Merged
Conversation
* feat: replace jina-ai/vectordb with FAISS for document embedding storage
What changed:
- Added extensions/utils/faiss_vectordb.py — FAISS adapter with GPU auto-detection
- Rewired base_doc_emb_serving.py to use FaissVectorDB instead of HNSWVectorDB/docarray
- Replaced vectordb with faiss-cpu>=1.7.4 in requirements files
- Removed HNSWLIB_NO_NATIVE env from Dockerfiles
- Cleaned up stale vectordb cache patterns from .gitignore
Why:
- jina-ai/vectordb is archived, unmaintained since 2023, and broken on Python 3.12+
- FAISS scored 4.70/5.00 in comparison benchmark — perfect recall, fastest search, minimal deps
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
* chore: remove faiss-cpu from edge_node requirements
What changed:
- Removed faiss-cpu>=1.7.4 from requirements.txt and .devcontainer/requirements.txt
Why:
- FAISS is already provided by the base Docker images (faiss-cpu in CPU, faiss-gpu in GPU)
- No need to duplicate the dependency in edge_node
* feat: add FAISS vectordb test plugin
What changed:
- Added FastAPI test plugin for verifying FaissVectorDB adapter
- Endpoints: status, add_docs, search, list_contexts, reset_context
- Uses hash-based deterministic embeddings for testing
Why:
- Validates the FAISS replacement end-to-end on a live edge node
- All 9 tests passed against dvi-1 via ngrok HTTP tunnel
* feat: switch to new base images, add GPU build workflow
What changed:
- All Dockerfiles now use ratio1/base_edge_node_amd64_cpu:latest (Python 3.13, PyTorch 2.9.1)
- Base image is parameterized via BASE_IMAGE build arg for CPU/GPU flexibility
- Cleaned up IPFS install (parameterized Kubo version, single layer, cleanup)
- Removed old apt workarounds (base image already provides wget, tar, ca-certificates)
- Added .github/workflows/build_gpu.yml for GPU image builds
Why:
- Old base image (Python 3.10, PyTorch 2.3.1) is outdated
- GPU builds reuse same Dockerfiles with --build-arg BASE_IMAGE=ratio1/base_edge_node_amd64_gpu:latest
- GPU images pushed to ratio1/edge_node_gpu:{devnet,testnet,mainnet}
* chore: inc version
---------
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
What changed: - Switched IPFS Kubo download from wget to curl in all three Dockerfiles Why: - Base images provide curl but not wget - Previous commit removed the apt-get install of wget but Kubo download still used it
What changed: - Replaced matrix strategy with separate jobs for devnet, testnet, mainnet - devnet+testnet run on develop branch, mainnet on main branch - All three run on manual dispatch Why: - Matrix-level if conditions using matrix context don't work in GitHub Actions - All matrix jobs were failing because the if condition couldn't evaluate matrix.branch
Co-authored-by: Andrei Damian <andrei@lummetry.ai>
* feat: add attestation registry submission in redmesh close flow * fix: add execution_id to attestation * Add RedMesh job-start attestation submission flow * fix: set up private key in plugin config * fix: pass history read * fix: add loggign for attestation * feat: user can configure the count of scanning threads on UI * feat: add data models package * feat: keep jo config in r1fs * feat: single aggregation + consolidated pass report (phase 2) * feat: job archive & UI Aggregate (phase 3-4) * feat: fix backend endpoints to work with new cstore structure (phase 5) * fix: use constants everywhere in API (phase 11) * feat: live worker progress endpoints and methods (phase 1) * feat: job deletion & purge (phase 15) * fix: listing endpoint optimization (phase 15) * feat: scan metrics collection (phase 16a) * feat: scan metrics aggregation at node level (phase 16b) * fix: metrics visualization improvements * fix: scan profile simplification * fix: redmesh test * fix: service tests * fix: improve web tests | add cms fingerprinting * feat: add OWASP-10 identification * feat: add erlang_ssh & dns bind to cve db * fix: CVEs for databases * fix: CVEs for CMS & Frameworks * fix: tests CVEs for CMS & Frameworks * fix: Java applications & servers * fix: detected services count calculation * fix: add jetty | fix CVE findings * fix: use running env port for signaling plugin readiness * feat: job hard stop * fix: job stop * fix: PoT * feat: add scanner nodes