> ## Documentation Index
> Fetch the complete documentation index at: https://docs.praxis-ai.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Search file content via RAG-KAG and return scored snippets

> Scored-chunk content search across the user's eligible IP Vault
(personal + current institution + account-shared siblings). Returns
~200-char snippets centered on matched tokens, with a relevance score
per chunk and a `rag` | `kag` | `fused` source label. Confidential
institution files surface a 🔒 placeholder snippet rather than raw
chunk text. `selectedUploadIds` is optional — when provided, it
intersects with the user's scope; foreign or malformed ids are
silently dropped (never 403). Rate-limited per user (default 20/min).
Results now include KAG graph matches when KAG is enabled for a vault in
scope, and each result carries the full `content` plus KAG evidence
(`matchedEntities`, `trace`) for inline expansion.




## OpenAPI

````yaml /mdx/api-reference/runtime/runtime-api.json post /api/user/files/search-content
openapi: 3.0.0
info:
  title: Pria Runtime API
  version: 2.0.1
  description: >-
    Pria API Documentation Praxis's developer platform is a core part of our
    mission to empower organizations to grow better. Our APIs are designed to
    enable teams of any shape or size to build robust integrations that help
    them customize and get the most value out of Pria. All Pria APIs are built
    using REST conventions and designed to have a predictable URL structure.
    <br/>  <br/>They use many standard HTTP features, including methods (POST,
    GET, PUT, DELETE) and error response codes.  <br/> <br/>All API calls are
    made under https://hiimpria.ai/api and all responses return standard JSON.
    In these docs, you'll find lists of all available endpoints for a given API,
    along with interactive code blocks for building requests. For walkthroughs
    of basic usage for these APIs, check out the API guides.
servers:
  - url: https://pria.praxislxp.com
    description: Pria API Server
security: []
tags:
  - name: Authentication
    description: User authentication, registration, and password management (/api/auth)
  - name: OAuth
    description: OAuth authentication providers - Google, GitHub, SSO (/api/auth/oauth)
  - name: User
    description: User profile management and account operations (/api/user)
  - name: User Institutions
    description: User institution memberships and switching (/api/user/institution)
  - name: User Tools
    description: Available tools for authenticated users (/api/user/tools)
  - name: Institutions
    description: Institution settings and configuration (/api/user/institution)
  - name: Conversation
    description: AI conversation and Q&A endpoints (/api/ai)
  - name: Realtime
    description: Real-time voice AI and WebRTC sessions (/api/ai/rt)
  - name: Assistant
    description: AI assistant configuration and management (/api/user/assistant)
  - name: History
    description: Conversation history and favorites (/api/user/history)
  - name: RAG
    description: >-
      Document upload, embedding, and retrieval-augmented generation
      (/api/user/files, /api/user/rag)
  - name: Setting
    description: Instance variables and settings management (/api/user/setting)
  - name: Branding
    description: Digital twin branding and customization (/api/agent/branding)
  - name: Agent
    description: Agent engagement and session management (/api/agent)
  - name: SDK Launch
    description: >-
      SDK launch token signing and verification for secure iframe embedding
      (/api/auth/sdk-sign, /api/auth/sdk-verify)
  - name: Testing
    description: Health checks, diagnostics, and test endpoints (/api/test)
  - name: Admin Accounts
    description: Account management for super admins (/api/admin/account)
  - name: Admin Institutions
    description: Institution management for admins (/api/admin/institution)
  - name: Admin Users
    description: User management for admins (/api/admin/user)
  - name: Admin Entitlements
    description: >-
      User-institution relationships and permissions
      (/api/admin/userInstitution)
  - name: Admin Sessions
    description: Session management for admins (/api/admin/session)
  - name: Admin Histories
    description: Conversation history management and analytics (/api/admin/history)
  - name: Admin Assistants
    description: AI assistant management for admins (/api/admin/assistant)
  - name: Admin Questions
    description: Institution question and prompt management (/api/admin/question)
  - name: Admin Tools
    description: Tool configuration management (/api/admin/tool)
  - name: Admin AI Models
    description: AI model configuration (/api/admin/aimodel)
  - name: Admin MCP Servers
    description: Model Context Protocol server management (/api/admin/mcpserver)
  - name: Admin Feedbacks
    description: User feedback management (/api/admin/feedback)
  - name: Admin Uploads
    description: Upload management (/api/admin/upload)
  - name: Admin Charts
    description: Analytics and visualization chart management (/api/admin/chart)
  - name: Audio Notes
    description: Capture and ingest spoken notes into the personal vault
  - name: Memory
    description: User-facing memory parameters (personal + shared instance memory).
  - name: My Data
    description: >-
      GDPR controls — personal-scope counts, async ZIP-by-email export, and
      scoped soft-delete. Every endpoint pins `user = req.user._id` AND
      `institution: null`; institution-scoped data is governed by the
      institution's own retention policy and never reached from here.
  - name: Questions
    description: >-
      User-facing read of the onboarding question bank used by the "create a
      digital twin" wizard.
  - name: Transcription
    description: >-
      One-shot speech-to-text for in-place dictation. Audio blob in, transcript
      out — no Upload / History / RAG embeddings are persisted. Use
      `/audio-notes` for anything durable.
paths:
  /api/user/files/search-content:
    post:
      tags:
        - RAG
      summary: Search file content via RAG-KAG and return scored snippets
      description: |
        Scored-chunk content search across the user's eligible IP Vault
        (personal + current institution + account-shared siblings). Returns
        ~200-char snippets centered on matched tokens, with a relevance score
        per chunk and a `rag` | `kag` | `fused` source label. Confidential
        institution files surface a 🔒 placeholder snippet rather than raw
        chunk text. `selectedUploadIds` is optional — when provided, it
        intersects with the user's scope; foreign or malformed ids are
        silently dropped (never 403). Rate-limited per user (default 20/min).
        Results now include KAG graph matches when KAG is enabled for a vault in
        scope, and each result carries the full `content` plus KAG evidence
        (`matchedEntities`, `trace`) for inline expansion.
      requestBody:
        required: true
        content:
          application/json:
            schema:
              type: object
              required:
                - query
              properties:
                query:
                  type: string
                  maxLength: 500
                  description: The search query string.
                  example: quantum gravity
                selectedUploadIds:
                  type: array
                  nullable: true
                  maxItems: 5000
                  items:
                    type: string
                  description: >-
                    Optional whitelist of upload ids. Intersected with the
                    user's eligible scope; foreign / malformed ids are silently
                    dropped.
                minScore:
                  type: number
                  format: float
                  minimum: 0
                  maximum: 1
                  default: 0.1
                  description: >-
                    Minimum dense (vector) score floor. Ignored for KAG-fused
                    results.
                limit:
                  type: integer
                  minimum: 1
                  maximum: 100
                  default: 50
                  description: Maximum number of results to return.
      responses:
        '200':
          description: Content-search results
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: true
                  query:
                    type: string
                    example: quantum gravity
                  results:
                    type: array
                    items:
                      type: object
                      properties:
                        uploadId:
                          type: string
                        chunkId:
                          type: string
                        chunkIndex:
                          type: integer
                        snippet:
                          type: string
                          description: >-
                            Plain-text snippet, ~200 chars, centered on the
                            matched token. Confidential hits return `🔒 Private
                            content matched — open the file to view`.
                        content:
                          type: string
                          description: >-
                            Full matched chunk text for inline expansion.
                            Confidential hits return the same 🔒 placeholder as
                            `snippet`.
                        matchedEntities:
                          type: array
                          items:
                            type: string
                          description: >-
                            KAG graph entity names that matched this hit. Empty
                            unless the graph leg contributed (source kag/fused).
                        trace:
                          type: array
                          items:
                            type: object
                            properties:
                              list:
                                type: string
                                enum:
                                  - dense
                                  - graph
                                  - lexical
                              rank:
                                type: integer
                          description: >-
                            RRF provenance — which retriever(s) and at what rank
                            produced this hit. Empty for dense-only results.
                        score:
                          type: number
                          format: float
                          description: >-
                            Relevance score (0..1 for dense, ~0.00..0.05 for
                            RRF-fused).
                        source:
                          type: string
                          enum:
                            - rag
                            - kag
                            - fused
                            - lexical
                          description: >-
                            Retrieval leg that produced the hit — rag
                            (semantic), lexical (keyword/BM25), kag (graph), or
                            fused (multiple legs via RRF).
                        upload:
                          type: object
                          properties:
                            _id:
                              type: string
                            originalname:
                              type: string
                            filesize:
                              type: integer
                            mimetype:
                              type: string
                            file_title:
                              type: string
                            institution:
                              type: string
                              nullable: true
                            account_shared:
                              type: boolean
                              description: >-
                                True when the upload is shared at the account
                                level (visible across sibling institutions).
                            is_private:
                              type: boolean
                            confidential:
                              type: boolean
                              description: >-
                                True when the upload's snippet is suppressed
                                (other-user is_private institution file).
                  totalScanned:
                    type: integer
                    description: >-
                      Number of raw results returned by searchRag before the
                      minScore filter.
                  uploadCount:
                    type: integer
                    description: Number of distinct uploads in the user's searchable scope.
                  tookMs:
                    type: integer
                    description: >-
                      Server-side elapsed time in milliseconds (outer wall-clock
                      incl. user/collection lookups).
                  searchPerf:
                    type: object
                    nullable: true
                    description: >-
                      Per-leg retrieval diagnostics (null when no fan-out ran —
                      empty scope / RAG disabled / error).
                    properties:
                      legs:
                        type: object
                        properties:
                          dense:
                            type: object
                            properties:
                              count:
                                type: integer
                              ms:
                                type: integer
                              enabled:
                                type: boolean
                          graph:
                            type: object
                            properties:
                              count:
                                type: integer
                              ms:
                                type: integer
                              enabled:
                                type: boolean
                                description: False when KAG fusion is off for this turn.
                          lexical:
                            type: object
                            properties:
                              count:
                                type: integer
                              ms:
                                type: integer
                              enabled:
                                type: boolean
                                description: False when the lexical (BM25) leg is off.
                      fused:
                        type: integer
                        description: Result count after RRF fusion.
                      totalMs:
                        type: integer
                        description: >-
                          Inner retrieval elapsed time (leg-config resolve +
                          parallel legs + RRF fusion).
                      k:
                        type: integer
                        description: RRF rank constant.
        '400':
          description: Validation error (missing or oversized query, server error)
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
        '401':
          description: Authentication required
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: Authentication Required
        '429':
          description: Rate limit exceeded (default 20 / minute / user)
          content:
            application/json:
              schema:
                type: object
                properties:
                  success:
                    type: boolean
                    example: false
                  message:
                    type: string
                    example: Too many content searches. Try again in a moment.
      security:
        - apiKeyAuth: []
components:
  securitySchemes:
    apiKeyAuth:
      type: apiKey
      in: header
      name: x-access-token
      description: JWT token passed in x-access-token header

````