From 178c62b1a2a867cbe911b35e74f7db8e8950fa94 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Sat, 11 Apr 2026 17:01:20 +0530 Subject: [PATCH 01/20] hotfix: drop name field in run guardrail endpoint --- backend/app/schemas/guardrail_config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/backend/app/schemas/guardrail_config.py b/backend/app/schemas/guardrail_config.py index f66c8d4..968c260 100644 --- a/backend/app/schemas/guardrail_config.py +++ b/backend/app/schemas/guardrail_config.py @@ -84,6 +84,7 @@ def normalize_validators_from_config_api(cls, data): "is_enabled", "created_at", "updated_at", + "name", } for validator in validators: From 5ab0c6debdacd30c3ea6c9c50bef32541d4bb3e7 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Tue, 21 Apr 2026 17:41:22 +0530 Subject: [PATCH 02/20] feat(*): deployment automation for guardrails --- .github/workflows/cd-staging.yml | 55 +++++++++++++++++++ ...gration.yml => continuous-integration.yml} | 0 2 files changed, 55 insertions(+) create mode 100644 .github/workflows/cd-staging.yml rename .github/workflows/{continuous_integration.yml => continuous-integration.yml} (100%) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml new file mode 100644 index 0000000..0bcdd10 --- /dev/null +++ b/.github/workflows/cd-staging.yml @@ -0,0 +1,55 @@ +name: Deploy Kaapi Guardrails Staging To EC2 + +on: + push: + branches: [enhancement/cd_staging] + workflow_dispatch: + +concurrency: + group: guardrail-staging-ec2-deploy + cancel-in-progress: false + +jobs: + deploy: + runs-on: ubuntu-latest + environment: AWS_STAGING_ENV_SECRETS + + permissions: + id-token: write + contents: read + + steps: + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v6 + with: + role-to-assume: ${{ secrets.STAGING_EC2_DEPLOY_ROLE_ARN }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Trigger deploy on EC2 via SSM + id: ssm + env: + INSTANCE_ID: ${{ secrets.STAGING_EC2_INSTANCE_ID }} + run: | + CMD_ID=$(aws ssm send-command \ + --instance-ids "$INSTANCE_ID" \ + --document-name "AWS-RunShellScript" \ + --comment "Deploy kaapi-guardrails staging" \ + --parameters commands='["set -eux","sudo -iu ubuntu bash -lc \"cd /data/kaapi-guardrails && git fetch --all && git pull origin main && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\""]' \ + --cloud-watch-output-config CloudWatchOutputEnabled=true \ + --query "Command.CommandId" --output text) + echo "cmd_id=$CMD_ID" >> "$GITHUB_OUTPUT" + echo "Sent SSM command: $CMD_ID" + + - name: Wait for SSM command to finish + env: + INSTANCE_ID: ${{ secrets.STAGING_EC2_INSTANCE_ID }} + CMD_ID: ${{ steps.ssm.outputs.cmd_id }} + run: | + aws ssm wait command-executed \ + --command-id "$CMD_ID" \ + --instance-id "$INSTANCE_ID" + aws ssm get-command-invocation \ + --command-id "$CMD_ID" \ + --instance-id "$INSTANCE_ID" \ + --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \ + --output json \ No newline at end of file diff --git a/.github/workflows/continuous_integration.yml b/.github/workflows/continuous-integration.yml similarity index 100% rename from .github/workflows/continuous_integration.yml rename to .github/workflows/continuous-integration.yml From eae16a0e8cf433010e760474f799cda2e2facef2 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 12:08:03 +0530 Subject: [PATCH 03/20] PR reviews --- .github/workflows/cd-staging.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 0bcdd10..a2c9942 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -22,19 +22,20 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v6 with: - role-to-assume: ${{ secrets.STAGING_EC2_DEPLOY_ROLE_ARN }} + role-to-assume: ${{ secrets.EC2_DEPLOY_ROLE_ARN }} aws-region: ${{ secrets.AWS_REGION }} - name: Trigger deploy on EC2 via SSM id: ssm env: INSTANCE_ID: ${{ secrets.STAGING_EC2_INSTANCE_ID }} + BUILD_DIRECTORY: ${{ secrets.BUILD_DIRECTORY }} run: | CMD_ID=$(aws ssm send-command \ --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands='["set -eux","sudo -iu ubuntu bash -lc \"cd /data/kaapi-guardrails && git fetch --all && git pull origin main && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\""]' \ + --parameters commands='["set -eux","sudo -iu ec2-user bash -lc \"cd ${BUILD_DIRECTORY} && git fetch --all && git pull origin main && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\"]' \ --cloud-watch-output-config CloudWatchOutputEnabled=true \ --query "Command.CommandId" --output text) echo "cmd_id=$CMD_ID" >> "$GITHUB_OUTPUT" From 9f06cc66f1f2c4bef1bb6c2466567af5c53e1361 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 12:19:01 +0530 Subject: [PATCH 04/20] PR reviews --- .github/workflows/cd-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index a2c9942..24c4aab 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -35,7 +35,7 @@ jobs: --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands='["set -eux","sudo -iu ec2-user bash -lc \"cd ${BUILD_DIRECTORY} && git fetch --all && git pull origin main && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\"]' \ + --parameters commands="[\"set -eux\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch --all && git pull origin main && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"]" \ --cloud-watch-output-config CloudWatchOutputEnabled=true \ --query "Command.CommandId" --output text) echo "cmd_id=$CMD_ID" >> "$GITHUB_OUTPUT" From 0c5cebfc0dfee071557a8bac5902de6afbcb03b8 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 12:20:15 +0530 Subject: [PATCH 05/20] PR reviews --- .github/workflows/cd-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 24c4aab..4d70a55 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -35,7 +35,7 @@ jobs: --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands="[\"set -eux\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch --all && git pull origin main && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"]" \ + --parameters commands="[\"set -eux\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch --all && git pull origin enhancement/cd_staging && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"]" \ --cloud-watch-output-config CloudWatchOutputEnabled=true \ --query "Command.CommandId" --output text) echo "cmd_id=$CMD_ID" >> "$GITHUB_OUTPUT" From 5474b4eadbf356bbbdea61654149b262a8991e1d Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 12:27:39 +0530 Subject: [PATCH 06/20] debugging --- .github/workflows/cd-staging.yml | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 4d70a55..79bf731 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -46,11 +46,23 @@ jobs: INSTANCE_ID: ${{ secrets.STAGING_EC2_INSTANCE_ID }} CMD_ID: ${{ steps.ssm.outputs.cmd_id }} run: | - aws ssm wait command-executed \ - --command-id "$CMD_ID" \ - --instance-id "$INSTANCE_ID" - aws ssm get-command-invocation \ - --command-id "$CMD_ID" \ - --instance-id "$INSTANCE_ID" \ - --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \ - --output json \ No newline at end of file + # Wait but don't fail immediately — we want logs regardless + aws ssm wait command-executed \ + --command-id "$CMD_ID" \ + --instance-id "$INSTANCE_ID" || true + + # Always fetch and print the invocation output + RESULT=$(aws ssm get-command-invocation \ + --command-id "$CMD_ID" \ + --instance-id "$INSTANCE_ID" \ + --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \ + --output json) + + echo "$RESULT" + + # Now actually fail the step if the command didn't succeed + STATUS=$(echo "$RESULT" | jq -r '.Status') + if [ "$STATUS" != "Success" ]; then + echo "::error::SSM command failed with status: $STATUS" + exit 1 + fi \ No newline at end of file From d907a8ee8c7a57a5551b5a7859a4e49252b8bf50 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 12:30:27 +0530 Subject: [PATCH 07/20] debugging --- .github/workflows/cd-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 79bf731..0b88f21 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -35,7 +35,7 @@ jobs: --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands="[\"set -eux\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch --all && git pull origin enhancement/cd_staging && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"]" \ + --parameters commands="[\"set -eux\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch --all && git pull origin enhancement/cd_staging && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ --cloud-watch-output-config CloudWatchOutputEnabled=true \ --query "Command.CommandId" --output text) echo "cmd_id=$CMD_ID" >> "$GITHUB_OUTPUT" From 34d43653f9ae79e02ea56cc0cbf47d2fc11f9836 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 12:36:40 +0530 Subject: [PATCH 08/20] debugging --- .github/workflows/cd-staging.yml | 28 ++++++++-------------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 0b88f21..a3cbca2 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -46,23 +46,11 @@ jobs: INSTANCE_ID: ${{ secrets.STAGING_EC2_INSTANCE_ID }} CMD_ID: ${{ steps.ssm.outputs.cmd_id }} run: | - # Wait but don't fail immediately — we want logs regardless - aws ssm wait command-executed \ - --command-id "$CMD_ID" \ - --instance-id "$INSTANCE_ID" || true - - # Always fetch and print the invocation output - RESULT=$(aws ssm get-command-invocation \ - --command-id "$CMD_ID" \ - --instance-id "$INSTANCE_ID" \ - --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \ - --output json) - - echo "$RESULT" - - # Now actually fail the step if the command didn't succeed - STATUS=$(echo "$RESULT" | jq -r '.Status') - if [ "$STATUS" != "Success" ]; then - echo "::error::SSM command failed with status: $STATUS" - exit 1 - fi \ No newline at end of file + aws ssm wait command-executed \ + --command-id "$CMD_ID" \ + --instance-id "$INSTANCE_ID" + aws ssm get-command-invocation \ + --command-id "$CMD_ID" \ + --instance-id "$INSTANCE_ID" \ + --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \ + --output json \ No newline at end of file From 46920f2a53728bc0e818e45fe1efd96aff9be3ea Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 12:43:32 +0530 Subject: [PATCH 09/20] debugging --- .github/workflows/cd-staging.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index a3cbca2..339b74a 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -46,11 +46,15 @@ jobs: INSTANCE_ID: ${{ secrets.STAGING_EC2_INSTANCE_ID }} CMD_ID: ${{ steps.ssm.outputs.cmd_id }} run: | + WAIT_EXIT=0 aws ssm wait command-executed \ --command-id "$CMD_ID" \ - --instance-id "$INSTANCE_ID" + --instance-id "$INSTANCE_ID" || WAIT_EXIT=$? + aws ssm get-command-invocation \ --command-id "$CMD_ID" \ --instance-id "$INSTANCE_ID" \ --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \ - --output json \ No newline at end of file + --output json + + exit $WAIT_EXIT \ No newline at end of file From 81f1da904fa36ad0fa560fd8836f5327c168d91d Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 12:48:47 +0530 Subject: [PATCH 10/20] new parameter command --- .github/workflows/cd-staging.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 339b74a..c10371a 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -35,8 +35,7 @@ jobs: --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands="[\"set -eux\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch --all && git pull origin enhancement/cd_staging && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ - --cloud-watch-output-config CloudWatchOutputEnabled=true \ + --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch --all && git pull origin enhancement/cd_staging && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ --query "Command.CommandId" --output text) echo "cmd_id=$CMD_ID" >> "$GITHUB_OUTPUT" echo "Sent SSM command: $CMD_ID" From 2bc4e531445c55bdf779d6c12bd8821568bfea15 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 12:55:31 +0530 Subject: [PATCH 11/20] fix timeout error --- .github/workflows/cd-staging.yml | 49 +++++++++++++++++++++++++++----- 1 file changed, 42 insertions(+), 7 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index c10371a..6ea67d4 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -35,8 +35,10 @@ jobs: --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch --all && git pull origin enhancement/cd_staging && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ - --query "Command.CommandId" --output text) + --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/enhancement/cd_staging && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ + --query "Command.CommandId" \ + --output text) + echo "cmd_id=$CMD_ID" >> "$GITHUB_OUTPUT" echo "Sent SSM command: $CMD_ID" @@ -45,10 +47,43 @@ jobs: INSTANCE_ID: ${{ secrets.STAGING_EC2_INSTANCE_ID }} CMD_ID: ${{ steps.ssm.outputs.cmd_id }} run: | - WAIT_EXIT=0 - aws ssm wait command-executed \ - --command-id "$CMD_ID" \ - --instance-id "$INSTANCE_ID" || WAIT_EXIT=$? + for i in {1..60}; do + STATUS=$(aws ssm get-command-invocation \ + --command-id "$CMD_ID" \ + --instance-id "$INSTANCE_ID" \ + --query "Status" \ + --output text) + + echo "Current Status: $STATUS" + + if [ "$STATUS" = "Success" ]; then + echo "Deployment completed successfully." + + aws ssm get-command-invocation \ + --command-id "$CMD_ID" \ + --instance-id "$INSTANCE_ID" \ + --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \ + --output json + + exit 0 + fi + + if [ "$STATUS" = "Failed" ] || [ "$STATUS" = "Cancelled" ] || [ "$STATUS" = "TimedOut" ]; then + echo "Deployment failed." + + aws ssm get-command-invocation \ + --command-id "$CMD_ID" \ + --instance-id "$INSTANCE_ID" \ + --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \ + --output json + + exit 1 + fi + + sleep 30 + done + + echo "Deployment timed out after waiting too long." aws ssm get-command-invocation \ --command-id "$CMD_ID" \ @@ -56,4 +91,4 @@ jobs: --query '{Status:Status,Stdout:StandardOutputContent,Stderr:StandardErrorContent}' \ --output json - exit $WAIT_EXIT \ No newline at end of file + exit 1 \ No newline at end of file From 9ef9e9cde8e0574728dd4eaaa0b582590564bc36 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 13:04:23 +0530 Subject: [PATCH 12/20] decrease wait time --- .github/workflows/cd-staging.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 6ea67d4..579f641 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -47,7 +47,7 @@ jobs: INSTANCE_ID: ${{ secrets.STAGING_EC2_INSTANCE_ID }} CMD_ID: ${{ steps.ssm.outputs.cmd_id }} run: | - for i in {1..60}; do + for i in {1..20}; do STATUS=$(aws ssm get-command-invocation \ --command-id "$CMD_ID" \ --instance-id "$INSTANCE_ID" \ @@ -80,7 +80,7 @@ jobs: exit 1 fi - sleep 30 + sleep 15 done echo "Deployment timed out after waiting too long." From 8968f1380262dc548629f6be808c21429455e7dc Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 14:40:20 +0530 Subject: [PATCH 13/20] changed parameter command --- .github/workflows/cd-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 579f641..caed659 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -35,7 +35,7 @@ jobs: --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/enhancement/cd_staging && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ + --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/enhancement/cd_staging && docker compose build && docker compose exec backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ --query "Command.CommandId" \ --output text) From 852f39e552711b28f47e6f430e78199971ae4a58 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 15:29:31 +0530 Subject: [PATCH 14/20] making small change to test deployment --- backend/app/api/docs/guardrails/run_guardrails.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/app/api/docs/guardrails/run_guardrails.md b/backend/app/api/docs/guardrails/run_guardrails.md index 19cba14..d0f1c7f 100644 --- a/backend/app/api/docs/guardrails/run_guardrails.md +++ b/backend/app/api/docs/guardrails/run_guardrails.md @@ -19,7 +19,7 @@ Behavior notes: | `no_illegal_drugs` | No illegal drugs | | `no_encourage_self_harm` | No encouragement of self-harm | - `rephrase_needed=true` means the system could not safely auto-fix the input/output and wants the user to retry with a rephrased query. -- When a validator with `on_fail=fix` has no programmatic fix (e.g. `profanity_free`), `safe_text` will be `""` and the response `metadata.reason` will explain which validator caused the empty output. +- When a validator with `on_fail=fix` has no programmatic fix (e.g. `profanity_free`), `safe_text` will be an empty string and the response `metadata.reason` will explain which validator caused the empty output. Failure behavior: - `success=false` is returned when validation fails without a recoverable fix or an internal runtime error occurs. From dcd9c8ab6b14ca8e7bf2a864e3cf133dcdffd523 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 16:00:45 +0530 Subject: [PATCH 15/20] change to main and add --rm --- .github/workflows/cd-staging.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index caed659..7ed9f3a 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -2,7 +2,7 @@ name: Deploy Kaapi Guardrails Staging To EC2 on: push: - branches: [enhancement/cd_staging] + branches: [main] workflow_dispatch: concurrency: @@ -35,7 +35,7 @@ jobs: --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/enhancement/cd_staging && docker compose build && docker compose exec backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ + --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/main && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ --query "Command.CommandId" \ --output text) From aedaf7f3d06317635bcbb617c119a816811b5851 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 16:01:57 +0530 Subject: [PATCH 16/20] change back to cd staging branch for testing --- .github/workflows/cd-staging.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 7ed9f3a..579f641 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -2,7 +2,7 @@ name: Deploy Kaapi Guardrails Staging To EC2 on: push: - branches: [main] + branches: [enhancement/cd_staging] workflow_dispatch: concurrency: @@ -35,7 +35,7 @@ jobs: --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/main && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ + --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/enhancement/cd_staging && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ --query "Command.CommandId" \ --output text) From 953d52bcdb189e4033e61b6a53154ce6b23df87a Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 16:36:37 +0530 Subject: [PATCH 17/20] adding entry point seperately --- .github/workflows/cd-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 579f641..41cf6c9 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -35,7 +35,7 @@ jobs: --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/enhancement/cd_staging && docker compose build && docker compose run --rm backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ + --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/enhancement/cd_staging && docker compose build && docker compose run --rm --entrypoint \\\\\\\"\\\\\\\" backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ --query "Command.CommandId" \ --output text) From 4ca4470b21544748ef9c175581a8d1e584959fc0 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Wed, 29 Apr 2026 16:41:59 +0530 Subject: [PATCH 18/20] change to main --- .github/workflows/cd-staging.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 41cf6c9..55ef84b 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -2,7 +2,7 @@ name: Deploy Kaapi Guardrails Staging To EC2 on: push: - branches: [enhancement/cd_staging] + branches: [main] workflow_dispatch: concurrency: @@ -35,7 +35,7 @@ jobs: --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/enhancement/cd_staging && docker compose build && docker compose run --rm --entrypoint \\\\\\\"\\\\\\\" backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ + --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/main && docker compose build && docker compose run --rm --entrypoint \\\\\\\"\\\\\\\" backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ --query "Command.CommandId" \ --output text) From 0f00a183189ba25204438b41f55474b51b799d98 Mon Sep 17 00:00:00 2001 From: nishika26 Date: Mon, 4 May 2026 09:35:39 +0530 Subject: [PATCH 19/20] changing secret's name --- .github/workflows/cd-staging.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index 55ef84b..a3623e7 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -12,7 +12,7 @@ concurrency: jobs: deploy: runs-on: ubuntu-latest - environment: AWS_STAGING_ENV_SECRETS + environment: AWS_ENV_SECRETS permissions: id-token: write From 7fed5b51c283cd92043fb912f19a9dc60b9329ff Mon Sep 17 00:00:00 2001 From: nishika26 Date: Mon, 4 May 2026 15:52:11 +0530 Subject: [PATCH 20/20] incoperating pr review comments --- .github/workflows/cd-staging.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-staging.yml b/.github/workflows/cd-staging.yml index a3623e7..7d8fc6e 100644 --- a/.github/workflows/cd-staging.yml +++ b/.github/workflows/cd-staging.yml @@ -3,7 +3,6 @@ name: Deploy Kaapi Guardrails Staging To EC2 on: push: branches: [main] - workflow_dispatch: concurrency: group: guardrail-staging-ec2-deploy @@ -31,11 +30,13 @@ jobs: INSTANCE_ID: ${{ secrets.STAGING_EC2_INSTANCE_ID }} BUILD_DIRECTORY: ${{ secrets.BUILD_DIRECTORY }} run: | + DEPLOY_CMD='sudo -iu ec2-user bash -lc \"cd '"${BUILD_DIRECTORY}"' && git fetch origin && git reset --hard origin/main && docker compose build && docker compose run --rm --entrypoint \\\"\\\" backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\"' + CMD_ID=$(aws ssm send-command \ --instance-ids "$INSTANCE_ID" \ --document-name "AWS-RunShellScript" \ --comment "Deploy kaapi-guardrails staging" \ - --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"sudo -iu ec2-user bash -lc \\\"cd ${BUILD_DIRECTORY} && git fetch origin && git reset --hard origin/main && docker compose build && docker compose run --rm --entrypoint \\\\\\\"\\\\\\\" backend uv run alembic upgrade head && docker compose up -d --remove-orphans && docker image prune -f\\\"\"]" \ + --parameters commands="[\"set -eux\",\"sudo chown -R ec2-user:ec2-user ${BUILD_DIRECTORY}\",\"${DEPLOY_CMD}\"]" \ --query "Command.CommandId" \ --output text)