Make the governed RAG evidence path executable end to end
Some checks failed
verify / verify (push) Has been cancelled
Some checks failed
verify / verify (push) Has been cancelled
Separate local parsing from model indexing, bind review decisions to immutable manifests, persist vectors behind active profiles, and expose retrieval, chat, evaluation, and document workflows through the React workbench. Constraint: Live Bailian authentication currently fails for all three configured capabilities Rejected: Direct upload-to-embedding flow | bypasses local review and manifest binding Confidence: high Scope-risk: broad Directive: Keep private-data deployment blocked until authentication, RBAC, and separate database roles land Tested: make verify; fresh and replay Docker document smoke; worker recovery smoke; frozen synthetic evaluation; migration 0003-0004 roundtrip Not-tested: Successful live Bailian calls, OCR, real multi-user authorization
This commit is contained in:
66
backend/app/tools/init_upload_storage.py
Normal file
66
backend/app/tools/init_upload_storage.py
Normal file
@@ -0,0 +1,66 @@
|
||||
"""Initialize the persistent upload volume without reading application secrets."""
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import json
|
||||
import os
|
||||
import stat
|
||||
import sys
|
||||
from collections.abc import Callable
|
||||
from pathlib import Path
|
||||
|
||||
APP_UID = 10_001
|
||||
APP_GID = 10_001
|
||||
|
||||
|
||||
class UploadStorageInitializationError(RuntimeError):
|
||||
"""A path-neutral initialization failure safe for container logs."""
|
||||
|
||||
|
||||
def initialize_upload_root(
|
||||
root: Path,
|
||||
*,
|
||||
uid: int = APP_UID,
|
||||
gid: int = APP_GID,
|
||||
change_owner: Callable[[Path, int, int], None] | None = None,
|
||||
) -> None:
|
||||
if not root.is_absolute() or uid < 1 or gid < 1:
|
||||
raise UploadStorageInitializationError("invalid upload root contract")
|
||||
try:
|
||||
if root.exists() and root.is_symlink():
|
||||
raise UploadStorageInitializationError("unsafe upload root")
|
||||
root.mkdir(mode=0o750, parents=True, exist_ok=True)
|
||||
if root.is_symlink() or not root.is_dir():
|
||||
raise UploadStorageInitializationError("unsafe upload root")
|
||||
owner = change_owner or (
|
||||
lambda path, owner_uid, owner_gid: os.chown(path, owner_uid, owner_gid)
|
||||
)
|
||||
owner(root, uid, gid)
|
||||
root.chmod(0o750, follow_symlinks=False)
|
||||
metadata = root.stat(follow_symlinks=False)
|
||||
if (
|
||||
not stat.S_ISDIR(metadata.st_mode)
|
||||
or metadata.st_uid != uid
|
||||
or metadata.st_gid != gid
|
||||
or stat.S_IMODE(metadata.st_mode) != 0o750
|
||||
):
|
||||
raise UploadStorageInitializationError("upload root ownership verification failed")
|
||||
except UploadStorageInitializationError:
|
||||
raise
|
||||
except OSError:
|
||||
raise UploadStorageInitializationError("upload root initialization failed") from None
|
||||
|
||||
|
||||
def main() -> None:
|
||||
try:
|
||||
initialize_upload_root(Path(os.getenv("UPLOAD_ROOT", "/data/uploads")))
|
||||
except UploadStorageInitializationError:
|
||||
sys.stdout.write(
|
||||
json.dumps({"status": "failed", "error_kind": "storage_init_failed"}) + "\n"
|
||||
)
|
||||
raise SystemExit(1) from None
|
||||
sys.stdout.write(json.dumps({"status": "ok"}) + "\n")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
Reference in New Issue
Block a user