docs: split CLAUDE.md into path-scoped .claude/rules; fix dev/test commands
- CLAUDE.md trimmed to whole-repo facts (58 lines); subsystem guidance
moved to .claude/rules/{startos-package,fastapi-image,redaction,
audio-speech}.md with paths: frontmatter so each loads only when
matching files are touched
- .gitignore: track .claude/rules/ while keeping the rest of .claude/
(settings.local.json) ignored
- test-audio-with-speakers.sh: require audio-file arg in docs, replace
owner-specific SPARK_CONTROL/VLLM defaults with generic ones
(localhost dev server + Spark Control vLLM proxy), discover the
loaded LLM via /api/status since /v1/models lists audio models only
- document REDACTION_MAP_DB + CONNECTIVITY_LOG as required for local
dev (/data only exists in the container)
- prettier pass over startos/actions (formatting drift)
This commit is contained in:
Keysat
@@ -1,95 +1,52 @@
|
||||
# CLAUDE.md
|
||||
|
||||
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
|
||||
|
||||
Browser-based StartOS 0.4 package controlling a dual NVIDIA DGX Spark AI cluster: one-click vLLM model swaps, plus health, proxying, and APIs for speech (STT/diarization/TTS), embeddings, and redaction.
|
||||
|
||||
Subsystem guidance lives in `.claude/rules/` and loads when matching files are touched: `startos-package.md` (build/versioning, `package/**`), `fastapi-image.md` (dev server/env/layout, `image/**`), `redaction.md` (vendoring + test gates), `audio-speech.md` (parakeet patches, cluster-container footguns, audio testing). **Read `audio-speech.md` before touching the Sparks' containers over SSH** — ops sessions don't trip the path scoping.
|
||||
|
||||
## Stack
|
||||
|
||||
- Two halves, always coordinated:
|
||||
- `image/` — standalone FastAPI app (Python ≥3.11; ships on `python:3.12-slim`; UI on port 9999; vanilla HTML/CSS/JS, no framework).
|
||||
- `package/` — StartOS 0.4 wrapper (TypeScript, `@start9labs/start-sdk` pinned `1.3.3`, Node ≥22, bundled by `@vercel/ncc`).
|
||||
- Build host needs `start-cli`, Node ≥22 + npm, and Docker (the s9pk embeds the Docker image).
|
||||
- `image/` — standalone FastAPI app (Python ≥3.11; UI on port 9999; vanilla HTML/CSS/JS).
|
||||
- `package/` — StartOS 0.4 wrapper (TypeScript) that ships the Docker image as an s9pk.
|
||||
- Build host needs `start-cli`, Node ≥22 + npm, and Docker.
|
||||
- Cluster runtimes live **on the Sparks, not in this repo** (`spark-vllm-docker`, the parakeet/kokoro/embeddings containers). This repo is the controller; it reaches them over SSH + HTTP.
|
||||
- Sparks are ARM64 (GB10 Grace-Blackwell, sm_121, CUDA 13). Services: vLLM `:8888` (Spark 1); `parakeet-asr` `:8000` (Parakeet TDT 0.6B v3 + Sortformer diarizer + TitaNet voiceprints), Kokoro TTS `:8880`, bge-m3 embeddings + Qdrant (Spark 2). See `docs/` for API contracts.
|
||||
- Sparks are ARM64 (GB10 Grace-Blackwell, sm_121, CUDA 13). Services: vLLM `:8888` (Spark 1); `parakeet-asr` `:8000`, Kokoro TTS `:8880`, bge-m3 embeddings + Qdrant (Spark 2). See `docs/` for API contracts.
|
||||
|
||||
## Commands
|
||||
## Commands (headlines — details in the scoped rules)
|
||||
|
||||
### Build & deploy the s9pk
|
||||
```bash
|
||||
cd package
|
||||
npm i # one-time
|
||||
make x86 # typecheck + ncc bundle + docker build + pack → spark-control_x86_64.s9pk
|
||||
make install # sideload to the Start9 server; needs "host: http://<server>.local" in ~/.startos/config.yaml
|
||||
(cd package && make x86) # build the s9pk; make install sideloads (restarts live service — ask first)
|
||||
(cd image && uvicorn app.server:app --port 9999) # local dev — needs env vars, see fastapi-image rule
|
||||
(cd image && .venv/bin/python -m app.redaction.test_gateway) # offline redaction suite 1
|
||||
(cd image && .venv/bin/python app/redaction/test_scrub_leak.py) # offline redaction suite 2
|
||||
./scripts/test-audio-with-speakers.sh <audio-file> # e2e audio — hits the LIVE cluster
|
||||
```
|
||||
`make aarch64` for ARM Start9 servers. `make install` picks the newest `*.s9pk` in `package/`.
|
||||
|
||||
### Local dev (FastAPI only, no StartOS)
|
||||
```bash
|
||||
cd image
|
||||
python3 -m venv .venv && source .venv/bin/activate
|
||||
pip install -e .
