Spaces:
Running
Running
noahlee1234
sec: harden modal worker, update deployment docs, and add pre-push safety checks
c4fd681 | # NaturalCAD Hugging Face Space Deploy Checklist | |
| ## Minimum checklist | |
| - [ ] Gradio app runs cleanly from `apps/gradio-demo/app/main.py` | |
| - [ ] `requirements.txt` contains everything needed for Space runtime, including `build123d` | |
| - [ ] prompt-to-model flow works without requiring local-only paths that break in Space | |
| - [ ] example prompts produce valid outputs | |
| - [ ] timeouts are in place | |
| - [ ] artifacts are bounded and not unbounded temp junk | |
| - [ ] lightweight run logging is enabled | |
| - [ ] README explains local run and Space intent clearly | |
| ## MVP notes | |
| For public testing, the demo should degrade gracefully. | |
| If the backend is unavailable, the app should still be able to produce a simple local fallback result rather than fully dying. | |
| For the lean MVP, backend use should be optional, not assumed. If `NATURALCAD_BACKEND_URL` is unset, the Space should stay usable without waiting on a dead localhost request. | |
| If the Hugging Face Space runtime cannot support the CAD dependency stack cleanly, keep the Space as the frontend and offload execution to a container or VM. | |
| ## Current hosted setup | |
| Space env: | |
| - variable: `NATURALCAD_BACKEND_URL` | |
| - secret: `NATURALCAD_API_KEY` | |
| Backend host: | |
| - current recommended host: Modal web endpoint (`generate_cad_endpoint`) | |
| - endpoint method: `POST /` | |
| - backend requires header `x-api-key: <NATURALCAD_API_KEY>` | |
| - response should include `job_id`, `generated_code`, and artifact `urls` | |
| Worker env/secrets: | |
| - `OPENROUTER_API_KEY` | |
| - `OPENROUTER_MODEL` (optional) | |
| - `SUPABASE_URL` | |
| - `SUPABASE_SERVICE_ROLE_KEY` | |
| - `SUPABASE_BUCKET` | |
| - `NATURALCAD_API_KEY` | |
| Runtime note: | |
| - the Space Docker image must include the native stack needed by `build123d` / `OCP` | |
| - final stabilization attempt uses a pure `python:3.10-slim` + `pip` runtime instead of the mixed Conda/OCP path | |
| - the goal is to let `build123d` resolve one coherent wheel stack directly, instead of mixing `conda` native packages with `pip` Python packages | |
| - current Dockerfile includes a `build123d` import smoke test during image build so broken native combinations fail earlier | |
| ## Data to capture | |
| - timestamp | |
| - run id | |
| - prompt | |
| - mode | |
| - output type | |
| - geometry family | |
| - backend available or not | |
| - success or failure | |
| - runtime seconds | |
| - error string if any | |
| ## Security checks before publish | |
| - [ ] `NATURALCAD_API_KEY` is set on Space and Modal | |
| - [ ] backend endpoint rejects requests without `x-api-key` | |
| - [ ] rate limiting is active (IP + key) | |
| - [ ] prompt length caps enforced | |
| - [ ] generated code safety guard enabled | |
| - [ ] no tracked `artifacts/logs/*.jsonl` | |