Skip to content

00. Evidence Map

Repository inspected

Item Value
Remote https://github.com/Hari31416/ocr-service (private)
Local checkout repos/ocr-service
Inspected on 2026-07-09
HEAD at clone 55a7788948442a2529080e4f5a1a51e9cfb4071a

Areas inspected

Area Paths Depth
Manifests pyproject.toml, uv.lock, frontend/package.json, frontend/pnpm-lock.yaml Full
App entry main.py, app/main.py, app/config.py Full
API app/api/ocr.py, app/schemas/ocr.py Full
Pipeline app/services/pipeline.py, paddleocr_pipeline.py, app/services/vlm_client.py Full / deep skim
Providers app/services/nvidia/extractor.py, sarvam/extractor.py, vlm/extractor.py Deep skim
Tasks app/tasks/celery_app.py, app/tasks/ocr_task.py Full
Storage app/services/storage.py Full
Prompts app/prompts/ Skim
Frontend frontend/src/App.tsx, frontend/src/lib/api.ts Full / deep skim
Infra docker-compose.yml, docker-compose-full.yml, Dockerfile.*, Makefile, .env.example Full
Docs README.md, docs/**, docs/decisions/architectural-decisions.md Skim + ADRs full
Tests tests/conftest.py, test_api.py, test_tasks.py, test_pipeline_prompt.py Full listing + skim

Intentionally skipped

  • uv.lock / pnpm-lock.yaml contents (dependency resolution only)
  • Generated jobs/, volumes/, logs/, .venv, node_modules (not present or gitignored)
  • Live GPU/Paddle inference runs (no models exercised in this inspection)
  • Full line-by-line read of every shadcn UI primitive under frontend/src/components/ui/

Commands run during inspection

git clone https://github.com/Hari31416/ocr-service.git repos/ocr-service
rg --files   # source inventory
# Targeted reads of README, config, API, tasks, pipeline, frontend, compose, tests

No pytest or Docker stack was executed during dossier authoring (Unknown: runtime behavior of live Paddle/NIM/Sarvam calls).

Confidence by subsystem

Subsystem Confidence Notes
Job API + Redis status High Direct code + tests
Layout + VLM pipeline wiring High pipeline.py + ocr_task.py + ADRs
LiteLLM / Paddle client routing High vlm_client.py, is_paddle_model
NVIDIA / Sarvam extractors Medium-High Read entrypoints; not live-tested
Frontend polling UX High App.tsx + api.ts
Docker full stack Medium Compose read; ARM64 caveat from README
Production security posture Medium Absence of auth is clear; threat model not documented
Disk cleanup / retention ops Low TTL on Redis only; no cleanup job found

Confirmed / Inferred / Unknown

Confirmed

  • FastAPI + Celery + Redis + filesystem architecture (README.md, app/main.py, app/tasks/)
  • Four modes: layout, vlm, nvidia, sarvam (ocr_task.py, frontend VLM_MODES)
  • Job Redis hash TTL 86400s (app/api/ocr.py, app/tasks/ocr_task.py)
  • UUID4-hex job IDs validated before mkdir (app/services/storage.py)
  • Extension allowlist on upload; no server-side max size (app/api/ocr.py)
  • No auth middleware (app/main.py)
  • Pytest covers API + mocked task paths (tests/)
  • Not an agentic system (no tool loop / planner)

Inferred

  • Intended for internal / trusted-network use given open CORS and no auth
  • Solo Celery pool + prefetch comment mismatch suggests local-dev orientation
  • HTML iframe srcDoc preview can execute script from OCR output (XSS risk)

Unknown

  • Whether a disk retention / GC job exists outside this repo
  • Production deployment topology (K8s, GPU nodes, shared volume strategy)
  • Real accuracy / latency benchmarks for each provider mode
  • Why AGENTS.md mentions Minio/Postgres/Qdrant when the service uses Redis + FS only (stale template)