In Blog 1 and Blog 2, I built a working RAG system:
- ML pipeline: R² = 0.81 price prediction
- Feature engineering: 40+ features, hybrid sector extraction
- RAG system: Sentence Transformers + ChromaDB semantic search
- 7,115 properties indexed and searchable
But it was still a Python script running in Jupyter notebooks.
Press enter or click to view image in full size![]()
This blog is about the unglamorous-but-critical work that separates “demo” from “production”:
- Security (input validation, XSS prevention, rate limiting)
- Error handling (graceful failures, user-friendly messages)
- UI (Gradio chat interface)
- Deployment (HuggingFace Spaces, Docker, CI/CD)
The “It Works on My Machine” Problem
Users will break your app in ways you never imagined. Defense in depth is essential.
Layer 1: Input Validation & Security
The Security Layer (`security.py`)
Here’s my actual production code:
1. InputValidator
import re
import html
from typing import Dictclass InputValidator:
MAX_QUERY_LENGTH = 500
MAX_LOCALITY_LENGTH = 100
# Block common attack patterns
BLOCKED_PATTERNS = [
r'window.__BUILD_ID__="main-20251114-155643-e2ef6afa97"
