@codragraph/cli 2.1.4 → 2.1.5

package/dist/core/search/bm25-index.js

@@ -69,76 +69,6 @@ const FALLBACK_FIELD_WEIGHTS = {
     content: 2,
     description: 1,
 };
-/**
- * Per-process cache for the MCP pool path: tracks which `(repoId, table)`
- * pairs have been ensured. The CLI/pipeline path gets its own cache inside
- * `cgdb-adapter.ts` keyed by table/index, scoped to the singleton connection.
- *
- * IMPORTANT: an entry is added ONLY when the index was confirmed to exist
- * (CREATE_FTS_INDEX succeeded, or failed with `'already exists'`). Other
- * failures (transient lock errors, missing extension, etc.) leave the key
- * unset so the next query retries instead of silently caching the failure.
- *
- * Entries for a given repoId are invalidated when its pool is closed —
- * see the `addPoolCloseListener` registration in `searchFTSFromCgdb`.
- */
-const ensuredPoolFTS = new Set();
-/**
- * Drop all ensured-FTS cache entries for a given repoId.
- *
- * Called from the pool-close listener so that a pool teardown / recreation
- * forces the next `searchFTSFromCgdb` call to re-issue `CREATE_FTS_INDEX`
- * against the fresh connection rather than trust stale ensure-state from a
- * previous pool lifetime.
- *
- * Exported for tests; the listener wiring is internal.
- */
-export function invalidateEnsuredFTSForRepo(repoId) {
-    const prefix = `${repoId}:`;
-    for (const key of ensuredPoolFTS) {
-        if (key.startsWith(prefix))
-            ensuredPoolFTS.delete(key);
-    }
-}
-/**
- * Tracks whether we've already wired the pool-close listener for this
- * process. The pool adapter is dynamically imported, so registration
- * happens lazily on the first MCP-pool-backed FTS query.
- */
-let poolCloseListenerRegistered = false;
-function registerPoolCloseListenerOnce(addPoolCloseListener) {
-    if (poolCloseListenerRegistered)
-        return;
-    poolCloseListenerRegistered = true;
-    addPoolCloseListener((repoId) => invalidateEnsuredFTSForRepo(repoId));
-}
-async function ensureFTSIndexViaExecutor(executor, repoId, table, indexName, properties) {
-    const key = `${repoId}:${table}:${indexName}`;
-    if (ensuredPoolFTS.has(key))
-        return;
-    const propList = properties.map((p) => `'${p}'`).join(', ');
-    try {
-        await executor(`CALL CREATE_FTS_INDEX('${table}', '${indexName}', [${propList}], stemmer := 'porter')`);
-        // Index was created successfully — safe to cache.
-        ensuredPoolFTS.add(key);
-    }
-    catch (e) {
-        // 'already exists' is the happy path (index persists on disk between
-        // process invocations) — cache it. Anything else is treated as a
-        // transient failure: surface a one-time warning and leave the key
-        // unset so the NEXT query retries rather than silently using a
-        // cached failure (which previously disabled BM25 for the whole
-        // process for that repo).
-        const msg = String(e?.message ?? '');
-        if (msg.includes('already exists')) {
-            ensuredPoolFTS.add(key);
-        }
-        else {
-            console.warn(`[codragraph] FTS index ensure failed for repo "${repoId}" table "${table}" ` +
-                `(index "${indexName}"): ${msg || e}. Will retry on next query.`);
-        }
-    }
-}
 /**
  * Execute a single FTS query via a custom executor (for MCP connection pool).
  * Returns the same shape as core queryFTS (from LadybugDB adapter).
@@ -254,23 +184,16 @@ export const searchFTSFromCgdb = async (query, limit = 20, repoId) => {
         // IMPORTANT: FTS queries run sequentially to avoid connection contention.
         // The MCP pool supports multiple connections, but FTS is best run serially.
         const poolMod = await import('../cgdb/pool-adapter.js');
-        const { executeQuery, addPoolCloseListener } = poolMod;
-        // Register the pool-close listener lazily on first use so a teardown of
-        // the pool entry (LRU eviction, idle timeout, explicit close) drops the
-        // matching `ensuredPoolFTS` entries. Without this, stale ensure-state
-        // can outlive the pool that produced it.
