@graphmemory/server 1.2.0 → 1.3.1

package/dist/lib/defaults.js

@@ -0,0 +1,78 @@
+"use strict";
+/**
+ * Central named constants for all tunable values.
+ * Import from here instead of hardcoding magic numbers.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.WIKI_MAX_DEPTH = exports.DEFAULT_EMBEDDING_CACHE_SIZE = exports.MIRROR_MTIME_TOLERANCE_MS = exports.MIRROR_MAX_ENTRIES = exports.MIRROR_STALE_MS = exports.ERROR_BODY_LIMIT = exports.GRACEFUL_SHUTDOWN_TIMEOUT_MS = exports.SESSION_SWEEP_INTERVAL_MS = exports.RATE_LIMIT_WINDOW_MS = exports.REMOTE_BASE_DELAY_MS = exports.REMOTE_MAX_RETRIES = exports.WS_DEBOUNCE_MS = exports.AUTO_SAVE_INTERVAL_MS = exports.MAX_PASSWORD_LEN = exports.MAX_ATTACHMENT_FILENAME_LEN = exports.MAX_PROJECT_ID_LEN = exports.MAX_LINK_KIND_LEN = exports.MAX_TARGET_NODE_ID_LEN = exports.MAX_SKILL_TRIGGERS_COUNT = exports.MAX_SKILL_TRIGGER_LEN = exports.MAX_SKILL_STEPS_COUNT = exports.MAX_SKILL_STEP_LEN = exports.MAX_ASSIGNEE_LEN = exports.MAX_DESCRIPTION_LEN = exports.MAX_SEARCH_TOP_K = exports.MAX_SEARCH_QUERY_LEN = exports.MAX_TAGS_COUNT = exports.MAX_TAG_LEN = exports.MAX_NOTE_CONTENT_LEN = exports.MAX_TITLE_LEN = exports.INDEXER_PREVIEW_LEN = exports.CONTENT_PREVIEW_LEN = exports.LIST_LIMIT_LARGE = exports.LIST_LIMIT_SMALL = exports.SIGNATURE_MAX_LEN = exports.MAX_UPLOAD_SIZE = exports.MAX_BODY_SIZE = exports.BM25_BODY_MAX_CHARS = exports.FILE_SEARCH_TOP_K = exports.SEARCH_MIN_SCORE_FILES = exports.SEARCH_MIN_SCORE_CODE = exports.SEARCH_MIN_SCORE = exports.SEARCH_BFS_DECAY = exports.SEARCH_MAX_RESULTS = exports.SEARCH_BFS_DEPTH = exports.SEARCH_TOP_K = exports.RRF_K = exports.BM25_IDF_OFFSET = exports.BM25_B = exports.BM25_K1 = void 0;
+// ---------------------------------------------------------------------------
+// Search — BM25, RRF, BFS
+// ---------------------------------------------------------------------------
+exports.BM25_K1 = 1.2;
+exports.BM25_B = 0.75;
+exports.BM25_IDF_OFFSET = 0.5;
+exports.RRF_K = 60;
+exports.SEARCH_TOP_K = 5;
+exports.SEARCH_BFS_DEPTH = 1;
+exports.SEARCH_MAX_RESULTS = 20;
+exports.SEARCH_BFS_DECAY = 0.8;
+exports.SEARCH_MIN_SCORE = 0.5;
+exports.SEARCH_MIN_SCORE_CODE = 0.3;
+exports.SEARCH_MIN_SCORE_FILES = 0.3;
+exports.FILE_SEARCH_TOP_K = 10;
+exports.BM25_BODY_MAX_CHARS = 2000;
+// ---------------------------------------------------------------------------
+// Limits — sizes, counts, truncation
+// ---------------------------------------------------------------------------
+exports.MAX_BODY_SIZE = 10 * 1024 * 1024; // 10 MB
+exports.MAX_UPLOAD_SIZE = 50 * 1024 * 1024; // 50 MB (multer)
+exports.SIGNATURE_MAX_LEN = 300;
+exports.LIST_LIMIT_SMALL = 20;
+exports.LIST_LIMIT_LARGE = 50;
+exports.CONTENT_PREVIEW_LEN = 500;
+exports.INDEXER_PREVIEW_LEN = 200;
+// ---------------------------------------------------------------------------
+// Validation — REST API schema limits
+// ---------------------------------------------------------------------------
+exports.MAX_TITLE_LEN = 500;
+exports.MAX_NOTE_CONTENT_LEN = 1_000_000;
+exports.MAX_TAG_LEN = 100;
+exports.MAX_TAGS_COUNT = 100;
+exports.MAX_SEARCH_QUERY_LEN = 2000;
+exports.MAX_SEARCH_TOP_K = 500;
+exports.MAX_DESCRIPTION_LEN = 500_000;
+exports.MAX_ASSIGNEE_LEN = 100;
+exports.MAX_SKILL_STEP_LEN = 10_000;
+exports.MAX_SKILL_STEPS_COUNT = 100;
+exports.MAX_SKILL_TRIGGER_LEN = 500;
+exports.MAX_SKILL_TRIGGERS_COUNT = 50;
+exports.MAX_TARGET_NODE_ID_LEN = 500;
+exports.MAX_LINK_KIND_LEN = 100;
+exports.MAX_PROJECT_ID_LEN = 200;
+exports.MAX_ATTACHMENT_FILENAME_LEN = 255;
+exports.MAX_PASSWORD_LEN = 256;
+// ---------------------------------------------------------------------------
+// Timing — intervals, retries, timeouts
+// ---------------------------------------------------------------------------
+exports.AUTO_SAVE_INTERVAL_MS = 30_000;
+exports.WS_DEBOUNCE_MS = 1000;
+exports.REMOTE_MAX_RETRIES = 3;
+exports.REMOTE_BASE_DELAY_MS = 200;
+exports.RATE_LIMIT_WINDOW_MS = 60_000;
+exports.SESSION_SWEEP_INTERVAL_MS = 60_000;
+exports.GRACEFUL_SHUTDOWN_TIMEOUT_MS = 5000;
+exports.ERROR_BODY_LIMIT = 500;
+// ---------------------------------------------------------------------------
+// Mirror
+// ---------------------------------------------------------------------------
+exports.MIRROR_STALE_MS = 10_000;
+exports.MIRROR_MAX_ENTRIES = 10_000;
+exports.MIRROR_MTIME_TOLERANCE_MS = 100;
+// ---------------------------------------------------------------------------
+// Embedder
+// ---------------------------------------------------------------------------
+exports.DEFAULT_EMBEDDING_CACHE_SIZE = 10_000;
+// ---------------------------------------------------------------------------
+// Parser
+// ---------------------------------------------------------------------------
+exports.WIKI_MAX_DEPTH = 10;

package/dist/lib/embedder.js

@@ -12,10 +12,11 @@ exports.cosineSimilarity = cosineSimilarity;
 const transformers_1 = require("@huggingface/transformers");
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
+const defaults_1 = require("../lib/defaults");
 // ---------------------------------------------------------------------------
 // LRU cache for embedding vectors (avoids re-computing identical texts)
 // ---------------------------------------------------------------------------
-const DEFAULT_CACHE_SIZE = 10_000;
+const DEFAULT_CACHE_SIZE = defaults_1.DEFAULT_EMBEDDING_CACHE_SIZE;
 class LruCache {
     maxSize;
     map = new Map();
@@ -97,26 +98,24 @@ async function loadModel(model, embedding, modelsDir, name = 'default') {
 // ---------------------------------------------------------------------------
 // Remote embedding HTTP client
 // ---------------------------------------------------------------------------
-const REMOTE_MAX_RETRIES = 3;
-const REMOTE_BASE_DELAY_MS = 200;
 async function remoteEmbed(url, texts, apiKey) {
     const headers = { 'Content-Type': 'application/json' };
     if (apiKey)
         headers['Authorization'] = `Bearer ${apiKey}`;
     const body = JSON.stringify({ texts });
-    for (let attempt = 0; attempt < REMOTE_MAX_RETRIES; attempt++) {
+    for (let attempt = 0; attempt < defaults_1.REMOTE_MAX_RETRIES; attempt++) {
         let resp;
         try {
             resp = await fetch(url, { method: 'POST', headers, body });
         }
         catch (err) {
             // Network error — retry
-            if (attempt < REMOTE_MAX_RETRIES - 1) {
-                const delay = REMOTE_BASE_DELAY_MS * 2 ** attempt;
+            if (attempt < defaults_1.REMOTE_MAX_RETRIES - 1) {
+                const delay = defaults_1.REMOTE_BASE_DELAY_MS * 2 ** attempt;
                 await new Promise(r => setTimeout(r, delay));
                 continue;
             }
-            throw new Error(`Remote embed network error after ${REMOTE_MAX_RETRIES} attempts: ${err}`);
+            throw new Error(`Remote embed network error after ${defaults_1.REMOTE_MAX_RETRIES} attempts: ${err}`);
         }
         if (resp.ok) {
             const data = await resp.json();
@@ -124,17 +123,17 @@ async function remoteEmbed(url, texts, apiKey) {
         }
         // Client errors (4xx) — don't retry
         if (resp.status < 500) {
-            const respBody = (await resp.text()).slice(0, 500);
+            const respBody = (await resp.text()).slice(0, defaults_1.ERROR_BODY_LIMIT);
             throw new Error(`Remote embed failed (${resp.status}): ${respBody}`);
         }
         // Server errors (5xx) — retry
-        if (attempt < REMOTE_MAX_RETRIES - 1) {
-            const delay = REMOTE_BASE_DELAY_MS * 2 ** attempt;
+        if (attempt < defaults_1.REMOTE_MAX_RETRIES - 1) {
+            const delay = defaults_1.REMOTE_BASE_DELAY_MS * 2 ** attempt;
             await new Promise(r => setTimeout(r, delay));
             continue;
         }
-        const respBody = (await resp.text()).slice(0, 500);
-        throw new Error(`Remote embed failed after ${REMOTE_MAX_RETRIES} attempts (${resp.status}): ${respBody}`);
+        const respBody = (await resp.text()).slice(0, defaults_1.ERROR_BODY_LIMIT);
+        throw new Error(`Remote embed failed after ${defaults_1.REMOTE_MAX_RETRIES} attempts (${resp.status}): ${respBody}`);
     }
     throw new Error('Remote embed: unreachable');
 }

package/dist/lib/embedding-codec.js

@@ -0,0 +1,63 @@
+"use strict";
+/**
+ * Encode/decode embedding vectors as Base64 for compact JSON serialization.
+ * Float32Array → Base64 string saves ~3x vs JSON number arrays.
+ * Backwards compatible: detects old format (number[]) on load.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.float32ToBase64 = float32ToBase64;
+exports.base64ToFloat32 = base64ToFloat32;
+exports.compressEmbeddings = compressEmbeddings;
+exports.decompressEmbeddings = decompressEmbeddings;
+const EMBEDDING_FIELDS = ['embedding', 'fileEmbedding'];
+/** Convert a number[] to a Base64-encoded Float32Array. */
+function float32ToBase64(arr) {
+    const f32 = new Float32Array(arr);
+    return Buffer.from(f32.buffer).toString('base64');
+}
+/** Convert a Base64-encoded Float32Array back to number[]. */
+function base64ToFloat32(b64) {
+    const buf = Buffer.from(b64, 'base64');
+    // Copy to aligned buffer to guarantee 4-byte alignment for Float32Array
+    const aligned = new Uint8Array(buf.byteLength);
+    aligned.set(new Uint8Array(buf.buffer, buf.byteOffset, buf.byteLength));
+    const f32 = new Float32Array(aligned.buffer, 0, aligned.byteLength / 4);
+    return Array.from(f32);
+}
+/**
+ * Compress embedding fields in a graphology export object (mutates in place).
+ * Converts number[] → Base64 string for fields named 'embedding' or 'fileEmbedding'.
+ */
+function compressEmbeddings(exported) {
+    if (!exported?.nodes)
+        return;
+    for (const node of exported.nodes) {
+        const attrs = node.attributes;
+        if (!attrs)
+            continue;
+        for (const field of EMBEDDING_FIELDS) {
+            if (Array.isArray(attrs[field]) && attrs[field].length > 0) {
+                attrs[field] = float32ToBase64(attrs[field]);
+            }
+        }
+    }
+}
+/**
+ * Decompress embedding fields in a graphology export object (mutates in place).
+ * Converts Base64 string → number[]. Handles both old format (number[]) and new (string).
+ */
+function decompressEmbeddings(exported) {
+    if (!exported?.nodes)
+        return;
+    for (const node of exported.nodes) {
+        const attrs = node.attributes;
+        if (!attrs)
+            continue;
+        for (const field of EMBEDDING_FIELDS) {
+            if (typeof attrs[field] === 'string' && attrs[field].length > 0) {
+                attrs[field] = base64ToFloat32(attrs[field]);
+            }
+            // number[] stays as-is (backwards compatible with old format)
+        }
+    }
+}

