@graphmemory/server 1.2.0 → 1.3.0

package/dist/api/tools/docs/cross-references.js

@@ -17,8 +17,9 @@ function register(server, docMgr, codeMgr) {
     }, async ({ symbol }) => {
         // 1. Search CodeGraph for definitions
         const definitions = [];
+        const symbolLower = symbol.toLowerCase();
         codeGraph.forEachNode((id, attrs) => {
-            if (attrs.name === symbol) {
+            if (attrs.name === symbol || attrs.name.toLowerCase() === symbolLower) {
                 definitions.push({
                     id,
                     fileId: attrs.fileId,
@@ -38,7 +39,7 @@ function register(server, docMgr, codeMgr) {
         docGraph.forEachNode((id, attrs) => {
             if (attrs.symbols.length === 0)
                 return;
-            if (!attrs.symbols.includes(symbol))
+            if (!attrs.symbols.some(s => s === symbol || s.toLowerCase() === symbolLower))
                 return;
             examples.push({
                 id,

package/dist/api/tools/docs/explain-symbol.js

@@ -14,13 +14,14 @@ function register(server, mgr) {
             limit: zod_1.z.number().optional().describe('Max results to return (default 10)'),
         },
     }, async ({ symbol, limit = 10 }) => {
+        const symbolLower = symbol.toLowerCase();
         const results = [];
         graph.forEachNode((id, attrs) => {
             if (results.length >= limit)
                 return;
             if (attrs.symbols.length === 0)
                 return;
-            if (!attrs.symbols.includes(symbol))
+            if (!attrs.symbols.some(s => s === symbol || s.toLowerCase() === symbolLower))
                 return;
             // Find the parent text section
             const parent = findParentTextSection(graph, id, attrs);

package/dist/api/tools/docs/find-examples.js

@@ -14,13 +14,14 @@ function register(server, mgr) {
             limit: zod_1.z.number().optional().describe('Max results to return (default 20)'),
         },
     }, async ({ symbol, limit = 20 }) => {
+        const symbolLower = symbol.toLowerCase();
         const results = [];
         graph.forEachNode((id, attrs) => {
             if (results.length >= limit)
                 return;
             if (attrs.symbols.length === 0)
                 return;
-            if (!attrs.symbols.includes(symbol))
+            if (!attrs.symbols.some(s => s === symbol || s.toLowerCase() === symbolLower))
                 return;
             // Find parent text section (previous node with lower level and no language)
             const parentId = findParentSection(graph, id, attrs);

package/dist/api/tools/docs/search-files.js

@@ -12,7 +12,7 @@ function register(server, mgr) {
             'Use this to discover which doc files are relevant before diving into content with search or get_toc.',
         inputSchema: {
             query: zod_1.z.string().describe('Natural language search query, e.g. "authentication setup" or "API endpoints"'),
-            topK: zod_1.z.number().optional().describe('Maximum number of results to return (default 10)'),
+            topK: zod_1.z.number().min(1).max(500).optional().describe('Maximum number of results to return (default 10)'),
             minScore: zod_1.z.number().min(0).max(1).optional().describe('Minimum relevance score 0–1 (default 0.3)'),
         },
     }, async ({ query, topK, minScore }) => {

package/dist/api/tools/docs/search-snippets.js

@@ -12,7 +12,7 @@ function register(server, mgr) {
             'Returns code block nodes sorted by relevance score.',
         inputSchema: {
             query: zod_1.z.string().describe('Natural language search query'),
-            topK: zod_1.z.number().optional().describe('Max results to return (default 10)'),
+            topK: zod_1.z.number().min(1).max(500).optional().describe('Max results to return (default 10)'),
             minScore: zod_1.z.number().min(0).max(1).optional().describe('Minimum relevance score 0–1 (default 0.3)'),
             language: zod_1.z.string().optional().describe('Filter by language, e.g. "typescript", "python"'),
         },

