SovereignRAG
SovereignRAG is a local retrieval-augmented security analysis tool. It indexes trusted security references, retrieves the most relevant chunks for each source file, asks a local Ollama model to review the code, and writes an HTML report with cited reference sources.
Private code review with local models
The default workflow runs through Docker Compose, stores embeddings in ChromaDB, and keeps code plus reports on your machine.
Core pipeline
- Index PDF or Markdown security references.
- Analyze one file, a directory, or only changed files.
- Generate a timestamped HTML report.
Offline-first Ollama, ChromaDB, spaCy, and local files.
Cited findings Retrieved source documents are listed per file.
Hook-friendly Analyze staged or changed files for commit workflows.
How It Works
flowchart TD
A[PDF and Markdown references] --> B[Ingest]
B --> C[spaCy cleanup and chunking]
C --> D[SentenceTransformer embeddings]
D --> E[ChromaDB collection]
F[Source code path] --> G[Query]
G --> H[Optional Git changed-file filter]
H --> I[Retrieve top reference chunks]
E --> I
I --> J[Ollama security analysis]
J --> K[HTML report in output/]
Main Commands
make build
make up
make pull-model MODEL=qwen2.5:3b-instruct
make ingest DOCS_DIR=./raw_pdfs MODEL=all-MiniLM-L6-v2
make query QUERY_PATH=./src EXT=py MODEL=qwen2.5:3b-instruct
For narrower checks, run only changed files: