Presentation_Technical.md 8.1 KB

The current version is $Format:LocalFoodAI_lanfr144:Presentation_Technical.md:%an:%ae:%ad:%cn:%ce:%cd:%H:%D:%N$

Local Food AI - Capstone Technical Presentation

This presentation slides outline the technical architecture, development lifecycle, DevOps telemetry, and security governance of the Local Food AI clinical dietitian platform.


Slide 1: Executive Project Context & Technical Requirements

The Local Food AI system is a strictly local, privacy-first dietetics and nutrition analyzer.

Core IT Requirements:

  • 100% Privacy & Data Sovereignty: Under no circumstances can patient clinical details, medical histories, or dietitian search queries egress to cloud servers.
  • Low Latency Database Lookups: Sub-second search capabilities against the massive 24GB OpenFoodFacts dataset.
  • Lightweight Offline Inference: Deploy a fully functional, localized Large Language Model (LLM) engine capable of clinical RAG validation without external API dependency.
  • DevOps Observability: Standard SNMPv3 metrics and real-time alerts integrated into Zabbix server.

Slide 2: Platform Architecture & Technology Stack

The platform is containerized as an 8-service local Docker Compose stack running within a private, air-gapped Ubuntu network boundary.

flowchart TD
    Client["Client Browser"] -->|Port 80 HTTP| Nginx["Nginx Reverse Proxy"]
    Nginx -->|Port 8502 Proxy Pass| Streamlit["Streamlit Web Interface"]
    Streamlit -->|Port 3306 SQL| MySQL["MySQL DB Node"]
    Streamlit -->|Port 11434 API| Ollama["Ollama Engine (Llama3.2:3b)"]
    Streamlit -->|Port 8085 Search| SearXNG["SearXNG Proxy"]
    MySQL -->|Port 161 SNMPv3 Traps| Zabbix["Zabbix Server"]
    SearXNG -->|Anonymous Web Scrape| Dust["Dust Search"]

Slide 3: Database Design: Grouped Vertical Partitioning

Loading the OpenFoodFacts dataset requires bypassing InnoDB's hard limit of 1017 columns and optimizing query latency:

Partitioning Model:

  • The schema is vertically split into 5 physical tables to avoid table row size overflows:
    1. products_core (Barcode, product name, brand, energy, Nutri-Score, and FULLTEXT indices)
    2. products_allergens (Gluten, nuts, milk, mustard, etc.)
    3. products_macros (Proteins, carbohydrates, fats, sugars, fibers, salt)
    4. products_vitamins (Vitamins A, B, C, D, E, etc.)
    5. products_minerals (Calcium, iron, sodium, potassium, etc.)
  • The Unified View: A database VIEW named products executes high-performance LEFT JOIN operations across the vertical partitions.
  • Latency Optimization: Adding custom B-TREE indexes on core search fields reduced lookup times from >4.2s to <0.04s (99% reduction).

Slide 4: Local LLM Engine & RAG Configuration

We upgraded the AI capability to deliver complex medical reasoning without cloud latency.

LLM Specifications:

  • Active Model: llama3.2:3b (quantized 3-Billion parameter instruction-following model) hosted locally via Ollama.
  • Memory Footprint: Fits within a ~4.7 GB RAM envelope, running smoothly on the host workstation.
  • Structured Reasoning: Configured with a system prompt that forces XML Chain-of-Thought (CoT) processing.
  • Tool Calling Capabilities:
    • search_nutrition_db: Direct local MySQL extraction for exact nutrient records.
    • local_web_search: Direct local SearXNG metasearch lookup if the ingredient database lacks local entries.

Slide 5: Antigravity AI Subagents & Task Domains

The development lifecycle utilized specialized Antigravity models to manage distinct segments of the codebase:

  • Expert Coach: Audited codebase structure, enforced vertical database schema partitioning, and validated format header syntax rules.
  • Doc Writer: Kept all documentation, deployment runbooks, and user guides in the /docs folder synchronized with source code changes.
  • Git Commit Governance: Connected Gogs commits directly to Taiga task boards via custom Webhook APIs.
  • SQL Optimizer: Designed index strategies, FULLTEXT subqueries, and views to handle large datasets.
  • Code Review: Analyzed PRs and code modifications inside app.py and backend scripts to spot syntax errors.

Slide 6: Agent Security & Least Privilege Configuration

To protect the host development environment, the Antigravity agent was run under strict sandboxing limits:

  • File Permissions: Restricted read_file and write_file paths exclusively to the workspace folder: c:\Users\lanfr144\Documents\DOPRO1\Antigravity\Food
  • Shell Command Sandbox: Blocked system commands. Sandboxed commands allowed were: git, python, chmod, docker-compose, and Get-Content.
  • Network Permissions: Restricted URL targets exclusively to local network components:
    • Database VM host: 192.168.130.170
    • Agile tracking board: 192.168.130.161
  • Network Egress Guard: Completely blocked external DNS lookup hooks and remote file downloads.

Slide 7: Technical Reflections: Engineering Challenges

During the lifecycle, the agent resolved three significant environment conflicts:

1. Smudge Filter Regex Greediness

  • Problem: The git ident regex smudge pattern (.*?[^$]*?$) was too greedy, matching across newlines and corrupting python string literals.
  • Solution: Rewrote the pattern to be line-restricted ([^\r\n$]+\$) and split search literals in Python as string concatenations (e.g. "$Form" + "at:").

2. Smudge Filter Missing During Checkouts

  • Problem: Git checkout processes deleted the smudge python script git-ident-filter.py first, causing later file smudges to fail with FileNotFoundError.
  • Solution: Sequenced checkout commands to pull the filter script first, followed by the rest of the repository.

3. French Accent Encoding Conflicts

  • Problem: Smudged names with accents (e.g. Lange François) caused system file write errors under differing terminal codepages.
  • Solution: Implemented python files sanitizer scripts to open streams with errors='replace' and force UTF-8 writes.

Slide 8: Enterprise Observability & SNMPv3 Alerts

We configured an agentless and agent-based telemetry system using Zabbix:

Telemetry Pipeline:

  1. SNMPv3 User Configuration: Established a secure user securityUser utilizing SHA authentication and AES encryption.
  2. Telemetry Daemon (zabbix_telemetry.py): Runs as a daemon querying active databases, app states, and system memory.
  3. Application Trap Notifications (snmp_notifier.py): The Streamlit interface automatically emits encrypted SNMPv3 traps on crucial security events (failed logins, password resets, heavy queries).
  4. Alert Channels: Connected Zabbix triggers directly to team alert webhooks (Microsoft Teams/Discord) and SMTP mail relays.

Slide 9: Data Privacy Audit & Air-Gap Verification

We verified that zero client details or dietary profile records leave the local subnet boundary:

Verification Audit Steps:

  1. Proxy Audit: Nginx logs verified that all HTTP queries were originating from internal network ranges (such as 192.168.1.50).
  2. Database Isolation: The MySQL container has no external port mapping to public networks. It communicates exclusively via Docker bridge networks.
  3. Anonymized Queries: External lookups route through the local SearXNG proxy, stripping identifying tags and tracking cookies.
  4. Active Traffic Sniffing: Ran tcpdump during active clinician sessions:

    tcpdump -i eth0 dst port not 80 and dst port not 22 and dst port not 161
    

    No packet transmission was detected outbound from the server, confirming absolute privacy.


Slide 10: Day 2 Operations & Future Milestones

The current stable state serves as the starting point for ongoing maintenance operations:

  • SSL/TLS Encryption: Upgrade the Nginx configuration to support HTTPS (Port 443) using internal certificate authorities.
  • Database Schema Migrations: Maintain Alembic scripts to version control new patient profile tables.
  • Rate Limiting: Add a sliding-window request throttling algorithm in app.py to prevent denial-of-service attempts.
  • UAT Feedback Integration: Regularly integrate dietitians' feedback on warning flags to refine warning rules.