Expose the verified synthetic retrieval path through a typed React client and a non-root Nginx edge while keeping database credentials and data-network reachability out of the browser tier. A fixed-origin gateway preserves request boundaries and now closes upstream streams even when downstream disconnects before body iteration. The deployment ADR and runbooks record the four-network topology and its accepted Web edge-egress risk.
Constraint: The previously exposed Bailian key must be revoked and no live provider credential may enter Git, images, logs, or the browser.
Rejected: Connect Web directly to the data network | expands lateral reach to PostgreSQL.
Rejected: Publish the database-aware API on the edge network | gives a credential-bearing process a public default route.
Rejected: Buffer streaming responses in either proxy | prevents incremental chat delivery in the future.
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Do not mark Stage 1 or Stage 2 complete until the rotated-key live smoke and remaining stage gates pass.
Tested: make verify; 65 backend tests; 14 frontend tests; Docker image build; container health and isolation probes; real HTTP demo/status/search/docs/OpenAPI checks.
Not-tested: Live Bailian models, real document ingestion, business chat SSE generation, and final browser screenshot automation because the browser skill runtime was unavailable.
The Stage 1 foundation now proves provider contracts with mocks and validates PostgreSQL/pgvector ingestion, approval binding, retrieval, reranking, and idempotency using only synthetic data. Live Bailian validation remains gated on rotating the exposed key.
Constraint: The key shown in chat is compromised and cannot be used or committed
Rejected: Mark Stage 1 complete from mock and offline results | real three-model smoke is still required
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Do not enable real-data ingestion until Stage 3 cloud approval and outbound manifest controls are enforced end to end
Tested: make verify; 41 pytest tests; strict mypy; Ruff; Compose config; pinned image build; empty-volume migration; role denial; two idempotent 20-vector seeds; database restart persistence
Not-tested: Live Bailian calls require a newly rotated key; React product UI is not implemented
The project begins with architecture, data governance, reproducible evaluation, deployment boundaries, and secret-handling contracts so later code has measurable acceptance criteria.
Constraint: Real provider credentials, workspace identities, and restricted geological data must never enter Git
Rejected: Add placeholder runnable services in the design commit | would imply unverified implementation readiness
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Run make verify before every commit and update ADRs when architecture boundaries change
Tested: Secret scan, Markdown links, YAML parse, shell syntax, and staged diff validation
Not-tested: Application runtime is intentionally deferred to the implementation stage