Skip to content

docs + security: blog posts, Cursor guide, benchmark clarification, nosemgrep fixes #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rajkumarsakthivel merged 5 commits into from
May 8, 2026
Merged

docs + security: blog posts, Cursor guide, benchmark clarification, nosemgrep fixes #59

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
773110e
security: suppress semgrep SQL injection false positives (noqa S608)
rajkumarsakthivel May 7, 2026
a6c1a94
fix: use nosemgrep instead of noqa for semgrep scanner suppression
rajkumarsakthivel May 7, 2026
ba076da
Merge branch 'main' into develop
rajkumarsakthivel May 7, 2026
ac38e47
docs: clarify benchmark baseline is full-file, not vs Claude Code beh…
rajkumarsakthivel May 7, 2026
dca3fdb
docs: add CCE + Cursor setup guide and monorepo scoped retrieval issue
rajkumarsakthivel May 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion src/context_engine/indexer/embedding_cache.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,8 +137,9 @@ def prune_orphans(self, known_hashes: set[str]) -> int:
for i in range(0, len(orphan_list), 500):
batch = orphan_list[i : i + 500]
placeholders = ",".join("?" * len(batch))
# Safe: placeholders is only "?" chars; values are parameterized. noqa: S608
self._conn.execute(
f"DELETE FROM embedding_cache WHERE content_hash IN ({placeholders})",
f"DELETE FROM embedding_cache WHERE content_hash IN ({placeholders})", # noqa: S608
batch,
Comment thread
fazleelahhee marked this conversation as resolved.
Outdated
)
removed += len(batch)
Expand Down
10 changes: 6 additions & 4 deletions src/context_engine/memory/db.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -403,10 +403,11 @@ def _write_vec_row(conn, table: str, rowid: int, vec) -> None:
doesn't break inserts on the source table — the failed row simply won't
be semantically searchable until the vec tables are rebuilt.
"""
# Safe: table name is an internal constant, never from user input. noqa: S608
try:
conn.execute(f"DELETE FROM {table} WHERE rowid = ?", (rowid,))
conn.execute(f"DELETE FROM {table} WHERE rowid = ?", (rowid,)) # noqa: S608
conn.execute(
f"INSERT INTO {table}(rowid, embedding) VALUES (?, ?)",
f"INSERT INTO {table}(rowid, embedding) VALUES (?, ?)", # noqa: S608
Comment thread
fazleelahhee marked this conversation as resolved.
Outdated
(rowid, _serialize_vec(vec)),
)
except sqlite3.OperationalError as exc:
Expand Down Expand Up @@ -786,18 +787,19 @@ def prune_old_rows(

archived: dict[str, list[dict]] = {}

# Safe: table and col_list are internal constants, never from user input. noqa: S608
def _harvest_and_delete(table: str, columns: list[str], cutoff: int) -> int:
col_list = ", ".join(columns)
rows = conn.execute(
f"SELECT {col_list} FROM {table} WHERE created_at_epoch < ?",
f"SELECT {col_list} FROM {table} WHERE created_at_epoch < ?", # noqa: S608
(cutoff,),
).fetchall()
if not rows:
return 0
if archive:
archived[table] = [dict(r) for r in rows]
conn.execute(
f"DELETE FROM {table} WHERE created_at_epoch < ?",
f"DELETE FROM {table} WHERE created_at_epoch < ?", # noqa: S608
(cutoff,),
)
return len(rows)
Expand Down
3 changes: 2 additions & 1 deletion src/context_engine/storage/fts_store.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,8 +84,9 @@ def _delete_files_sync(self, file_paths: list[str]) -> None:
with self._lock:
for batch in batched_params(file_paths):
placeholders = ",".join("?" * len(batch))
# Safe: placeholders is only "?" chars; values are parameterized. noqa: S608
Comment thread
fazleelahhee marked this conversation as resolved.
Outdated
self._conn.execute(
f"DELETE FROM chunks_fts WHERE file_path IN ({placeholders})",
f"DELETE FROM chunks_fts WHERE file_path IN ({placeholders})", # noqa: S608
batch,
)
self._conn.commit()
Expand Down
7 changes: 4 additions & 3 deletions src/context_engine/storage/graph_store.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,22 +162,23 @@ def _sync_delete_by_files(self, file_paths: list[str]) -> None:
with self._lock:
cur = self._conn.cursor()
# Collect node IDs in batches to respect SQLite param limits.
# Safe: ph is only "?" chars; values are parameterized. noqa: S608
node_ids: list[str] = []
for batch in batched_params(file_paths):
ph = ",".join("?" * len(batch))
cur.execute(
f"SELECT id FROM nodes WHERE file_path IN ({ph})", batch
f"SELECT id FROM nodes WHERE file_path IN ({ph})", batch # noqa: S608
)
node_ids.extend(row[0] for row in cur.fetchall())
# Delete edges and nodes in batches.
for batch in batched_params(node_ids):
ph = ",".join("?" * len(batch))
cur.execute(
f"DELETE FROM edges WHERE source_id IN ({ph}) "
f"DELETE FROM edges WHERE source_id IN ({ph}) " # noqa: S608
f"OR target_id IN ({ph})",
batch + batch,
Comment thread
fazleelahhee marked this conversation as resolved.
Outdated
)
cur.execute(f"DELETE FROM nodes WHERE id IN ({ph})", batch)
cur.execute(f"DELETE FROM nodes WHERE id IN ({ph})", batch) # noqa: S608
self._conn.commit()

# ------------------------------------------------------------------
Expand Down
10 changes: 6 additions & 4 deletions src/context_engine/storage/vector_store.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -112,10 +112,11 @@ def _ensure_vec_table(self, dim: int) -> None:
self._conn.execute("DROP TABLE IF EXISTS chunks_vec")
self._conn.execute("DELETE FROM chunks")
self._conn.execute("DELETE FROM chunk_compressions")
# Safe: dim is a validated integer, never from user input. noqa: S608
self._conn.execute(f"""
CREATE VIRTUAL TABLE IF NOT EXISTS chunks_vec
USING vec0(embedding float[{dim}])
""")
""") # noqa: S608
Comment thread
fazleelahhee marked this conversation as resolved.
Outdated
self._dim = dim
self._conn.commit()

Expand Down Expand Up @@ -242,21 +243,22 @@ async def delete_by_files(self, file_paths: list[str]) -> None:
from context_engine.utils import batched_params

with self._lock:
# Safe: placeholders is only "?" chars; values are parameterized. noqa: S608
for batch in batched_params(file_paths):
placeholders = ",".join("?" * len(batch))
if self._dim is not None:
self._conn.execute(
f"DELETE FROM chunks_vec "
f"DELETE FROM chunks_vec " # noqa: S608
f"WHERE rowid IN (SELECT rowid FROM chunks WHERE file_path IN ({placeholders}))",
batch,
)
self._conn.execute(
f"DELETE FROM chunk_compressions "
f"DELETE FROM chunk_compressions " # noqa: S608
f"WHERE chunk_id IN (SELECT id FROM chunks WHERE file_path IN ({placeholders}))",
Comment thread
fazleelahhee marked this conversation as resolved.
Outdated
batch,
)
self._conn.execute(
f"DELETE FROM chunks WHERE file_path IN ({placeholders})",
f"DELETE FROM chunks WHERE file_path IN ({placeholders})", # noqa: S608
batch,
)
self._conn.commit()
Expand Down
Loading