feat: Initial commit of Knowledge Engine API (Multi-Tenant RAG template)

Author: parvenuprompting

.env.example

@@ -0,0 +1,48 @@
+# Application Settings
+APP_NAME="Knowledge Engine API"
+APP_VERSION="0.1.0"
+ENVIRONMENT="development"  # development, staging, production
+DEBUG=true
+
+# Server
+API_HOST="0.0.0.0"
+API_PORT=8000
+
+# Database
+# For development (SQLite)
+DATABASE_URL="sqlite+aiosqlite:///./knowledge_engine.db"
+
+# For production (PostgreSQL with full-text search)
+# DATABASE_URL="postgresql+asyncpg://user:password@localhost:5432/knowledge_engine"
+
+# JWT Settings (Admin Authentication)
+JWT_SECRET_KEY="your-super-secret-jwt-key-change-this-in-production"
+JWT_ALGORITHM="HS256"
+JWT_ACCESS_TOKEN_EXPIRE_MINUTES=60
+
+# API Key Settings (B2B Client Authentication)
+API_KEY_PREFIX="keng"
+API_KEY_SECRET="your-api-key-signing-secret-change-this"
+
+# Rate Limiting (requests per minute)
+FREE_TIER_LIMIT=10
+PREMIUM_TIER_LIMIT=100
+ENTERPRISE_TIER_LIMIT=1000
+
+# CORS
+CORS_ORIGINS="http://localhost:3000,http://localhost:8000"
+
+# Content Source
+CONTENT_SOURCE_PATH="data/notebooklm"
+
+# Search Configuration
+SEARCH_MAX_RESULTS=100
+SEARCH_DEFAULT_LIMIT=20
+
+# Logging
+LOG_LEVEL="INFO"  # DEBUG, INFO, WARNING, ERROR, CRITICAL
+LOG_FORMAT="json"  # json or text
+
+# Initial Admin User (created on first run)
+ADMIN_EMAIL="admin@example.com"
+ADMIN_PASSWORD="change-this-secure-password"

.github/workflows/test.yml

@@ -0,0 +1,142 @@
+name: Quality Assurance
+
+on:
+  pull_request:
+    branches: [main, develop]
+  push:
+    branches: [main, develop]
+
+jobs:
+  # Stage 1: Linting - If this fails, tests won't run
+  lint:
+    name: Code Quality (Linting & Formatting)
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+        with:
+          version: 1.7.1
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: .venv
+          key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
+
+      - name: Install dependencies
+        run: poetry install --no-interaction --no-root
+
+      - name: Run Black (formatting check)
+        run: |
+          poetry run black --check app tests
+          if [ $? -ne 0 ]; then
+            echo "❌ FAILED: Code is not formatted with Black"
+            echo "Run: poetry run black app tests"
+            exit 1
+          fi
+
+      - name: Run Ruff (linting)
+        run: |
+          poetry run ruff check app tests
+          if [ $? -ne 0 ]; then
+            echo "❌ FAILED: Ruff found linting errors"
+            echo "Run: poetry run ruff check app tests --fix"
+            exit 1
+          fi
+
+      - name: Run MyPy (type checking)
+        run: |
+          poetry run mypy app
+          if [ $? -ne 0 ]; then
+            echo "❌ FAILED: MyPy found type errors"
+            exit 1
+          fi
+
+      - name: ✅ Linting Passed
+        run: echo "All linting checks passed!"
+
+  # Stage 2: Tests - Only runs if linting passes
+  test:
+    name: Unit & Integration Tests
+    runs-on: ubuntu-latest
+    needs: lint # This ensures tests only run after linting passes
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install Poetry
+        uses: snok/install-poetry@v1
+        with:
+          version: 1.7.1
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+
+      - name: Cache dependencies
+        uses: actions/cache@v3
+        with:
+          path: .venv
+          key: venv-${{ runner.os }}-${{ hashFiles('**/poetry.lock') }}
+
+      - name: Install dependencies
+        run: poetry install --no-interaction
+
+      - name: Run tests with coverage
+        run: |
+          poetry run pytest -v --cov=app --cov-report=xml --cov-report=term-missing
+          if [ $? -ne 0 ]; then
+            echo "❌ FAILED: Tests did not pass"
+            exit 1
+          fi
+
+      - name: Upload coverage to Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          file: ./coverage.xml
+          fail_ci_if_error: false
+
+      - name: Check coverage threshold
+        run: |
+          COVERAGE=$(poetry run coverage report | grep TOTAL | awk '{print $4}' | sed 's/%//')
+          echo "Coverage: $COVERAGE%"
+          if (( $(echo "$COVERAGE < 80" | bc -l) )); then
+            echo "❌ FAILED: Coverage is below 80% ($COVERAGE%)"
+            exit 1
+          fi
+          echo "✅ Coverage meets threshold: $COVERAGE%"
+
+      - name: ✅ Tests Passed
+        run: echo "All tests passed with adequate coverage!"
+
+  # Optional: Security scanning
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    needs: [lint, test]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Run Bandit (security linter)
+        uses: tj-actions/bandit@v5.1
+        with:
+          targets: |
+            app/
+          options: "-r -ll -s B104"

.gitignore

@@ -0,0 +1,72 @@
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+
+# Virtual environments
+venv/
+ENV/
+env/
+.venv
+
+# Environment variables
+.env
+.env.local
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+
+# Testing
+.pytest_cache/
+.coverage
+htmlcov/
+.tox/
+*.cover
+
+# Database
+*.db
+*.sqlite
+*.sqlite3
+
+# Alembic
+alembic/versions/*.pyc
+
+# Logs
+*.log
+logs/
+
+# Content (keep private)
+data/
+
+# MyPy
+.mypy_cache/
+.dmypy.json
+dmypy.json
+
+# Ruff
+.ruff_cache/
+
+# Poetry
+poetry.lock

.pre-commit-config.yaml

@@ -0,0 +1,45 @@
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+        fail_fast: true
+      - id: end-of-file-fixer
+        fail_fast: true
+      - id: check-yaml
+        fail_fast: true
+      - id: check-added-large-files
+        fail_fast: true
+        args: ["--maxkb=500"]
+      - id: check-json
+        fail_fast: true
+      - id: check-toml
+        fail_fast: true
+      - id: check-merge-conflict
+        fail_fast: true
+
+  - repo: https://github.com/psf/black
+    rev: 23.12.1
+    hooks:
+      - id: black
+        language_version: python3.11
+        fail_fast: true
+
+  - repo: https://github.com/charliermarsh/ruff-pre-commit
+    rev: v0.1.9
+    hooks:
+      - id: ruff
+        args: [--fix, --exit-non-zero-on-fix, --select, "E,W,F,I,C,B,UP"]
+        fail_fast: true
+
+  - repo: https://github.com/pre-commit/mirrors-mypy
+    rev: v1.8.0
+    hooks:
+      - id: mypy
+        additional_dependencies: [pydantic, sqlalchemy, types-passlib]
+        args: [--strict, --no-error-summary]
+        fail_fast: true
+
+# Global configuration
+fail_fast: true # Stop on first failure
+default_stages: [commit]

Dockerfile

@@ -0,0 +1,59 @@
+FROM python:3.11-slim as builder
+
+# Set environment variables
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1 \
+    PIP_NO_CACHE_DIR=1 \
+    PIP_DISABLE_PIP_VERSION_CHECK=1
+
+# Install system dependencies
+RUN apt-get update && apt-get install -y \
+    gcc \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install Poetry
+RUN pip install poetry==1.7.1
+
+# Set working directory
+WORKDIR /app
+
+# Copy dependency files
+COPY pyproject.toml ./
+
+# Install dependencies
+RUN poetry config virtualenvs.create false \
+    && poetry install --no-interaction --no-anity --no-root --only main
+
+# Production stage
+FROM python:3.11-slim
+
+# Set environment variables
+ENV PYTHONUNBUFFERED=1 \
+    PYTHONDONTWRITEBYTECODE=1
+
+# Create non-root user
+RUN useradd -m -u 1000 appuser && \
+    mkdir -p /app && \
+    chown -R appuser:appuser /app
+
+WORKDIR /app
+
+# Copy installed packages from builder
+COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
+COPY --from=builder /usr/local/bin /usr/local/bin
+
+# Copy application code
+COPY --chown=appuser:appuser . .
+
+# Switch to non-root user
+USER appuser
+
+# Expose port
+EXPOSE 8000
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
+    CMD python -c "import requests; requests.get('http://localhost:8000/health')"
+
+# Run application
+CMD ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]