Fix: empty Neo4j startup + auto-seed on first boot

.gitignore

@@ -18,6 +18,10 @@ frontend/out/
 # Docker volumes (local)
 neo4j_data/
 
+# Neo4j dump — large binary, excluded from HF push
+docker/neo4j.dump
+neo4j_dump/
+
 # OS
 .DS_Store
 Thumbs.db

Dockerfile

@@ -43,24 +43,17 @@ RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
     && apt-get install -y --no-install-recommends nodejs \
     && rm -rf /var/lib/apt/lists/*
 
-# ── Neo4j Community 5.x ───────────────────────────────────────────────────────
-ENV NEO4J_VERSION=5.18.0
+# ── Neo4j Community 2026.04.0 ─────────────────────────────────────────────────
+ENV NEO4J_VERSION=2026.04.0
 ENV NEO4J_HOME=/opt/neo4j
 ENV PATH="${NEO4J_HOME}/bin:${PATH}"
 
-ENV APOC_VERSION=5.18.0
-
 RUN wget -q "https://dist.neo4j.org/neo4j-community-${NEO4J_VERSION}-unix.tar.gz" \
     && tar -xzf "neo4j-community-${NEO4J_VERSION}-unix.tar.gz" -C /opt \
     && mv "/opt/neo4j-community-${NEO4J_VERSION}" /opt/neo4j \
     && rm "neo4j-community-${NEO4J_VERSION}-unix.tar.gz" \
     && rm -rf /opt/neo4j/data  # will be symlinked to /data at runtime
 
-# Download APOC plugin (Community-compatible jar)
-RUN wget -q \
-    "https://github.com/neo4j/apoc/releases/download/${APOC_VERSION}/apoc-${APOC_VERSION}-core.jar" \
-    -O /opt/neo4j/plugins/apoc-${APOC_VERSION}-core.jar
-
 # Neo4j configuration — listen on all interfaces, use /data for persistence
 RUN { \
     echo "server.bolt.listen_address=0.0.0.0:7687"; \
@@ -68,9 +61,7 @@ RUN { \
     echo "server.directories.data=/data/neo4j/data"; \
     echo "server.directories.logs=/data/neo4j/logs"; \
     echo "server.directories.plugins=/opt/neo4j/plugins"; \
-    echo "dbms.security.auth_enabled=false"; \
-    echo "dbms.security.procedures.unrestricted=apoc.*"; \
-    echo "dbms.security.procedures.allowlist=apoc.*"; \
+    echo "dbms.security.auth_enabled=true"; \
     echo "server.memory.heap.initial_size=512m"; \
     echo "server.memory.heap.max_size=1g"; \
     echo "server.memory.pagecache.size=256m"; \
@@ -95,11 +86,12 @@ COPY --from=frontend-builder /build/frontend/.next/static ./.next/static
 COPY --from=frontend-builder /build/frontend/public ./public
 
 # ── Config files ───────────────────────────────────────────────────────────────
-COPY docker/nginx.conf        /app/docker/nginx.conf
-COPY docker/supervisord.conf  /app/docker/supervisord.conf
-COPY docker/entrypoint.sh     /app/docker/entrypoint.sh
+COPY docker/nginx.conf          /app/docker/nginx.conf
+COPY docker/supervisord.conf    /app/docker/supervisord.conf
+COPY docker/entrypoint.sh       /app/docker/entrypoint.sh
+COPY docker/seed_on_startup.sh  /app/docker/seed_on_startup.sh
 
-RUN chmod +x /app/docker/entrypoint.sh
+RUN chmod +x /app/docker/entrypoint.sh /app/docker/seed_on_startup.sh
 
 # ── Nginx writable dirs (runs without root after init) ────────────────────────
 RUN mkdir -p /tmp/nginx-cache /tmp/nginx-body /tmp/nginx-run \
@@ -113,8 +105,6 @@ ENV NEO4J_URI=bolt://127.0.0.1:7687
 ENV NEO4J_USERNAME=neo4j
 ENV NEO4J_PASSWORD=clinicalmatch2024
 ENV NEO4J_DATABASE=neo4j
-# NEO4J_AUTH tells Neo4j 5.x to set this password on first boot (format: user/pass)
-ENV NEO4J_AUTH=none
 
 # LLM — OpenAI-compatible (set real values via HF Spaces secrets)
 ENV OPENAI_API_KEY=""

backend/seeder_v2.log

@@ -0,0 +1,128 @@
+============================================================
+ClinicalMatch AI — Graph Seeder v2
+100 k synthetic patients · 20 oncology conditions
+============================================================
+
+[1/5] Seeding clinical trials from ClinicalTrials.gov...
+  breast cancer: 50 trials fetched
+  prostate cancer: 50 trials fetched
+  non-small cell lung cancer: 50 trials fetched
+  colorectal cancer: 50 trials fetched
+  ovarian cancer: 50 trials fetched
+  melanoma: 50 trials fetched
+  leukemia: 50 trials fetched
+  lymphoma: 50 trials fetched
+  glioblastoma: 50 trials fetched
+  pancreatic cancer: 50 trials fetched
+  bladder cancer: 50 trials fetched
+  renal cell carcinoma: 50 trials fetched
+  thyroid cancer: 50 trials fetched
+  multiple myeloma: 50 trials fetched
+  endometrial cancer: 50 trials fetched
+  cervical cancer: 50 trials fetched
+  gastric cancer: 50 trials fetched
+  hepatocellular carcinoma: 50 trials fetched
+  head and neck cancer: 50 trials fetched
+  sarcoma: 50 trials fetched
+  Total trials seeded: 1000
+
+[2/5] Seeding medications from RxNorm...
+  trastuzumab: 5 RxCUI concepts
+  pembrolizumab: 5 RxCUI concepts
+  nivolumab: 5 RxCUI concepts
+  osimertinib: 4 RxCUI concepts
+  olaparib: 5 RxCUI concepts
+  enzalutamide: 5 RxCUI concepts
+  bevacizumab: 5 RxCUI concepts
+  rituximab: 5 RxCUI concepts
+  imatinib: 5 RxCUI concepts
+  dabrafenib: 5 RxCUI concepts
+  vemurafenib: 2 RxCUI concepts
+  atezolizumab: 5 RxCUI concepts
+  durvalumab: 4 RxCUI concepts
+  cetuximab: 4 RxCUI concepts
+  erlotinib: 5 RxCUI concepts
+  capecitabine: 4 RxCUI concepts
+  Total medications seeded: 16
+
+[3/5] Seeding diagnoses from ICD-10 CM...
+  ICD-10 C50: 20 codes
+  ICD-10 C61: 1 codes
+  ICD-10 C34: 16 codes
+  ICD-10 C18: 10 codes
+  ICD-10 C56: 4 codes
+  ICD-10 C43: 20 codes
+  ICD-10 C91: 20 codes
+  ICD-10 C85: 20 codes
+  ICD-10 C71: 10 codes
+  ICD-10 C25: 8 codes
+  Total diagnoses seeded: 129
+
+[4/5] Seeding supporting literature from PubMed...
+  breast cancer: 5 publications linked
+  prostate cancer: 5 publications linked
+  non-small cell lung cancer: 5 publications linked
+  colorectal cancer: 5 publications linked
+  ovarian cancer: 5 publications linked
+  Total publications seeded: 25
+
+[5/5] Seeding biomarkers (curated from COSMIC/NCIT)...
+  57 biomarkers seeded and linked to conditions
+
+[+] Deriving eligibility relationships...
+  Eligibility relationships derived.
+
+[6/6] Generating 100,000 clinically-informed synthetic patients...
+      (SEER incidence weights · TCGA biomarker prevalence · US Census demographics)
+  breast cancer: 17,222 patients — already done, skipping
