From 34f403a066a7ac5e43d8b075eed7cf7acb0a1dd0 Mon Sep 17 00:00:00 2001
From: Christian Gick <service@agiliton.eu>
Date: Sat, 28 Feb 2026 16:21:01 +0200
Subject: [PATCH] feat(MAT-65): Remove WildFiles org-level fallback, require
 per-user key

No more shared org-level document search for unauthenticated users.
DocumentRAG.search() now returns empty if no API key provided.
Explicit !ai search command tells users to connect first.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 bot.py | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/bot.py b/bot.py
index d768033..113346e 100644
--- a/bot.py
+++ b/bot.py
@@ -319,15 +319,11 @@ class DocumentRAG:
         self.enabled = bool(base_url and org)
 
     async def search(self, query: str, top_k: int = 3, api_key: str | None = None) -> list[dict]:
-        if not api_key and not self.enabled:
+        if not api_key:
             return []
         try:
-            headers = {}
+            headers = {"X-API-Key": api_key}
             body = {"query": query, "limit": top_k}
-            if api_key:
-                headers["X-API-Key"] = api_key
-            else:
-                body["organization"] = self.org
             async with httpx.AsyncClient(timeout=15.0) as client:
                 resp = await client.post(
                     f"{self.base_url}/api/v1/rag/search",
@@ -1809,6 +1805,9 @@ class Bot:
                 return
             sender = event.sender if event else None
             user_api_key = self.user_keys.get(sender) if sender else None
+            if not user_api_key:
+                await self._send_text(room.room_id, "WildFiles not connected. Use `!ai wildfiles connect` first.")
+                return
             results = await self.rag.search(query, top_k=5, api_key=user_api_key)
             if not results:
                 await self._send_text(room.room_id, "No documents found.")