Make the first RAG slice executable without risking production data
Some checks failed
verify / verify (push) Has been cancelled

The Stage 1 foundation now proves provider contracts with mocks and validates PostgreSQL/pgvector ingestion, approval binding, retrieval, reranking, and idempotency using only synthetic data. Live Bailian validation remains gated on rotating the exposed key.

Constraint: The key shown in chat is compromised and cannot be used or committed

Rejected: Mark Stage 1 complete from mock and offline results | real three-model smoke is still required

Confidence: high

Scope-risk: moderate

Reversibility: clean

Directive: Do not enable real-data ingestion until Stage 3 cloud approval and outbound manifest controls are enforced end to end

Tested: make verify; 41 pytest tests; strict mypy; Ruff; Compose config; pinned image build; empty-volume migration; role denial; two idempotent 20-vector seeds; database restart persistence

Not-tested: Live Bailian calls require a newly rotated key; React product UI is not implemented
This commit is contained in:
2026-07-12 15:41:58 +08:00
parent ec1acb36b5
commit f4ba5d5342
61 changed files with 6886 additions and 20 deletions

View File

@@ -0,0 +1,26 @@
from app.ports.model_providers import ModelProviderError, ProviderErrorKind
from app.tools.provider_smoke import failed_probe
def test_failed_probe_only_exposes_sanitized_provider_fields() -> None:
error = ModelProviderError(
operation="embedding.create",
kind=ProviderErrorKind.AUTHENTICATION,
status_code=401,
provider_code="invalid_api_key",
request_id="req-safe-1",
)
result = failed_probe("embedding", error)
assert result.error_kind == "authentication"
assert result.status_code == 401
assert result.request_id == "req-safe-1"
assert "invalid_api_key" not in repr(result)
def test_unexpected_error_is_reduced_to_fixed_category() -> None:
result = failed_probe("chat", RuntimeError("sensitive content"))
assert result.error_kind == "internal_contract_error"
assert "sensitive content" not in repr(result)