@jcode.labs/mimir 0.3.0 → 0.4.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +284 -40
- package/dist/chunking.d.ts.map +1 -1
- package/dist/chunking.js +6 -3
- package/dist/chunking.js.map +1 -1
- package/dist/cli.js +121 -9
- package/dist/cli.js.map +1 -1
- package/dist/config.d.ts.map +1 -1
- package/dist/config.js +50 -36
- package/dist/config.js.map +1 -1
- package/dist/defaults.d.ts +11 -0
- package/dist/defaults.d.ts.map +1 -0
- package/dist/defaults.js +31 -0
- package/dist/defaults.js.map +1 -0
- package/dist/embeddings.d.ts.map +1 -1
- package/dist/embeddings.js +85 -11
- package/dist/embeddings.js.map +1 -1
- package/dist/files.d.ts +2 -1
- package/dist/files.d.ts.map +1 -1
- package/dist/files.js +39 -2
- package/dist/files.js.map +1 -1
- package/dist/gitignore.d.ts +1 -1
- package/dist/gitignore.d.ts.map +1 -1
- package/dist/gitignore.js +8 -7
- package/dist/gitignore.js.map +1 -1
- package/dist/ingest.d.ts.map +1 -1
- package/dist/ingest.js +2 -1
- package/dist/ingest.js.map +1 -1
- package/dist/init.d.ts.map +1 -1
- package/dist/init.js +4 -24
- package/dist/init.js.map +1 -1
- package/dist/mcp.d.ts.map +1 -1
- package/dist/mcp.js +14 -13
- package/dist/mcp.js.map +1 -1
- package/dist/parsing.d.ts.map +1 -1
- package/dist/parsing.js +138 -0
- package/dist/parsing.js.map +1 -1
- package/dist/query.d.ts.map +1 -1
- package/dist/query.js +14 -22
- package/dist/query.js.map +1 -1
- package/dist/security.js +16 -18
- package/dist/security.js.map +1 -1
- package/dist/skill.d.ts +2 -1
- package/dist/skill.d.ts.map +1 -1
- package/dist/skill.js +24 -9
- package/dist/skill.js.map +1 -1
- package/dist/store.d.ts.map +1 -1
- package/dist/store.js +2 -1
- package/dist/store.js.map +1 -1
- package/dist/types.d.ts +12 -14
- package/dist/types.d.ts.map +1 -1
- package/dist/version.d.ts +1 -1
- package/dist/version.js +1 -1
- package/examples/sovereign-rag-demo/.kb/config.json +22 -0
- package/examples/sovereign-rag-demo/.kb/sources.txt +2 -0
- package/examples/sovereign-rag-demo/README.md +80 -0
- package/examples/sovereign-rag-demo/raw/dataset-inventory.csv +5 -0
- package/examples/sovereign-rag-demo/raw/incident-timeline.jsonl +4 -0
- package/examples/sovereign-rag-demo/raw/operations-brief.md +16 -0
- package/examples/sovereign-rag-demo/raw/review-notes.evidence +11 -0
- package/examples/sovereign-rag-demo/raw/security-policy.yaml +14 -0
- package/package.json +23 -29
- package/skills/mimir/SKILL.md +66 -5
- package/skills/mimir-audio-summary/SKILL.md +140 -0
- package/skills/mimir-audio-summary/forge-voice.sh +150 -0
- package/skills/mimir-audio-summary/split-lines.py +13 -0
- package/skills/mimir-audio-summary/xtts-voice.py +46 -0
- package/CHANGELOG.md +0 -28
- package/SECURITY-HARDENING.md +0 -156
- package/SECURITY.md +0 -21
- package/dist/network.d.ts +0 -4
- package/dist/network.d.ts.map +0 -1
- package/dist/network.js +0 -59
- package/dist/network.js.map +0 -1
package/dist/security.js
CHANGED
|
@@ -2,41 +2,38 @@ import { existsSync } from "node:fs";
|
|
|
2
2
|
import { readFile } from "node:fs/promises";
|
|
3
3
|
import path from "node:path";
|
|
4
4
|
import { loadConfig } from "./config.js";
|
|
5
|
-
import {
|
|
5
|
+
import { KB_GITIGNORE_ENTRY, MIMIR_GITIGNORE_ENTRY, PRIVATE_GITIGNORE_ENTRY } from "./defaults.js";
|
|
6
6
|
export async function securityAudit(cwd = process.cwd()) {
|
|
7
7
|
const config = await loadConfig(cwd);
|
|
8
8
|
const gitignore = await readGitignore(config.projectRoot);
|
|
9
|
-
const network = classifyHost(config.ollamaHost);
|
|
10
9
|
const warnings = [];
|
|
11
|
-
const kbIgnored = hasGitignoreEntry(gitignore,
|
|
12
|
-
const mimirIgnored = hasGitignoreEntry(gitignore,
|
|
13
|
-
const privateIgnored = hasGitignoreEntry(gitignore,
|
|
14
|
-
if (config.
|
|
15
|
-
warnings.push("
|
|
16
|
-
}
|
|
17
|
-
if (config.networkPolicy === "local-only" && network.kind !== "loopback") {
|
|
18
|
-
warnings.push("networkPolicy is local-only but ollamaHost is not loopback.");
|
|
10
|
+
const kbIgnored = hasGitignoreEntry(gitignore, KB_GITIGNORE_ENTRY);
|
|
11
|
+
const mimirIgnored = hasGitignoreEntry(gitignore, MIMIR_GITIGNORE_ENTRY);
|
|
12
|
+
const privateIgnored = hasGitignoreEntry(gitignore, PRIVATE_GITIGNORE_ENTRY);
|
|
13
|
+
if (config.embeddingProvider === "transformers" && config.transformersAllowRemoteModels) {
|
|
14
|
+
warnings.push("Transformers remote model loading is enabled; model files can be downloaded from Hugging Face.");
|
|
19
15
|
}
|
|
20
16
|
if (!config.redaction.enabled) {
|
|
21
17
|
warnings.push("Redaction is disabled; secrets and identifiers may be embedded in the index.");
|
|
22
18
|
}
|
|
23
19
|
if (!kbIgnored) {
|
|
24
|
-
warnings.push(
|
|
20
|
+
warnings.push(`${KB_GITIGNORE_ENTRY} is not ignored by Git.`);
|
|
25
21
|
}
|
|
26
22
|
if (!mimirIgnored) {
|
|
27
|
-
warnings.push(
|
|
23
|
+
warnings.push(`${MIMIR_GITIGNORE_ENTRY} is not ignored by Git.`);
|
|
28
24
|
}
|
|
29
25
|
if (!privateIgnored) {
|
|
30
|
-
warnings.push(
|
|
26
|
+
warnings.push(`${PRIVATE_GITIGNORE_ENTRY} is not ignored by Git.`);
|
|
31
27
|
}
|
|
32
28
|
return {
|
|
33
29
|
projectRoot: config.projectRoot,
|
|
34
30
|
zeroTelemetry: true,
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
31
|
+
providers: {
|
|
32
|
+
embedding: config.embeddingProvider,
|
|
33
|
+
embeddingModel: config.embeddingModel,
|
|
34
|
+
embeddingModelPath: config.embeddingModelPath,
|
|
35
|
+
transformersAllowRemoteModels: config.transformersAllowRemoteModels,
|
|
36
|
+
llmGeneration: false,
|
|
40
37
|
},
|
|
41
38
|
redaction: {
|
|
42
39
|
enabled: config.redaction.enabled,
|
|
@@ -66,6 +63,7 @@ export async function securityAudit(cwd = process.cwd()) {
|
|
|
66
63
|
"Run Mimir inside an encrypted disk, VM, or container volume for at-rest encryption.",
|
|
67
64
|
"Use npm provenance, release checksums, and the generated SBOM for release verification.",
|
|
68
65
|
"Use one repository checkout per trust boundary; Mimir does not implement multi-user RBAC.",
|
|
66
|
+
"Use an external agent, MCP server, or local model runtime for LLM synthesis.",
|
|
69
67
|
],
|
|
70
68
|
warnings,
|
|
71
69
|
};
|
package/dist/security.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"security.js","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAA;AAC3C,OAAO,IAAI,MAAM,WAAW,CAAA;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,
|
|
1
|
+
{"version":3,"file":"security.js","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAA;AACpC,OAAO,EAAE,QAAQ,EAAE,MAAM,kBAAkB,CAAA;AAC3C,OAAO,IAAI,MAAM,WAAW,CAAA;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AACxC,OAAO,EAAE,kBAAkB,EAAE,qBAAqB,EAAE,uBAAuB,EAAE,MAAM,eAAe,CAAA;AAGlG,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE;IACrD,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,GAAG,CAAC,CAAA;IACpC,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,WAAW,CAAC,CAAA;IACzD,MAAM,QAAQ,GAAa,EAAE,CAAA;IAE7B,MAAM,SAAS,GAAG,iBAAiB,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAA;IAClE,MAAM,YAAY,GAAG,iBAAiB,CAAC,SAAS,EAAE,qBAAqB,CAAC,CAAA;IACxE,MAAM,cAAc,GAAG,iBAAiB,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAA;IAE5E,IAAI,MAAM,CAAC,iBAAiB,KAAK,cAAc,IAAI,MAAM,CAAC,6BAA6B,EAAE,CAAC;QACxF,QAAQ,CAAC,IAAI,CACX,gGAAgG,CACjG,CAAA;IACH,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;QAC9B,QAAQ,CAAC,IAAI,CAAC,8EAA8E,CAAC,CAAA;IAC/F,CAAC;IACD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC,GAAG,kBAAkB,yBAAyB,CAAC,CAAA;IAC/D,CAAC;IACD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,QAAQ,CAAC,IAAI,CAAC,GAAG,qBAAqB,yBAAyB,CAAC,CAAA;IAClE,CAAC;IACD,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC,GAAG,uBAAuB,yBAAyB,CAAC,CAAA;IACpE,CAAC;IAED,OAAO;QACL,WAAW,EAAE,MAAM,CAAC,WAAW;QAC/B,aAAa,EAAE,IAAI;QACnB,SAAS,EAAE;YACT,SAAS,EAAE,MAAM,CAAC,iBAAiB;YACnC,cAAc,EAAE,MAAM,CAAC,cAAc;YACrC,kBAAkB,EAAE,MAAM,CAAC,kBAAkB;YAC7C,6BAA6B,EAAE,MAAM,CAAC,6BAA6B;YACnE,aAAa,EAAE,KAAK;SACrB;QACD,SAAS,EAAE;YACT,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO;YACjC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,OAAO;YACjC,cAAc,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;SACzE;QACD,SAAS,EAAE;YACT,OAAO,EAAE,MAAM,CAAC,SAAS;YACzB,IAAI,EAAE,MAAM,CAAC,aAAa;YAC1B,gBAAgB,EAAE,KAAK;SACxB;QACD,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAC,UAAU;YACvB,UAAU,EAAE,SAAS;YACrB,eAAe,EAAE,mBAAmB;SACrC;QACD,GAAG,EAAE;YACH,OAAO,EAAE,MAAM,CAAC,UAAU;YAC1B,uBAAuB,EAAE,KAAK;SAC/B;QACD,SAAS,EAAE;YACT,SAAS;YACT,YAAY;YACZ,cAAc;SACf;QACD,eAAe,EAAE;YACf,qFAAqF;YACrF,yFAAyF;YACzF,2FAA2F;YAC3F,8EAA8E;SAC/E;QACD,QAAQ;KACT,CAAA;AACH,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,WAAmB;IAC9C,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,YAAY,CAAC,CAAA;IAC1D,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;QAC/B,OAAO,IAAI,GAAG,EAAE,CAAA;IAClB,CAAC;IAED,OAAO,IAAI,GAAG,CACZ,CAAC,MAAM,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;SACpC,KAAK,CAAC,OAAO,CAAC;SACd,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,OAAO,CAAC,CACnB,CAAA;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAkB,EAAE,KAAa;IAC1D,OAAO,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,CAAA;AACzB,CAAC"}
