chore: clean up README files after repository cleanup

README.md

@@ -70,11 +70,8 @@ python app.py
 Then access:
 - **Gradio UI**: `http://localhost:7860`
 - **FastAPI Docs**: `http://localhost:8000/docs`
-- **Next.js Frontend** (optional): `cd frontend && npm install && npm run dev` → `http://localhost:3000`
-  - Use the role selector in the header to switch between viewer, editor, admin, or owner roles
-  - UI automatically shows/hides features based on selected role
 
-> **Security Note:** REST requests that hit protected endpoints must include both `x-tenant-id` and `x-user-role` headers. Roles (`viewer`, `editor`, `admin`, `owner`) determine which actions—such as document ingestion, rule uploads, or analytics access—the caller may perform. The Next.js frontend automatically sends the selected role in all API requests.
+> **Security Note:** REST requests that hit protected endpoints must include both `x-tenant-id` and `x-user-role` headers. Roles (`viewer`, `editor`, `admin`, `owner`) determine which actions—such as document ingestion, rule uploads, or analytics access—the caller may perform.
 
 ---
 
@@ -110,7 +107,7 @@ Then access:
   - **Real-Time Visualizations**: Reasoning path visualizer, tool invocation timeline, and tenant activity heatmap
 - 🌐 **Live Web Search** – Google Programmable Search (Custom Search API) with tenant-aware MCP tooling
 - 🏢 **Multi-Tenant Isolation** – Complete tenant isolation with centralized tenant ID management; backend enforces strict isolation for chat, ingestion, and admin ops
-- 🔐 **Fine-Grained Role-Based Access Control (RBAC)** – Four-tier role system (viewer, editor, admin, owner) with dynamic UI visibility and backend permission enforcement; frontend automatically shows/hides features based on role
+- 🔐 **Fine-Grained Role-Based Access Control (RBAC)** – Four-tier role system (viewer, editor, admin, owner) with backend permission enforcement
 - 🔄 **Intelligent Multi-Tool Orchestration** – MCP agent orchestrator autonomously selects optimal tool chains (RAG + Web + LLM, etc.) based on query intent, context, latency predictions, and previous tool outputs. Context-aware routing enables sophisticated tool skipping for efficiency
 - ⚡ **Robust Error Handling** – Structured error responses, retry mechanisms, and graceful fallbacks (e.g., if RAG fails → fallback to LLM-only)
 - 📡 **Streaming Responses** – Chat responses stream character-by-character using Server-Sent Events (SSE) for real-time user experience
@@ -169,7 +166,7 @@ Subsequent tool calls with the same `session_id` will receive a `memory` field c
 
 ## Role-Based Access Control (RBAC)
 
-IntegraChat implements fine-grained role-based access control (RBAC) for both backend API endpoints and frontend UI. This ensures that users only see and can access features appropriate for their role level.
+IntegraChat implements fine-grained role-based access control (RBAC) for backend API endpoints. This ensures that users can only access features appropriate for their role level.
 
 ### Roles
 
@@ -231,7 +228,7 @@ PERMISSIONS = {
 
 **Role Propagation:**
 The user role is automatically propagated through the entire request pipeline:
-1. Frontend sends `x-user-role` header
+1. Client sends `x-user-role` header
 2. Backend API route receives and validates role
 3. Role is passed to service layer (`process_ingestion()`, etc.)
 4. Service layer passes role to MCP clients
@@ -252,40 +249,11 @@ If the role lacks permission, the API returns `403 Forbidden` with a descriptive
 - Which roles are allowed for the action
 - Instructions to change role in the UI
 
-### Frontend RBAC
-
-The frontend UI dynamically shows/hides features based on the selected role:
-
-**Role Selector:**
-- Located in the header navigation
-- Dropdown to switch between roles (viewer, editor, admin, owner)
-- Role is persisted in localStorage
-- Changes take effect immediately across all pages
-
-**Conditional UI Visibility:**
-- **Navigation Links**: Only relevant links shown (e.g., editor doesn't see "Analytics" or "Admin Rules")
-- **Page Sections**: Entire sections hidden if user lacks permission
-- **Action Buttons**: Delete buttons hidden for editor role
-- **Access Denied Pages**: Friendly error messages when accessing restricted routes
-
-**Protected Routes:**
-- `/ingestion` - Editor, Admin, Owner only
-- `/analytics` - All roles can view (viewer, editor, admin, owner)
-- `/admin-rules` - Admin, Owner only
-
-**Implementation:**
-- Permission utilities in `frontend/lib/permissions.ts`
-- Conditional rendering in components based on role
-- Access denied pages with clear messaging
-
 ### Using RBAC
 
-1. **Change Role**: Use the role dropdown in the header to switch roles
-2. **Verify Permissions**: UI automatically updates to show only permitted features
-3. **API Requests**: Role is automatically sent as `x-user-role` header
-4. **Error Handling**: Access denied pages guide users on required roles
-
-**Note**: Role changes are immediate and affect both UI visibility and API permissions. The role persists across page refreshes via localStorage.
+1. **Set Role**: Include `x-user-role` header in API requests with one of: `viewer`, `editor`, `admin`, or `owner`
+2. **Verify Permissions**: Backend enforces role-based access automatically
+3. **Error Handling**: API returns `403 Forbidden` with clear error messages when role lacks required permissions
 
 ---
 
@@ -301,7 +269,6 @@ IntegraChat includes three powerful visualization components that provide real-t
   - Detailed metrics per step (latency, hit counts, token estimates)
   - Visual icons for each step type
 - **Where to find it**: 
-  - Next.js frontend: Chat panel (expand "Visualizations" section)
   - Gradio app: Debug & Reasoning tab
 - **Data source**: `reasoning_trace` from agent responses
 
@@ -313,7 +280,6 @@ IntegraChat includes three powerful visualization components that provide real-t
   - Result count badges
   - Summary statistics (total tools, total time, average latency)
 - **Where to find it**: 
-  - Next.js frontend: Chat panel (expand "Visualizations" section)
   - Gradio app: Debug & Reasoning tab
 - **Data source**: `tool_traces` from agent responses
 
@@ -325,7 +291,7 @@ IntegraChat includes three powerful visualization components that provide real-t
   - Per-tool usage trends with bar charts
   - Trend indicators (up/down/stable)
 - **Where to find it**: 
-  - Next.js frontend: Analytics page (`/analytics`)
+  - Gradio app: Admin Analytics tab
   - Configurable time window (default: 7 days)
 - **Data source**: `/analytics/activity` and `/analytics/tool-usage` endpoints
 
@@ -413,13 +379,6 @@ IntegraChat includes three powerful visualization components that provide real-t
    ```
    Access at `http://localhost:7860`
 
-   **Next.js Frontend** (optional, modern UI):
-   ```bash
-   cd frontend
-   npm install
-   npm run dev
-   ```
-   Access at `http://localhost:3000`
 
 ## Usage
 
@@ -469,33 +428,6 @@ The Gradio UI provides a comprehensive interface with five main tabs:
 
 > **💡 Tip:** Every action requires a Tenant ID. The Tenant ID persists across page refreshes and is managed centrally.
 
-### Next.js Frontend (`frontend/`)
-
-The modern Next.js operator console provides dedicated pages for each workflow:
-
-| Route | Description |
-| --- | --- |
-| `/` | Landing page with hero section and quick access panels |
-| `/ingestion` | Data ingestion walkthrough (text/URL/files) with document management |
-| `/chat` | Chat console with MCP agent integration |
-| `/analytics` | Analytics overview with visualizations |
-| `/admin-rules` | Admin rule management interface |
-| `/knowledge-base` | Document library with search, filter, and delete functionality |
-
-**Key Features:**
-- **Centralized Tenant ID Management** – Global React Context with localStorage persistence
-- **Document Management** – Full CRUD operations for knowledge base
-- **Improved Error Handling** – Clear error messages with retry options
-- **Real-time Updates** – Automatic refresh after operations
-- **Modern UI** – Tailwind CSS with responsive design
-
-**To run:**
-```bash
-cd frontend
-npm install
-npm run dev
-```
-Then open `http://localhost:3000`. The tenant ID selector is available in the navbar on all pages.
 
 ---
 
@@ -555,7 +487,7 @@ All endpoints are served by the FastAPI backend at `http://localhost:8000`. Most
 IntegraChat includes three powerful visualization components that provide real-time insights into agent behavior and system activity:
 
 #### 1. Real-Time Reasoning Visualizer
-- **Location**: Chat panel (Next.js frontend) and Debug tab (Gradio app)
+- **Location**: Debug tab (Gradio app)
 - **Features**:
   - Step-by-step visualization of agent reasoning path
   - Animated progression through reasoning steps
@@ -566,7 +498,7 @@ IntegraChat includes three powerful visualization components that provide real-t
 - **Usage**: Automatically appears in chat panel when agent responses include reasoning traces
 
 #### 2. Tool Invocation Timeline
-- **Location**: Chat panel (Next.js frontend) and Debug tab (Gradio app)
+- **Location**: Debug tab (Gradio app)
 - **Features**:
   - Visual timeline showing tool execution order
   - Color-coded bars indicating tool status (success/error)
@@ -595,7 +527,7 @@ Most endpoints require:
 - `x-tenant-id`: Tenant identifier for multi-tenant isolation
 - `x-user-role`: Caller role for RBAC enforcement (`viewer`, `editor`, `admin`, or `owner`)
   - **Important**: Role must be passed through the entire pipeline (UI → API → RAG Client → MCP Server)
-  - Role is automatically propagated from the frontend to backend API, then to RAG client, and finally to MCP server for permission checks
+  - Role is automatically propagated from the API request to backend API, then to RAG client, and finally to MCP server for permission checks
   - If ingestion fails with permission errors, verify the role is set correctly in the UI and check backend logs for role propagation debug messages
 - `Content-Type: application/json`: For POST requests with JSON payloads
 
