Establish a safe foundation before implementing the geology RAG system
Some checks failed
secret-scan / scan (push) Has been cancelled
Some checks failed
secret-scan / scan (push) Has been cancelled
The project begins with architecture, data governance, reproducible evaluation, deployment boundaries, and secret-handling contracts so later code has measurable acceptance criteria. Constraint: Real provider credentials, workspace identities, and restricted geological data must never enter Git Rejected: Add placeholder runnable services in the design commit | would imply unverified implementation readiness Confidence: high Scope-risk: narrow Reversibility: clean Directive: Run make verify before every commit and update ADRs when architecture boundaries change Tested: Secret scan, Markdown links, YAML parse, shell syntax, and staged diff validation Not-tested: Application runtime is intentionally deferred to the implementation stage
This commit is contained in:
7
ops/README.md
Normal file
7
ops/README.md
Normal file
@@ -0,0 +1,7 @@
|
||||
# Operations
|
||||
|
||||
本目录保存部署和数据库初始化等运维资产,不保存任何凭证。
|
||||
|
||||
- `postgres/init/`:实现阶段加入仅在全新数据卷执行的角色、扩展和 schema 初始化脚本;
|
||||
- 迁移由后端 Alembic 管理,初始化脚本不得代替版本化迁移;
|
||||
- 所有密码通过 `secrets/` 挂载,脚本只能读取 `*_FILE` 路径,不得打印其内容。
|
||||
1
ops/postgres/init/.gitkeep
Normal file
1
ops/postgres/init/.gitkeep
Normal file
@@ -0,0 +1 @@
|
||||
|
||||
Reference in New Issue
Block a user