docling-studio/docker-compose.yml
Pier-Jean Malandrino efc27932dd refactor(audit): remediate 0.5.0 audit findings — clean architecture, security, DRY, SOLID, perf
Closes the 12 MAJ raised by the release/0.5.0 audit pipeline (cf.
docs/audit/reports/release-0.5.0/summary.md → summary-reaudit.md).

Volet 1 — Reasoning architecture (audits 01/02/06/07 strengthening)
  * Domain ports: LLMProvider, ReasoningRunner, ReasoningParseError
  * Domain DTOs: LLMProviderType, ReasoningResult, ReasoningIteration
  * infra/llm/ollama_provider.py — OllamaProvider with health_check
  * infra/docling_agent_reasoning.py — runner adapter, encapsulates the
    private _rag_loop call (tracked at docling-project/docling-agent#26),
    commits OLLAMA_HOST once at boot (eliminates the per-request env race),
    translates upstream IndexError into ReasoningParseError
  * api/reasoning.py — zero coupling to docling-agent / mellea / docling-core,
    consumes app.state.reasoning_runner via the port
  * main.py — DI wires OllamaProvider + DoclingAgentReasoningRunner at boot
    when REASONING_ENABLED=true and deps are importable
  * Rename RAG_* env vars → REASONING_*, endpoint /rag → /reasoning,
    type RAGResult → ReasoningResult, frontend feature flag wiring,
    i18n strings, tests, docs (BREAKING — pre-1.0 surface, no external
    consumers in production)
  * 17 new tests: adapter unit tests with sys.modules stubs, OllamaProvider
    httpx tests, R3 concurrent-host isolation, R6 multi-iteration trace
    serialization, R13 Protocol conformance via isinstance
  * E2E Karate scenario: nav-reasoning hidden when REASONING_ENABLED=false
  * README — Live Reasoning section (env vars, archi, link to issue #26)

Bloc B — Security (audit 08, dev-only context)
  * docker-compose.yml — DEV DEFAULTS header, OpenSearch DISABLE_SECURITY_PLUGIN
    flagged as dev-only with link to OpenSearch security docs
  * main.py — boot warning if NEO4J_URI is set with the default 'changeme'
    password, so prod operators can't silently inherit it

Bloc C — DRY frontend (audit 05)
  * shared/storage/keys.ts — STORAGE_KEYS centralised (theme, locale)
  * features/settings/store.ts — dead apiUrl ref + orphan i18n keys removed
  * api/schemas.py — DOCUMENT_STATUS_UPLOADED constant

Bloc D — Quality (audits 02/06/07/09/10/12)
  * domain/ports.py — DocumentConverter.supports_page_batching property
    (LSP fix, replaces isinstance(ServeConverter) check)
  * domain/ports.py — VectorStore.ping() (encapsulation, replaces
    _vector_store._client.info() reach-around)
  * api/analyses.py + api/ingestion.py — path params {job_id} → {analysis_id}
    aligned with the user-facing terminology (URLs unchanged)
  * api/documents.py — Path.read_bytes() + generate_preview() wrapped in
    asyncio.to_thread, unblocks the FastAPI event loop on /preview
  * infra/docling_tree.py — PEP 604 union for isinstance (Ruff UP038)
  * src/__tests__/integration/ — cross-feature integration test relocated
    out of features/history/ so feature folders stay self-contained
  * Tightened terminal `assert X is not None` checks (isinstance(.., datetime),
    exact value comparisons)

Validation
  * 446 backend pytest, 202 frontend vitest — all green
  * ruff + ruff format + ESLint + Prettier + vue-tsc clean
  * Re-audit verdict: 0 CRIT / 0 MAJ, score ~94/100, GO

