Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 5 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -18,10 +18,12 @@

FROM node:24-bookworm-slim AS deps
WORKDIR /app
# check-node-engine.cjs runs as the npm preinstall hook, so it must be in
# place before `npm ci`.
# check-node-engine.cjs runs as the npm preinstall hook and
# install-git-hooks.mjs as the postinstall hook, so both must be in place
# before `npm ci`.
COPY package.json package-lock.json .npmrc ./
COPY scripts/check-node-engine.cjs scripts/check-node-engine.cjs
COPY scripts/install-git-hooks.mjs scripts/install-git-hooks.mjs
RUN npm ci

FROM node:24-bookworm-slim AS build
Expand All @@ -40,6 +42,7 @@ FROM node:24-bookworm-slim AS prod-deps
WORKDIR /app
COPY package.json package-lock.json .npmrc ./
COPY scripts/check-node-engine.cjs scripts/check-node-engine.cjs
COPY scripts/install-git-hooks.mjs scripts/install-git-hooks.mjs
RUN npm ci --omit=dev

FROM node:24-bookworm-slim AS runner
Expand Down
1 change: 1 addition & 0 deletions Dockerfile.worker
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ FROM node:24-bookworm-slim AS deps
WORKDIR /app
COPY package.json package-lock.json .npmrc ./
COPY scripts/check-node-engine.cjs scripts/check-node-engine.cjs
COPY scripts/install-git-hooks.mjs scripts/install-git-hooks.mjs
RUN npm ci

FROM node:24-bookworm-slim AS runner
Expand Down
49 changes: 33 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -162,33 +162,50 @@ hosted Supabase MCP server uses OAuth, not repo secrets.

## Documentation

Full categorized index: `docs/README.md` (maintained docs vs point-in-time
records vs archive). The most load-bearing entries:

- `docs/codebase-index.md` — architecture and module map (start here)
- `docs/site-map.md` — generated route map (`npm run sitemap:update`)
- `docs/process-hardening.md` — verification gates, CI expectations, known limits
- `docs/clinical-governance.md` — deployment and source governance checklist
- `docs/reindex-runbook.md` — safe reindex and ingestion recovery
- `docs/retrieval-quality-runbook.md` — RAG/retrieval eval gates
- `docs/codex-prompt-playbook.md` — copy/paste prompts for common repo work
- `docs/deployment-architecture.md` — app/worker/Supabase deployment topology
- `docs/supabase-migration-reconciliation.md` — migration drift and repair policy
- `docs/site-map.md` — generated route map (`npm run sitemap:update`)

Run `npm run docs:check-links` to verify repo paths referenced from the
maintained docs still resolve.

## Commands

Verification gates (see `package.json` for the full chain):

```bash
npm run verify:cheap # check:runtime + sitemap:check + lint + typecheck + test
npm run verify:ui # check:runtime + test:e2e:chromium
npm run verify:release # check:runtime + lint + typecheck + test + build + test:e2e
# + check:production-readiness + governance:release
# + eval:quality:release (needs live Supabase + OpenAI keys)
npm run verify:cheap # check:runtime + check:github-actions + sitemap:check
# + brand:check + check:type-scale + check:icon-scale
# + lint + typecheck + test
npm run verify:pr-local # closest local mirror of the PR gate: format + verify:cheap,
# plus conditional build/client-bundle scan and offline RAG
# tests when changed-file scope requires them
Comment thread
BigSimmo marked this conversation as resolved.
npm run verify:ui # check:runtime + test:e2e:chromium
npm run verify:release # check:runtime + lint + typecheck + test + build + test:e2e
# + check:production-readiness + governance:release
# + eval:quality:release (needs live Supabase + OpenAI keys)
```

CI runs `format:check` in the `verify` job alongside lint, typecheck,
test:coverage, build, dependency audit, production-readiness CI mode, and
edge-function typecheck. PRs also run Chromium `ui-smoke` and the repo-owned
Supabase `db-reset-verify` job in parallel. The external `Supabase Preview`
check, when enabled, is the branch-database migration replay gate. Docker image
builds, full browser matrix, live drift, and live eval canary checks are
path-filtered, scheduled, or manual rather than normal required checks for every
Use `npm run verify:pr-local -- --dry-run --files <comma-separated paths>` to
inspect which checks a change would trigger without running them.

