx</span> <span class="o">=</span> <span class="n">i</span> <span class="n">chosen</span> <span class="o">=</span> <span class="n">remaining</span><span class="p">.</span><span class="nf">pop</span><span class="p">(</span><span class="n">best_idx</span><span class="p">)</span> <span class="n">selected</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">chosen</span><span class="p">)</span> <span class="n">doc_counts</span><span class="p">[</span><span class="n">chosen</span><span class="p">[</span><span class="sh">"</span><span class="s">document_name</span><span class="sh">"</span><span class="p">]]</span> <span class="o">=</span> <span class="n">doc_counts</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">chosen</span><span class="p">[</span><span class="sh">"</span><span class="s">document_name</span><span class="sh">"</span><span class="p">],</span> <span class="mi">0</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span> <span class="k">return</span> <span class="n">selected</span> </code></pre> </div> <p><strong><code>λ = 0.6</code></strong> means 60% relevance, 40% diversity. It's the sweet spot I found: enough diversity to avoid repetition, but without sacrificing truly relevant chunks.</p> <h2> Semantic Cache: Don't Repeat Work </h2> <h3> The Concept </h3> <p>If someone asks "How do I reset my password?" and 2 hours ago another user asked "How can I change my password?", the answer is the same. Why run the entire pipeline again?</p> <h3> Implementation </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">lookup_cache</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">config_hash</span><span class="p">):</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="nf">select</span><span class="p">(</span><span class="n">ResponseCache</span><span class="p">)</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span> <span class="n">ResponseCache</span><span class="p">.</span><span class="n">tenant_id</span> <span class="o">==</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">ResponseCache</span><span class="p">.</span><span class="n">rag_config_hash</span> <span class="o">==</span> <span class="n">config_hash</span><span class="p">,</span> <span class="n">ResponseCache</span><span class="p">.</span><span class="n">expires_at</span> <span class="o">&gt;</span> <span class="n">func</span><span class="p">.</span><span class="nf">now</span><span class="p">(),</span> <span class="p">)</span> <span class="p">.</span><span class="nf">order_by</span><span class="p">(</span> <span class="n">ResponseCache</span><span class="p">.</span><span class="n">query_embedding</span><span class="p">.</span><span class="nf">cosine_distance</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">)</span> <span class="p">)</span> <span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">)</span> <span class="n">cache_entry</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">scalar_one_or_none</span><span class="p">()</span> <span class="k">if</span> <span class="n">cache_entry</span><span class="p">:</span> <span class="n">similarity</span> <span class="o">=</span> <span class="mi">1</span> <span class="o">-</span> <span class="nf">cosine_distance</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">,</span> <span class="n">cache_entry</span><span class="p">.</span><span class="n">query_embedding</span><span class="p">)</span> <span class="k">if</span> <span class="n">similarity</span> <span class="o">&gt;=</span> <span class="mf">0.95</span><span class="p">:</span> <span class="k">return</span> <span class="n">cache_entry</span> <span class="c1"># Cache hit </span> <span class="k">return</span> <span class="bp">None</span> <span class="c1"># Cache miss → run full pipeline </span></code></pre> </div> <h3> Key Decisions </h3> <ul> <li> <strong>Threshold 0.95</strong>: Very high on purpose. I'd rather have a cache miss than serve an incorrect answer.</li> <li> <strong>Config hash</strong>: Cache is invalidated if RAG parameters change. Changing <code>top_k</code> from 10 to 5 produces different answers.</li> <li> <strong>Fire-and-forget store</strong>: After generating the LLM response, I save to cache without blocking the stream.</li> <li> <strong>TTL 7 days</strong>: Configurable per KB. Documents that change often can use a shorter TTL.</li> <li> <strong>Proactive invalidation</strong>: When a document is uploaded or reprocessed, the cache for that KB is invalidated. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Store (doesn't block the response) </span><span class="k">async</span> <span class="k">def</span> <span class="nf">store_cache</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">response</span><span class="p">,</span> <span class="n">sources</span><span class="p">,</span> <span class="n">confidence</span><span class="p">,</span> <span class="p">...):</span> <span class="k">if</span> <span class="n">confidence</span> <span class="o">&lt;</span> <span class="n">config</span><span class="p">.</span><span class="n">min_confidence</span><span class="p">:</span> <span class="k">return</span> <span class="c1"># Don't cache low-confidence answers </span> <span class="n">cache_entry</span> <span class="o">=</span> <span class="nc">ResponseCache</span><span class="p">(</span> <span class="n">query_embedding</span><span class="o">=</span><span class="n">query_embedding</span><span class="p">,</span> <span class="n">response_text</span><span class="o">=</span><span class="n">response</span><span class="p">,</span> <span class="n">sources</span><span class="o">=</span><span class="n">sources</span><span class="p">,</span> <span class="n">confidence</span><span class="o">=</span><span class="n">confidence</span><span class="p">,</span> <span class="n">rag_config_hash</span><span class="o">=</span><span class="n">config_hash</span><span class="p">,</span> <span class="n">expires_at</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">()</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">hours</span><span class="o">=</span><span class="n">config</span><span class="p">.</span><span class="n">cache_ttl_hours</span><span class="p">),</span> <span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">cache_entry</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <h2> FAQ Match: The Most Valuable Shortcut </h2> <p>Before the entire pipeline, I check if there's a FAQ whose embedding is similar enough to the query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">match_faq</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">threshold</span><span class="o">=</span><span class="mf">0.75</span><span class="p">):</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="nf">select</span><span class="p">(</span><span class="n">FAQ</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">FAQ</span><span class="p">.</span><span class="n">question</span><span class="p">,</span> <span class="n">FAQ</span><span class="p">.</span><span class="n">answer</span><span class="p">,</span> <span class="p">(</span><span class="mi">1</span> <span class="o">-</span> <span class="n">FAQ</span><span class="p">.</span><span class="n">embedding</span><span class="p">.</span><span class="nf">cosine_distance</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">)).</span><span class="nf">label</span><span class="p">(</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">))</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="n">FAQ</span><span class="p">.</span><span class="n">knowledge_base_id</span><span class="p">.</span><span class="nf">in_</span><span class="p">(</span><span class="n">kb_ids</span><span class="p">),</span> <span class="n">FAQ</span><span class="p">.