We just released Flamehaven FileSearch v1.2.0, and this update focuses heavily on security, scalability, and multi-worker production deployments. The main change is that FileSearch is no longer a “public API”—it now includes a complete authentication and permissions system suitable for enterprise environments.
Key changes:
API Authentication & Authorization
All protected endpoints now require Bearer tokens. API keys support fine-grained permissions (upload/search/stores/delete), per-key rate limits, auditing, and SHA256 hashing (plain keys are never stored).
Admin Dashboard
A self-contained HTML/JS dashboard for managing API keys, inspecting request statistics, and viewing usage distribution. No external dependencies.
Batch Search API
Added a high-throughput endpoint that processes 1–100 queries in either sequential or parallel mode. Includes per-query isolation, priority ordering, and detailed timing metrics.
Redis Cache Backend
Optional distributed cache for multi-worker setups. Provides <10ms lookup latency, automatic fallback to local LRU, and ~40–60% reduction in LLM calls.
Deployment Support
Includes working examples for Docker, Docker Compose, and Kubernetes (ConfigMap, Secret, Deployment). Meant to be runnable out of the box.
If anyone has feedback on security design, API ergonomics, or deployment structure, I’d really appreciate it. We’re planning v1.2.1 (admin auth improvements, Redis UI) and v1.3.0 (key rotation + OAuth2/OIDC), so suggestions are welcome.
This update includes a path-traversal fix, FastAPI/Starlette security patches, request-ID tracing, rate limiting, LRU+TTL caching (<10ms hits), and a full set of Prometheus metrics. It’s noticeably more stable than the previous version.
The project is still lightweight and fully self-hostable, which remains a core focus. Thanks!
Thank you — the content had been flagged earlier but the issue has now been resolved. Everything is restored and functioning as expected. Please let me know if you encounter any further problems.
Key changes:
API Authentication & Authorization All protected endpoints now require Bearer tokens. API keys support fine-grained permissions (upload/search/stores/delete), per-key rate limits, auditing, and SHA256 hashing (plain keys are never stored).
Admin Dashboard A self-contained HTML/JS dashboard for managing API keys, inspecting request statistics, and viewing usage distribution. No external dependencies.
Batch Search API Added a high-throughput endpoint that processes 1–100 queries in either sequential or parallel mode. Includes per-query isolation, priority ordering, and detailed timing metrics.
Redis Cache Backend Optional distributed cache for multi-worker setups. Provides <10ms lookup latency, automatic fallback to local LRU, and ~40–60% reduction in LLM calls.
Deployment Support Includes working examples for Docker, Docker Compose, and Kubernetes (ConfigMap, Secret, Deployment). Meant to be runnable out of the box.
Performance highlights:
Cache hit: <10ms
Cache miss (LLM call): ~0.5–3s
Batch Search (10 queries): ~2–5s
GitHub: https://github.com/flamehaven01/Flamehaven-Filesearch
If anyone has feedback on security design, API ergonomics, or deployment structure, I’d really appreciate it. We’re planning v1.2.1 (admin auth improvements, Redis UI) and v1.3.0 (key rotation + OAuth2/OIDC), so suggestions are welcome.