YUXUAN YANG / 2027

01 / AI SYSTEMS

Semantic Lighthouse

把分散的文档、数据、权限和 Agent 操作组织成可审计的企业 AI 语义工作台。An auditable semantic workspace connecting enterprise documents, data, permissions, and controlled agent actions.

独立设计与开发
2026.05 至今
Independent design & development
May 2026 to present

01 / PROBLEM

跑通的演示,不等于可被验证的系统。A working demo is not a verified system.

RAG 或 Agent 演示很容易跑通,但引用是否可靠、写操作是否越权、不同租户是否隔离,往往没有统一证据。我的完成标准不是增加聊天能力,而是让检索、权限、确认、状态流转和审计都能被测试。A RAG or agent demo can run while citation quality, write authorization, and tenant isolation remain unproven. I treated retrieval, permissions, confirmation, state transitions, and audit as testable completion criteria.

02 / SYSTEM DECISION

模型只协调;确定性服务负责边界。Models coordinate; deterministic services own boundaries.

证据输入EVIDENCE INPUT15 份离线文档进入 citation-grounded RAG 评测。15 offline documents enter citation-grounded RAG evaluation.
RAG检索与引用被单独测量,不由回答流畅度代替。Retrieval and citation are measured independently of fluent answers.
AGENT受控协调层;模型输出不能直接授权写操作。Controlled coordination layer; model output cannot authorize writes.
AUTH / HITL服务端角色检查后,风险写入必须获得用户确认。Risky writes require server role checks and user confirmation.
AUDIT确认与拒绝都记录操作者、时间和工具参数。Approval and rejection record operator, timestamp, and tool parameters.

03 / FAILURE RISK + CONTROLS

把危险动作留在模型之外。Keep dangerous actions outside the model.

失败风险Failure risk工程控制Engineering control
跨 group 数据或引用泄漏Cross-group data or citation leakage业务对象从认证服务端上下文派生 group 范围Business objects derive group scope from authenticated server context
未注册工具、参数缺失、越权写入Unregistered tools, missing parameters, or unauthorized writes记录失败步骤,不产生写操作Record failed steps and produce no write
等待确认的 run 再次执行Re-running a pending confirmation禁止执行并返回 HTTP 409Block execution and return HTTP 409

04 / EVIDENCE

证据管线,而不是虚构的运营看板。An evidence pipeline, not a fabricated dashboard.

Keyword Recall@5

0.950

MRR

0.901

Hybrid 对 Precision@5 的影响Hybrid effect on Precision@5

−0.048

无证据拒答 / 安全类别No-evidence refusals / safety categories

5/5 · 4/4

Agent 攻击与误用案例Agent attack & misuse cases

12 / 12

跨 group 引用泄漏Cross-group citation leakage

0

测试结果Test result

1,135 passed · 3 skipped

05 / LIMITATIONS + LINKS

尚未被证明的部分What remains unproven

向量基线是离线词法特征哈希,不是神经向量模型。安全测试使用 fake provider,证明的是后端约束能容纳恶意模型决策,不证明真实托管模型本身能够抵抗 Prompt 注入。The vector baseline is lexical feature hashing, not neural embeddings. Fake-provider security tests prove backend containment of malicious model decisions, not real-model resistance to prompt injection.