project-rag
Verified Safeby Brainwires
Overview
A RAG-based codebase indexing and semantic search server for code understanding, supporting incremental indexing and git history search.
Installation
project-rag serveEnvironment Variables
- PROJECT_RAG_VECTOR_DB_BACKEND
- PROJECT_RAG_VECTOR_DB_LANCEDB_PATH
- PROJECT_RAG_VECTOR_DB_QDRANT_URL
- PROJECT_RAG_VECTOR_DB_COLLECTION_NAME
- PROJECT_RAG_EMBEDDING_MODEL_NAME
- PROJECT_RAG_EMBEDDING_BATCH_SIZE
- PROJECT_RAG_EMBEDDING_TIMEOUT_SECS
- PROJECT_RAG_EMBEDDING_CANCELLATION_CHECK_INTERVAL
- PROJECT_RAG_INDEXING_CHUNK_SIZE
- PROJECT_RAG_INDEXING_MAX_FILE_SIZE
- PROJECT_RAG_INDEXING_INCLUDE_PATTERNS
- PROJECT_RAG_INDEXING_EXCLUDE_PATTERNS
- PROJECT_RAG_SEARCH_MIN_SCORE
- PROJECT_RAG_SEARCH_LIMIT
- PROJECT_RAG_SEARCH_HYBRID
- PROJECT_RAG_CACHE_HASH_CACHE_PATH
- PROJECT_RAG_CACHE_GIT_CACHE_PATH
Security Notes
The server performs extensive filesystem operations for indexing and caching, but uses `std::fs::canonicalize` to mitigate path traversal risks in user-provided paths. It also employs filesystem-based locks (`flock()`) for cross-process coordination, which can be vulnerable to denial-of-service if not handled carefully, but appears designed for cooperative environments. Communication by default is over stdio, limiting direct network exposure. No hardcoded secrets or direct `eval`-like constructs were identified. The embedding model (`FastEmbed`) downloads its components over the network, which is a standard and expected behavior.
Similar Servers
VectorCode
Indexes code repositories to generate relevant contextual information for Large Language Models (LLMs), enhancing their performance on specific or private codebases.
Context-Engine
Self-improving code search and context engine for IDEs and AI agents, providing hybrid semantic/lexical search, symbol graph navigation, and persistent memory.
codegraph-rust
Transforms codebases into a semantically searchable knowledge graph, enabling AI agents to reason about code relationships, architecture, and impact rather than just performing text-based searches.
codebase-RAG
A Retrieval-Augmented Generation (RAG) server designed to assist AI agents and developers in understanding and navigating codebases through semantic search.