Hanan Labs
Book a call
All work
Document AI · 2026

Plain-English Q&A across multi-tenant document workspaces.

Lunaria is a document management platform built around three pillars: ingest anything (uploads, Google Drive sync, OCR for scanned files), find anything (Nova — natural-language search powered by Graph RAG over SurrealDB), and share safely (workspace-scoped multi-tenancy, plan-aware RBAC, audited portal links).

Plain-English Q&A across multi-tenant document workspaces.
RetrievalGraph RAG
  • Nuxt 3 · Vue 3
  • NestJS 11
  • PostgreSQL · Prisma
  • SurrealDB
  • Python FastAPI
  • IBM Docling · EasyOCR
  • BullMQ · Redis
  • AWS S3
  • CASL · Better Auth
— 01 The approach

How we framed it.

Polyglot by design: a Nuxt 3 frontend talks to a NestJS 11 backend that delegates layout-aware OCR to a Python FastAPI sidecar running IBM Docling + EasyOCR. Documents land in S3, get extracted into semantic chunks, and are ingested into a SurrealDB knowledge graph so search traverses entity relationships — not raw cosine similarity. Multi-hop questions like "contracts mentioning vendors based in Germany" become answerable.

Plain-English Q&A across multi-tenant document workspaces. screenshot 1
Plain-English Q&A across multi-tenant document workspaces. screenshot 2
Plain-English Q&A across multi-tenant document workspaces. screenshot 3
Plain-English Q&A across multi-tenant document workspaces. screenshot 4
— 02 How it works

Inside the build.

Document processing pipeline

Upload → NestJS → S3 → BullMQ extraction job → Python docling-service over HTTP (EasyOCR + HybridChunker) → semantic chunks → SurrealDB knowledge graph → Gemini-backed structured extraction. AiTokenUsage tracks per-workspace LLM spend.

Graph RAG over SurrealDB

Instead of vector DB cosine similarity, Lunaria builds a knowledge graph linking entities across documents. Search traverses the graph for relationship-aware retrieval — outperforms raw embedding search on multi-hop questions where the answer requires connecting facts across documents.

Workspace context middleware

Every request carries x-workspace-id; WorkspaceContextMiddleware validates membership and injects the context, then every Prisma query is workspace-filtered automatically. Cross-tenant data leaks become structurally impossible without an explicit, audited override.

Plan-aware RBAC

Three roles (Owner / Admin / Member) plus resolveEffectiveRole() that clamps Admin → Member on lower-tier plans. CASL ability factory + PermissionsGuard + @RequirePermissions() enforce per-resource permissions without exploding into a per-tier role matrix.

Single-command dev environment

One docker compose up brings Postgres + Redis + LocalStack (S3 + DynamoDB + Secrets) + SurrealDB + MailHog + Docling online. New contributors get prod-parity dev environments without AWS credentials. 290+ Vitest + Playwright tests guard the stack.

— 03 Outcomes

What shipped.

  • Plain-English Q&A over private document corpora with source citations
  • Multi-hop semantic search that beats vector cosine similarity on real questions
  • Multi-tenant workspaces with structural cross-tenant isolation
  • OCR-powered ingestion makes scanned files queryable

Want something like this shipped?

Book a 30-min intro