SageVault is a security‑minded RAG (Retrieval‑Augmented Generation) app for exploring a single source per session: either a public GitHub repo or a set of uploaded documents. It indexes content, retrieves relevant chunks, and answers questions with citations. Runs locally with Streamlit and supports multiple LLM providers.
- Retrieval: Chroma vector store (configurable chunk size/overlap)
- LLMs: OpenAI, Anthropic, Google Gemini, Groq (keys kept in‑session only)
- Safety: Allowlist + binary blocking, notebook guardrails, injection‑aware prompts
- Extras: MMR re‑ranking, session export to Markdown, analytics (latency/tokens/est. cost)
# Clone
git clone https://github.com/mwill20/SageVault.git
cd SageVault
# Create & activate a virtual env
python -m venv .venv
# Windows
.venv\Scripts\activate
# macOS/Linux
source .venv/bin/activate
# Install dependencies
pip install -r requirements.txtcp .env.example .env
# Edit .env and paste your provider API key(s).
# Optional: add a GitHub token to raise API rate limits.streamlit run streamlit_app_clean.py# Sidebar has a checkbox, OR set an env var:
export SAGEVAULT_USE_LANGCHAIN=1 # enable
# export SAGEVAULT_USE_LANGCHAIN=0 # disablePick a provider, choose Repo or Documents, index, and ask questions.
- Single source per session: choose Repo or Documents (not both at once).
- Supported files: common code/text/Markdown formats, selected PDFs/Docs; unsafe/binary files are blocked by default.
- Analytics: the sidebar shows latency, token counts, and estimated cost (for transparency only).
Sample corpus & script
# Try the tiny fixtures and see expected hits in logs
python examples/run_sample.pyExpected outputs (so reviewers can verify)
- Query: “Where are tests defined?” → sources include
examples/fixtures/fastapi-mini/tests/... - Query: “How is the auth header used?” → sources include
examples/fixtures/api-excerpt/...
flowchart LR
A[Source (Repo or Docs)] --> B[Safety Gate\n(allowlist, size caps,\nblock unsafe binaries)]
B --> C[Chunker\n(size & overlap sliders)]
C --> D[Embeddings → Chroma]
D --> E[Retrieval\n(cosine search)]
E --> F[MMR Re-ranking\n(diversity)]
F --> G[LLM Answer\n(citations + sources)]
G --> H[Export Markdown / Analytics]
- One source per session (repo or docs).
- No remote code execution.
- GitHub token is optional but helps avoid rate limits.
- Cost metrics are estimates and may differ from provider billing.
pytest -qFor reviewers, baseline evidence is stored under evidence/ and artifacts/ (session export).
- Keys remain in session memory; never written to disk by the app.
- Blocklist/allowlist for file types; guardrails for risky content.
- “Accept risk” override is available (off by default).
See security.md for details and scope.
- Integration guide: docs/security_integration.md
- QA / Evaluation:
docs/QA.md(precision@K snapshot and method) - Publication text:
docs/publication.md(paste‑ready for Ready Tensor) - Examples & fixtures:
examples/(mini FastAPI repo, API excerpt) - Evidence Bundle:
evidence/baseline.txt,evidence/pytest.log,artifacts/test_audit_report.md,docs/QA.md,assets/analytics_sidebar.png,artifacts/sample_session.md - Contributing:
CONTRIBUTING.md• Code of Conduct:CODE_OF_CONDUCT.md• Changelog:CHANGELOG.md
Open an issue: https://github.com/mwill20/SageVault/issues
MIT — see LICENSE.
- Replace
docs/demo.gifwith the real 45–60s walkthrough GIF - Replace
YOUTUBE_URLabove (or remove the video line if not needed) - Verify the two Expected outputs match your local run
- Optional: add a screenshot at
assets/analytics_sidebar.pngand reference it in your README if desired
SageVault pairs a simple, teachable RAG pipeline with pragmatic safety defaults and clear transparency. If any term is new, just start the app—the UI guides you step‑by‑step.