fix: remove secret scanner alert, OLLAMA_HOST in embedding.py, exp08 JudgeClient mock#9
Merged
Conversation
… embedding.py, fix exp08 JudgeClient silent mock - .env.example: replace inline URI-with-credentials comment (triggered GitHub secret scanner) with a plain description; no real credentials were present - embedding.py: read OLLAMA_HOST env var instead of hardcoding the URL, consistent with database_handlers.py, rag.py, and log_parser.py - experiments/08_rag_real_world: align JudgeClient with experiment 07 — raise ValueError on missing API keys instead of silently setting client=None, and return 0.0 with a warning on retry exhaustion instead of silent 0.5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three follow-up fixes identified during code review of PR #8.
Changes
Security: remove credential pattern from
.env.exampleThe comment block in
.env.examplecontained an inline URI example in the formmongodb+srv://user:pass@cluster.mongodb.net/which triggered GitHub's secret scanner alert. No real credentials were present — this was placeholder text. The comment has been rewritten as a plain description pointing users to the Atlas UI, removing the pattern that matched the scanner rule.backend/app/core/embedding.py— readOLLAMA_HOSTenv varEmbeddingCreatorwas hardcodingurl="http://localhost:11435/api/embeddings"directly in theOllamaEmbeddingFunctionconstructor. Every other file in the backend (database_handlers.py,rag.py,log_parser.py) was updated in the previous round to read fromos.environ.get("OLLAMA_HOST", "http://localhost:11435"). This makesembedding.pyconsistent with the rest of the codebase, so a non-default Ollama host only needs to be set in one place.experiments/08_rag_real_world/run_experiment.py— fix silent mock scoring inJudgeClientThe
JudgeClientclass in experiment 08 was not updated when the identical class in experiment 07 was fixed. Specifically:_init_client()was silently settingself.client = NonewhenOPENAI_API_KEYorGROQ_API_KEYwere absent, instead of raising an errorscore()was returning a fixed0.5both on the null-client early-exit path and after retry exhaustionA run with a missing or misconfigured API key would produce output indistinguishable from a real run, with fabricated scores. Both paths now match experiment 07:
_init_client()raisesValueErroron missing keys, andscore()returns0.0with an explicit warning after retry exhaustion.Related
Closes the remaining items from the review of #8.
cc @chxmq — tagging you for review since these are fixes to code you authored.