Merge branch 'main' into issue-163/re-implement-feedback-feature

Author: leekahung

.github/workflows/deploy.yml renamed to .github/workflows/deploy.production.yml

@@ -1,6 +1,6 @@
-name: CI-CD
+name: CI-CD (Production)
 
-on:
+on:  
   push:
     branches: [ main ]
   workflow_dispatch:
@@ -11,15 +11,9 @@ concurrency:
 
 jobs:
   deploy:
-    runs-on: ubuntu-latest
+    environment: production
 
-    env:
-      # local paths
-      BACKEND_DIR: backend
-      FRONTEND_DIR: frontend
-      # remote paths
-      REMOTE_APP_DIR: /var/www/tenantfirstaid
-      SERVICE_NAME: tenantfirstaid-backend
+    runs-on: ubuntu-latest
 
     steps:
       - uses: actions/checkout@v4
@@ -29,43 +23,43 @@ jobs:
         with:
           node-version: 20
           cache: npm
-          cache-dependency-path: ${{ env.FRONTEND_DIR }}/package-lock.json
+          cache-dependency-path: ${{ vars.FRONTEND_DIR }}/package-lock.json
 
       - name: Build UI
-        working-directory: ${{ env.FRONTEND_DIR }}
+        working-directory: ${{ vars.FRONTEND_DIR }}
         run: |
           npm ci
           npm run build
 
       - name: Upload backend code via SCP
         uses: appleboy/[email protected]
         with:
-          host: ${{ secrets.DO_HOST }}
-          username: ${{ secrets.DO_USER }}
+          host: ${{ vars.URL }}
+          username: ${{ vars.SSH_USER }}
           key: ${{ secrets.SSH_KEY }}
-          source: ${{ env.BACKEND_DIR }}/
-          target: ${{ env.REMOTE_APP_DIR }}
+          source: ${{ vars.BACKEND_DIR }}/
+          target: ${{ vars.REMOTE_APP_DIR }}
           rm: true
 
       - name: Upload frontend code via SCP
         uses: appleboy/[email protected]
         with:
-          host: ${{ secrets.DO_HOST }}
-          username: ${{ secrets.DO_USER }}
+          host: ${{ vars.URL }}
+          username: ${{ vars.SSH_USER }}
           key: ${{ secrets.SSH_KEY }}
-          source: ${{ env.FRONTEND_DIR }}/dist
-          target: ${{ env.REMOTE_APP_DIR }}
+          source: ${{ vars.FRONTEND_DIR }}/dist
+          target: ${{ vars.REMOTE_APP_DIR }}
           rm: false  # Otherwise we wipe out the backend code
 
       - name: Bootstrap on droplet
         uses: appleboy/[email protected]
         with:
-          host: ${{ secrets.DO_HOST }}
-          username: ${{ secrets.DO_USER }}
+          host: ${{ vars.URL }}
+          username: ${{ vars.SSH_USER }}
           key: ${{ secrets.SSH_KEY }}
           script: |
             set -e
-            cd ${{ env.REMOTE_APP_DIR }}/backend/
+            cd ${{ vars.REMOTE_APP_DIR }}/backend/
             
             # Install uv (fast installer from Astral) if it isn't there
             if ! command -v uv >/dev/null 2>&1; then
@@ -81,19 +75,23 @@ jobs:
             sudo chmod 750 /etc/tenantfirstaid
             sudo chown root:root /etc/tenantfirstaid
             cat > /etc/tenantfirstaid/env <<EOF
-            ENV=prod
-            OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}
+            ENV=${{ vars.ENV }}
             FLASK_SECRET_KEY=${{ secrets.FLASK_SECRET_KEY }}
             DB_HOST=${{secrets.DB_HOST}}
             DB_PASSWORD=${{secrets.DB_PASSWORD}}
-            DB_PORT=${{secrets.DB_PORT}}
+            DB_PORT=${{vars.DB_PORT}}
             DB_USER=default
-            MODEL_REASONING_EFFORT=high
-            VECTOR_STORE_ID=${{secrets.VECTOR_STORE_ID}}
+            GEMINI_RAG_CORPUS=${{vars.GEMINI_RAG_CORPUS}}
+            GOOGLE_SERVICE_ACCOUNT_CREDENTIALS_FILE=/etc/tenantfirstaid/google-service-account.json
             EOF
             chmod 640 /etc/tenantfirstaid/env
+
+            cat > /etc/tenantfirstaid/google-service-account.json <<EOF
+            ${{ secrets.GOOGLE_SERVICE_ACCOUNT_CREDENTIALS}}
+            EOF
+            chmod 640 /etc/tenantfirstaid/google-service-account.json
             