+  non-small cell lung cancer: 14,444 patients (40 trials)  [resuming from 4,000]
+    ↳ wrote 10,444 patients  |  total so far: 31,666/100,000  |  edges: 351,181
+  prostate cancer: 10,556 patients (44 trials)
+    ↳ wrote 10,556 patients  |  total so far: 42,222/100,000  |  edges: 766,259
+  colorectal cancer: 9,444 patients (34 trials)
+    ↳ wrote 9,444 patients  |  total so far: 51,666/100,000  |  edges: 1,047,777
+  melanoma: 6,111 patients (56 trials)
+    ↳ wrote 6,111 patients  |  total so far: 57,777/100,000  |  edges: 1,329,267
+  bladder cancer: 5,000 patients (41 trials)
+    ↳ wrote 5,000 patients  |  total so far: 62,777/100,000  |  edges: 1,509,909
+  renal cell carcinoma: 4,667 patients (42 trials)
+    ↳ wrote 4,667 patients  |  total so far: 67,444/100,000  |  edges: 1,687,802
+  lymphoma: 4,667 patients (46 trials)
+    ↳ wrote 4,667 patients  |  total so far: 72,111/100,000  |  edges: 1,847,153
+  endometrial cancer: 4,222 patients (40 trials)
+    ↳ wrote 4,222 patients  |  total so far: 76,333/100,000  |  edges: 1,992,865
+  leukemia: 3,889 patients (27 trials)
+    ↳ wrote 3,889 patients  |  total so far: 80,222/100,000  |  edges: 2,071,433
+  pancreatic cancer: 3,667 patients (35 trials)
+    ↳ wrote 3,667 patients  |  total so far: 83,889/100,000  |  edges: 2,172,901
+  thyroid cancer: 3,333 patients (41 trials)
+    ↳ wrote 3,333 patients  |  total so far: 87,222/100,000  |  edges: 2,302,009
+  multiple myeloma: 2,778 patients (50 trials)
+    ↳ wrote 2,778 patients  |  total so far: 90,000/100,000  |  edges: 2,415,994
+  gastric cancer: 2,000 patients (38 trials)
+    ↳ wrote 2,000 patients  |  total so far: 92,000/100,000  |  edges: 2,474,564
+  ovarian cancer: 2,000 patients (29 trials)
+    ↳ wrote 2,000 patients  |  total so far: 94,000/100,000  |  edges: 2,516,658
+  hepatocellular carcinoma: 1,667 patients (47 trials)
+    ↳ wrote 1,667 patients  |  total so far: 95,667/100,000  |  edges: 2,578,834
+  glioblastoma: 1,333 patients (45 trials)
+    ↳ wrote 1,333 patients  |  total so far: 97,000/100,000  |  edges: 2,623,714
+  head and neck cancer: 1,333 patients (49 trials)
+    ↳ wrote 1,333 patients  |  total so far: 98,333/100,000  |  edges: 2,677,369
+  cervical cancer: 889 patients (10 trials)
+    ↳ wrote 889 patients  |  total so far: 99,222/100,000  |  edges: 2,685,508
+  sarcoma: 778 patients (50 trials)
+    ↳ wrote 778 patients  |  total so far: 100,000/100,000  |  edges: 2,717,650
+
+  ✓ Total patients: 100,000
+  ✓ Total ELIGIBLE_FOR edges: 2,717,650
+
+============================================================
+Seeding complete in 21.1 min
+  Trials:       1000
+  Medications:  16
+  Diagnoses:    129
+  Publications: 25
+  Biomarkers:   57
+  Patients:     100,000
+============================================================

docker-compose.yml

@@ -18,7 +18,7 @@ services:
     container_name: clinicalmatch-neo4j
     restart: unless-stopped
     ports:
-      - "7476:7474"    # Neo4j Browser
+      - "7474:7474"    # Neo4j Browser
       - "7687:7687"    # Bolt
     volumes:
       - neo4j_data:/data

docker/Dockerfile

@@ -43,24 +43,17 @@ RUN curl -fsSL https://deb.nodesource.com/setup_20.x | bash - \
     && apt-get install -y --no-install-recommends nodejs \
     && rm -rf /var/lib/apt/lists/*
 
-# ── Neo4j Community 5.x ───────────────────────────────────────────────────────
-ENV NEO4J_VERSION=5.18.0
+# ── Neo4j Community 2026.04.0 ─────────────────────────────────────────────────
+ENV NEO4J_VERSION=2026.04.0
 ENV NEO4J_HOME=/opt/neo4j
 ENV PATH="${NEO4J_HOME}/bin:${PATH}"
 
-ENV APOC_VERSION=5.18.0
-
 RUN wget -q "https://dist.neo4j.org/neo4j-community-${NEO4J_VERSION}-unix.tar.gz" \
     && tar -xzf "neo4j-community-${NEO4J_VERSION}-unix.tar.gz" -C /opt \
     && mv "/opt/neo4j-community-${NEO4J_VERSION}" /opt/neo4j \
     && rm "neo4j-community-${NEO4J_VERSION}-unix.tar.gz" \
     && rm -rf /opt/neo4j/data  # will be symlinked to /data at runtime
 
-# Download APOC plugin (Community-compatible jar)
-RUN wget -q \
-    "https://github.com/neo4j/apoc/releases/download/${APOC_VERSION}/apoc-${APOC_VERSION}-core.jar" \
-    -O /opt/neo4j/plugins/apoc-${APOC_VERSION}-core.jar
-
 # Neo4j configuration — listen on all interfaces, use /data for persistence
 RUN { \
     echo "server.bolt.listen_address=0.0.0.0:7687"; \
@@ -68,9 +61,7 @@ RUN { \
     echo "server.directories.data=/data/neo4j/data"; \
     echo "server.directories.logs=/data/neo4j/logs"; \
     echo "server.directories.plugins=/opt/neo4j/plugins"; \
-    echo "dbms.security.auth_enabled=false"; \
-    echo "dbms.security.procedures.unrestricted=apoc.*"; \
-    echo "dbms.security.procedures.allowlist=apoc.*"; \
+    echo "dbms.security.auth_enabled=true"; \
     echo "server.memory.heap.initial_size=512m"; \
     echo "server.memory.heap.max_size=1g"; \
     echo "server.memory.pagecache.size=256m"; \
@@ -94,6 +85,9 @@ COPY --from=frontend-builder /build/frontend/.next/standalone ./
 COPY --from=frontend-builder /build/frontend/.next/static ./.next/static
 COPY --from=frontend-builder /build/frontend/public ./public
 
+# ── Neo4j seed dump ────────────────────────────────────────────────────────────
+COPY docker/neo4j.dump        /app/docker/neo4j.dump
+
 # ── Config files ───────────────────────────────────────────────────────────────
 COPY docker/nginx.conf        /app/docker/nginx.conf
 COPY docker/supervisord.conf  /app/docker/supervisord.conf
@@ -113,8 +107,6 @@ ENV NEO4J_URI=bolt://127.0.0.1:7687
 ENV NEO4J_USERNAME=neo4j
 ENV NEO4J_PASSWORD=clinicalmatch2024
 ENV NEO4J_DATABASE=neo4j
-# NEO4J_AUTH tells Neo4j 5.x to set this password on first boot (format: user/pass)
-ENV NEO4J_AUTH=none
 
 # LLM — OpenAI-compatible (set real values via HF Spaces secrets)
 ENV OPENAI_API_KEY=""

docker/entrypoint.sh

@@ -3,19 +3,28 @@ set -e
 
 log() { echo "[entrypoint] $*"; }
 
-# ── Persistent data dirs ───────────────────────────────────────────────────────
-mkdir -p /data/neo4j/data /data/neo4j/logs \
-         /tmp/nginx-cache /tmp/nginx-body /tmp/nginx-run
+# ── Persistent data dirs (HF Spaces mounts /data) ─────────────────────────────
+mkdir -p /data/neo4j/data /data/neo4j/logs /data/neo4j/transactions
 
