v0.2.0

Security-hardening release.

Security (breaking for unauthenticated mutation clients)

• Mutating endpoints (POST /api/index, POST /api/backfill-summaries) now fail closed: they return 403 unless CODE_SEARCH_API_KEY is set. Read-only/search endpoints are unchanged.
• The API key is accepted only via header (X-API-Key or Authorization: Bearer). Query-parameter keys are no longer honored (they leaked into URLs and logs).
• The serve default bind is now 127.0.0.1 (loopback) instead of 0.0.0.0; expose explicitly via --host when intended.

Fixed

• The index lock is released if the background indexing task fails to start, so a crash no longer leaves indexing permanently locked.

Added

• pytest auth suite covering fail-closed mutations, header auth, and query-param rejection.

Upgrade note: set CODE_SEARCH_API_KEY in the service environment before upgrading, or indexing/backfill calls will return 403.

Code Search API 0.1.0

First public release.

Highlights

• Local semantic code search via Ollama embeddings + SQLite. No vector DB.
• Language-aware chunking for Python, TypeScript, JavaScript, Go, Rust, Markdown, and config files.
• Hybrid ranking: combines code-vector and summary-vector similarity for intent-based search.
• FastAPI service with /api/search, /api/index, summary backfill, stats, and project endpoints.
• code-search-api CLI with serve, index, and summarize subcommands.

Install

From PyPI

pipx install code-search-api

From GHCR

docker run --rm -p 5204:5204 ghcr.io/solomonneas/code-search-api:0.1.0

(The Docker image will be available within a few minutes of this release as the publish workflow runs.)

Requirements

• Python 3.10+ if installing from PyPI
• An Ollama instance reachable from the service (default http://localhost:11434) with at least one embedding model pulled

See the README for model recommendations, env-var configuration, and the full API reference.