Skip to content

11. Open Questions & Risks

Architecture questions still open

  1. What is the production deployment target (on-prem DRT, private cloud, K8s)?
  2. Will UC2 scrutiny share the same job pipeline or become a separate workflow engine?
  3. Is UC3 hybrid search still in scope, and which corpus (orders vs applications)?
  4. Was Qdrant/Meilisearch ever integrated on another branch?
  5. What is the system of record for case metadata that should supply prefilled factsheet fields?

Implementation gaps

Gap Evidence
Auth not enforced Routers lack security dependencies
Audit helper unused core/audit.py vs no call sites
No Alembic migrations create_all only
Search clients unused Settings + compose-full only
Embeddings setting unused EMBEDDING_MODEL with no pipeline
Frontend tests missing No test directory
CI missing Docs only

Local ops risks

  • MINIO_* in .env.example vs S3_* in config.py
  • Postgres host port 5433 vs example 5432
  • Vite proxy 8888 vs API 8000
  • README architecture diagram overstates current search wiring

Security / reliability / scale risks

  • Unauthenticated access to court PDFs and factsheets
  • CORS * with credentials
  • LLM cost runaway on large PDFs without strict quotas
  • Worker memory/concurrency under large parallel OCR
  • Single Redis for broker without documented HA
  • Artifact JSON growth in Postgres vs object storage policy unclear

Product / UX assumptions

  • Operators accept polling UX (no websockets/SSE found)
  • Single-tenant deployment
  • English/Indic OCR via OCR_LANGUAGE without per-doc language detection UI

Questions for the original authors

  1. Which OCR engine is preferred in UAT and why?
  2. Is ocr-service (Paddle) a hard dependency for layout mode in their environment?
  3. Timeline for OIDC cutover?
  4. Should private dossiers for this repo stay public on the hub site?

Practical next steps (priority)

  1. Fix .env.example to match S3_* and Postgres port; align Vite proxy
  2. Attach auth dependencies to all /api/v1 routes; remove dev-token for shared envs
  3. Emit audit events on upload/delete/generate/re-run
  4. Add Alembic and baseline migration from current models
  5. Add GitHub/GitLab CI for pytest + lint + frontend typecheck
  6. Either implement post-merge indexing for UC3 or remove search from marketing README until ready
  7. Keep this dossier published only if private-source content is acceptable on the public hub (publish.txt)