|
||||
export SPARK1_HOST=<ip> SPARK1_USER=<user> SPARK2_HOST=<ip> SPARK2_USER=<user> SSH_KEY_PATH=<private-key>
|
||||
uvicorn app.server:app --host 0.0.0.0 --port 9999 --reload
|
||||
```
|
||||
Other env vars: `BIND_PORT`, `MODELS_YAML`, `SSH_DIR`, `SSH_KNOWN_HOSTS`.
|
||||
|
||||
### Tests
|
||||
No pytest harness — each suite is a standalone script (that *is* how you run a single test):
|
||||
```bash
|
||||
cd image
|
||||
python3 -m app.redaction.test_gateway # /scrub + /rehydrate acceptance; offline, no cluster needed
|
||||
python3 app/redaction/test_scrub_leak.py # vendored golden-file leak test; offline
|
||||
./scripts/test-audio-with-speakers.sh # (from repo root) end-to-end audio pipeline — hits the LIVE cluster
|
||||
```
|
||||
Both Python suites must pass before shipping anything touching redaction.
|
||||
|
||||
### Typecheck / format (TypeScript)
|
||||
```bash
|
||||
cd package
|
||||
npm run check # tsc --noEmit — run after any startos/ edit; make x86 also runs it
|
||||
npm run prettier # prettier --write startos (no semicolons, single quotes, trailing commas)
|
||||
```
|
||||
Python has no configured linter/formatter — match the style of the file you're editing.
|
||||
|
||||
## Layout
|
||||
|
||||
- `image/app/server.py` — FastAPI entry; routers live in sibling modules (`audio_proxy.py`, `llm_proxy.py`, `embeddings_proxy.py`, `redaction_gateway.py`, `swap.py`, `health.py`, `deep_health.py`, `connectivity.py`, …).
|
||||
- `image/app/static/` — the dashboard UI.
|
||||
- `image/models.yaml` — vLLM model catalog bundled into the image.
|
||||
- `image/parakeet_patches/` — overlay (`main.py`, `diarizer.py`) copied into the `parakeet-asr` container on Spark 2 by the "Reapply speech-model patches" action. The **only** durable way to change that container.
|
||||
- `image/app/redaction/` — `scrub.py` + `test_scrub_leak.py` vendored byte-for-byte from the CRM repo (sha in `__init__.py`). The gateway around it is `redaction_gateway.py`.
|
||||
- `image/spark_embed/` — Dockerfile + app for the embeddings container; built ON a Spark (ARM64, NGC PyTorch base).
|
||||
- `package/startos/` — manifest, interfaces, actions (`configureSparks`, `showPublicKey`), `versions/v0_1_0.ts` (current version string + release notes).
|
||||
- `docs/` — `AUDIO_API.md`, `EMBEDDINGS.md`, `REDACTION_GATEWAY.md` (consumer-facing API refs; update them with API changes).
|
||||
- `README.md` (overview), `HANDOFF.md` (fresh-user install guide), `runbook.md` (ops notes), `known-issues.md`.
|
||||
- `image/app/` — FastAPI app (`server.py` entry, routers in sibling modules, `static/` dashboard UI).
|
||||
- `package/startos/` — StartOS manifest, interfaces, actions, version + release notes.
|
||||
- `docs/` — `AUDIO_API.md`, `EMBEDDINGS.md`, `REDACTION_GATEWAY.md` (consumer-facing API refs; update with API changes).
|
||||
- `README.md` (overview), `HANDOFF.md` (fresh-user install guide), `runbook.md` (ops notes), `known-issues.md`, `ROADMAP.md` (longer-term backlog — items move into "Current state" below when picked up).
|
||||
|
||||
## Conventions
|
||||
|
||||
- Version format is `X.Y.Z:N` (`:N` = revision). Bump in `package/startos/versions/v0_1_0.ts`; **replace** the release notes — never leave old notes behind under an extra key (any unknown key fails `tsc`).
|
||||
- Every shipped change = version bump + release notes + rebuilt s9pk (version format `X.Y.Z:N`; details in the startos-package rule).
|
||||
- Commit messages: `vX.Y.Z:N - short lowercase summary`. **Never add a Co-Authored-By / Claude attribution trailer.**
|
||||
- Every shipped change = version bump + release notes + rebuilt s9pk (`make x86 && make install`).
|
||||
- The package owner is non-technical: explain infra effects in plain English and get an explicit go/no-go before mutating the cluster.
|
||||
- Pydantic request models go at **module scope**, never inside a `build_router()` body (FastAPI silently 422s otherwise).
|
||||
- New external-facing endpoints get documented in `docs/` and noted in release notes for downstream app developers (Recap Relay, Ten31 Transcripts, CRM, Signal Engine consume these APIs).
|
||||
|
||||
## Always / Never
|
||||
## Always / Never (cluster-wide)
|
||||
|
||||
**Always**
|
||||
- Confirm with the user before swap/stop/restart of anything on the live cluster. Read-only probes and dry-runs are fine without asking.
|
||||
- Use the Spark's **IP** for HTTP probes — `.local` mDNS names can resolve IPv6-first and hang httpx (vLLM and friends bind IPv4 only).
|
||||
- Pass `SSH_KEY_PATH` / `-i <key>` explicitly in scripted SSH; non-interactive shells have no ssh-agent identities.
|
||||
- Make parakeet-container changes via `image/parakeet_patches/` + the Reapply action. `docker exec` / pip changes inside the container die on `docker rm`.
|
||||
- Test audio endpoints with **real speech** (e.g. macOS `say`), not tones/silence — zero-token audio skips the decoder paths where crashes live.
|
||||
- Send audio requests to Spark 2 **sequentially** in tests/scripts. Parallel audio requests can race (cuFFT → 503), and the single GPU serializes them anyway.
|
||||
- Pin/constrain torch versions when pip-installing anything into NGC-based containers on the Sparks (ABI breaks otherwise); expect ARM64 wheel gaps and source builds (`--no-build-isolation` for torchaudio).
|
||||
- Keep the redaction leak tests green against the vendored `scrub.py` after any re-vendor.
|
||||
|
||||
**Never**
|
||||
- Never install `cuda-python` in `parakeet-asr` to "fix" the startup warning about CUDA graphs being disabled. The warning is harmless; enabling the graph path crashes real decode with illegal memory access on this GPU/CUDA-13 stack. Leave it alone — the slow path served 11k+ requests with zero failures.
|
||||
- Never edit `image/app/redaction/scrub.py` or `test_scrub_leak.py` here — change them in the CRM repo, re-vendor (`cp`), update the sha in `redaction/__init__.py`, re-run the leak test.
|
||||
- Never commit owner-specific hostnames, IPs, usernames, or names into package strings, UI text, or docs — this package gets shared; use placeholders (`<spark-1-ip>` style).
|
||||
- Never route audio or transcripts to cloud services — speech stays on the LAN. (Scrubbed text via `/scrub` is the only sanctioned path toward frontier models.)
|
||||
- Never trust `.local` hostnames inside HTTP client code (see IPv6 note above) and never assume the ssh-agent is loaded.
|
||||
- Never ship a redaction change without both redaction suites passing.
|
||||
- **Always** confirm with the user before swap/stop/restart of anything on the live cluster. Read-only probes and dry-runs are fine without asking.
|
||||
- **Always** use the Spark's **IP** for HTTP probes — `.local` mDNS names can resolve IPv6-first and hang httpx (vLLM and friends bind IPv4 only). Never trust `.local` hostnames inside HTTP client code.
|
||||
- **Always** pass `SSH_KEY_PATH` / `-i <key>` explicitly in scripted SSH; non-interactive shells have no ssh-agent identities.
|
||||
- **Never** route audio or transcripts to cloud services — speech stays on the LAN. (Scrubbed text via `/scrub` is the only sanctioned path toward frontier models.)
|
||||
- **Never** commit owner-specific hostnames, IPs, usernames, or names into package strings, UI text, or docs — this package gets shared; use placeholders (`<spark-1-ip>` style).
|
||||
- **Never** install `cuda-python` in `parakeet-asr` — crashes real decode on this GPU/CUDA-13 stack; full story in the audio-speech rule.
|
||||
|
||||
## Current state
|
||||
|
||||
@@ -97,5 +54,5 @@ Python has no configured linter/formatter — match the style of the file you're
|
||||
- **In progress — Signal Engine "flakiness":** diagnosed, not a server bug — transient 1–4s unresponsiveness while the single GPU is continuously busy. Remedy is client-side; a drafted message (in-flight cap 2, hard ceiling 3 global across audio endpoints, retry-with-backoff on timeout/503) is with the owner to forward to that dev.
|
||||
- **Decided, not implemented:** remote access stays WireGuard/Tailscale split-tunnel — no public interface, so no API auth built; an empirical concurrency sweep is offered but needs the owner's explicit OK in a quiet window.
|
||||
- **Known limits:** `/health` blips while the GPU is busy (mitigated client-side); dual-channel can miss a quiet local word under loud remote bleed; the connectivity log misses sub-5s outages between 5s polls; diarizer caps at 4 speakers.
|
||||
- **Repo wart:** HEAD's message says `v0.13.0:4` but the commit contains everything through v0.18.0:0 — per-version commits for v0.14–v0.18 are missing. Keep commit messages accurate going forward.
|
||||
- **Next:** (1) owner forwards the concurrency note to the Signal Engine dev; (2) commit CLAUDE.md + ROADMAP.md; (3) run the concurrency sweep if the dev wants the measured knee; (4) add the `--memory` cap to parakeet-asr via the Reapply-patches action; (5) pick the next item from ROADMAP.md.
|
||||
- **Repo wart:** commit `367d986` is labeled `v0.13.0:4` but actually contains everything through v0.18.0:0 — per-version commits for v0.14–v0.18 are missing. Keep commit messages accurate going forward.
|
||||
- **Next:** (1) owner forwards the concurrency note to the Signal Engine dev; (2) run the concurrency sweep if the dev wants the measured knee; (3) add the `--memory` cap to parakeet-asr via the Reapply-patches action; (4) pick the next item from ROADMAP.md.
|
||||
|
||||
Reference in New Issue
Block a user