             # Ownership, restart, reload
-            sudo chown -R $USER:www-data ${{ env.REMOTE_APP_DIR }}
-            sudo systemctl restart ${{ env.SERVICE_NAME }}
+            sudo chown -R $USER:www-data ${{ vars.REMOTE_APP_DIR }}
+            sudo systemctl restart ${{ vars.SERVICE_NAME }}
             sudo systemctl reload nginx

.github/workflows/deploy.staging.yml

@@ -0,0 +1,95 @@
+name: CI-CD (Staging)
+
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: deploy-to-droplet
+  cancel-in-progress: true
+
+jobs:
+  deploy:
+    environment: staging
+
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: npm
+          cache-dependency-path: ${{ vars.FRONTEND_DIR }}/package-lock.json
+
+      - name: Build UI
+        working-directory: ${{ vars.FRONTEND_DIR }}
+        run: |
+          npm ci
+          npm run build
+
+      - name: Upload backend code via SCP
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ vars.URL }}
+          username: ${{ secrets.SSH_USER }}
+          key: ${{ secrets.SSH_KEY }}
+          source: ${{ vars.BACKEND_DIR }}/
+          target: ${{ vars.REMOTE_APP_DIR }}
+          rm: true
+
+      - name: Upload frontend code via SCP
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ vars.URL }}
+          username: ${{ secrets.SSH_USER }}
+          key: ${{ secrets.SSH_KEY }}
+          source: ${{ vars.FRONTEND_DIR }}/dist
+          target: ${{ vars.REMOTE_APP_DIR }}
+          rm: false  # Otherwise we wipe out the backend code
+
+      - name: Bootstrap on droplet
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ vars.URL }}
+          username: ${{ secrets.SSH_USER }}
+          key: ${{ secrets.SSH_KEY }}
+          script: |
+            set -e
+            cd ${{ vars.REMOTE_APP_DIR }}/backend/
+            
+            # Install uv (fast installer from Astral) if it isn't there
+            if ! command -v uv >/dev/null 2>&1; then
+              curl -LsSf https://astral.sh/uv/install.sh | sh
+              export PATH="$HOME/.local/bin:$PATH"
+            fi
+            
+            # Sync dependencies directly from pyproject.toml
+            uv sync
+            
+            # Inject environment secrets
+            sudo mkdir -p /etc/tenantfirstaid
+            sudo chmod 750 /etc/tenantfirstaid
+            sudo chown root:root /etc/tenantfirstaid
+            cat > /etc/tenantfirstaid/env <<EOF
+            ENV=${{ vars.ENV }}
+            FLASK_SECRET_KEY=${{ secrets.FLASK_SECRET_KEY }}
+            DB_HOST=${{secrets.DB_HOST}}
+            DB_PASSWORD=${{secrets.DB_PASSWORD}}
+            DB_PORT=${{vars.DB_PORT}}
+            DB_USER=default
+            GEMINI_RAG_CORPUS=${{vars.GEMINI_RAG_CORPUS}}
+            GOOGLE_SERVICE_ACCOUNT_CREDENTIALS_FILE=/etc/tenantfirstaid/google-service-account.json
+            EOF
+            chmod 640 /etc/tenantfirstaid/env
+
+            cat > /etc/tenantfirstaid/google-service-account.json <<EOF
+            ${{ secrets.GOOGLE_SERVICE_ACCOUNT_CREDENTIALS}}
+            EOF
+            chmod 640 /etc/tenantfirstaid/google-service-account.json
+            
+            # Ownership, restart, reload
+            sudo chown -R $USER:www-data ${{ vars.REMOTE_APP_DIR }}
+            sudo systemctl restart ${{ vars.SERVICE_NAME }}
+            sudo systemctl reload nginx