-# Symlink Neo4j dirs to persistent volume
-if [ ! -L /opt/neo4j/data ]; then
-    rm -rf /opt/neo4j/data
-    ln -sf /data/neo4j/data /opt/neo4j/data
-fi
-if [ ! -L /opt/neo4j/logs ]; then
-    rm -rf /opt/neo4j/logs
-    ln -sf /data/neo4j/logs /opt/neo4j/logs
+# Point Neo4j config at the persistent volume paths (already set in neo4j.conf,
+# but the data dir must exist before Neo4j starts or it refuses to launch)
+mkdir -p /data/neo4j/data/databases /data/neo4j/data/dbms
+
+# ── First-boot: set initial password ──────────────────────────────────────────
+NEO4J_PASS="${NEO4J_PASSWORD:-clinicalmatch2024}"
+
+if [ ! -f /data/.neo4j_initialized ]; then
+    log "First boot — setting Neo4j initial password..."
+    # neo4j-admin must write to the same dbms dir Neo4j will use
+    NEO4J_CONF=/opt/neo4j/conf \
+    neo4j-admin dbms set-initial-password "$NEO4J_PASS" 2>&1 || \
+        log "WARNING: set-initial-password failed (may already be set — continuing)"
+    touch /data/.neo4j_initialized
+    log "Password initialisation done."
 fi
 
+# ── Nginx tmp dirs ─────────────────────────────────────────────────────────────
+mkdir -p /tmp/nginx-cache /tmp/nginx-body
+
 log "Starting all services via supervisord..."
 exec /usr/bin/supervisord -c /app/docker/supervisord.conf

docker/seed_on_startup.sh

@@ -0,0 +1,77 @@
+#!/bin/bash
+# Waits for Neo4j and the FastAPI backend to be ready, then auto-seeds the graph
+# if it is empty. Runs once at container startup via supervisord.
+
+BACKEND="http://127.0.0.1:8000"
+NEO4J_BOLT="127.0.0.1:7687"
+SEED_FLAG="/data/.graph_seeded"
+
+log() { echo "[seeder] $*"; }
+
+wait_for_tcp() {
+    local host=$1 port=$2 label=$3 max=${4:-120}
+    local i=0
+    while ! (echo > /dev/tcp/"$host"/"$port") 2>/dev/null; do
+        i=$((i+1))
+        if [ $i -ge $max ]; then
+            log "ERROR: $label did not become reachable within ${max}s — aborting seed"
+            exit 1
+        fi
+        sleep 2
+    done
+    log "$label is reachable after $((i*2))s"
+}
+
+wait_for_http() {
+    local url=$1 label=$2 max=${3:-120}
+    local i=0
+    while ! curl -sf "$url" > /dev/null 2>&1; do
+        i=$((i+1))
+        if [ $i -ge $max ]; then
+            log "ERROR: $label did not respond within ${max}s — aborting seed"
+            exit 1
+        fi
+        sleep 2
+    done
+    log "$label ready after $((i*2))s"
+}
+
+log "Waiting for Neo4j bolt on $NEO4J_BOLT..."
+wait_for_tcp 127.0.0.1 7687 "Neo4j bolt" 180
+
+log "Waiting for FastAPI backend..."
+wait_for_http "$BACKEND/health" "FastAPI /health" 120
+
+# Check if already seeded (flag file OR graph has data)
+if [ -f "$SEED_FLAG" ]; then
+    log "Seed flag found at $SEED_FLAG — skipping."
+    exit 0
+fi
+
+# Ask the backend how many patients are in the graph
+PATIENT_COUNT=$(curl -sf "$BACKEND/api/v1/graph/stats" 2>/dev/null | \
+    python3 -c "import sys,json; d=json.load(sys.stdin); print(d.get('patients',0))" 2>/dev/null || echo 0)
+
+log "Graph patient count: $PATIENT_COUNT"
+
+if [ "$PATIENT_COUNT" -ge 100 ] 2>/dev/null; then
+    log "Graph already seeded ($PATIENT_COUNT patients) — skipping."
+    touch "$SEED_FLAG"
+    exit 0
+fi
+
+log "Graph is empty — triggering POST $BACKEND/seed ..."
+HTTP_CODE=$(curl -sf -o /tmp/seed_response.json -w "%{http_code}" \
+    -X POST "$BACKEND/seed" \
+    -H "Content-Type: application/json" 2>&1)
+
+if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "202" ]; then
+    log "Seeding started successfully (HTTP $HTTP_CODE)."
+    log "Response: $(cat /tmp/seed_response.json 2>/dev/null)"
+    # Mark flag so future restarts don't re-trigger (seeder runs in background
+    # inside FastAPI; real completion check is patient count)
+    touch "$SEED_FLAG"
+else
+    log "WARNING: /seed returned HTTP $HTTP_CODE — check backend logs."
+    cat /tmp/seed_response.json 2>/dev/null || true
+fi