</span><span class="n">is_active</span> <span class="o">==</span> <span class="bp">True</span><span class="p">)</span> <span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="n">FAQ</span><span class="p">.</span><span class="n">embedding</span><span class="p">.</span><span class="nf">cosine_distance</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">))</span> <span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">)</span> <span class="n">faq</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="n">faq</span> <span class="ow">and</span> <span class="n">faq</span><span class="p">.</span><span class="n">score</span> <span class="o">&gt;=</span> <span class="n">threshold</span><span class="p">:</span> <span class="c1"># Increment hit_count atomically </span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="nf">update</span><span class="p">(</span><span class="n">FAQ</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span><span class="n">FAQ</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">faq</span><span class="p">.</span><span class="nb">id</span><span class="p">)</span> <span class="p">.</span><span class="nf">values</span><span class="p">(</span><span class="n">hit_count</span><span class="o">=</span><span class="n">FAQ</span><span class="p">.</span><span class="n">hit_count</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="p">)</span> <span class="k">return</span> <span class="n">faq</span> <span class="k">return</span> <span class="bp">None</span> </code></pre> </div> <p><strong>Why is this so valuable?</strong></p> <ul> <li> <strong>Zero cost</strong>: No LLM call, no token consumption</li> <li> <strong>Minimal latency</strong>: A single SQL query with HNSW index</li> <li> <strong>Curated answers</strong>: FAQs are written by humans, always correct</li> <li> <strong>Always available</strong>: Even when the user has exhausted their monthly LLM query quota, FAQs keep working</li> </ul> <h2> Language Detection Without External APIs </h2> <p>The system supports Spanish, English, and Portuguese. Instead of calling a detection API (extra latency + cost), I use heuristic detection:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">EN_WORDS</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">how</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">what</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">the</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">is</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">can</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">do</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">where</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">when</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">why</span><span class="sh">"</span><span class="p">,</span> <span class="p">...}</span> <span class="c1"># 60+ </span><span class="n">PT_WORDS</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">como</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">onde</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">você</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">qual</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">para</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">não</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">uma</span><span class="sh">"</span><span class="p">,</span> <span class="p">...}</span> <span class="c1"># 45+ </span><span class="n">ES_WORDS</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">qué</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">cómo</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">dónde</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">ayuda</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">puedo</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">quiero</span><span class="sh">"</span><span class="p">,</span> <span class="p">...}</span> <span class="c1"># 40+ </span> <span class="k">def</span> <span class="nf">detect_language</span><span class="p">(</span><span class="n">query</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">words</span> <span class="o">=</span> <span class="nf">set</span><span class="p">(</span><span class="n">query</span><span class="p">.</span><span class="nf">lower</span><span class="p">().</span><span class="nf">split</span><span class="p">())</span> <span class="n">scores</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">en</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">words</span> <span class="o">&amp;</span> <span class="n">EN_WORDS</span><span class="p">),</span> <span class="sh">"</span><span class="s">pt</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">words</span> <span class="o">&amp;</span> <span class="n">PT_WORDS</span><span class="p">),</span> <span class="sh">"</span><span class="s">es</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">words</span> <span class="o">&amp;</span> <span class="n">ES_WORDS</span><span class="p">),</span> <span class="p">}</span> <span class="n">best</span> <span class="o">=</span> <span class="nf">max</span><span class="p">(</span><span class="n">scores</span><span class="p">,</span> <span class="n">key</span><span class="o">=</span><span class="n">scores</span><span class="p">.</span><span class="n">get</span><span class="p">)</span> <span class="k">return</span> <span class="n">best</span> <span class="k">if</span> <span class="n">scores</span><span class="p">[</span><span class="n">best</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="mi">2</span> <span class="k">else</span> <span class="sh">"</span><span class="s">es</span><span class="sh">"</span> <span class="c1"># Default: Spanish </span></code></pre> </div> <p><strong>Is it perfect?</strong> No. But it has zero latency, no external dependencies, and for short queries of 5-15 words it works surprisingly well. The detected language is injected into the LLM's system prompt so it responds in the same language.</p> <h2> Smart Routing: Automatically Choosing the Right KB </h2> <p>When a tenant has multiple Knowledge Bases (e.g., "Sales", "Technical Support", "HR"), the user shouldn't have to manually choose where to search.</p> <h3> KB Centroids </h3> <p>For each KB, I compute the <strong>centroid</strong> (average of all chunk embeddings):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="k">AVG</span><span class="p">(</span><span class="n">embedding</span><span class="p">)::</span><span class="nb">text</span> <span class="k">AS</span> <span class="n">centroid</span> <span class="k">FROM</span> <span class="n">chunks</span> <span class="k">WHERE</span> <span class="n">knowledge_base_id</span> <span class="o">=</span> <span class="p">:</span><span class="n">kb_id</span> </code></pre> </div> <h3> Similarity-Based Routing </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">route_query</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">available_kbs</span><span class="p">):</span> <span class="n">scores</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">kb</span> <span class="ow">in</span> <span class="n">available_kbs</span><span class="p">:</span> <span class="n">centroid</span> <span class="o">=</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="nf">_get_centroid</span><span class="p">(</span><span class="n">kb</span><span class="p">.</span><span class="nb">id</span><span class="p">)</span> <span class="c1"># Redis cache 24h </span> <span class="n">similarity</span> <span class="o">=</span> <span class="nf">cosine_similarity</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">,</span> <span class="n">centroid</span><span class="p">)</span> <span class="k">if</span> <span class="n">similarity</span> <span class="o">&gt;=</span> <span class="mf">0.15</span><span class="p">:</span> <span class="c1"># Minimum threshold </span> <span class="n">scores</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="n">kb</span><span class="p">,</span> <span class="n">similarity</span><span class="p">))</span> <span class="c1"># Top 3 most relevant KBs </span> <span class="n">scores</span><span class="p">.