CI is risk-scoped (`.github/workflows/ci.yml`): a `changes` job classifies
changed paths, `static-pr` always runs runtime, action-pin, CI-scope, format,
lint, typecheck, and unit checks, and `pr-required` is the single
always-reporting required aggregate (required PR checks are Gitleaks plus that
aggregate). Coverage, build, safety/config checks, Chromium `ui-critical`
smoke, and the repo-owned Supabase `db-reset-verify` migration replay run only
when their file scopes apply; UI PRs also get a non-blocking advisory
`ui-regression` job. The full Playwright browser matrix
(`release-browser-matrix`) runs on `main`, `release/*`, manual dispatch, and a
weekly schedule. Docker image builds, live drift, and live eval canary checks
are path-filtered, scheduled, or manual rather than required checks for every
source-only PR.

```bash
Expand Down
93 changes: 93 additions & 0 deletions docs/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
# Clinical KB Documentation Index

Curated map of everything under `docs/`. Categories distinguish **maintained**
documents (keep these current when behavior changes) from **point-in-time
records** (historical; do not update, supersede with a new dated doc instead).

Check that repo paths referenced from the maintained docs still resolve with:

```bash
npm run docs:check-links
```

## Start here

| Doc | What it is |
| -------------------------------------- | ------------------------------------------------------------------------------------------------------- |
| [codebase-index.md](codebase-index.md) | Structured architecture map: layout, module map, Supabase schema, scripts, domain concepts |
| [site-map.md](site-map.md) | **Generated** route map — regenerate with `npm run sitemap:update`, verify with `npm run sitemap:check` |
| [agents-guide.md](agents-guide.md) | Human onboarding pointer; authoritative agent rules live in the root `AGENTS.md` |

## Architecture

- [frontend-architecture.md](frontend-architecture.md) — shell, routing, dashboard module structure
- [deployment-architecture.md](deployment-architecture.md) — app/worker/Supabase deployment topology
- [ingestion-state-machine.md](ingestion-state-machine.md) — ingestion job lifecycle and states
- [design-system.md](design-system.md) — tokens, primitives, styling conventions
- [clinical-chat-ui-component-map.md](clinical-chat-ui-component-map.md) — chat UI component inventory
- [clinical-badge-system-guide.md](clinical-badge-system-guide.md) — clinical badge semantics
- [multi-user-auth-setup.md](multi-user-auth-setup.md) — auth, sessions, owner scoping

## Operations runbooks

- [launch-operator-runbook.md](launch-operator-runbook.md) — launch/operational duties and SLO probes
- [reindex-runbook.md](reindex-runbook.md) — safe reindex and ingestion recovery
- [retrieval-quality-runbook.md](retrieval-quality-runbook.md) — RAG/retrieval eval gates and tuning
- [worker-deploy-runbook.md](worker-deploy-runbook.md) — worker build contract, run recipe, secrets
- [disaster-recovery-runbook.md](disaster-recovery-runbook.md) — backup/restore and recovery drills
- [auth-connection-cap-runbook.md](auth-connection-cap-runbook.md) — Supabase auth connection cap (operator)
- [staging-setup.md](staging-setup.md) — staging environment bootstrap
- [database-drift-detection.md](database-drift-detection.md) — schema drift detection (`npm run check:drift`)
- [supabase-migration-reconciliation.md](supabase-migration-reconciliation.md) — migration drift and repair policy
- [observability-slos.md](observability-slos.md) — health probes, SLO counters, degraded modes

## Governance, safety, privacy

- [clinical-governance.md](clinical-governance.md) — deployment and source governance checklist
- [clinical-hazard-analysis.md](clinical-hazard-analysis.md) — clinical hazard register
- [rag-injection-threat-model.md](rag-injection-threat-model.md) — prompt-injection threat model
- [privacy-impact-assessment.md](privacy-impact-assessment.md) — PIA findings and launch blockers
- [openai-cross-border-basis.md](openai-cross-border-basis.md) — cross-border data-processing basis
- [production-readiness-checklist.md](production-readiness-checklist.md) — release readiness criteria

## Process and review

- [process-hardening.md](process-hardening.md) — verification gates, CI expectations, known debts
- [codex-review-protocol.md](codex-review-protocol.md) — shared review protocol for all review skills
- [codex-prompt-playbook.md](codex-prompt-playbook.md) — copy/paste prompts for common repo work
- [branch-cleanup-guide.md](branch-cleanup-guide.md) — branch hygiene workflow
- [branch-review-ledger.md](branch-review-ledger.md) — reviewed branch/SHA ledger (append after reviews)

## Plans and workstreams (living)

- [search-rag-master-plan.md](search-rag-master-plan.md) / [search-rag-master-context.md](search-rag-master-context.md) — search/RAG roadmap and shared context
- [rag-hybrid-findings-and-todo.md](rag-hybrid-findings-and-todo.md) — hybrid retrieval findings backlog
- [reindex-shadow-harness-design.md](reindex-shadow-harness-design.md) — designed-only shadow reindex harness (driver not built)
- [forward-codify-retrieval-rpcs-workorder.md](forward-codify-retrieval-rpcs-workorder.md) — retrieval RPC codification workorder
- [ingestion-concurrency-fix-workorder.md](ingestion-concurrency-fix-workorder.md) — ingestion concurrency workorder
- [project-alignment-cleanup.md](project-alignment-cleanup.md) — repo alignment cleanup tracker
- [redesign/](redesign/) — premium redesign plans, decision log, token adoption
- [superpowers/](superpowers/) — agent-authored plans and specs

## Point-in-time records (historical — do not update)

Dated status reports, reviews, and operator decisions. They describe the repo
as it was on that date; supersede with a new dated document rather than editing.

- [audit/](audit/) — repo and UX/accessibility audits
- [capacity-review.md](capacity-review.md), [scale-readiness-review.md](scale-readiness-review.md), [tenancy-defense-in-depth-review.md](tenancy-defense-in-depth-review.md)
- `*-2026-*` findings and status docs, e.g. [chunking-ocr-reindex-lever-finding-2026-07-08.md](chunking-ocr-reindex-lever-finding-2026-07-08.md), [source-governance-status-2026-07-08.md](source-governance-status-2026-07-08.md), [source-governance-priorities-2026-07-02.md](source-governance-priorities-2026-07-02.md), [source-review-priority-2026-07-02.md](source-review-priority-2026-07-02.md), [operator-apply-july8-batch.md](operator-apply-july8-batch.md)

## Archive

- [archive/](archive/) — completed phase plans, superseded designs, and old
progress logs kept for provenance. Never treat archive content as current
guidance.

## Maintenance rules

- Generated files (`site-map.md`) are updated only via their generator scripts.
- When adding a doc, add it to the matching section here; date the filename if
it is a point-in-time record.
- When a maintained doc is superseded, move it to `archive/` and update inbound
links (`npm run docs:check-links` finds broken ones).
69 changes: 31 additions & 38 deletions docs/agents-guide.md
Original file line number Diff line number Diff line change
@@ -1,40 +1,33 @@
# Agents Guide

## Purpose

This repository contains the Clinical KB application. It is a Next.js + Supabase + OpenAI RAG knowledge base for medical guidelines. Agents working with this project should follow these guidelines.

## Getting Started

- Use Node 24 and npm 11; the project uses Next.js v16.
- Copy `.env.example` to `.env.local` and populate secrets. **Never commit actual secrets**.
- Use `npm run ensure` to start or verify the local dev server. It selects a stable port automatically.
- Start the ingestion worker in a separate terminal using `npm run worker`.

## Development Guidelines

- Avoid changing `.env.example` values other than adding placeholders. Do not commit `.env.local`.
- When adding environment variables, update the schema in `src/lib/env.ts` and document them in `.env.example`.
- Use TypeScript and follow existing code patterns; avoid introducing new dependencies unless necessary.
- Run `npm run lint` and `npm run typecheck` before committing.
- Use `npm run test` and `npm run test:e2e` to ensure critical flows remain stable.
- Keep Supabase service role keys on the server; never expose them to the client.

## Routing & Architecture

- The app uses the Next.js App Router under `src/app`.
- API routes live under `src/app/api`.
- Client components are in `src/components`.
- Supabase integration code is in `src/lib/supabase`.

## Performance & Safety

- Use `zod` for request and environment validation.
- Enforce permissions server-side; do not rely on client-side checks.
- Respect the existing rate-limiting and source-governance logic.
- When adding new API endpoints, provide appropriate error handling and status codes.

## Documentation

- Keep the README up to date if you change setup, scripts, or environment variables.
- Add high-level architectural changes or decisions in `docs/`.
Short onboarding pointer. The authoritative, always-current rules for agents
working in this repository live in the root [`AGENTS.md`](../AGENTS.md) —
verification gates, provider confirmation boundaries, Supabase project safety,
review routing, and workflow shortcuts. This page only orients you; it does not
duplicate those rules, so it cannot drift from them.

## Read in this order

1. [`AGENTS.md`](../AGENTS.md) — agent rules, verification gates, shortcuts
(`upload`, `dependency`, `bug-hunter`), and safety boundaries.
2. [`docs/codebase-index.md`](codebase-index.md) — architecture and module map.
3. [`docs/README.md`](README.md) — index of all runbooks, governance docs, and
plans, with maintained vs historical classification.
4. [`docs/site-map.md`](site-map.md) — generated route map.

## Human quickstart

- Node 24.x / npm 11.x are hard requirements (`engine-strict`); the app is
Next.js 16 + Supabase + OpenAI.
- Copy `.env.example` to `.env.local` and fill in values (never commit
secrets). Without Supabase/OpenAI values the app runs in demo mode on a
synthetic corpus.
- `npm run ensure` starts or verifies the dev server on a stable
project-specific port (never assume `localhost:3000`).
- `npm run worker` runs the local ingestion worker in a second terminal.
- When adding environment variables, update the schema in `src/lib/env.ts` and
document them in `.env.example`.
- Before handing off changes: `npm run verify:cheap` first, then
`npm run verify:pr-local` when the change is PR-ready (see
[`docs/process-hardening.md`](process-hardening.md) for the full
verification pyramid).
31 changes: 16 additions & 15 deletions docs/codebase-index.md
Original file line number Diff line number Diff line change
Expand Up @@ -113,12 +113,12 @@ Structured map for AI agents and onboarding. For live routes, see `docs/site-map

### Supabase, auth, env

| Module | Role |
| ------------------------------------------------------------------------------------ | ---------------------------- |
| `supabase/client.tsx`, `server.ts`, `admin.ts`, `auth.ts`, `health.ts`, `project.ts` | Clients and auth |
| `supabase/database.types.ts` | Generated DB types |
| `env.ts` | Zod-validated environment |
| `owner-scope.ts`, `query-privacy.ts`, `privacy.ts`, `audit.ts` | Multi-user scope and privacy |
| Module | Role |
| ------------------------------------------------------------------------------------------------- | ---------------------------- |
| `src/lib/supabase/` — `client.tsx`, `server.ts`, `admin.ts`, `auth.ts`, `health.ts`, `project.ts` | Clients and auth |
| `src/lib/supabase/database.types.ts` | Generated DB types |
| `env.ts` | Zod-validated environment |
| `owner-scope.ts`, `query-privacy.ts`, `privacy.ts`, `audit.ts` | Multi-user scope and privacy |

### Clinical product data

Expand Down Expand Up @@ -284,15 +284,16 @@ One shared composer (`master-search-header.tsx`) serves every mode. Placement:

## Related docs

| Topic | Doc |
| ----------------------- | ---------------------------------------------------------------- |
| Routes and modes | `docs/site-map.md` |
| Search/RAG roadmap | `docs/search-rag-master-plan.md` |
| Reindex operations | `docs/reindex-runbook.md` |
| Production readiness | `docs/production-readiness-checklist.md` |
| Capacity / scale-up | `docs/capacity-review.md`, `docs/auth-connection-cap-runbook.md` |
| Frontend architecture | `docs/frontend-architecture.md` |
| Repo audit (2026-07-01) | `docs/audit/repo-audit-2026-07-01.md` |
| Topic | Doc |
| ------------------------ | ---------------------------------------------------------------- |
| Full documentation index | `docs/README.md` |
| Routes and modes | `docs/site-map.md` |
| Search/RAG roadmap | `docs/search-rag-master-plan.md` |
| Reindex operations | `docs/reindex-runbook.md` |
| Production readiness | `docs/production-readiness-checklist.md` |
| Capacity / scale-up | `docs/capacity-review.md`, `docs/auth-connection-cap-runbook.md` |
| Frontend architecture | `docs/frontend-architecture.md` |
| Repo audit (2026-07-01) | `docs/audit/repo-audit-2026-07-01.md` |

---

Expand Down
2 changes: 1 addition & 1 deletion docs/search-rag-master-context.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ Deployment/config note:

- `.env.example` documents `OPENAI_ANSWER_TIMEOUT_MS=30000`, matching the server default in `src/lib/env.ts`.
- Local `.env.local` may set it explicitly for parity; unset environments rely on the 30000ms server default.
- The historical 12000ms value in `docs/search-rag-phase-0-baseline.md` and `docs/search-rag-master-plan.md` records the Phase 7 rollout, not current guidance.
- The historical 12000ms value in `docs/archive/search-rag-phase-0-baseline.md` and `docs/search-rag-master-plan.md` records the Phase 7 rollout, not current guidance.

## Skill Lenses Used

Expand Down
Loading
Loading