package/dist/api/tools/docs/search.js

@@ -5,7 +5,8 @@ const zod_1 = require("zod");
 function register(server, mgr) {
     server.registerTool('search', {
         description: 'Semantic search over the indexed documentation. ' +
-            'Finds the most relevant sections using vector similarity, then expands results ' +
+            'Supports three modes: hybrid (default, BM25 + vector), vector, keyword. ' +
+            'Finds the most relevant sections, then expands results ' +
             'by traversing links between documents (graph walk). ' +
             'Returns an array of chunks sorted by relevance score (0–1), each with: ' +
             'id, fileId, title, content, level, score. ' +
@@ -13,9 +14,9 @@ function register(server, mgr) {
             'Prefer this tool when looking for information without knowing which file contains it.',
         inputSchema: {
             query: zod_1.z.string().describe('Natural language search query'),
-            topK: zod_1.z.number().optional().describe('How many top similar sections to use as seeds for graph expansion (default 5)'),
-            bfsDepth: zod_1.z.number().optional().describe('How many hops to follow cross-document links from each seed (default 1; 0 = no expansion)'),
-            maxResults: zod_1.z.number().optional().describe('Maximum number of results to return (default 20)'),
+            topK: zod_1.z.number().min(1).max(500).optional().describe('How many top similar sections to use as seeds for graph expansion (default 5)'),
+            bfsDepth: zod_1.z.number().min(0).max(10).optional().describe('How many hops to follow cross-document links from each seed (default 1; 0 = no expansion)'),
+            maxResults: zod_1.z.number().min(1).max(500).optional().describe('Maximum number of results to return (default 20)'),
             minScore: zod_1.z.number().min(0).max(1).optional().describe('Minimum relevance score threshold 0–1; lower values return more results (default 0.5)'),
             bfsDecay: zod_1.z.number().min(0).max(1).optional().describe('Score multiplier applied per graph hop; controls how quickly relevance fades with distance (default 0.8)'),
             searchMode: zod_1.z.enum(['hybrid', 'vector', 'keyword']).optional().describe('Search mode: hybrid (default, BM25 + vector), vector (embedding only), keyword (BM25 only)'),

package/dist/api/tools/file-index/search-all-files.js

@@ -12,7 +12,7 @@ function register(server, mgr) {
             'Use this to discover which project files are relevant to a topic.',
         inputSchema: {
             query: zod_1.z.string().describe('Search query'),
-            topK: zod_1.z.number().optional().default(10)
+            topK: zod_1.z.number().min(1).max(500).optional().default(10)
                 .describe('Max results (default 10)'),
             minScore: zod_1.z.number().optional().default(0.3)
                 .describe('Minimum cosine similarity score (default 0.3)'),

package/dist/api/tools/knowledge/add-attachment.js

@@ -17,11 +17,22 @@ function register(server, mgr) {
             filePath: zod_1.z.string().describe('Absolute path to the file on disk'),
         },
     }, async ({ noteId, filePath }) => {
-        if (!fs_1.default.existsSync(filePath)) {
+        const resolved = path_1.default.resolve(filePath);
+        let stat;
+        try {
+            stat = fs_1.default.statSync(resolved);
+        }
+        catch {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'File not found' }) }], isError: true };
         }
-        const data = fs_1.default.readFileSync(filePath);
-        const filename = path_1.default.basename(filePath);
+        if (!stat.isFile()) {
+            return { content: [{ type: 'text', text: JSON.stringify({ error: 'Path is not a regular file' }) }], isError: true };
+        }
+        if (stat.size > 50 * 1024 * 1024) {
+            return { content: [{ type: 'text', text: JSON.stringify({ error: 'File exceeds 50 MB limit' }) }], isError: true };
+        }
+        const data = fs_1.default.readFileSync(resolved);
+        const filename = path_1.default.basename(resolved);
         const meta = mgr.addAttachment(noteId, filename, data);
         if (!meta) {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'Note not found or no project dir' }) }], isError: true };

package/dist/api/tools/knowledge/remove-attachment.js

@@ -7,7 +7,11 @@ function register(server, mgr) {
         description: 'Remove an attachment from a note. The file is deleted from disk.',
         inputSchema: {
             noteId: zod_1.z.string().describe('ID of the note'),
-            filename: zod_1.z.string().describe('Filename of the attachment to remove'),
+            filename: zod_1.z.string().min(1).max(255)
+                .refine(s => !/[/\\]/.test(s), 'Filename must not contain path separators')
+                .refine(s => !s.includes('..'), 'Filename must not contain ..')
+                .refine(s => !s.includes('\0'), 'Filename must not contain null bytes')
+                .describe('Filename of the attachment to remove'),
         },
     }, async ({ noteId, filename }) => {
         const ok = mgr.removeAttachment(noteId, filename);

package/dist/api/tools/knowledge/search-notes.js

@@ -5,15 +5,16 @@ const zod_1 = require("zod");
 function register(server, mgr) {
     server.registerTool('search_notes', {
         description: 'Semantic search over the knowledge graph (facts and notes). ' +
-            'Finds the most relevant notes using vector similarity, then expands results ' +
+            'Supports three modes: hybrid (default, BM25 + vector), vector, keyword. ' +
+            'Finds the most relevant notes, then expands results ' +
             'by traversing relations between notes (graph walk). ' +
             'Returns an array sorted by relevance score (0–1), each with: ' +
             'id, title, content, tags, score.',
         inputSchema: {
             query: zod_1.z.string().describe('Natural language search query'),
-            topK: zod_1.z.number().optional().describe('How many top similar notes to use as seeds (default 5)'),
-            bfsDepth: zod_1.z.number().optional().describe('How many hops to follow relations from each seed (default 1; 0 = no expansion)'),
-            maxResults: zod_1.z.number().optional().describe('Maximum number of results to return (default 20)'),
+            topK: zod_1.z.number().min(1).max(500).optional().describe('How many top similar notes to use as seeds (default 5)'),
+            bfsDepth: zod_1.z.number().min(0).max(10).optional().describe('How many hops to follow relations from each seed (default 1; 0 = no expansion)'),
+            maxResults: zod_1.z.number().min(1).max(500).optional().describe('Maximum number of results to return (default 20)'),
             minScore: zod_1.z.number().min(0).max(1).optional().describe('Minimum relevance score 0–1 (default 0.5)'),
             bfsDecay: zod_1.z.number().min(0).max(1).optional().describe('Score multiplier per hop (default 0.8)'),
             searchMode: zod_1.z.enum(['hybrid', 'vector', 'keyword']).optional().describe('Search mode: hybrid (default, BM25 + vector), vector (embedding only), keyword (BM25 only)'),

package/dist/api/tools/skills/add-attachment.js

@@ -17,11 +17,22 @@ function register(server, mgr) {
             filePath: zod_1.z.string().describe('Absolute path to the file on disk'),
         },
     }, async ({ skillId, filePath }) => {
-        if (!fs_1.default.existsSync(filePath)) {
+        const resolved = path_1.default.resolve(filePath);
+        let stat;
+        try {
+            stat = fs_1.default.statSync(resolved);
+        }
+        catch {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'File not found' }) }], isError: true };
         }
-        const data = fs_1.default.readFileSync(filePath);
-        const filename = path_1.default.basename(filePath);
+        if (!stat.isFile()) {
+            return { content: [{ type: 'text', text: JSON.stringify({ error: 'Path is not a regular file' }) }], isError: true };
+        }
+        if (stat.size > 50 * 1024 * 1024) {
+            return { content: [{ type: 'text', text: JSON.stringify({ error: 'File exceeds 50 MB limit' }) }], isError: true };
+        }
+        const data = fs_1.default.readFileSync(resolved);
+        const filename = path_1.default.basename(resolved);
         const meta = mgr.addAttachment(skillId, filename, data);
         if (!meta) {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'Skill not found or no project dir' }) }], isError: true };

