Support Docs Copilot β Audit & Enhanced Implementation Plan
Honest Assessment of Current State
I've read every single file in the project. Here's the unfiltered truth:
What Already Exists (Skeleton-Complete)
The project has the file structure for all 13 phases you outlined β files exist for config, loaders, chunking, indexer, registry, context builder, query transform, retriever, guardrails, auth, observability, evaluation, UI tabs, Docker, and tests. The git log shows 12 commits covering the roadmap.
Critical Problems I Found
Most of these implementations are shallow scaffolds, not production-grade code. An experienced interviewer will see through them in minutes.
| Area | Problem | Severity |
|---|---|---|
| Query Transform | Just regex heuristics ("error" β "troubleshoot", "how" β "steps"). No actual LLM-based query rewriting. |
π΄ Critical |
| Guardrails | Duplicate keyword lists between input.py and validators.py. Both are simple substring checks β trivially bypassable. No real prompt injection detection. |
π΄ Critical |
| Auth | Static API keys compared as strings. No JWT, no password hashing, no token expiry. AUTH_ENABLED=false by default. |
π‘ Weak |
| Observability | Only RequestMetrics with manual timing. No structured JSON logging, no correlation IDs in responses, no OpenTelemetry. |
π‘ Weak |
| Eval | token_overlap is a naive set intersection of tokens. No semantic similarity, no faithfulness scoring, no RAGAS integration despite listing ragas in requirements. |
π΄ Critical |
| Tests | 4 test files with 7 total tests. All pure unit tests on trivial logic. Zero integration tests, zero API tests, no pytest fixtures. | π΄ Critical |
| Golden QA | Only 2 questions. No realistic scenario coverage. | π‘ Weak |
| Sample Docs | Only 2 tiny .txt files. No PDF/DOCX/HTML/MD samples to prove multi-format works. |
π‘ Weak |
| Streaming endpoint | /chat/stream duplicates the entire RAG logic instead of reusing the workflow. The prompt template is hardcoded separately from the workflow's prompt. |
π΄ Critical |
| README | Still says python app/engine/ingestion.py instead of python -m app.engine.ingestion. Missing architecture diagram, security section, eval section. |
π‘ Weak |
| Docker | No health checks in compose. No .dockerignore. Frontend Dockerfile installs streamlit requests from pip instead of requirements.txt. |
π‘ Weak |
| Rate Limiter | In-memory deque per client. Resets on every server restart. Not usable in multi-worker setup. |
π‘ Weak |
| Logging | configure_logging() is a 3-line basicConfig. Uses print() statements everywhere in the workflow. |
π‘ Weak |
\r\n line endings |
Mixed CRLF/LF throughout workflow.py and other files. Looks sloppy in diffs. | π’ Minor |
| Error handling | CopilotError in errors.py is defined but never used anywhere. No FastAPI exception handler registered. |
π‘ Weak |
Additional Enhancements to Make This Genuinely Resume-Worthy
These are the things NOT in your 13-phase plan that a senior engineer or interviewer would look for.
1. Conversation Memory / Multi-Turn Chat π΄ CRITICAL MISS
Your copilot currently has zero conversation history. Each query is independent. A real support copilot needs:
- Session-level chat history (at minimum last N turns)
- Context-aware follow-up ("What about for enterprise users?" should work after "What is the refund policy?")
- LangGraph state should carry conversation history
2. Async Architecture π΄ CRITICAL MISS
workflow.py uses rag_agent.invoke() which is synchronous. The FastAPI endpoints are async def but block on sync LangChain calls. This means:
- Your server blocks on every LLM call
- Under load, it's a single-threaded bottleneck
- Should use
rag_agent.ainvoke()with async LangChain chains
3. Proper Error Handling with FastAPI Exception Handlers π‘ IMPORTANT
CopilotError exists but has zero usage. You need:
@app.exception_handler(CopilotError)registered- All business logic raising
CopilotErrorinstead of rawHTTPException - Consistent error response schema
4. Answer Confidence Score π‘ IMPORTANT
Your roadmap mentions "show answer confidence" in Phase 10 but there's no mechanism to compute it. You need:
- Retrieval relevance score aggregation
- Hallucination check result exposed as confidence level
- Display in both API response and UI
5. Proper Structured JSON Logging π‘ IMPORTANT
Replace print() and basicConfig with:
- JSON-structured log output (for log aggregators)
- Request ID propagation across all log lines
- Log level configurable from env
6. Feedback Loop / Thumbs Up-Down π‘ NICE-TO-HAVE
Store user feedback on answers for future evaluation and fine-tuning signals:
POST /feedbackendpoint- SQLite or JSON file store
- Display in eval dashboard
7. Proper .dockerignore π’ QUICK WIN
Missing entirely. Without it, your Docker builds copy .venv/, qdrant_data/, __pycache__/, .git/ into the image.
8. Makefile / scripts/run.ps1 π’ QUICK WIN
One-command shortcuts for common operations. Shows engineering maturity.
9. pyproject.toml instead of requirements.txt π’ POLISH
Modern Python projects use pyproject.toml. It shows you know current tooling.
10. CORS Middleware π’ QUICK WIN
Not configured. The frontend works because it uses server-side requests, but any other client would fail.
11. Realistic Sample Documents π‘ IMPORTANT
You need 5-8 real-ish support documents across formats (.md, .pdf, .txt, .html) to demonstrate the multi-format pipeline actually works in demos.
12. CI/CD Pipeline (GitHub Actions) π‘ IMPORTANT
A .github/workflows/ci.yml that runs tests + linting on push. Makes the repo look professional.
Open Questions
Please answer these before I start implementing:
- Conversation memory: Do you want full multi-turn chat history, or is single-turn acceptable for now?
- Async refactor: Should I convert the LangGraph workflow to async (
ainvoke), or keep sync for simplicity? - pyproject.toml: Do you want me to migrate from
requirements.txttopyproject.toml? - GitHub Actions CI: Do you want a CI workflow file?
- Feedback endpoint: Should I add a
/feedbackthumbs-up/down endpoint with local storage? - Which of the additional enhancements above do you want included? (I recommend all of them β they're what separates a "tutorial project" from a "I built this" project)
Proposed Implementation Order
I'll implement in this order (stabilize β depth β polish), creating natural git commits at each step:
Phase A: Fix Foundation & Consistency
- Normalize line endings, fix
print()βlogger, wire upCopilotError+ exception handlers - Fix README commands, add
.dockerignore, add CORS middleware - Fix streaming endpoint to reuse workflow instead of duplicating logic
- Commit:
fix: normalize logging, error handling, and streaming consistency
Phase B: Real Query Rewriting
- Replace regex heuristics with LLM-based query rewriting via Ollama
- Commit:
feat: add LLM-based query rewriting for improved retrieval
Phase C: Stronger Guardrails
- Deduplicate injection patterns, add more patterns, add encoding-aware detection
- Add SSN/credit-card PII patterns to output redaction
- Commit:
feat: strengthen prompt injection and PII detection guardrails
Phase D: Proper Auth
- Add JWT token generation, password hashing, token expiry
- Add proper auth middleware
- Commit:
feat: implement JWT authentication with role-based access
Phase E: Conversation Memory
- Add conversation history to LangGraph state
- Wire up session-based chat history in API and UI
- Commit:
feat: add multi-turn conversation memory to chat workflow
Phase F: Answer Confidence
- Compute confidence from retrieval scores + hallucination check
- Expose in API response and UI
- Commit:
feat: add answer confidence scoring to responses
Phase G: Structured Logging & Observability
- JSON structured logging with request ID propagation
- Granular stage timing (retrieval, reranking, generation separately)
- Commit:
feat: add structured JSON logging with request correlation
Phase H: Real Evaluation
- Expand golden QA to 10+ questions
- Add semantic similarity scoring (not just token overlap)
- Add retrieval precision/recall metrics
- Commit:
feat: expand RAG evaluation with semantic metrics and larger dataset
Phase I: Realistic Sample Docs
- Create 5-8 sample docs in multiple formats (.md, .txt, .pdf placeholder, .html)
- Commit:
docs: add multi-format sample documents for demo
Phase J: Test Coverage
- Add API integration tests with FastAPI TestClient
- Add proper pytest fixtures and conftest.py
- Add test for auth, streaming, ingestion flow
- Commit:
test: add integration tests for API, auth, and retrieval pipeline
Phase K: Docker & Deployment Polish
- Fix Dockerfiles, add health checks, add
.dockerignore - Add
Makefilewith common commands - Commit:
deploy: harden Docker setup with health checks and build optimization
Phase L: Feedback System
- Add
/feedbackendpoint with local JSON storage - Display feedback stats in eval tab
- Commit:
feat: add user feedback collection for answer quality tracking
Phase M: CI + README + Architecture
- Add GitHub Actions CI workflow
- Rewrite README with architecture diagram, security section, eval section
- Commit:
docs: comprehensive README with architecture diagram and CI pipeline
Phase N: Async Refactor
- Convert workflow to async, use
ainvoke - Commit:
perf: convert RAG workflow to async for concurrent request handling
Verification Plan
Automated Tests
pytest tests/ -v
pytest tests/ -v --tb=short # CI mode
Manual Verification
- Backend starts:
uvicorn app.main:app --reload - UI connects:
streamlit run ui/app.py - Ingestion works:
python -m app.engine.ingestion ingest - Chat returns cited answers
- Guardrails block injection attempts
- Auth restricts admin endpoints
- Docker compose brings up full stack