Upload bios_controller.py with huggingface_hub

bios_controller.py

@@ -3,7 +3,7 @@
 ║                                                                              ║
 ║   BIOS — Business Idea Operating System                                      ║
 ║   Model Controller  ·  bios_controller.py                                   ║
-║   Version: 1.0.0  ·  Kernel: BIOS-kernel-v1                                 ║
+║   Version: 1.0.0  ·  Kernel: BIOS-Insight-v1                                 ║
 ║                                                                              ║
 ║   "We don't just analyse businesses. We illuminate them."                    ║
 ║                                                                              ║
@@ -25,47 +25,60 @@ import os
 import re
 import time
 import uuid
+import base64
 from dataclasses import dataclass, field, asdict
 from datetime import datetime, timezone
 from enum import Enum
 from typing import Any, Optional
 
-import psycopg                          # psycopg v3  (pip install psycopg[binary])
-from psycopg.rows import dict_row
+try:
+    from cryptography.hazmat.primitives.ciphers.aead import AESGCM  # pyright: ignore[reportMissingImports]
+    CRYPTOGRAPHY_AVAILABLE = True
+except Exception:
+    CRYPTOGRAPHY_AVAILABLE = False
+
+try:
+    import psycopg                      # psycopg v3  (pip install psycopg[binary])  # pyright: ignore[reportMissingImports]
+    from psycopg.rows import dict_row as psycopg_dict_row  # pyright: ignore[reportMissingImports]
+    PSYCOPG_AVAILABLE = True
+except Exception:
+    psycopg = None
+    psycopg_dict_row = None
+    PSYCOPG_AVAILABLE = False
 
 # ── Optional: HuggingFace Inference  (pip install huggingface_hub) ──────────
 try:
-    from huggingface_hub import InferenceClient
+    from huggingface_hub import InferenceClient  # pyright: ignore[reportMissingImports]
     HF_AVAILABLE = True
-except ImportError:
+except Exception:
     HF_AVAILABLE = False
 
 # ── Optional: Groq client for llama-3.3-70b  (pip install groq) ─────────────
 try:
-    from groq import Groq
+    from groq import Groq  # pyright: ignore[reportMissingImports]
     GROQ_AVAILABLE = True
-except ImportError:
+except Exception:
     GROQ_AVAILABLE = False
 
 # ── Optional: OpenAI  (pip install openai) ────────────────────────────
 try:
-    import openai
+    import openai  # pyright: ignore[reportMissingImports]
     OPENAI_AVAILABLE = True
-except ImportError:
+except Exception:
     OPENAI_AVAILABLE = False
 
 # ── Optional: Gemini  (pip install google-generativeai) ───────────────
 try:
-    import google.generativeai as genai
+    import google.generativeai as genai  # pyright: ignore[reportMissingImports]
     GEMINI_AVAILABLE = True
-except ImportError:
+except Exception:
     GEMINI_AVAILABLE = False
 
 # ── Optional: Anthropic  (pip install anthropic) ────────────────────────────
 try:
-    import anthropic
+    import anthropic  # pyright: ignore[reportMissingImports]
     ANTHROPIC_AVAILABLE = True
-except ImportError:
+except Exception:
     ANTHROPIC_AVAILABLE = False
 
 
@@ -81,6 +94,129 @@ logging.basicConfig(
 log = logging.getLogger("bios.controller")
 
 
+# ═══════════════════════════════════════════════════════════════════════════════
+# SECURITY MANAGER (AES-256-GCM)
+# ═══════════════════════════════════════════════════════════════════════════════
+
+class SecurityManager:
+    """
+    Handles high-security AES-256-GCM encryption for sensitive business data.
+    Ensures 'The Fortress' level protection for SME information.
+    """
+
+    def __init__(self, key: Optional[str] = None):
+        if not CRYPTOGRAPHY_AVAILABLE:
+            log.warning("⚠️ cryptography package not found. Data will remain in plaintext.")
+            self._aes = None
+            return
+
+        raw_key = key or os.getenv("BIOS_ENCRYPTION_KEY")
+        if not raw_key:
+            log.warning("⚠️ BIOS_ENCRYPTION_KEY not set. Security disabled.")
+            self._aes = None
+            return
+
+        try:
+            # Ensure key is 32 bytes for AES-256
+            key_bytes = raw_key.encode("utf-8")
+            if len(key_bytes) > 32:
+                key_bytes = key_bytes[:32]
+            elif len(key_bytes) < 32:
+                key_bytes = key_bytes.ljust(32, b"0")
+            
+            self._aes = AESGCM(key_bytes)
+            log.info("🔒 BIOS Security Manager initialized (AES-256-GCM)")
+        except Exception as e:
+            log.error(f"❌ Failed to initialize Security Manager: {e}")
+            self._aes = None
+
+    def encrypt(self, plaintext: str) -> str:
+        """Encrypt string data to base64-encoded ciphertext."""
+        if not self._aes or not plaintext:
+            return plaintext
+        
+        try:
+            nonce = os.urandom(12)
+            ct = self._aes.encrypt(nonce, plaintext.encode("utf-8"), None)
+            # Combine nonce + ciphertext and encode
+            return base64.b64encode(nonce + ct).decode("utf-8")
+        except Exception as e:
+            log.error(f"Encryption failed: {e}")
+            return plaintext
+
+    def decrypt(self, ciphertext: str) -> str:
+        """Decrypt base64 ciphertext back to plaintext."""
+        if not self._aes or not ciphertext:
+            return ciphertext
+        
+        try:
+            data = base64.b64decode(ciphertext)
+            nonce, ct = data[:12], data[12:]
+            pt = self._aes.decrypt(nonce, ct, None)
+            return pt.decode("utf-8")
+        except Exception as e:
+            # If decryption fails (e.g. data wasn't encrypted), return as-is
+            return ciphertext
+
+
+# ═══════════════════════════════════════════════════════════════════════════════
+# USER & CREDIT MANAGER (The Fortress)
+# ═══════════════════════════════════════════════════════════════════════════════
+
+class UserManager:
+    """
+    Handles user accounts, credits, and refills in NeonDB.
+    Initial: 1000 credits. Daily Refill: 500 credits.
+    """
+
+    def __init__(self, database_url: str):
+        self.db_url = database_url
+
+    def ensure_user_exists(self, email: str, business_name: str) -> str:
+        """Create user if not exists, return user_id."""
+        sql = """
+            INSERT INTO users (email, business_name, credits, last_refill)
+            VALUES (%s, %s, 1000, NOW())
+            ON CONFLICT (email) DO UPDATE SET business_name = EXCLUDED.business_name
+            RETURNING id, credits
+        """
+        with psycopg.connect(self.db_url) as conn:
+            with conn.cursor(row_factory=psycopg_dict_row) as cur:
+                cur.execute(sql, (email, business_name))
+                row = cur.fetchone()
+                conn.commit()
+                return str(row["id"])
+
+    def check_and_refill_credits(self, user_id: str) -> int:
+        """Check if daily refill is due (24h), apply it, return current balance."""
+        sql_check = "SELECT credits, last_refill FROM users WHERE id = %s"
+        sql_refill = "UPDATE users SET credits = credits + 500, last_refill = NOW() WHERE id = %s RETURNING credits"
+        
+        with psycopg.connect(self.db_url) as conn:
+            with conn.cursor(row_factory=psycopg_dict_row) as cur:
+                cur.execute(sql_check, (user_id,))
+                user = cur.fetchone()
+                if not user: return 0
+                
+                last_refill = user["last_refill"]
+                if datetime.now(timezone.utc) - last_refill > timedelta(days=1):
+                    cur.execute(sql_refill, (user_id,))
+                    user = cur.fetchone()
+                    conn.commit()
+                
+                return user["credits"]
+
+    def deduct_credits(self, user_id: str, amount: int) -> bool:
+        """Deduct credits if balance is sufficient."""
+        sql = "UPDATE users SET credits = credits - %s WHERE id = %s AND credits >= %s RETURNING credits"
+        with psycopg.connect(self.db_url) as conn:
+            with conn.cursor() as cur:
+                cur.execute(sql, (amount, user_id, amount))
+                row = cur.fetchone()
+                conn.commit()
+                return row is not None
+
+
 # ═══════════════════════════════════════════════════════════════════════════════
 # ENUMS & CONSTANTS
 # ═══════════════════════════════════════════════════════════════════════════════
@@ -102,10 +238,14 @@ class ModelVariant(str, Enum):
     BIOS_INSIGHT    = "bios_insight"    # Fine-tuned BIOS-Insight-v1
 