|
package/dist/skill.d.ts
CHANGED
|
@@ -4,10 +4,11 @@ export interface InstallSkillOptions {
|
|
|
4
4
|
}
|
|
5
5
|
export interface InstallSkillResult {
|
|
6
6
|
skillPath: string;
|
|
7
|
+
audioSkillPath: string;
|
|
7
8
|
mcpConfigPath: string;
|
|
8
9
|
readmePath: string;
|
|
9
10
|
written: string[];
|
|
10
11
|
}
|
|
11
|
-
export declare function bundledSkillPath(): string;
|
|
12
|
+
export declare function bundledSkillPath(skillName?: string): string;
|
|
12
13
|
export declare function installSkill(options?: InstallSkillOptions): Promise<InstallSkillResult>;
|
|
13
14
|
//# sourceMappingURL=skill.d.ts.map
|
package/dist/skill.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"skill.d.ts","sourceRoot":"","sources":["../src/skill.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"skill.d.ts","sourceRoot":"","sources":["../src/skill.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,mBAAmB;IAClC,GAAG,CAAC,EAAE,MAAM,CAAA;IACZ,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAA;IACjB,cAAc,EAAE,MAAM,CAAA;IACtB,aAAa,EAAE,MAAM,CAAA;IACrB,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,MAAM,EAAE,CAAA;CAClB;AAMD,wBAAgB,gBAAgB,CAAC,SAAS,SAAqB,GAAG,MAAM,CAEvE;AAED,wBAAsB,YAAY,CAAC,OAAO,GAAE,mBAAwB,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAoCjG"}
|
package/dist/skill.js
CHANGED
|
@@ -1,27 +1,32 @@
|
|
|
1
1
|
import { cp, mkdir, writeFile } from "node:fs/promises";
|
|
2
2
|
import path from "node:path";
|
|
3
3
|
import { fileURLToPath } from "node:url";
|
|
4
|
+
import { DEFAULT_SKILL_TARGET_DIR, MIMIR_DIR } from "./defaults.js";
|
|
4
5
|
import { ensureMimirGitignore } from "./gitignore.js";
|
|
5
6
|
const PACKAGE_ROOT = path.dirname(path.dirname(fileURLToPath(import.meta.url)));
|
|
6
|
-
const
|
|
7
|
-
|
|
8
|
-
|
|
7
|
+
const PRIMARY_SKILL_NAME = "mimir";
|
|
8
|
+
const AUDIO_SKILL_NAME = "mimir-audio-summary";
|
|
9
|
+
export function bundledSkillPath(skillName = PRIMARY_SKILL_NAME) {
|
|
10
|
+
return path.join(PACKAGE_ROOT, "skills", skillName);
|
|
9
11
|
}
|
|
10
12
|
export async function installSkill(options = {}) {
|
|
11
13
|
const cwd = path.resolve(options.cwd ?? process.cwd());
|
|
12
|
-
const targetDir = path.resolve(cwd, options.targetDir ??
|
|
13
|
-
const skillPath = path.join(targetDir,
|
|
14
|
-
const
|
|
14
|
+
const targetDir = path.resolve(cwd, options.targetDir ?? DEFAULT_SKILL_TARGET_DIR);
|
|
15
|
+
const skillPath = path.join(targetDir, PRIMARY_SKILL_NAME);
|
|
16
|
+
const audioSkillPath = path.join(targetDir, AUDIO_SKILL_NAME);
|
|
17
|
+
const mimirDir = path.resolve(cwd, MIMIR_DIR);
|
|
15
18
|
const mcpConfigPath = path.join(mimirDir, "mcp.json");
|
|
16
19
|
const readmePath = path.join(mimirDir, "README.md");
|
|
17
20
|
await mkdir(targetDir, { recursive: true });
|
|
18
21
|
await mkdir(mimirDir, { recursive: true });
|
|
19
|
-
await cp(bundledSkillPath(), skillPath, { recursive: true, force: true });
|
|
22
|
+
await cp(bundledSkillPath(PRIMARY_SKILL_NAME), skillPath, { recursive: true, force: true });
|
|
23
|
+
await cp(bundledSkillPath(AUDIO_SKILL_NAME), audioSkillPath, { recursive: true, force: true });
|
|
20
24
|
await writeFile(mcpConfigPath, `${JSON.stringify(mcpConfig(cwd), null, 2)}\n`, "utf8");
|
|
21
|
-
await writeFile(readmePath, agentKitReadme(skillPath, mcpConfigPath), "utf8");
|
|
25
|
+
await writeFile(readmePath, agentKitReadme(skillPath, audioSkillPath, mcpConfigPath), "utf8");
|
|
22
26
|
const wroteGitignore = await ensureMimirGitignore(cwd);
|
|
23
27
|
const written = [
|
|
24
28
|
path.relative(cwd, skillPath),
|
|
29
|
+
path.relative(cwd, audioSkillPath),
|
|
25
30
|
path.relative(cwd, mcpConfigPath),
|
|
26
31
|
path.relative(cwd, readmePath),
|
|
27
32
|
];
|
|
@@ -30,6 +35,7 @@ export async function installSkill(options = {}) {
|
|
|
30
35
|
}
|
|
31
36
|
return {
|
|
32
37
|
skillPath,
|
|
38
|
+
audioSkillPath,
|
|
33
39
|
mcpConfigPath,
|
|
34
40
|
readmePath,
|
|
35
41
|
written,
|
|
@@ -46,7 +52,7 @@ function mcpConfig(cwd) {
|
|
|
46
52
|
},
|
|
47
53
|
};
|
|
48
54
|
}
|
|
49
|
-
function agentKitReadme(skillPath, mcpConfigPath) {
|
|
55
|
+
function agentKitReadme(skillPath, audioSkillPath, mcpConfigPath) {
|
|
50
56
|
return `# Mimir Agent Kit
|
|
51
57
|
|
|
52
58
|
This folder contains portable agent instructions for Mimir.
|
|
@@ -61,6 +67,15 @@ ${skillPath}
|
|
|
61
67
|
|
|
62
68
|
Agents that support skill folders can load that folder directly.
|
|
63
69
|
|
|
70
|
+
Optional audio-summary skill folder:
|
|
71
|
+
|
|
72
|
+
\`\`\`plain text
|
|
73
|
+
${audioSkillPath}
|
|
74
|
+
\`\`\`
|
|
75
|
+
|
|
76
|
+
Use it only when the user asks for a listenable summary. It renders generated audio under ignored
|
|
77
|
+
local Mimir state by default and prefers offline TTS engines for confidential content.
|
|
78
|
+
|
|
64
79
|
## MCP
|
|
65
80
|
|
|
66
81
|
MCP config example:
|
package/dist/skill.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"skill.js","sourceRoot":"","sources":["../src/skill.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AACvD,OAAO,IAAI,MAAM,WAAW,CAAA;AAC5B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;
|
|
1
|
+
{"version":3,"file":"skill.js","sourceRoot":"","sources":["../src/skill.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAA;AACvD,OAAO,IAAI,MAAM,WAAW,CAAA;AAC5B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAA;AACxC,OAAO,EAAE,wBAAwB,EAAE,SAAS,EAAE,MAAM,eAAe,CAAA;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,gBAAgB,CAAA;AAerD,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA;AAC/E,MAAM,kBAAkB,GAAG,OAAO,CAAA;AAClC,MAAM,gBAAgB,GAAG,qBAAqB,CAAA;AAE9C,MAAM,UAAU,gBAAgB,CAAC,SAAS,GAAG,kBAAkB;IAC7D,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAA;AACrD,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,UAA+B,EAAE;IAClE,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAA;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,SAAS,IAAI,wBAAwB,CAAC,CAAA;IAClF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAA;IAC1D,MAAM,cAAc,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,gBAAgB,CAAC,CAAA;IAC7D,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,CAAC,CAAA;IAC7C,MAAM,aAAa,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAA;IACrD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAA;IAEnD,MAAM,KAAK,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IAC3C,MAAM,KAAK,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IAC1C,MAAM,EAAE,CAAC,gBAAgB,CAAC,kBAAkB,CAAC,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;IAC3F,MAAM,EAAE,CAAC,gBAAgB,CAAC,gBAAgB,CAAC,EAAE,cAAc,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAA;IAE9F,MAAM,SAAS,CAAC,aAAa,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAA;IACtF,MAAM,SAAS,CAAC,UAAU,EAAE,cAAc,CAAC,SAAS,EAAE,cAAc,EAAE,aAAa,CAAC,EAAE,MAAM,CAAC,CAAA;IAC7F,MAAM,cAAc,GAAG,MAAM,oBAAoB,CAAC,GAAG,CAAC,CAAA;IAEtD,MAAM,OAAO,GAAG;QACd,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,SAAS,CAAC;QAC7B,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,cAAc,CAAC;QAClC,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,aAAa,CAAC;QACjC,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,UAAU,CAAC;KAC/B,CAAA;IAED,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;IAC5B,CAAC;IAED,OAAO;QACL,SAAS;QACT,cAAc;QACd,aAAa;QACb,UAAU;QACV,OAAO;KACR,CAAA;AACH,CAAC;AAED,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO;QACL,UAAU,EAAE;YACV,KAAK,EAAE;gBACL,OAAO,EAAE,MAAM;gBACf,IAAI,EAAE,CAAC,MAAM,EAAE,IAAI,EAAE,WAAW,CAAC;gBACjC,GAAG;aACJ;SACF;KACF,CAAA;AACH,CAAC;AAED,SAAS,cAAc,CAAC,SAAiB,EAAE,cAAsB,EAAE,aAAqB;IACtF,OAAO;;;;;;;;;EASP,SAAS;;;;;;;;EAQT,cAAc;;;;;;;;;;;EAWd,aAAa;;;;;;;;;CASd,CAAA;AACD,CAAC"}
|
package/dist/store.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAA;AAC3C,OAAO,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AAEnD,wBAAsB,SAAS,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"store.d.ts","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAA;AAC3C,OAAO,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,YAAY,CAAA;AAEnD,wBAAsB,SAAS,CAAC,IAAI,EAAE,SAAS,EAAE,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAgBhF;AAED,wBAAsB,aAAa,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAOjF;AAED,wBAAsB,SAAS,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAG/D"}
|
package/dist/store.js
CHANGED
package/dist/store.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAA;AACxC,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAA;AAG3C,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAiB,EAAE,MAAc;IAC/D,MAAM,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACnD,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IAEnD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,UAAU,EAAE,CAAA;QACxC,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1C,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACtC,CAAC;QACD,OAAM;IACR,CAAC;IAED,MAAM,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,EAAE,
|
|
1
|
+
{"version":3,"file":"store.js","sourceRoot":"","sources":["../src/store.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,kBAAkB,CAAA;AACxC,OAAO,KAAK,OAAO,MAAM,kBAAkB,CAAA;AAG3C,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,IAAiB,EAAE,MAAc;IAC/D,MAAM,KAAK,CAAC,MAAM,CAAC,UAAU,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;IACnD,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IAEnD,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACtB,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,UAAU,EAAE,CAAA;QACxC,IAAI,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;YAC1C,MAAM,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QACtC,CAAC;QACD,OAAM;IACR,CAAC;IAED,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,GAAG,EAAE,CAAC,CAAC,CAAA;IAC/C,MAAM,EAAE,CAAC,WAAW,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE;QAC9C,IAAI,EAAE,WAAW;KAClB,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,MAAc;IAChD,MAAM,EAAE,GAAG,MAAM,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAA;IACnD,MAAM,UAAU,GAAG,MAAM,EAAE,CAAC,UAAU,EAAE,CAAA;IACxC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC;QAC3C,OAAO,IAAI,CAAA;IACb,CAAC;IACD,OAAO,EAAE,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;AACvC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,MAAc;IAC5C,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,MAAM,CAAC,CAAA;IACzC,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC,CAAC,CAAA;AACtC,CAAC"}
|
package/dist/types.d.ts
CHANGED
|
@@ -5,19 +5,20 @@ export interface Config {
|
|
|
5
5
|
storageDir: string;
|
|
6
6
|
sourcesFile: string;
|
|
7
7
|
accessLogPath: string;
|
|
8
|
+
embeddingModelPath: string;
|
|
8
9
|
tableName: string;
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
llmModel: string;
|
|
10
|
+
embeddingProvider: EmbeddingProvider;
|
|
11
|
+
embeddingModel: string;
|
|
12
|
+
transformersAllowRemoteModels: boolean;
|
|
13
13
|
redaction: RedactionConfig;
|
|
14
14
|
accessLog: boolean;
|
|
15
15
|
mcpMaxTopK: number;
|
|
16
16
|
topK: number;
|
|
17
17
|
chunkSize: number;
|
|
18
18
|
chunkOverlap: number;
|
|
19
|
+
includeExtensions: string[];
|
|
19
20
|
}
|
|
20
|
-
export type
|
|
21
|
+
export type EmbeddingProvider = "local-hash" | "transformers";
|
|
21
22
|
export interface RedactionConfig {
|
|
22
23
|
enabled: boolean;
|
|
23
24
|
builtIn: boolean;
|
|
@@ -33,10 +34,6 @@ export interface RedactionCount {
|
|
|
33
34
|
name: string;
|
|
34
35
|
count: number;
|
|
35
36
|
}
|
|
36
|
-
export interface HostClassification {
|
|
37
|
-
kind: "loopback" | "private" | "remote" | "invalid";
|
|
38
|
-
host: string;
|
|
39
|
-
}
|
|
40
37
|
export interface SourceFile {
|
|
41
38
|
absolutePath: string;
|
|
42
39
|
relativePath: string;
|
|
@@ -110,11 +107,12 @@ export interface DestroyIndexResult {
|
|
|
110
107
|
export interface SecurityAuditReport {
|
|
111
108
|
projectRoot: string;
|
|
112
109
|
zeroTelemetry: true;
|
|
113
|
-
|
|
114
|
-
|
|
115
|
-
|
|
116
|
-
|
|
117
|
-
|
|
110
|
+
providers: {
|
|
111
|
+
embedding: EmbeddingProvider;
|
|
112
|
+
embeddingModel: string;
|
|
113
|
+
embeddingModelPath: string;
|
|
114
|
+
transformersAllowRemoteModels: boolean;
|
|
115
|
+
llmGeneration: false;
|
|
118
116
|
};
|
|
119
117
|
redaction: {
|
|
120
118
|
enabled: boolean;
|
package/dist/types.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAEvC,MAAM,WAAW,MAAM;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,aAAa,EAAE,MAAM,CAAA;IACrB,
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAA;AAEvC,MAAM,WAAW,MAAM;IACrB,WAAW,EAAE,MAAM,CAAA;IACnB,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;IAClB,WAAW,EAAE,MAAM,CAAA;IACnB,aAAa,EAAE,MAAM,CAAA;IACrB,kBAAkB,EAAE,MAAM,CAAA;IAC1B,SAAS,EAAE,MAAM,CAAA;IACjB,iBAAiB,EAAE,iBAAiB,CAAA;IACpC,cAAc,EAAE,MAAM,CAAA;IACtB,6BAA6B,EAAE,OAAO,CAAA;IACtC,SAAS,EAAE,eAAe,CAAA;IAC1B,SAAS,EAAE,OAAO,CAAA;IAClB,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,SAAS,EAAE,MAAM,CAAA;IACjB,YAAY,EAAE,MAAM,CAAA;IACpB,iBAAiB,EAAE,MAAM,EAAE,CAAA;CAC5B;AAED,MAAM,MAAM,iBAAiB,GAAG,YAAY,GAAG,cAAc,CAAA;AAE7D,MAAM,WAAW,eAAe;IAC9B,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,OAAO,CAAA;IAChB,QAAQ,EAAE,gBAAgB,EAAE,CAAA;CAC7B;AAED,MAAM,WAAW,gBAAgB;IAC/B,IAAI,EAAE,MAAM,CAAA;IACZ,OAAO,EAAE,MAAM,CAAA;IACf,KAAK,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;IAC1B,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;CACjC;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAA;IACZ,KAAK,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,UAAU;IACzB,YAAY,EAAE,MAAM,CAAA;IACpB,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,CAAA;CACjB;AAED,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,UAAU,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAA;IACV,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,CAAA;IAChB,KAAK,EAAE,MAAM,CAAA;IACb,OAAO,EAAE,MAAM,CAAA;CAChB;AAED,MAAM,WAAW,SAAU,SAAQ,SAAS;IAC1C,MAAM,EAAE,MAAM,EAAE,CAAA;CACjB;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,EAAE,QAAQ,CAAA;IACd,OAAO,CAAC,EAAE,OAAO,CAAA;CAClB;AAED,MAAM,WAAW,YAAY;IAC3B,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,MAAM,EAAE,KAAK,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CACjD;AAED,MAAM,WAAW,aAAa;IAC5B,GAAG,CAAC,EAAE,QAAQ,CAAA;IACd,IAAI,CAAC,EAAE,MAAM,CAAA;CACd;AAED,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,MAAM,CAAA;IACd,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,IAAI,EAAE,MAAM,CAAA;IACZ,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;CACxB;AAED,MAAM,WAAW,SAAS;IACxB,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,YAAY,EAAE,CAAA;CACxB;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,KAAK,CAAC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACvD,cAAc,EAAE,MAAM,EAAE,CAAA;IACxB,gBAAgB,EAAE,MAAM,EAAE,CAAA;IAC1B,YAAY,EAAE,MAAM,EAAE,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,kBAAkB;IACjC,UAAU,EAAE,MAAM,CAAA;IAClB,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,EAAE,MAAM,CAAA;CACb;AAED,MAAM,WAAW,mBAAmB;IAClC,WAAW,EAAE,MAAM,CAAA;IACnB,aAAa,EAAE,IAAI,CAAA;IACnB,SAAS,EAAE;QACT,SAAS,EAAE,iBAAiB,CAAA;QAC5B,cAAc,EAAE,MAAM,CAAA;QACtB,kBAAkB,EAAE,MAAM,CAAA;QAC1B,6BAA6B,EAAE,OAAO,CAAA;QACtC,aAAa,EAAE,KAAK,CAAA;KACrB,CAAA;IACD,SAAS,EAAE;QACT,OAAO,EAAE,OAAO,CAAA;QAChB,OAAO,EAAE,OAAO,CAAA;QAChB,cAAc,EAAE,MAAM,EAAE,CAAA;KACzB,CAAA;IACD,SAAS,EAAE;QACT,OAAO,EAAE,OAAO,CAAA;QAChB,IAAI,EAAE,MAAM,CAAA;QACZ,gBAAgB,EAAE,KAAK,CAAA;KACxB,CAAA;IACD,OAAO,EAAE;QACP,IAAI,EAAE,MAAM,CAAA;QACZ,UAAU,EAAE,OAAO,CAAA;QACnB,eAAe,EAAE,mBAAmB,CAAA;KACrC,CAAA;IACD,GAAG,EAAE;QACH,OAAO,EAAE,MAAM,CAAA;QACf,uBAAuB,EAAE,KAAK,CAAA;KAC/B,CAAA;IACD,SAAS,EAAE;QACT,SAAS,EAAE,OAAO,CAAA;QAClB,YAAY,EAAE,OAAO,CAAA;QACrB,cAAc,EAAE,OAAO,CAAA;KACxB,CAAA;IACD,eAAe,EAAE,MAAM,EAAE,CAAA;IACzB,QAAQ,EAAE,MAAM,EAAE,CAAA;CACnB"}
|
package/dist/version.d.ts
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export declare const VERSION = "0.
|
|
1
|
+
export declare const VERSION = "0.4.1";
|
|
2
2
|
//# sourceMappingURL=version.d.ts.map
|
package/dist/version.js
CHANGED
|
@@ -1,2 +1,2 @@
|
|
|
1
|
-
export const VERSION = "0.
|
|
1
|
+
export const VERSION = "0.4.1";
|
|
2
2
|
//# sourceMappingURL=version.js.map
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
{
|
|
2
|
+
"rawDir": "raw",
|
|
3
|
+
"storageDir": ".kb/storage",
|
|
4
|
+
"sourcesFile": ".kb/sources.txt",
|
|
5
|
+
"accessLogPath": ".kb/access.log",
|
|
6
|
+
"embeddingModelPath": ".mimir/models",
|
|
7
|
+
"tableName": "chunks",
|
|
8
|
+
"embeddingProvider": "local-hash",
|
|
9
|
+
"embeddingModel": "mixedbread-ai/mxbai-embed-xsmall-v1",
|
|
10
|
+
"transformersAllowRemoteModels": false,
|
|
11
|
+
"redaction": {
|
|
12
|
+
"enabled": true,
|
|
13
|
+
"builtIn": true,
|
|
14
|
+
"patterns": []
|
|
15
|
+
},
|
|
16
|
+
"accessLog": true,
|
|
17
|
+
"mcpMaxTopK": 10,
|
|
18
|
+
"topK": 5,
|
|
19
|
+
"chunkSize": 900,
|
|
20
|
+
"chunkOverlap": 120,
|
|
21
|
+
"includeExtensions": [".evidence"]
|
|
22
|
+
}
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
# Sovereign RAG Demo
|
|
2
|
+
|
|
3
|
+
Synthetic test workspace for Mimir. It is intentionally safe to commit: every document is fictional,
|
|
4
|
+
generic, and designed only to exercise local ingestion, retrieval, redaction, custom extensions, and
|
|
5
|
+
security-audit flows.
|
|
6
|
+
|
|
7
|
+
This folder must never contain real-world sensitive, regulated, or production documents.
|
|
8
|
+
|
|
9
|
+
## What It Covers
|
|
10
|
+
|
|
11
|
+
- Markdown operational briefs.
|
|
12
|
+
- CSV dataset inventories.
|
|
13
|
+
- JSONL incident timelines.
|
|
14
|
+
- YAML policy metadata.
|
|
15
|
+
- A custom `.evidence` text extension enabled through `.kb/config.json`.
|
|
16
|
+
|
|
17
|
+
## Run From This Repository Checkout
|
|
18
|
+
|
|
19
|
+
Build Mimir once from the repository root:
|
|
20
|
+
|
|
21
|
+
```bash
|
|
22
|
+
pnpm build
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
Then run the CLI from this folder:
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
cd examples/sovereign-rag-demo
|
|
29
|
+
node ../../dist/cli.js security-audit
|
|
30
|
+
node ../../dist/cli.js ingest
|
|
31
|
+
node ../../dist/cli.js search "offline retrieval approval"
|
|
32
|
+
node ../../dist/cli.js search "dataset residency"
|
|
33
|
+
node ../../dist/cli.js ask "What evidence supports offline operation?"
|
|
34
|
+
node ../../dist/cli.js audit
|
|
35
|
+
node ../../dist/cli.js status
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
This example uses `embeddingProvider: "local-hash"`, so it does not require a model runtime.
|
|
39
|
+
Retrieval is lexical/hash-based rather than model-semantic.
|
|
40
|
+
|
|
41
|
+
## Useful Test Queries
|
|
42
|
+
|
|
43
|
+
- `offline retrieval approval`
|
|
44
|
+
- `dataset residency`
|
|
45
|
+
- `incident containment evidence`
|
|
46
|
+
- `who owns the usage review`
|
|
47
|
+
- `what documents support sovereign deployment`
|
|
48
|
+
|
|
49
|
+
## Switch To Transformers Semantic Mode
|
|
50
|
+
|
|
51
|
+
To compare no-model retrieval with semantic local retrieval, change `.kb/config.json`:
|
|
52
|
+
|
|
53
|
+
```json
|
|
54
|
+
{
|
|
55
|
+
"embeddingProvider": "transformers",
|
|
56
|
+
"embeddingModel": "mixedbread-ai/mxbai-embed-xsmall-v1",
|
|
57
|
+
"embeddingModelPath": ".mimir/models",
|
|
58
|
+
"transformersAllowRemoteModels": false
|
|
59
|
+
}
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
Preload the model files under `.mimir/models` for offline work, then rebuild the index:
|
|
63
|
+
|
|
64
|
+
```bash
|
|
65
|
+
node ../../dist/cli.js ingest
|
|
66
|
+
node ../../dist/cli.js ask "What documents support sovereign deployment?"
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
## Generated State
|
|
70
|
+
|
|
71
|
+
Generated state stays local and ignored:
|
|
72
|
+
|
|
73
|
+
```plain text
|
|
74
|
+
.kb/storage/
|
|
75
|
+
.kb/access.log
|
|
76
|
+
.mimir/
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
Do not replace these synthetic documents with real confidential files inside the Mimir package
|
|
80
|
+
repository.
|
|
@@ -0,0 +1,5 @@
|
|
|
1
|
+
dataset,source_type,data_residency,network_access,review_status
|
|
2
|
+
Example Notes,markdown notes,local only,none,approved
|
|
3
|
+
Example Model Card,model metadata,local repository,none,approved
|
|
4
|
+
Example Audio Draft,generated summary,local only,none,approved with offline TTS
|
|
5
|
+
Example Remote Transcript,transcription sample,remote processing,internet,rejected for confidential tests
|
|
@@ -0,0 +1,4 @@
|
|
|
1
|
+
{"date":"2026-02-12","event":"synthetic dataset imported","owner":"example knowledge team","impact":"none","evidence":"fictional files only"}
|
|
2
|
+
{"date":"2026-02-13","event":"remote model loading disabled","owner":"example review team","impact":"offline policy enforced","evidence":"transformersAllowRemoteModels false"}
|
|
3
|
+
{"date":"2026-02-14","event":"offline retrieval approval completed","owner":"example platform team","impact":"local cited retrieval allowed","evidence":"local-hash provider"}
|
|
4
|
+
{"date":"2026-02-15","event":"audio summary test requested","owner":"example operations role","impact":"offline TTS required","evidence":"mimir-audio-summary skill"}
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
# Offline Analytics Brief
|
|
2
|
+
|
|
3
|
+
Example Workspace is a synthetic local knowledge-base deployment used to test Mimir.
|
|
4
|
+
|
|
5
|
+
The demo goal is to let a test team summarize fictional operational notes without shipping source
|
|
6
|
+
files to a hosted RAG service. The approved runtime is a local Linux workstation with an encrypted
|
|
7
|
+
disk, local retrieval, and no telemetry.
|
|
8
|
+
|
|
9
|
+
The initial approval covers three workflows:
|
|
10
|
+
|
|
11
|
+
- summarize daily operational briefs;
|
|
12
|
+
- compare dataset handling notes against internal policy;
|
|
13
|
+
- prepare audio briefings only with an offline text-to-speech engine.
|
|
14
|
+
|
|
15
|
+
The usage review is owned by the Example Review Team. Any remote model endpoint requires a written
|
|
16
|
+
exception before use.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
Evidence memo for the synthetic usage review.
|
|
2
|
+
|
|
3
|
+
The Example Review Team approved local-only retrieval because the source documents remain under the
|
|
4
|
+
repository raw folder and the generated vector store remains under .kb/storage.
|
|
5
|
+
|
|
6
|
+
The review rejected remote transcription and online text-to-speech for fictional confidential test
|
|
7
|
+
datasets. The approved audio path is a generated briefing under .mimir/audio created with an offline
|
|
8
|
+
engine.
|
|
9
|
+
|
|
10
|
+
The test is considered complete when Mimir can retrieve the offline retrieval approval, dataset
|
|
11
|
+
residency requirements, and incident containment evidence from separate file formats.
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
classification: synthetic
|
|
2
|
+
purpose: local-rag-test
|
|
3
|
+
controls:
|
|
4
|
+
remote_model_loading: disabled
|
|
5
|
+
storage: encrypted-volume-recommended
|
|
6
|
+
telemetry: none
|
|
7
|
+
access_log: metadata-only
|
|
8
|
+
mcp:
|
|
9
|
+
destructive_tools: false
|
|
10
|
+
max_top_k: 10
|
|
11
|
+
review:
|
|
12
|
+
owner: Example Review Team
|
|
13
|
+
required_before_remote_model_loading: true
|
|
14
|
+
required_before_online_tts: true
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@jcode.labs/mimir",
|
|
3
|
-
"version": "0.
|
|
4
|
-
"description": "Mimir: open-source local
|
|
3
|
+
"version": "0.4.1",
|
|
4
|
+
"description": "Mimir: open-source sovereign local RAG for confidential datasets and AI agents.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
7
7
|
"author": {
|
|
@@ -13,17 +13,22 @@
|
|
|
13
13
|
"mimir",
|
|
14
14
|
"open-source",
|
|
15
15
|
"rag",
|
|
16
|
+
"sovereign-rag",
|
|
16
17
|
"knowledge-base",
|
|
18
|
+
"confidential-data",
|
|
19
|
+
"private-ai",
|
|
17
20
|
"local-first",
|
|
18
21
|
"mcp",
|
|
19
|
-
"
|
|
22
|
+
"transformers",
|
|
23
|
+
"semantic-search",
|
|
20
24
|
"lancedb"
|
|
21
25
|
],
|
|
22
26
|
"repository": {
|
|
23
27
|
"type": "git",
|
|
24
|
-
"url": "git+https://github.com/jcode-works/jcode-mimir.git"
|
|
28
|
+
"url": "git+https://github.com/jcode-works/jcode-mimir.git",
|
|
29
|
+
"directory": "packages/mimir"
|
|
25
30
|
},
|
|
26
|
-
"homepage": "https://github.com/jcode-works/jcode-mimir#readme",
|
|
31
|
+
"homepage": "https://github.com/jcode-works/jcode-mimir/tree/main/packages/mimir#readme",
|
|
27
32
|
"bugs": {
|
|
28
33
|
"url": "https://github.com/jcode-works/jcode-mimir/issues"
|
|
29
34
|
},
|
|
@@ -42,48 +47,37 @@
|
|
|
42
47
|
"files": [
|
|
43
48
|
"dist",
|
|
44
49
|
"skills",
|
|
45
|
-
"
|
|
46
|
-
"
|
|
47
|
-
"CHANGELOG.md",
|
|
48
|
-
"SECURITY.md"
|
|
50
|
+
"examples",
|
|
51
|
+
"README.md"
|
|
49
52
|
],
|
|
50
53
|
"publishConfig": {
|
|
51
54
|
"access": "public"
|
|
52
55
|
},
|
|
53
|
-
"scripts": {
|
|
54
|
-
"build": "tsc -p tsconfig.json",
|
|
55
|
-
"check": "tsc -p tsconfig.json --noEmit",
|
|
56
|
-
"commitlint": "commitlint --from=HEAD~1 --to=HEAD --verbose",
|
|
57
|
-
"format": "biome format --write .",
|
|
58
|
-
"lint": "biome ci .",
|
|
59
|
-
"lint:fix": "biome check --write .",
|
|
60
|
-
"package:check": "publint",
|
|
61
|
-
"release:artifacts": "node scripts/release-artifacts.mjs",
|
|
62
|
-
"smoke": "node scripts/smoke.mjs",
|
|
63
|
-
"test": "vitest run",
|
|
64
|
-
"validate": "pnpm lint && pnpm check && pnpm test && pnpm build && pnpm smoke && pnpm package:check && pnpm release:artifacts"
|
|
65
|
-
},
|
|
66
56
|
"dependencies": {
|
|
57
|
+
"@huggingface/transformers": "^4.2.0",
|
|
67
58
|
"@lancedb/lancedb": "^0.30.0",
|
|
68
59
|
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
69
60
|
"commander": "^14.0.2",
|
|
70
61
|
"fast-glob": "^3.3.3",
|
|
62
|
+
"fflate": "^0.8.3",
|
|
71
63
|
"html-to-text": "^9.0.5",
|
|
72
|
-
"ollama": "^0.6.3",
|
|
73
64
|
"picocolors": "^1.1.1",
|
|
74
65
|
"unpdf": "^1.4.0",
|
|
75
66
|
"yaml": "^2.8.1",
|
|
76
|
-
"zod": "^4.1.13"
|
|
67
|
+
"zod": "^4.1.13",
|
|
68
|
+
"@jcode.labs/mimir-tts": "0.4.1"
|
|
77
69
|
},
|
|
78
70
|
"devDependencies": {
|
|
79
|
-
"@biomejs/biome": "^2.5.1",
|
|
80
|
-
"@commitlint/cli": "^21.1.0",
|
|
81
|
-
"@commitlint/config-conventional": "^21.1.0",
|
|
82
71
|
"@types/html-to-text": "^9.0.4",
|
|
83
72
|
"@types/node": "^24.10.1",
|
|
84
73
|
"publint": "^0.3.21",
|
|
85
74
|
"typescript": "^5.9.3",
|
|
86
75
|
"vitest": "^4.0.15"
|
|
87
76
|
},
|
|
88
|
-
"
|
|
89
|
-
|
|
77
|
+
"scripts": {
|
|
78
|
+
"build": "tsc -p tsconfig.json",
|
|
79
|
+
"check": "tsc -p tsconfig.json --noEmit",
|
|
80
|
+
"package:check": "publint",
|
|
81
|
+
"test": "vitest run"
|
|
82
|
+
}
|
|
83
|
+
}
|