This release includes breaking changes for platform teams planning a safe upgrade.
✓ No known CVEs patched in this version
Topics
+14 more
Summary
AI summaryFixed YAML config loader to validate types and bounds, coerce reranker_enabled strings, remove invalid keyword_routes entries, and handle errors.
Full changelog
Fixes
Full hardening of the YAML config loader after rigorous audit:
- Type validation on all config values — wrong types (string where int, string where list, int where bool) now warn and fall back to defaults
- Bounds validation — chunk_size (min 100), chunk_overlap (non-negative, < chunk_size), default_results, max_results, embedding_dim, reranker_top_k_multiplier
- keyword_routes string values detected and removed — previously
redteam: "pentest"caused character-level matching ("p","e","n", etc.) - reranker_enabled string coercion (
"yes"→Truewith warning) - supported_formats: [] falls back to defaults with warning
- Version synced across init.py, config.py, server.py, pyproject.toml
- Error handling in
knowledge-rag init(PermissionError, OSError) - Broken README anchor fixed
- Duplicate keyword removed
Upgrade
pip install --upgrade knowledge-rag
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About lyonzin/knowledge-rag
Local RAG system for Claude Code with hybrid search (BM25 + semantic), cross-encoder reranking, markdown-aware chunking, query expansion, and 12 MCP tools. Runs entirely offline with zero external servers.
Related context
Beta — feedback welcome: [email protected]