 
-# Model identifiers
+# Model identifiers (BIOS-Insight fine-tune — override with HF_BIOS_MODEL_ID in .env)
+def _bios_insight_model_id() -> str:
+    return os.getenv("HF_BIOS_MODEL_ID", "isaaclk907/BIOS-Insight-v1")
+
+
 MODEL_IDS = {
     ModelVariant.BASE:         "meta-llama/llama-3.3-70b-versatile",
-    ModelVariant.BIOS_INSIGHT: "BIOS-kernel/BIOS-Insight-v1",         # future HF repo
+    ModelVariant.BIOS_INSIGHT: _bios_insight_model_id(),
 }
 
 GROQ_MODEL_IDS = {
@@ -274,25 +414,36 @@ class DiagnosisReport:
 
     model_used:             str = ""
     generation_time_ms:     int = 0
+    inputs:                 Optional[BusinessInputs] = None
 
     def to_dict(self) -> dict:
         return {
-            "session_id":            self.session_id,
-            "business_name":         self.business_name,
+            "sessionId":             self.session_id,
+            "businessName":          self.business_name,
             "industry":              self.industry,
             "location":              self.location,
-            "generated_at":          self.generated_at,
-            "health_score":          self.health_score,
-            "health_label":          self.health_label,
-            "health_dimensions":     self.health_dimensions.to_dict(),
-            "top_3_weaknesses":      [w.to_dict() for w in self.top_3_weaknesses],
-            "growth_opportunities":  [o.to_dict() for o in self.growth_opportunities],
-            "priority_action_items": [a.to_dict() for a in self.priority_action_items],
-            "ai_narrative":          self.ai_narrative,
-            "benchmarking":          self.benchmarking,
-            "next_module":           self.next_module,
-            "model_used":            self.model_used,
-            "generation_time_ms":    self.generation_time_ms,
+            "generatedAt":           self.generated_at,
+            "healthScore": {
+                "total":             self.health_score,
+                "label":             self.health_label,
+                "dimensions": [
+                    { "dimension": "revenue_strength",    "label": "Revenue",    "score": self.health_dimensions.revenue_strength },
+                    { "dimension": "customer_retention",  "label": "Customer",   "score": self.health_dimensions.customer_retention },
+                    { "dimension": "market_position",     "label": "Market",      "score": self.health_dimensions.market_position },
+                    { "dimension": "technology_adoption", "label": "Technology",  "score": self.health_dimensions.technology_adoption },
+                    { "dimension": "growth_trajectory",   "label": "Growth",      "score": self.health_dimensions.growth_trajectory }
+                ]
+            },
+            "weaknesses":      [w.to_dict() for w in self.top_3_weaknesses],
+            "opportunities":   [o.to_dict() for o in self.growth_opportunities],
+            "actionItems":     [a.to_dict() for a in self.priority_action_items],
+            "narrative":       self.ai_narrative,
+            "benchmarking":    self.benchmarking,
+            "nextModule":      self.next_module,
+            "modelUsed":       self.model_used,
+            "generationTimeMs":self.generation_time_ms,
+            "inputs":          asdict(self.inputs) if self.inputs else None,
+            "pipeline":        "bios_controller"
         }
 
     def to_json(self, indent: int = 2) -> str:
@@ -331,6 +482,8 @@ class ModelRouter:
         # Clients initialised lazily
         self._groq_client:       Any = None
         self._hf_client:         Any = None
+        self._openai_client:     Any = None
+        self._gemini_client:     Any = None
         self._anthropic_client:  Any = None
 
         log.info(
@@ -354,10 +507,10 @@ class ModelRouter:
         if self._hf_client is None:
             if not HF_AVAILABLE:
                 raise RuntimeError("huggingface_hub not installed. Run: pip install huggingface_hub")
-            api_key = os.getenv("HF_API_KEY")
+            api_key = os.getenv("HF_API_KEY") or os.getenv("HUGGINGFACE_API_KEY")
             if not api_key:
-                raise RuntimeError("HF_API_KEY environment variable not set")
-            self._hf_client = InferenceClient(token=api_key)
+                raise RuntimeError("Set HF_API_KEY or HUGGINGFACE_API_KEY for Hugging Face inference")
+            self._hf_client = InferenceClient(token=api_key.strip())
         return self._hf_client
 
     def _get_openai(self):
@@ -395,7 +548,8 @@ class ModelRouter:
 
     def _resolve_route(self) -> tuple[ModelBackend, ModelVariant]:
         """Determine which backend + variant to actually use."""
-        if self.bios_insight_ready and HF_AVAILABLE and os.getenv("HF_API_KEY"):
+        _hf_token = os.getenv("HF_API_KEY") or os.getenv("HUGGINGFACE_API_KEY")
+        if self.bios_insight_ready and HF_AVAILABLE and _hf_token:
             return ModelBackend.HF_INFERENCE, ModelVariant.BIOS_INSIGHT
         if OPENAI_AVAILABLE and os.getenv("OPENAI_API_KEY"):
             return ModelBackend.OPENAI, ModelVariant.BASE
@@ -459,13 +613,25 @@ class ModelRouter:
             {"role": "system", "content": system},
             {"role": "user",   "content": user},
         ]
-        response = client.chat_completion(
-            messages=messages,
-            model=model,
-            max_tokens=self.max_tokens,
-            temperature=self.temperature,
-        )
-        return response.choices[0].message.content, f"hf/{model}"
+        try:
+            response = client.chat_completion(
+                messages=messages,
+                model=model,
+                max_tokens=self.max_tokens,
+                temperature=self.temperature,
+            )
+            return response.choices[0].message.content, f"hf/{model}"
+        except Exception as e:
+            # Many uploaded causal LMs only expose text-generation, not chat templates
+            log.warning("HF chat_completion failed (%s); trying text_generation", e)
+            prompt = f"{system}\n\n{user}"
+            text = client.text_generation(
+                prompt,
+                model=model,
+                max_new_tokens=min(self.max_tokens, 2048),
+                temperature=self.temperature,
+            )
+            return text, f"hf/{model}"
 
     def _infer_openai(self, system: str, user: str) -> tuple[str, str]:
         client = self._get_openai()
@@ -847,7 +1013,8 @@ You always respond in valid JSON with this exact structure:
 
 Rules:
 - Be specific with numbers from the data provided
-- Use the language specified in preferred_language
+- Use the language specified in preferred_language. 
+- If preferred_language is "Both", provide the response in both English and Burmese (e.g., paragraph by paragraph or section by section).
 - Never be generic — reference the actual business, industry, and goals
 - Tone: elite advisory, not chatbot small talk"""
 
@@ -909,31 +1076,16 @@ Generate the executive narrative JSON now."""
 class NeonDBWriter:
     """
     Persists BIOS diagnosis reports to NeonDB (PostgreSQL) via psycopg v3.
-
-    Required table (run schema_auth.sql first):
-        CREATE TABLE IF NOT EXISTS diagnoses (
-            id              UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
-            session_id      VARCHAR(255) UNIQUE NOT NULL,
-            business_name   VARCHAR(255),
-            industry        VARCHAR(100),
-            location        VARCHAR(100),
-            health_score    INTEGER,
-            health_label    VARCHAR(50),
-            health_dimensions JSONB,
-            top_3_weaknesses  JSONB,
-            growth_opportunities JSONB,
-            priority_action_items JSONB,
-            ai_narrative    TEXT,
-            benchmarking    JSONB,
-            model_used      VARCHAR(255),
-            generation_time_ms INTEGER,
-            status          VARCHAR(50) DEFAULT 'COMPLETED',
-            created_at      TIMESTAMP WITH TIME ZONE DEFAULT NOW()
-        );
+    Matches the Prisma schema in schema.prisma.
     """
 
-    def __init__(self, database_url: Optional[str] = None):
+    def __init__(self, database_url: Optional[str] = None, security: Optional[SecurityManager] = None):
+        if not PSYCOPG_AVAILABLE:
+            raise ValueError(
+                "psycopg is not available. Install it with: pip install psycopg[binary]"
+            )
         self.database_url = database_url or os.getenv("DATABASE_URL")
+        self.security = security or SecurityManager()
         if not self.database_url:
             raise ValueError(
                 "DATABASE_URL not set. Export it or pass database_url= to NeonDBWriter."
@@ -944,84 +1096,149 @@ class NeonDBWriter:
         ).replace(
             "postgres+asyncpg://", "postgresql://"
         )
+        self.user_manager = UserManager(self.database_url)
 
