projecta-rrr 1.21.0 → 1.21.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +46 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -4,6 +4,52 @@ All notable changes to RRR will be documented in this file.
|
|
|
4
4
|
|
|
5
5
|
Format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
|
6
6
|
|
|
7
|
+
## [1.21.1] - 2026-04-18
|
|
8
|
+
|
|
9
|
+
**Patch release — deploy-time fixes from first live Fly + Neon ingest.**
|
|
10
|
+
|
|
11
|
+
No behavior changes to users of the local stdio `rrr-search` path (COMPAT-01..10
|
|
12
|
+
preserved bit-for-bit). All patches are on the hosted-MCP code path and affect
|
|
13
|
+
only operators running `--enable-hosted`.
|
|
14
|
+
|
|
15
|
+
### Fixed
|
|
16
|
+
|
|
17
|
+
- **Git CVE floor 2.45.1 → 2.39.5** in Dockerfile / Dockerfile.worker /
|
|
18
|
+
assert-git-hardening.sh / src/boot-assertions.js. Debian bookworm-backports
|
|
19
|
+
shifted after 74-04 shipped; 2.39.5 still patches CVE-2024-32002 (2.39.4+),
|
|
20
|
+
CVE-2023-29007 (2.39.3+), CVE-2018-17456 (ancient). Unblocks `fly deploy`.
|
|
21
|
+
- **Vendored chunker bundle** at `rrr/hosted-mcp/vendor/search/chunker.cjs` with
|
|
22
|
+
local `package.json` `{"type":"commonjs"}`. The monorepo chunker at
|
|
23
|
+
`rrr/lib/search/chunker.js` is outside the Docker build context and
|
|
24
|
+
createRequire treated it as ESM under hosted-mcp's `"type":"module"` root.
|
|
25
|
+
`chunker-wrapper.js` tries the dev path first, falls back to vendored.
|
|
26
|
+
- **Shallow-clone unshallow fallback** in `src/worker/lib/github-clone.js`.
|
|
27
|
+
`--depth=1` hides parents so `git rev-list --max-parents=0 HEAD` returns
|
|
28
|
+
HEAD instead of the true root, spuriously tripping IDNT-04 drift detection
|
|
29
|
+
on every first-time index. Now detects rootSha===headSha and runs
|
|
30
|
+
`git fetch --unshallow` before retrying rev-list.
|
|
31
|
+
- **Voyage token-aware batching** in `src/worker/lib/voyage-embedder.js`.
|
|
32
|
+
Voyage rejects batches >120K tokens; the old fixed-128-item batches hit
|
|
33
|
+
241K on large chunks. Now caps by BOTH 128 items AND 100K tokens
|
|
34
|
+
(safety margin under the 120K hard cap).
|
|
35
|
+
- **Voyage SDK timeout 60s → 180s**. Default per-request timeout too short
|
|
36
|
+
for large batches under tier-1 rate-limit bursts. Configurable via
|
|
37
|
+
`buildVoyageClient({timeoutInSeconds})`.
|
|
38
|
+
- **pg-copy-streams explicit client checkout** in `src/worker/lib/neon-upsert.js`.
|
|
39
|
+
Pool can't host a long-lived Submittable stream; `copyUpsertChunks` now
|
|
40
|
+
wraps `withTeam(client, ...)` in `pool.connect()` + `finally release()`.
|
|
41
|
+
|
|
42
|
+
### Verified end-to-end
|
|
43
|
+
|
|
44
|
+
Post-patch smoke test against the live stack:
|
|
45
|
+
- 10,047 chunks from `PA-Ai-Team/projecta-rrr` embedded via `voyage-code-3`
|
|
46
|
+
(14.1M tokens, 115 batches, ~4 min wall time on tier 1)
|
|
47
|
+
- COPY-upserted into Neon `chunks` table
|
|
48
|
+
- HNSW per-repo index built (`chunks_hnsw_<sha12>`, m=16, ef_construction=200)
|
|
49
|
+
- `semantic_search("how does the worker enqueue a BullMQ job")` returns
|
|
50
|
+
the `queue.add(...)` call sites with cosine distance 0.279 — semantically
|
|
51
|
+
correct first-page results
|
|
52
|
+
|
|
7
53
|
## [1.21.0] - 2026-04-18
|
|
8
54
|
|
|
9
55
|
<!-- Date-stamped at ship per SHIP-RUNBOOK D.8.
|
package/package.json
CHANGED