6cca895ba9
- Documented major changes after pulling from upstream (HKUDS/LightRAG), focusing on multi-tenant support, security hardening, and RLS/RBAC. - Created concise documentation under docs/diff_hku, including migration guides and security audits. - Enumerated unmerged upstream commits and summarized substantive features and fixes. - Outlined next steps for DB migrations, CI tests, and potential cherry-picking of upstream fixes.
942 B
942 B
Actions:
- Pulled upstream (HKUDS/LightRAG) and diffed HEAD vs upstream/main
- Inspected and documented major changes (multi-tenant support, security hardening, RLS, RBAC, config defaults)
- Created concise docs under docs/diff_hku: index.md, summary.md, technical_diffs.md, security_audit.md, migration_guide.md, tests_needed.md
Decisions:
- Focused on security, DB migrations, and runtime wiring as top priorities
- Kept documents concise but dense for engineering and DevOps audiences
Next steps:
- Add DB migrations and instrument DB session setter for RLS
- Implement CI tests for RLS + tenant isolation and permission matrix
- Run e2e tests under staging Postgres before production rollout
Lessons / insights:
- Multi-tenant changes are substantive — require DB migrations + end-to-end tests to avoid silent data leakage
- Default secrets and env defaults are currently unsafe for production; rotate and require via env validation