ips to the report * feat: display thread-level ports info and stats * fix: increase job check timeout * feat: improve per-worker progress loader. Display per-thread status * fix: tests classification * fix: move metrix collector to a separate file * refactor: rename redmesh_utils to pentester_worker * refactor: split the pentester_api_01 * refactor: split code in mixins | split tests * feat: extract BaseLocalWorker for GrayBox integration (phase 0) * feat: add core modules for gray box (phase 1) * feat: graybox core modules safety / auth / discovery (phase 2) * feat: graybox probes (phase ) * feat: graybox worker and API integration (phase 4) * fix(redmesh): preserve graybox job identity in phase 1 contracts * fix(redmesh)(phase 2): correct graybox evidence counting and aggregates * refactor(redmesh)(phase 3): split launch API by scan type * refactor(redmesh)(phase 4): model feature capabilities by scan type * fix(redmesh)(phase 5): harden worker probe metrics and isolation * docs(redmesh)(phase 6): summarize navigator graybox parity * fix(redmesh)(phase 7): harden attestation and audit logging * refactor(redmesh)(phase 8): extract launch strategies and state machine * fix: add llm agent prompts for graybox scans * fix: add scan type to worker progress * fix: add extra scanning probes to graybox * fix: add extra scanning probes to graybox | login rate limit | password reset token predictability | business logic validation * fix: add more graybox tests (path traversal, session fixation...) * use config var for progress publish interval * fix cleanup constants * fix: docs cleanup * fix: normalize live-progres publish interval * fix: enforce cap for continuous jobs * fix: add job_revision to job store model * fix: add tests * refactor: extract redmesh query services * refactor: extract redmesh launch services * refactor: extract redmesh lifecycle services * feat: split redmesh graybox secrets from job config * refactor: add redmesh repository boundaries * refactor: type redmesh repository boundaries * refactor: normalize redmesh running job state * refactor: add explicit redmesh network feature registry * refactor: streamline redmesh worker phase execution * refactor: type redmesh graybox runtime flow * refactor: add redmesh graybox probe context * refactor: harden redmesh graybox auth lifecycle * refactor: type redmesh graybox probe boundaries * feat: harden redmesh secret storage boundary * refactor: add redmesh typed evidence artifacts * refactor: normalize redmesh graybox finding contract * feat: add redmesh finding triage state * feat: add redmesh cvss finding metadata * feat: harden redmesh resilience and launch policy * test: add redmesh regression and contract suites * fix: harden redmesh live progress phase metadata * fix: harden redmesh llm failure handling * fix: preserve pass reports during finalization * fix: llm analysis generation * fix: add redmesh agents.md * feat(redmesh): define distributed reconciliation schema * feat(redmesh): publish startup live state * feat(redmesh): reconcile worker live state * feat(redmesh): reannounce missing worker assignments * feat(redmesh): stop jobs on retry exhaustion * fix(redmesh): align distributed job read paths * fix(redmesh): ignore stale and malformed live rows * test(redmesh): cover worker reconciliation states * feat(redmesh): add worker retry timeline events * refactor(redmesh): group reconciliation config * refactor(redmesh): share nested config resolution * refactor(redmesh): group llm agent config * refactor(redmesh): group attestation config * refactor(redmesh): group graybox budgets config * feat(redmesh): shape llm analysis payloads * feat(redmesh): trim llm findings payloads * feat(redmesh): compact webapp llm payloads * feat(redmesh): track llm payload shaping stats * docs(redmesh): record llm payload shaping rollout * fix(redmesh): normalize llm agent plugin class name * Update version number to 2.10.157 --------- Co-authored-by: Alessandro <defranceschi_a@yahoo.com> Co-authored-by: toderian <vitalii.toderian@ratio1.ai> Co-authored-by: Cristi Bleotiu <164478159+cristibleotiu@users.noreply.github.com>
cristibleotiu
approved these changes
Apr 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.