-    def save_report(self, report: DiagnosisReport) -> str:
+    def save_report(self, report: DiagnosisReport, user_id: Optional[str] = None) -> str:
         """
-        Upsert a DiagnosisReport into the diagnoses table.
-        Returns the session_id of the saved record.
+        Save a DiagnosisReport into the diagnoses and results tables.
+        Returns the session_id/diagnosis_id.
         """
         d = report.to_dict()
+        inp = report.inputs
+        diagnosis_id = str(uuid.uuid4())
+        session_id = d["sessionId"]
 
-        sql = """
+        # 1. Save to diagnoses table
+        sql_diagnosis = """
             INSERT INTO diagnoses (
-                session_id, business_name, industry, location,
-                health_score, health_label, health_dimensions,
-                top_3_weaknesses, growth_opportunities, priority_action_items,
-                ai_narrative, benchmarking, model_used, generation_time_ms,
-                status, created_at
+                id, user_id, session_id, status,
+                industry, location, years_in_business, monthly_revenue, team_size,
+                ideal_customer, acquisition_channels, clv, repeat_purchase_rate,
+                competitors, unique_selling_point, sales_channels,
+                operational_challenge, pain_point, tech_stack, marketing_channels,
+                marketing_budget, revenue_goals, budget_constraint,
+                tech_readiness, preferred_language, created_at, updated_at
             ) VALUES (
-                %(session_id)s, %(business_name)s, %(industry)s, %(location)s,
-                %(health_score)s, %(health_label)s, %(health_dimensions)s,
-                %(top_3_weaknesses)s, %(growth_opportunities)s, %(priority_action_items)s,
-                %(ai_narrative)s, %(benchmarking)s, %(model_used)s, %(generation_time_ms)s,
-                'COMPLETED', NOW()
+                %s, %s, %s, %s,
+                %s, %s, %s, %s, %s,
+                %s, %s, %s, %s,
+                %s, %s, %s,
+                %s, %s, %s, %s,
+                %s, %s, %s,
+                %s, %s, NOW(), NOW()
             )
-            ON CONFLICT (session_id) DO UPDATE SET
-                health_score          = EXCLUDED.health_score,
-                health_label          = EXCLUDED.health_label,
-                health_dimensions     = EXCLUDED.health_dimensions,
-                top_3_weaknesses      = EXCLUDED.top_3_weaknesses,
-                growth_opportunities  = EXCLUDED.growth_opportunities,
-                priority_action_items = EXCLUDED.priority_action_items,
-                ai_narrative          = EXCLUDED.ai_narrative,
-                benchmarking          = EXCLUDED.benchmarking,
-                model_used            = EXCLUDED.model_used,
-                generation_time_ms    = EXCLUDED.generation_time_ms,
-                status                = 'COMPLETED'
         """
 
