Skip to content

vectr 1.1.0

Latest

Choose a tag to compare

@swapnanil swapnanil released this 11 Jul 20:58

Security and shared-deployment features. All opt-in; with none of the new
environment variables or flags set, behavior is unchanged — local, keyless,
zero-config stays the default.

Authentication

  • API key comparison now uses a constant-time comparison (hmac.compare_digest)
    instead of !=, removing a response-timing side channel. VECTR_API_KEY
    protects both the REST /v1 routes and the /mcp endpoint; /v1/health
    stays open for liveness probes; the key is never echoed in responses or logs.
  • New vectr key command prints a fresh high-entropy key (stdout) with usage
    guidance (stderr); vectr never persists it. Generated keys never start with
    - (a leading dash made --api-key <key> parse as a flag and fail); the
    usage guidance shows the always-safe --api-key=<key> form.
  • When VECTR_API_KEY is set at start time, the editor MCP configs vectr
    writes (.mcp.json, .cursor/mcp.json, .vscode/mcp.json) include the
    X-Api-Key header so the editor keeps reaching its own authenticated daemon.
    These files then hold the key in plaintext; the CLI and docs warn to treat
    them as secrets and keep them out of shared version control.

Team mode (shared central instance)

  • vectr start --host <addr> selects the daemon bind address (default
    127.0.0.1). A non-loopback bind refuses to start unless VECTR_API_KEY is
    set — a network-reachable index is never served unauthenticated.
  • New vectr connect --url <url> [--api-key <key>] [--label <name>] configures
    the local editor to use a remote vectr instance: writes the MCP configs with
    the auth header (and optional X-Vectr-Client attribution label) and the
    guidance block, spawning no local daemon. Working memory on the central
    instance is shared: a note one connected agent stores, every other can
    recall. Search results reference the server's indexed checkout.
  • The client label attributes notes (author) and audit-log lines.
  • Notes DB connections set an SQLite busy timeout so concurrent writes from
    multiple clients wait for the lock instead of failing.

Encryption at rest

  • VECTR_ENCRYPT_KEY now also encrypts note titles (previously plaintext, and
    derived from the first content line — leaking note content) and snapshot
    payloads (previously plaintext JSON embedding full decrypted note text).
    Reads are tolerant: pre-existing plaintext rows keep working.
  • The passphrase can be stored in the OS keychain (service vectr, username
    encrypt-key) instead of the environment; the env var wins when both exist.
  • New VECTR_ENCRYPT_DISABLE_NOTE_VECTORS=1 omits note embedding vectors (a
    lossy plaintext projection of note text) for the strictest posture; recall
    falls back to exact-text matching.
  • Honest boundary, unchanged: the code index (chunk text + vectors) is NOT
    encrypted — documented in docs/data-handling.md and the README.

Data handling and retention

  • The audit log is now strictly opt-in: VECTR_AUDIT_LOG unset means nothing
    is recorded (previously it silently defaulted to ~/.vectr/audit.log,
    recording every recall query undisclosed). When enabled it also records
    INDEX and SEARCH events, and rotating-handler initialization is now
    race-free under concurrent writes.
  • Purge is now complete: vectr_forget(all=true) / POST /v1/forget /
    /v1/memory/clear also delete the workspace's snapshots (whose payloads
    embed note contents), and vectr forget --all additionally clears snapshots
    and note embedding vectors across all workspaces. Previously all of these
    deleted only the notes table.
  • VECTR_NOTES_TTL_DAYS (existing startup TTL purge) is now documented and
    covered by tests; unset = notes are kept until deleted.
  • New data-handling policy: docs/data-handling.md — what vectr stores, where,
    plaintext vs encrypted, retention, deletion, team-mode caveats.

Filesystem

  • ~/.cache/vectr/ and ~/.vectr/ (and per-workspace subdirectories) are
    created owner-only (0700) on POSIX systems; existing directories are
    tightened at startup.