# Chapter 17 Guided Lab Reference Solution

A strong solution treats the RAG system as a governed data product rather than a chatbot wrapper. The source inventory should identify People Operations, Benefits, Security, IT Operations, and Customer Support as accountable source owners. It should keep restricted security content in scope only if the design enforces permission filtering before retrieval, not merely after generation.

The chunk schema should preserve **lineage**, **versioning**, **access control**, and **quality state**. The minimum acceptable schema includes `chunk_id`, `document_id`, `source_uri`, `document_version`, `section_path`, `text`, `token_count`, `language`, `access_tags`, `embedding_model`, `embedding_dimension`, `chunking_strategy`, `content_hash`, `quality_status`, and `created_at`. Stronger submissions also include `parent_chunk_id`, `previous_chunk_id`, `next_chunk_id`, `parser_version`, `pii_status`, `source_owner`, and `retention_policy`.

A good architecture note separates the **offline indexing path** from the **online serving path**. The indexing path discovers source changes, extracts text, normalizes layout, assigns permissions, chunks content, computes hashes, embeds validated chunks, builds the vector index, runs retrieval regression tests, and promotes a new index alias only if quality gates pass. The online path authenticates the user, applies metadata filters, retrieves candidates through hybrid search, reranks the result set, assembles a bounded prompt with citations, asks the model to answer only from context, logs evidence and latency, and routes low-confidence answers to review.

The evaluation set should include normal questions, source lookup, freshness checks, permission-dependent queries, prompt-injection attempts, and sensitive-data refusal cases. The expected scoring plan should measure context precision, context recall, faithfulness, answer relevance, refusal accuracy, citation correctness, p50/p95 latency, and cost per answer. Strong solutions will include a small golden dataset that is reviewed by business owners and rerun after chunking, embedding, index, prompt, and model changes.

The security note should state that authorization filters are mandatory before retrieval because retrieving unauthorized chunks can leak data through logs, rerankers, prompts, traces, or accidental citations. It should also include prompt-injection detection, system-prompt secrecy, sensitive-data redaction, per-tenant isolation where relevant, audit logging, and incident review.

The rollback plan should use versioned indexes and aliases. A new index is built alongside the current production index, validated with the golden evaluation set, promoted through an alias only after approval, and rolled back by repointing the alias if regression metrics fail. Generated embeddings and retrieval logs should record the embedding model and index version so incidents can be reproduced.
