[scanner] fix: resolve gosec security findings in kb/rag

[clubanderson]

Fixes #19277

Summary

Resolves gosec security scanner findings (G115 - integer overflow conversion) in the kb/rag package.

Changes

• pkg/kb/rag/hashembedder.go:103 - Added #nosec G115 annotation for safe uint64→int conversion with explanatory comment
• pkg/kb/rag/embedder.go:65 - Added #nosec G115 annotation for safe int→uint conversion with explanatory comment

Rationale

Both conversions are mathematically safe:

1. In hashembedder.go, sum % uint64(e.dim) is always < e.dim (typically 512), well within int range even on 32-bit systems
2. In embedder.go, i%64 is always in [0,63], well within uint range

The #nosec directives are justified with inline comments explaining why these specific conversions are safe.

[netlify]

✅ Deploy Preview for kubestellarconsole canceled.

Name	Link
🔨 Latest commit	2496b2e
🔍 Latest deploy log	https://app.netlify.com/projects/kubestellarconsole/deploys/6a365a07a2c22e0008336657

[kubestellar-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign clubanderson for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[github-actions]

🐝 Hi @clubanderson! I'm kubestellar-hive[bot], an automation bot for this repo.

Trusted users — org members and contributors with write access — can mention @kubestellar-hive in a comment to trigger repo automation.
On issues, that mention queues an automated fix attempt. On pull requests, it records extra context for existing automation.
This is not an interactive Q&A bot, so mentions should be treated as requests for automation rather than a conversation.

Automation may take a moment to start, and follow-up happens through workflow activity rather than chat replies.

[github-actions]

👋 Hey @clubanderson — thanks for opening this PR!

🤖 This project is developed exclusively using AI coding assistants.

Please do not attempt to code anything for this project manually.
All contributions should be authored using an AI coding tool such as:

• Claude Code (Opus 4.5 / 4.6) — recommended
• GitHub Copilot
• Cursor
• Other AI coding assistants

This ensures consistency in code style, architecture patterns, test coverage,
and commit quality across the entire codebase.

---

This is an automated message.

[Copilot]

Pull request overview

This PR addresses a nightly gosec-test regression by suppressing G115 integer-conversion findings in the pkg/kb/rag embedding utilities, with inline rationale explaining why the flagged conversions are safe in context.

Changes:

• Add a // #nosec G115 suppression (with justification) for a uint64 -> int index conversion in HashEmbedder.
• Add a // #nosec G115 suppression (with justification) for an int -> uint shift-count conversion in Quantize.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
pkg/kb/rag/hashembedder.go	Adds an inline gosec suppression and rationale for a safe modulo-based index conversion.
pkg/kb/rag/embedder.go	Adds an inline gosec suppression and rationale for a safe bit-shift index conversion in quantization.

[github-actions]

Thank you for your contribution! Your PR has been merged.

Check out what's new:

• KubeStellar Console — Live multi-cluster dashboard
• Marketplace — Community extensions
• Knowledge Base — Troubleshooting and how-tos

Stay connected: Slack #kubestellar-dev | Multi-Cluster Survey

[github-actions]

✅ Post-Merge Verification: passed

Commit: d456039ffc7e6ae31e6625a3bfe6ea7bf4396eba
Specs run: smoke.spec.ts
Report: https://github.com/kubestellar/console/actions/runs/27867312838

[github-actions]

Post-merge build verification passed ✅

Both Go and frontend builds compiled successfully against merge commit d456039ffc7e6ae31e6625a3bfe6ea7bf4396eba.