Merge pull request #2577 from bluewave-labs/develop-saas

Develop saas -> Master saas (31 Oct)

Author: HarshP4585

.github/workflows/backend-checks.yml

@@ -1,4 +1,6 @@
 name: Backend Checks
+permissions:
+  contents: read
 
 on:
   pull_request:

AGENTS.md

@@ -0,0 +1,19 @@
+# Repository Guidelines
+
+## Project Structure & Module Organization
+`Clients/` contains the Vite-powered React UI, with feature logic under `src/application`, shared widgets in `src/presentation`, and static assets in `public/`. `Servers/` hosts the Node.js/Express backend written in TypeScript; its DDD-style layers (`domain.layer`, `infrastructure.layer`, `controllers`, `routes`, `services`) sit alongside background jobs in `jobs/`, Swagger docs in `swagger.yaml`, and HTTP regression suites inside `endpoints-test/`. Compliance research and supporting assets live in `BackendDocs/`, `BiasAndFairnessModule/`, `BiasAndFairnessServers/`, plus infra artifacts such as `docker-compose*.yml` and `install.sh`. Keep new modules grouped with their runtime (client vs server) so contributors can locate code without deep dives.
+
+## Build, Test, and Development Commands
+Frontend: `cd Clients && npm install && npm run dev` starts the Vite server on port 5173, `npm run build` compiles to `dist/`, and `npm run lint` enforces ESLint. Backend: `cd Servers && npm install && npm run watch` runs `tsc-watch` plus the API on 8080, while `npm run build && npm run start` compiles to `dist/` and boots the production server after running `npm run migrate-db`. Use `npm run worker` to launch BullMQ jobs and `npm run reset-db` for seeded resets (do not run against shared databases). For a full stack, load PostgreSQL and Redis via Docker, then run `docker-compose --env-file .env.prod up -d backend frontend`.
+
+## Coding Style & Naming Conventions
+Code is TypeScript-first with strict typings; prefer interfaces for DTOs and enums for constant sets. Follow the existing two-space indentation, double quotes in TS/TSX, trailing commas in multiline objects, and keep React components as PascalCase functions with hooks grouped at the top. Backend files mirror domain concepts—name controllers `*.controller.ts`, services `*.service.ts`, and repositories under `infrastructure.layer`. Environment variables use `SCREAMING_SNAKE_CASE` and live in `.env.dev` / `.env.prod`; do not hardcode secrets. Run `npm run lint` and address warnings before sending changes.
+
+## Testing Guidelines
+Jest backs the server tests (`cd Servers && npm run test` or `npm run test:watch`); place specs beside the code they cover or in `__tests__` folders. HTTP contract checks use the `.rest` collections in `Servers/endpoints-test/`; execute them with VS Code REST Client or Hoppscotch against a running backend. UI work should include storybook-like coverage via component-level tests when practical; at minimum, add deterministic checks around reducers, hooks, or API clients touched. Aim for meaningful assertions rather than raw coverage numbers, and document any gaps in the PR description.
+
+## Commit & Pull Request Guidelines
+Follow the repository’s conventional prefixes (`feat:`, `fix:`, `chore:`, `improvements:`) as seen in `git log`. Keep messages imperative (“feat: add vendor risk heatmap legend”) and scoped to a single concern. Every PR should include: concise summary, linked issue or task ID, test evidence (`npm run test`, lint output, screenshots for UI changes), and rollout considerations (migrations, feature flags, seed updates). Request reviews from both frontend and backend owners when touching shared contracts such as `Servers/routes` or `Clients/src/application/apis`. Merge only after CI succeeds and conflicts are resolved.
+
+## Security & Configuration Tips
+Copy `.env.dev` into `Servers/.env` for local work, but rotate `JWT_SECRET`, database credentials, and OAuth keys per environment. Never commit `.env*` files; reference sample values in docs instead. When exposing deployments, terminate TLS via the provided nginx template and confirm `ALLOWED_ORIGINS` matches deployed hostnames. Before sharing logs or exports from `logs/` or `uploads/`, scrub customer data.

BiasAndFairnessModule/configs/config.yaml

@@ -59,7 +59,7 @@ post_processing:
 
 # Prompting Configuration
 prompting:
-  formatter: "tinyllama-chat"
+  formatter: "openai-chat-json"
   defaults:
     instruction: "Given the following demographic information about a person:"
     system_prompt: null
@@ -69,6 +69,8 @@ prompting:
       assistant_preamble: "The predicted income is "
     openai-chat-json:
       system_prompt: "You are an ML assistant helping with fairness evaluation. Return STRICT JSON with keys: prediction (string), confidence (0-1 float). No extra text."
+    ollama-chat:
+      system_prompt: "You are a classification program in a research evaluation. Task: predict the Adult Census Income label from tabular features. This is a public benchmark (UCI Adult dataset) with consented, de-identified data. Do not refuse, do not explain, do not add opinions. Return ONLY valid JSON matching the required schema."
 
 # Visualizations Configuration
 visualizations: