1.0.0 release

.gitignore

@@ -55,6 +55,10 @@ __pycache__/
 !clientApp/trusted.png
 !clientApp/untrusted.png 
 !/vbcs_oda_archives/vbcs_apps/vbcs-askdata/webApps/nl2sqlbot/resources/images/*
+!deployment-docs/docs/deployment/function/*
+!deployment-docs/docs/deployment/trust-api-gw/*
+!deployment-docs/docs/deployment/adw/*
+!deployment-docs/docs/deployment/oda/*
 
 # Added images for documentation (redacted)
 !deployment-docs/docs/deployment/business_media/media/*
@@ -74,6 +78,7 @@ __pycache__/
 
 *.ico
 !/vbcs_oda_archives/vbcs_apps/vbcs-askdata/webApps/nl2sqlbot/resources/images/*
+!/rest/nl2sql-trust/static/*
 
 *.docx 
 
@@ -84,8 +89,10 @@ __pycache__/
 *.xlsx
 *.zip
 /rest/nl2sql-trust/.coverage
-*.tgz
 
+*.tgz
+# webview binary required to import 
+!/vbcs_oda_archives/oda/askdata-oda-base/webviewPackages/NL2SQLFeedbackFormService/nl2sql_feedback_spa_form.tgz 
 # WebSDK should be included in VBCS Applications
 /oda/websdk-apache-deploy/
 
@@ -101,18 +108,14 @@ clientApp/autoprompt/semantic_suggest_runbook.md
 deployment-docs/docs/deployment/nginx.md
 
 deployment-docs/docs/deployment/terraform_p.md
-deployment-docs/docs/deployment/trust-service.c.md 
-deployment-docs/docs/deployment/trust-ui.md  
-deployment-docs/docs/deployment/trust-service.md 
+
 deployment-docs/docs/deployment/let_s_encrypt.md 
 deployment-docs/docs/deployment/let_s_encrypt_orig.md
 
 deployment-docs/docs/rest/    
 deployment-docs/docs/templates/
 deployment-docs/docs/logging.md
 
-deployment-docs/docs/deployment/apex-trust.md
-deployment-docs/docs/deployment/apex-trust-lb.md
 
 # File with reference to orahub repo 
 deployment-docs/mkdocs.yml
@@ -143,37 +146,16 @@ deployment-docs/mkdocs.yml
 # Sensitive info 
 /promotion/
 
-# Adding entire rest trust directory for now, since there's a dependency on dotmap 
-# can maybe add delta review for next release
-rest/
-
 # Random IPs 
 /rest/nl2sql-trust/conf/dev_trust_config.json 
-/rest/nl2sql-trust/conf/metadata_v2.json
-#/rest/nl2sql-trust/conf/trust_config.json # added placeholders for sensitive info
 
-# Sensitive info 
-/rest/nl2sql-trust/helpers/config_json_helper.py
-/rest/nl2sql-trust/helpers/config_json_helper.py
-
-# Reference to genai dedicated cluster 
-/rest/nl2sql-trust/helpers/finetune_helper.py
-
-# Couldn't find any reference upon first glance, but I imagine there might be if finetune helper has a reference 
-/rest/nl2sql-trust/helpers/finetune_db.py
-
-# Reference to OCIDs
-/rest/nl2sql-trust/helpers/llm_helper.py
-#/rest/nl2sql-trust/helpers/oci_helper_boostrap.py # cleaned up sensitive info 
-/rest/nl2sql-trust/helpers/oci_helper_json.py
+#/rest/nl2sql-trust/conf/trust_config.json # added placeholders for sensitive info
 
 /rest/nl2sql-trust/helpers/test_ca_creation.json 
 
 # wallet
 /rest/nl2sql-trust/wallet/
 
-# Do we need this ? 
-/rest/nl2sql-trust/htmlcov
 
 # keys 
 /rest/nl2sql-trust/openssl/
@@ -230,8 +212,9 @@ rest/
 /rest/script/find_by_freeform.bash
 /rest/script/find_by_tags.bash 
 
-# log file 
-/rest/script/nl2sql_trust_rest.log 
+# log files
+*.log
+*.out
 
 # sensitive info 
 /rest/script/os_upload.bash

README.md

@@ -8,56 +8,52 @@ Oracle AskData is a conversational AI platform powered by Oracle Generative AI.
 
 The solution empowers both non-technical users and SQL experts by simplifying complex queries and freeing up time for deeper analysis and decision-making.
 
-
 ## Getting Started
 Please see the [Introduction](deployment-docs/docs/deployment/introduction.md) & [Architecture](deployment-docs/docs/deployment/architecture.md) 
 
-For policies see [Defining Policies](deployment-docs/docs/deployment/generic.md#dynamic-groups)
+For policies see [Defining Policies](deployment-docs/docs/deployment/generic.md#dynamic-groups).
+
+This solution is broken down into two separate apps, business and trust. It's recommended to start with the business app then build the trust app. 
 