-        registerPoolCloseListenerOnce(addPoolCloseListener);
+        const { executeQuery } = poolMod;
         const executor = (cypher) => executeQuery(repoId, cypher);
-        // Lazy-create FTS indexes on first query for this repo (analyze no longer
-        // creates them up-front, so we ensure them here). Cached per-process.
-        // RFC 0001 Phase 2.5: drop `content` from FTS properties for repos
-        // analysed with --compress brotli|zstd — the column holds encoded
-        // bytes and would tokenise to garbage.
+        // The MCP/LocalBackend pool is opened read-only so it can safely coexist
+        // with `codragraph analyze`. Do not issue CREATE_FTS_INDEX here: when
+        // persisted FTS indexes are missing, QUERY_FTS_INDEX falls through to the
+        // bounded BM25 fallback below without noisy write-failure retries.
+        // RFC 0001 Phase 2.5: drop `content` from fallback scoring for repos
+        // analysed with --compress brotli|zstd — the column holds encoded bytes.
         const compress = await getCompressMode(repoId);
         const properties = ftsPropertiesFor(compress);
-        for (const { table, indexName } of FTS_TABLES) {
-            await ensureFTSIndexViaExecutor(executor, repoId, table, indexName, properties);
-        }
         fileResults = await queryFTSViaExecutor(executor, 'File', 'file_fts', query, limit);
         functionResults = await queryFTSViaExecutor(executor, 'Function', 'function_fts', query, limit);
         classResults = await queryFTSViaExecutor(executor, 'Class', 'class_fts', query, limit);

package/dist/mcp/local/local-backend.d.ts

@@ -186,7 +186,9 @@ export declare class LocalBackend {
      */
     private semanticSearch;
     executeCypher(repoName: string, query: string): Promise<any>;
+    private trySimpleGraphstoreNodeScan;
     private cypher;
+    private executeLabellessNodeScan;
     /**
      * Format raw Cypher result rows as a markdown table for LLM readability.
      * Falls back to raw result if rows aren't tabular objects.

package/dist/mcp/local/local-backend.js

@@ -79,6 +79,105 @@ export const VALID_NODE_LABELS = new Set([
     'Route',
     'Tool',
 ]);
+const SIMPLE_LABELLESS_MATCH_RE = /^MATCH\s*\(\s*([A-Za-z_][A-Za-z0-9_]*)\s*\)/i;
+const CYPHER_LIMIT_RE = /\bLIMIT\s+(\d+)\s*;?\s*$/i;
+const CYPHER_RELATION_RE = /--|-\[|\]-|->|<-/;
+const NATIVE_UNSAFE_NODE_LABELS = new Set(['Union']);
+function quoteKnownNodeLabels(query) {
+    return query;
+}
+function getNativeUnsafeNodeLabel(query) {
+    const labelRe = /\(\s*[A-Za-z_][A-Za-z0-9_]*\s*:\s*`?([A-Za-z_][A-Za-z0-9_]*)`?(?=[\s){])/g;
+    for (const match of query.matchAll(labelRe)) {
+        const label = match[1];
+        if (NATIVE_UNSAFE_NODE_LABELS.has(label))
+            return label;
+    }
+    return null;
+}
+function safeNodeLabelForCypher(typeOrLabel, nodeId) {
+    const explicit = typeof typeOrLabel === 'string' ? typeOrLabel.trim() : '';
+    if (explicit && VALID_NODE_LABELS.has(explicit) && !NATIVE_UNSAFE_NODE_LABELS.has(explicit)) {
+        return explicit;
+    }
+    const id = typeof nodeId === 'string' ? nodeId : '';
+    const fromId = id.includes(':') ? id.slice(0, id.indexOf(':')) : '';
+    if (fromId && VALID_NODE_LABELS.has(fromId) && !NATIVE_UNSAFE_NODE_LABELS.has(fromId)) {
+        return fromId;
+    }
+    return null;
+}
+function firstNonEmptyString(...values) {
+    for (const value of values) {
+        if (typeof value === 'string' && value.trim().length > 0)
+            return value.trim();
+    }
+    return '';
+}
+function parseSimpleNodeScanQuery(query) {
+    const match = /^MATCH\s*\(\s*([A-Za-z_][A-Za-z0-9_]*)(?:\s*:\s*`?([A-Za-z_][A-Za-z0-9_]*)`?)?\s*\)\s*RETURN\s+(.+?)\s+LIMIT\s+(\d+)\s*;?\s*$/i.exec(query.trim());
+    if (!match)
+        return null;
+    const limit = Number.parseInt(match[4], 10);
+    if (!Number.isFinite(limit) || limit <= 0)
+        return null;
+    return {
+        alias: match[1],
+        label: match[2],
+        returnClause: match[3].trim(),
+        limit: Math.min(Math.trunc(limit), 1000),
+    };
+}
+function projectSimpleNodeRow(node, label, scan) {
+    const row = {};
+    const parts = scan.returnClause.split(/\s*,\s*/).filter(Boolean);
+    for (const part of parts) {
+        const asMatch = /^(.+?)\s+AS\s+([A-Za-z_][A-Za-z0-9_]*)$/i.exec(part.trim());
+        const expr = (asMatch?.[1] ?? part).trim();
+        const outKey = asMatch?.[2] ?? expr;
+        if (expr === scan.alias) {
+            row[outKey] = { ...node, _label: label };
+            continue;
+        }
+        const labelsMatch = new RegExp(`^labels\\(\\s*${scan.alias}\\s*\\)\\[0\\]$`, 'i').exec(expr);
+        if (labelsMatch) {
+            row[outKey] = label;
+            continue;
+        }
+        const propMatch = new RegExp(`^${scan.alias}\\.([A-Za-z_][A-Za-z0-9_]*)$`).exec(expr);
+        if (propMatch) {
+            row[outKey] = node[propMatch[1]];
+            continue;
+        }
+        return null;
+    }
+    return row;
+}
+function getSimpleLabellessNodeAlias(query) {
+    const trimmed = query.trim();
+    const match = SIMPLE_LABELLESS_MATCH_RE.exec(trimmed);
+    if (!match)
+        return null;
+    if (CYPHER_RELATION_RE.test(trimmed))
+        return null;
+    if (/\bMATCH\b/i.test(trimmed.slice(match[0].length)))
+        return null;
+    return match[1];
+}
+function getCypherLimit(query) {
+    const match = CYPHER_LIMIT_RE.exec(query);
+    if (!match)
+        return null;
+    const limit = Number.parseInt(match[1], 10);
+    return Number.isFinite(limit) && limit > 0 ? limit : null;
+}
+function withCypherLimit(query, limit) {
+    const safeLimit = Math.max(1, Math.trunc(limit));
+    if (CYPHER_LIMIT_RE.test(query)) {
+        return query.replace(CYPHER_LIMIT_RE, `LIMIT ${safeLimit}`);
+    }
+    return `${query.replace(/;\s*$/, '')} LIMIT ${safeLimit}`;
+}
 /** Valid relation types for impact analysis filtering */
 export const VALID_RELATION_TYPES = new Set([
     'CALLS',
@@ -1173,25 +1272,119 @@ export class LocalBackend {
         const repo = await this.resolveRepo(repoName);
         return this.cypher(repo, { query });
     }
-    async cypher(repo, params) {
-        await this.ensureInitialized(repo.id);
-        if (!isCgdbReady(repo.id)) {
-            return { error: 'LadybugDB not ready. Index may be corrupted.' };
+    async trySimpleGraphstoreNodeScan(repo, query) {
+        const scan = parseSimpleNodeScanQuery(query);
+        if (!scan)
+            return null;
+        if (scan.label && NATIVE_UNSAFE_NODE_LABELS.has(scan.label))
+            return [];
+        const objectsRoot = path.join(repo.storagePath, 'graphstore', 'objects');
+        try {
+            const stat = await fs.stat(objectsRoot);
+            if (!stat.isDirectory())
+                return null;
         }
+        catch {
+            return null;
+        }
+        const rows = [];
+        const visitDir = async (dir) => {
+            if (rows.length >= scan.limit)
+                return;
+            let entries;
+            try {
+                entries = await fs.readdir(dir, { withFileTypes: true });
+            }
+            catch {
+                return;
+            }
+            for (const entry of entries) {
+                if (rows.length >= scan.limit)
+                    return;
+                const entryPath = path.join(dir, entry.name);
+                if (entry.isDirectory()) {
+                    await visitDir(entryPath);
+                    continue;
+                }
+                if (!entry.isFile() || !entry.name.endsWith('.json'))
+                    continue;
+                try {
+                    const raw = await fs.readFile(entryPath, 'utf-8');
+                    const obj = JSON.parse(raw);
+                    const id = typeof obj.id === 'string' ? obj.id : '';
+                    if (!id || typeof obj.from === 'string' || typeof obj.to === 'string')
+                        continue;
+                    const label = id.includes(':') ? id.slice(0, id.indexOf(':')) : '';
+                    if (!label || (scan.label && label !== scan.label))
+                        continue;
+                    if (NATIVE_UNSAFE_NODE_LABELS.has(label))
+                        continue;
+                    const row = projectSimpleNodeRow(obj, label, scan);
+                    if (row)
+                        rows.push(row);
+                }
+                catch {
+                    // Ignore malformed graphstore objects; the native path remains available.
+                }
+            }
+        };
+        await visitDir(objectsRoot);
+        return rows;
+    }
+    async cypher(repo, params) {
         // Block write operations (defense-in-depth — DB is already read-only)
         if (isWriteQuery(params.query)) {
             return {
                 error: 'Write operations (CREATE, DELETE, SET, MERGE, REMOVE, DROP, ALTER, COPY, DETACH) are not allowed. The knowledge graph is read-only.',
             };
         }
+        const query = quoteKnownNodeLabels(params.query);
+        const unsafeLabel = getNativeUnsafeNodeLabel(query);
+        if (unsafeLabel) {
+            return [];
+        }
+        const graphstoreRows = await this.trySimpleGraphstoreNodeScan(repo, query);
+        if (graphstoreRows) {
+            return graphstoreRows;
+        }
+        await this.ensureInitialized(repo.id);
+        if (!isCgdbReady(repo.id)) {
+            return { error: 'LadybugDB not ready. Index may be corrupted.' };
+        }
+        const labellessAlias = getSimpleLabellessNodeAlias(query);
         try {
-            const result = await executeQuery(repo.id, params.query);
+            const result = labellessAlias
+                ? await this.executeLabellessNodeScan(repo.id, query, labellessAlias)
+                : await executeQuery(repo.id, query);
             return result;
         }
         catch (err) {
             return { error: err.message || 'Query failed' };
         }
     }
+    async executeLabellessNodeScan(repoId, query, alias) {
+        const limit = getCypherLimit(query) ?? 100;
+        const rows = [];
+        let lastError = null;
+        for (const label of VALID_NODE_LABELS) {
+            if (NATIVE_UNSAFE_NODE_LABELS.has(label))
+                continue;
+            if (rows.length >= limit)
+                break;
+            const labelQuery = withCypherLimit(query.replace(SIMPLE_LABELLESS_MATCH_RE, `MATCH (${alias}:\`${label}\`)`), limit - rows.length);
+            try {
+                const labelRows = await executeQuery(repoId, labelQuery);
+                rows.push(...labelRows);
+            }
+            catch (err) {
+                lastError = err instanceof Error ? err : new Error(String(err));
+            }
+        }
+        if (rows.length === 0 && lastError) {
+            throw lastError;
+        }
+        return rows.slice(0, limit);
+    }
     /**
      * Format raw Cypher result rows as a markdown table for LLM readability.
      * Falls back to raw result if rows aren't tabular objects.
@@ -1436,7 +1629,7 @@ export class LocalBackend {
             const symbol = {
                 id: (r.id ?? r[0]),
                 name: (r.name ?? r[1]),
-                type: (r.type ?? r[2] ?? ''),
+                type: firstNonEmptyString(r.type, r.__cgLabel, r[2]),
                 filePath: (r.filePath ?? r[3]),
                 startLine: (r.startLine ?? r[4]),
                 endLine: (r.endLine ?? r[5]),
@@ -1476,7 +1669,7 @@ export class LocalBackend {
         const normalized = rows.map((r) => ({
             id: (r.id ?? r[0]),
             name: (r.name ?? r[1]),
-            type: (r.type ?? r[2] ?? ''),
+            type: firstNonEmptyString(r.type, r.__cgLabel, r[2]),
             filePath: (r.filePath ?? r[3]),
             startLine: (r.startLine ?? r[4]),
             endLine: (r.endLine ?? r[5]),
@@ -2266,6 +2459,10 @@ export class LocalBackend {
         const impacted = [];
         const visited = new Set([symId]);
         let frontier = [symId];
+        const frontierTypes = new Map();
+        const symLabel = safeNodeLabelForCypher(symType, symId);
+        if (symLabel)
+            frontierTypes.set(symId, symLabel);
         let traversalComplete = true;
         // Fix #480: For Java (and other JVM) Class/Interface nodes, CALLS edges
         // point to Constructor nodes and IMPORTS edges point to File nodes — not
@@ -2279,16 +2476,16 @@ export class LocalBackend {
                 // Run both seed queries in parallel — they are independent.
                 const [ctorRows, fileRows] = await Promise.all([
                     executeParameterized(repo.id, `
-            MATCH (n)-[hm:CodeRelation]->(c:Constructor)
+            MATCH (n:${symLabel ?? symType})-[hm:CodeRelation]->(c:Constructor)
             WHERE n.id = $symId AND hm.type = 'HAS_METHOD'
-            RETURN c.id AS id, c.name AS name, labels(c)[0] AS type, c.filePath AS filePath
+            RETURN c.id AS id, c.name AS name, 'Constructor' AS type, c.filePath AS filePath
           `, { symId }),
                     // Restrict to DEFINES edges only — other File->Class edge types (if
                     // any) should not be treated as the owning file relationship.
                     executeParameterized(repo.id, `
-            MATCH (f:File)-[rel:CodeRelation]->(n)
+            MATCH (f:File)-[rel:CodeRelation]->(n:${symLabel ?? symType})
             WHERE n.id = $symId AND rel.type = 'DEFINES'
-            RETURN f.id AS id, f.name AS name, labels(f)[0] AS type, f.filePath AS filePath
+            RETURN f.id AS id, f.name AS name, 'File' AS type, f.filePath AS filePath
           `, { symId }),
                 ]);
                 for (const r of ctorRows) {
@@ -2296,6 +2493,9 @@ export class LocalBackend {
                     if (rid && !visited.has(rid)) {
                         visited.add(rid);
                         frontier.push(rid);
+                        const label = safeNodeLabelForCypher(r.type ?? r[2], rid);
+                        if (label)
+                            frontierTypes.set(rid, label);
                     }
                 }
                 for (const r of fileRows) {
@@ -2303,6 +2503,9 @@ export class LocalBackend {
                     if (rid && !visited.has(rid)) {
                         visited.add(rid);
                         frontier.push(rid);
+                        const label = safeNodeLabelForCypher(r.type ?? r[2], rid);
+                        if (label)
+                            frontierTypes.set(rid, label);
                     }
                 }
             }
@@ -2312,13 +2515,23 @@ export class LocalBackend {
         }
         for (let depth = 1; depth <= maxDepth && frontier.length > 0; depth++) {
             const nextFrontier = [];
-            // Batch frontier nodes into a single Cypher query per depth level
-            const idList = frontier.map((id) => `'${id.replace(/'/g, "''")}'`).join(', ');
-            const query = direction === 'upstream'
-                ? `MATCH (caller)-[r:CodeRelation]->(n) WHERE n.id IN [${idList}] AND r.type IN [${relTypeFilter}]${confidenceFilter} RETURN n.id AS sourceId, caller.id AS id, caller.name AS name, labels(caller)[0] AS type, caller.filePath AS filePath, r.type AS relType, r.confidence AS confidence`
