QA Knowledge Hub

Security and Production Q&A

Questions about the security model, CAS pointer publish, snapshot path, and realistic production state.

Security and Production Q&A

Finnish counterpart: Security and Production Q&A

What happens in the live product right now?

Likely question

How does the current live product actually work?

Short answer

The homepage uses a published public snapshot, all news uses a history snapshot, and the research view exposes pipeline and audit paths.

Longer answer

The homepage shows:

  • the lead signal
  • briefing cards
  • source confirmation / consensus level
  • a modal where source-backed evidence and audit context are visible

The archive uses a separate history snapshot:

  • db/public/api-news-history.json
  • compact list payload for list view
  • detail endpoint for a single signal
  • limit + offset pagination

What is CAS pointer publish?

Likely question

How is publication safety solved?

Short answer

Publication safety is based on conditional updates of the pointer object, not on simple last-write-wins behavior.

Longer answer

The controls used are:

  • pointerKey
  • expectedGeneration
  • ETag guard
  • conditional write
  • health check

What to emphasize

  • it prevents silent pointer race conditions
  • it makes the publish event explicit
  • it enables rollback without in-place mutation of the base object

Why separate snapshot path and live JDBIN path?

Likely question

If JDBIN is the canonical layer, why does the UI use snapshots?

Short answer

Because the snapshot path makes the public UI fast and stable, while the live JDBIN path makes the storage layer auditable, versioned, and queryable.

Longer answer

The presentation’s own boundary is important:

  • the default frontend request path is not a live JDBIN query
  • the default frontend request path is snapshot-first JSON delivery
  • JDBIN/JDBON acts as the canonical store + publish engine

What is realistically finished?

Likely question

What is actually complete right now?

Short answer

Worker + R2 live, the research corpus pipeline, the AI editorial pipeline, the JDBIN/JDBON write path, the public snapshot path, the archive snapshot path, and consensus v1.1 all exist in practice.

Longer answer

The presentation’s own “ready now” table means:

  • the system runs on Cloudflare, not just locally
  • raw articles, story clusters, and research snapshots exist
  • Claude + OpenAI + grounding + publish gate are in use
  • base, deltas, manifest, pointer, and retention logic exist

What is not finished yet?

Likely question

Where are the current limits?

Short answer

JDBIN is not a general SQL engine, the query VM is not yet a broad execution layer, the live hot path is not yet light enough, and editorial quality does not emerge from storage architecture alone.

Longer answer

The most important unfinished areas in the presentation are:

  • not a general SQL engine
  • the query VM is not yet a broad standalone execution layer
  • the compression track is not broadly production-benchmarked
  • consensus does not yet do claim-level fact checking
  • the live hot path is not yet light enough without extra materialization
  • editorial quality still needs better briefing logic and editorial control

On this page