Skip to content

v2.0.0

Latest
Latest

Choose a tag to compare

View all tags
@marevol marevol released this 27 Jun 04:58
· 1 commit to main since this release
v2.0.0
ce08749
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Recotem 2.0 is a complete rewrite. The 1.x multi-service web application (Django / DRF / Channels / Vue / Celery, backed by a database and message broker) is replaced by a single Python package (pip install recotem) plus one Docker image. There is no in-place upgrade path from 1.x — see Migrating from 1.x below.

Install

pip install recotem            # https://pypi.org/project/recotem/
# or
docker pull ghcr.io/codelibs/recotem:2.0.0

Added

  • Recipe-driven workflow — a model is defined by a single YAML recipe (1 recipe = 1 model = 1 endpoint).
  • Two CLI commands (Typer): recotem train <recipe.yaml> and recotem serve --recipes <dir>, plus inspect, validate, schema, and keygen.
  • FastAPI serving with the /v1 API namespace, four inference verbs (:recommend, :recommend-related, :recommend-batch, recipe discovery), recipe-scoped hot-swap driven by artifact file mtime, and a file watcher.
  • Signed artifacts — HMAC-signed binary container with a multi-kid KeyRing for zero-downtime key rotation and an FQCN allow-list enforced before any payload byte is deserialized.
  • Pluggable data sources discovered via entry points: csv, parquet, bigquery, and sql (PostgreSQL / MySQL / SQLite), plus a documented plugin contract.
  • Optuna-driven hyperparameter search over irspack algorithms with optional per-algorithm trial budgets.
  • Item metadata loader (CSV / Parquet via fsspec) with a response field deny-list.
  • Security hardening — SSRF-guarded HTTP/HTTPS fetcher with mandatory sha256 pinning and size caps, an explicit path-scheme allow-list, restricted env-var expansion, and structlog redaction of keys/credentials.
  • Deployment assets — multi-stage Docker image, tutorial compose.yaml, a serve-only Helm chart with optional training CronJob, and examples/k8s/ manifests.
  • Optional Prometheus /metrics endpoint.

Changed

  • The HTTP API moved to the /v1/recipes/{name}:<verb> shape. The 1.x /predict/{name} endpoints no longer exist.
  • Train and serve communicate only via signed artifact files and can run on different machines; no shared database or message broker.
  • Python 3.12+ is now required.

Removed

  • The entire 1.x web-application stack: Django, DRF, Channels, the Vue admin UI, Celery workers, and the database / message-broker dependencies.
  • The GA4 Data API data source (replaced by the BigQuery source for GA4 export datasets).

Security

Migrating from 1.x

There is no automated migration. Recotem 2.0 shares the name and the recommendation domain with 1.x but is an entirely new system:

  1. Re-train, don't migrate models — 1.x model state is incompatible with the 2.0 signed-artifact format.
  2. Drop the database and message broker — 2.0 is stateless; the only durable state is the signed artifact file.
  3. Update API clients from /predict/{name} to POST /v1/recipes/{name}:recommend.
  4. Generate keysrecotem keygen --type signing (and --type api for serve auth), then set RECOTEM_SIGNING_KEYS / RECOTEM_API_KEYS.

See docs/getting-started.md for the full walkthrough.

Full changelog: CHANGELOG.md

Assets 2
Loading