@@ -621,8 +553,8 @@ IntegraChat follows a modular architecture with clear separation of concerns:
 
 ```
 ┌─────────────────┐
-│   Frontend UI   │  (Gradio + Next.js)
-│  Port 7860/3000 │
+│   Frontend UI   │  (Gradio)
+│    Port 7860    │
 └────────┬────────┘
          │
          ▼
@@ -689,7 +621,7 @@ IntegraChat uses **dual-backend storage** with automatic fallback for production
 - Perfect for local development
 - Automatic fallback when Supabase not configured
 
-**Migration:** Use `python migrate_sqlite_to_supabase.py` to migrate existing SQLite data to Supabase. See `SUPABASE_SETUP.md` for detailed instructions.
+**Migration:** To migrate existing SQLite data to Supabase, refer to Supabase documentation for data migration strategies.
 
 ---
 
@@ -709,17 +641,7 @@ IntegraChat supports Supabase for production-ready storage of admin rules and an
    SUPABASE_SERVICE_KEY=your_service_role_key_here
    ```
 
-3. **Migrate existing data** (optional):
-   ```bash
-   python migrate_sqlite_to_supabase.py
-   ```
-
-4. **Verify setup**:
-   ```bash
-   python verify_supabase_setup.py
-   ```
-
-See `SUPABASE_SETUP.md` and `SUPABASE_MIGRATION_COMPLETE.md` for detailed instructions and troubleshooting.
+3. **Verify setup**: Check that your Supabase project is accessible and tables are created correctly.
 
 ---
 
@@ -757,7 +679,7 @@ See `SUPABASE_SETUP.md` and `SUPABASE_MIGRATION_COMPLETE.md` for detailed instru
 - **Solution**:
   - Verify `SUPABASE_URL` and `SUPABASE_SERVICE_KEY` in `.env` (no quotes, no spaces)
   - Use **service_role** key (not anon key) from Supabase Dashboard
-  - Run `python verify_supabase_setup.py` to check configuration
+  - Verify Supabase credentials in `.env` file
   - Ensure tables exist: run SQL scripts in Supabase SQL Editor
   - Check FastAPI startup logs for backend detection messages
 
@@ -809,26 +731,32 @@ See `SUPABASE_SETUP.md` and `SUPABASE_MIGRATION_COMPLETE.md` for detailed instru
 #### Tenant Isolation Issues
 - **Issue**: Documents or data leaking between tenants
 - **Solution**:
-  - Run `python verify_tenant_isolation.py` to test isolation
   - Check database queries include `WHERE tenant_id = ...` filters
   - Verify tenant ID normalization is working correctly
-  - Review `python check_rag_database.py` output for tenant IDs
+  - Review database logs for tenant isolation
 
 ### Getting Help
 
 1. **Check Logs**: Review FastAPI and MCP server logs for detailed error messages
 2. **Run Diagnostics**: Use helper scripts in the Testing & Diagnostics section
-3. **Verify Configuration**: Run `python verify_supabase_setup.py` and check `.env` file
+3. **Verify Configuration**: Check `.env` file and Supabase connection
 4. **Review Documentation**: See `backend/README.md` for backend-specific issues
 
 ---
 
 ## Testing & Diagnostics
 
-IntegraChat ships with several helper scripts to validate the full stack end-to-end:
+You can test the system by:
+
+- **API Testing**: Use the FastAPI interactive docs at `http://localhost:8000/docs` to test endpoints
+- **Database Inspection**: Connect directly to your PostgreSQL/Supabase instance to verify tenant isolation
+- **Log Monitoring**: Check FastAPI and MCP server logs for detailed error messages and debugging information
+
+> **Tip:** Ensure the Python virtual environment is active (`source venv/bin/activate` or `.\venv\Scripts\activate`) and that `.env` contains the MCP server URLs/LLM settings.
+
+---
 
-- `python verify_tenant_isolation.py`  
-  Runs a comprehensive suite that covers analytics logging, admin rule storage, API reachability, and—most importantly—multi-tenant RAG isolation.  
+## Demo Video  
   - ✅ **Prerequisites:** FastAPI backend plus all MCP servers (RAG/Web/Admin) running locally.  
   - ✅ **What it checks:**  
     1. Direct database writes via the analytics and rules stores  
@@ -851,7 +779,7 @@ IntegraChat ships with several helper scripts to validate the full stack end-to-
 - `python test_manual.py`  
   The existing manual test runner remains useful for smoke-testing analytics logging, admin rule CRUD, and API response codes. Run it whenever you adjust schemas or update MCP endpoints.
 
-> **Tip:** All scripts assume the Python virtual environment is active (`source venv/bin/activate` or `.\venv\Scripts\activate`) and that `.env` contains the MCP server URLs/LLM settings noted earlier.
+> **Tip:** Ensure the Python virtual environment is active (`source venv/bin/activate` or `.\venv\Scripts\activate`) and that `.env` contains the MCP server URLs/LLM settings.
 
 ---
 
@@ -896,11 +824,8 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
 
 ### Frontend
 - **Gradio UI**: Full-featured interface with Plotly visualizations (`app.py`)
-- **Next.js Console**: Modern React-based operator console (`frontend/`)
 - **UI Libraries**: 
   - Plotly for interactive charts and visualizations
-  - Tailwind CSS for modern styling (Next.js)
-  - React 19 with TypeScript
 
 ### Data Storage
 - **RAG Vector Store**: PostgreSQL with pgvector extension (via Supabase or direct connection)
@@ -1027,7 +952,7 @@ This project is licensed under the MIT License - see the [LICENSE](LICENSE) file
   - Longer conversation support
   - Better agent coherence across extended interactions
   - Improved performance through structured context
-- **Documentation**: See `ANTHROPIC_CONTEXT_ENGINEERING.md` and `CONTEXT_ENGINEERING_IMPLEMENTATION.md` for detailed implementation
+- **Documentation**: Context engineering features are integrated throughout the agent orchestrator and MCP server
 
 ### UI Improvements
 - **Modern Drag-and-Drop**: Intuitive file upload with visual feedback

backend/README.md

@@ -64,7 +64,7 @@ cp env.example .env   # update MCP URLs + LLM settings
    celery -A backend.workers.analytics_worker worker --loglevel=info
    ```
 
-The Gradio UI (`python app.py`) and the Next.js operator console (see `frontend/README.md`) both talk to the FastAPI layer at `http://localhost:8000`.
+The Gradio UI (`python app.py`) talks to the FastAPI layer at `http://localhost:8000`.
 
 ## Key Endpoints
 
@@ -87,16 +87,13 @@ Refer to the root `README.md` for the complete endpoint tables.
 
 ## Diagnostics & Tenant Isolation
 
-Use the helper scripts in the repo root when validating backend changes:
+When validating backend changes:
 
-- `python verify_tenant_isolation.py` – Exercises analytics logging, admin rule CRUD, API reachability, and proves RAG tenant isolation by ingesting + querying as multiple tenants.
-- `python check_rag_database.py` – Talks directly to the pgvector database to list tenant IDs, preview stored chunks, and run safeguarded searches via `search_vectors()`. Helpful when troubleshooting suspected cross-tenant leakage.
-- `python verify_supabase_setup.py` – Verifies Supabase configuration and shows which backend (Supabase or SQLite) each store is using.
-- `python check_supabase_rules.py` – Checks Supabase admin rules configuration and RLS policies.
-- `python migrate_sqlite_to_supabase.py` – One-shot migration script to copy existing SQLite data to Supabase.
-- `python test_manual.py` – Legacy manual smoke test harness (analytics store, admin rules, API surface).
+- **API Testing**: Use the FastAPI interactive docs at `http://localhost:8000/docs` to test endpoints
+- **Database Inspection**: Connect directly to your PostgreSQL/Supabase instance to verify tenant isolation and check that documents are tagged with the correct `tenant_id`
+- **Log Monitoring**: Check FastAPI and MCP server logs for detailed error messages and debugging information
 
-> **Troubleshooting tip:** If the isolation script reports a failure, first run `check_rag_database.py` to confirm documents are tagged with the correct `tenant_id`, then restart the unified MCP server so it reloads the updated SQL filtering logic.
+> **Troubleshooting tip:** If you suspect tenant isolation issues, check database queries to confirm they include `WHERE tenant_id = ...` filters, then restart the unified MCP server so it reloads the updated SQL filtering logic.
 
 ## Recent Improvements
 
@@ -135,7 +132,7 @@ Use the helper scripts in the repo root when validating backend changes:
 - **Configuration**: Tune behavior via environment variables:
   - `MCP_MEMORY_MAX_ITEMS`: Maximum number of tool outputs to keep per session (default: 10)
   - `MCP_MEMORY_TTL_SECONDS`: Time-to-live for memory entries in seconds (default: 900)
-- **Comprehensive Testing**: Full test suite in `backend/tests/test_conversation_memory.py` covering storage, retrieval, expiration, and multi-step workflows
+- **Comprehensive Testing**: Conversation memory system tested through integration with agent orchestrator
 
 ### AI-Generated KB Metadata
 
@@ -199,7 +196,7 @@ Every tool now returns strict JSON schemas for consistency:
 - **Improved Error Handling**: 
   - Permission errors (403) return clear messages with actionable guidance
   - Error messages specify which roles are allowed for each action
-  - Frontend displays user-friendly error messages with instructions
+  - Error messages specify which roles are allowed for each action
 - **Debug Logging**: Added debug logging in route handlers and services to trace role values:
   - Logs role received in route handler
   - Logs role passed to process_ingestion
@@ -255,15 +252,15 @@ The rule enhancement system includes intelligent fallback mechanisms:
 
 This ensures users always receive useful rule explanations even when the LLM service is unavailable or slow.
 
-### Real-Time Visualization Components (Next.js Frontend)
+### Real-Time Visualization Components (Gradio UI)
 
-The Next.js frontend includes three powerful visualization components:
+The Gradio UI includes powerful visualization components:
 
-- **Reasoning Path Visualizer**: Step-by-step visualization of agent reasoning with animated progression, status indicators, and detailed metrics. Integrated into chat panel.
-- **Tool Invocation Timeline**: Visual timeline showing tool execution order, latency, and result counts. Integrated into chat panel.
-- **Tenant Activity Heatmap**: Query activity heatmap and per-tool usage trends. Integrated into analytics page.
+- **Reasoning Path Visualizer**: Step-by-step visualization of agent reasoning with status indicators and detailed metrics. Available in Debug & Reasoning tab.
+- **Tool Invocation Timeline**: Visual timeline showing tool execution order, latency, and result counts. Available in Debug & Reasoning tab.
+- **Analytics Dashboard**: Query activity and per-tool usage trends. Available in Admin Analytics tab.
 
-All visualizations are accessible to all roles and automatically populate when agent responses include `reasoning_trace` and `tool_traces` data.
