Summary

Today there is no way to remove a document once it has been uploaded. Users hit the documents.file_hash UNIQUE collision when they try to reindex (the supersede path bumps version but never frees the row), and a bad upload leaves orphan entities, relationships, claims, chunks, and embeddings in the knowledge graph forever.

This PR adds an authenticated DELETE /api/documents/{id} plus a per-row icon button on the documents list and a destructive button on the document detail page. The cascade runs in a single SQLite transaction and is idempotent: redeleting the same id is a 404, not a second 204.

Cascade order (single tx):

1. relationships WHERE doc_id = ? — drop edges sourced from this doc
2. claims WHERE doc_id = ? — drop claims sourced from this doc
3. chunks WHERE doc_id = ? — embeddings cascade via FK
4. documents WHERE id = ? — the row itself
5. Orphan-entity sweep — entities with no remaining relationship or claim reference are dropped; community_members rows cascade via FK

Tradeoff: communities are deliberately NOT recomputed inline. Louvain on a meaningfully sized graph is too slow for an interactive DELETE; stale community titles/summaries are tolerable until the next manual community.finalize. Documented in both the handler and the store-layer comments.

The per-project HNSW index is invalidated so the next vector search rebuilds against the post-delete chunk set.

Files changed

Backend (Go)

• internal/api/router.go — register DELETE /api/documents/{id} in the existing bearer-auth chain
• internal/api/handlers.go — new deleteDocument handler (204 / 404 / 500)
• internal/store/store.go — rewrite Store.DeleteDocument with the transactional cascade + orphan sweep
• internal/api/document_delete_test.go — handler table tests + store-layer cascade test

Frontend (TS/React)

• ui/src/hooks/api/useDocs.ts — useDeleteDoc mutation, invalidates docs, stats, entityGraph
• ui/src/routes/documents/DeleteDocumentDialog.tsx — shared confirm dialog with destructive button + sonner toast
• ui/src/routes/documents/DocumentsList.tsx — per-row Trash2 ghost icon button
• ui/src/routes/documents/DocumentView.tsx — destructive header button, navigates to /docs on success
• ui/src/components/layout/Providers.tsx — mount the <Toaster /> portal (was unmounted; no toasts existed in the codebase yet)
• ui/src/routes/documents/__tests__/DeleteDocumentDialog.test.tsx — Vitest + MSW unit test (render, success, server-error)

Test plan

• make check clean (Go build + vet + test, UI build + vitest run): 31 UI test files / 105 tests pass; Go suite green
• New handler tests: 404 on unknown id, 204 on happy path with full graph-state assertions (chunks/embeddings/claims/orphan-entities removed; shared entities preserved), idempotency (second DELETE → 404)
• New store-layer cascade test confirms transaction touches all five tables
• New Vitest test asserts: dialog renders label + Cancel/Delete; confirm calls DELETE /api/documents/:id and fires success toast + onDeleted callback; server 500 surfaces error toast and dialog stays open
• E2E smoke against built ./docsiq binary: seeded a doc with 2 entities + 1 relationship + 1 claim, DELETE /api/documents/{id} returned 204 with empty body, GET /api/documents returned null, GET /api/graph returned {edges:[], nodes:[]}, GET /api/entities returned null (orphan sweep landed). Second DELETE returned 404. Unauthenticated DELETE returned 401.

Out of scope

• No community recomputation (left stale until next finalize — documented).
• No soft-delete / restore (hard delete only).
• No FTS5 or sqlite-vec extension changes.
• No release tag (parent thread handles that).

🤖 Generated with Claude Code