YantrikDB

v0.7.15 Bugfix

This release fixes issues for SREs watching stability and regressions.

Published 20d AI Agents & Assistants

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

agent-memory ai-agents anthropic claude-code cognitive-memory database

+12 more

embeddings hnsw knowledge-graph llm llm-memory mcp memory persistent-memory python rust semantic-memory vector-db

Affected surfaces

breaking_upgrade

ReleasePort's take

Light signal

editorial:auto 13d

v0.7.15 fixes two regressions: set_embedder_named() now extracts files correctly, and sdists install via pip after LICENSE validation was corrected.

Why it matters: v0.7.14 broke named-embedder downloads and pip installations. Upgrade immediately to restore functionality.

Summary

AI summary

Fixed two regressions: set_embedder_named() now extracts files and sdists can be installed via pip without errors.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	Declares `license-files = [ Declares `license-files = [ Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Low	Adds PEP 639-compliant `license-files = ["LICENSE"]` entry in root pyproject.toml. Adds PEP 639-compliant `license-files = ["LICENSE"]` entry in root pyproject.toml. Source: granite4.1:30b@2026-05-22-audit Confidence: low	—
Bugfix
Bugfix	Medium	Restores call to extract_tarball_to in set_embedder_named, fixes missing files error. Restores call to extract_tarball_to in set_embedder_named, fixes missing files error. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Adds cleanup-on-error arm for temporary directory after partial extraction. Adds cleanup-on-error arm for temporary directory after partial extraction. Source: llm_adapter@2026-05-21 Confidence: high	—
Bugfix	Medium	Corrects LICENSE file placement in sdist to satisfy PyPI license validation. Corrects LICENSE file placement in sdist to satisfy PyPI license validation. Source: llm_adapter@2026-05-21 Confidence: high	—

Full changelog

TL;DR

Two real regressions I introduced in v0.7.13/v0.7.14. Both fixed and verified locally against the actual rejection surface before this release.

If you tried set_embedder_named() on v0.7.13 or v0.7.14 and got "after extract, expected files missing": v0.7.15 fixes that. If you tried pip install yantrikdb --no-binary :all: (build from sdist) on v0.7.12/v0.7.13/v0.7.14 and got "no matching distribution": v0.7.15 also fixes that.

The two bugs

#26 — `set_embedder_named()` never extracts (introduced in v0.7.13)

PR #23's refactor moved the tarball extraction loop into a new extract_tarball_to() helper, then deleted the inline loop. The second Edit's old_string accidentally included the call-site extract_tarball_to(&bytes, &tmp_dir)?; along with the dead comment block being deleted. Result: the helper was defined + unit-tested but never invoked from fetch_and_extract. Every set_embedder_named() download in v0.7.13 + v0.7.14 created the tmp_dir but never extracted anything — silently empty cache dir, then cache_is_populated() returned false and the error message said "expected files missing."

Worse than the original #15 bug (which only affected multilingual): v0.7.13/v0.7.14 broke ALL named-embedder downloads, including potion-base-8M and potion-base-32M that had been working since v0.7.2.

Fix in commit: restored the call + added a cleanup-on-error arm so a half-written tmp_dir doesn't survive a partial extract.

Sdist LICENSE path (v0.7.12 / v0.7.13 / v0.7.14 publish failure)

v0.7.12 switched the publish workflow from PyO3/maturin-action@v1 upload to pypa/gh-action-pypi-publish@release/v1, which strictly validates PEP 639 license metadata. PyPI started rejecting sdists with:

400 License-File LICENSE does not exist in distribution file
yantrikdb-X.Y.Z.tar.gz at yantrikdb-X.Y.Z/LICENSE

v0.7.14 attempted a fix by copying LICENSE into crates/yantrikdb-python/ (where maturin's manifest-path lives). But local maturin sdist + tar -tzf inspection — which I didn't run before claiming v0.7.14 fixed it — shows the copy landed at the nested path yantrikdb-0.7.14/crates/yantrikdb-python/LICENSE inside the sdist, not at the sdist root where PyPI's metadata validator expects it.

v0.7.15 fix: declare license-files = ["LICENSE"] in [project] of the root pyproject.toml. PEP 639-compliant approach tells maturin to package the listed file at the sdist root. Locally verified by running the exact PyPI-rejection-surface command:

$ tar -tzf yantrikdb-0.7.15.tar.gz | grep -i license
yantrikdb-0.7.15/LICENSE                          ← here ✓
yantrikdb-0.7.15/crates/yantrikdb-python/LICENSE  ← duplicate, harmless

What this means for users

Pre-v0.7.15:

| Operation | v0.7.13 / v0.7.14 |
|-----------|-------------------|
| pip install yantrikdb (wheel) | ✅ works |
| pip install yantrikdb --no-binary :all: (build from sdist) | ❌ "no matching distribution" |
| db.set_embedder_named("potion-base-8M") | ❌ "expected files missing" |
| db.set_embedder_named("potion-multilingual-128M") | ❌ "expected files missing" |
| db.with_default() (bundled embedder) | ✅ works |

v0.7.15: all four work.

Discipline reflection

Both regressions shared the same root cause: I claimed each fix shipped without running the exact command that catches the bug.

For #26: unit tests for the helper passed but the integration path was never exercised.
For LICENSE-in-sdist: cargo build + cargo test were green but maturin sdist + tar -tzf (the actual PyPI rejection surface) was never inspected.

The "user-side smoke" discipline I've been claiming to adopt applies here, but I narrowed it too much. The new procedural rule (saved to memory): when fixing a specific failure mode, the verification command must be the actual command that fails — don't substitute "near" verification (compile success, unit test pass) for "far" verification (actual rejection surface).

Verification (this release)

Full local CI sweep + actual rejection surfaces, all green BEFORE push:

tar -tzf yantrikdb-0.7.15.tar.gz | grep LICENSE → file present at sdist root
cargo fmt --all -- --check: PASS
flake8 src/ tests/ --select=E9,F63,F7,F82: 0 issues
pylint src/yantrikdb tests/ --disable=C,R,W --enable=E,F: exit 0
cargo clippy --all-targets --all-features --workspace --exclude yantrikdb-python -- --cap-lints warn: clean warnings
cargo test --workspace --exclude yantrikdb-python: 1422 default / 1411 slim
pytest tests/: 220 passed
maturin develop --release: clean install
CI on PR #27: 3 required checks GREEN + windows-latest GREEN + macos-14 GREEN (confirms PR #25's macOS-14 failure was the rustup-init infra flake, not our code)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track YantrikDB

Get notified when new releases ship.

About YantrikDB

All releases →

Related context

Related tools

Earlier breaking changes

v0.7.20 `correct()` now mutates in place, preserving rid and adding revision history (BREAKING CHANGE).
v0.7.9 Pure-additive; existing engines keep English models on v0.1.0.