+All visualizations automatically populate when agent responses include `reasoning_trace` and `tool_traces` data.
 
 ### Context Engineering (Latest)
 
@@ -298,7 +295,7 @@ The system implements comprehensive context engineering strategies based on Anth
   - Better agent coherence across extended interactions
   - Improved performance through structured context
 
-See `ANTHROPIC_CONTEXT_ENGINEERING.md` and `CONTEXT_ENGINEERING_IMPLEMENTATION.md` in the root directory for detailed documentation.
+Context engineering features are integrated throughout the agent orchestrator and MCP server.
 
 ## Environment Variables (excerpt)
 
@@ -313,7 +310,6 @@ Defined in `env.example`:
 - `OLLAMA_URL`, `OLLAMA_MODEL` (or `GROQ_API_KEY` + `LLM_BACKEND=groq`)
 - `SUPABASE_URL`, `SUPABASE_SERVICE_KEY` - **Required for Supabase backend** (admin rules + analytics)
   - If not set, the system automatically falls back to SQLite in `data/` directory
-  - See `SUPABASE_SETUP.md` in the root directory for detailed setup instructions
 - `GOOGLE_SEARCH_API_KEY`, `GOOGLE_SEARCH_CX_ID` - Credentials for Google Programmable Search used by `web.search`
 - `MCP_MEMORY_MAX_ITEMS` - Maximum number of tool outputs to keep per session (default: 10)
 - `MCP_MEMORY_TTL_SECONDS` - Time-to-live for memory entries in seconds (default: 900)
@@ -339,15 +335,9 @@ Both `RulesStore` and `AnalyticsStore` support dual-backend storage with automat
    SUPABASE_SERVICE_KEY=your_service_role_key_here
    ```
 
-3. **Verify configuration**:
-   ```bash
-   python verify_supabase_setup.py
-   ```
+3. **Verify configuration**: Check that your Supabase project is accessible and tables are created correctly.
 
-4. **Migrate existing data** (if you have SQLite data):
-   ```bash
-   python migrate_sqlite_to_supabase.py
-   ```
+4. **Migrate existing data** (if you have SQLite data): Use Supabase migration tools or database export/import methods.
 
 ### How It Works
 
@@ -364,7 +354,7 @@ Both `RulesStore` and `AnalyticsStore` support dual-backend storage with automat
 - **Admin Rules**: `admin_rules` table in Supabase
 - **Analytics**: `tool_usage_events`, `redflag_violations`, `rag_search_events`, `agent_query_events`
 
-See `SUPABASE_SETUP.md` and `SUPABASE_MIGRATION_COMPLETE.md` in the root directory for detailed instructions and troubleshooting.
+For detailed Supabase setup instructions, refer to the Supabase documentation and ensure tables are created correctly.
 
 ## Unified MCP tool instructions
 
@@ -406,12 +396,12 @@ Agents that speak the Model Context Protocol should connect to the `integrachat`
 
 ### Document Ingestion Permission Errors
 - **403 Forbidden**: If you see "Role 'viewer' is not permitted to perform 'ingest_documents'":
-  - Change your role in the UI dropdown (top right) from "viewer" to "editor", "admin", or "owner"
+  - Ensure the `x-user-role` header is set to "editor", "admin", or "owner"
   - Verify `x-user-role` header is being sent correctly (check backend logs for `🔍 DEBUG:` messages)
   - Check that role is being propagated through the pipeline: route handler → process_ingestion → RAG client → MCP server
   - Review debug logs to see where role might be getting lost or defaulting to "viewer"
 - **Role Propagation**: The role must flow through:
-  1. UI sends `x-user-role` header
+  1. Client sends `x-user-role` header
   2. Route handler receives it as `x_user_role` parameter
   3. Route handler passes it to `process_ingestion(user_role=...)`
   4. `process_ingestion` passes it to `rag_client.ingest_with_metadata(user_role=...)`
@@ -422,15 +412,15 @@ Agents that speak the Model Context Protocol should connect to the `integrachat`
 - **404 Not Found**: Verify the document_id exists and belongs to the correct tenant
 - **Tenant ID mismatch**: The system normalizes tenant IDs, but ensure you're using the same tenant_id format as when documents were ingested
 - **Check logs**: Database deletion logs show detailed information about tenant ID matching and document existence
-- **Role Propagation**: Ensure user role is being passed correctly - deletion requires `admin` or `owner` role. The role is now properly propagated from UI → API → RAG Client → MCP Server
+- **Role Propagation**: Ensure user role is being passed correctly - deletion requires `admin` or `owner` role. The role is now properly propagated from API request → API → RAG Client → MCP Server
 
 ### Rule Management Issues
 - **Timeout Errors**: If rule enhancement times out:
-  - Disable LLM enhancement in the UI (uncheck the checkbox)
+  - Disable LLM enhancement by not setting `enhance=true` in the request
   - Add rules in smaller batches (1-3 rules at a time)
   - Enhancement timeout increased to 180s per chunk (5 rules)
 - **Rule Deletion 404**: Can now delete by rule number or full text. If using number, ensure it's a valid index (1-based)
-- **Permission Errors**: Rule management requires `admin` or `owner` role. Check that role is set correctly in the UI
+- **Permission Errors**: Rule management requires `admin` or `owner` role. Check that role is set correctly in the `x-user-role` header
 
 ### Supabase Configuration Issues
 - **Data still going to SQLite**: Check that `SUPABASE_URL` and `SUPABASE_SERVICE_KEY` are set correctly in `.env` (no quotes, no spaces)