</span><span class="nf">sort</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="k">lambda</span> <span class="n">x</span><span class="p">:</span> <span class="n">x</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="n">reverse</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="p">[</span><span class="n">kb</span> <span class="k">for</span> <span class="n">kb</span><span class="p">,</span> <span class="n">_</span> <span class="ow">in</span> <span class="n">scores</span><span class="p">[:</span><span class="mi">3</span><span class="p">]]</span> </code></pre> </div> <p>If no KB exceeds the threshold, search across all of them (safe fallback).</p> <h2> Numbers That Matter </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Metric</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>Initial candidates per branch</td> <td>30 (vector) + 30 (BM25)</td> </tr> <tr> <td>After RRF merge</td> <td>~40-60 unique</td> </tr> <tr> <td>After reranking</td> <td>Top 15</td> </tr> <tr> <td>After MMR</td> <td>Top 10 (max 3 per doc)</td> </tr> <tr> <td>Embedding dimensions</td> <td>384</td> </tr> <tr> <td>FAQ threshold</td> <td>0.75</td> </tr> <tr> <td>Cache threshold</td> <td>0.95</td> </tr> <tr> <td>Cache TTL</td> <td>7 days</td> </tr> <tr> <td>FAQ match latency</td> <td>~15ms</td> </tr> <tr> <td>Full pipeline latency</td> <td>~2-4s</td> </tr> <tr> <td>Savings per cache hit</td> <td>~90% latency, 100% LLM tokens</td> </tr> </tbody> </table></div> <h2> Lessons Learned </h2> <h3> 1. The Cross-Encoder Is Worth It </h3> <p>The quality difference between using embeddings alone vs. embeddings + cross-encoder reranking is enormous. Bi-encoder embeddings are good for recall (finding candidates), but the cross-encoder is much better for precision (ranking by actual relevance).</p> <h3> 2. BM25 Isn't Dead </h3> <p>For queries with proper nouns, error codes, or specific technical terms, BM25 regularly outperforms vector search. The hybrid combination is strictly better than either one alone.</p> <h3> 3. MMR Is More Important Than It Seems </h3> <p>Without MMR diversity, the LLM receives redundant context and produces answers that orbit around a single point. With MMR, answers are more complete and cover different angles of the topic.</p> <h3> 4. Semantic Cache Requires a High Threshold </h3> <p>At 0.90 I had problems with incorrect answers being served from cache. 0.95 is the sweet spot: enough to cache obvious reformulations, but not so low as to match queries that actually need different answers.</p> <h3> 5. FAQs Are Your Best Investment </h3> <p>Every FAQ you add is a perfect answer served in 15ms with zero LLM cost. I implemented auto-generation of suggested FAQs from frequent unanswered queries, which the admin can approve with a single click.</p> <h2> What's Next </h2> <ul> <li> <strong>Evaluation framework</strong>: Automatic quality metrics (faithfulness, relevance) with evaluation datasets per KB</li> <li> <strong>Chunk contextualization</strong>: Using the LLM to add document context to chunks before indexing</li> <li> <strong>Late interaction models</strong> (ColBERT): Better than cross-encoder for high volumes</li> </ul> <h2> Conclusion </h2> <p>A production RAG pipeline is not "embed + search + prompt". It's a multi-stage system where each component solves a specific weakness of the previous one. Hybrid search covers semantic and lexical gaps, the cross-encoder ranks by actual relevance, MMR ensures diversity, cache eliminates redundant work, and FAQs shortcut when the answer already exists.</p> <p>Most importantly: <strong>everything is configurable per Knowledge Base</strong>. There's no universal set of parameters — each knowledge domain has its own characteristics and needs different tuning.</p> <p><em>If you're working on production RAG, drop a comment with your biggest challenge. And if this article was useful, a like helps it reach more people.</em></p> rag python ai postgres Martin Palopoli Thu, 12 Mar 2026 16:50:00 +0000 https://dev.to/martin_palopoli/como-construi-un-pipeline-rag-de-produccion-con-fastapi-pgvector-y-cross-encoder-reranking-4f3c https://dev.to/martin_palopoli/como-construi-un-pipeline-rag-de-produccion-con-fastapi-pgvector-y-cross-encoder-reranking-4f3c <p>Construí un motor RAG de producción que combina <strong>búsqueda híbrida</strong> (pgvector + BM25), <strong>reranking con cross-encoder</strong>, <strong>diversidad MMR</strong>, <strong>cache semántico</strong> y <strong>detección automática de idioma</strong> — todo sobre FastAPI async y PostgreSQL. En este artículo comparto la arquitectura real, las decisiones técnicas, y el código clave.</p> <h2> Por qué otro artículo sobre RAG </h2> <p>La mayoría de los tutoriales RAG se quedan en "embed → cosine search → prompt". Eso funciona para una demo, pero en producción te vas a encontrar con:</p> <ul> <li>Queries en español que matchean chunks en inglés (o viceversa)</li> <li>Los 10 chunks más similares vienen del mismo documento</li> <li>La búsqueda semántica falla con nombres propios o códigos exactos</li> <li>Respuestas repetidas consumen tokens innecesariamente</li> <li>No tenés forma de saber si la respuesta es confiable o no</li> </ul> <p>Este artículo muestra cómo resolví cada uno de esos problemas en un sistema real multi-tenant.</p> <h2> El stack </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Componente</th> <th>Tecnología</th> </tr> </thead> <tbody> <tr> <td>Backend</td> <td>Python 3.12 + FastAPI (100% async)</td> </tr> <tr> <td>Base de datos</td> <td>PostgreSQL 16 + pgvector + tsvector</td> </tr> <tr> <td>Embeddings</td> <td> <code>paraphrase-multilingual-MiniLM-L12-v2</code> (384d)</td> </tr> <tr> <td>Reranker</td> <td><code>cross-encoder/ms-marco-MiniLM-L-6-v2</code></td> </tr> <tr> <td>LLM</td> <td>Groq (<code>llama-3.3-70b-versatile</code>)</td> </tr> <tr> <td>Cache</td> <td>Redis + PostgreSQL (cache semántico)</td> </tr> <tr> <td>Streaming</td> <td>Server-Sent Events (SSE)</td> </tr> </tbody> </table></div> <h2> Arquitectura del pipeline </h2> <p>El pipeline tiene <strong>3 etapas fijas</strong> con filtros pre y post:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Query del usuario │ ▼ ┌─────────────┐ │ FAQ Match │──→ Si score ≥ 0.75: respuesta instantánea (costo LLM = 0) └─────┬───────┘ │ No match ▼ ┌─────────────┐ │ Cache Check │──→ Si similaridad ≥ 0.95: respuesta cacheada └─────┬───────┘ │ Cache miss ▼ ┌─────────────────────────────────────┐ │ ETAPA 1: Búsqueda Híbrida │ │ pgvector (semántica) + BM25 (léxica)│ │ Fusión con Reciprocal Rank Fusion │ └─────────────┬───────────────────────┘ │ ▼ ┌─────────────────────────────────────┐ │ ETAPA 2: Cross-Encoder Reranking │ │ Re-evalúa relevancia real │ │ Calcula confidence score │ └─────────────┬───────────────────────┘ │ ▼ ┌─────────────────────────────────────┐ │ ETAPA 3: MMR (Diversidad) │ │ Balancea relevancia vs variedad │ │ Máx 3 chunks por documento │ └─────────────┬───────────────────────┘ │ ▼ LLM + SSE streaming </code></pre> </div> <p>Veamos cada parte en detalle.</p> <h2> Etapa 1: Búsqueda Híbrida (Vector + BM25) </h2> <h3> El problema con solo búsqueda vectorial </h3> <p>La búsqueda por embeddings es excelente para capturar <strong>significado semántico</strong>, pero falla con:</p> <ul> <li>Nombres propios: "¿Qué dijo Juan Pérez?"