feat: K8s corpus config entry, ingestion target, curation policy

configs/default.yaml gains a corpora block with FastAPI and
Kubernetes entries plus default_corpus=fastapi. FastAPI keeps the
existing 0.02 refusal_threshold (matches legacy rag.refusal_threshold
exactly, so production behavior is unchanged). K8s ships a placeholder
0.30 pending the K8s golden dataset sweep — K8s has more cross-
referenced concepts than FastAPI, so relevance spreads across more
chunks per query and the threshold likely lands higher.

security.output.secret_check: true is made explicit in the YAML so
reviewers can see the Task-11 adversarial-review fix is enabled.

New Makefile target 'ingest-k8s' wraps scripts/ingest.py with
--doc-dir and --store-path flags, targeting data/k8s_docs and
.cache/store_k8s. scripts/ingest.py already supports those flags —
no script change needed.

data/k8s_docs/ is created with a .gitkeep and a SOURCES.md that
documents the curation policy: ~30-40 pages chosen around recruiter-
likely concepts (Pod, Deployment, Service, Ingress, ConfigMap, RBAC)
plus cross-referencing overview pages that stress the reranker.
Tutorials, cluster admin deep-dives, and kubectl reference are
explicitly out of scope. Each ingested page will have URL + date
pulled + one-line rationale.

app.py: the Task-2 rag.refusal_threshold warning is tightened to
fire only on genuine drift (legacy value non-default AND not equal
to the default corpus's threshold). The default.yaml in this commit
has both at 0.02, so the warning is silent — as intended.

Makefile

@@ -1,6 +1,6 @@
 PYTHON ?= /usr/local/opt/python@3.11/bin/python3.11
 
-.PHONY: install test lint serve ingest evaluate-fast evaluate-full benchmark evaluate-langchain docker modal-deploy modal-stop vllm-up benchmark-all k8s-dev k8s-prod tf-plan tf-validate
+.PHONY: install test lint serve ingest ingest-k8s evaluate-fast evaluate-full benchmark evaluate-langchain docker modal-deploy modal-stop vllm-up benchmark-all k8s-dev k8s-prod tf-plan tf-validate
 
 install:
 	$(PYTHON) -m pip install -e ".[dev]"
@@ -19,6 +19,9 @@ serve:
 ingest:
 	$(PYTHON) scripts/ingest.py --config configs/tasks/tech_docs.yaml
 
+ingest-k8s:  ## Ingest Kubernetes docs into .cache/store_k8s
+	$(PYTHON) scripts/ingest.py --doc-dir data/k8s_docs --store-path .cache/store_k8s
+
 evaluate-fast:
 	$(PYTHON) scripts/evaluate.py --config configs/default.yaml --mode deterministic
 

agent_bench/serving/app.py

@@ -175,15 +175,21 @@ def create_app(config: AppConfig | None = None) -> FastAPI:
             providers=list(providers.keys()),
         )
 
-        # Fix #3: legacy rag.refusal_threshold is ignored in multi-corpus mode;
-        # per-corpus refusal_threshold is authoritative. Warn loudly so config
-        # drift surfaces at startup instead of becoming a silent divergence.
-        if config.rag.refusal_threshold != 0.0:
+        # Legacy rag.refusal_threshold is ignored in multi-corpus mode;
+        # per-corpus refusal_threshold is authoritative. Only warn when the
+        # legacy value is non-default AND differs from the default corpus's
+        # threshold — that is the actual drift case. A legacy value that
+        # matches the default corpus is benign (someone kept both in sync).
+        legacy_thresh = config.rag.refusal_threshold
+        default_thresh = config.corpora[config.default_corpus].refusal_threshold
+        if legacy_thresh != 0.0 and legacy_thresh != default_thresh:
             log.warning(
-                "rag_refusal_threshold_ignored_in_multi_corpus_mode",
-                legacy_value=config.rag.refusal_threshold,
-                authoritative_source="corpora.<name>.refusal_threshold",
-                hint="remove rag.refusal_threshold from config to silence",
+                "rag_refusal_threshold_drift_in_multi_corpus_mode",
+                legacy_value=legacy_thresh,
+                default_corpus=config.default_corpus,
+                default_corpus_value=default_thresh,
+                hint="rag.refusal_threshold is ignored; "
+                     "update corpora.<name>.refusal_threshold instead",
             )
 
         # AppConfig._validate_default_corpus guarantees default_corpus is in

configs/default.yaml

@@ -74,9 +74,38 @@ security:
     enabled: true
     pii_check: true
     url_check: true
+    secret_check: true
     blocklist: []
   audit:
     enabled: true
     path: logs/audit.jsonl
     max_size_mb: 100
     rotate: true
+
+# --- Multi-corpus ---
+# Per-corpus store paths, refusal thresholds, and iteration limits.
+# Default_corpus must be a key in corpora (enforced by AppConfig validator).
+#
+# NOTE: rag.refusal_threshold above is ignored when corpora is non-empty.
+# Each corpus declares its own refusal_threshold below; a startup warning
+# fires if the legacy field is non-default to surface drift.
+default_corpus: fastapi
+
+corpora:
+  fastapi:
+    label: "FastAPI Docs"
+    store_path: .cache/store
+    data_path: data/tech_docs
+    refusal_threshold: 0.02  # matches legacy rag.refusal_threshold
+    top_k: 5
+    max_iterations: 3
+  k8s:
+    label: "Kubernetes"
+    store_path: .cache/store_k8s
+    data_path: data/k8s_docs
+    # PLACEHOLDER — tune against K8s golden dataset once it exists.
+    # K8s has more cross-referenced concepts than FastAPI, so relevance
+    # spreads across more chunks; the threshold likely lands higher.
+    refusal_threshold: 0.30
+    top_k: 5
+    max_iterations: 3

data/k8s_docs/SOURCES.md

@@ -0,0 +1,62 @@
+# Kubernetes Corpus Sources
+
+**Status:** Placeholder — curation scheduled as a separate work session
+outside the multi-corpus refactor.
+
+**Target:** ~30–40 markdown files from kubernetes.io/docs covering the
+concepts a technical reviewer would naturally type into the demo —
+not comprehensive K8s coverage.
+
+## Scope
+
+**Include:**
+
+- Core workload concepts: Pod, Deployment, StatefulSet, DaemonSet, Job,
+  CronJob, ReplicaSet
+- Networking: Service, Ingress, NetworkPolicy, EndpointSlice
+- Config + state: ConfigMap, Secret, Volume, PersistentVolume, Namespace
+- Access control: RBAC (Role, RoleBinding, ServiceAccount)
+- Cross-referencing overview pages: "Connecting Applications with
+  Services", "Workload Resources", "Services, Load Balancing, and
+  Networking" — these stress the reranker because relevance spreads
+  across multiple chunks per query
+
+**Exclude:**
+
+- Cluster administration deep-dives (etcd, kubelet, kube-apiserver
+  internals) — wrong audience for a recruiter-facing demo
+- Tutorials (long-form, chunk poorly, hurt retrieval precision)
+- kubectl command reference and API reference — wrong shape for RAG,
+  better served by `--help`
+- Release notes and version history — no lasting value for Q&A
+
+## Curation policy
+
+This corpus targets **recruiter-likely questions**, not coverage. A
+question about etcd raft internals will be correctly refused — the
+refusal mechanism is part of the demo story, not a failure mode.
+
+Each ingested file below must have:
+
+- A URL (source of truth, for re-scraping if content drifts)
+- A date pulled (provenance, for audit)
+- A one-line rationale (why this page is in scope)
+
+| URL | Date pulled | Rationale |
+|-----|------------|-----------|
+| _TBD_ | _TBD_ | _TBD_ |
+
+See `docs/plans/2026-04-12-multi-corpus-refactor-design.md` section
+"Corpus Curation — Kubernetes" for the full policy.
+
+## Ingestion
+
+Once curated files are in place, run:
+
+```bash
+make ingest-k8s
+```
+
+This populates `.cache/store_k8s/` with embeddings + BM25 index matching
+the FastAPI corpus's chunker settings (recursive, 512-token chunks,
+64-token overlap).