fix(kb): align vector rename tenancy with delete and restore chunk diagnostics

- Extend VectorIndexStore.rename_collection_data with user_id and is_admin;
  LanceDB implementation builds the same filter as delete_collection_data
  before table.update so non-admins only rename their rows and admins rename
  all rows for the old collection key.
- Pass caller identity from rename_collection_api.
- When read_chunks_for_embedding finds zero rows under user scope, log at
  ERROR under DEBUG if admin-unscoped count shows hidden rows (user_id mismatch
  or legacy NULL ownership).
- Update lancedb store unit test for the new rename signature.

Author: sqhyz55

src/xagent/core/tools/core/RAG_tools/storage/contracts.py

@@ -440,9 +440,23 @@ def rename_collection_data(
         self,
         collection_name: str,
         new_name: str,
+        user_id: Optional[int],
+        is_admin: bool,
     ) -> List[str]:
         """Rename collection key across vector-side tables.
 
+        Applies the same multi-tenancy filter semantics as
+        :meth:`delete_collection_data`: non-admin callers only rename rows they
+        can see (``user_id`` match; legacy NULL ``user_id`` is admin-only).
+        Admins omit the user predicate and rename all rows for the old collection
+        name.
+
+        Args:
+            collection_name: Current collection name stored in vector tables.
+            new_name: Target collection name after rename.
+            user_id: User ID for multi-tenancy filtering.
+            is_admin: Whether the caller has admin privileges.
+
         Returns:
             Warning messages generated during best-effort updates.
         """

src/xagent/core/tools/core/RAG_tools/storage/lancedb_stores.py

@@ -581,11 +581,20 @@ def rename_collection_data(
         self,
         collection_name: str,
         new_name: str,
+        user_id: Optional[int],
+        is_admin: bool,
     ) -> List[str]:
         from ..LanceDB.schema_manager import _safe_close_table
 
         warnings: List[str] = []
-        safe_old_name = escape_lancedb_string(collection_name)
+        filter_expr = self.build_filter_expression(
+            build_filter_from_dict({"collection": collection_name}),
+            user_id=user_id,
+            is_admin=is_admin,
+        )
+        if not filter_expr:
+            return warnings
+
         conn = self._get_connection()
         for table_name in self.list_table_names():
             if table_name not in {
@@ -598,7 +607,7 @@ def rename_collection_data(
             try:
                 table = conn.open_table(table_name)
                 table.update(
-                    f"collection = '{safe_old_name}'",
+                    filter_expr,
                     {"collection": new_name},
                 )
             except Exception as exc:  # noqa: BLE001

src/xagent/core/tools/core/RAG_tools/vector_storage/vector_manager.py

@@ -39,6 +39,7 @@
 )
 from ..LanceDB.model_tag_utils import to_model_tag
 from ..LanceDB.schema_manager import _safe_close_table, ensure_embeddings_table
+from ..storage.contracts import VectorIndexStore
 from ..storage.factory import get_vector_index_store
 from ..utils.metadata_utils import deserialize_metadata, serialize_metadata
 
@@ -183,6 +184,53 @@ def _safe_int_conversion(value: Any, default: int = 0) -> int:
         return default
 
 
+def _maybe_log_chunks_hidden_by_user_filter(
+    vector_store: VectorIndexStore,
+    query_filters: Dict[str, Any],
+    *,
+    user_id: Optional[int],
+    is_admin: bool,
+) -> None:
+    """If DEBUG logging is enabled, detect chunks matching scope filters but excluded by user_id filter.
+
+    Non-admin callers filter rows by ``user_id``; admins effectively omit that predicate.
+    When the scoped count is zero but an admin-equivalent count is positive, rows likely
+    exist under another ``user_id`` or legacy NULL ``user_id`` — typical symptom of a
+    permission or ingestion ownership mismatch.
+
+    Args:
+        vector_store: Vector index abstraction bound to the active backend.
+        query_filters: Column equality filters (collection, doc_id, parse_hash, ...).
+        user_id: Authenticated user id passed into the read path.
+        is_admin: Whether the caller is treated as admin for tenancy filtering.
+    """
+    if is_admin or user_id is None:
+        return
+    if not logger.isEnabledFor(logging.DEBUG):
+        return
+    try:
+        count_without_user_scope = vector_store.count_rows_or_zero(
+            table_name="chunks",
+            filters=query_filters,
+            user_id=user_id,
+            is_admin=True,
+        )
+    except Exception as exc:  # noqa: BLE001
+        logger.debug("Skipped chunks user-filter diagnostic count: %s", exc)
+        return
+
+    if count_without_user_scope > 0:
+        logger.error(
+            "Chunks exist for doc/collection scope but user filter excluded them "
+            "(possible user_id mismatch, legacy NULL user_id row, or permission bug). "
+            "caller_user_id=%s is_admin=%s unscoped_count=%s filters=%s",
+            user_id,
+            is_admin,
+            count_without_user_scope,
+            query_filters,
+        )
+
+
 def _safe_str_value(value: Any) -> Optional[str]:
     """Extract string value, returning None for NaN/None values.
 
@@ -250,6 +298,12 @@ def read_chunks_for_embedding(
             is_admin=is_admin,
         )
         if total_count == 0:
+            _maybe_log_chunks_hidden_by_user_filter(
+                vector_store,
+                query_filters,
+                user_id=user_id,
+                is_admin=is_admin,
+            )
             logger.info("No chunks found for the given criteria")
             return EmbeddingReadResponse(chunks=[], total_count=0, pending_count=0)
 

src/xagent/web/api/kb.py

@@ -1290,6 +1290,7 @@ def _download_file() -> None:
                         file_config = config.model_copy(
                             update={"parse_method": normalized_parse_method}
                         )
+
                         def _run_cloud_ingestion() -> IngestionResult:
                             return run_document_ingestion(
                                 collection=safe_collection,
@@ -3548,6 +3549,8 @@ async def rename_collection_api(
         vector_store.rename_collection_data(
             collection_name=safe_old_collection,
             new_name=safe_new_collection,
+            user_id=int(_user.id),
+            is_admin=bool(_user.is_admin),
         )
     )
 

tests/core/tools/core/RAG_tools/storage/test_lancedb_stores.py

@@ -337,7 +337,12 @@ def test_vector_store_rename_collection_data_updates_expected_tables(
     mock_conn.open_table.return_value = mock_table
 
     store = LanceDBVectorIndexStore()
-    warnings = store.rename_collection_data("old_name", "new_name")
+    warnings = store.rename_collection_data(
+        "old_name",
+        "new_name",
+        user_id=1,
+        is_admin=False,
+    )
 
     assert warnings == []
     # 4 target tables should be updated; control-plane table excluded.