Make the offline RAG chain observable without widening credential access
Some checks failed
verify / verify (push) Has been cancelled
Some checks failed
verify / verify (push) Has been cancelled
Expose the verified synthetic retrieval path through a typed React client and a non-root Nginx edge while keeping database credentials and data-network reachability out of the browser tier. A fixed-origin gateway preserves request boundaries and now closes upstream streams even when downstream disconnects before body iteration. The deployment ADR and runbooks record the four-network topology and its accepted Web edge-egress risk. Constraint: The previously exposed Bailian key must be revoked and no live provider credential may enter Git, images, logs, or the browser. Rejected: Connect Web directly to the data network | expands lateral reach to PostgreSQL. Rejected: Publish the database-aware API on the edge network | gives a credential-bearing process a public default route. Rejected: Buffer streaming responses in either proxy | prevents incremental chat delivery in the future. Confidence: high Scope-risk: moderate Reversibility: clean Directive: Do not mark Stage 1 or Stage 2 complete until the rotated-key live smoke and remaining stage gates pass. Tested: make verify; 65 backend tests; 14 frontend tests; Docker image build; container health and isolation probes; real HTTP demo/status/search/docs/OpenAPI checks. Not-tested: Live Bailian models, real document ingestion, business chat SSE generation, and final browser screenshot automation because the browser skill runtime was unavailable.
This commit is contained in:
40
compose.yaml
40
compose.yaml
@@ -124,10 +124,8 @@ services:
|
||||
depends_on:
|
||||
api:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:8000:8000"
|
||||
networks:
|
||||
- edge
|
||||
- ingress
|
||||
- data
|
||||
healthcheck:
|
||||
test:
|
||||
@@ -151,6 +149,39 @@ services:
|
||||
- ALL
|
||||
restart: unless-stopped
|
||||
|
||||
web:
|
||||
build:
|
||||
context: ./frontend
|
||||
depends_on:
|
||||
gateway:
|
||||
condition: service_healthy
|
||||
ports:
|
||||
- "127.0.0.1:8000:8080"
|
||||
networks:
|
||||
- edge
|
||||
- ingress
|
||||
healthcheck:
|
||||
test:
|
||||
- CMD
|
||||
- wget
|
||||
- --quiet
|
||||
- --output-document=-
|
||||
- http://127.0.0.1:8080/nginx-health
|
||||
interval: 10s
|
||||
timeout: 3s
|
||||
retries: 5
|
||||
start_period: 5s
|
||||
init: true
|
||||
user: "101:101"
|
||||
read_only: true
|
||||
tmpfs:
|
||||
- /tmp:rw,noexec,nosuid,size=16m,uid=101,gid=101,mode=1770
|
||||
security_opt:
|
||||
- no-new-privileges:true
|
||||
cap_drop:
|
||||
- ALL
|
||||
restart: unless-stopped
|
||||
|
||||
provider-smoke:
|
||||
build:
|
||||
context: ./backend
|
||||
@@ -213,6 +244,9 @@ volumes:
|
||||
networks:
|
||||
edge:
|
||||
driver: bridge
|
||||
ingress:
|
||||
driver: bridge
|
||||
internal: true
|
||||
data:
|
||||
driver: bridge
|
||||
internal: true
|
||||
|
||||
Reference in New Issue
Block a user