</li> <li>Códigos o IDs: "Error HTTP 403"</li> <li>Términos técnicos exactos que el modelo de embeddings no conoce bien</li> </ul> <h3> La solución: búsqueda híbrida </h3> <p>Ejecuto <strong>dos búsquedas en paralelo</strong> y fusiono los resultados:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">search_chunks</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">int</span><span class="p">],</span> <span class="n">embedding</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">float</span><span class="p">],</span> <span class="n">config</span><span class="p">:</span> <span class="n">RetrievalConfig</span><span class="p">):</span> <span class="c1"># Búsqueda vectorial (pgvector HNSW, distancia coseno) </span> <span class="n">vector_results</span> <span class="o">=</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="nf">_vector_search</span><span class="p">(</span> <span class="n">embedding</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">config</span><span class="p">.</span><span class="n">candidate_k</span> <span class="p">)</span> <span class="c1"># Búsqueda léxica (PostgreSQL tsvector + ts_rank_cd) </span> <span class="n">bm25_results</span> <span class="o">=</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="nf">_bm25_search</span><span class="p">(</span> <span class="n">query</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">config</span><span class="p">.</span><span class="n">candidate_k</span> <span class="p">)</span> <span class="c1"># Fusión con Reciprocal Rank Fusion </span> <span class="n">merged</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="nf">_rrf_merge</span><span class="p">(</span><span class="n">vector_results</span><span class="p">,</span> <span class="n">bm25_results</span><span class="p">,</span> <span class="n">config</span><span class="p">.</span><span class="n">bm25_weight</span><span class="p">)</span> <span class="k">return</span> <span class="n">merged</span> </code></pre> </div> <h3> Reciprocal Rank Fusion (RRF) </h3> <p>RRF es elegante en su simplicidad. En vez de comparar scores de sistemas diferentes (que tienen escalas distintas), usa <strong>posiciones en el ranking</strong>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_rrf_merge</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">vector_results</span><span class="p">,</span> <span class="n">bm25_results</span><span class="p">,</span> <span class="n">bm25_weight</span><span class="o">=</span><span class="mf">0.3</span><span class="p">):</span> <span class="n">k</span> <span class="o">=</span> <span class="mi">60</span> <span class="c1"># Constante de suavizado </span> <span class="n">vector_weight</span> <span class="o">=</span> <span class="mf">1.0</span> <span class="o">-</span> <span class="n">bm25_weight</span> <span class="n">scores</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">for</span> <span class="n">rank</span><span class="p">,</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="nf">enumerate</span><span class="p">(</span><span class="n">vector_results</span><span class="p">):</span> <span class="n">scores</span><span class="p">[</span><span class="n">chunk</span><span class="p">.</span><span class="nb">id</span><span class="p">]</span> <span class="o">=</span> <span class="n">vector_weight</span> <span class="o">/</span> <span class="p">(</span><span class="n">k</span> <span class="o">+</span> <span class="n">rank</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="k">for</span> <span class="n">rank</span><span class="p">,</span> <span class="n">chunk</span> <span class="ow">in</span> <span class="nf">enumerate</span><span class="p">(</span><span class="n">bm25_results</span><span class="p">):</span> <span class="n">scores</span><span class="p">[</span><span class="n">chunk</span><span class="p">.</span><span class="nb">id</span><span class="p">]</span> <span class="o">=</span> <span class="n">scores</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">chunk</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="o">+</span> <span class="n">bm25_weight</span> <span class="o">/</span> <span class="p">(</span><span class="n">k</span> <span class="o">+</span> <span class="n">rank</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="k">return</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">scores</span><span class="p">.</span><span class="nf">items</span><span class="p">(),</span> <span class="n">key</span><span class="o">=</span><span class="k">lambda</span> <span class="n">x</span><span class="p">:</span> <span class="n">x</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="n">reverse</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p><strong>¿Por qué <code>k=60</code>?</strong> Evita que el chunk #1 tenga un score desproporcionadamente alto respecto al #2. Con <code>k=60</code>, la diferencia entre posición 1 y 2 es mínima, lo que hace la fusión más estable.</p> <p><strong>¿Por qué 70/30?</strong> En mis pruebas, la búsqueda semántica es más robusta para la mayoría de queries. El 30% de BM25 rescata los casos donde necesitás match léxico exacto. Esto es configurable por Knowledge Base.</p> <h3> BM25 con fallback </h3> <p>Un detalle importante: la búsqueda BM25 primero intenta un AND query, y si no encuentra resultados, hace fallback a OR:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Primero: AND (todos los términos deben estar presentes) </span><span class="n">ts_query</span> <span class="o">=</span> <span class="n">func</span><span class="p">.</span><span class="nf">plainto_tsquery</span><span class="p">(</span><span class="sh">'</span><span class="s">spanish</span><span class="sh">'</span><span class="p">,</span> <span class="n">query</span><span class="p">)</span> <span class="c1"># Si no hay resultados: OR (cualquier término) </span><span class="n">words</span> <span class="o">=</span> <span class="p">[</span><span class="n">w</span> <span class="k">for</span> <span class="n">w</span> <span class="ow">in</span> <span class="n">query</span><span class="p">.</span><span class="nf">split</span><span class="p">()</span> <span class="k">if</span> <span class="n">w</span><span class="p">.</span><span class="nf">lower</span><span class="p">()</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">STOP_WORDS</span><span class="p">]</span> <span class="n">or_query</span> <span class="o">=</span> <span class="sh">"</span><span class="s"> | </span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="n">words</span><span class="p">)</span> <span class="n">ts_query</span> <span class="o">=</span> <span class="n">func</span><span class="p">.</span><span class="nf">to_tsquery</span><span class="p">(</span><span class="sh">'</span><span class="s">spanish</span><span class="sh">'</span><span class="p">,</span> <span class="n">or_query</span><span class="p">)</span> </code></pre> </div> <h2> Etapa 2: Cross-Encoder Reranking </h2> <h3> Por qué no alcanza con embeddings </h3> <p>Los embeddings bi-encoder (como MiniLM) codifican query y documento <strong>por separado</strong>. Son rápidos pero pierden interacciones sutiles entre las palabras del query y del chunk.</p> <p>Un cross-encoder procesa <strong>query + chunk juntos</strong> como un solo input, capturando relaciones cruzadas. Es más lento pero significativamente más preciso.</p> <h3> Implementación </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">sentence_transformers</span> <span class="kn">import</span> <span class="n">CrossEncoder</span> <span class="n">reranker</span> <span class="o">=</span> <span class="nc">CrossEncoder</span><span class="p">(</span><span class="sh">"</span><span class="s">cross-encoder/ms-marco-MiniLM-L-6-v2</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">rerank</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">candidates</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">]:</span> <span class="n">pairs</span> <span class="o">=</span> <span class="p">[(</span><span class="n">query</span><span class="p">,</span> <span class="n">c</span><span class="p">[</span><span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">])</span> <span class="k">for</span> <span class="n">c</span> <span class="ow">in</span> <span class="n">candidates</span><span class="p">]</span> <span class="n">scores</span> <span class="o">=</span> <span class="n">self</span><span class="p">.