Follow-up to RLAC P3 (#293). P3 (PR #321) re-tags existing chunks synchronously on the RLAC flip-on transition, which closes the empty-results hole for the normal path. Two gaps remain, both requiring a new persisted workspace field (rlacChunkSchemaVersion) across all four control-plane backends (memory/file/sqlite/astra) — a schema change deferred from P3:
- Upgrade path. A workspace that already had
rlacEnabled: true before 0.5.0 won't re-tag (the transition already happened). Interim documented in docs/rlac.md: toggle rlacEnabled off then on once. A version marker + a one-time startup/opt-in backfill (à la reconcileOrphansOnStart) would remove the manual step.
- Very large workspaces. The synchronous re-tag runs inside the flip PATCH request; for a workspace with millions of chunks this could be slow. A
rlacChunkSchemaVersion marker would let the search path fall back to control-plane doc-level post-filtering for not-yet-backfilled workspaces, so the flip returns immediately and the backfill runs out-of-band.
Scope
- Add
rlacChunkSchemaVersion to WorkspaceRecord + all 4 backends (types, converters, astra additive column migration).
- Set it after a successful chunk re-tag (flip-on + the standalone backfill script).
- Gate the search path: when stale, don't push
visible_to down; post-filter hits by joining documentId → the control-plane doc's visibleTo (the same compiled policy, evaluated against the doc).
- Extend
scripts/backfill-rlac.ts to build drivers and re-tag chunks (today it's file-backend, doc-level only).
Follow-up to RLAC P3 (#293). P3 (PR #321) re-tags existing chunks synchronously on the RLAC flip-on transition, which closes the empty-results hole for the normal path. Two gaps remain, both requiring a new persisted workspace field (
rlacChunkSchemaVersion) across all four control-plane backends (memory/file/sqlite/astra) — a schema change deferred from P3:rlacEnabled: truebefore 0.5.0 won't re-tag (the transition already happened). Interim documented indocs/rlac.md: togglerlacEnabledoff then on once. A version marker + a one-time startup/opt-in backfill (à lareconcileOrphansOnStart) would remove the manual step.rlacChunkSchemaVersionmarker would let the search path fall back to control-plane doc-level post-filtering for not-yet-backfilled workspaces, so the flip returns immediately and the backfill runs out-of-band.Scope
rlacChunkSchemaVersiontoWorkspaceRecord+ all 4 backends (types, converters, astra additive column migration).visible_todown; post-filter hits by joiningdocumentId→ the control-plane doc'svisibleTo(the same compiled policy, evaluated against the doc).scripts/backfill-rlac.tsto build drivers and re-tag chunks (today it's file-backend, doc-level only).