Security and Production Q&A
Questions about the security model, CAS pointer publish, snapshot path, and realistic production state.
Security and Production Q&A
Finnish counterpart: Security and Production Q&A
What happens in the live product right now?
Likely question
How does the current live product actually work?
Short answer
The homepage uses a published public snapshot, all news uses a history snapshot, and the research view exposes pipeline and audit paths.
Longer answer
The homepage shows:
- the lead signal
- briefing cards
- source confirmation / consensus level
- a modal where source-backed evidence and audit context are visible
The archive uses a separate history snapshot:
db/public/api-news-history.json- compact list payload for list view
- detail endpoint for a single signal
- limit + offset pagination
What is CAS pointer publish?
Likely question
How is publication safety solved?
Short answer
Publication safety is based on conditional updates of the pointer object, not on simple last-write-wins behavior.
Longer answer
The controls used are:
pointerKeyexpectedGenerationETag guardconditional writehealth check
What to emphasize
- it prevents silent pointer race conditions
- it makes the publish event explicit
- it enables rollback without in-place mutation of the base object
Why separate snapshot path and live JDBIN path?
Likely question
If JDBIN is the canonical layer, why does the UI use snapshots?
Short answer
Because the snapshot path makes the public UI fast and stable, while the live JDBIN path makes the storage layer auditable, versioned, and queryable.
Longer answer
The presentation’s own boundary is important:
- the default frontend request path is not a live JDBIN query
- the default frontend request path is snapshot-first JSON delivery
- JDBIN/JDBON acts as the canonical store + publish engine
What is realistically finished?
Likely question
What is actually complete right now?
Short answer
Worker + R2 live, the research corpus pipeline, the AI editorial pipeline, the JDBIN/JDBON write path, the public snapshot path, the archive snapshot path, and consensus v1.1 all exist in practice.
Longer answer
The presentation’s own “ready now” table means:
- the system runs on Cloudflare, not just locally
- raw articles, story clusters, and research snapshots exist
- Claude + OpenAI + grounding + publish gate are in use
- base, deltas, manifest, pointer, and retention logic exist
What is not finished yet?
Likely question
Where are the current limits?
Short answer
JDBIN is not a general SQL engine, the query VM is not yet a broad execution layer, the live hot path is not yet light enough, and editorial quality does not emerge from storage architecture alone.
Longer answer
The most important unfinished areas in the presentation are:
- not a general SQL engine
- the query VM is not yet a broad standalone execution layer
- the compression track is not broadly production-benchmarked
- consensus does not yet do claim-level fact checking
- the live hot path is not yet light enough without extra materialization
- editorial quality still needs better briefing logic and editorial control