RAGRig handles enterprise knowledge, source credentials, and retrieval permissions. Security-sensitive behavior should be treated as core product behavior.

This project is not yet published with a dedicated security contact.

Until then, please avoid posting exploitable details in public issues. Open a minimal issue saying you have a security report, and the maintainers will provide a private contact path.

• connector credential handling
• API keys and model provider secrets
• tenant, workspace, and knowledge-base isolation
• pre-retrieval permission filtering
• source document access control
• audit logging for ingestion, indexing, retrieval, export, and deletion
• safe handling of untrusted documents and parser outputs

RAGRig is in early scaffolding and does not have released versions yet.