Closes #200
2026-04-29 14:00:00 +02:00

128 lines
4.5 KiB
YAML

# =============================================================================
# Docling Studio — local development / quick-start compose.
#
# DEV DEFAULTS — NOT PRODUCTION-READY.
# This file ships sensible defaults for `docker compose up` to "just work" on
# a developer laptop. It is NOT a production deployment template:
# - Neo4j boots with `NEO4J_PASSWORD=changeme` if the env var is unset.
# - OpenSearch runs single-node with `DISABLE_SECURITY_PLUGIN=true`
# (no TLS, no auth). Fine for local indexing experiments, never for
# anything reachable from outside `localhost`.
# - No HTTPS termination, no reverse-proxy hardening, no rate limit on
# the embedding/OpenSearch services, ports bound to all interfaces.
#
# Operators running their own Docling Studio instance MUST:
# 1. Override `NEO4J_PASSWORD` (and rotate it) — see `.env.example`.
# 2. Re-enable the OpenSearch security plugin and configure TLS/users —
# see https://opensearch.org/docs/latest/security/.
# 3. Bind sensitive services to internal networks only, terminate TLS at
# a reverse proxy, and align CORS_ORIGINS / RATE_LIMIT_RPM with the
# deployment surface.
#
# The audit pipeline expects this file to flag the dev defaults as such —
# don't silently strengthen them here without also updating the dev DX.
# =============================================================================
services:
# --- Neo4j (graph-native document structure) ---
# Dev-only auth: NEO4J_PASSWORD defaults to "changeme". Override in
# `.env` (or any orchestrator secret store) before exposing this stack.
neo4j:
profiles: ["ingestion"]
image: neo4j:5.15-community
environment:
NEO4J_AUTH: ${NEO4J_USER:-neo4j}/${NEO4J_PASSWORD:-changeme}
NEO4J_server_memory_heap_initial__size: 512m
NEO4J_server_memory_heap_max__size: 1g
volumes:
- neo4j_data:/data
- neo4j_logs:/logs
healthcheck:
test: ["CMD-SHELL", "cypher-shell -u $${NEO4J_USER:-neo4j} -p $${NEO4J_PASSWORD:-changeme} 'RETURN 1' || exit 1"]
interval: 10s
timeout: 5s
retries: 10
start_period: 30s
# --- OpenSearch (single-node, security DISABLED — DEV ONLY) ---
# `DISABLE_SECURITY_PLUGIN: "true"` removes auth, TLS, and audit logging.
# This is fine for a local dev cluster bound to 127.0.0.1; it is NOT safe
# for anything reachable from another host. For production, drop this
# var, switch to a hardened image, and configure users + TLS:
# https://opensearch.org/docs/latest/security/configuration/
opensearch:
profiles: ["ingestion"]
image: opensearchproject/opensearch:2
environment:
discovery.type: single-node
DISABLE_SECURITY_PLUGIN: "true"
OPENSEARCH_JAVA_OPTS: "-Xms512m -Xmx512m"
volumes:
- opensearch_data:/usr/share/opensearch/data
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:9200/_cluster/health || exit 1"]
interval: 10s
timeout: 5s
retries: 10
# --- Embedding service (sentence-transformers) ---
embedding:
profiles: ["ingestion"]
build:
context: ./embedding-service
environment:
EMBEDDING_MODEL: ${EMBEDDING_MODEL:-all-MiniLM-L6-v2}
EMBEDDING_BATCH_SIZE: ${EMBEDDING_BATCH_SIZE:-64}
healthcheck:
test: ["CMD-SHELL", "curl -sf http://localhost:8001/health || exit 1"]
interval: 15s
timeout: 10s
retries: 20
start_period: 120s
deploy:
resources:
limits:
memory: 2g
# --- Backend (FastAPI) ---
document-parser:
build:
context: ./document-parser
target: ${CONVERSION_MODE:-local}
expose:
- "8000"
volumes:
- uploads_data:/app/uploads
- db_data:/app/data
environment:
CORS_ORIGINS: ${CORS_ORIGINS:-http://localhost:3000,http://localhost:5173}
DOCLING_SERVE_URL: ${DOCLING_SERVE_URL:-}
DOCLING_SERVE_API_KEY: ${DOCLING_SERVE_API_KEY:-}
RATE_LIMIT_RPM: ${RATE_LIMIT_RPM:-100}
MAX_FILE_SIZE_MB: ${MAX_FILE_SIZE_MB:-50}
BATCH_PAGE_SIZE: ${BATCH_PAGE_SIZE:-10}
OPENSEARCH_URL: ${OPENSEARCH_URL:-}
EMBEDDING_URL: ${EMBEDDING_URL:-}
NEO4J_URI: ${NEO4J_URI:-}
NEO4J_USER: ${NEO4J_USER:-neo4j}
NEO4J_PASSWORD: ${NEO4J_PASSWORD:-changeme}
deploy:
resources:
limits:
memory: 4g
# --- Frontend (nginx) ---
frontend:
build:
context: ./frontend
ports:
- "3000:80"
depends_on:
- document-parser
volumes:
opensearch_data:
neo4j_data:
neo4j_logs:
uploads_data:
db_data: