The quality and security of retrieval is determined not only by what happens during search but by what happens before the query reaches the vector database. Pre-retrieval filtering and query transformation sit between user input and the retrieval process, serving simultaneously as the primary defence against adversarial inputs and the primary lever for search relevance optimisation. Organisations that neglect this layer deploy RAG systems that are vulnerable to injection attacks, retrieve irrelevant content, and fail to leverage conversational context that would materially improve output quality. The Aigos Blueprint treats the pre-retrieval phase as a critical production engineering challenge, not an optional enhancement.
📄 Download the Full Blueprint: Advanced Production RAG – Performance and Security
Input Validation and Sanitisation
The first function of pre-retrieval processing is validating and sanitising user input before it influences retrieval. In production environments, user inputs are not always well-intentioned or well-formed. Malicious actors craft inputs designed to bypass controls, extract sensitive information from the knowledge base, or manipulate model behaviour through prompt injection. Well-intentioned users may submit queries containing special characters, encoding anomalies, or structural patterns that cause errors in downstream processing.
Filtering out special characters and stop words is a baseline sanitisation measure. Special characters, including punctuation marks, symbols, and encoding anomalies, can be removed or normalised to prevent processing errors and reduce the attack surface for injection attempts. Stop words that do not affect search relevance can be removed to optimise query performance without affecting retrieval quality.
Entity Recognition and Validation
Entity recognition identifies specific entities in user input, such as names, locations, organisations, dates, and domain-specific identifiers, and validates that they are well-formed and within expected parameters. This improves retrieval precision by anchoring queries to specific entities in the knowledge base rather than relying solely on semantic similarity. It also serves a security function: recognising and validating entities helps detect queries that reference entities the querying user should not access, enabling access control policies to be applied at the pre-retrieval stage before any data is retrieved.
Query Rewriting and Augmentation
Raw user queries are often suboptimal for vector search. Users phrase questions in conversational language, use ambiguous terms, or ask questions the knowledge base answers only indirectly. Query rewriting transforms user queries into forms more effective for retrieval, expanding abbreviations, resolving ambiguous terminology, adding context, or restructuring the query to match the semantic patterns of the knowledge base.
The Blueprint identifies three approaches: rule-based approaches that apply domain-specific transformations through pattern matching; machine learning approaches that train models on labelled query-retrieval pairs to learn effective rewriting strategies; and hybrid approaches that combine the precision of rule-based systems with the flexibility of learned models. The appropriate approach depends on the domain, the volume of available training data, and the sophistication the rewriting function requires.
Prior Conversation Stacking
For RAG systems deployed in conversational interfaces, context from previous exchanges is essential for accurate retrieval. A user who asks “What were the key changes?” following a discussion of a specific regulatory update requires the system to understand that “key changes” refers to that specific regulatory context. Prior conversation stacking incorporates conversational history into the current query, materially improving retrieval relevance in multi-turn interactions.
Implementation approaches include contextual embedding, which represents conversation history as a vector that captures semantic relationships between previous exchanges and the current query; query chaining, which links successive queries to form a chain of context; and contextualised language models that inherently incorporate conversational context into query representations. Each approach carries different computational costs and context retention characteristics that must be matched to the deployment environment’s latency and resource constraints.
📄 Download the Full Blueprint: Advanced Production RAG – Performance and Security