docs: top-notch README (banner, story diagrams, screenshots) + ingest hardening

[hallelx2]

Rewrites the README for launch and hardens ingest under concurrency.

• README: generated brand banner, how-it-works + vs-rag story SVGs, install/terminal + dashboard screenshots, Docker quick-start, BYOK, API table, SDK + benchmark (methodology) sections.
• Ingest: widen getSourceWithRetry (~16s) so large sources survive heavy concurrent ingestion; UI Ask gracefully falls back to the server key when no BYOK key is set.

Build + vet clean; ingest + api tests pass.

Summary by Sourcery

Revise the README for launch with clearer positioning, quick-start Docker instructions, BYOK, API/SDK/benchmark sections, and updated visuals while hardening ingest under concurrent load and making the UI Ask flow gracefully handle missing API keys.

Enhancements:

• Rewrite the README to focus on high-level value, add story diagrams, screenshots, Docker quick start, BYOK explanation, API table, SDK references, and benchmark methodology.
• Relax ingest source retrieval timing with a longer, incremental backoff window so large documents remain robust under heavy concurrent ingestion.
• Update the local app Ask behavior to fall back to prompting for an API key only when the backend reports missing LLM credentials instead of preemptively blocking.

Documentation:

• Overhaul the README with a new banner, architecture and comparison diagrams, screenshots, clearer getting-started flow, HTTP API table, SDK usage examples, benchmark description, and configuration guidance.

Summary by CodeRabbit

• Documentation

  • Restructured README with improved quick-start guide, "How it works" section, and architecture documentation
  • Added comprehensive SDK documentation and benchmark examples

• Improvements

  • Enhanced error handling with clearer messaging for missing API keys and request failures

[sourcery-ai]

Reviewer's Guide

Major README rewrite for launch (new visuals, clearer narrative, quick-start/Docker/BYOK/API/SDK/benchmark sections) plus ingest robustness under concurrent load and a more graceful BYOK UX in the local UI.

Sequence diagram for BYOK Ask flow and fallback to server key

sequenceDiagram
  actor User
  participant BrowserUI
  participant EngineAPI

  User->>BrowserUI: Click Ask
  BrowserUI->>BrowserUI: ask()
  BrowserUI->>EngineAPI: POST /v1/answer/treewalk
  activate EngineAPI

  alt BYOK header present (X-LLM-Api-Key)
    EngineAPI-->>BrowserUI: 200 answer
    BrowserUI->>BrowserUI: renderResult()
  else No BYOK header
    alt Server LLM key configured
      EngineAPI-->>BrowserUI: 200 answer
      BrowserUI->>BrowserUI: renderResult()
    else No LLM credentials
      EngineAPI-->>BrowserUI: 4xx { error: "no LLM credentials" }
      deactivate EngineAPI
      BrowserUI->>BrowserUI: ask() error handling
      BrowserUI->>BrowserUI: openSettings()
      BrowserUI->>BrowserUI: setStatus "Set your API key to ask questions."
    end
  end

Loading

Sequence diagram for getSourceWithRetry ingest backoff changes

sequenceDiagram
  participant Pipeline
  participant Storage

  Pipeline->>Pipeline: getSourceWithRetry(ctx, storage, key)
  loop Up to 16 attempts
    Pipeline->>Storage: Get(ctx, key)
    alt Get succeeds
      Storage-->>Pipeline: io.ReadCloser, Metadata, nil
      Pipeline-->>Pipeline: return source and break
    else err is storage.ErrNotFound
      Storage-->>Pipeline: _, _, ErrNotFound
      Pipeline->>Pipeline: incremental backoff (125ms * (i+1))
    else other error
      Storage-->>Pipeline: _, _, err
      Pipeline-->>Pipeline: return err and break
    end
  end
  alt All attempts exhausted
    Pipeline-->>Pipeline: return lastErr
  end

Loading

File-Level Changes

Change	Details	Files
Rewrite README to focus on launch-ready messaging, quick start, architecture, BYOK, APIs, SDKs, and benchmarks, with new diagrams and screenshots.	Replace hero image with new banner and adjust tagline for the Vectorless product name and positioning. Reorganize top-of-file navigation to emphasize quick start, how it works, vector RAG comparison, API, SDKs, benchmarks, and configuration. Replace the old long-form sections (Why, Architecture, Roadmap, detailed feature list) with a more product-style narrative: Docker quick start, run-from-source instructions, how-it-works overview, and why-not-vector-RAG comparison. Add new visual assets references (how-it-works.svg, vs-rag.svg, new screenshots) and remove or de-emphasize older diagrams and roadmap imagery. Document BYOK semantics (per-request headers, dashboard-based key storage) and clarify support for Anthropic-compatible gateways, including GLM/Z.ai base URL requirements. Condense and update configuration docs, including an example YAML focused on minimal setup and GLM defaults. Add sections for HTTP API, SDKs, benchmarks methodology (FinanceBench, harness usage), supported formats, and related projects; remove or trim previous project layout, roadmap, and contribution details.	README.md docs/images/how-it-works.svg docs/images/vs-rag.svg docs/images/banner.png docs/images/screenshot-install.png docs/images/screenshot-dashboard.png
Harden ingest pipeline source retrieval under concurrent load by extending retry behavior for eventually-consistent or slow storage backends.	Increase the maximum retry attempts in getSourceWithRetry to widen the time window before treating a source as permanently missing. Adjust the backoff interval per attempt to maintain an overall ~16-second backoff window while reducing the per-step delay. Clarify behavior via comments, explaining that large multi-MB sources on busy or low-disk filesystems may take several seconds to become visible and that this change aims to avoid transient not-found failures in those cases.	pkg/ingest/ingest.go
Improve local UI Ask behavior so it gracefully prompts for an API key and surfaces more specific credential errors instead of failing generically.	Remove the upfront client-side guard that blocked Ask when no API key was set, allowing the call to go through and rely on server response for credential checks. Update Ask request error handling to specially detect missing-credentials errors (e.g., messages mentioning missing LLM credentials or X-LLM-Api-Key) and, in that case, open the settings panel with a targeted warning message asking the user to set an API key. Keep generic error rendering for non-credential-related failures, ensuring other server errors still surface in the result panel.	localapp/index.html

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c2c169e2-9e11-4afc-ad50-84fbc21e36f3

📥 Commits

Reviewing files that changed from the base of the PR and between 678a7a3 and 9ce0571.

⛔ Files ignored due to path filters (5)

• docs/images/banner.png is excluded by !**/*.png
• docs/images/how-it-works.svg is excluded by !**/*.svg
• docs/images/screenshot-dashboard.png is excluded by !**/*.png
• docs/images/screenshot-install.png is excluded by !**/*.png
• docs/images/vs-rag.svg is excluded by !**/*.svg

📒 Files selected for processing (3)

• README.md
• localapp/index.html
• pkg/ingest/ingest.go

---

📝 Walkthrough

Walkthrough

Three independent changes: getSourceWithRetry in the ingest package increases max retry attempts from 6 to 16 and reduces per-step sleep from 150 ms to 125 ms per attempt; ask() in the local app replaces an upfront API-key guard with response-payload-based error routing; and the README is substantially rewritten with new BYOK, API route table, SDK, Benchmark, Architecture, and configuration sections.

Changes

Runtime behavior changes

Layer / File(s)	Summary
Ingest retry attempt count and backoff adjustment pkg/ingest/ingest.go	getSourceWithRetry max attempts raised from 6 to 16; per-attempt sleep base changed from 150ms*(i+1) to 125ms*(i+1), extending the total retry window for slow concurrent object visibility.
ask() non-OK response error handling localapp/index.html	Removes the early getSettings().apiKey check before fetch. On non-OK response, parses d.error or stringified JSON, routes missing-LLM-credential patterns to open the settings modal with a status warning, and routes other errors to an error card render.

README overhaul

Layer / File(s)	Summary
Hero, nav, quick-start, how-it-works, and why-not-rag README.md (lines 2–85)	Replaces banner/badges, rewrites table of contents, updates Docker and Go 1.25 from-source quick-start instructions, condenses the ingest→navigate→read→cited how-it-works narrative, and adds a shorter why-not-vector-RAG section.
BYOK, API routes, SDKs, Benchmarks, Architecture, Config, and License README.md (lines 86–179)	Adds X-LLM-Api-Key curl example for BYOK, replaces API docs with a /v1 route table covering health, ingest, sections, answer/query/replay, adds SDK client usage, FinanceBench vlbench flow, pluggable-boundary architecture description, layered YAML config example, updated supported formats list, Related links, and simplified Apache 2.0 license link.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 Hop, hop, the retries grow tall,
From six attempts to sixteen in all!
The error card now reads the reply,
No early API-key check, oh my.
The README shines with BYOK and more —
A bunny's work improves the score! 🌟

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch halleluyaholudele/readme-and-ingest-hardening

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sourcery-ai]

Hey - I've found 3 issues, and left some high level feedback:

• The UI ask() handler now infers missing-credentials errors via string matching (/no LLM credentials|X-LLM-Api-Key/i); consider returning a structured error code or type from the backend so the client can branch on a stable signal instead of brittle message text.
• The getSourceWithRetry backoff window has been significantly widened with hardcoded constants; you might want to make the max attempts and base delay configurable (e.g., via config or env) so operators can tune ingest latency vs. resilience for their environment.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The UI `ask()` handler now infers missing-credentials errors via string matching (`/no LLM credentials|X-LLM-Api-Key/i`); consider returning a structured error code or type from the backend so the client can branch on a stable signal instead of brittle message text.
- The `getSourceWithRetry` backoff window has been significantly widened with hardcoded constants; you might want to make the max attempts and base delay configurable (e.g., via config or env) so operators can tune ingest latency vs. resilience for their environment.

## Individual Comments

### Comment 1
<location path="localapp/index.html" line_range="386-388" />
<code_context>
-    if(!r.ok){ out.innerHTML=`<div class="res card"><div class="body err">Error: ${esc(d.error||JSON.stringify(d))}</div></div>`; return; }
+    if(!r.ok){
+      const msg=d.error||JSON.stringify(d);
+      if(/no LLM credentials|X-LLM-Api-Key/i.test(msg)){
+        out.innerHTML=""; openSettings();
+        document.getElementById("setStatus").innerHTML='<span style="color:var(--warn)">Set your API key to ask questions.</span>';
+        return;
+      }
</code_context>
<issue_to_address>
**suggestion (bug_risk):** Relying on server error strings for credential detection is brittle and may cause extra round-trips.

The previous client-side `apiKey` check avoided a request and didn’t depend on specific error text. This new flow relies on matching `no LLM credentials|X-LLM-Api-Key` in the server message, which is fragile if backend wording changes and always sends a request even when we already know there’s no key. Consider restoring a lightweight client-side guard when the UI knows no key is set, or have the backend return a structured/typed error that you can check instead of regexing the message text.
</issue_to_address>

### Comment 2
<location path="localapp/index.html" line_range="387" />
<code_context>
+    if(!r.ok){
+      const msg=d.error||JSON.stringify(d);
+      if(/no LLM credentials|X-LLM-Api-Key/i.test(msg)){
+        out.innerHTML=""; openSettings();
+        document.getElementById("setStatus").innerHTML='<span style="color:var(--warn)">Set your API key to ask questions.</span>';
+        return;
</code_context>
<issue_to_address>
**suggestion:** Clearing the result area on missing-credentials errors may degrade UX by removing prior answers.

This now clears `out.innerHTML` on missing-API-key, removing any prior answer the user may still be reading. Previously we never entered the ask flow, so the last result stayed visible. Consider keeping the existing result card and only updating the settings/status UI, so going to settings doesn’t wipe the current content.
</issue_to_address>

### Comment 3
<location path="README.md" line_range="139" />
<code_context>
-  }'
-# → {"sections": [{"id":"sec_...","title":"...","content":"..."}]}
-```
+Every run writes a manifest stamped with model, hardware, library versions, and git commit, so numbers are reproducible and audit-able. Headline results are published with the launch.

-## HTTP API (v1)
</code_context>
<issue_to_address>
**issue (typo):** Use the standard spelling "auditable" instead of "audit-able".

The hyphenated form is nonstandard; please update it for consistency with typical technical usage.

```suggestion
Every run writes a manifest stamped with model, hardware, library versions, and git commit, so numbers are reproducible and auditable. Headline results are published with the launch.
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion (bug_risk): Relying on server error strings for credential detection is brittle and may cause extra round-trips.

The previous client-side apiKey check avoided a request and didn’t depend on specific error text. This new flow relies on matching no LLM credentials|X-LLM-Api-Key in the server message, which is fragile if backend wording changes and always sends a request even when we already know there’s no key. Consider restoring a lightweight client-side guard when the UI knows no key is set, or have the backend return a structured/typed error that you can check instead of regexing the message text.

[sourcery-ai]

suggestion: Clearing the result area on missing-credentials errors may degrade UX by removing prior answers.

This now clears out.innerHTML on missing-API-key, removing any prior answer the user may still be reading. Previously we never entered the ask flow, so the last result stayed visible. Consider keeping the existing result card and only updating the settings/status UI, so going to settings doesn’t wipe the current content.

[sourcery-ai]

issue (typo): Use the standard spelling "auditable" instead of "audit-able".

The hyphenated form is nonstandard; please update it for consistency with typical technical usage.

Suggested change

	Every run writes a manifest stamped with model, hardware, library versions, and git commit, so numbers are reproducible and audit-able. Headline results are published with the launch.
	Every run writes a manifest stamped with model, hardware, library versions, and git commit, so numbers are reproducible and auditable. Headline results are published with the launch.