Some checks failed
verify / verify (push) Has been cancelled
Expose the verified synthetic retrieval path through a typed React client and a non-root Nginx edge while keeping database credentials and data-network reachability out of the browser tier. A fixed-origin gateway preserves request boundaries and now closes upstream streams even when downstream disconnects before body iteration. The deployment ADR and runbooks record the four-network topology and its accepted Web edge-egress risk. Constraint: The previously exposed Bailian key must be revoked and no live provider credential may enter Git, images, logs, or the browser. Rejected: Connect Web directly to the data network | expands lateral reach to PostgreSQL. Rejected: Publish the database-aware API on the edge network | gives a credential-bearing process a public default route. Rejected: Buffer streaming responses in either proxy | prevents incremental chat delivery in the future. Confidence: high Scope-risk: moderate Reversibility: clean Directive: Do not mark Stage 1 or Stage 2 complete until the rotated-key live smoke and remaining stage gates pass. Tested: make verify; 65 backend tests; 14 frontend tests; Docker image build; container health and isolation probes; real HTTP demo/status/search/docs/OpenAPI checks. Not-tested: Live Bailian models, real document ingestion, business chat SSE generation, and final browser screenshot automation because the browser skill runtime was unavailable.
712 B
712 B
Architecture Decision Records
ADR 用于记录会长期影响系统的技术决策。状态使用 proposed、accepted、superseded 或 rejected。
当前记录:
- 0001-use-pgvector.md:选择 PostgreSQL + pgvector 作为第一版向量存储。
- 0002-separate-bailian-protocols.md:分离百炼 Chat/Embedding 与 Rerank 协议适配器。
- 0003-text-first-scope.md:第一版采用文本优先边界,不宣称地质图空间理解。
- 0004-secretless-web-ingress.md:用无 Secret 的 Nginx Web 与固定上游 gateway 隔离浏览器、API 和数据库网络。