Feature/ops readiness#1
Merged
Merged
Conversation
- Add GET /ready with DB, pgvector, and chunks table checks (503 JSON body on failure). - Cap POST /ingest/chunks via MAX_INGEST_CHUNKS_PER_REQUEST (default 500), HTTP 413 when exceeded. - Optional RAG_API_KEY middleware; GET /health and /ready stay public for probes. - Bind api_key from RAG_API_KEY or API_KEY; populate_by_name for programmatic Settings(). - Document env vars in .env.example and README; extend integration worker and tests. Co-authored-by: Cursor <cursoragent@cursor.com>
- Run pytest with branch coverage on ubuntu-latest (Python 3.12 via setup-uv). - Integration job uses pgvector/pgvector:pg16 service and marked integration tests. - pip-audit on exported locked deps with continue-on-error (informational). - Document CI in README. Co-authored-by: Cursor <cursoragent@cursor.com>
- Rewrite SECURITY.md around OWASP 2025 categories; reconcile optional API key, ingest caps, /ready, pip-audit commands, A10 error disclosure, checklist. - Add CI security job: Bandit on src/rag and scripts; pip-audit via uv run on exported deps (blocking); drop informational audit from test job. - Add bandit[toml] and pip-audit to dev dependency-group; [tool.bandit] excludes. - Refactor retrieve SQL into fixed parameterized queries (Bandit B608 clean). - Extend README CI description; add retrieve filter branch tests. Co-authored-by: Cursor <cursoragent@cursor.com>
… endpoints - Implemented field validators for `content` in `ChunkIn` and `query` in `RetrievePayload` to enforce maximum length limits. - Updated error handling in the ingest and tuner step functions to provide clearer HTTP 400 responses on validation failures. - Added tests to verify behavior when content and query lengths exceed defined limits. - Introduced new settings for maximum content and query lengths in `Settings` class.
Add scripts/load_retrieve_qps.py (async httpx): target QPS, duration, optional tenant/source filters and X-API-Key; JSON summary mode. Document usage and dev dependency note in README project layout. Co-authored-by: Cursor <cursoragent@cursor.com>
- Add src/rag/cli.py with argparse subcommands and JSON stdin/file ingest. - Register console_scripts entry rag-cli; depend on httpx at runtime. - Tests with mocked httpx.Client; README CLI section and layout note. - Load script docstring/README: httpx comes from default uv sync. Co-authored-by: Cursor <cursoragent@cursor.com>
Reject empty Bearer credentials instead of falling back to X-API-Key. Document behavior in middleware docstring and SECURITY.md A07. Adds regression test for Authorization: Bearer + valid X-API-Key edge case. Co-authored-by: Cursor <cursoragent@cursor.com>
Added a note about the OpenAPI contract in the README, specifying that the `tests/fixtures/openapi.json` file must match the output of `app.openapi()`. Instructions for refreshing the golden file after changes to routes or schemas were also included.
Prepares main for the next tagged release after merging ops-readiness (CI, optional API key, OpenAPI contract, CLI, security docs). Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Align docker-compose api healthcheck with GET /ready; fix Operations markdown, restore tuner/step curl in Path 1, clarify httpx/load script vs uv sync. Co-authored-by: Cursor <cursoragent@cursor.com>
Expose FastAPI version from importlib.metadata (pyproject); regenerate openapi.json snapshot so contract tests track releases. Co-authored-by: Cursor <cursoragent@cursor.com>
Containers can boot with ``time.monotonic()`` below ``cooldown_seconds``; subtracting from ``last_change_mono=0`` incorrectly blocked the first ``maybe_apply_from_recommendation(..., auto_apply=True)``. Co-authored-by: Cursor <cursoragent@cursor.com>
Avoids deprecation warnings for composite actions still on Node 20. Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Tests passed. No findings in review. LGTM