docling-studio/docs/audit/reports/release-0.5.0/01-clean-architecture.md
Pier-Jean Malandrino efc27932dd refactor(audit): remediate 0.5.0 audit findings — clean architecture, security, DRY, SOLID, perf
Closes the 12 MAJ raised by the release/0.5.0 audit pipeline (cf.
docs/audit/reports/release-0.5.0/summary.md → summary-reaudit.md).

Volet 1 — Reasoning architecture (audits 01/02/06/07 strengthening)
  * Domain ports: LLMProvider, ReasoningRunner, ReasoningParseError
  * Domain DTOs: LLMProviderType, ReasoningResult, ReasoningIteration
  * infra/llm/ollama_provider.py — OllamaProvider with health_check
  * infra/docling_agent_reasoning.py — runner adapter, encapsulates the
    private _rag_loop call (tracked at docling-project/docling-agent#26),
    commits OLLAMA_HOST once at boot (eliminates the per-request env race),
    translates upstream IndexError into ReasoningParseError
  * api/reasoning.py — zero coupling to docling-agent / mellea / docling-core,
    consumes app.state.reasoning_runner via the port
  * main.py — DI wires OllamaProvider + DoclingAgentReasoningRunner at boot
    when REASONING_ENABLED=true and deps are importable
  * Rename RAG_* env vars → REASONING_*, endpoint /rag → /reasoning,
    type RAGResult → ReasoningResult, frontend feature flag wiring,
    i18n strings, tests, docs (BREAKING — pre-1.0 surface, no external
    consumers in production)
  * 17 new tests: adapter unit tests with sys.modules stubs, OllamaProvider
    httpx tests, R3 concurrent-host isolation, R6 multi-iteration trace
    serialization, R13 Protocol conformance via isinstance
  * E2E Karate scenario: nav-reasoning hidden when REASONING_ENABLED=false
  * README — Live Reasoning section (env vars, archi, link to issue #26)

Bloc B — Security (audit 08, dev-only context)
  * docker-compose.yml — DEV DEFAULTS header, OpenSearch DISABLE_SECURITY_PLUGIN
    flagged as dev-only with link to OpenSearch security docs
  * main.py — boot warning if NEO4J_URI is set with the default 'changeme'
    password, so prod operators can't silently inherit it

Bloc C — DRY frontend (audit 05)
  * shared/storage/keys.ts — STORAGE_KEYS centralised (theme, locale)
  * features/settings/store.ts — dead apiUrl ref + orphan i18n keys removed
  * api/schemas.py — DOCUMENT_STATUS_UPLOADED constant

Bloc D — Quality (audits 02/06/07/09/10/12)
  * domain/ports.py — DocumentConverter.supports_page_batching property
    (LSP fix, replaces isinstance(ServeConverter) check)
  * domain/ports.py — VectorStore.ping() (encapsulation, replaces
    _vector_store._client.info() reach-around)
  * api/analyses.py + api/ingestion.py — path params {job_id} → {analysis_id}
    aligned with the user-facing terminology (URLs unchanged)
  * api/documents.py — Path.read_bytes() + generate_preview() wrapped in
    asyncio.to_thread, unblocks the FastAPI event loop on /preview
  * infra/docling_tree.py — PEP 604 union for isinstance (Ruff UP038)
  * src/__tests__/integration/ — cross-feature integration test relocated
    out of features/history/ so feature folders stay self-contained
  * Tightened terminal `assert X is not None` checks (isinstance(.., datetime),
    exact value comparisons)

Validation
  * 446 backend pytest, 202 frontend vitest — all green
  * ruff + ruff format + ESLint + Prettier + vue-tsc clean
  * Re-audit verdict: 0 CRIT / 0 MAJ, score ~94/100, GO

Closes #200
2026-04-29 14:00:00 +02:00

2.7 KiB

Rapport d'audit : Hexagonal Architecture (ports & adapters)

Release : 0.5.0
Date : 2026-04-28
Auditeur : claude-code


Score de compliance

Métrique Valeur
Items conformes 14 / 14
Score 100 / 100
Écarts CRITICAL 0
Écarts MAJOR 0
Écarts MINOR 0
Écarts INFO 0

Écarts constatés

Aucun écart détecté.


Points positifs

  • Domain purity : La couche domain/ est totalement isolée. Aucune dépendance à FastAPI, aiosqlite, Pydantic ou infrastructure. Les modèles utilisent uniquement des dataclasses.
  • Ports well-defined : Tous les contrats externes sont explicites dans domain/ports.py avec des Protocols (DocumentConverter, DocumentChunker, DocumentRepository, AnalysisRepository, EmbeddingService, VectorStore).
  • Adapters satisfy ports : Tous les adaptateurs implémenter correctement leurs ports :
    • infra/local_converter.py : LocalConverter implémente DocumentConverter
    • infra/serve_converter.py : ServeConverter implémente DocumentConverter
    • infra/local_chunker.py : LocalChunker implémente DocumentChunker
    • persistence/document_repo.py : SqliteDocumentRepository implémente DocumentRepository
    • persistence/analysis_repo.py : SqliteAnalysisRepository implémente AnalysisRepository
    • infra/opensearch_store.py : OpenSearchStore implémente VectorStore
    • infra/embedding_client.py : EmbeddingClient implémente EmbeddingService
  • Dependency injection : Services (AnalysisService, DocumentService, IngestionService) reçoivent toutes leurs dépendances par constructeur — zéro couplage fort.
  • Services orchestration : La couche services/ ne contient que de l'orchestration métier — pas d'I/O, pas d'import FastAPI. Imports : uniquement domain/ et repos injectés.
  • Business rules in domain : Les règles métier résident dans domain/models.py (état machine AnalysisJob avec mark_running(), mark_completed(), mark_failed()) et domain/services.py (fusion de résultats, classification des erreurs).
  • API layer decoupling : Routes HTTP (api/documents.py, api/analyses.py) importent services, pas persistence/infra directement. Transformation camelCase centralisée dans api/schemas.py.
  • Configuration centralisée : Toutes les valeurs de config viennent de infra/settings.py, construites via Settings.from_env() — zéro hardcoded en dur.
  • Clean main.py : Entry point main.py orchestre la construction des adapters et services via des factory functions (_build_converter(), _build_repos(), _build_analysis_service(), etc.) — injection contrôlée.

Verdict partiel : GO