</span><span class="n">reranker</span><span class="p">.</span><span class="nf">predict</span><span class="p">(</span><span class="n">pairs</span><span class="p">)</span> <span class="k">for</span> <span class="n">candidate</span><span class="p">,</span> <span class="n">score</span> <span class="ow">in</span> <span class="nf">zip</span><span class="p">(</span><span class="n">candidates</span><span class="p">,</span> <span class="n">scores</span><span class="p">):</span> <span class="n">candidate</span><span class="p">[</span><span class="sh">"</span><span class="s">rerank_score</span><span class="sh">"</span><span class="p">]</span> <span class="o">=</span> <span class="nf">float</span><span class="p">(</span><span class="n">score</span><span class="p">)</span> <span class="c1"># Ordenar por rerank_score descendente </span> <span class="k">return</span> <span class="nf">sorted</span><span class="p">(</span><span class="n">candidates</span><span class="p">,</span> <span class="n">key</span><span class="o">=</span><span class="k">lambda</span> <span class="n">x</span><span class="p">:</span> <span class="n">x</span><span class="p">[</span><span class="sh">"</span><span class="s">rerank_score</span><span class="sh">"</span><span class="p">],</span> <span class="n">reverse</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> </code></pre> </div> <p>Reducimos de ~60 candidatos (resultado de RRF) a los <strong>top 15</strong> después del reranking.</p> <h3> Confidence Score: ¿qué tan confiable es la respuesta? </h3> <p>Con los scores del cross-encoder, calculo un <strong>confidence score</strong> que indica qué tan seguro estoy de que los chunks recuperados son relevantes:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">math</span> <span class="kn">import</span> <span class="n">exp</span> <span class="k">def</span> <span class="nf">compute_confidence</span><span class="p">(</span><span class="n">sources</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="nb">dict</span><span class="p">])</span> <span class="o">-&gt;</span> <span class="nb">float</span><span class="p">:</span> <span class="n">scores</span> <span class="o">=</span> <span class="nf">sorted</span><span class="p">([</span><span class="n">s</span><span class="p">[</span><span class="sh">"</span><span class="s">rerank_score</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">sources</span><span class="p">],</span> <span class="n">reverse</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="n">max_score</span> <span class="o">=</span> <span class="n">scores</span><span class="p">[</span><span class="mi">0</span><span class="p">]</span> <span class="n">top3_avg</span> <span class="o">=</span> <span class="nf">sum</span><span class="p">(</span><span class="n">scores</span><span class="p">[:</span><span class="mi">3</span><span class="p">])</span> <span class="o">/</span> <span class="nf">min</span><span class="p">(</span><span class="nf">len</span><span class="p">(</span><span class="n">scores</span><span class="p">),</span> <span class="mi">3</span><span class="p">)</span> <span class="n">median</span> <span class="o">=</span> <span class="n">scores</span><span class="p">[</span><span class="nf">len</span><span class="p">(</span><span class="n">scores</span><span class="p">)</span> <span class="o">//</span> <span class="mi">2</span><span class="p">]</span> <span class="c1"># Blend: 40% mejor score, 30% promedio top-3, 30% mediana </span> <span class="n">blended</span> <span class="o">=</span> <span class="mf">0.4</span> <span class="o">*</span> <span class="n">max_score</span> <span class="o">+</span> <span class="mf">0.3</span> <span class="o">*</span> <span class="n">top3_avg</span> <span class="o">+</span> <span class="mf">0.3</span> <span class="o">*</span> <span class="n">median</span> <span class="c1"># Sigmoid → [0, 1] </span> <span class="k">return</span> <span class="mf">1.0</span> <span class="o">/</span> <span class="p">(</span><span class="mf">1.0</span> <span class="o">+</span> <span class="nf">exp</span><span class="p">(</span><span class="o">-</span><span class="n">blended</span><span class="p">))</span> </code></pre> </div> <p><strong>¿Por qué un blend y no solo el max?</strong> Si el mejor chunk tiene score 0.9 pero el resto está en -0.5, la respuesta probablemente es débil — un solo chunk bueno no compensa contexto malo. El blend captura la <strong>calidad general</strong> del contexto recuperado.</p> <p>El confidence score se envía al frontend, que lo usa para:</p> <ul> <li>Mostrar indicadores visuales de confianza</li> <li>Decidir si sugerir FAQs alternativas</li> <li>Trigger de escalación automática cuando está por debajo del umbral</li> </ul> <h2> Etapa 3: MMR (Maximum Marginal Relevance) </h2> <h3> El problema de la redundancia </h3> <p>Sin MMR, los 10 chunks más relevantes podrían venir <strong>del mismo documento</strong> o ser párrafos consecutivos que dicen prácticamente lo mismo. Eso desperdicia contexto del LLM.</p> <h3> La fórmula </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>MMR(chunk) = λ × relevancia(chunk) - (1-λ) × max_similaridad(chunk, ya_seleccionados) - penalidad_documento </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">_mmr_select</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">candidates</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">config</span><span class="p">):</span> <span class="n">selected</span> <span class="o">=</span> <span class="p">[]</span> <span class="n">remaining</span> <span class="o">=</span> <span class="nf">list</span><span class="p">(</span><span class="n">candidates</span><span class="p">)</span> <span class="n">lambda_param</span> <span class="o">=</span> <span class="n">config</span><span class="p">.</span><span class="n">lambda_param</span> <span class="c1"># Default: 0.6 </span> <span class="n">doc_counts</span> <span class="o">=</span> <span class="p">{}</span> <span class="k">for</span> <span class="n">_</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">config</span><span class="p">.</span><span class="n">top_k</span><span class="p">):</span> <span class="c1"># Default: 10 </span> <span class="n">best_score</span> <span class="o">=</span> <span class="o">-</span><span class="nf">float</span><span class="p">(</span><span class="sh">'</span><span class="s">inf</span><span class="sh">'</span><span class="p">)</span> <span class="n">best_idx</span> <span class="o">=</span> <span class="mi">0</span> <span class="k">for</span> <span class="n">i</span><span class="p">,</span> <span class="n">candidate</span> <span class="ow">in</span> <span class="nf">enumerate</span><span class="p">(</span><span class="n">remaining</span><span class="p">):</span> <span class="c1"># Relevancia vs query </span> <span class="n">relevance</span> <span class="o">=</span> <span class="nf">cosine_similarity</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">,</span> <span class="n">candidate</span><span class="p">[</span><span class="sh">"</span><span class="s">embedding</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># Máxima similaridad con chunks ya seleccionados </span> <span class="n">max_sim</span> <span class="o">=</span> <span class="nf">max</span><span class="p">(</span> <span class="p">(</span><span class="nf">cosine_similarity</span><span class="p">(</span><span class="n">candidate</span><span class="p">[</span><span class="sh">"</span><span class="s">embedding</span><span class="sh">"</span><span class="p">],</span> <span class="n">s</span><span class="p">[</span><span class="sh">"</span><span class="s">embedding</span><span class="sh">"</span><span class="p">])</span> <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">selected</span><span class="p">),</span> <span class="n">default</span><span class="o">=</span><span class="mi">0</span> <span class="p">)</span> <span class="c1"># Penalidad por documento repetido </span> <span class="n">doc_name</span> <span class="o">=</span> <span class="n">candidate</span><span class="p">[</span><span class="sh">"</span><span class="s">document_name</span><span class="sh">"</span><span class="p">]</span> <span class="n">penalty</span> <span class="o">=</span> <span class="n">doc_counts</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">doc_name</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="o">*</span> <span class="mf">0.1</span> <span class="c1"># Hard cap: máximo 3 chunks por documento </span> <span class="k">if</span> <span class="n">doc_counts</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">doc_name</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="o">&gt;=</span> <span class="n">config</span><span class="p">.</span><span class="n">max_per_doc</span><span class="p">:</span> <span class="k">continue</span> <span class="n">score</span> <span class="o">=</span> <span class="n">lambda_param</span> <span class="o">*</span> <span class="n">relevance</span> <span class="o">-</span> <span class="p">(</span><span class="mi">1</span> <span class="o">-</span> <span class="n">lambda_param</span><span class="p">)</span> <span class="o">*</span> <span class="n">max_sim</span> <span class="o">-</span> <span class="n">penalty</span> <span class="k">if</span> <span class="n">score</span> <span class="o">&gt;</span> <span class="n">best_score</span><span class="p">:</span> <span class="n">best_score</span> <span class="o">=</span> <span class="n">score</span> <span class="n">best_idx</span> <span class="o">=</span> <span class="n">i</span> <span class="n">chosen</span> <span class="o">=</span> <span class="n">remaining</span><span class="p">.</span><span class="nf">pop</span><span class="p">(</span><span class="n">best_idx</span><span class="p">)</span> <span class="n">selected</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="n">chosen</span><span class="p">)</span> <span class="n">doc_counts</span><span class="p">[</span><span class="n">chosen</span><span class="p">[</span><span class="sh">"</span><span class="s">document_name</span><span class="sh">"</span><span class="p">]]</span> <span class="o">=</span> <span class="n">doc_counts</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="n">chosen</span><span class="p">[</span><span class="sh">"</span><span class="s">document_name</span><span class="sh">"</span><span class="p">],</span> <span class="mi">0</span><span class="p">)</span> <span class="o">+</span> <span class="mi">1</span> <span class="k">return</span> <span class="n">selected</span> </code></pre> </div> <p><strong><code>λ = 0.6</code></strong> significa 60% relevancia, 40% diversidad. Es el sweet spot que encontré: suficiente diversidad para no repetir, pero sin sacrificar chunks realmente relevantes.</p> <h2> Cache Semántico: no repitas trabajo </h2> <h3> El concepto </h3> <p>Si alguien pregunta "¿Cómo reseteo mi contraseña?" y hace 2 horas otro usuario preguntó "¿Cómo puedo cambiar mi password?", la respuesta es la misma. ¿Para qué ejecutar todo el pipeline de nuevo?</p> <h3> Implementación </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">lookup_cache</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">config_hash</span><span class="p">):</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="nf">select</span><span class="p">(</span><span class="n">ResponseCache</span><span class="p">)</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span> <span class="n">ResponseCache</span><span class="p">.</span><span class="n">tenant_id</span> <span class="o">==</span> <span class="n">tenant_id</span><span class="p">,</span> <span class="n">ResponseCache</span><span class="p">.</span><span class="n">rag_config_hash</span> <span class="o">==</span> <span class="n">config_hash</span><span class="p">,</span> <span class="n">ResponseCache</span><span class="p">.</span><span class="n">expires_at</span> <span class="o">&gt;</span> <span class="n">func</span><span class="p">.</span><span class="nf">now</span><span class="p">(),</span> <span class="p">)</span> <span class="p">.</span><span class="nf">order_by</span><span class="p">(</span> <span class="n">ResponseCache</span><span class="p">.</span><span class="n">query_embedding</span><span class="p">.</span><span class="nf">cosine_distance</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">)</span> <span class="p">)</span> <span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">)</span> <span class="n">cache_entry</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">scalar_one_or_none</span><span class="p">()</span> <span class="k">if</span> <span class="n">cache_entry</span><span class="p">:</span> <span class="n">similarity</span> <span class="o">=</span> <span class="mi">1</span> <span class="o">-</span> <span class="nf">cosine_distance</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">,</span> <span class="n">cache_entry</span><span class="p">.</span><span class="n">query_embedding</span><span class="p">)</span> <span class="k">if</span> <span class="n">similarity</span> <span class="o">&gt;=</span> <span class="mf">0.95</span><span class="p">:</span> <span class="k">return</span> <span class="n">cache_entry</span> <span class="c1"># Cache hit </span> <span class="k">return</span> <span class="bp">None</span> <span class="c1"># Cache miss → ejecutar pipeline completo </span></code></pre> </div> <h3> Decisiones clave </h3> <ul> <li> <strong>Threshold 0.95</strong>: Muy alto a propósito. Prefiero un cache miss a servir una respuesta incorrecta.</li> <li> <strong>Config hash</strong>: El cache se invalida si cambian los parámetros de RAG. Cambiar <code>top_k</code> de 10 a 5 produce respuestas diferentes.</li> <li> <strong>Fire-and-forget store</strong>: Después de generar la respuesta del LLM, guardo en cache sin bloquear el streaming.</li> <li> <strong>TTL 7 días</strong>: Configurable por KB. Documentos que cambian seguido pueden usar TTL más corto.</li> <li> <strong>Invalidación proactiva</strong>: Cuando se sube o reprocesa un documento, se invalida el cache de esa KB. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Almacenar (no bloquea el response) </span><span class="k">async</span> <span class="k">def</span> <span class="nf">store_cache</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">response</span><span class="p">,</span> <span class="n">sources</span><span class="p">,</span> <span class="n">confidence</span><span class="p">,</span> <span class="p">...):</span> <span class="k">if</span> <span class="n">confidence</span> <span class="o">&lt;</span> <span class="n">config</span><span class="p">.</span><span class="n">min_confidence</span><span class="p">:</span> <span class="k">return</span> <span class="c1"># No cachear respuestas de baja confianza </span> <span class="n">cache_entry</span> <span class="o">=</span> <span class="nc">ResponseCache</span><span class="p">(</span> <span class="n">query_embedding</span><span class="o">=</span><span class="n">query_embedding</span><span class="p">,</span> <span class="n">response_text</span><span class="o">=</span><span class="n">response</span><span class="p">,</span> <span class="n">sources</span><span class="o">=</span><span class="n">sources</span><span class="p">,</span> <span class="n">confidence</span><span class="o">=</span><span class="n">confidence</span><span class="p">,</span> <span class="n">rag_config_hash</span><span class="o">=</span><span class="n">config_hash</span><span class="p">,</span> <span class="n">expires_at</span><span class="o">=</span><span class="n">datetime</span><span class="p">.</span><span class="nf">utcnow</span><span class="p">()</span> <span class="o">+</span> <span class="nf">timedelta</span><span class="p">(</span><span class="n">hours</span><span class="o">=</span><span class="n">config</span><span class="p">.</span><span class="n">cache_ttl_hours</span><span class="p">),</span> <span class="p">)</span> <span class="n">db</span><span class="p">.</span><span class="nf">add</span><span class="p">(</span><span class="n">cache_entry</span><span class="p">)</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">commit</span><span class="p">()</span> </code></pre> </div> <h2> FAQ Match: la shortcut más valiosa </h2> <p>Antes de todo el pipeline, verifico si existe una FAQ cuyo embedding sea suficientemente similar al query:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">match_faq</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">kb_ids</span><span class="p">,</span> <span class="n">threshold</span><span class="o">=</span><span class="mf">0.75</span><span class="p">):</span> <span class="n">result</span> <span class="o">=</span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="nf">select</span><span class="p">(</span><span class="n">FAQ</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">FAQ</span><span class="p">.</span><span class="n">question</span><span class="p">,</span> <span class="n">FAQ</span><span class="p">.</span><span class="n">answer</span><span class="p">,</span> <span class="p">(</span><span class="mi">1</span> <span class="o">-</span> <span class="n">FAQ</span><span class="p">.</span><span class="n">embedding</span><span class="p">.</span><span class="nf">cosine_distance</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">)).</span><span class="nf">label</span><span class="p">(</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">))</span> <span class="p">.</span><span class="nf">where</span><span class="p">(</span><span class="n">FAQ</span><span class="p">.</span><span class="n">knowledge_base_id</span><span class="p">.</span><span class="nf">in_</span><span class="p">(</span><span class="n">kb_ids</span><span class="p">),</span> <span class="n">FAQ</span><span class="p">.</span><span class="n">is_active</span> <span class="o">==</span> <span class="bp">True</span><span class="p">)</span> <span class="p">.</span><span class="nf">order_by</span><span class="p">(</span><span class="n">FAQ</span><span class="p">.</span><span class="n">embedding</span><span class="p">.</span><span class="nf">cosine_distance</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">))</span> <span class="p">.</span><span class="nf">limit</span><span class="p">(</span><span class="mi">1</span><span class="p">)</span> <span class="p">)</span> <span class="n">faq</span> <span class="o">=</span> <span class="n">result</span><span class="p">.</span><span class="nf">first</span><span class="p">()</span> <span class="k">if</span> <span class="n">faq</span> <span class="ow">and</span> <span class="n">faq</span><span class="p">.</span><span class="n">score</span> <span class="o">&gt;=</span> <span class="n">threshold</span><span class="p">:</span> <span class="c1"># Incrementar hit_count atómicamente </span> <span class="k">await</span> <span class="n">db</span><span class="p">.</span><span class="nf">execute</span><span class="p">(</span> <span class="nf">update</span><span class="p">(</span><span class="n">FAQ</span><span class="p">).</span><span class="nf">where</span><span class="p">(</span><span class="n">FAQ</span><span class="p">.</span><span class="nb">id</span> <span class="o">==</span> <span class="n">faq</span><span class="p">.</span><span class="nb">id</span><span class="p">)</span> <span class="p">.</span><span class="nf">values</span><span class="p">(</span><span class="n">hit_count</span><span class="o">=</span><span class="n">FAQ</span><span class="p">.</span><span class="n">hit_count</span> <span class="o">+</span> <span class="mi">1</span><span class="p">)</span> <span class="p">)</span> <span class="k">return</span> <span class="n">faq</span> <span class="k">return</span> <span class="bp">None</span> </code></pre> </div> <p><strong>¿Por qué es tan valioso?</strong></p> <ul> <li> <strong>Costo cero</strong>: No llama al LLM, no consume tokens</li> <li> <strong>Latencia mínima</strong>: Una sola query SQL con índice HNSW</li> <li> <strong>Respuestas curadas</strong>: Las FAQs son redactadas por humanos, siempre correctas</li> <li> <strong>Siempre disponible</strong>: Incluso cuando el usuario agotó su cuota mensual de queries LLM, las FAQs siguen funcionando</li> </ul> <h2> Detección de idioma sin APIs externas </h2> <p>Mi sistema soporta español, inglés y portugués. En vez de llamar a una API de detección (latencia extra + costo), uso detección heurística:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">EN_WORDS</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">how</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">what</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">the</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">is</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">can</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">do</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">where</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">when</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">why</span><span class="sh">"</span><span class="p">,</span> <span class="p">...}</span> <span class="c1"># 60+ </span><span class="n">PT_WORDS</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">como</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">onde</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">você</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">qual</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">para</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">não</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">uma</span><span class="sh">"</span><span class="p">,</span> <span class="p">...}</span> <span class="c1"># 45+ </span><span class="n">ES_WORDS</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">qué</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">cómo</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">dónde</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">ayuda</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">puedo</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">quiero</span><span class="sh">"</span><span class="p">,</span> <span class="p">...}</span> <span class="c1"># 40+ </span> <span class="k">def</span> <span class="nf">detect_language</span><span class="p">(</span><span class="n">query</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">str</span><span class="p">:</span> <span class="n">words</span> <span class="o">=</span> <span class="nf">set</span><span class="p">(</span><span class="n">query</span><span class="p">.</span><span class="nf">lower</span><span class="p">().</span><span class="nf">split</span><span class="p">())</span> <span class="n">scores</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">en</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">words</span> <span class="o">&amp;</span> <span class="n">EN_WORDS</span><span class="p">),</span> <span class="sh">"</span><span class="s">pt</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">words</span> <span class="o">&amp;</span> <span class="n">PT_WORDS</span><span class="p">),</span> <span class="sh">"</span><span class="s">es</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">words</span> <span class="o">&amp;</span> <span class="n">ES_WORDS</span><span class="p">),</span> <span class="p">}</span> <span class="n">best</span> <span class="o">=</span> <span class="nf">max</span><span class="p">(</span><span class="n">scores</span><span class="p">,</span> <span class="n">key</span><span class="o">=</span><span class="n">scores</span><span class="p">.</span><span class="n">get</span><span class="p">)</span> <span class="k">return</span> <span class="n">best</span> <span class="k">if</span> <span class="n">scores</span><span class="p">[</span><span class="n">best</span><span class="p">]</span> <span class="o">&gt;=</span> <span class="mi">2</span> <span class="k">else</span> <span class="sh">"</span><span class="s">es</span><span class="sh">"</span> <span class="c1"># Default: español </span></code></pre> </div> <p><strong>¿Es perfecto?</strong> No. Pero tiene latencia cero, no depende de servicios externos, y para queries cortas de 5-15 palabras funciona sorprendentemente bien. El idioma detectado se inyecta en el system prompt del LLM para que responda en el mismo idioma.</p> <h2> Smart Routing: elegir la KB correcta automáticamente </h2> <p>Cuando un tenant tiene múltiples Knowledge Bases (ej: "Ventas", "Soporte Técnico", "RRHH"), el usuario no debería tener que elegir manualmente dónde buscar.</p> <h3> Centroides de KB </h3> <p>Para cada KB, calculo el <strong>centroide</strong> (promedio de todos los embeddings de sus chunks):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="k">AVG</span><span class="p">(</span><span class="n">embedding</span><span class="p">)::</span><span class="nb">text</span> <span class="k">AS</span> <span class="n">centroid</span> <span class="k">FROM</span> <span class="n">chunks</span> <span class="k">WHERE</span> <span class="n">knowledge_base_id</span> <span class="o">=</span> <span class="p">:</span><span class="n">kb_id</span> </code></pre> </div> <h3> Routing por similaridad </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">async</span> <span class="k">def</span> <span class="nf">route_query</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">query_embedding</span><span class="p">,</span> <span class="n">available_kbs</span><span class="p">):</span> <span class="n">scores</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">kb</span> <span class="ow">in</span> <span class="n">available_kbs</span><span class="p">:</span> <span class="n">centroid</span> <span class="o">=</span> <span class="k">await</span> <span class="n">self</span><span class="p">.</span><span class="nf">_get_centroid</span><span class="p">(</span><span class="n">kb</span><span class="p">.</span><span class="nb">id</span><span class="p">)</span> <span class="c1"># Redis cache 24h </span> <span class="n">similarity</span> <span class="o">=</span> <span class="nf">cosine_similarity</span><span class="p">(</span><span class="n">query_embedding</span><span class="p">,</span> <span class="n">centroid</span><span class="p">)</span> <span class="k">if</span> <span class="n">similarity</span> <span class="o">&gt;=</span> <span class="mf">0.15</span><span class="p">:</span> <span class="c1"># Umbral mínimo </span> <span class="n">scores</span><span class="p">.</span><span class="nf">append</span><span class="p">((</span><span class="n">kb</span><span class="p">,</span> <span class="n">similarity</span><span class="p">))</span> <span class="c1"># Top 3 KBs más relevantes </span> <span class="n">scores</span><span class="p">.</span><span class="nf">sort</span><span class="p">(</span><span class="n">key</span><span class="o">=</span><span class="k">lambda</span> <span class="n">x</span><span class="p">:</span> <span class="n">x</span><span class="p">[</span><span class="mi">1</span><span class="p">],</span> <span class="n">reverse</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">return</span> <span class="p">[</span><span class="n">kb</span> <span class="k">for</span> <span class="n">kb</span><span class="p">,</span> <span class="n">_</span> <span class="ow">in</span> <span class="n">scores</span><span class="p">[:</span><span class="mi">3</span><span class="p">]]</span> </code></pre> </div> <p>Si ninguna KB supera el umbral, se busca en todas (fallback seguro).</p> <h2> Números que importan </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Métrica</th> <th>Valor</th> </tr> </thead> <tbody> <tr> <td>Candidatos iniciales por rama</td> <td>30 (vector) + 30 (BM25)</td> </tr> <tr> <td>Después de RRF merge</td> <td>~40-60 únicos</td> </tr> <tr> <td>Después de reranking</td> <td>Top 15</td> </tr> <tr> <td>Después de MMR</td> <td>Top 10 (máx 3 por doc)</td> </tr> <tr> <td>Dimensiones de embeddings</td> <td>384</td> </tr> <tr> <td>Threshold FAQ</td> <td>0.75</td> </tr> <tr> <td>Threshold cache</td> <td>0.95</td> </tr> <tr> <td>TTL cache</td> <td>7 días</td> </tr> <tr> <td>Latencia FAQ match</td> <td>~15ms</td> </tr> <tr> <td>Latencia pipeline completo</td> <td>~2-4s</td> </tr> <tr> <td>Ahorro por cache hit</td> <td>~90% latencia, 100% tokens LLM</td> </tr> </tbody> </table></div> <h2> Lecciones aprendidas </h2> <h3> 1. El cross-encoder vale la pena </h3> <p>La diferencia de calidad entre usar solo embeddings vs. embeddings + cross-encoder reranking es enorme. Los embeddings bi-encoder son buenos para recall (encontrar candidatos), pero el cross-encoder es mucho mejor para precision (ordenar por relevancia real).</p> <h3> 2. BM25 no murió </h3> <p>Para queries con nombres propios, códigos de error, o términos técnicos específicos, BM25 regularmente supera a la búsqueda vectorial. La combinación híbrida es estrictamente mejor que cualquiera por separado.</p> <h3> 3. MMR es más importante de lo que parece </h3> <p>Sin diversidad MMR, el LLM recibe contexto redundante y produce respuestas que orbitan alrededor de un solo punto. Con MMR, las respuestas son más completas y cubren diferentes ángulos del tema.</p> <h3> 4. Cache semántico requiere threshold alto </h3> <p>Con 0.90 tuve problemas de respuestas incorrectas servidas del cache. 0.95 es el sweet spot: suficiente para cachear reformulaciones obvias, pero no tan bajo como para matchear queries que realmente necesitan respuestas diferentes.</p> <h3> 5. Las FAQs son tu mejor inversión </h3> <p>Cada FAQ que agregás es una respuesta perfecta que se sirve en 15ms sin costo de LLM. Implementé auto-generación de FAQs sugeridas a partir de queries frecuentes sin respuesta, que el admin puede aprobar con un click.</p> <h2> Lo que sigue </h2> <ul> <li> <strong>Evaluation framework</strong>: métricas automáticas de calidad (faithfulness, relevance) con datasets de evaluación por KB</li> <li> <strong>Chunk contextualization</strong>: usar el LLM para agregar contexto del documento al chunk antes de indexar</li> <li> <strong>Late interaction models</strong> (ColBERT): mejor que cross-encoder para volúmenes altos</li> </ul> <h2> Conclusión </h2> <p>Un pipeline RAG de producción no es "embed + search + prompt". Es un sistema de múltiples etapas donde cada componente resuelve una debilidad específica del anterior. La búsqueda híbrida cubre gaps semánticos y léxicos, el cross-encoder ordena por relevancia real, MMR garantiza diversidad, el cache elimina trabajo redundante, y las FAQs cortan camino cuando la respuesta ya existe.</p> <p>Lo más importante: <strong>todo es configurable por Knowledge Base</strong>. No existe un set de parámetros universal — cada dominio de conocimiento tiene sus propias características y necesita tuning diferente.</p> <p><em>Si te interesa el tema de RAG en producción, dejá un comentario con tu mayor desafío. Y si este artículo te fue útil, un like ayuda a que llegue a más personas.</em></p> rag python ai postgres