khive v0.2.9
GitHub release only — crates.io remains at 0.2.8 (repo is private; no source tarball publication).
43 commits since v0.2.8: a security-hardening sweep, the recall-calibration FTS fixes, and the audit-20260608 burn-down.
Highlights
Recall quality (from the 15-iteration calibration loop)
- FTS coverage gap closed: reindex backfills pre-existing notes (#88) and entities (#96); canonical
entity_fts_documentconstructor shared by all entity FTS write paths - Embed-intent prefixes (
query:/passage:) wired across all call sites (#95) - Type-differentiated salience + decay defaults: episodic 0.3/0.02, semantic 0.5/0.005 (#84)
- FTS UPDATE triggers narrowed to indexed columns — stops WAL bloat from embedding updates (#19)
Security
- Write-time secret detection gate — credential plaintext hard-blocked from content-bearing verbs with masked reason (#83)
- serde boundaries reject NaN/non-finite/invalid values (#49); gate-rego fail-open fixes (#43, #66); git-URL redaction in clone errors (#40); brain section_signals validation + replay quarantine (#46); JSON/JSONL data-leak pre-commit + CI guard (#61)
Correctness
- Hard delete purges soft-deleted records (#82)
kkernel kg validateenforces closed-taxonomy checks (#41)- khive-merge compiles again, hardened (#42)
kkernel execroutes through the warm daemon (#64); daemon owns ANN hot state (#20)- Deterministic ordering fixes + startup robustness (#45)
Hygiene
- DDL in
.sqlfiles per ADR-015 (#51) · dep discipline (#53) · file-size splits (#56) · rustdoc pass (#55) · ADR freshness (#48)
Full list: CHANGELOG.md
Gates at release commit: cargo test --workspace · clippy -D warnings · fmt --check all RC=0 (local; Actions quota outage).