A33 · Design Claude-for-Work RAG (Enterprise) A33 · 设计 Claude-for-Work 企业级 RAG
Verified source经核实出处
Anthropic Claude for Work with connectors (news). Onsite reports ask to design it. Credibility B.
Architecture架构
flowchart LR CONN[Connectors - Slack/GDrive] --> ING[Ingestor] ING --> CHUNK[Chunk + embed] CHUNK --> VEC[(Vector DB)] CHUNK --> ACL[(ACL Store)] Query --> AUTHZ[Per-user ACL expand] AUTHZ --> VEC VEC --> RERANK[Rerank] RERANK --> LLM LLM --> Answer
Key decisions关键决策
- **ACL as pre-filter**, not post-filter: vector query includes allowed doc_id set, preventing leakage via ranking.**ACL 预过滤**而非后过滤:向量查询内带允许 doc_id 集合,防止排序泄漏。
- **Per-tenant namespace** in vector DB; keys derived from tenant_id + env.**向量库按租户命名空间**;key 由 tenant_id + env 派生。
- **Incremental sync** with change streams; permission changes propagate < 60 s.**增量同步**基于 change stream;权限变更 < 60 s 传播。
- **Citation-forced output**: model emits doc_id per claim; UI enforces hover-to-view.**强制引用**:每条断言带 doc_id;UI 悬停查看。
Follow-ups追问
- Permission changes mid-conversation? re-check at query time, not ingest time.对话中权限变更?查询时重检,不依赖 ingest 快照。
- Derivative content (summaries)? carry provenance + ACL intersection of sources.衍生内容(摘要)?保留出处 + ACL 取交集。