A newer version of the Streamlit SDK is available: 1.58.0
Production Notes
Secrets
Real API keys must never be committed to GitHub.
Use:
- .env locally
- Hugging Face Secrets for Spaces
- Cloud secret managers in production
Generated Files
Do not commit:
- vector_db/
- outputs/
- logs/
- .env
Monitoring
A production RAG app should log:
- user question
- model name
- prompt version
- retrieved source chunks
- latency
- error type
- token usage if available
Safety
The model should answer only from retrieved context unless explicitly configured otherwise.
Evaluation
Maintain test questions with expected answers and expected sources.