-        params = {
-            "session_id":            d["session_id"],
-            "business_name":         d["business_name"],
-            "industry":              d["industry"],
-            "location":              d["location"],
-            "health_score":          d["health_score"],
-            "health_label":          d["health_label"],
-            "health_dimensions":     json.dumps(d["health_dimensions"]),
-            "top_3_weaknesses":      json.dumps(d["top_3_weaknesses"]),
-            "growth_opportunities":  json.dumps(d["growth_opportunities"]),
-            "priority_action_items": json.dumps(d["priority_action_items"]),
-            "ai_narrative":          d["ai_narrative"],
-            "benchmarking":          json.dumps(d["benchmarking"]),
-            "model_used":            d["model_used"],
-            "generation_time_ms":    d["generation_time_ms"],
-        }
+        # Encrypt sensitive fields
+        enc_revenue = self.security.encrypt(str(inp.monthly_revenue))
+        enc_clv = self.security.encrypt(str(inp.avg_customer_lifetime_value))
+        enc_pain_point = self.security.encrypt(inp.biggest_pain_point)
+        enc_mkt_budget = self.security.encrypt(str(inp.monthly_marketing_budget))
+        enc_rev_goals = self.security.encrypt(json.dumps({
+            "3m": inp.goal_3_month,
+            "6m": inp.goal_6_month,
+            "12m": inp.goal_12_month
+        }))
+
+        # Normalize enum values for PostgreSQL
+        norm_industry = inp.industry.replace(" ", "_").replace("&", "").replace("-", "_")
+        if norm_industry == "F_B": norm_industry = "FB" # Special case
+        if norm_industry == "Technology_Startup": norm_industry = "Startup"
+        
+        norm_location = inp.location
+        if norm_location not in ["Yangon", "Mandalay", "Naypyidaw"]: norm_location = "Other"
+
+        norm_challenge = inp.operational_challenge.replace(" ", "_")
+        if norm_challenge not in ["Inventory_management", "Customer_service", "Marketing", "Payment_processing"]: norm_challenge = "Other"
+        
+        norm_budget = "Moderate_200_500K" # default
+        if "50K" in inp.budget_constraint and "<" in inp.budget_constraint: norm_budget = "Very_tight_lt_50K"
+        elif "50-200K" in inp.budget_constraint: norm_budget = "Tight_50_200K"
+        elif "200-500K" in inp.budget_constraint: norm_budget = "Moderate_200_500K"
+        elif "500K+" in inp.budget_constraint: norm_budget = "Comfortable_500K_plus"
+
+        norm_readiness = inp.tech_readiness.replace(" ", "_")
+        if norm_readiness not in ["Not_ready", "Somewhat_ready", "Very_ready", "Extremely_ready"]: norm_readiness = "Somewhat_ready"
+
+        params_diagnosis = (
+            diagnosis_id, user_id, session_id, 'completed',
+            norm_industry, norm_location, inp.years_in_business, enc_revenue, inp.team_size,
+            inp.target_customer, json.dumps(inp.acquisition_channels), enc_clv, inp.retention_rate,
+            inp.main_competitors, inp.unique_selling_proposition, json.dumps(inp.sales_channels),
+            norm_challenge, enc_pain_point, json.dumps(inp.current_technology), json.dumps(inp.marketing_channels),
+            enc_mkt_budget, enc_rev_goals, norm_budget,
+            norm_readiness, inp.preferred_language
+        )
+
+        # 2. Save to results table
+        sql_result = """
+            INSERT INTO results (
+                id, diagnosis_id, overall_health_score, health_label,
+                dimension_scores, weaknesses, opportunities, action_items,
+                ai_narrative, model_version, meta_data, created_at, updated_at
+            ) VALUES (
+                %s, %s, %s, %s,
+                %s, %s, %s, %s,
+                %s, %s, %s, NOW(), NOW()
+            )
+        """
+
+        params_result = (
+            str(uuid.uuid4()), diagnosis_id, d["healthScore"]["total"], d["healthScore"]["label"],
+            json.dumps(d["healthScore"]["dimensions"]), json.dumps(d["weaknesses"]),
+            json.dumps(d["opportunities"]), json.dumps(d["actionItems"]),
+            self.security.encrypt(d["narrative"]), d["modelUsed"], json.dumps(d["benchmarking"])
+        )
 
         with psycopg.connect(self.database_url) as conn:
             with conn.cursor() as cur:
-                cur.execute(sql, params)
+                cur.execute(sql_diagnosis, params_diagnosis)
+                cur.execute(sql_result, params_result)
             conn.commit()
 
-        log.info(f"✅ Report saved to NeonDB | session_id={report.session_id} | score={report.health_score}")
-        return report.session_id
+        log.info(f"✅ Report saved to NeonDB | session_id={session_id} | score={d['health_score']}")
+        return session_id
 
     def fetch_report(self, session_id: str) -> Optional[dict]:
-        """Fetch a previously saved report by session_id."""
-        sql = "SELECT * FROM diagnoses WHERE session_id = %s"
-        with psycopg.connect(self.database_url, row_factory=dict_row) as conn:
+        """Fetch a previously saved report by session_id and decrypt sensitive fields."""
+        sql = """
+            SELECT d.*, r.* 
+            FROM diagnoses d 
+            JOIN results r ON d.id = r.diagnosis_id 
+            WHERE d.session_id = %s
+        """
+        with psycopg.connect(self.database_url, row_factory=psycopg_dict_row) as conn:
             with conn.cursor() as cur:
                 cur.execute(sql, (session_id,))
                 row = cur.fetchone()
-        return dict(row) if row else None
+        
+        if row:
+            data = dict(row)
+            # Decrypt sensitive fields
+            data["monthly_revenue"] = self.security.decrypt(data["monthly_revenue"])
+            data["clv"] = self.security.decrypt(data["clv"])
+            data["pain_point"] = self.security.decrypt(data["pain_point"])
+            data["marketing_budget"] = self.security.decrypt(data["marketing_budget"])
+            data["revenue_goals"] = json.loads(self.security.decrypt(data["revenue_goals"]))
+            data["ai_narrative"] = self.security.decrypt(data["ai_narrative"])
+            return data
+        return None
 