docker/supervisord.conf

@@ -16,28 +16,46 @@ serverurl=unix:///tmp/supervisor.sock
 # ── Neo4j Community ────────────────────────────────────────────────────────────
 [program:neo4j]
 command=/opt/neo4j/bin/neo4j console
-environment=
-    NEO4J_HOME=/opt/neo4j,
-    JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64,
-    NEO4J_AUTH="none"
+environment=NEO4J_HOME=/opt/neo4j,JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64,NEO4J_CONF=/opt/neo4j/conf
 autostart=true
 autorestart=true
 startsecs=45
 startretries=3
 stdout_logfile=/tmp/neo4j.log
+stderr_logfile=/tmp/neo4j.log
 redirect_stderr=true
 priority=10
 
+# ── Auto-seeder (one-shot, runs after Neo4j + backend are live) ───────────────
+[program:seeder]
+command=/bin/bash /app/docker/seed_on_startup.sh
+autostart=true
+autorestart=false
+startsecs=0
+startretries=1
+stdout_logfile=/tmp/seeder.log
+stderr_logfile=/tmp/seeder.log
+redirect_stderr=true
+priority=99
+
 # ── FastAPI backend ────────────────────────────────────────────────────────────
-# No environment= block — inherits full container env so HF Spaces secrets are visible
 [program:backend]
-command=bash -c "sleep 60 && python3 -m uvicorn main:app --host 127.0.0.1 --port 8000 --workers 1"
+command=python3 -m uvicorn main:app --host 127.0.0.1 --port 8000 --workers 2
 directory=/app/backend
+environment=
+    NEO4J_URI="bolt://127.0.0.1:7687",
+    NEO4J_USERNAME="%(ENV_NEO4J_USERNAME)s",
+    NEO4J_PASSWORD="%(ENV_NEO4J_PASSWORD)s",
+    NEO4J_DATABASE="%(ENV_NEO4J_DATABASE)s",
+    OPENAI_API_KEY="%(ENV_OPENAI_API_KEY)s",
+    OPENAI_BASE_URL="%(ENV_OPENAI_BASE_URL)s",
+    OPENAI_MODEL="%(ENV_OPENAI_MODEL)s"
 autostart=true
 autorestart=true
-startsecs=15
+startsecs=10
 startretries=5
 stdout_logfile=/tmp/backend.log
+stderr_logfile=/tmp/backend.log
 redirect_stderr=true
 priority=30
 
@@ -50,6 +68,7 @@ autostart=true
 autorestart=true
 startsecs=5
 stdout_logfile=/tmp/frontend.log
+stderr_logfile=/tmp/frontend.log
 redirect_stderr=true
 priority=40
 
@@ -60,5 +79,6 @@ autostart=true
 autorestart=true
 startsecs=3
 stdout_logfile=/tmp/nginx.log
+stderr_logfile=/tmp/nginx.log
 redirect_stderr=true
 priority=50

mcp_manifest.json

@@ -10,8 +10,8 @@
     "NEO4J_USERNAME": "neo4j",
     "NEO4J_PASSWORD": "clinicalmatch2024",
     "OPENAI_API_KEY": "<your-key>",
-    "OPENAI_BASE_URL": "https://ai.aimlapi.com/v1",
-    "OPENAI_MODEL": "claude-opus-4-7"
+    "OPENAI_BASE_URL": "https://api.groq.com/openai/v1",
+    "OPENAI_MODEL": "qwen/qwen3-32b"
   },
   "tools": [
     {