Commit Graph

8 Commits

Author SHA1 Message Date
63279cf213 Make deployment truth and remaining graduation gates explicit
Some checks failed
verify / verify (push) Has been cancelled
Document the runnable Docker workflow, expected one-shot container exits, server-controlled Bailian namespace switch, current earned progress, and the security and evaluation work that still blocks private-data or graduation release claims.

Constraint: Current local Bailian credentials are rejected by the configured workspace

Rejected: Mark the project complete from synthetic metrics | would overstate provider, OCR, authorization, and blind-evaluation readiness

Confidence: high

Scope-risk: narrow

Directive: Keep progress evidence task-based and distinguish synthetic engineering validation from real geological efficacy

Tested: make verify-design; Markdown links; secret scan; diff checks

Not-tested: Final thesis review and live provider authorization
2026-07-13 05:58:39 +08:00
75592af33a Isolate cloud model access before enabling product RAG workflows
Some checks failed
verify / verify (push) Has been cancelled
The API and ingestion tools now use a fixed internal model gateway while
governed profiles, embedding cache assignments, traceable citations, and
stable API errors establish the boundaries required by later workflows.

Constraint: The current Alibaba Cloud workspace rejects all three live model calls with authentication failures
Rejected: Give the API or seed tools the Bailian key and direct egress | combines database access, cloud credentials, and public network access
Rejected: Mix offline and Bailian vectors in one demo namespace | makes profile activation and retrieval ambiguous
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep Bailian credentials and egress exclusive to model-gateway and create a new immutable profile hash for any embedding identity change
Tested: make verify; 121 backend tests; 14 frontend tests; fresh and populated Alembic upgrade-downgrade-upgrade; two idempotent offline seeds; Docker health and HTTP retrieval; isolated provider smoke
Not-tested: Successful live Bailian responses because the supplied workspace credential currently fails authentication
2026-07-13 04:09:06 +08:00
83515e5477 Keep project status tied to pushed evidence
Some checks failed
verify / verify (push) Has been cancelled
Record the verified frontend and ingress preparation commit in the lifecycle board while preserving Stage 2 as TODO.

Constraint: Stage completion is milestone-based and cannot be inferred from visible files or a running demo.
Confidence: high
Scope-risk: narrow
Directive: Keep S2-C open until Worker recovery and the complete product topology are verified.
Tested: make verify; staged Secret scan; Markdown links and diff checks.
Not-tested: Rotated-key Bailian live smoke remains pending.
2026-07-12 17:40:04 +08:00
c3bad0f186 Make the offline RAG chain observable without widening credential access
Some checks failed
verify / verify (push) Has been cancelled
Expose the verified synthetic retrieval path through a typed React client and a non-root Nginx edge while keeping database credentials and data-network reachability out of the browser tier. A fixed-origin gateway preserves request boundaries and now closes upstream streams even when downstream disconnects before body iteration. The deployment ADR and runbooks record the four-network topology and its accepted Web edge-egress risk.

Constraint: The previously exposed Bailian key must be revoked and no live provider credential may enter Git, images, logs, or the browser.
Rejected: Connect Web directly to the data network | expands lateral reach to PostgreSQL.
Rejected: Publish the database-aware API on the edge network | gives a credential-bearing process a public default route.
Rejected: Buffer streaming responses in either proxy | prevents incremental chat delivery in the future.
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Do not mark Stage 1 or Stage 2 complete until the rotated-key live smoke and remaining stage gates pass.
Tested: make verify; 65 backend tests; 14 frontend tests; Docker image build; container health and isolation probes; real HTTP demo/status/search/docs/OpenAPI checks.
Not-tested: Live Bailian models, real document ingestion, business chat SSE generation, and final browser screenshot automation because the browser skill runtime was unavailable.
2026-07-12 17:38:57 +08:00
2fa27ae71c Record the verified backend runtime handoff
Some checks failed
verify / verify (push) Has been cancelled
The lifecycle tracker now points to the pushed API and gateway implementation while preserving Stage 1 as in progress until live provider evidence exists.

Constraint: Live model validation still requires a newly rotated Bailian key

Confidence: high

Scope-risk: narrow

Reversibility: clean

Directive: Keep S1-B open until all three live probes and real-mode synthetic seed pass

Tested: make verify; 63 pytest tests; strict mypy; Ruff; Secret scan; Compose config

Not-tested: Live Bailian model calls
2026-07-12 16:38:00 +08:00
cfd6d4cbad Expose a runnable backend without giving the ingress layer secrets
Some checks failed
verify / verify (push) Has been cancelled
The backend can now be inspected through a loopback-only gateway while the database-aware API remains on the internal data network. A governed synthetic demo proves readiness, pgvector retrieval, reranking, and citation output through real HTTP without invoking cloud models.

Constraint: The previously exposed Bailian key is compromised and cannot be used for live validation

Constraint: The API must be locally reachable while retaining no internet egress

Rejected: Attach the API directly to the ingress network | a real socket test proved that configuration still had egress

Rejected: Publish a port from the internal-only network | Docker Desktop did not expose the host port

Confidence: high

Scope-risk: moderate

Reversibility: clean

Directive: Keep model and database credentials out of the gateway; do not relax the fixed demo identity/profile filters

Tested: make verify; 63 pytest tests; strict mypy; Ruff; Secret scan; Compose config; three backend image builds; API/DB/gateway healthy; migration exit 0; Swagger browser check; live/ready/meta/status/search HTTP; 20/20/20 index; API egress ENETUNREACH; empty gateway mounts and business environment

Not-tested: Live Bailian calls require a newly rotated key; full generated-answer flow and React UI are not implemented
2026-07-12 16:37:02 +08:00
e89cca2b55 Keep milestone claims aligned with verified provider evidence
Some checks failed
verify / verify (push) Has been cancelled
The lifecycle tracker now records the pushed offline Stage 1 slices while leaving the live provider node open. This prevents mock and local database success from being mistaken for full Bailian validation.

Constraint: A newly rotated Bailian key is required before live smoke can be accepted

Confidence: high

Scope-risk: narrow

Reversibility: clean

Directive: Do not mark Stage 1 DONE until all three live model probes and real-mode synthetic seed pass

Tested: make verify; Markdown link check; secret scan; 41 pytest tests; strict mypy; Ruff; Compose config

Not-tested: Live Bailian provider calls
2026-07-12 15:42:44 +08:00
f4ba5d5342 Make the first RAG slice executable without risking production data
Some checks failed
verify / verify (push) Has been cancelled
The Stage 1 foundation now proves provider contracts with mocks and validates PostgreSQL/pgvector ingestion, approval binding, retrieval, reranking, and idempotency using only synthetic data. Live Bailian validation remains gated on rotating the exposed key.

Constraint: The key shown in chat is compromised and cannot be used or committed

Rejected: Mark Stage 1 complete from mock and offline results | real three-model smoke is still required

Confidence: high

Scope-risk: moderate

Reversibility: clean

Directive: Do not enable real-data ingestion until Stage 3 cloud approval and outbound manifest controls are enforced end to end

Tested: make verify; 41 pytest tests; strict mypy; Ruff; Compose config; pinned image build; empty-volume migration; role denial; two idempotent 20-vector seeds; database restart persistence

Not-tested: Live Bailian calls require a newly rotated key; React product UI is not implemented
2026-07-12 15:41:58 +08:00