core
API
Generated with
core/org.llm4s/org.llm4s.rag/org.llm4s.rag.permissions

org.llm4s.rag.permissions

package org.llm4s.rag.permissions

Members list

Packages

package org.llm4s.rag.permissions.pg

Type members

Classlikes

final case class ChunkWithEmbedding(content: String, embedding: Array[Float], chunkIndex: Int, metadata: Map[String, String])

A chunk with its embedding ready for indexing.

A chunk with its embedding ready for indexing.

Value parameters

chunkIndex

The index of this chunk within the document

content

The text content of the chunk

embedding

The vector embedding

metadata

Additional metadata for this chunk

Attributes

Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
final case class Collection(id: Int, path: CollectionPath, parentPath: Option[CollectionPath], queryableBy: Set[PrincipalId], isLeaf: Boolean, metadata: Map[String, String])

A collection in the search index hierarchy.

A collection in the search index hierarchy.

Collections organize documents and define access permissions. They form a tree structure where:

  • Parent collections can have their own queryable_by permissions
  • Sub-collections inherit parent permissions and can add further restrictions
  • Documents can only be added to leaf collections

Value parameters

id

Database primary key

isLeaf

True if this is a leaf collection (can contain documents)

metadata

Optional key-value metadata for the collection

parentPath

The parent collection path, if not a root collection

path

The unique collection path (e.g., "confluence/EN")

queryableBy

Set of principal IDs that can query this collection (empty = public)

Attributes

Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
final case class CollectionConfig(path: CollectionPath, queryableBy: Set[PrincipalId], isLeaf: Boolean, metadata: Map[String, String])

Configuration for creating a new collection.

Configuration for creating a new collection.

Value parameters

isLeaf

True if this is a leaf collection (can contain documents)

metadata

Optional key-value metadata for the collection

path

The collection path to create

queryableBy

Set of principal IDs that can query this collection (empty = public)

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object CollectionConfig

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
final case class CollectionPath

A validated collection path in the hierarchy.

A validated collection path in the hierarchy.

Collection paths use forward-slash separators (e.g., "confluence/EN/archive"). Each segment must contain only alphanumeric characters, underscores, and hyphens.

Value parameters

segments

The path segments (e.g., Seq("confluence", "EN", "archive"))

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object CollectionPath

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
sealed trait CollectionPattern

A pattern for matching collections in queries.

A pattern for matching collections in queries.

Patterns support:

  • Exact matching: confluence/EN
  • Immediate children: confluence/★ (matches confluence/EN but not confluence/EN/archive)
  • All descendants: confluence/★★ (matches all paths starting with confluence/)
  • All collections:

Note: In code, use asterisk (*) instead of ★ shown in docs.

Attributes

Companion
object
Supertypes
class Object
trait Matchable
class Any
Known subtypes
object All
class Exact
object CollectionPattern

Attributes

Companion
trait
Supertypes
trait Sum
trait Mirror
class Object
trait Matchable
class Any
Self type
final case class CollectionStats(documentCount: Long, chunkCount: Long, subCollectionCount: Int)

Statistics for a collection.

Statistics for a collection.

Value parameters

chunkCount

Total number of chunks across all documents

documentCount

Number of unique documents in the collection

subCollectionCount

Number of direct sub-collections

Attributes

Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
trait CollectionStore

Storage for collections with permission management.

Storage for collections with permission management.

Manages the hierarchical collection structure and enforces permission inheritance rules:

  • SubCollections inherit parent permissions
  • SubCollections can only add restrictions (never loosen)
  • Documents can only be added to leaf collections

Attributes

Supertypes
class Object
trait Matchable
class Any
Known subtypes
sealed trait ExternalPrincipal

External principal identifier before resolution to internal ID.

External principal identifier before resolution to internal ID.

External IDs are human-readable identifiers like email addresses or group names that get mapped to integer IDs for efficient storage.

Attributes

Companion
object
Supertypes
class Object
trait Matchable
class Any
Known subtypes
class Group
class User
object ExternalPrincipal

Attributes

Companion
trait
Supertypes
trait Sum
trait Mirror
class Object
trait Matchable
class Any
Self type
final case class PrincipalId(value: Int) extends AnyVal

Type-safe wrapper for principal IDs.

Type-safe wrapper for principal IDs.

Uses integer representation for efficient database queries:

  • Positive integers represent users
  • Negative integers represent groups
  • Zero is reserved (not used)

Value parameters

value

The integer ID (positive=user, negative=group)

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class AnyVal
trait Matchable
class Any
Show all
object PrincipalId

Attributes

Companion
class
Supertypes
class Object
trait Matchable
class Any
Self type
trait PrincipalStore

Storage for principal ID mappings.

Storage for principal ID mappings.

Maps external identifiers (email addresses, group names) to internal integer IDs that are efficient for database queries.

Design:

  • User IDs are positive integers (auto-incremented from SERIAL)
  • Group IDs are negative integers (from a separate sequence)
  • External IDs are prefixed with type: "user:john@example.com", "group:admins"

Attributes

Supertypes
class Object
trait Matchable
class Any
Known subtypes
trait SearchIndex

Top-level search index with permission-based filtering.

Top-level search index with permission-based filtering.

SearchIndex is the main entry point for permission-aware RAG operations. It combines:

  • Collection hierarchy management
  • User/group principal mapping
  • Permission-filtered vector search
  • Document ingestion with access control

Query flow:

  1. Resolve accessible collection IDs based on pattern + user authorization
  2. Perform vector search within those collections
  3. Apply document-level permission filtering (readable_by)
  4. Return permission-filtered results

Attributes

Companion
object
Supertypes
class Object
trait Matchable
class Any
Known subtypes
object SearchIndex

Factory for creating SearchIndex instances.

Factory for creating SearchIndex instances.

Attributes

Companion
trait
Supertypes
class Object
trait Matchable
class Any
Self type
final case class UserAuthorization(principalIds: Set[PrincipalId], isAdmin: Boolean)

User authorization context for permission-filtered queries.

User authorization context for permission-filtered queries.

Contains the set of principal IDs (user + groups) that the current user belongs to, which is used to filter collections and documents.

Value parameters

isAdmin

True if this user has admin privileges (bypasses permission checks)

principalIds

The set of principal IDs for this user (includes user ID and all group IDs)

Attributes

Companion
object
Supertypes
trait Serializable
trait Product
trait Equals
class Object
trait Matchable
class Any
Show all
object UserAuthorization

Attributes

Companion
class
Supertypes
trait Product
trait Mirror
class Object
trait Matchable
class Any
Self type
Generated with