# Pitfall Log

Project: deepset-ai/haystack

Summary: Found 38 potential pitfall items; 7 are high/blocking. Highest priority: installation - 来源证据：RFC: Signed receipts for Haystack pipeline component calls.

## 1. installation · 来源证据：RFC: Signed receipts for Haystack pipeline component calls

- Severity: high
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：RFC: Signed receipts for Haystack pipeline component calls
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_192c840953e54837869723f54ccfdd1a | https://github.com/deepset-ai/haystack/issues/11039 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 2. installation · 来源证据：feat: Add `run_async` to `MultiQueryEmbeddingRetriever`, `MultiQueryTextRetriever`, and `TextEmbeddingRetriever`

- Severity: high
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：feat: Add `run_async` to `MultiQueryEmbeddingRetriever`, `MultiQueryTextRetriever`, and `TextEmbeddingRetriever`
- User impact: 可能阻塞安装或首次运行。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_4b8f3323f54c4fd6b8de4e2d466cfe8b | https://github.com/deepset-ai/haystack/issues/11358 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 3. installation · 来源证据：feat: add INTERSECTION join mode to DocumentJoiner

- Severity: high
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：feat: add INTERSECTION join mode to DocumentJoiner
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_00757f9859234e9cab8f8d4ce4f3e771 | https://github.com/deepset-ai/haystack/issues/11365 | 来源类型 github_issue 暴露的待验证使用条件。

## 4. maintenance · 来源证据：docs: Update Ragas docs

- Severity: high
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个维护/版本相关的待验证问题：docs: Update Ragas docs
- User impact: 可能影响升级、迁移或版本选择。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_3204fffa09664d9f8553be2a3008f270 | https://github.com/deepset-ai/haystack/issues/11178 | 来源类型 github_issue 暴露的待验证使用条件。

## 5. security_permissions · 来源证据：EnvVarSecrets: add multi-tenant context support (ContextVar / pipeline-run context)

- Severity: high
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：EnvVarSecrets: add multi-tenant context support (ContextVar / pipeline-run context)
- User impact: 可能影响升级、迁移或版本选择。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_8f72793700a1416891c2eedddc379129 | https://github.com/deepset-ai/haystack/issues/11366 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 6. security_permissions · 来源证据：Security: OWASP Agent Memory Guard for pipeline memory poisoning defense

- Severity: high
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：Security: OWASP Agent Memory Guard for pipeline memory poisoning defense
- User impact: 可能阻塞安装或首次运行。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_4f0868673100472fb74d831b5a04735f | https://github.com/deepset-ai/haystack/issues/11311 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 7. security_permissions · 来源证据：feat: support token-based budget in LostInTheMiddleRanker

- Severity: high
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：feat: support token-based budget in LostInTheMiddleRanker
- User impact: 可能影响授权、密钥配置或安全边界。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_7ad00787309c442eb497b10879fb3b28 | https://github.com/deepset-ai/haystack/issues/11351 | 来源类型 github_issue 暴露的待验证使用条件。

## 8. installation · 失败模式：installation: Proposal: Transaction Protocol for idempotent, auditable agent pipelines

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: Proposal: Transaction Protocol for idempotent, auditable agent pipelines
- User impact: Developers may fail before the first successful local run: Proposal: Transaction Protocol for idempotent, auditable agent pipelines
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Proposal: Transaction Protocol for idempotent, auditable agent pipelines. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_58038e9b6373edf9376049b42d4b7bb4 | https://github.com/deepset-ai/haystack/issues/11266 | Proposal: Transaction Protocol for idempotent, auditable agent pipelines

## 9. installation · 失败模式：installation: RFC: Signed receipts for Haystack pipeline component calls

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: RFC: Signed receipts for Haystack pipeline component calls
- User impact: Developers may fail before the first successful local run: RFC: Signed receipts for Haystack pipeline component calls
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: RFC: Signed receipts for Haystack pipeline component calls. Context: Observed when using node, python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_ce0b9c65d21126dcf11ede12120e154f | https://github.com/deepset-ai/haystack/issues/11039 | RFC: Signed receipts for Haystack pipeline component calls

## 10. installation · 失败模式：installation: Security: OWASP Agent Memory Guard for pipeline memory poisoning defense

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: Security: OWASP Agent Memory Guard for pipeline memory poisoning defense
- User impact: Developers may fail before the first successful local run: Security: OWASP Agent Memory Guard for pipeline memory poisoning defense
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Security: OWASP Agent Memory Guard for pipeline memory poisoning defense. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_4d3276b6b9938595cb2dbb864a5509da | https://github.com/deepset-ai/haystack/issues/11311 | Security: OWASP Agent Memory Guard for pipeline memory poisoning defense

## 11. installation · 失败模式：installation: [FEATURE] Support for code syntax-aware Document Splitters

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this installation risk before relying on the project: [FEATURE] Support for code syntax-aware Document Splitters
- User impact: Developers may fail before the first successful local run: [FEATURE] Support for code syntax-aware Document Splitters
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [FEATURE] Support for code syntax-aware Document Splitters. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_997b84068ae32409b1d8d55daaddd984 | https://github.com/deepset-ai/haystack/issues/11354 | [FEATURE] Support for code syntax-aware Document Splitters

## 12. installation · 来源证据：MCP Server for Haystack docs

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：MCP Server for Haystack docs
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_398390cf2fcd41d589dd5614a3bc646d | https://github.com/deepset-ai/haystack/issues/11346 | 来源类型 github_issue 暴露的待验证使用条件。

## 13. installation · 来源证据：[FEATURE] Support for code syntax-aware Document Splitters

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：[FEATURE] Support for code syntax-aware Document Splitters
- User impact: 可能阻塞安装或首次运行。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_76b3b1b8eae94593a2cd248d0ec55e2a | https://github.com/deepset-ai/haystack/issues/11354 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 14. installation · 来源证据：v2.25.2

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：v2.25.2
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_55d8aef5d1c3417ba9bdf05c0f5a3053 | https://github.com/deepset-ai/haystack/releases/tag/v2.25.2 | 来源类型 github_release 暴露的待验证使用条件。

## 15. installation · 来源证据：v2.26.0

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：v2.26.0
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_d73f121017b64b04a8ad885da241fc6f | https://github.com/deepset-ai/haystack/releases/tag/v2.26.0 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 16. installation · 来源证据：v2.28.0

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安装相关的待验证问题：v2.28.0
- User impact: 可能影响升级、迁移或版本选择。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_d9746a9178f0445d853c95cbb4a5241b | https://github.com/deepset-ai/haystack/releases/tag/v2.28.0 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 17. configuration · 失败模式：configuration: MCP Server for Haystack docs

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: MCP Server for Haystack docs
- User impact: Developers may misconfigure credentials, environment, or host setup: MCP Server for Haystack docs
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: MCP Server for Haystack docs. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_e20d9655fcfaa20fd6aea7f45a938545 | https://github.com/deepset-ai/haystack/issues/11346 | MCP Server for Haystack docs, failure_mode_cluster:github_issue | fmev_a1eed7aea672a032017343738a09159f | https://github.com/deepset-ai/haystack/issues/11346 | MCP Server for Haystack docs

## 18. configuration · 失败模式：configuration: v2.26.0

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v2.26.0
- User impact: Upgrade or migration may change expected behavior: v2.26.0
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v2.26.0. Context: Observed when using python, windows
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_3b9fc694d24804c99a261297652bf3cf | https://github.com/deepset-ai/haystack/releases/tag/v2.26.0 | v2.26.0

## 19. configuration · 失败模式：configuration: v2.28.0

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v2.28.0
- User impact: Upgrade or migration may change expected behavior: v2.28.0
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v2.28.0. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_0c6c5701a51e86d2246a4919b45c2606 | https://github.com/deepset-ai/haystack/releases/tag/v2.28.0 | v2.28.0

## 20. configuration · 失败模式：configuration: v2.29.0

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this configuration risk before relying on the project: v2.29.0
- User impact: Upgrade or migration may change expected behavior: v2.29.0
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v2.29.0. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_285696f6bc066dc6f42482171a097432 | https://github.com/deepset-ai/haystack/releases/tag/v2.29.0 | v2.29.0

## 21. capability · 能力判断依赖假设

- Severity: medium
- Evidence strength: source_linked
- Finding: README/documentation is current enough for a first validation pass.
- User impact: 假设不成立时，用户拿不到承诺的能力。
- Suggested check: 将假设转成下游验证清单。
- Guardrail action: 假设必须转成验证项；没有验证结果前不能写成事实。
- Evidence: capability.assumptions | github_repo:221654678 | https://github.com/deepset-ai/haystack | README/documentation is current enough for a first validation pass.

## 22. runtime · 失败模式：runtime: v2.25.2

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this runtime risk before relying on the project: v2.25.2
- User impact: Upgrade or migration may change expected behavior: v2.25.2
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v2.25.2. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_32dfb0f93116d56f30cc46cdab3a0751 | https://github.com/deepset-ai/haystack/releases/tag/v2.25.2 | v2.25.2

## 23. maintenance · 失败模式：migration: docs: Update Ragas docs

- Severity: medium
- Evidence strength: source_linked
- Finding: Developers should check this migration risk before relying on the project: docs: Update Ragas docs
- User impact: Developers may hit a documented source-backed failure mode: docs: Update Ragas docs
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: docs: Update Ragas docs. Context: Observed during version upgrade or migration.
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_57550d7e13c6f14ad00a030d3e3a20db | https://github.com/deepset-ai/haystack/issues/11178 | docs: Update Ragas docs, failure_mode_cluster:github_issue | fmev_c4773f63705049b6c2714f8a4517b847 | https://github.com/deepset-ai/haystack/issues/11178 | docs: Update Ragas docs

## 24. maintenance · 来源证据：DocumentJoiner concatenate mode incorrectly drops documents with score=0.0 during deduplication

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个维护/版本相关的待验证问题：DocumentJoiner concatenate mode incorrectly drops documents with score=0.0 during deduplication
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_9e25887dd3694aa695807058e368f46c | https://github.com/deepset-ai/haystack/issues/11352 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 25. maintenance · 维护活跃度未知

- Severity: medium
- Evidence strength: source_linked
- Finding: 未记录 last_activity_observed。
- User impact: 新项目、停更项目和活跃项目会被混在一起，推荐信任度下降。
- Suggested check: 补 GitHub 最近 commit、release、issue/PR 响应信号。
- Guardrail action: 维护活跃度未知时，推荐强度不能标为高信任。
- Evidence: evidence.maintainer_signals | github_repo:221654678 | https://github.com/deepset-ai/haystack | last_activity_observed missing

## 26. security_permissions · 下游验证发现风险项

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: 下游已经要求复核，不能在页面中弱化。
- Suggested check: 进入安全/权限治理复核队列。
- Guardrail action: 下游风险存在时必须保持 review/recommendation 降级。
- Evidence: downstream_validation.risk_items | github_repo:221654678 | https://github.com/deepset-ai/haystack | no_demo; severity=medium

## 27. security_permissions · 存在评分风险

- Severity: medium
- Evidence strength: source_linked
- Finding: no_demo
- User impact: 风险会影响是否适合普通用户安装。
- Suggested check: 把风险写入边界卡，并确认是否需要人工复核。
- Guardrail action: 评分风险必须进入边界卡，不能只作为内部分数。
- Evidence: risks.scoring_risks | github_repo:221654678 | https://github.com/deepset-ai/haystack | no_demo; severity=medium

## 28. security_permissions · 来源证据：Proposal: Transaction Protocol for idempotent, auditable agent pipelines

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：Proposal: Transaction Protocol for idempotent, auditable agent pipelines
- User impact: 可能影响升级、迁移或版本选择。
- Suggested check: 来源问题仍为 open，Pack Agent 需要复核是否仍影响当前版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_e0fcf29e18c5480baf59b94a464ecc85 | https://github.com/deepset-ai/haystack/issues/11266 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 29. security_permissions · 来源证据：v2.26.1

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：v2.26.1
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_1520403ba7f24184b2c108c30e5d609f | https://github.com/deepset-ai/haystack/releases/tag/v2.26.1 | 来源类型 github_release 暴露的待验证使用条件。

## 30. security_permissions · 来源证据：v2.27.0

- Severity: medium
- Evidence strength: source_linked
- Finding: GitHub 社区证据显示该项目存在一个安全/权限相关的待验证问题：v2.27.0
- User impact: 可能增加新用户试用和生产接入成本。
- Suggested check: 来源显示可能已有修复、规避或版本变化，说明书中必须标注适用版本。
- Guardrail action: 不得脱离来源链接放大为确定性结论；需要标注适用版本和复核状态。
- Evidence: community_evidence:github | cevd_1dddbe7bf8094d669dd185a18844ef75 | https://github.com/deepset-ai/haystack/releases/tag/v2.27.0 | 来源讨论提到 python 相关条件，需在安装/试用前复核。

## 31. capability · 失败模式：conceptual: feat: Add `run_async` to `MultiQueryEmbeddingRetriever`, `MultiQueryTextRetriever`, and `Text...

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this conceptual risk before relying on the project: feat: Add `run_async` to `MultiQueryEmbeddingRetriever`, `MultiQueryTextRetriever`, and `TextEmbeddingRetriever`
- User impact: Developers may hit a documented source-backed failure mode: feat: Add `run_async` to `MultiQueryEmbeddingRetriever`, `MultiQueryTextRetriever`, and `TextEmbeddingRetriever`
- Suggested check: 复核 source-backed failure mode cluster，并把适用版本和验证路径写入资产。
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_bf87ad8f610a525641ac857abffd6388 | https://github.com/deepset-ai/haystack/issues/11358 | feat: Add `run_async` to `MultiQueryEmbeddingRetriever`, `MultiQueryTextRetriever`, and `TextEmbeddingRetriever`, failure_mode_cluster:github_issue | fmev_315e3f2ec26809f7348a1892a9730a05 | https://github.com/deepset-ai/haystack/issues/11358 | feat: Add `run_async` to `MultiQueryEmbeddingRetriever`, `MultiQueryTextRetriever`, and `TextEmbeddingRetriever`

## 32. capability · 失败模式：conceptual: feat: add INTERSECTION join mode to DocumentJoiner

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this conceptual risk before relying on the project: feat: add INTERSECTION join mode to DocumentJoiner
- User impact: Developers may hit a documented source-backed failure mode: feat: add INTERSECTION join mode to DocumentJoiner
- Suggested check: 复核 source-backed failure mode cluster，并把适用版本和验证路径写入资产。
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_175e4485fffcc53c711d1fd504db9a38 | https://github.com/deepset-ai/haystack/issues/11365 | feat: add INTERSECTION join mode to DocumentJoiner

## 33. capability · 失败模式：conceptual: feat: support token-based budget in LostInTheMiddleRanker

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this conceptual risk before relying on the project: feat: support token-based budget in LostInTheMiddleRanker
- User impact: Developers may hit a documented source-backed failure mode: feat: support token-based budget in LostInTheMiddleRanker
- Suggested check: 复核 source-backed failure mode cluster，并把适用版本和验证路径写入资产。
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_eff234be9632dc6eb35cf59720b2c3f0 | https://github.com/deepset-ai/haystack/issues/11351 | feat: support token-based budget in LostInTheMiddleRanker

## 34. runtime · 失败模式：performance: DocumentJoiner concatenate mode incorrectly drops documents with score=0.0 during deduplication

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this performance risk before relying on the project: DocumentJoiner concatenate mode incorrectly drops documents with score=0.0 during deduplication
- User impact: Developers may hit a documented source-backed failure mode: DocumentJoiner concatenate mode incorrectly drops documents with score=0.0 during deduplication
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: DocumentJoiner concatenate mode incorrectly drops documents with score=0.0 during deduplication. Context: Observed when using python, macos, cuda
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_issue | fmev_7f9bb8e374256d979ec52a0c96020977 | https://github.com/deepset-ai/haystack/issues/11352 | DocumentJoiner concatenate mode incorrectly drops documents with score=0.0 during deduplication, failure_mode_cluster:github_issue | fmev_21fc5a912bed31520bb91639ca4fa3b3 | https://github.com/deepset-ai/haystack/issues/11352 | DocumentJoiner concatenate mode incorrectly drops documents with score=0.0 during deduplication

## 35. runtime · 失败模式：performance: v2.27.0

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this performance risk before relying on the project: v2.27.0
- User impact: Upgrade or migration may change expected behavior: v2.27.0
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v2.27.0. Context: Observed when using python
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_9757a305d020b89fd79c9dc31c6a9d1c | https://github.com/deepset-ai/haystack/releases/tag/v2.27.0 | v2.27.0

## 36. maintenance · issue/PR 响应质量未知

- Severity: low
- Evidence strength: source_linked
- Finding: issue_or_pr_quality=unknown。
- User impact: 用户无法判断遇到问题后是否有人维护。
- Suggested check: 抽样最近 issue/PR，判断是否长期无人处理。
- Guardrail action: issue/PR 响应未知时，必须提示维护风险。
- Evidence: evidence.maintainer_signals | github_repo:221654678 | https://github.com/deepset-ai/haystack | issue_or_pr_quality=unknown

## 37. maintenance · 发布节奏不明确

- Severity: low
- Evidence strength: source_linked
- Finding: release_recency=unknown。
- User impact: 安装命令和文档可能落后于代码，用户踩坑概率升高。
- Suggested check: 确认最近 release/tag 和 README 安装命令是否一致。
- Guardrail action: 发布节奏未知或过期时，安装说明必须标注可能漂移。
- Evidence: evidence.maintainer_signals | github_repo:221654678 | https://github.com/deepset-ai/haystack | release_recency=unknown

## 38. maintenance · 失败模式：maintenance: v2.26.1

- Severity: low
- Evidence strength: source_linked
- Finding: Developers should check this maintenance risk before relying on the project: v2.26.1
- User impact: Upgrade or migration may change expected behavior: v2.26.1
- Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: v2.26.1. Context: Source discussion did not expose a precise runtime context.
- Guardrail action: State this as source-backed community evidence, not as Doramagic reproduction.
- Evidence: failure_mode_cluster:github_release | fmev_29416bd44cdae3aebbb8d4bd245bc398 | https://github.com/deepset-ai/haystack/releases/tag/v2.26.1 | v2.26.1