feat: Add Oghma RAG Proxy for SkyrimNet lore injection

RAG proxy that intercepts SkyrimNet LLM requests and enriches them with relevant Tamrielic lore from CHIM's Oghma Infinium database. Features: - FastAPI proxy compatible with OpenAI API - ChromaDB semantic search for lore retrieval - NPC profile extraction from SkyrimNet prompts - Google Sheets ingestion for CHIM's Oghma data - Kubernetes deployment manifests - Debug endpoint for RAG operation monitoring Collections ingested to iris-dev ChromaDB: - oghma_lore: 1951 entries (scholar knowledge) - oghma_basic: 1949 entries (commoner knowledge) - oghma_visual: 1151 entries (Omnisight perception) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-03-30 23:22:46 +02:00
parent 62dcee5fbf
commit 3926ab676f
20 changed files with 2367 additions and 0 deletions
--- a/oghma-proxy/k8s/configmap.yaml
+++ b/oghma-proxy/k8s/configmap.yaml
@@ -0,0 +1,50 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: oghma-proxy-config
+  namespace: nimmersky
+  labels:
+    app.kubernetes.io/name: oghma-proxy
+    app.kubernetes.io/part-of: nimmerverse
+data:
+  config.yaml: |
+    proxy:
+      host: 0.0.0.0
+      port: 8100
+      workers: 1
+
+    upstream:
+      # Configure via secret or environment variables
+      url: ${UPSTREAM_URL}
+      timeout: 120
+      stream_timeout: 300
+
+    chromadb:
+      # ChromaDB service - adjust based on your deployment
+      # Option 1: External (iris-dev VM)
+      host: iris-dev.eachpath.local
+      port: 35000
+      # Option 2: In-cluster ChromaDB
+      # host: chromadb.nimmersky.svc.cluster.local
+      # port: 8000
+      collection_lore: oghma_lore
+      collection_basic: oghma_basic
+
+    retrieval:
+      max_results: 5
+      min_score: 0.55
+      embedding_model: all-MiniLM-L6-v2
+
+    injection:
+      enabled: true
+      position: after_bio
+
+    logging:
+      level: INFO
+      format: json
+      log_injections: true
+
+    cache:
+      enabled: true
+      ttl_seconds: 300
+      max_size: 1000
--- a/oghma-proxy/k8s/deployment.yaml
+++ b/oghma-proxy/k8s/deployment.yaml
@@ -0,0 +1,108 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: oghma-proxy
+  namespace: nimmersky
+  labels:
+    app.kubernetes.io/name: oghma-proxy
+    app.kubernetes.io/part-of: nimmerverse
+    app.kubernetes.io/component: inference-proxy
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: oghma-proxy
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: oghma-proxy
+        app.kubernetes.io/part-of: nimmerverse
+      annotations:
+        prometheus.io/scrape: "true"
+        prometheus.io/port: "8100"
+        prometheus.io/path: "/metrics"
+    spec:
+      serviceAccountName: oghma-proxy
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        fsGroup: 1000
+
+      containers:
+        - name: oghma-proxy
+          image: registry.eachpath.local/nimmerverse/oghma-proxy:latest
+          imagePullPolicy: Always
+
+          ports:
+            - name: http
+              containerPort: 8100
+              protocol: TCP
+
+          env:
+            - name: OPENROUTER_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: oghma-proxy-secrets
+                  key: OPENROUTER_API_KEY
+            - name: UPSTREAM_URL
+              valueFrom:
+                secretKeyRef:
+                  name: oghma-proxy-secrets
+                  key: UPSTREAM_URL
+
+          volumeMounts:
+            - name: config
+              mountPath: /app/config.yaml
+              subPath: config.yaml
+              readOnly: true
+
+          resources:
+            requests:
+              memory: "256Mi"
+              cpu: "100m"
+            limits:
+              memory: "512Mi"
+              cpu: "500m"
+
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 30
+            timeoutSeconds: 5
+            failureThreshold: 3
+
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 10
+            timeoutSeconds: 3
+            failureThreshold: 3
+
+      volumes:
+        - name: config
+          configMap:
+            name: oghma-proxy-config
+
+      # Prefer scheduling near inference workloads
+      affinity:
+        podAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 100
+              podAffinityTerm:
+                labelSelector:
+                  matchLabels:
+                    app.kubernetes.io/component: inference
+                topologyKey: kubernetes.io/hostname
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: oghma-proxy
+  namespace: nimmersky
+  labels:
+    app.kubernetes.io/name: oghma-proxy
--- a/oghma-proxy/k8s/kustomization.yaml
+++ b/oghma-proxy/k8s/kustomization.yaml
@@ -0,0 +1,22 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: nimmersky
+
+resources:
+  - namespace.yaml
+  - configmap.yaml
+  - secret.yaml
+  - deployment.yaml
+  - service.yaml
+
+commonLabels:
+  app.kubernetes.io/managed-by: kustomize
+  app.kubernetes.io/part-of: nimmerverse
+
+images:
+  - name: registry.eachpath.local/nimmerverse/oghma-proxy
+    newTag: latest
+
+# For production, use overlays:
+# kustomize build k8s/overlays/production | kubectl apply -f -
--- a/oghma-proxy/k8s/namespace.yaml
+++ b/oghma-proxy/k8s/namespace.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: nimmersky
+  labels:
+    app.kubernetes.io/part-of: nimmerverse
+    app.kubernetes.io/component: gaming
--- a/oghma-proxy/k8s/secret.yaml
+++ b/oghma-proxy/k8s/secret.yaml
@@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: oghma-proxy-secrets
+  namespace: nimmersky
+  labels:
+    app.kubernetes.io/name: oghma-proxy
+    app.kubernetes.io/part-of: nimmerverse
+type: Opaque
+stringData:
+  # Replace with actual values or use external secret management
+  OPENROUTER_API_KEY: "your-openrouter-api-key-here"
+  UPSTREAM_URL: "https://openrouter.ai/api/v1"
+
+---
+# Alternative: Use ExternalSecret with Vault/Vaultwarden
+# apiVersion: external-secrets.io/v1beta1
+# kind: ExternalSecret
+# metadata:
+#   name: oghma-proxy-secrets
+#   namespace: nimmersky
+# spec:
+#   refreshInterval: 1h
+#   secretStoreRef:
+#     name: vault-backend
+#     kind: ClusterSecretStore
+#   target:
+#     name: oghma-proxy-secrets
+#   data:
+#     - secretKey: OPENROUTER_API_KEY
+#       remoteRef:
+#         key: nimmerverse/skyrimnet
+#         property: openrouter_api_key
--- a/oghma-proxy/k8s/service.yaml
+++ b/oghma-proxy/k8s/service.yaml
@@ -0,0 +1,39 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: oghma-proxy
+  namespace: nimmersky
+  labels:
+    app.kubernetes.io/name: oghma-proxy
+    app.kubernetes.io/part-of: nimmerverse
+spec:
+  type: ClusterIP
+  selector:
+    app.kubernetes.io/name: oghma-proxy
+  ports:
+    - name: http
+      port: 8100
+      targetPort: http
+      protocol: TCP
+
+---
+# Optional: Expose externally via LoadBalancer or NodePort
+# for SkyrimNet running on gaming PC outside the cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: oghma-proxy-external
+  namespace: nimmersky
+  labels:
+    app.kubernetes.io/name: oghma-proxy
+    app.kubernetes.io/part-of: nimmerverse
+spec:
+  type: NodePort
+  selector:
+    app.kubernetes.io/name: oghma-proxy
+  ports:
+    - name: http
+      port: 8100
+      targetPort: http
+      nodePort: 30100  # Access via <node-ip>:30100
+      protocol: TCP