Skip to content

docs: update install guide and add five how-to guides#24

Open
zlcnju wants to merge 5 commits into
mainfrom
update-install-doc
Open

docs: update install guide and add five how-to guides#24
zlcnju wants to merge 5 commits into
mainfrom
update-install-doc

Conversation

@zlcnju

@zlcnju zlcnju commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Two parts, all content verified against the smart-doc source and cross-checked on a live deployment.

1. Install guide refresh

The install page still documented the v1.2.0 flow. Verified against the chart (charts/smart-doc/scripts/plugin-config.yaml, templates/, files/init-database.sh) and a live v1.5.0 deployment (ModuleInfo config, secret key names, init-container logs, pod/container names):

  • Drop the manual dump prepare/import sections (v1.2.0-only): an init container bootstraps the knowledge base from the built-in dump selected in the form. Added a Verify the installation section.
  • Fix the upload script (undefined ${AI_CLUSTER_OPERATOR_NAME} / ${CLUSTER}${PACKAGE_FILE}, --clusters=global).
  • Fix the external PostgreSQL secret example (postgresql+psycopg, not pg8000).
  • Document the current install form grouped by topic; remove fields that no longer exist (Enable Agent Mode, MCP K8s API Server Address).

2. New How To section (5 guides)

  • Configure External MCP Servers — ConfigMap schema (name/url/transport/headers/tls_verify), registration and restart semantics, tool-name prefixing, and the approval-strategy gotcha: under the default disabled strategy, tools without readOnlyHint: true are filtered out entirely.
  • Create Custom Skills — frontmatter format, cosine matching against name+description (default threshold 0.35), built-in skill overrides, verification via startup/match logs.
  • Configure TLS — Extra CA ConfigMaps as the main path (process-wide trust for LLM/MCP/reranker; PostgreSQL excluded), plus a dedicated skip-TLS section (llmSkipSslVerify, LLM-only scope, ModuleInfo patch procedure, test/dev only).
  • Use Hyperflux as an MCP Server in Your IDE — endpoint, ACP bearer-token auth, Claude Code and mcp.json config examples, elicitation-based write approval, troubleshooting table.
  • Configure Data RedactionqueryRedactionFilters value rules (redact/tokenize modes, ModuleInfo patch example, fail-fast validation), toolArgRedactKeys key-name masking with the built-in safe set, and the admin-only redaction audit API (metadata-only records; no built-in retention).

The install guide cross-links the guides.

Verification on the live environment

  • Install-guide commands (get pod | grep smart-doc, logs -l app=smart-doc -c serve) run as written; secret key names and builtinDumpFile/pgCollectionName pairing match.
  • The IDE MCP guide's flow was exercised end-to-end: unauthenticated → 403, ACP bearer → full initialize + tools/list handshake returning serverInfo.name=hyperflux and the hyperflux_agent tool. This surfaced a fact not visible in the code: /mcp without a trailing slash returns a 307 whose Location is lost through the ingress, so the documented URL is /smart-doc/mcp/.
  • The redaction guide's audit API was queried live: response rows match the documented shape (surface/rule_name/mode/hit_count, values never stored).

🤖 Generated with Claude Code

The install page still documented the v1.2.0 flow. Verified against the
smart-doc chart (charts/smart-doc/scripts/plugin-config.yaml, templates/,
files/init-database.sh) and a live v1.5.0 deployment:

- Drop the manual database-dump prepare/import sections: since v1.2.1 an
  init container bootstraps the knowledge base from the built-in dump
  selected in the form (Built-in KnowledgeBase File).
- Fix the upload script: replace undefined AI_CLUSTER_OPERATOR_NAME /
  CLUSTER (copied from the Alauda AI docs) with PACKAGE_FILE and
  --clusters=global.
- Fix the external PostgreSQL secret example: uri scheme is
  postgresql+psycopg, not pg8000.
- Document the current install form: built-in PGVector/Redis toggles and
  external-secret formats, credentials Secret reference
  (llm-api-key/cohere-api-key/api-key), reranker, tool approval strategy,
  Expose as MCP Server, extra MCP/CA ConfigMaps, Skills, rate and quota
  limits, RAG tuning.
- Remove form fields that no longer exist (Enable Agent Mode, MCP K8s API
  Server Address) and add a post-install verification section.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 9, 2026

Copy link
Copy Markdown

Deploying alauda-hyperflux with  Cloudflare Pages  Cloudflare Pages

Latest commit: e4bbcf7
Status: ✅  Deploy successful!
Preview URL: https://c40986f3.alauda-hyperflux.pages.dev
Branch Preview URL: https://update-install-doc.alauda-hyperflux.pages.dev

View logs

… MCP usage

Four task guides under a new How To section, each verified against the
smart-doc source (server/src/extra_mcp.py, skills.py, certificates.py,
mcp_server.py, auth.py and the chart) and, where possible, against a live
deployment:

- Configure External MCP Servers: ConfigMap schema (name/url/transport/
  headers/tls_verify), registration, tool-name prefixing, and the
  approval-strategy gotcha where unannotated tools are filtered out under
  the default `disabled` strategy.
- Create Custom Skills: frontmatter format, cosine matching against
  name+description with the 0.35 threshold, built-in skill overrides, and
  load/match verification via logs.
- Configure TLS: Extra CA ConfigMaps as the main path (process-wide trust
  for LLM/MCP/reranker, PG excluded), plus the MiConfig-only advanced
  knobs and the llmSkipSslVerify warning.
- Use Hyperflux as an MCP Server in Your IDE: endpoint (trailing slash
  required — verified live: /mcp without it returns a 307 the ingress
  strips the Location from), bearer/API-key auth, client config examples,
  and the elicitation-based write-approval flow. The full handshake and
  tools/list were exercised against a live deployment.

Install guide now cross-links each of the four guides.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@zlcnju zlcnju changed the title docs: update install guide to match current plugin form docs: update install guide and add four how-to guides Jul 9, 2026
Covers the three redaction parts, verified against server/src
(regex_filter.py, redaction_audit.py, config.py) and the chart, with the
audit endpoint exercised on a live deployment:

- queryRedactionFilters value rules: schema (name/pattern/mode/
  replace_with/applies_to), redact vs tokenize modes, MiConfig-only
  configuration with a ModuleInfo patch example, fail-fast validation and
  fail-closed application, rule-writing guidance.
- toolArgRedactKeys key-name masking with the built-in safe set and its
  replace-not-extend override semantics.
- Redaction audit: metadata-only records (values never stored), the
  admin-only /api/admin/redaction_audit query API (response shape
  verified live), best-effort writes and the missing-retention caveat.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@zlcnju zlcnju changed the title docs: update install guide and add four how-to guides docs: update install guide and add five how-to guides Jul 9, 2026
zlc and others added 2 commits July 9, 2026 15:09
…section

Drop the Advanced TLS settings table (tlsProfileType/tlsMinVersion/
tlsCiphers/pgSSLMode/pgSSLRootCert/securityHeaders) and promote skipping
certificate verification (llmSkipSslVerify) to its own section with the
full ModuleInfo patch procedure, the LLM-only scope warning, and the
revert step. External-PG TLS keeps a one-line pointer to pgSSLMode/
pgSSLRootCert in the extra-CA note.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Remove the x-api-key HMAC scheme from the IDE guide (its 300-second
token freshness makes it impractical for IDE config files, and it was
the one path not exercised on a live deployment). ACP bearer token is
now the single documented auth method; read-only/write and
troubleshooting sections updated accordingly.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant