Part of the open Algora bounty for [ISAAC-497] Implement an enhanced RAG Pipeline for Scientific/Research Workflows.

/claim #45

Bounty reference: https://algora.io/isaac/bounties/clq18zr98000ejs0gt0nv7gwu

Summary

• Restrict DELETE /api/delete-collection so the document collection cannot be cleared by a plain GET request.
• Use CHROMA_PATH, with the same Docker default used by the document ingestion route, instead of hardcoding localhost.
• Return a structured JSON response and remove the unused embedding import.
• Add focused coverage for method guarding and configured Chroma deletion.

Why this matters for the RAG workflow

This is a small document-management safety slice. The existing endpoint can delete the whole uploaded-document collection without an HTTP method guard, and it points at a different Chroma host than the rest of the RAG API. That makes local/Docker behavior inconsistent and makes accidental collection deletion easier than it should be.

I kept this scoped away from the citation/context PRs already open so it should be easy to review independently.

Verification

From ui/:

npx vitest run __tests__/delete-collection.test.ts --reporter verbose
npx prettier --check pages/api/delete-collection.ts __tests__/delete-collection.test.ts
npx tsc --noEmit --pretty false
npm run lint -- --file pages/api/delete-collection.ts --file __tests__/delete-collection.test.ts