fix: Improve chunking robustness and type safety (#474)

* fix: Improve chunking robustness and type safety

This commit addresses three critical issues discovered during investigation
of poor search result accuracy and chunking behavior:

## 1. Fix Oversized Sentence Handling in Chunking (Issue #1)
- **Problem**: Markdown tables and long sentences caused chunks up to 24,654 chars
  (exceeding WatsonX embedding 512-token limit)
- **Root cause**: sentence_based_chunking() added entire sentences regardless of size
- **Fix**: Split oversized sentences at word boundaries before adding to chunks
- **Impact**: Max chunk reduced from 24,654 to 596 chars (~238 tokens)
- **File**: backend/rag_solution/data_ingestion/chunking.py:195-217

## 2. Fix Configuration Consistency Across Chunking Strategies (Issue #2)
- **Problem**: sentence_chunker() multiplied config by 2.5 (assumed tokens),
  while other strategies used values as characters directly
- **Root cause**: Inconsistent interpretation across chunking strategies
- **Fix**: Standardized ALL strategies to use CHARACTERS, removed 2.5x multiplier
- **Impact**: Predictable, maintainable configuration across all strategies
- **File**: backend/rag_solution/data_ingestion/chunking.py:409-414

## 3. Fix Type Safety in LLM Model Repository (Issue #3)
- **Problem**: update_model() used duck-typing with hasattr() and dict type erasure
- **Root cause**: Poor type safety, no IDE autocomplete, runtime errors possible
- **Fix**: Changed to only accept LLMModelInput Pydantic type, use model_dump(exclude_unset=True)
- **Impact**: Better type checking, maintainability, IDE support
- **File**: backend/rag_solution/repository/llm_model_repository.py:69-92

## 4. Add Strict Typing Guidelines (New)
- Comprehensive documentation for type safety best practices
- Covers Pydantic models, type hints, mypy configuration
- **File**: docs/development/backend/strict-typing-guidelines.md

## Testing
- Chunking: Validated max chunk size reduced from 24,654 to 596 chars
- Type safety: All mypy checks pass
- Embedding comparison: Tested 8 models (IBM Slate, Granite, E5, MiniLM)

## Related Issues
- Addresses root causes discovered while investigating GitHub #461 (CoT reasoning)
- Created follow-up issues: #465-473 for remaining search accuracy problems

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* fix: Address PR feedback - type safety, tests, and error handling

This commit addresses all feedback from PR #474:

## 1. Fix Type Mismatch in Service Layer (CRITICAL)
- **Problem**: llm_model_service.py passed dict[str, Any] to repository expecting LLMModelInput
- **Fix**: Convert dict updates to LLMModelInput Pydantic models in service layer
- **Files**: backend/rag_solution/services/llm_model_service.py:67, 102-133
- **Impact**: Type-safe service-to-repository communication, prevents runtime errors

## 2. Add Rollback for All Exception Types
- **Problem**: NotFoundError/ValidationError raised without rollback (potential transaction leaks)
- **Fix**: Added explicit rollback for all exception types in update_model()
- **File**: backend/rag_solution/repository/llm_model_repository.py:96-99
- **Impact**: Safer transaction handling, prevents DB inconsistencies

## 3. Handle Empty Strings After .strip()
- **Problem**: Oversized sentence splitting could create empty chunks after stripping
- **Fix**: Added check to skip empty chunks (line 215-216)
- **File**: backend/rag_solution/data_ingestion/chunking.py:214-216
- **Impact**: Prevents empty chunks from being stored in vector DB

## 4. Add Unit Tests for Oversized Sentence Splitting
- **New Tests**: 5 comprehensive tests for Issue #1 fix
  - test_oversized_sentence_splits_at_word_boundaries
  - test_markdown_table_splits_correctly
  - test_very_long_sentence_without_spaces
  - test_normal_sentences_not_affected
  - test_empty_string_chunks_are_filtered
- **File**: backend/tests/unit/test_chunking.py:29-102
- **Coverage**: Edge cases for oversized sentences, markdown tables, whitespace handling

## Testing
- All linting checks pass (ruff, mypy type annotations added)
- All modified files pass type checking
- New unit tests validate oversized sentence handling

Addresses feedback from: #474 (comment)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* refactor: Replace dict[str, Any] with strongly-typed Update schemas

## Problem
API contracts used weakly-typed `dict[str, Any]` for partial updates, violating
the project's strong typing principles. This created multiple issues:

1. **Type Safety**: dict[str, Any] bypasses Pydantic validation
2. **Partial Updates**: No clear API contract for which fields are optional
3. **Duplicate Queries**: Service layer fetched models, then repository fetched again
4. **Return Type Ambiguity**: Methods returned `Output | None` instead of raising exceptions

## Solution
Created strongly-typed Update schemas with all-optional fields for partial updates:

### LLM Models
- Created `LLMModelUpdate` schema (all fields optional)
- Updated `LLMModelRepository.update_model()` to accept `LLMModelUpdate`
- Updated `LLMModelService.update_model()` to use `LLMModelUpdate`
- Updated router to accept `LLMModelUpdate` instead of `dict`
- Changed return types from `Output | None` to `Output` (let NotFoundError propagate)

### LLM Providers
- Created `LLMProviderUpdate` schema (all fields optional)
- Updated `LLMProviderRepository.update_provider()` to accept `LLMProviderUpdate`
- Updated `LLMProviderService.update_provider()` to use `LLMProviderUpdate`
- Updated router to accept `LLMProviderUpdate` instead of `dict`
- Changed return type from `Output | None` to `Output`

### Service Layer Improvements
- Removed duplicate DB fetches (repository now handles single query)
- Eliminated manual field merging (Pydantic's `exclude_unset=True` handles it)
- Simplified service methods from 30 lines to 1-3 lines
- All methods now use proper exception propagation instead of returning None

## Impact
- **Type Safety**: Full Pydantic validation on all partial updates
- **Performance**: Eliminated N+1 queries (2 DB calls → 1 DB call)
- **Maintainability**: Update schemas automatically track model changes
- **API Clarity**: Clear contract for partial updates via Update schemas

## Files Changed
- rag_solution/schemas/llm_model_schema.py: Added LLMModelUpdate
- rag_solution/schemas/llm_provider_schema.py: Added LLMProviderUpdate
- rag_solution/repository/llm_model_repository.py: Use LLMModelUpdate
- rag_solution/repository/llm_provider_repository.py: Use LLMProviderUpdate
- rag_solution/services/llm_model_service.py: Simplified with LLMModelUpdate
- rag_solution/services/llm_provider_service.py: Simplified with LLMProviderUpdate
- rag_solution/router/llm_provider_router.py: Use Update schemas

Addresses PR feedback: #474 (comment)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* security: Remove debug statements that expose API keys to stdout

CRITICAL SECURITY FIX - This is a blocking issue that must be merged.

## Problem
Lines 71 and 73 in llm_provider_schema.py contained debug print statements
that would expose API keys to stdout in plain text:

```python
print(f"DEBUG: Converting API key '{v}' to SecretStr")
print(f"DEBUG: API key is not a string: {type(v)} = {v}")
```

This violates the principle of keeping secrets secure and could lead to:
- API keys appearing in application logs
- Secrets exposed in container stdout
- Credentials leaked in CI/CD pipeline logs
- Security audit failures

## Solution
- Removed all debug print statements from convert_api_key_to_secret_str()
- Added proper type hints: `def convert_api_key_to_secret_str(cls, v: str | SecretStr) -> SecretStr`
- Added comprehensive docstring explaining function behavior
- Verified with mypy (all checks pass)

## Impact
- Eliminates API key exposure risk
- Fixes mypy type checking error (Function is missing a type annotation)
- Maintains all existing functionality (SecretStr conversion)
- No breaking changes to API or behavior

Addresses blocking concern from PR review:
#474 (comment)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

---------

Co-authored-by: Claude <noreply@anthropic.com>

Author: manavgup

backend/rag_solution/data_ingestion/chunking.py

@@ -192,9 +192,38 @@ def sentence_based_chunking(
     for sentence in sentences:
         sentence_len = len(sentence)
 
-        # Check if adding this sentence would exceed target
-        if current_char_count + sentence_len > target_chars and current_chunk:
-            # Save current chunk
+        # Handle oversized sentences by splitting them
+        if sentence_len > target_chars:
+            # Save current chunk first if not empty
+            if current_chunk:
+                chunk_text = " ".join(current_chunk)
+                chunks.append(chunk_text)
+                current_chunk = []
+                current_char_count = 0
+
+            # Split oversized sentence into target-sized pieces
+            start = 0
+            while start < sentence_len:
+                end = min(start + target_chars, sentence_len)
+                # Try to break at word boundary
+                if end < sentence_len:
+                    last_space = sentence[start:end].rfind(" ")
+                    if last_space > target_chars * 0.5:  # At least 50% full
+                        end = start + last_space
+
+                chunk_piece = sentence[start:end].strip()
+                if chunk_piece:  # Only append non-empty chunks
+                    chunks.append(chunk_piece)
+                start = end
+
+            continue
+
+        # Account for space between sentences when joining
+        space_len = 1 if current_chunk else 0
+
+        # STRICT: Don't add sentence if it would exceed target
+        if current_char_count + space_len + sentence_len > target_chars and current_chunk:
+            # Save current chunk (don't add the sentence that would exceed)
             chunk_text = " ".join(current_chunk)
             chunks.append(chunk_text)
 
@@ -204,17 +233,18 @@ def sentence_based_chunking(
 
             for i in range(len(current_chunk) - 1, -1, -1):
                 sent_len = len(current_chunk[i])
-                if overlap_count + sent_len <= overlap_chars:
+                space = 1 if overlap_chunk else 0
+                if overlap_count + space + sent_len <= overlap_chars:
                     overlap_chunk.insert(0, current_chunk[i])
-                    overlap_count += sent_len
+                    overlap_count += sent_len + space
                 else:
                     break
 
             current_chunk = overlap_chunk
             current_char_count = overlap_count
 
         current_chunk.append(sentence)
-        current_char_count += sentence_len
+        current_char_count += sentence_len + space_len
 
     # Add final chunk if it meets minimum size
     if current_chunk:
@@ -368,19 +398,20 @@ def hierarchical_chunker_wrapper(text: str, settings: Settings = get_settings())
 def sentence_chunker(text: str, settings: Settings = get_settings()) -> list[str]:
     """Sentence-based chunking using settings configuration.
 
-    Uses conservative character-to-token ratio (2.5:1) for IBM Slate safety.
+    All config values (min_chunk_size, max_chunk_size, chunk_overlap) are in CHARACTERS.
+    Conservative char-to-token ratio (2.5:1) provides safety margin for IBM Slate 512-token limit.
 
     Args:
         text: Input text to chunk
-        settings: Configuration settings
+        settings: Configuration settings (all values in characters)
 
     Returns:
         List of sentence-based chunks
     """
-    # Convert config values assuming they're in tokens, multiply by 2.5 for chars
-    target_chars = int(settings.max_chunk_size * 2.5) if settings.max_chunk_size < 1000 else 750
-    overlap_chars = int(settings.chunk_overlap * 2.5) if settings.chunk_overlap < 200 else 100
-    min_chars = int(settings.min_chunk_size * 2.5) if settings.min_chunk_size < 500 else 500
+    # Use config values directly as characters (no conversion needed)
+    target_chars = settings.max_chunk_size
+    overlap_chars = settings.chunk_overlap
+    min_chars = settings.min_chunk_size
 
     return sentence_based_chunking(text, target_chars=target_chars, overlap_chars=overlap_chars, min_chars=min_chars)
 

backend/rag_solution/repository/llm_model_repository.py

@@ -6,7 +6,7 @@
 
 from rag_solution.core.exceptions import AlreadyExistsError, NotFoundError, ValidationError
 from rag_solution.models.llm_model import LLMModel
-from rag_solution.schemas.llm_model_schema import LLMModelInput, LLMModelOutput, ModelType
+from rag_solution.schemas.llm_model_schema import LLMModelInput, LLMModelOutput, LLMModelUpdate, ModelType
 
 
 class LLMModelRepository:
@@ -66,20 +66,29 @@ def get_models_by_type(self, model_type: ModelType) -> list[LLMModelOutput]:
         except Exception:
             raise
 
-    def update_model(self, model_id: UUID4, updates: dict) -> LLMModelOutput:
-        """Updates model details.
+    def update_model(self, model_id: UUID4, updates: LLMModelUpdate) -> LLMModelOutput:
+        """Updates model details with partial updates.
+
+        Args:
+            model_id: ID of the model to update
+            updates: LLMModelUpdate with optional fields for partial updates
 
         Raises:
             NotFoundError: If model not found
+
+        Note:
+            Only updates fields that are explicitly set in the updates object.
+            Uses Pydantic's exclude_unset=True to handle partial updates.
         """
         try:
             # Find the model first
             model = self.session.query(LLMModel).filter_by(id=model_id).first()
             if not model:
                 raise NotFoundError(resource_type="LLMModel", resource_id=str(model_id))
 
-            # Apply updates
-            for key, value in updates.items():
+            # Update only fields that were explicitly set (partial update support)
+            update_data = updates.model_dump(exclude_unset=True)
+            for key, value in update_data.items():
                 setattr(model, key, value)
 
             self.session.commit()
@@ -89,6 +98,8 @@ def update_model(self, model_id: UUID4, updates: dict) -> LLMModelOutput:
             self.session.rollback()
             raise AlreadyExistsError(resource_type="LLMModel", field="id", value=str(model_id)) from e
         except (NotFoundError, AlreadyExistsError, ValidationError):
+            # Rollback for safety even though these are typically raised before DB changes
+            self.session.rollback()
             raise
         except Exception:
             self.session.rollback()

backend/rag_solution/repository/llm_provider_repository.py

@@ -6,7 +6,7 @@
 
 from rag_solution.core.exceptions import AlreadyExistsError, NotFoundError, ValidationError
 from rag_solution.models.llm_provider import LLMProvider
-from rag_solution.schemas.llm_provider_schema import LLMProviderInput
+from rag_solution.schemas.llm_provider_schema import LLMProviderInput, LLMProviderUpdate
 
 
 class LLMProviderRepository:
@@ -102,22 +102,33 @@ def get_provider_by_name_with_credentials(self, name: str) -> LLMProvider:
         except Exception:
             raise
 
-    def update_provider(self, provider_id: UUID4, updates: dict) -> LLMProvider:
-        """Updates provider details.
+    def update_provider(self, provider_id: UUID4, updates: LLMProviderUpdate) -> LLMProvider:
+        """Updates provider details with partial updates.
+
+        Args:
+            provider_id: ID of the provider to update
+            updates: LLMProviderUpdate with optional fields for partial updates
 
         Raises:
             NotFoundError: If provider not found
+
+        Note:
+            Only updates fields that are explicitly set in the updates object.
+            Uses Pydantic's exclude_unset=True to handle partial updates.
         """
         try:
-            # Handle SecretStr in updates
-            if "api_key" in updates and hasattr(updates["api_key"], "get_secret_value"):
-                updates["api_key"] = updates["api_key"].get_secret_value()
-
             # Find the provider first - this will raise NotFoundError if not found
             provider = self.get_provider_by_id(provider_id)
 
+            # Convert Pydantic model to dict, only including explicitly set fields
+            update_data = updates.model_dump(exclude_unset=True)
+
+            # Handle SecretStr in updates
+            if "api_key" in update_data and hasattr(update_data["api_key"], "get_secret_value"):
+                update_data["api_key"] = update_data["api_key"].get_secret_value()
+
             # Apply updates
-            for key, value in updates.items():
+            for key, value in update_data.items():
                 setattr(provider, key, value)
 
             self.session.commit()
@@ -128,6 +139,7 @@ def update_provider(self, provider_id: UUID4, updates: dict) -> LLMProvider:
             self.session.rollback()
             raise AlreadyExistsError(resource_type="LLMProvider", field="name", value=str(provider_id)) from e
         except (NotFoundError, AlreadyExistsError, ValidationError):
+            self.session.rollback()
             raise
         except Exception:
             self.session.rollback()

backend/rag_solution/router/llm_provider_router.py

@@ -5,8 +5,8 @@
 from sqlalchemy.orm import Session
 
 from rag_solution.file_management.database import get_db
-from rag_solution.schemas.llm_model_schema import LLMModelInput, LLMModelOutput, ModelType
-from rag_solution.schemas.llm_provider_schema import LLMProviderInput, LLMProviderOutput
+from rag_solution.schemas.llm_model_schema import LLMModelInput, LLMModelOutput, LLMModelUpdate, ModelType
+from rag_solution.schemas.llm_provider_schema import LLMProviderInput, LLMProviderOutput, LLMProviderUpdate
 from rag_solution.services.llm_provider_service import LLMProviderService
 
 router = APIRouter(
@@ -58,15 +58,15 @@ def get_provider(provider_id: UUID4, service: Annotated[LLMProviderService, Depe
 
 @router.put("/{provider_id}", response_model=LLMProviderOutput)
 def update_provider(
-    provider_id: UUID4, updates: dict, service: Annotated[LLMProviderService, Depends(get_service)]
+    provider_id: UUID4, updates: LLMProviderUpdate, service: Annotated[LLMProviderService, Depends(get_service)]
 ) -> LLMProviderOutput:
     """
-    Update a specific LLM Provider.
+    Update a specific LLM Provider with partial updates.
+
+    Accepts LLMProviderUpdate with optional fields for partial updates.
+    Raises 404 if provider not found.
     """
-    provider = service.update_provider(provider_id, updates)
-    if not provider:
-        raise HTTPException(status_code=404, detail="Provider not found")
-    return provider
+    return service.update_provider(provider_id, updates)
 
 
 @router.delete("/{provider_id}")
@@ -122,24 +122,23 @@ def get_models_by_type(
 def get_model_by_id(model_id: UUID4, service: Annotated[LLMProviderService, Depends(get_service)]) -> LLMModelOutput:
     """
     Get a specific Model by ID.
+
+    Raises 404 if model not found.
     """
-    model = service.get_model_by_id(model_id)
-    if not model:
-        raise HTTPException(status_code=404, detail="Model not found")
-    return model
+    return service.get_model_by_id(model_id)
 
 
 @router.put("/models/{model_id}", response_model=LLMModelOutput)
 def update_model(
-    model_id: UUID4, updates: dict, service: Annotated[LLMProviderService, Depends(get_service)]
+    model_id: UUID4, updates: LLMModelUpdate, service: Annotated[LLMProviderService, Depends(get_service)]
 ) -> LLMModelOutput:
     """
-    Update a specific Model.
+    Update a specific Model with partial updates.
+
+    Accepts LLMModelUpdate with optional fields for partial updates.
+    Raises 404 if model not found.
     """
-    model = service.update_model(model_id, updates)
-    if not model:
-        raise HTTPException(status_code=404, detail="Model not found")
-    return model
+    return service.update_model(model_id, updates)
 
 
 @router.delete("/models/{model_id}")

backend/rag_solution/schemas/llm_model_schema.py

@@ -27,6 +27,29 @@ class LLMModelInput(BaseModel):
     model_config = ConfigDict(protected_namespaces=())
 
 
+class LLMModelUpdate(BaseModel):
+    """Schema for partial updates to LLM models.
+
+    All fields are optional to support partial updates from API.
+    Use exclude_unset=True when converting to dict to only update provided fields.
+    """
+
+    model_id: str | None = None
+    default_model_id: str | None = None
+    model_type: ModelType | None = None
+    timeout: int | None = None
+    max_retries: int | None = None
+    batch_size: int | None = None
+    retry_delay: float | None = None
+    concurrency_limit: int | None = None
+    stream: bool | None = None
+    rate_limit: int | None = None
+    is_default: bool | None = None
+    is_active: bool | None = None
+
+    model_config = ConfigDict(protected_namespaces=())
+
+
 class LLMModelOutput(BaseModel):
     id: UUID4
     provider_id: UUID4

backend/rag_solution/schemas/llm_provider_schema.py

@@ -16,6 +16,23 @@ class LLMProviderInput(BaseModel):
     user_id: UUID4 | None = Field(None, description="User ID who owns this provider")
 
 
+class LLMProviderUpdate(BaseModel):
+    """Schema for partial updates to LLM providers.
+
+    All fields are optional to support partial updates from API.
+    Use exclude_unset=True when converting to dict to only update provided fields.
+    """
+
+    name: str | None = None
+    base_url: str | None = None
+    api_key: SecretStr | None = None
+    org_id: str | None = None
+    project_id: str | None = None
+    is_active: bool | None = None
+    is_default: bool | None = None
+    user_id: UUID4 | None = None
+
+
 class LLMProviderOutput(BaseModel):
     """Schema for returning an LLM Provider."""
 
@@ -48,12 +65,17 @@ class LLMProviderConfig(BaseModel):
 
     @field_validator("api_key", mode="before")
     @classmethod
-    def convert_api_key_to_secret_str(cls, v):
-        """Convert string API key to SecretStr."""
+    def convert_api_key_to_secret_str(cls, v: str | SecretStr) -> SecretStr:
+        """Convert string API key to SecretStr.
+
+        Args:
+            v: API key as string or SecretStr
+
+        Returns:
+            SecretStr: Secured API key
+        """
         if isinstance(v, str):
-            print(f"DEBUG: Converting API key '{v}' to SecretStr")
             return SecretStr(v)
-        print(f"DEBUG: API key is not a string: {type(v)} = {v}")
         return v
 
     model_config = ConfigDict(from_attributes=True)