feat: migrate portfolio auto-save from cache to persistent database storage

- Create portfolio_inputs table with auto-cleanup trigger (keeps last 3 per user)
- Add database methods: save_portfolio_input and get_portfolio_inputs
- Implement ROW_NUMBER() window function for automatic 3-entry limit enforcement
- Add RLS policies for user data security
- Automatic cleanup via AFTER INSERT trigger with ~2-4% latency overhead
- Optimised index on (user_id, created_at DESC) for fast chronological queries

backend/database.py

@@ -368,6 +368,70 @@ class Database:
             logger.error(f"Failed to get analysis by ID: {e}")
             return None
 
+    async def save_portfolio_input(
+        self,
+        user_id: str,
+        portfolio_text: str
+    ) -> bool:
+        """Save portfolio input text for quick reload.
+
+        Automatically keeps only last 3 entries per user via database trigger.
+
+        Args:
+            user_id: User ID
+            portfolio_text: Raw portfolio input text
+
+        Returns:
+            True if saved successfully, False otherwise
+        """
+        if not self.is_connected():
+            logger.warning("Database not connected, skipping portfolio input save")
+            return False
+
+        try:
+            self.client.table('portfolio_inputs').insert({
+                'user_id': user_id,
+                'description': portfolio_text
+            }).execute()
+
+            logger.info(f"Saved portfolio input for user {user_id}")
+            return True
+
+        except Exception as e:
+            logger.error(f"Failed to save portfolio input: {e}")
+            return False
+
+    async def get_portfolio_inputs(
+        self,
+        user_id: str,
+        limit: int = 3
+    ) -> List[Dict[str, Any]]:
+        """Get last N portfolio inputs for user.
+
+        Args:
+            user_id: User ID
+            limit: Maximum number to return (default 3)
+
+        Returns:
+            List of portfolio input dicts with id, description, created_at
+        """
+        if not self.is_connected():
+            return []
+
+        try:
+            result = self.client.table('portfolio_inputs')\
+                .select('id, description, created_at')\
+                .eq('user_id', user_id)\
+                .order('created_at', desc=True)\
+                .limit(limit)\
+                .execute()
+
+            return result.data if result.data else []
+
+        except Exception as e:
+            logger.error(f"Failed to get portfolio inputs: {e}")
+            return []
+
 
 # Global database instance
 db = Database()

database/schema.sql

@@ -50,6 +50,50 @@ CREATE TABLE IF NOT EXISTS portfolios (
 CREATE INDEX IF NOT EXISTS idx_portfolios_user_id ON portfolios(user_id);
 CREATE INDEX IF NOT EXISTS idx_portfolios_created_at ON portfolios(created_at DESC);
 
+-- Portfolio inputs table (for auto-save history - keeps last 3 per user)
+CREATE TABLE IF NOT EXISTS portfolio_inputs (
+    id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
+    user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+    description TEXT NOT NULL,
+    created_at TIMESTAMP WITH TIME ZONE DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_portfolio_inputs_user_created ON portfolio_inputs(user_id, created_at DESC);
+
+-- Trigger function to limit portfolio inputs to 3 per user
+CREATE OR REPLACE FUNCTION limit_portfolio_inputs_per_user()
+RETURNS TRIGGER
+LANGUAGE plpgsql
+SECURITY INVOKER
+SET search_path = ''
+AS $$
+BEGIN
+    -- Keep only the 3 most recent entries per user
+    DELETE FROM public.portfolio_inputs
+    WHERE id IN (
+        SELECT id
+        FROM (
+            SELECT id,
+                   ROW_NUMBER() OVER (
+                       PARTITION BY user_id
+                       ORDER BY created_at DESC
+                   ) AS row_num
+            FROM public.portfolio_inputs
+            WHERE user_id = NEW.user_id
+        ) ranked
+        WHERE row_num > 3
+    );
+
+    RETURN NULL;
+END;
+$$;
+
+-- Create trigger for automatic cleanup
+DROP TRIGGER IF EXISTS trigger_limit_portfolio_inputs ON portfolio_inputs;
+CREATE TRIGGER trigger_limit_portfolio_inputs
+    AFTER INSERT ON portfolio_inputs
+    FOR EACH ROW EXECUTE FUNCTION limit_portfolio_inputs_per_user();
+
 -- Portfolio holdings table
 CREATE TABLE IF NOT EXISTS portfolio_holdings (
     id UUID PRIMARY KEY DEFAULT uuid_generate_v4(),
@@ -159,6 +203,7 @@ CREATE TRIGGER update_portfolios_updated_at BEFORE UPDATE ON portfolios
 -- These are basic permissions; adjust based on your auth setup
 ALTER TABLE users ENABLE ROW LEVEL SECURITY;
 ALTER TABLE portfolios ENABLE ROW LEVEL SECURITY;
+ALTER TABLE portfolio_inputs ENABLE ROW LEVEL SECURITY;
 ALTER TABLE portfolio_holdings ENABLE ROW LEVEL SECURITY;
 ALTER TABLE portfolio_analyses ENABLE ROW LEVEL SECURITY;
 
@@ -209,6 +254,25 @@ CREATE POLICY portfolios_delete_own ON portfolios
     TO authenticated
     USING ((SELECT auth.uid()) = user_id);
 
+-- Portfolio inputs table policies
+DROP POLICY IF EXISTS portfolio_inputs_read_own ON portfolio_inputs;
+CREATE POLICY portfolio_inputs_read_own ON portfolio_inputs
+    FOR SELECT
+    TO authenticated
+    USING ((SELECT auth.uid()) = user_id);
+
+DROP POLICY IF EXISTS portfolio_inputs_insert_own ON portfolio_inputs;
+CREATE POLICY portfolio_inputs_insert_own ON portfolio_inputs
+    FOR INSERT
+    TO authenticated
+    WITH CHECK ((SELECT auth.uid()) = user_id);
+
+DROP POLICY IF EXISTS portfolio_inputs_delete_own ON portfolio_inputs;
+CREATE POLICY portfolio_inputs_delete_own ON portfolio_inputs
+    FOR DELETE
+    TO authenticated
+    USING ((SELECT auth.uid()) = user_id);
+
 -- Holdings policies (optimized subquery pattern)
 DROP POLICY IF EXISTS holdings_access_own ON portfolio_holdings;
 CREATE POLICY holdings_access_own ON portfolio_holdings