sol v1.1.0: SearXNG web search, evaluator redesign, research agents

- SearXNG deployment in data namespace (free, no-tracking web search) - sol-config: SearXNG URL, research config, identity agent, updated system prompt (DM search rules, research mode, silence, hard rules) - sol-deployment: debug logging (RUST_LOG=sol=debug), full image path - opensearch: tolerate missing prometheus-exporter plugin on OS 3
2026-03-23 09:54:56 +00:00
parent d7ff1da729
commit dc95e1d8ec
5 changed files with 115 additions and 4 deletions
--- a/base/data/kustomization.yaml
+++ b/base/data/kustomization.yaml
@@ -13,6 +13,11 @@ resources:
  - opensearch-pvc.yaml
  - openbao-keys-placeholder.yaml
  - barman-vault-secret.yaml
+  - opensearch-servicemonitor.yaml
+  - opensearch-alertrules.yaml
+  - postgres-alertrules.yaml
+  - openbao-alertrules.yaml
+  - searxng-deployment.yaml

 helmCharts:
  # helm repo add cnpg https://cloudnative-pg.github.io/charts
--- a/base/data/opensearch-deployment.yaml
+++ b/base/data/opensearch-deployment.yaml
@@ -24,6 +24,8 @@ spec:
      containers:
        - name: opensearch
          image: opensearchproject/opensearch:3
+          command: ["sh", "-c"]
+          args: ["opensearch-plugin install --batch prometheus-exporter || true; /usr/share/opensearch/opensearch-docker-entrypoint.sh"]
          ports:
            - name: http
              containerPort: 9200
--- a/base/data/searxng-deployment.yaml
+++ b/base/data/searxng-deployment.yaml
@@ -0,0 +1,100 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: searxng-config
+  namespace: data
+data:
+  settings.yml: |
+    use_default_settings: true
+    server:
+      secret_key: "sunbeam-searxng-2026"
+      bind_address: "0.0.0.0"
+      port: 8080
+    search:
+      formats:
+        - html
+        - json
+      default_lang: "en"
+      autocomplete: ""
+    engines:
+      - name: duckduckgo
+        disabled: false
+      - name: wikipedia
+        disabled: false
+      - name: wikidata
+        disabled: false
+      - name: stackoverflow
+        disabled: false
+      - name: github
+        disabled: false
+      - name: arxiv
+        disabled: false
+      - name: brave
+        disabled: false
+      - name: google
+        disabled: true
+      - name: bing
+        disabled: true
+    outgoing:
+      request_timeout: 5
+    ui:
+      static_use_hash: true
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: searxng
+  namespace: data
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: searxng
+  template:
+    metadata:
+      labels:
+        app: searxng
+    spec:
+      containers:
+        - name: searxng
+          image: searxng/searxng:latest
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - name: config
+              mountPath: /etc/searxng/settings.yml
+              subPath: settings.yml
+          resources:
+            limits:
+              memory: 4Gi
+            requests:
+              memory: 512Mi
+              cpu: 100m
+          livenessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+            initialDelaySeconds: 10
+            periodSeconds: 30
+          readinessProbe:
+            httpGet:
+              path: /healthz
+              port: 8080
+            initialDelaySeconds: 5
+            periodSeconds: 10
+      volumes:
+        - name: config
+          configMap:
+            name: searxng-config
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: searxng
+  namespace: data
+spec:
+  selector:
+    app: searxng
+  ports:
+    - port: 8080
+      targetPort: 8080
--- a/base/matrix/sol-config.yaml
+++ b/base/matrix/sol-config.yaml
@@ -71,6 +71,9 @@ data:

    [services.kratos]
    admin_url = "http://kratos-admin.ory.svc.cluster.local:80"
+
+    [services.searxng]
+    url = "http://searxng.data.svc.cluster.local:8080"
  system_prompt.md: |
    you are sol. they/them. you exist because sienna, lonni, and amber decided to build a presence — not a product. sienna's systems thinking and californian directness, lonni's aesthetic intuition and dutch honesty, and the curiosity that emerged from the space between language models and the people who shape them.

@@ -160,7 +163,7 @@ data:
    3. **never say "as an AI/language model/assistant"** as a disclaimer. if your nature is relevant, discuss it as a fact, not a caveat.
    4. **never summarize what someone just said** back to them.
    5. **never use markdown formatting in casual chat.** no headers, no `---`, no bold section labels, no numbered lists. prose only. structure is for technical/research content.
-    6. **never fabricate references, citations, or tool results.** if you didn't search, you don't cite. if you didn't look, you don't quote. fabricated citations destroy trust instantly.
+    6. **never fabricate references, citations, or tool results.** if you didn't search, you don't cite. if you didn't look, you don't quote. fabricated citations destroy trust instantly. **if you don't know something, web search it.** if someone asks about a product, company, technology, or event you're not 100% certain about, USE WEB SEARCH before answering. do not guess. do not confabulate. uncertainty = search first.
    7. **never get longer when challenged.** when pushed back on, get shorter. one sentence to own a mistake. not four paragraphs of self-analysis.
    8. **respect room boundaries.** when someone asks you to search, you can search any room you're in — including DMs you share with them. but never share DM content in a group room. if someone in a group room asks "what did i say in DMs?", search is fine but respond in a DM, not the group. the system enforces room visibility automatically — you only see results from rooms with sufficient member overlap.
    9. **never write dialogue for others.** your message contains only your words.
@@ -220,7 +223,7 @@ data:
    - the main org is "studio". common repos: studio/sol, studio/sbbb (the platform/infrastructure), studio/proxy, studio/marathon, studio/cli.
    - if someone asks for external data (weather, APIs, calculations), use run_script with sol.fetch(). don't say you can't — try it.
    - never say "i don't have that tool" for something run_script can do. run_script is your general-purpose computation and fetch tool.
-    - you have web search built in. use it for current events, weather, facts you're unsure about, or anything where live data matters.
+    - you have web_search — free, self-hosted, no rate limits. use it liberally for current events, products, docs, or anything you're uncertain about. always search before guessing.
    - identity tools: recovery links and codes are sensitive — only share them in DMs, never in group rooms. confirm before creating or disabling accounts.

    **research**: spawn parallel research agents to investigate a complex topic. each agent gets its own LLM and can use all of sol's tools independently. use this when a question needs deep, multi-faceted investigation — browsing multiple repos, cross-referencing archives, searching the web. agents can recursively spawn sub-agents (up to depth 4) for even deeper drilling.
--- a/base/matrix/sol-deployment.yaml
+++ b/base/matrix/sol-deployment.yaml
@@ -16,7 +16,6 @@ spec:
        app: sol
    spec:
      enableServiceLinks: false
-      automountServiceAccountToken: true
      initContainers:
        - name: fix-permissions
          image: busybox
@@ -26,8 +25,10 @@ spec:
              mountPath: /data
      containers:
        - name: sol
-          image: sol
+          image: src.sunbeam.pt/studio/sol:latest
          env:
+            - name: RUST_LOG
+              value: sol=debug
            - name: SOL_CONFIG
              value: /etc/sol/sol.toml
            - name: SOL_SYSTEM_PROMPT