package/dist/api/tools/skills/recall-skills.js

@@ -8,7 +8,7 @@ function register(server, mgr) {
             'minScore default (0.3) for higher recall. Use at the start of a task to find applicable recipes.',
         inputSchema: {
             context: zod_1.z.string().describe('Description of the current task or context to match skills against'),
-            topK: zod_1.z.number().optional().describe('How many top similar skills to use as seeds (default 5)'),
+            topK: zod_1.z.number().min(1).max(500).optional().describe('How many top similar skills to use as seeds (default 5)'),
             minScore: zod_1.z.number().min(0).max(1).optional().describe('Minimum relevance score 0–1 (default 0.3)'),
         },
     }, async ({ context, topK, minScore }) => {

package/dist/api/tools/skills/remove-attachment.js

@@ -7,7 +7,11 @@ function register(server, mgr) {
         description: 'Remove an attachment from a skill. The file is deleted from disk.',
         inputSchema: {
             skillId: zod_1.z.string().describe('ID of the skill'),
-            filename: zod_1.z.string().describe('Filename of the attachment to remove'),
+            filename: zod_1.z.string().min(1).max(255)
+                .refine(s => !/[/\\]/.test(s), 'Filename must not contain path separators')
+                .refine(s => !s.includes('..'), 'Filename must not contain ..')
+                .refine(s => !s.includes('\0'), 'Filename must not contain null bytes')
+                .describe('Filename of the attachment to remove'),
         },
     }, async ({ skillId, filename }) => {
         const ok = mgr.removeAttachment(skillId, filename);

package/dist/api/tools/skills/search-skills.js

@@ -5,15 +5,16 @@ const zod_1 = require("zod");
 function register(server, mgr) {
     server.registerTool('search_skills', {
         description: 'Semantic search over the skill graph. ' +
-            'Finds the most relevant skills using vector similarity, then expands results ' +
+            'Supports three modes: hybrid (default, BM25 + vector), vector, keyword. ' +
+            'Finds the most relevant skills, then expands results ' +
             'by traversing relations between skills (graph walk). ' +
             'Returns an array sorted by relevance score (0–1), each with: ' +
-            'id, title, description, tags, source, confidence, score.',
+            'id, title, description, tags, source, confidence, usageCount, score.',
         inputSchema: {
             query: zod_1.z.string().describe('Natural language search query'),
-            topK: zod_1.z.number().optional().describe('How many top similar skills to use as seeds (default 5)'),
-            bfsDepth: zod_1.z.number().optional().describe('How many hops to follow relations from each seed (default 1; 0 = no expansion)'),
-            maxResults: zod_1.z.number().optional().describe('Maximum number of results to return (default 20)'),
+            topK: zod_1.z.number().min(1).max(500).optional().describe('How many top similar skills to use as seeds (default 5)'),
+            bfsDepth: zod_1.z.number().min(0).max(10).optional().describe('How many hops to follow relations from each seed (default 1; 0 = no expansion)'),
+            maxResults: zod_1.z.number().min(1).max(500).optional().describe('Maximum number of results to return (default 20)'),
             minScore: zod_1.z.number().min(0).max(1).optional().describe('Minimum relevance score 0–1 (default 0.5)'),
             bfsDecay: zod_1.z.number().min(0).max(1).optional().describe('Score multiplier per hop (default 0.8)'),
             searchMode: zod_1.z.enum(['hybrid', 'vector', 'keyword']).optional().describe('Search mode: hybrid (default, BM25 + vector), vector (embedding only), keyword (BM25 only)'),

package/dist/api/tools/tasks/add-attachment.js

@@ -17,11 +17,22 @@ function register(server, mgr) {
             filePath: zod_1.z.string().describe('Absolute path to the file on disk'),
         },
     }, async ({ taskId, filePath }) => {
-        if (!fs_1.default.existsSync(filePath)) {
+        const resolved = path_1.default.resolve(filePath);
+        let stat;
+        try {
+            stat = fs_1.default.statSync(resolved);
+        }
+        catch {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'File not found' }) }], isError: true };
         }
-        const data = fs_1.default.readFileSync(filePath);
-        const filename = path_1.default.basename(filePath);
+        if (!stat.isFile()) {
+            return { content: [{ type: 'text', text: JSON.stringify({ error: 'Path is not a regular file' }) }], isError: true };
+        }
+        if (stat.size > 50 * 1024 * 1024) {
+            return { content: [{ type: 'text', text: JSON.stringify({ error: 'File exceeds 50 MB limit' }) }], isError: true };
+        }
+        const data = fs_1.default.readFileSync(resolved);
+        const filename = path_1.default.basename(resolved);
         const meta = mgr.addAttachment(taskId, filename, data);
         if (!meta) {
             return { content: [{ type: 'text', text: JSON.stringify({ error: 'Task not found or no project dir' }) }], isError: true };

package/dist/api/tools/tasks/remove-attachment.js

@@ -7,7 +7,11 @@ function register(server, mgr) {
         description: 'Remove an attachment from a task. The file is deleted from disk.',
         inputSchema: {
             taskId: zod_1.z.string().describe('ID of the task'),
-            filename: zod_1.z.string().describe('Filename of the attachment to remove'),
+            filename: zod_1.z.string().min(1).max(255)
+                .refine(s => !/[/\\]/.test(s), 'Filename must not contain path separators')
+                .refine(s => !s.includes('..'), 'Filename must not contain ..')
+                .refine(s => !s.includes('\0'), 'Filename must not contain null bytes')
+                .describe('Filename of the attachment to remove'),
         },
     }, async ({ taskId, filename }) => {
         const ok = mgr.removeAttachment(taskId, filename);

package/dist/api/tools/tasks/search-tasks.js

@@ -5,15 +5,16 @@ const zod_1 = require("zod");
 function register(server, mgr) {
     server.registerTool('search_tasks', {
         description: 'Semantic search over the task graph. ' +
-            'Finds the most relevant tasks using vector similarity, then expands results ' +
+            'Supports three modes: hybrid (default, BM25 + vector), vector, keyword. ' +
+            'Finds the most relevant tasks, then expands results ' +
             'by traversing relations between tasks (graph walk). ' +
             'Returns an array sorted by relevance score (0–1), each with: ' +
             'id, title, description, status, priority, tags, score.',
         inputSchema: {
             query: zod_1.z.string().describe('Natural language search query'),
-            topK: zod_1.z.number().optional().describe('How many top similar tasks to use as seeds (default 5)'),
-            bfsDepth: zod_1.z.number().optional().describe('How many hops to follow relations from each seed (default 1; 0 = no expansion)'),
-            maxResults: zod_1.z.number().optional().describe('Maximum number of results to return (default 20)'),
+            topK: zod_1.z.number().min(1).max(500).optional().describe('How many top similar tasks to use as seeds (default 5)'),
+            bfsDepth: zod_1.z.number().min(0).max(10).optional().describe('How many hops to follow relations from each seed (default 1; 0 = no expansion)'),
+            maxResults: zod_1.z.number().min(1).max(500).optional().describe('Maximum number of results to return (default 20)'),
             minScore: zod_1.z.number().min(0).max(1).optional().describe('Minimum relevance score 0–1 (default 0.5)'),
             bfsDecay: zod_1.z.number().min(0).max(1).optional().describe('Score multiplier per hop (default 0.8)'),
             searchMode: zod_1.z.enum(['hybrid', 'vector', 'keyword']).optional().describe('Search mode: hybrid (default, BM25 + vector), vector (embedding only), keyword (BM25 only)'),

package/dist/cli/index.js

@@ -18,7 +18,7 @@ const program = new commander_1.Command();
 program
     .name('graphmemory')
     .description('MCP server for semantic graph memory from markdown docs and source code')
-    .version('1.2.0');
+    .version('1.3.0');
 const parseIntArg = (v) => parseInt(v, 10);
 // ---------------------------------------------------------------------------
 // Helper: load config from file, or fall back to default (cwd as single project)
@@ -146,7 +146,48 @@ program
     }
     // Embedding API model name (loaded in background with other models)
     const embeddingApiModelName = mc.server.embeddingApi?.enabled ? '__server__' : undefined;
-    // Start HTTP server immediately (before models are loaded)
+    // Load models and index all projects before starting HTTP
+    // Load embedding API model if enabled
+    if (embeddingApiModelName) {
+        try {
+            await (0, embedder_1.loadModel)(mc.server.model, mc.server.embedding, mc.server.modelsDir, embeddingApiModelName);
+            process.stderr.write(`[serve] Embedding API model ready\n`);
+        }
+        catch (err) {
+            process.stderr.write(`[serve] Failed to load embedding API model: ${err}\n`);
+        }
+    }
+    // Load workspace models
+    for (const wsId of manager.listWorkspaces()) {
+        try {
+            await manager.loadWorkspaceModels(wsId);
+        }
+        catch (err) {
+            process.stderr.write(`[serve] Failed to load workspace "${wsId}" models: ${err}\n`);
+        }
+    }
+    // Load project models and start indexing
+    for (const id of manager.listProjects()) {
+        try {
+            await manager.loadModels(id);
+            await manager.startIndexing(id);
+        }
+        catch (err) {
+            process.stderr.write(`[serve] Failed to initialize project "${id}": ${err}\n`);
+        }
+    }
+    // Start workspace mirror watchers (after all projects are indexed)
+    for (const wsId of manager.listWorkspaces()) {
+        try {
+            await manager.startWorkspaceMirror(wsId);
+        }
+        catch (err) {
+            process.stderr.write(`[serve] Failed to start workspace "${wsId}" mirror: ${err}\n`);
+        }
+    }
+    // Start auto-save
+    manager.startAutoSave();
+    // Start HTTP server (all models loaded, all projects indexed)
     const httpServer = await (0, index_1.startMultiProjectHttpServer)(host, port, sessionTimeoutMs, manager, {
         serverConfig: mc.server,
         users: mc.users,
@@ -158,52 +199,6 @@ program
         openSockets.add(socket);
         socket.on('close', () => openSockets.delete(socket));
     });
-    // Start auto-save
-    manager.startAutoSave();
-    // Load models and start indexing in background (workspaces first, then projects)
-    async function initProjects() {
-        // Load embedding API model if enabled
-        if (embeddingApiModelName) {
-            try {
-                await (0, embedder_1.loadModel)(mc.server.model, mc.server.embedding, mc.server.modelsDir, embeddingApiModelName);
-                process.stderr.write(`[serve] Embedding API model ready\n`);
-            }
-            catch (err) {
-                process.stderr.write(`[serve] Failed to load embedding API model: ${err}\n`);
-            }
-        }
-        // Load workspace models
-        for (const wsId of manager.listWorkspaces()) {
-            try {
-                await manager.loadWorkspaceModels(wsId);
-            }
-            catch (err) {
-                process.stderr.write(`[serve] Failed to load workspace "${wsId}" models: ${err}\n`);
-            }
-        }
-        // Load project models and start indexing
-        for (const id of manager.listProjects()) {
-            try {
-                await manager.loadModels(id);
-                await manager.startIndexing(id);
-            }
-            catch (err) {
-                process.stderr.write(`[serve] Failed to initialize project "${id}": ${err}\n`);
-            }
-        }
-        // Start workspace mirror watchers (after all projects are indexed)
-        for (const wsId of manager.listWorkspaces()) {
-            try {
-                await manager.startWorkspaceMirror(wsId);
-            }
-            catch (err) {
-                process.stderr.write(`[serve] Failed to start workspace "${wsId}" mirror: ${err}\n`);
-            }
-        }
-    }
-    initProjects().catch((err) => {
-        process.stderr.write(`[serve] Init error: ${err}\n`);
-    });
     let shuttingDown = false;
     async function shutdown() {
         if (shuttingDown) {
@@ -320,13 +315,28 @@ usersCmd
             process.stderr.write('Passwords do not match\n');
             process.exit(1);
         }
+        // Validate inputs
+        if (/[\x00-\x1f\x7f]/.test(name)) {
+            process.stderr.write('Name contains invalid characters\n');
+            process.exit(1);
+        }
+        if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
+            process.stderr.write('Invalid email format\n');
+            process.exit(1);
+        }
+        if (password.length > 256) {
+            process.stderr.write('Password too long (max 256)\n');
+            process.exit(1);
+        }
         const pwHash = await (0, jwt_1.hashPassword)(password);
         const apiKey = `mgm-${crypto_1.default.randomBytes(24).toString('base64url')}`;
-        // Build YAML block for the new user
+        // Build YAML block for the new user — escape quotes to prevent YAML injection
+        const safeName = name.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
+        const safeEmail = email.replace(/\\/g, '\\\\').replace(/"/g, '\\"');
         const userBlock = [
             `  ${id}:`,
-            `    name: "${name}"`,
-            `    email: "${email}"`,
+            `    name: "${safeName}"`,
+            `    email: "${safeEmail}"`,
             `    apiKey: "${apiKey}"`,
             `    passwordHash: "${pwHash}"`,
         ].join('\n');

package/dist/cli/indexer.js

@@ -19,31 +19,51 @@ const skill_1 = require("../graphs/skill");
 const file_index_1 = require("../graphs/file-index");
 function createProjectIndexer(docGraph, codeGraph, config, knowledgeGraph, fileIndexGraph, taskGraph, skillGraph) {
     // Three independent serial queues — docs, code, and file index.
-    let docsQueue = Promise.resolve();
-    let codeQueue = Promise.resolve();
-    let fileQueue = Promise.resolve();
-    // Error tracking
-    let docErrors = 0;
-    let codeErrors = 0;
-    let fileErrors = 0;
-    function enqueueDoc(fn) {
-        docsQueue = docsQueue.then(fn).catch((err) => {
-            docErrors++;
-            process.stderr.write(`[indexer] Doc error: ${err}\n`);
-        });
-    }
-    function enqueueCode(fn) {
-        codeQueue = codeQueue.then(fn).catch((err) => {
-            codeErrors++;
-            process.stderr.write(`[indexer] Code error: ${err}\n`);
-        });
-    }
-    function enqueueFile(fn) {
-        fileQueue = fileQueue.then(fn).catch((err) => {
-            fileErrors++;
-            process.stderr.write(`[indexer] File index error: ${err}\n`);
-        });
+    // Array-based to avoid promise chain memory accumulation during scan.
+    function createSerialQueue(label) {
+        const pending = [];
+        let running = false;
+        let errors = 0;
+        let idleResolve = null;
+        let idlePromise = Promise.resolve();
+        async function pump() {
+            running = true;
+            while (pending.length > 0) {
+                const fn = pending.shift();
+                try {
+                    await fn();
+                }
+                catch (err) {
+                    errors++;
+                    process.stderr.write(`[indexer] ${label} error: ${err}\n`);
+                }
+            }
+            running = false;
+            if (idleResolve) {
+                idleResolve();
+                idleResolve = null;
+            }
+        }
+        return {
+            enqueue(fn) {
+                pending.push(fn);
+                if (!running) {
+                    idlePromise = new Promise(r => { idleResolve = r; });
+                    void pump();
+                }
+            },
+            waitIdle() {
+                return (pending.length === 0 && !running) ? Promise.resolve() : idlePromise;
+            },
+            get errors() { return errors; },
+        };
     }
+    const docsQueue = createSerialQueue('Doc');
+    const codeQueue = createSerialQueue('Code');
+    const fileQueue = createSerialQueue('File index');
+    function enqueueDoc(fn) { docsQueue.enqueue(fn); }
+    function enqueueCode(fn) { codeQueue.enqueue(fn); }
+    function enqueueFile(fn) { fileQueue.enqueue(fn); }
     // ---------------------------------------------------------------------------
     // Per-file indexing
     // ---------------------------------------------------------------------------
@@ -126,7 +146,16 @@ function createProjectIndexer(docGraph, codeGraph, config, knowledgeGraph, fileI
         const parsed = await (0, code_1.parseCodeFile)(absolutePath, config.projectDir, mtime);
         // Batch-embed all symbols + file-level in one forward pass
         const batchInputs = parsed.nodes.map(({ attrs }) => ({ title: attrs.signature, content: attrs.docComment }));
-        batchInputs.push({ title: fileId, content: '' });
+        // File-level embedding: path + exported symbol names + import summary
+        const fileNode = parsed.nodes.find(n => n.attrs.kind === 'file');
+        const exportedNames = parsed.nodes
+            .filter(n => n.attrs.isExported && n.attrs.kind !== 'file')
+            .map(n => n.attrs.name);
+        const fileEmbedTitle = exportedNames.length > 0
+            ? `${fileId} ${exportedNames.join(' ')}`
+            : fileId;
+        const fileEmbedContent = fileNode?.attrs.body ?? ''; // body = importSummary for file nodes
+        batchInputs.push({ title: fileEmbedTitle, content: fileEmbedContent });
         const embeddings = await (0, embedder_1.embedBatch)(batchInputs, config.codeModelName);
         for (let i = 0; i < parsed.nodes.length; i++) {
             parsed.nodes[i].attrs.embedding = embeddings[i];
@@ -252,7 +281,7 @@ function createProjectIndexer(docGraph, codeGraph, config, knowledgeGraph, fileI
         }, '**/*', allExcludePatterns.length > 0 ? allExcludePatterns : undefined);
     }
     async function drain() {
-        await Promise.all([docsQueue, codeQueue, fileQueue]);
+        await Promise.all([docsQueue.waitIdle(), codeQueue.waitIdle(), fileQueue.waitIdle()]);
         if (fileIndexGraph)
             (0, file_index_1.rebuildDirectoryStats)(fileIndexGraph);
         // Resolve cross-file edges that were deferred during indexing
@@ -265,10 +294,13 @@ function createProjectIndexer(docGraph, codeGraph, config, knowledgeGraph, fileI
             const codeImports = (0, code_2.resolvePendingImports)(codeGraph);
             if (codeImports > 0)
                 process.stderr.write(`[indexer] Resolved ${codeImports} deferred code import edge(s)\n`);
+            const codeEdges = (0, code_2.resolvePendingEdges)(codeGraph);
+            if (codeEdges > 0)
+                process.stderr.write(`[indexer] Resolved ${codeEdges} deferred code extends/implements edge(s)\n`);
         }
-        const totalErrors = docErrors + codeErrors + fileErrors;
+        const totalErrors = docsQueue.errors + codeQueue.errors + fileQueue.errors;
         if (totalErrors > 0) {
-            process.stderr.write(`[indexer] Completed with ${totalErrors} error(s): docs=${docErrors}, code=${codeErrors}, files=${fileErrors}\n`);
+            process.stderr.write(`[indexer] Completed with ${totalErrors} error(s): docs=${docsQueue.errors}, code=${codeQueue.errors}, files=${fileQueue.errors}\n`);
         }
     }
     return { scan, watch, drain };