Make the first RAG slice executable without risking production data
Some checks failed
verify / verify (push) Has been cancelled

The Stage 1 foundation now proves provider contracts with mocks and validates PostgreSQL/pgvector ingestion, approval binding, retrieval, reranking, and idempotency using only synthetic data. Live Bailian validation remains gated on rotating the exposed key.

Constraint: The key shown in chat is compromised and cannot be used or committed

Rejected: Mark Stage 1 complete from mock and offline results | real three-model smoke is still required

Confidence: high

Scope-risk: moderate

Reversibility: clean

Directive: Do not enable real-data ingestion until Stage 3 cloud approval and outbound manifest controls are enforced end to end

Tested: make verify; 41 pytest tests; strict mypy; Ruff; Compose config; pinned image build; empty-volume migration; role denial; two idempotent 20-vector seeds; database restart persistence

Not-tested: Live Bailian calls require a newly rotated key; React product UI is not implemented
This commit is contained in:
2026-07-12 15:41:58 +08:00
parent ec1acb36b5
commit f4ba5d5342
61 changed files with 6886 additions and 20 deletions

View File

@@ -1,4 +1,6 @@
.PHONY: setup-hooks check-secrets docs-check links-check verify-design verify
.PHONY: setup-hooks check-secrets docs-check links-check verify-design backend-sync \
backend-format backend-lint backend-type backend-test backend-check compose-check \
verify-ci verify
setup-hooks:
git config core.hooksPath .githooks
@@ -12,6 +14,8 @@ docs-check:
test -f docs/01-data-and-evaluation.md
test -f docs/02-deployment-and-security.md
test -f docs/03-implementation-plan.md
test -f docs/04-project-todo.md
test -f docs/05-stage1-runbook.md
links-check:
python3 scripts/check_markdown_links.py
@@ -20,6 +24,29 @@ verify-design: check-secrets docs-check links-check
git diff --check
git diff --cached --check
# During the design stage this aliases the design checks. Implementation stages
# must extend it with backend/frontend lint, types, tests, and image checks.
verify: verify-design
backend-sync:
cd backend && UV_CACHE_DIR=.uv-cache uv sync --all-groups --frozen
backend-format:
backend/.venv/bin/ruff format --check backend/app backend/tests backend/migrations
backend-lint:
backend/.venv/bin/ruff check backend/app backend/tests backend/migrations
backend-type:
cd backend && .venv/bin/mypy app tests
backend-test:
cd backend && .venv/bin/pytest
backend-check: backend-sync backend-format backend-lint backend-type backend-test
compose-check:
docker compose --env-file .env.example config --quiet
# CI does not assume its runner exposes a Docker daemon. Schema and Compose
# security contracts still run in backend-test; local verification also asks the
# Docker CLI to render the real Compose model.
verify-ci: verify-design backend-check
verify: verify-ci compose-check