docs(rag): A3 Phase-2 gate check — findings #12–14 remain deferred#526
Conversation
Task A3 ("RAG optimization Phase 2 (architectural)") re-examined injection
findings #12–14 (source-authority tier, per-claim prose entailment, structural
role separation) against the standing rule: no re-index / retrieval change
without a real golden miss proving a gain, with the bar that eval:retrieval:quality
must improve (not merely not-regress).
Disposition: all three stay correctly deferred; the gate is not met. Documents
per-finding unblock conditions in docs/rag-injection-threat-model.md §8:
- No concrete golden-eval miss exists (golden set all-green; miss promotion
privacy-blocked).
- #13/#14 don't touch retrieval ranking, so eval:retrieval:quality can't register
a gain — they belong to the injection harness (mitigation #11), not this task.
- #12 risks the recall regression PR #118 fixed; authority stays a tie-breaker,
not a sort key.
Docs-only. No code, retrieval, or answer-path change. eval:retrieval:quality is
provider-backed and was not run (speculative miss-hunting is owner-approved spend).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
|
Warning Review limit reached
Next review available in: 34 minutes Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available. How can I continue?After more reviews become available, a review can be triggered using the To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews. How do review limits work?CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability. For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window. Please refer docs for additional details. Review details⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
✨ Finishing Touches🧪 Generate unit tests (beta)
✨ Simplify code
Comment |
What & why
Task A3 "RAG optimization Phase 2 (architectural)" re-examined injection-threat findings #12–14 (source-authority tier, per-claim prose entailment, structural role separation) against the standing rule:
Outcome: all three stay correctly deferred. The gate is not met, so no code change was made. This PR records the disposition durably in
docs/rag-injection-threat-model.md§8 so the decision (and the precise unblock conditions) don't get re-litigated next session.Disposition (per finding)
document_recall@5=1.0,content_recall@5=1.0,top_k_hit_rate=1.0; reindex gatecontent_mrr@10≈0.93).rag_query_misses → rag_aliasespromotion is still privacy-blocked, so nothing has been promoted to explore against.eval:retrieval:qualitycan't register a gain from them — they're answer-path injection mitigations that belong to the seeded-chunk injection harness (mitigation Improve Clinical KB dashboard and RAG hardening #11, live-model-gated), not a retrieval-gated task.eval:retrieval:quality.Scope / safety
eval:retrieval:qualityis provider-backed (scripts/eval-retrieval.ts→requireServerEnv+requireOpenAIEnv, live Supabase + OpenAI) and was not run — speculative miss-hunting is owner-approved spend.Verification
prettier --write docs/rag-injection-threat-model.md→ unchanged (already conforms to the format gate).🤖 Generated with Claude Code