From 63fa24e994b22d705086eba4bc65daaaa2bb1928 Mon Sep 17 00:00:00 2001
From: nishika26 <nishikayadav26@gmail.com>
Date: Thu, 7 May 2026 18:34:35 +0530
Subject: [PATCH 1/4] adding hf token for better upload

---
 .env.example       |  2 +-
 backend/Dockerfile | 11 ++++++++++-
 docker-compose.yml |  6 ++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 721e935..10866f1 100644
--- a/.env.example
+++ b/.env.example
@@ -30,4 +30,4 @@ KAAPI_AUTH_TIMEOUT=5
 
 # URL for the guardrails API — required for the multiple_validators evaluation script
 GUARDRAILS_API_URL="http://localhost:8001/api/v1/guardrails/"
-
+HF_TOKEN= "<ADD-HF-KEY>"
diff --git a/backend/Dockerfile b/backend/Dockerfile
index feadbe6..a3c9c28 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -51,10 +51,19 @@ RUN python -m pip install --no-deps "${SPACY_MODEL_WHEEL_URL}"
 ENV HF_HOME=/app/hf_cache
 
 # Pre-download HuggingFace model
-RUN /app/.venv/bin/python -c "from transformers import AutoTokenizer, AutoModelForSequenceClassification; \
+ARG HF_TOKEN=""
+RUN HF_TOKEN="${HF_TOKEN}" \
+    /app/.venv/bin/python -c "from transformers import AutoTokenizer, AutoModelForSequenceClassification; \
 AutoTokenizer.from_pretrained('textdetox/xlmr-large-toxicity-classifier', cache_dir='/app/hf_cache'); \
 AutoModelForSequenceClassification.from_pretrained('textdetox/xlmr-large-toxicity-classifier', cache_dir='/app/hf_cache')"
 
+# Pre-install Guardrails hub validators so container startup is not blocked by downloads
+ARG GUARDRAILS_HUB_API_KEY=""
+RUN GUARDRAILS_HUB_API_KEY="${GUARDRAILS_HUB_API_KEY}" \
+    ENABLE_METRICS="false" \
+    ENABLE_REMOTE_INFERENCING="true" \
+    /app/scripts/install_guardrails_from_hub.sh
+
 # -------------------------------
 # Entrypoint (runtime setup)
 # -------------------------------
diff --git a/docker-compose.yml b/docker-compose.yml
index b96b67e..65eefa7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,6 +8,9 @@ services:
     entrypoint: []
     build:
       context: ./backend
+      args:
+        - HF_TOKEN=${HF_TOKEN:-}
+        - GUARDRAILS_HUB_API_KEY=${GUARDRAILS_HUB_API_KEY:-}
     command: bash scripts/prestart.sh
     env_file:
       - .env
@@ -21,6 +24,9 @@ services:
     restart: always
     build:
       context: ./backend
+      args:
+        - HF_TOKEN=${HF_TOKEN:-}
+        - GUARDRAILS_HUB_API_KEY=${GUARDRAILS_HUB_API_KEY:-}
     env_file:
       - .env
     extra_hosts:

From a178f4a68a1194a3d5b86e266a0b525dc74daedc Mon Sep 17 00:00:00 2001
From: nishika26 <nishikayadav26@gmail.com>
Date: Thu, 7 May 2026 18:36:29 +0530
Subject: [PATCH 2/4] adding hf token for better upload

---
 .env.example       | 3 ++-
 backend/Dockerfile | 1 -
 docker-compose.yml | 2 ++
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/.env.example b/.env.example
index 10866f1..8702923 100644
--- a/.env.example
+++ b/.env.example
@@ -23,6 +23,7 @@ DOCKER_IMAGE_BACKEND=kaapi-guardrails-backend
 
 OPENAI_API_KEY="<ADD-KEY>"
 GUARDRAILS_HUB_API_KEY="<ADD-KEY>"
+HF_TOKEN= "<ADD-HF-KEY>"
 # SHA-256 hex digest of your bearer token (64 lowercase hex chars)
 AUTH_TOKEN="<ADD-HASH-TOKEN>"
 KAAPI_AUTH_URL="<ADD-KAAPI-AUTH-URL>"
@@ -30,4 +31,4 @@ KAAPI_AUTH_TIMEOUT=5
 
 # URL for the guardrails API — required for the multiple_validators evaluation script
 GUARDRAILS_API_URL="http://localhost:8001/api/v1/guardrails/"
-HF_TOKEN= "<ADD-HF-KEY>"
+
diff --git a/backend/Dockerfile b/backend/Dockerfile
index a3c9c28..65839cf 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -63,7 +63,6 @@ RUN GUARDRAILS_HUB_API_KEY="${GUARDRAILS_HUB_API_KEY}" \
     ENABLE_METRICS="false" \
     ENABLE_REMOTE_INFERENCING="true" \
     /app/scripts/install_guardrails_from_hub.sh
-
 # -------------------------------
 # Entrypoint (runtime setup)
 # -------------------------------
diff --git a/docker-compose.yml b/docker-compose.yml
index 65eefa7..b0dbb83 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -51,3 +51,5 @@ services:
           path: ./backend/pyproject.toml
         - action: rebuild
           path: ./backend/uv.lock
+
+#
\ No newline at end of file

From 3e5be97ebbb02cf1897ee8c5484cfda2bf811227 Mon Sep 17 00:00:00 2001
From: nishika26 <nishikayadav26@gmail.com>
Date: Thu, 7 May 2026 18:37:16 +0530
Subject: [PATCH 3/4] removing small things

---
 backend/Dockerfile | 1 +
 docker-compose.yml | 2 --
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/backend/Dockerfile b/backend/Dockerfile
index 65839cf..560100f 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -63,6 +63,7 @@ RUN GUARDRAILS_HUB_API_KEY="${GUARDRAILS_HUB_API_KEY}" \
     ENABLE_METRICS="false" \
     ENABLE_REMOTE_INFERENCING="true" \
     /app/scripts/install_guardrails_from_hub.sh
+    
 # -------------------------------
 # Entrypoint (runtime setup)
 # -------------------------------
diff --git a/docker-compose.yml b/docker-compose.yml
index b0dbb83..65eefa7 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -51,5 +51,3 @@ services:
           path: ./backend/pyproject.toml
         - action: rebuild
           path: ./backend/uv.lock
-
-#
\ No newline at end of file

From a55d939b0c2b473c20d17d75722e097d169a7328 Mon Sep 17 00:00:00 2001
From: nishika26 <nishikayadav26@gmail.com>
Date: Thu, 7 May 2026 18:52:43 +0530
Subject: [PATCH 4/4] coderabbit reviews

---
 .env.example       |  2 +-
 backend/Dockerfile |  8 ++++----
 docker-compose.yml | 18 ++++++++++++------
 3 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/.env.example b/.env.example
index 8702923..d507cbe 100644
--- a/.env.example
+++ b/.env.example
@@ -23,7 +23,7 @@ DOCKER_IMAGE_BACKEND=kaapi-guardrails-backend
 
 OPENAI_API_KEY="<ADD-KEY>"
 GUARDRAILS_HUB_API_KEY="<ADD-KEY>"
-HF_TOKEN= "<ADD-HF-KEY>"
+HF_TOKEN="<ADD-HF-KEY>"
 # SHA-256 hex digest of your bearer token (64 lowercase hex chars)
 AUTH_TOKEN="<ADD-HASH-TOKEN>"
 KAAPI_AUTH_URL="<ADD-KAAPI-AUTH-URL>"
diff --git a/backend/Dockerfile b/backend/Dockerfile
index 560100f..e8900cc 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -51,15 +51,15 @@ RUN python -m pip install --no-deps "${SPACY_MODEL_WHEEL_URL}"
 ENV HF_HOME=/app/hf_cache
 
 # Pre-download HuggingFace model
-ARG HF_TOKEN=""
-RUN HF_TOKEN="${HF_TOKEN}" \
+RUN --mount=type=secret,id=HF_TOKEN \
+    HF_TOKEN="$(cat /run/secrets/HF_TOKEN 2>/dev/null || true)" \
     /app/.venv/bin/python -c "from transformers import AutoTokenizer, AutoModelForSequenceClassification; \
 AutoTokenizer.from_pretrained('textdetox/xlmr-large-toxicity-classifier', cache_dir='/app/hf_cache'); \
 AutoModelForSequenceClassification.from_pretrained('textdetox/xlmr-large-toxicity-classifier', cache_dir='/app/hf_cache')"
 
 # Pre-install Guardrails hub validators so container startup is not blocked by downloads
-ARG GUARDRAILS_HUB_API_KEY=""
-RUN GUARDRAILS_HUB_API_KEY="${GUARDRAILS_HUB_API_KEY}" \
+RUN --mount=type=secret,id=GUARDRAILS_HUB_API_KEY \
+    GUARDRAILS_HUB_API_KEY="$(cat /run/secrets/GUARDRAILS_HUB_API_KEY 2>/dev/null || true)" \
     ENABLE_METRICS="false" \
     ENABLE_REMOTE_INFERENCING="true" \
     /app/scripts/install_guardrails_from_hub.sh
diff --git a/docker-compose.yml b/docker-compose.yml
index 65eefa7..2cb47ce 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,5 +1,11 @@
 version: "3.9"
 
+secrets:
+  HF_TOKEN:
+    environment: HF_TOKEN
+  GUARDRAILS_HUB_API_KEY:
+    environment: GUARDRAILS_HUB_API_KEY
+
 services:
 
   prestart:
@@ -8,9 +14,9 @@ services:
     entrypoint: []
     build:
       context: ./backend
-      args:
-        - HF_TOKEN=${HF_TOKEN:-}
-        - GUARDRAILS_HUB_API_KEY=${GUARDRAILS_HUB_API_KEY:-}
+      secrets:
+        - HF_TOKEN
+        - GUARDRAILS_HUB_API_KEY
     command: bash scripts/prestart.sh
     env_file:
       - .env
@@ -24,9 +30,9 @@ services:
     restart: always
     build:
       context: ./backend
-      args:
-        - HF_TOKEN=${HF_TOKEN:-}
-        - GUARDRAILS_HUB_API_KEY=${GUARDRAILS_HUB_API_KEY:-}
+      secrets:
+        - HF_TOKEN
+        - GUARDRAILS_HUB_API_KEY
     env_file:
       - .env
     extra_hosts: