fix: multi-user isolation and sqlor-compatible queries

- Replace all sor.sqlExe(ORDER BY/LIMIT) with sor.R(ns={sort:...}) pattern - _get_config: add user_id parameter and filter - _find_relevant_skills: use sor.R with $or and $like filters - list_reasoning_sessions: use sor.R with ns sort and Python slicing - All queries now include user_id filter for multi-user isolation
2026-05-07 16:39:19 +08:00 · 2026-05-07 16:39:19 +08:00 · 7f60b0a79b
commit 7f60b0a79b
parent bb420a6471
3 changed files with 17 additions and 15 deletions
--- a/harnessed_reasoning/.core.py.swp
+++ b/harnessed_reasoning/.core.py.swp
--- a/harnessed_reasoning/pycache/core.cpython-311.pyc
+++ b/harnessed_reasoning/pycache/core.cpython-311.pyc
--- a/harnessed_reasoning/core.py
+++ b/harnessed_reasoning/core.py
@ -117,8 +117,8 @@ class HermesReasoningEngine:
    # Config helpers
    # --------------------------------------------------------

-    async def _get_config(self) -> Dict[str, Any]:
-        """Get reasoning config from DB, fall back to defaults."""
+    async def _get_config(self, user_id: str = None) -> Dict[str, Any]:
+        """Get reasoning config from DB for current user, fall back to defaults."""
        try:
            env = ServerEnv()
            dbname = env.get_module_dbname('harnessed_reasoning')
@ -127,8 +127,10 @@ class HermesReasoningEngine:

        try:
            async with self.db.sqlorContext(dbname) as sor:
-                sql = "SELECT * FROM harnessed_reasoning_config ORDER BY updated_at DESC LIMIT 1"
-                rows = await sor.sqlExe(sql, {})
+                where = {}
+                if user_id:
+                    where['user_id'] = user_id
+                rows = await sor.R('harnessed_reasoning_config', where if where else None, ns={'sort': 'updated_at desc'})
                if rows:
                    return rows[0]
        except Exception as e:
@ -196,15 +198,14 @@ class HermesReasoningEngine:
        try:
            async with self.db.sqlorContext('default') as sor:
                for kw in list(keywords)[:3]:
-                    sql = """SELECT * FROM hermes_skills 
-                             WHERE user_id = :user_id 
-                             AND (name LIKE :kw1 OR description LIKE :kw2) 
-                             LIMIT 2"""
-                    rows = await sor.sqlExe(sql, {
-                        'user_id': user_id, 
-                        'kw1': f'%{kw}%', 
-                        'kw2': f'%{kw}%'
+                    rows = await sor.R('hermes_skills', {
+                        'user_id': user_id,
+                        '$or': [
+                            {'name': {'$like': f'%{kw}%'}},
+                            {'description': {'$like': f'%{kw}%'}}
+                        ]
                    })
+                    rows = (rows or [])[:2]
                    skills.extend(rows)

                # Deduplicate
@ -433,7 +434,7 @@ class HermesReasoningEngine:
        except Exception:
            pass

-        config = await self._get_config()
+        config = await self._get_config(user_id)
        safety_mode = config.get('safety_mode', 'strict')

        result = {
@ -689,8 +690,9 @@ class HermesReasoningEngine:

        try:
            async with self.db.sqlorContext('default') as sor:
-                sql = f"SELECT * FROM harnessed_reasoning_sessions WHERE user_id = :user_id ORDER BY created_at DESC LIMIT {limit} OFFSET {offset}"
-                rows = await sor.sqlExe(sql, {'user_id': user_id})
+                rows = await sor.R('harnessed_reasoning_sessions', {'user_id': user_id}, ns={'sort': 'created_at desc'})
+                rows = rows or []
+                rows = rows[offset:offset + limit]

                sessions = []
                for s in rows: