Thanks Philippe! You guys have been super helpful on slack!

That's a good point, it might make sense to clarify that for individuals who want to self-host. I'll make the change, thanks!

Most organizations are going to be self hosting on aws, gcp or azure... So as long as you use their inference services as your LLM then you can keep it all within the private network

So it depends on the app - e.g., Google has domain-wide delegation where the workspace admin can provide service account creds that allow us to impersonate all users in the workspace and index all their files/email. During indexing, we determine the users/groups who have permissions file and persist that in the db. (It's not perfect, because Google Drive permission model is a bit complex, but I'm working on it.) This model is much simpler than doing per-user OAuth.

In general, the goal is to use an org-wide installation method wherever possible, and record the identify of the user we are impersonating when ingesting data in the ACL. There are some gaps in the permission-gathering step in some of the connectors, I'm still working on fixing those.

is this AI?

So far both projects are quite similar… the only major difference being the search index. Onyx uses vespa.ai for BM25 and vector search, I decided to go down the Postgres-only route.

Thank you!

Currently permissions are handled in the app layer - it's simply a WHERE clause filter that restricts access to only those records that the user has read permissions for in the source. But I plan to upgrade this to use RLS in Postgres eventually.

For Slack specifically, right now the connector only indexes public channels. For private channels, I'm still working on full permission inheritance - capturing all channel members, and giving them read permissions to messages indexed from that channel. It's a bit challenging because channel members can change over time, and you'll have to keep permissions updated in real-time.

I've done small scale experiments with up to 100-500k rows, and did not notice any significant degradation in search query latency - p95 still well under 1s.

I haven't directly compared against Elasticsearch yet, but I plan to do that next and publish some numbers. There's a benchmark harness setup already: https://github.com/getomnico/omni/tree/master/benchmarks, but there's a couple issues with it right now that I need to address first before I do a large scale run (the ParadeDB index settings need some tuning).

LLM bot.

we have a pretty intensively used postgres backed app handling thousands of users concurrently. After 6 years and thousands of paying custoners, we are only now approaching to the limits of what it can support on the horizon. TLDR: when you get there, you can hire some people to help you break things off as needed. if you're still trying to prove your business model and carve yoruself a segment of the market, just use postgres

Yeah, Omni uses Postgres and pgvector for search. ParadeDB is essentially just Postgres with the pgsearch extension that brings in Tantivy, a full-text search engine (like Apache Lucene).

Tangeant: Why is integrating with teams SO difficult?

I started parsing its system logs to create entries in our system automatically to book my times - just not todeal with their silly REST api requirements.

Not yet, there’s a Microsoft connector implementation, but it only does Sharepoint, OneDrive, Outlook etc. and I haven’t tested it thoroughly yet. Teams required some special setup to work IIRC, so I skipped it. Will keep it on the roadmap though!

Thank you!

Typical RAG implementations I’ve seen take the user query and directly run it against the full-text search and embedding indexes. This produces sub-par results because the query embedding doesn’t really capture fully what the user is really looking for.

A better solution is to send the user query to the LLM, and let it construct and run queries against the index via tool calling. Nothing too ground-breaking tbh, pretty much every AI search agent does this now. But it produces much better results.

Oops, sorry! That page is still a WIP, haven't pushed it yet. The plan was to expose the main search and chat APIs so that users can build integrations with third-party messaging apps (e.g. Slack), but haven't gotten around to properly documenting all the APIs yet.

Fair point, although I think we have OpenAI to blame for that - for buying chat.com and pointing it to the most popular textual AI interface of them all :)