From 7b6543be9076e550e1194389a61caeffdee2df0b Mon Sep 17 00:00:00 2001
From: Homelab Cursor <homelab@orbitalo.net>
Date: Thu, 26 Mar 2026 16:51:29 +0100
Subject: [PATCH] fix(rag): strip session history when forced RAG fires

Poisoned session history (4x wrong answers) overrode RAG results.
Now: when doc keywords trigger forced rag_search, rebuild messages
from scratch with ONLY system prompt + RAG results + question.
No session history = no poisoning.
---
 homelab-ai-bot/llm.py | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/homelab-ai-bot/llm.py b/homelab-ai-bot/llm.py
index f47e8e31..94726a09 100644
--- a/homelab-ai-bot/llm.py
+++ b/homelab-ai-bot/llm.py
@@ -412,7 +412,7 @@ def ask_with_tools(question: str, tool_handlers: dict, session_id: str = None) -
 
     messages.append({"role": "user", "content": question})
 
-    # --- RAG-Pflicht: Bei Doc-Keywords rag_search DIREKT aufrufen (nicht LLM) ---
+    # --- RAG-Pflicht: Bei Doc-Keywords rag_search DIREKT aufrufen ---
     _DOC_KW = [
         "versicherung", "vertrag", "vertraege", "dokument", "rente",
         "finanzamt", "steuer", "grundsteuer", "familienbuch", "urkunde",
@@ -429,20 +429,20 @@ def ask_with_tools(question: str, tool_handlers: dict, session_id: str = None) -
                 log.info("RAG-Pflicht: forciere rag_search fuer: %s", question[:80])
                 _rag_res = _rag_fn(query=question, top_k=8)
                 if _rag_res and not _rag_res.startswith("Keine"):
-                    _fake_tc = [{"id": "forced_rag", "type": "function",
-                        "function": {"name": "rag_search",
-                            "arguments": json.dumps({"query": question, "top_k": 8})}}]
-                    messages.insert(-1, {"role": "assistant", "content": None,
-                        "tool_calls": _fake_tc})
-                    messages.insert(-1, {"role": "tool", "tool_call_id": "forced_rag",
-                        "content": str(_rag_res)[:3000]})
-                    _suffix = (
-                        "\n\n[Oben siehst du die Ergebnisse der Dokumentensuche. "
-                        "Beantworte die Frage NUR basierend auf diesen Ergebnissen. "
-                        "Erfinde nichts dazu.]"
-                    )
-                    messages[-1] = {"role": "user", "content": question + _suffix}
-                    log.info("RAG-Pflicht: %d Zeichen injiziert", len(str(_rag_res)))
+                    log.info("RAG-Pflicht: %d Zeichen — loesche Session-History", len(str(_rag_res)))
+                    messages = [
+                        {"role": "system", "content": _full_prompt
+                            + "\n\nWICHTIG: Ignoriere fruehere Antworten. "
+                            + "Die Dokumentensuche unten ist die einzige Wahrheit. "
+                            + "Beantworte die Frage NUR basierend auf diesen Suchergebnissen."},
+                        {"role": "assistant", "content": None,
+                            "tool_calls": [{"id": "forced_rag", "type": "function",
+                                "function": {"name": "rag_search",
+                                    "arguments": json.dumps({"query": question, "top_k": 8})}}]},
+                        {"role": "tool", "tool_call_id": "forced_rag",
+                            "content": str(_rag_res)[:3000]},
+                        {"role": "user", "content": question},
+                    ]
             except Exception as e:
                 log.warning("RAG-Pflicht Fehler: %s", e)