.github/workflows/generate_conversations.yml

@@ -25,7 +25,7 @@ on:
       model:
         description: 'Model to use'
         required: true
-        default: 'o3'
+        default: 'gpt-2.5-flash'
         type: string
 
 jobs:

.github/workflows/pr-check.yml

@@ -43,9 +43,6 @@ jobs:
         run: uv run ty check
 
       - name: Run tests
-        env:
-          OPENAI_API_KEY: XXXX
-          PERSISTENT_STORAGE_DIR: /tmp/tenantfirstaid_data
         run: uv run pytest -v -s
 
   frontend-build:

.gitignore

@@ -13,6 +13,8 @@ venv/
 # Env config
 .env
 *.env
+google-service-account.json
+.python-version
 
 # Python tooling
 pip-log.txt
@@ -57,5 +59,6 @@ chatlog.jsonl
 /backend/feedback.jsonl
 /backend/data
 /backend/scripts/eval_results.json
-combined_training_gpt-4_1.jsonl
-combined_training_o3.jsonl
+/backend/scripts/generate_conversation/*.csv
+!/backend/scripts/generate_conversation/tenant_questions_facts_full.csv
+combined_training_gpt-4_1.jsonl

backend/.env.example

@@ -1,14 +1,5 @@
-OPENAI_API_KEY=openai_api_key
-# If you want to use Github Models instead, omit OPENAI_API_KEY and use
-# GITHUB_API_KEY and MODEL_ENDPOINT
-GITHUB_API_KEY=github_api_key
-MODEL_ENDPOINT=https://api.openai.com/v1
-
 # Specify a different model
-MODEL_NAME=o3
-
-# Change the persistent storage directory from '/root/tenantfirstaid'
-PERSISTENT_STORAGE_DIR=../storage
+MODEL_NAME=gpt-2.5-flash
 
 # Vector store ID for OpenAI (use the create_vector_store script to create one)
 VECTOR_STORE_ID=my_vector_store_id

backend/Makefile

@@ -20,8 +20,16 @@ lint: uv.lock
 typecheck: uv.lock
 	$(PYTHON) run ty check $(TYPECHECK_OPTIONS)
 
-typecheck-mypy: uv.lock
-	$(PYTHON) run mypy $(TYPECHECK_OPTIONS) -p tenantfirstaid --python-executable .venv/bin/python3 --check-untyped-defs
+MYPY_CMD := $(PYTHON) run mypy $(TYPECHECK_OPTIONS)
+MYPY_ARGS :=  --python-executable .venv/bin/python3 --pretty --check-untyped-defs
+
+typecheck-mypy-scripts: uv.lock
+	$(MYPY_CMD) -p scripts $(MYPY_ARGS)
+
+typecheck-mypy-tenantfirstaid: uv.lock
+	$(MYPY_CMD) -p tenantfirstaid $(MYPY_ARGS)
+
+typecheck-mypy: typecheck-mypy-tenantfirstaid typecheck-mypy-scripts
 
 typecheck-pyrefly: uv.lock
 	$(PYTHON) run pyrefly check $(TYPECHECK_OPTIONS) --python-interpreter .venv/bin/python3

backend/scripts/create_vector_store.py

@@ -2,11 +2,11 @@
 from pathlib import Path
 from openai import OpenAI
 
-
-if Path(".env").exists():
+dotenv_path = Path(__file__).parent.parent / ".env"
+if dotenv_path.exists():
     from dotenv import load_dotenv
 
-    load_dotenv(override=True)
+    load_dotenv(dotenv_path=dotenv_path, override=True)
 
 API_KEY = os.getenv("OPENAI_API_KEY", os.getenv("GITHUB_API_KEY"))
 
@@ -64,11 +64,11 @@
             path.write_text(path.read_text(encoding="utf-8"), encoding="utf-8")
 
             print(f"Uploading {file_path} to vector store '{vector_store.name}'.")
-            file = client.files.create(
+            file_obj = client.files.create(
                 file=open(file_path, "rb"),
                 purpose="assistants",
             )
-            file_ids.append(file.id)
+            file_ids.append(file_obj.id)
 
         # Add files to the vector store
         batch_upload = client.vector_stores.file_batches.create(

backend/scripts/documents/or/ORS109.txt

@@ -0,0 +1,8 @@
+ORS 109.697
+The Legislative Assembly finds that there are in the State of Oregon unemancipated minors who are living apart from their parents and are homeless. Many of these minors are able financially to provide housing and utility services for themselves and their children, but cannot contract for these necessities due to perceived legal limitations affecting contracts with minors. The purpose of this legislation is to address those limitations.
+(2)For purposes of this section, “minor” means an unemancipated and unmarried person who is living apart from the person’s parent, parents or legal guardian, and who is either:
+(a)Sixteen or 17 years of age;
+(b)Under 16 years of age and the parent of a child or children who are living in the physical custody of the person; or
+(c)Under 16 years of age, pregnant and expecting the birth of a child who will be living in the physical custody of the person.
+Notwithstanding any other provision of law, a minor may contract for the necessities of a residential dwelling unit and for utility services to that unit. Such a contract is binding upon the minor and cannot be voided or disaffirmed by the minor based upon the minor’s age or status as a minor.
+(4)The consent of the parent or legal guardian of such minor shall not be necessary to contract for a residential dwelling unit or utility services to that unit. The parent or legal guardian of such minor shall not be liable under a contract by that minor for a residential dwelling unit or for utility services to that unit unless the parent or guardian is a party to the minor’s contract, or enters another contract, for the purpose of acting as guarantor of the minor’s debt. [1993 c.369 §29]

backend/scripts/documents/or/ORS659A.txt

@@ -0,0 +1,50 @@
+ORS 659A.421
+Discrimination in selling, renting or leasing real property prohibited
+Text
+Annotations   6
+(1)As used in this section:
+(a)“Dwelling” means:
+(A)A building or structure, or portion of a building or structure, that is occupied, or designed or intended for occupancy, as a residence by one or more families; or
+(B)Vacant land offered for sale or lease for the construction or location of a building or structure, or portion of a building or structure, that is occupied, or designed or intended for occupancy, as a residence by one or more families.
+(b)“Purchaser” includes an occupant, prospective occupant, renter, prospective renter, lessee, prospective lessee, buyer or prospective buyer.
+(c)“Real property” includes a dwelling.
+(d)Intentionally left blank —Ed.
+(A)“Source of income” includes federal rent subsidy payments under 42 U.S.C. 1437f and any other local, state or federal housing assistance.
+(B)“Source of income” does not include income derived from a specific occupation or income derived in an illegal manner.
+(2)A person may not, because of the race, color, religion, sex, sexual orientation, gender identity, national origin, marital status, familial status or source of income of any person:
+(a)Refuse to sell, lease or rent any real property to a purchaser. This paragraph does not prevent a person from refusing to lease or rent real property to a prospective renter or prospective lessee:
+(A)Based upon the past conduct of a prospective renter or prospective lessee provided the refusal to lease or rent based on past conduct is consistent with local, state and federal law, including but not limited to fair housing laws; or
+(B)Based upon the prospective renter’s or prospective lessee’s inability to pay rent, taking into account the value of the prospective renter’s or prospective lessee’s local, state and federal housing assistance, provided the refusal to lease or rent based on inability to pay rent is consistent with local, state and federal law, including but not limited to fair housing laws.
+(b)Expel a purchaser from any real property.
+(c)Make any distinction, discrimination or restriction against a purchaser in the price, terms, conditions or privileges relating to the sale, rental, lease or occupancy of real property or in the furnishing of any facilities or services in connection therewith.
+(d)Attempt to discourage the sale, rental or lease of any real property to a purchaser.
+(e)Publish, circulate, issue or display, or cause to be published, circulated, issued or displayed, any communication, notice, advertisement or sign of any kind relating to the sale, rental or leasing of real property that indicates any preference, limitation, specification or unlawful discrimination based on race, color, religion, sex, sexual orientation, gender identity, national origin, marital status, familial status or source of income.
+(f)Assist, induce, incite or coerce another person to commit an act or engage in a practice that violates this section.
+(g)Coerce, intimidate, threaten or interfere with any person in the exercise or enjoyment of, or on account of the person having exercised or enjoyed or having aided or encouraged any other person in the exercise or enjoyment of, any right granted or protected by this section.
+(h)Deny access to, or membership or participation in, any multiple listing service, real estate brokers’ organization or other service, organization or facility relating to the business of selling or renting dwellings, or discriminate against any person in the terms or conditions of the access, membership or participation.
+(i)Represent to a person that a dwelling is not available for inspection, sale or rental when the dwelling in fact is available for inspection, sale or rental.
+(j)Otherwise make unavailable or deny a dwelling to a person.
+(3)Intentionally left blank —Ed.
+(a)A person whose business includes engaging in residential real estate related transactions may not discriminate against any person in making a transaction available, or in the terms or conditions of the transaction, because of race, color, religion, sex, sexual orientation, gender identity, national origin, marital status, familial status or source of income.
+(b)As used in this subsection, “residential real estate related transaction” means any of the following:
+(A)The making or purchasing of loans or providing other financial assistance:
+(i)For purchasing, constructing, improving, repairing or maintaining a dwelling; or
+(ii)Secured by residential real estate; or
+(B)The selling, brokering or appraising of residential real property.
+(4)A real estate licensee may not accept or retain a listing of real property for sale, lease or rental with an understanding that a purchaser may be discriminated against with respect to the sale, rental or lease thereof because of race, color, religion, sex, sexual orientation, gender identity, national origin, marital status, familial status or source of income.
+(5)A person may not, for profit, induce or attempt to induce any other person to sell or rent any dwelling by representations regarding the entry or prospective entry into the neighborhood of a person or persons of a particular race, color, religion, sex, sexual orientation, gender identity, national origin, marital status, familial status or source of income.
+(6)This section does not apply with respect to sex distinction, discrimination or restriction if the real property involved is such that the application of this section would necessarily result in common use of bath or bedroom facilities by unrelated persons of opposite sex.
+(7)Intentionally left blank —Ed.
+(a)This section does not apply to familial status distinction, discrimination or restriction with respect to housing for older persons.
+(b)As used in this subsection, “housing for older persons” means housing:
+(A)Provided under any state or federal program that is specifically designed and operated to assist elderly persons, as defined by the state or federal program;
+(B)Intended for, and solely occupied by, persons 62 years of age or older; or
+(C)Intended and operated for occupancy by at least one person 55 years of age or older per unit. Housing qualifies as housing for older persons under this subparagraph if:
+(i)At least 80 percent of the dwellings are occupied by at least one person 55 years of age or older per unit; and
+(ii)Policies and procedures that demonstrate an intent by the owner or manager to provide housing for persons 55 years of age or older are published and adhered to.
+(c)Housing does not fail to meet the requirements for housing for older persons if:
+(A)Persons residing in the housing as of September 13, 1988, do not meet the requirements of paragraph (b)(B) or (C) of this subsection. However, new occupants of the housing shall meet the age requirements of paragraph (b)(B) or (C) of this subsection; or
+(B)The housing includes unoccupied units that are reserved for occupancy by persons who meet the age requirements of paragraph (b)(B) or (C) of this subsection.
+(d)Nothing in this section limits the applicability of any reasonable local, state or federal restrictions regarding the maximum number of occupants permitted to occupy a dwelling.
+(8)The provisions of subsection (2)(a) to (d) and (f) of this section that prohibit actions based upon sex, sexual orientation, gender identity or familial status do not apply to the renting of space within a single-family residence if the owner actually maintains and occupies the residence as the owner’s primary residence and all occupants share some common space within the residence.
+(9)Any violation of this section is an unlawful practice. [Formerly 659.033; 2007 c.100 §8; 2007 c.903 §4a; 2008 c.36 §6; 2013 c.740 §1; 2021 c.367 §40]