memvid

v2.0.139

Release Date: March 13, 2026

Overview

This release completes the fix for MV005 (Time index track is invalid: frame id out of range) by extending graceful stale frame_id handling to all search paths — find(), ask(), Tantivy, lex fallback, vec search, and temporal metadata lookups.

🐛 Bug Fixes

MV005 crash in find() and ask() search paths — Issue #196 (continued)

• v2.0.138 fixed the timeline.rs path only; stale frame_ids in Tantivy evaluation, snippet assembly, lex fallback, and temporal metadata lookups still caused hard crashes
• All 5 search-path locations now gracefully skip stale frame_ids with tracing::warn! instead of returning MV005 errors
• Added stale_index_skips counter on SearchResponse so callers can detect index degradation
• Exposed stale_index_skips in both Python and Node SDK responses (only present when > 0)
• CLI search command updated to include the new field

Root cause: Search indexes (Tantivy/lex) can hold frame_ids that no longer exist in toc.frames due to instant_index writing WAL sequence numbers, stale on-disk lex segments, or reopening files where the index loaded from a prior state.

📚 Related Issues

• #196 — ask() fails with "Time index track is invalid: frame id out of range"
• #204 — commit() raises AttributeError on _MemvidCore (tracked, not addressed in this release)

v2.0.138

Release Date: March 3, 2026

Overview

This release fixes two SDK issues: lex_enabled/vec_enabled state not persisting after re-opening .mv2 files, and ask() crashing with "frame id out of range" on files with inconsistent time indexes.

🐛 Bug Fixes

lex_enabled/vec_enabled reset to None on re-open — Issue #194

• Added lex_enabled and vec_enabled fields to the core Stats struct so SDKs can read runtime search engine state
• Python SDK now auto-detects vec_available from disk state when opening a file (matches the pattern already used in ask())
• stats() in both Python and Node SDKs now includes lex_enabled and vec_enabled keys
• Previously, use() with default enable_vec=False would report vec_available=false even when the file contained a vec index, causing find(mode="semantic") to error immediately

ask() "frame id out of range" on fresh .mv2 files — Issue #196

• build_timeline() now gracefully skips time index entries that reference out-of-range frame IDs instead of returning a hard error
• Logs a tracing::warn! for observability when skipping invalid entries
• This matches the existing graceful-skip pattern used in ask.rs fallback timeline responses

📚 Related Issues

• #194 — lex_enabled/vec_enabled reset to None on re-open
• #196 — ask() "frame id out of range" on fresh .mv2 files

v2.0.157

Release Date: February 15, 2026

Overview

This release adds a structured XLSX extraction pipeline with table detection, OOXML metadata parsing, and semantic chunking. It also removes a vulnerable xlsx (SheetJS) dependency from the Node SDK, fixes the CLI deploy pipeline for proprietary crate handling, and includes clippy/lint fixes and documentation updates.

🚀 New Features

Structured XLSX Extraction Pipeline (memvid-core)

• New XlsxReader::extract_structured() API for high-accuracy spreadsheet extraction
• Automatic table boundary and header detection via heuristics and OOXML table definitions
• Row-aligned semantic chunking that never splits rows across chunk boundaries
• Formats rows as Header: Value | Header: Value pairs for optimal search accuracy
• OOXML metadata parsing: number formats (dates, currency, percentages), merged cell regions, named table definitions
• Column type inference (text, integer, float, date, currency, percentage, boolean)
• Backward-compatible flat text output alongside structured chunks
• New modules: xlsx_chunker, xlsx_ooxml, xlsx_table_detect

Remove Vulnerable xlsx Dependency — Issue #198

• Removed SheetJS [email protected] from @memvid/sdk (CVE-2024-22363, CVE-2023-30533)
• Production code already used ExcelJS — only example files were updated
• Downstream users no longer receive Dependabot security alerts from @memvid/sdk

CLI Deploy Fix: Proprietary Crate Handling

• Made memvid-ghostpack optional in memvid-ask-model and removed from workspace members
• CI builds no longer fail when proprietary crates are absent (.gitignore'd)
• Ghost model kind returns a clean error when the runtime is unavailable

🐛 Bug Fixes

• Fixed clippy pedantic lints (implicit_clone, cast_possible_truncation)
• Fixed dead_code warning for propagate_merged_cells
• Resolved VecIndexManifest model field lint
• xlsx_structured tests now gracefully skip on CI when fixture file is absent

📝 Documentation

• Chinese (Simplified) README translation (#193 by @nightire)
• README updates (@mo-omar-0197)

📚 Related Issues & PRs

• #198 — Remove vulnerable xlsx (SheetJS) dependency (@intergrado-cg report, @Olow304 fix)
• #193 — Chinese README translation (@nightire, merged by @sharafdin)

🙏 Contributors

Thank you to all contributors who made this release possible:

• @Olow304 — Structured XLSX pipeline, xlsx vulnerability fix, CLI deploy fix, clippy/lint cleanup
• @nightire — Chinese (Simplified) README translation
• @sharafdin — PR review and merge
• @mo-omar-0197 — README updates
• @intergrado-cg — Reported xlsx security vulnerability (#198)

Release Date: February 6, 2026

Overview

This release adds frame-level ACL (Access Control Lists), vector index model consistency enforcement, symspell data corruption fixes, and several CI/build improvements. It also includes README documentation updates and ONNX Runtime noise suppression on macOS.

🚀 New Features

Frame-Level ACL Enforcement

• Added ACL (Access Control List) plumbing across search, ask, and replay paths
• Per-frame access control enables fine-grained permission enforcement on chunks
• Robustness fixes for ACL boundary conditions
• New tests and benchmark/example updates for ACL workflows

Vector Index Model Consistency (PR #188)

• Enforces strict binding between vector index and embedding model
• Prevents silent model mismatch corruption when switching embedding providers
• Ensures vector search results are always consistent with the model used at index time

SymSpell Cleanup Fix & Dictionary Tooling (PR #187)

• Fixed symspell_cleanup data corruption bug
• Added dictionary download tooling for easier setup
• More reliable spell-correction preprocessing for search queries

OpenAI API Embedding Provider (PR #173)

• Added OpenAI API as an embedding provider option
• Enables using OpenAI embeddings alongside local ONNX models
• Flexible embedding backend selection

🐛 Bug Fixes

ONNX Runtime Stderr Suppression (macOS)

• Suppressed noisy ONNX Runtime warnings on macOS stderr
• Cleaner console output during normal operation

CI Build Fixes

• Added missing #[cfg(feature = "lex")] guards for tantivy-dependent code
• Fixed CI cache key to use Cargo.toml hash instead of missing Cargo.lock
• Committed Cargo.lock for reproducible CI builds
• Moved target-specific deps section after main dependencies
• Ran cargo fmt on clip.rs and text_embed.rs

Lint Fixes

• Resolved redundant closure lints in tantivy.rs and search/mod.rs
• General lint formatting cleanup

📝 Documentation

• Added Memvid v1 deprecation warning to README (@sharafdin)
• README updates and improvements (@mo-omar-0197)

📊 Performance & Reliability

• ACL enforcement: Zero-overhead when no ACL policy is set
• Model consistency: Prevents silent search quality degradation from model mismatch
• SymSpell fix: Eliminates data corruption in spell-correction preprocessing

📚 Related Pull Requests

• #188 — feat: enforce vector index model consistency (@0x-pankaj)
• #187 — feat: fix symspell_cleanup data corruption and add dictionary tooling (@0x-pankaj)
• #173 — feat: add OpenAI API embedding provider (@0x-pankaj)
• Direct push — Frame-level ACL enforcement across search/ask/replay (@Olow304)

🎯 Migration Notes

For Users

• No breaking changes — all existing .mv2 files remain compatible
• ACL is opt-in; existing memories work without any ACL configuration
• Vector model consistency is enforced automatically on new indexes

For Developers

• New aclScope field available on API keys (nullable, no migration needed)
• ACL types available in types/acl.rs
• Embedding model is now strictly bound to vector index at creation time

🙏 Contributors

Thank you to all contributors who made this release possible:

• @Olow304 — ACL enforcement, CI fixes, lint cleanup
• @0x-pankaj — Vector model consistency, symspell fix, OpenAI embeddings
• @sharafdin — Documentation (deprecation notice)
• @mo-omar-0197 — README updates