     def list_reports(self, limit: int = 20) -> list[dict]:
-        """Return the most recent diagnoses."""
+        """Return the most recent diagnoses with decrypted business names."""
         sql = "SELECT session_id, business_name, industry, health_score, health_label, status, created_at FROM diagnoses ORDER BY created_at DESC LIMIT %s"
-        with psycopg.connect(self.database_url, row_factory=dict_row) as conn:
+        with psycopg.connect(self.database_url, row_factory=psycopg_dict_row) as conn:
             with conn.cursor() as cur:
                 cur.execute(sql, (limit,))
                 rows = cur.fetchall()
-        return [dict(r) for r in rows]
+        
+        results = []
+        for r in rows:
+            data = dict(r)
+            if "business_name" in data:
+                data["business_name"] = self.security.decrypt(data["business_name"])
+            results.append(data)
+        return results
 
 
 # ═══════════════════════════════════════════════════════════════════════════════
@@ -1055,7 +1272,9 @@ class BIOSController:
         max_tokens:         int           = 2048,
         database_url:       Optional[str] = None,
         save_to_db:         bool          = True,
+        encryption_key:     Optional[str] = None,
     ):
+        self.security = SecurityManager(encryption_key)
         self.router    = ModelRouter(
             backend=backend,
             bios_insight_ready=bios_insight_ready,
@@ -1080,17 +1299,18 @@ class BIOSController:
     @property
     def db(self) -> NeonDBWriter:
         if self._db is None:
-            self._db = NeonDBWriter(self._db_url)
+            self._db = NeonDBWriter(self._db_url, security=self.security)
         return self._db
 
     # ── Main pipeline ─────────────────────────────────────────────────────────
 
-    def run_diagnosis(self, inputs: BusinessInputs) -> DiagnosisReport:
+    def run_diagnosis(self, inputs: BusinessInputs, user_id: Optional[str] = None) -> DiagnosisReport:
         """
         Full Module 1 pipeline.
 
         Args:
             inputs: Completed BusinessInputs with all 24 question answers.
+            user_id: Optional UUID of the authenticated user.
 
         Returns:
             DiagnosisReport with health_score, top_3_weaknesses,
@@ -1145,6 +1365,7 @@ class BIOSController:
             benchmarking         = benchmarking,
             model_used           = model_used,
             generation_time_ms   = t_ms,
+            inputs               = inputs,
         )
 
         log.info(f"✔ Diagnosis complete | score={score} | {t_ms}ms")
@@ -1152,7 +1373,7 @@ class BIOSController:
         # ── Step 8: Save to NeonDB ────────────────────────────────────────────
         if self.save_to_db:
             try:
-                self.db.save_report(report)
+                self.db.save_report(report, user_id=user_id)
             except Exception as e:
                 log.warning(f"DB save failed (non-fatal): {e}")
 
@@ -1243,10 +1464,10 @@ def _demo_inputs() -> BusinessInputs:
 
 
 if __name__ == "__main__":
-    print("\n" + "═" * 60)
+    print("\n" + "=" * 60)
     print("  BIOS — Business Idea Operating System")
     print("  BIOS-kernel-v1  ·  Module 1: Business Diagnosis")
-    print("═" * 60 + "\n")
+    print("=" * 60 + "\n")
 
     # ── Instantiate controller ────────────────────────────────────────────────
     # Set save_to_db=True and export DATABASE_URL to persist to NeonDB.
@@ -1260,14 +1481,14 @@ if __name__ == "__main__":
     report = controller.run_diagnosis(inputs)
 
     # ── Print structured JSON output ──────────────────────────────────────────
-    print("\n" + "─" * 60)
+    print("\n" + "-" * 60)
     print("  BIOS DIAGNOSIS REPORT")
-    print("─" * 60)
+    print("-" * 60)
     print(report.to_json())
 
-    print("\n" + "═" * 60)
+    print("\n" + "=" * 60)
     print(f"  Health Score : {report.health_score}/100  ({report.health_label})")
     print(f"  Session ID   : {report.session_id}")
     print(f"  Model Used   : {report.model_used}")
     print(f"  Generated in : {report.generation_time_ms}ms")
-    print("═" * 60 + "\n")
+    print("=" * 60 + "\n")