This release includes 1 security fix for security teams reviewing exposed deployments.
Affected surfaces
Summary
AI summaryFixed BM25 full-text search, removed insecure trigram search and context compression.
Full changelog
What's New
Retrieval actually works now. BM25 full-text search was broken since launch. Trigram search ran against encrypted ciphertext. Context compression silently forwarded decrypted memories to OpenAI. All three are fixed. Benchmark score: 92/100 → 100/100.
Fixed
- BM25 full-text search — tsvectors now populated from plaintext before encryption
- Removed trigram search (ran against ciphertext, producing noise)
- Removed context compression (sent decrypted memories to OpenAI, breaking encryption guarantee)
- Batch N+1 queries in recall with
WHERE id = ANY(...) - Specific error handling instead of bare
catch {}blocks forget()now logs usage events- Migration uses
CREATE INDEX CONCURRENTLYto avoid table locks - Lazy tsvector backfill during recall for old memories
Added
- Vitest test suite (32 tests)
- GIN index on
content_tsv - VERSION file and CHANGELOG.md
Changed
- Hybrid retrieval: vector + BM25 (was vector + BM25 + trigram)
- All packages unified to v0.4.0
Breaking Changes
- Removed trigram search (previously ran against encrypted ciphertext)
- Removed context compression (previously forwarded decrypted memories to OpenAI)
Security Fixes
- Removed context compression that sent decrypted memories to OpenAI, restoring encryption guarantee
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About AlekseiMarchenko/central-intelligence
Persistent memory for AI agents. Five tools (remember, recall, context, forget, share) with semantic search via vector embeddings and agent/user/org scoping. Works with Claude Code, Cursor, Windsurf, and any MCP client.
Related context
Related tools
Beta — feedback welcome: [email protected]