RS
Excellent write-up! I really liked the pre-filter approach with OpenFGA and Qdrant. Preventing unauthorized chunks from reaching the LLM is much safer than filtering after retrieval. We've been researching similar RAG security patterns and AI infrastructure on our blog , especially around secure vector search and permission-aware AI systems. It's great to see a practical implementation with real tests and a fail-closed approach. Thanks for sharing this detailed guide.