fix: resolve 5 pre-submission audit issues

1. prometheus.yml: scrape target api:8081 → api:8080 (metrics always
   served on the HTTP port via MapPrometheusScrapingEndpoint)
2. docker-compose.yml: env var prefix VectorCatalogOptions__ → VectorCatalog__
   to match SectionName constant; fix property names (TopK→DefaultTopK,
   AccessKey→MinioAccessKey, etc.) and remove dead port 8081 mapping
3. src/VectorCatalog.Api/Dockerfile: remove EXPOSE 8081 (nothing serves there)
4. Add .dockerignore for API and sidecar (reduces build-context noise)
5. README.md: fix stale benchmark numbers, wrong load-test script name,
   wrong CI job count (7→8), Helm path, and Roadmap completed items

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: ritunjaym

README.md

@@ -190,9 +190,9 @@ graph TB
 
 | Component | Technology | Purpose |
 |-----------|-----------|---------|
-| **CI/CD** | GitHub Actions | 7-job pipeline (build, test, security scan) |
+| **CI/CD** | GitHub Actions | 8-job pipeline (build, test, security scan, GHCR push) |
 | **Containers** | Docker + Compose | Multi-stage builds, non-root users |
-| **IaC** | docker-compose.yml | Local orchestration (7 services) |
+| **IaC** | docker-compose.yml | Local orchestration (6 services) |
 
 ---
 
@@ -390,10 +390,10 @@ dotnet run --project src/VectorCatalog.Api/VectorCatalog.Api.csproj
 ### Unit Tests
 
 ```bash
-# C# tests (8 tests)
+# C# unit tests (7 tests)
 dotnet test tests/VectorCatalog.Api.Tests/
 
-# Python tests (16 tests)
+# Python tests
 cd sidecar && pytest tests/ -v
 ```
 
@@ -407,21 +407,24 @@ dotnet test tests/VectorCatalog.Integration.Tests/
 ### Load Testing (k6)
 
 ```bash
-k6 run tests/load/search_load_test.js --vus 50 --duration 30s
+k6 run tests/load/health_load.js
+k6 run tests/load/search_load.js --out json=tests/load/results/search_results.json
 ```
 
 ---
 
 ## 📊 Performance Benchmarks
 
-| Metric | Value | Configuration |
-|--------|-------|---------------|
-| **Query Latency (p50)** | 45ms | Redis cache miss, nprobe=10 |
-| **Query Latency (p99)** | 120ms | Cold cache, complex query |
-| **Throughput** | 500 QPS | 4 CPU, 8GB RAM, local |
-| **Cache Hit Rate** | 78% | After 10K queries |
-| **Index Build Time** | 15 min | 1M vectors, nlist=100 |
-| **Index Size** | 150 MB | 1M vectors (100x compression) |
+Measured with k6 v1.6.1 on Apple M2 / Docker Compose. See [`docs/BENCHMARKS.md`](docs/BENCHMARKS.md) for full results.
+
+| Metric | Value | Scenario |
+|--------|-------|----------|
+| **Health P95** | 31ms | GET /health/live, 200 VUs |
+| **Health Throughput** | 17,396 req/s | ASP.NET Core baseline |
+| **Search P50** | 152ms | Warm Redis cache, synthetic FAISS index |
+| **Search P99** | 425ms | Warm Redis cache, synthetic FAISS index |
+| **Cache Hit Rate** | 85.3% | 6,674 hits / 7,823 requests |
+| **Avg Cache Hit Latency** | 48ms | Redis round-trip |
 
 ---
 
@@ -430,13 +433,14 @@ k6 run tests/load/search_load_test.js --vus 50 --duration 30s
 ### Docker
 
 ```bash
-docker compose -f docker-compose.prod.yml up -d
+docker compose up -d
 ```
 
-### Kubernetes (Helm Chart - Coming Soon)
+### Kubernetes (Helm)
 
 ```bash
-helm install vector-catalog ./charts/vector-catalog
+helm install vector-catalog ./helm/vector-catalog \
+  --set image.tag=$(git rev-parse --short HEAD)
 ```
 
 ---
@@ -486,8 +490,8 @@ rate(redis_commands_total{command="get",status="hit"}[5m]) / rate(redis_commands
 - [ ] Kubernetes Helm chart
 
 ### Week 3: Production Hardening
-- [ ] Integration tests with Testcontainers
-- [ ] Load testing with k6
+- [x] Integration tests with Testcontainers (12/12 passing)
+- [x] Load testing with k6 (17,396 req/s baseline; Polly behavior documented)
 - [ ] APM (Application Performance Monitoring)
 - [ ] Alert rules (Prometheus + Alertmanager)
 

docker-compose.yml

@@ -104,23 +104,22 @@ services:
       dockerfile: src/VectorCatalog.Api/Dockerfile
     container_name: vector-catalog-api
     ports:
-      - "8080:8080"      # HTTP API
-      - "8081:8081"      # Prometheus metrics
+      - "8080:8080"      # HTTP API + Prometheus /metrics
     environment:
       ASPNETCORE_ENVIRONMENT: Production
       ASPNETCORE_URLS: http://+:8080
-      VectorCatalogOptions__Sidecar__GrpcAddress: http://sidecar:50051
-      VectorCatalogOptions__Redis__ConnectionString: redis:6379
-      VectorCatalogOptions__Redis__KeyPrefix: "vc:"
-      VectorCatalogOptions__Redis__DefaultCacheTtlSeconds: 300
-      VectorCatalogOptions__Faiss__TopK: 10
-      VectorCatalogOptions__Faiss__Nprobe: 10
-      VectorCatalogOptions__Faiss__DefaultShardKey: nyc_taxi_2023
-      VectorCatalogOptions__Storage__MinioEndpoint: minio:9000
-      VectorCatalogOptions__Storage__AccessKey: minioadmin
-      VectorCatalogOptions__Storage__SecretKey: minioadmin
-      VectorCatalogOptions__RateLimit__PermitLimit: 100
-      VectorCatalogOptions__RateLimit__WindowSeconds: 10
+      VectorCatalog__SidecarGrpcAddress: http://sidecar:50051
+      VectorCatalog__Redis__ConnectionString: redis:6379
+      VectorCatalog__Redis__KeyPrefix: "vc:"
+      VectorCatalog__Redis__DefaultCacheTtlSeconds: 300
+      VectorCatalog__Faiss__DefaultTopK: 10
+      VectorCatalog__Faiss__DefaultNprobe: 10
+      VectorCatalog__Faiss__DefaultShardKey: nyc_taxi_2023
+      VectorCatalog__Storage__MinioEndpoint: http://minio:9000
+      VectorCatalog__Storage__MinioAccessKey: minioadmin
+      VectorCatalog__Storage__MinioSecretKey: minioadmin
+      VectorCatalog__RateLimit__PermitLimit: 100
+      VectorCatalog__RateLimit__WindowSeconds: 10
     depends_on:
       redis:
         condition: service_healthy

docs/BENCHMARKS.md

@@ -124,8 +124,7 @@ check: `GET /health/ready` → 200 OK (Redis dependency healthy).
 - `error_type="Grpc.Core.RpcException"` label on 500 responses confirms gRPC error
   propagation is instrumented ✅
 - Jaeger traces confirm parent-child span relationships (API → gRPC sidecar) ✅
-- Note: `prometheus.yml` scrape target points to port 8081 (incorrect); fix pending.
-  Direct scrape via `curl localhost:8080/metrics` works correctly.
+- `prometheus.yml` scrape target: `api:8080` ✅ (fixed — was incorrectly `api:8081`)
 
 ---
 
@@ -217,7 +216,7 @@ check: `GET /health/ready` → 200 OK (Redis dependency healthy).
 ## Optimization Opportunities
 
 ### Short-term
-1. **Fix Prometheus scrape target**: change `api:8081` → `api:8080` in `prometheus.yml`
+1. ~~**Fix Prometheus scrape target**~~: fixed (`api:8080` in `prometheus.yml`) ✅
 2. **Embedding caching**: cache embeddings by query hash → −30% P99 on cache misses
 3. **gRPC connection pooling**: increase pool from 10 → 50 → +15% throughput under load
 

infra/docker/prometheus.yml

@@ -11,7 +11,7 @@ scrape_configs:
   # ══════════════════════════════════════════════════════════════════════════
   - job_name: 'vector-catalog-api'
     static_configs:
-      - targets: ['api:8081']
+      - targets: ['api:8080']
         labels:
           service: 'vector-catalog-api'
           version: 'v0.1.0'

sidecar/.dockerignore

@@ -0,0 +1,42 @@
+# .dockerignore for Python gRPC sidecar
+# Only .py files, requirements.txt, and proto stubs are needed
+
+# Python cache
+__pycache__/
+*.pyc
+*.pyo
+*.pyd
+*.so
+
+# Virtual environments
+.venv/
+venv/
+env/
+
+# Test artefacts
+.pytest_cache/
+.mypy_cache/
+htmlcov/
+.coverage
+tests/
+
+# Data / FAISS indices (large — never bake into image)
+data/
+*.index
+*.faiss
+*.parquet
+
+# IDE / OS
+.idea/
+.vscode/
+.DS_Store
+Thumbs.db
+
+# Git
+.git/
+.gitignore
+
+# Secrets
+*.env
+.env
+secrets/

src/VectorCatalog.Api/.dockerignore

@@ -0,0 +1,40 @@
+# .dockerignore for VectorCatalog.Api
+# Keep the build context small — only C# source/config is needed
+
+# Build artifacts
+**/bin/
+**/obj/
+**/publish/
+
+# Test projects
+**/tests/
+
+# IDE / OS
+.vs/
+.vscode/
+.idea/
+*.suo
+*.user
+.DS_Store
+Thumbs.db
+
+# Git
+.git/
+.gitignore
+.gitattributes
+
+# Docs / scripts (not needed at build time)
+docs/
+scripts/
+infra/
+sidecar/
+
+# Secrets
+*.env
+.env
+secrets/
+
+# Node / Python artefacts (shouldn't be here, but be safe)
+node_modules/
+__pycache__/
+*.pyc

src/VectorCatalog.Api/Dockerfile

@@ -39,8 +39,8 @@ RUN chown -R appuser:appuser /app
 # Switch to non-root user
 USER appuser
 
-# Expose ports
-EXPOSE 8080 8081
+# Expose HTTP port (API + /metrics endpoint)
+EXPOSE 8080
 
 # Environment variables (can be overridden at runtime)
 ENV ASPNETCORE_URLS=http://+:8080 \