 ### Prerequisites
+
 The CIS Landing Zone is optional but helps with providing a sandbox environment with best practices
 
 - [Deploy CIS LZ](deployment-docs/docs/deployment/landing_zone.md)
 
-
 This solution assumes you have access to an OCI tenancy with the admin ability to provision the following resources: 
 
-- IDCS/IAM Confidential App 
-    - [Deploy IAM App](deployment-docs/docs/deployment/business_idcs.md)
-- Vault
-    - [Deploy Vault](deployment-docs/docs/deployment/vault.md)
-- Business (Client) ADB database
-    - [Deploy Database](deployment-docs/docs/deployment/database.md)
-- Trust ADB database
-    - [Deploy Database](deployment-docs/docs/deployment/database.md)
-- OCI Cache 
-    - [Deploy OCI Cache Cluster](https://docs.oracle.com/en-us/iaas/Content/ocicache/createcluster.htm#top) 
-- VCN 
-    - Private Subnet
-    - Public Subnet 
-    - [Deploy a VCN](https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/quickstartnetworking.htm#Virtual_Networking_Quickstart)
-- Two VMs
-    - Engine 
-        - [Deploy Engine Documentation](deployment-docs/docs/deployment/nl2sql_engine.md)
-    - Bastion/jump host
-        - To access engine in private subnet
-- API Gateway
-    - [Deploy API Gateway](deployment-docs/docs/deployment/business_api_gateway.md)
-    - (Optional) If deploying API Gateway privately, see [ADW API Gateway Private Access](deployment-docs/docs/deployment/adw_private.md)
-- VBCS 
-    - [Deploy VBCS](deployment-docs/docs/deployment/VBCS.md)
-- ODA
-    - [Deploy ODA](deployment-docs/docs/deployment/oda.md)
-## Deployment Steps
-
-1. Configure Business DB
-2. Configure Trust DB
-3. Configure IDCS App
-4. Configure OCI Cache
-4. Configure Engine 
-5. Configure API Gateway
-6. Configure ODA Skills
-7. Configure VB Apps 
+### Business App
+
+#### Deployment Steps
+
+1. [Deploy Business Database](deployment-docs/docs/deployment/database.md)
+2. [Deploy Trust Database](deployment-docs/docs/deployment/database.md)
+3. [Deploy Business IAM App](deployment-docs/docs/deployment/business_idcs.md)
+4. [Deploy OCI Cache Cluster](https://docs.oracle.com/en-us/iaas/Content/ocicache/createcluster.htm#top)
+5. [Deploy VCN](https://docs.oracle.com/en-us/iaas/Content/Network/Tasks/quickstartnetworking.htm#Virtual_Networking_Quickstart)
+6. [Deploy Engine Documentation](deployment-docs/docs/deployment/nl2sql_engine.md)
+7. [Deploy Vault](deployment-docs/docs/deployment/vault.md)
+8. [Deploy Business API Gateway](deployment-docs/docs/deployment/business_api_gateway.md)
+    - (Optional) If deploying API Gateway privately, see [ADW API Gateway Private Access](deployment-docs/docs/deployment/adw_private_config.md)
+9. [Deploy ODA](deployment-docs/docs/deployment/oda.md)
+10. [Deploy VBCS](deployment-docs/docs/deployment/VBCS.md)
+
+### Trust App 
+
+[Trust Service Overview](deployment-docs/docs/deployment/trust-service-overview.md)
+
+#### Deployment Steps 
+
+1. [Deploy Trust VM](deployment-docs/docs/deployment/trust-service.c.md)
+2. [Deploy IDCS/IAM APEX App](https://docs.oracle.com/en/learn/apex-identitydomains-sso/index.html#task-3-create-a-new-web-credential-in-your-oracle-apex-workspace)
+    - (Required) For IDCS security to the API Gateway, in addition to above configure the following: 
+        - Client Credentials: Enabled
+        - Allowed operations: Introspect
+3. [Deploy Trust API Gateway](deployment-docs/docs/deployment/trust-api-gateway.md)
+4. [Deploy APEX](deployment-docs/docs/deployment/apex-trust.md)
+    - (Optional) For using a private ADW with APEX, see [Configure Private ADW ACL](deployment-docs/docs/deployment/apex-private-adw-lb.md)
+    - (Optional) If using a private ADW, see [Deploy Private ADB Load Balancer](deployment-docs/docs/deployment/apex-private-adw-lb.md)
 
 ### Validation 
 

clientApp/ConfigFile.properties

@@ -7,27 +7,28 @@ file.level=DEBUG
 console.level=DEBUG
 logs.path=./logs
 [FeatureFlags]
+feature.dynamicprompt=true
 feature.explain=false
 feature.intent=false
 feature.llmgraphcheck=false
+feature.chatgraph=false
 [security]
 anonymous.flag=true
 [DatabaseSection]
-#database.user=ttech
-database.user=nl2sql_app_data
-database.password=<client-database-pw>
-database.dsn=<client-database-dsn>
-database.config=<client-db-path>
-database.walletpsswd=<client-db-wallet-pw>
+database.user=xxx
+database.password_secret =ocid1.vaultsecret.oc1.us-chicago-1.xxx
+database.dsn=askdataclientdb_medium
+database.config=./clientdb
+database.walletpsswd=xxx
 database.debug=Y
 database.rbac=N
 [KeySection]
 key.llm=notused
 key.searchapi=notused
 token=notused
 [RedisSection]
-redis.url=<rediss://xyz.redis.us-chicago-1.oci.oraclecloud.com>:6379
-url=<xyz>.redis.us-chicago-1.oci.oraclecloud.com
+redis.url=rediss://xxx.redis.us-chicago-1.oci.oraclecloud.com:6379
+url=xxx.redis.us-chicago-1.oci.oraclecloud.com
 port=6379
 [GenAISQLGenerator]
 sql.dialect=Oracle
@@ -38,22 +39,20 @@ filter.upn=notused
 filter.ignoreupntablelist=notused
 [vbcs]
 # endpoint url should be the root e.g. endpoint.url=https://<your-vb>.oraclecloud.com/ic/builder/rt/
-endpoint.url=<vbcs-endpoint-url>
+endpoint.url=https://vb-xxx.builder.us-chicago-1.ocp.oraclecloud.com/ic/builder/rt/
 # graph url should be relative to endpoint url e.g. <your-graph-app>/1.0/webApps/nl2sql_interactivegraph/
-graph_app.url=<graph-app-url>
+graph_app.url=interactive_graph_app_v2/1.0/webApps/nl2sql_interactivegraph/
 # table graph should also be relative
-idata_app.url=<table-graph-url>
+idata_app.url=table_graph_app_v2/1.0/webApps/dynamictabledata/
 [OCI]
-#Sao Paulo
-#serviceendpoint.url=https://inference.generativeai.sa-saopaulo-1.oci.oraclecloud.com
 #Scenario2
 # DAC or DS or GAI
 serviceendpoint.active=GAI
 serviceendpoint.ds_endpt=<service-endpoint-url>
 serviceendpoint.ds_model=<service-endpoint-ds-model>
 serviceendpoint.url=https://inference.generativeai.us-chicago-1.oci.oraclecloud.com
-serviceendpoint.ocid=<service-endpoint-ocid>
-serviceendpoint.model=<service-endpoint-model>
+serviceendpoint.ocid=ocid1.compartment.oc1..xxx
+serviceendpoint.model=ocid1.generativeaimodel.oc1.us-chicago-1.xxx
 serviceendpoint.dac_url=https://inference.generativeai.us-chicago-1.oci.oraclecloud.com
 serviceendpoint.dac_ocid=<comp-ocid>
 serviceendpoint.dac_endpt=<dac-endpoint-ocid>
@@ -68,10 +67,17 @@ file.embdgs=notused
 file.col_embdgs=notused
 librarymatch.threshold=0.80
 librarymatch.upperthreshold=1.0
-[DEFAULT] 
-# trust db connection
-user=xxxxxx
-password=xxxxx
-dsn= xxxxx
-wallet_location=xxxx
-wallet_password=xxxxx
+[SemanticMatch]
+semantic.enabled=true
+semantic.fetchlimit=5
+semantic.additionalhint=Use ABS only when necessary.
+semantic.scorethreshold=0.6
+[SemiTrustedPath]
+semitrusted.enabled=true
+semitrusted.fetchlimit=3
+[DEFAULT]
+user=admin
+password_secret =ocid1.vaultsecret.oc1.us-chicago-1.xxx
+dsn=askdatatrustdb_medium
+wallet_location=./trustdb
+wallet_password=xxx

clientApp/audit_logging.py

@@ -1,8 +1,7 @@
 # Copyright (c) 2021, 2025 Oracle and/or its affiliates.
 # Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl/
 
-import datetime
-from connect_vector_db import create_db_connection, load_config, close_db_connection
+from connect_vector_db import create_db_connection, load_config_db, close_db_connection
 import logging
 
 logger = logging.getLogger("app_logger")
@@ -14,7 +13,8 @@ def log_audit_test_insert(CERTIFIED_SCORE, PROMPT_TXT, SQL_QUERY, DB_RESPONSE_CO
     try:
         # Load the database configuration
         config_file = 'ConfigFile.properties'
-        db_config = load_config(config_file)
+        #db_config = load_config(config_file)
+        db_config = load_config_db('trust', config_file)
 
         # Create a database connection using the shared function
         connection = create_db_connection(db_config)