-                : `MATCH (n)-[r:CodeRelation]->(callee) WHERE n.id IN [${idList}] AND r.type IN [${relTypeFilter}]${confidenceFilter} RETURN n.id AS sourceId, callee.id AS id, callee.name AS name, labels(callee)[0] AS type, callee.filePath AS filePath, r.type AS relType, r.confidence AS confidence`;
             try {
-                const related = await executeQuery(repo.id, query);
+                const frontierByLabel = new Map();
+                for (const id of frontier) {
+                    const label = frontierTypes.get(id) ?? safeNodeLabelForCypher(undefined, id) ?? '';
+                    const ids = frontierByLabel.get(label) ?? [];
+                    ids.push(id);
+                    frontierByLabel.set(label, ids);
+                }
+                const related = [];
+                for (const [label, ids] of frontierByLabel) {
+                    const idList = ids.map((id) => `'${id.replace(/'/g, "''")}'`).join(', ');
+                    const targetPattern = label ? `(n:${label})` : '(n)';
+                    const query = direction === 'upstream'
+                        ? `MATCH (caller)-[r:CodeRelation]->${targetPattern} WHERE n.id IN [${idList}] AND r.type IN [${relTypeFilter}]${confidenceFilter} RETURN n.id AS sourceId, caller.id AS id, caller.name AS name, labels(caller)[0] AS type, caller.filePath AS filePath, r.type AS relType, r.confidence AS confidence`
+                        : `MATCH ${targetPattern}-[r:CodeRelation]->(callee) WHERE n.id IN [${idList}] AND r.type IN [${relTypeFilter}]${confidenceFilter} RETURN n.id AS sourceId, callee.id AS id, callee.name AS name, labels(callee)[0] AS type, callee.filePath AS filePath, r.type AS relType, r.confidence AS confidence`;
+                    related.push(...(await executeQuery(repo.id, query)));
+                }
                 for (const rel of related) {
                     const relId = rel.id || rel[1];
                     const filePath = rel.filePath || rel[4] || '';
@@ -2327,6 +2540,10 @@ export class LocalBackend {
                     if (!visited.has(relId)) {
                         visited.add(relId);
                         nextFrontier.push(relId);
+                        const relTypeLabel = firstNonEmptyString(rel.type, rel.__cgLabel, rel[3]);
+                        const relLabel = safeNodeLabelForCypher(relTypeLabel, relId);
+                        if (relLabel)
+                            frontierTypes.set(relId, relLabel);
                         const storedConfidence = rel.confidence ?? rel[6];
                         const relationType = rel.relType || rel[5];
                         // Prefer the stored confidence from the graph (set at analysis time);
@@ -2338,7 +2555,7 @@ export class LocalBackend {
                             depth,
                             id: relId,
                             name: rel.name || rel[2],
-                            type: rel.type || rel[3],
+                            type: relTypeLabel,
                             filePath,
                             relationType,
                             confidence: effectiveConfidence,

package/hooks/claude/codragraph-hook.cjs

@@ -12,27 +12,8 @@
  */
 
 const fs = require('fs');
-const os = require('os');
 const path = require('path');
-const { spawnSync, spawn } = require('child_process');
-
-/**
- * Decide whether background auto-reindex is opted in. Two equivalent signals:
- *   1. CODRAGRAPH_AUTO_REINDEX=1 in env (good for shells, CI)
- *   2. `{ "autoReindex": true }` in ~/.codragraph/config.json (good for GUI
- *      editor launches on Windows, where shell env doesn't propagate to
- *      hook child processes reliably)
- */
-function isAutoReindexEnabled() {
-  if (process.env.CODRAGRAPH_AUTO_REINDEX === '1') return true;
-  try {
-    const configPath = path.join(os.homedir(), '.codragraph', 'config.json');
-    const config = JSON.parse(fs.readFileSync(configPath, 'utf-8'));
-    return config && config.autoReindex === true;
-  } catch {
-    return false;
-  }
-}
+const { spawnSync } = require('child_process');
 
 /**
  * Read JSON input from stdin synchronously.
@@ -52,7 +33,7 @@ function readInput() {
  */
 function findCodraGraphDir(startDir) {
   let dir = startDir || process.cwd();
-  for (let i = 0; i < 5; i++) {
+  for (let i = 0; i < 8; i++) {
     const candidate = path.join(dir, '.codragraph');
     if (fs.existsSync(candidate)) return candidate;
     const parent = path.dirname(dir);
@@ -138,21 +119,9 @@ function resolveCliPath() {
   return cliPath;
 }
 
-function isRunningUnderBun() {
-  const userAgent = (process.env.npm_config_user_agent || '').toLowerCase();
-  const execBase = path.basename(process.env.npm_execpath || '').toLowerCase();
-  return userAgent.startsWith('bun/') || execBase === 'bun' || execBase === 'bun.exe';
-}
-
-function getPackageRunnerArgs(args) {
-  const useBun = isRunningUnderBun();
-  if (useBun) return { bin: 'bunx', args: ['@codragraph/cli', ...args] };
-  return { bin: 'npx', args: ['-y', '@codragraph/cli', ...args] };
-}
-
 /**
  * Spawn a codragraph CLI command synchronously.
- * Returns the stderr output (KuzuDB captures stdout at OS level).
+ * Returns the stderr output (native graph bindings may capture stdout).
  */
 function runCodraGraphCli(cliPath, args, cwd, timeout) {
   const isWin = process.platform === 'win32';
@@ -164,20 +133,20 @@ function runCodraGraphCli(cliPath, args, cwd, timeout) {
       stdio: ['pipe', 'pipe', 'pipe'],
     });
   }
-  // Package-runner fallback: on Windows, Node 22's spawn refuses to launch
-  // `.cmd` shims directly, so route through `cmd /c`. POSIX direct-spawn is fine.
-  const runner = getPackageRunnerArgs(args);
+  // Hot-path hook fallback: try an already-installed binary only. Never invoke
+  // npx/bunx from a hook because that can fetch/install packages and make the
+  // agent appear hung.
   if (isWin) {
-    return spawnSync('cmd', ['/c', runner.bin, ...runner.args], {
+    return spawnSync('cmd', ['/c', 'codragraph', ...args], {
       encoding: 'utf-8',
-      timeout: timeout + 5000,
+      timeout,
       cwd,
       stdio: ['pipe', 'pipe', 'pipe'],
     });
   }
-  return spawnSync(runner.bin, runner.args, {
+  return spawnSync('codragraph', args, {
     encoding: 'utf-8',
-    timeout: timeout + 5000,
+    timeout,
     cwd,
     stdio: ['pipe', 'pipe', 'pipe'],
   });
@@ -229,11 +198,10 @@ function sendHookResponse(hookEventName, message) {
 /**
  * PostToolUse handler — detect index staleness after git mutations.
  *
- * Instead of spawning a full `codragraph analyze` synchronously (which blocks
- * the agent for up to 120s and risks KuzuDB corruption on timeout), we do a
- * lightweight staleness check: compare `git rev-parse HEAD` against the
- * lastCommit stored in `.codragraph/meta.json`. If they differ, notify the
- * agent so it can decide when to reindex.
+ * Hooks must not own writes to `.codragraph`. They run inside the agent's hot
+ * path, so starting analyze from here can contend with MCP/LadybugDB and make
+ * normal edits feel hung. Keep this to a cheap metadata comparison and let the
+ * user or agent run the CLI explicitly when fresh graph context is required.
  */
 function handlePostToolUse(input) {
   const toolName = input.tool_name || '';
@@ -283,85 +251,10 @@ function handlePostToolUse(input) {
   const analyzeArgs = `analyze${hadEmbeddings ? ' --embeddings' : ''}`;
   const analyzeCmd = `npx @codragraph/cli ${analyzeArgs} (or bunx @codragraph/cli ${analyzeArgs})`;
 
-  // Opt-in background auto-reindex.
-  // Default stays as notification-only because spawning analyze while an MCP
-  // server holds LadybugDB will fail with a database-busy error — the
-  // notification path lets the agent reindex at a quiet moment instead.
-  // Power users who run MCP outside Claude Code's lifecycle can opt in via
-  // CODRAGRAPH_AUTO_REINDEX=1 or `{ "autoReindex": true }` in
-  // ~/.codragraph/config.json.
-  if (isAutoReindexEnabled()) {
-    // The "coalesce" file is a single-process gate: it exists only while a
-    // reindex is in flight. The spawned analyze removes it on exit (success or
-    // failure) via CODRAGRAPH_REINDEX_LOCK_PATH; the 10-min mtime fallback
-    // catches the rare crash that bypasses analyze's exit handler.
-    const coalescePath = path.join(codragraphDir, '.reindex.coalesce');
-    const crashSafetyTtlMs = 10 * 60 * 1000;
-    let inFlight = false;
-    try {
-      const stat = fs.statSync(coalescePath);
-      if (Date.now() - stat.mtimeMs < crashSafetyTtlMs) inFlight = true;
-    } catch {
-      /* no coalesce file — no reindex in flight */
-    }
-
-    if (!inFlight) {
-      try {
-        fs.writeFileSync(coalescePath, String(process.pid));
-      } catch {
-        /* best-effort — gate is for coalescing, not correctness */
-      }
-
-      const cliPath = resolveCliPath();
-      const reindexArgs = hadEmbeddings
-        ? ['analyze', '--embeddings', '--no-setup']
-        : ['analyze', '--no-setup'];
-      const spawnEnv = { ...process.env, CODRAGRAPH_REINDEX_LOCK_PATH: coalescePath };
-      const spawnOpts = {
-        cwd,
-        detached: true,
-        stdio: 'ignore',
-        windowsHide: true,
-        env: spawnEnv,
-      };
-      try {
-        let child;
-        if (cliPath) {
-          child = spawn(process.execPath, [cliPath, ...reindexArgs], spawnOpts);
-        } else if (process.platform === 'win32') {
-          const runner = getPackageRunnerArgs(reindexArgs);
-          child = spawn('cmd', ['/c', runner.bin, ...runner.args], spawnOpts);
-        } else {
-          const runner = getPackageRunnerArgs(reindexArgs);
-          child = spawn(runner.bin, runner.args, spawnOpts);
-        }
-        child.unref();
-      } catch {
-        /* spawn failed — fall through to notification */
-      }
-
-      sendHookResponse(
-        'PostToolUse',
-        `CodraGraph: auto-reindex started in background ` +
-          `(HEAD ${lastCommit ? lastCommit.slice(0, 7) : 'never'} → ${currentHead.slice(0, 7)}). ` +
-          `If an MCP server is currently holding the database, the reindex will fail silently — ` +
-          `run \`${analyzeCmd}\` manually after closing the agent session.`,
-      );
-      return;
-    }
-
-    sendHookResponse(
-      'PostToolUse',
-      `CodraGraph: auto-reindex coalesced — another reindex is in flight (will pick up your latest commit when it finishes).`,
-    );
-    return;
-  }
-
   sendHookResponse(
     'PostToolUse',
     `CodraGraph index is stale (last indexed: ${lastCommit ? lastCommit.slice(0, 7) : 'never'}). ` +
-      `Run \`${analyzeCmd}\` to update the knowledge graph. ` +
-      `Set CODRAGRAPH_AUTO_REINDEX=1 (or autoReindex: true in ~/.codragraph/config.json) for background auto-reindex.`,
+      `Run \`${analyzeCmd}\` when you need fresh graph context. Hooks never start analyze in the background.`,
   );
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codragraph/cli",
-  "version": "2.1.4",
+  "version": "2.1.5",
   "description": "Graph-powered code intelligence for AI agents. Index any codebase, query via MCP or CLI.",
   "author": {
     "name": "Thinqmesh Technologies",