Dx local safety and pending status

.env.example

@@ -0,0 +1,39 @@
+# Copy this to .env (the Makefile does this automatically on first run).
+# Fill in the REPLACE_WITH_* placeholders with values from
+# rob-poc/serving-api/dev/secrets.yaml. Never put prod values here —
+# the Makefile's _guard-local-db will refuse non-local DATABASE_URL.
+
+# ── Local Postgres (matches what `make db-up` spins up) ──────────────────────
+DATABASE_URL=postgresql://serving:serving@localhost:5433/serving
+
+# ── Auth0 (research.computer tenant) ─────────────────────────────────────────
+AUTH0_DOMAIN=researchcomputer.eu.auth0.com
+AUTH0_API_AUDIENCE=https://researchcomputer.eu.auth0.com/
+AUTH0_ISSUER=https://researchcomputer.eu.auth0.com/
+AUTH0_ALGORITHMS=RS256
+AUTH0_CLIENT_ID=REPLACE_WITH_AUTH0_CLIENT_ID
+AUTH0_CLIENT_SECRET=REPLACE_WITH_AUTH0_CLIENT_SECRET
+AUTH_SECRET=REPLACE_WITH_RANDOM_STRING
+AUTH_TRUST_HOST=true
+
+VITE_AUTH0_CLIENT_ID=REPLACE_WITH_VITE_AUTH0_CLIENT_ID
+VITE_AUTH0_DOMAIN=researchcomputer.eu.auth0.com
+
+# ── OpenTela / OCF (peer discovery + LLM routing) ────────────────────────────
+# Point at the dev OpenTela head for live model discovery, or use
+# OTELA_FIXTURE_PATH (set by `make dummy-run`) to read a static snapshot.
+OCF_HEAD_ADDR=http://148.187.108.177:8092
+
+# ── Langfuse (observability — optional; leave blank to disable) ──────────────
+LANGFUSE_HOST=https://cloud.langfuse.com
+LANGFUSE_PUBLIC_KEY=
+LANGFUSE_SECRET_KEY=
+
+# ── CSCS L1 passthrough (optional; leave blank to disable) ───────────────────
+# When both are set, requests for L1-hosted Apertus models forward here
+# instead of OpenTela. See backend/services/cscs_l1_service.py.
+CSCS_L1_BASE_URL=
+CSCS_L1_API_KEY=
+
+# ── Logfire (observability — optional) ───────────────────────────────────────
+LOGFIRE_TOKEN=

.gitignore

@@ -1,6 +1,7 @@
 *.pyc
 *.env
 *.env*
+!.env.example
 details.json
 secrets/*.json
 .venv/*

Makefile

@@ -1,4 +1,4 @@
-.PHONY: install install-dev format check test run dummy-run db-up db-down migrate _ensure-env _ensure-frontend-env
+.PHONY: install install-dev format check test run dummy-run db-up db-down migrate _ensure-env _ensure-frontend-env _guard-local-db _guard-local-api
 
 UV_EXTRA ?=
 
@@ -66,18 +66,46 @@ db-down:
 	-docker stop $(PG_CONTAINER) > /dev/null 2>&1
 	-docker rm $(PG_CONTAINER) > /dev/null 2>&1
 
-migrate: _ensure-env db-up
+# Refuse to run any DB-touching target if .env points at a non-local host.
+# We never want `make run` / `make migrate` to accidentally apply migrations
+# or open connections against a remote (prod/staging) database — the local
+# Postgres container is the only acceptable target for dev commands.
+_guard-local-db: _ensure-env
+	@url=$$(grep -E '^DATABASE_URL=' .env | head -1 | cut -d= -f2- | tr -d '"' | tr -d "'"); \
+	host=$$(echo "$$url" | sed -E 's|^[^:]+://[^@]*@([^:/?]+).*|\1|'); \
+	case "$$host" in \
+		localhost|127.0.0.1|::1|"") ;; \
+		*) echo "REFUSING: .env DATABASE_URL host '$$host' is not local."; \
+		   echo "Local dev must not run against prod/staging. Set DATABASE_URL=$(DATABASE_URL) in .env."; \
+		   exit 1;; \
+	esac
+
+# Same guard for the frontend — VITE_API_URL is what `npm run dev` reads,
+# so a prod URL there silently makes the local UI hit prod even when the
+# local backend is running fine. That's exactly what tripped up dummy-run
+# the first time around. Empty / unset is fine (frontend defaults apply).
+_guard-local-api: _ensure-frontend-env
+	@url=$$(grep -E '^VITE_API_URL=' frontend/.env | head -1 | cut -d= -f2- | tr -d '"' | tr -d "'"); \
+	host=$$(echo "$$url" | sed -E 's|^[^:]+://([^:/?]+).*|\1|'); \
+	case "$$host" in \
+		localhost|127.0.0.1|::1|"") ;; \
+		*) echo "REFUSING: frontend/.env VITE_API_URL host '$$host' is not local."; \
+		   echo "Local dev must not call prod/staging API. Set VITE_API_URL=http://localhost:8080 in frontend/.env."; \
+		   exit 1;; \
+	esac
+
+migrate: _ensure-env _guard-local-db db-up
 	alembic upgrade head
 
-run: _ensure-env _ensure-frontend-env db-up migrate
+run: _ensure-env _ensure-frontend-env _guard-local-api db-up migrate
 	uvicorn backend.main:app --reload --host 0.0.0.0 --port 8080 & \
 	cd frontend && npm run dev & \
 	wait
 
 # Same as `run` but forces the model list to come from the synthesised
 # upgraded fixture instead of the live OpenTela endpoint. Useful for
 # iterating on the model-card UI without depending on prod state.
-dummy-run: _ensure-env _ensure-frontend-env db-up migrate
+dummy-run: _ensure-env _ensure-frontend-env _guard-local-api db-up migrate
 	OTELA_FIXTURE_PATH=$(PWD)/backend/tests/fixtures/dnt_table_dev_live.json \
 	uvicorn backend.main:app --reload --host 0.0.0.0 --port 8080 & \
 	cd frontend && npm run dev & \

backend/services/model_service.py

@@ -73,6 +73,7 @@ def get_all_models(endpoint: str, with_details: bool = False):
                 "object": "model",
                 "created": "0x",
                 "owner": "0x",
+                "has_service": False,
                 **meta,
             }
             if with_details:
@@ -93,6 +94,7 @@ def get_all_models(endpoint: str, with_details: bool = False):
                     "object": "model",
                     "created": "0x",
                     "owner": "0x",
+                    "has_service": True,
                     **meta,
                 }
                 if with_details: