From 4f04f11d89fea07fa6ab357e4bf9a67ba33a96f2 Mon Sep 17 00:00:00 2001 From: Lior Date: Mon, 25 May 2026 02:51:25 -0400 Subject: [PATCH] feat(hindsight): wire real vectorize-io OCI Helm chart MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hindsight identified as vectorize-io/hindsight — agent persistent memory system with built-in Hermes integration. The chart is published as an OCI image at ghcr.io/vectorize-io/charts/hindsight. Per https://hindsight.vectorize.io/sdks/integrations/hermes : Hermes ships with 8 external memory provider plugins including Hindsight. Hindsight automatically recalls relevant context before every LLM call + retains conversations + provides explicit retain/recall/reflect tools. Application.yaml changes: - repoURL: ghcr.io/vectorize-io/charts (OCI) - chart: hindsight - targetRevision: 0.3.0 - postgresql.enabled: true (bundled; longhorn-backed 20Gi; swap to external CockroachDB once that Application is healthy) - api.llm.{provider,existingSecret}: groq + hindsight-llm-api-key Secret (Vault-backed via ExternalSecret — no plaintext API key in Git) - service.{type,port}: ClusterIP / 80 → Hermes' HINDSIGHT_URL=http://hindsight.hindsight.svc.cluster.local already points at this service+namespace - syncPolicy.prune: false — memory store is precious Removed full-ai-cluster/k8s/applications/hindsight/namespace.yaml — the Helm chart creates the namespace via CreateNamespace=true sync option, so the standalone placeholder is no longer needed. README: - Tree entry updated: "vectorize-io OCI chart" (was "chart URL TBD") - "Component status" section: Hindsight moved from "❓ Awaiting maintainer input" to "✅ wired" with chart + values summary Co-Authored-By: Claude Opus 4.7 (1M context) --- full-ai-cluster/README.md | 11 +-- .../applications/hindsight/Application.yaml | 84 ++++++++++++------- .../k8s/applications/hindsight/namespace.yaml | 10 --- 3 files changed, 59 insertions(+), 46 deletions(-) delete mode 100644 full-ai-cluster/k8s/applications/hindsight/namespace.yaml diff --git a/full-ai-cluster/README.md b/full-ai-cluster/README.md index e426202f79..5f3a94e638 100644 --- a/full-ai-cluster/README.md +++ b/full-ai-cluster/README.md @@ -52,7 +52,7 @@ full-ai-cluster/ ├── argo-rollouts/ ← progressive delivery ├── longhorn/ ← distributed block storage ├── cockroachdb/ ← distributed SQL - ├── hindsight/ ← agent persistent memory for Hermes (chart URL TBD) + ├── hindsight/ ← agent persistent memory for Hermes (vectorize-io OCI chart) ├── oz/ ← OpenZiti zero-trust overlay ├── hermes/ ← custom AI agent (cloud LLMs via SOPS-baked keys, OZ transport, Hindsight memory) ├── ollama/ ← LLM serving (option A — local — DEFERRED, manual-sync) @@ -204,10 +204,11 @@ Add new `nixosConfigurations.` entries to `flake.nix` as needed. in the tree at `replicas: 0` so the topology is preserved. Bump replicas + rebuild Hermes against local endpoints when the local-models phase comes back online. -- ❓ Awaiting maintainer input: - - **Hindsight** — confirmed as standalone helm chart for agent - persistent memory for Hermes. `Application.yaml` has TODO - awaiting `repoURL` + chart name + version. +- ✅ **Hindsight** wired: vectorize-io OCI Helm chart at + `ghcr.io/vectorize-io/charts/hindsight` v0.3.0. Bundled + PostgreSQL by default (longhorn-backed); swap to external + CockroachDB once that Application is healthy. LLM key sourced + from a Vault-backed ExternalSecret (`hindsight-llm-api-key`). ## Secrets diff --git a/full-ai-cluster/k8s/applications/hindsight/Application.yaml b/full-ai-cluster/k8s/applications/hindsight/Application.yaml index defa46109a..9039552434 100644 --- a/full-ai-cluster/k8s/applications/hindsight/Application.yaml +++ b/full-ai-cluster/k8s/applications/hindsight/Application.yaml @@ -1,15 +1,9 @@ -# Hindsight — agent persistent memory system for Hermes. -# Standalone Helm chart deployed via ArgoCD. +# Hindsight (vectorize-io) — agent persistent memory system for Hermes. +# Real chart wired: OCI Helm chart at ghcr.io/vectorize-io/charts/hindsight. # -# TODO(maintainer): provide the Helm chart URL + chart name + version. -# Confirm which Hindsight chart this refers to: -# - public OSS chart (helm repo URL) -# - private chart (repoURL + auth) -# - in-repo chart (sibling repo URL + path) -# -# Once repoURL + chart name + version are provided, this Application -# wires up directly. Until then, this placeholder declares the -# namespace + intent so the structure is in place. +# Pairs with hermes/Application.yaml — Hermes' deployment.yaml +# sets `HINDSIGHT_URL=http://hindsight.hindsight.svc.cluster.local` +# which matches this Application's namespace + chart-default service name. apiVersion: argoproj.io/v1alpha1 kind: Application @@ -20,27 +14,55 @@ metadata: spec: project: default source: - # TODO(maintainer): replace with the real Helm repo + chart name. - # Example shape: - # repoURL: https://your-org.github.io/hindsight-chart/ - # chart: hindsight - # targetRevision: 1.0.0 - # helm: - # releaseName: hindsight - # valuesObject: - # persistence: - # storageClass: longhorn - # size: 20Gi - # hermesIntegration: - # enabled: true - repoURL: https://github.com/Lucent-Financial-Group/Zeta - targetRevision: main - path: full-ai-cluster/k8s/applications/hindsight - directory: - include: 'namespace.yaml' + repoURL: ghcr.io/vectorize-io/charts + chart: hindsight + targetRevision: 0.3.0 # bump to latest as vectorize-io publishes + helm: + releaseName: hindsight + valuesObject: + # Bundled PostgreSQL for storage. Swap to false + + # api.database.url for an external CockroachDB/Postgres + # backing store once the cluster's CockroachDB Application + # is healthy. + postgresql: + enabled: true + primary: + persistence: + storageClass: longhorn + size: 20Gi + + api: + # LLM provider Hindsight uses for its own entity/relation + # extraction (separate from Hermes' LLM choice). Sourced + # from a Vault-backed ExternalSecret rather than hardcoded. + llm: + provider: groq # change per maintainer preference + existingSecret: + name: hindsight-llm-api-key + key: api-key + + # Database URL inferred from bundled postgresql above when + # `postgresql.enabled: true`. Override here for external + # CockroachDB: + # database: + # url: postgresql://hindsight:$(PG_PASSWORD)@cockroachdb-public.cockroachdb.svc.cluster.local:26257/hindsight?sslmode=require + # existingSecret: + # name: hindsight-db-credentials + # passwordKey: password + + # Service for Hermes to reach Hindsight at: + # http://hindsight.hindsight.svc.cluster.local + service: + type: ClusterIP + port: 80 + destination: server: https://kubernetes.default.svc namespace: hindsight syncPolicy: - automated: { prune: false, selfHeal: true } - syncOptions: [ CreateNamespace=true, ServerSideApply=true ] + automated: + prune: false # never prune — memory store is precious + selfHeal: true + syncOptions: + - CreateNamespace=true + - ServerSideApply=true diff --git a/full-ai-cluster/k8s/applications/hindsight/namespace.yaml b/full-ai-cluster/k8s/applications/hindsight/namespace.yaml deleted file mode 100644 index 25ba85ad9a..0000000000 --- a/full-ai-cluster/k8s/applications/hindsight/namespace.yaml +++ /dev/null @@ -1,10 +0,0 @@ -# Namespace placeholder. Replaced by real Hindsight manifests -# once the chart URL is provided. - -apiVersion: v1 -kind: Namespace -metadata: - name: hindsight - labels: - app.kubernetes.io/part-of: zeta - zeta.io/integrates-with: hermes