package/dist/lib/graph-persistence.js

@@ -0,0 +1,68 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.readJsonWithTmpFallback = readJsonWithTmpFallback;
+const fs = __importStar(require("fs"));
+/**
+ * Try to read and parse a JSON file, falling back to .tmp if main file
+ * is missing or corrupted (recovery from interrupted save).
+ */
+function readJsonWithTmpFallback(file) {
+    const tmp = file + '.tmp';
+    // If main file missing but .tmp exists, recover it
+    if (!fs.existsSync(file) && fs.existsSync(tmp)) {
+        try {
+            fs.renameSync(tmp, file);
+        }
+        catch { /* ignore */ }
+    }
+    if (fs.existsSync(file)) {
+        try {
+            return JSON.parse(fs.readFileSync(file, 'utf-8'));
+        }
+        catch {
+            // Main file corrupted — try .tmp as fallback
+            if (fs.existsSync(tmp)) {
+                try {
+                    const data = JSON.parse(fs.readFileSync(tmp, 'utf-8'));
+                    process.stderr.write(`[graph] Recovered from .tmp file: ${file}\n`);
+                    return data;
+                }
+                catch { /* .tmp also bad */ }
+            }
+        }
+    }
+    return null;
+}

package/dist/lib/jwt.js

@@ -85,15 +85,15 @@ function parseTtl(ttl) {
 }
 function signAccessToken(userId, secret, ttl) {
     const payload = { userId, type: 'access' };
-    return jsonwebtoken_1.default.sign(payload, secret, { expiresIn: parseTtl(ttl) });
+    return jsonwebtoken_1.default.sign(payload, secret, { algorithm: 'HS256', expiresIn: parseTtl(ttl) });
 }
 function signRefreshToken(userId, secret, ttl) {
     const payload = { userId, type: 'refresh' };
-    return jsonwebtoken_1.default.sign(payload, secret, { expiresIn: parseTtl(ttl) });
+    return jsonwebtoken_1.default.sign(payload, secret, { algorithm: 'HS256', expiresIn: parseTtl(ttl) });
 }
 function verifyToken(token, secret) {
     try {
-        const decoded = jsonwebtoken_1.default.verify(token, secret);
+        const decoded = jsonwebtoken_1.default.verify(token, secret, { algorithms: ['HS256'] });
         if (!decoded.userId || !decoded.type)
             return null;
         return { userId: decoded.userId, type: decoded.type };
@@ -108,7 +108,7 @@ function verifyToken(token, secret) {
 const ACCESS_COOKIE = 'mgm_access';
 const REFRESH_COOKIE = 'mgm_refresh';
 function setAuthCookies(res, accessToken, refreshToken, accessTtl, refreshTtl) {
-    const secure = process.env.NODE_ENV === 'production';
+    const secure = process.env.NODE_ENV !== 'development';
     res.cookie(ACCESS_COOKIE, accessToken, {
         httpOnly: true,
         secure,

package/dist/lib/mirror-watcher.js

@@ -45,6 +45,7 @@ const chokidar_1 = __importDefault(require("chokidar"));
 const file_import_1 = require("./file-import");
 const events_log_1 = require("./events-log");
 const frontmatter_1 = require("./frontmatter");
+const defaults_1 = require("../lib/defaults");
 /**
  * Tracks recent mirror writes to suppress re-import (feedback loop prevention).
  * When mirrorNote/mirrorTask writes a file, the watcher will fire —
@@ -53,8 +54,8 @@ const frontmatter_1 = require("./frontmatter");
 class MirrorWriteTracker {
     /** Map from filePath → { mtimeMs (for comparison), recordedAt (for eviction) } */
     recentWrites = new Map();
-    static STALE_MS = 10_000; // entries older than 10s are stale
-    static MAX_ENTRIES = 10_000;
+    static STALE_MS = defaults_1.MIRROR_STALE_MS;
+    static MAX_ENTRIES = defaults_1.MIRROR_MAX_ENTRIES;
     /** Called by mirrorNote/mirrorTask after writing a file. */
     recordWrite(filePath) {
         try {
@@ -76,7 +77,7 @@ class MirrorWriteTracker {
             const stat = fs.statSync(filePath, { throwIfNoEntry: false });
             if (!stat)
                 return false;
-            if (Math.abs(stat.mtimeMs - recorded.mtimeMs) < 100) {
+            if (Math.abs(stat.mtimeMs - recorded.mtimeMs) < defaults_1.MIRROR_MTIME_TOLERANCE_MS) {
                 this.recentWrites.delete(filePath);
                 return true;
             }

package/dist/lib/multi-config.js

@@ -50,6 +50,7 @@ const userSchema = zod_1.z.object({
 });
 const graphConfigSchema = zod_1.z.object({
     enabled: zod_1.z.boolean().optional(),
+    readonly: zod_1.z.boolean().optional(),
     include: zod_1.z.string().optional(),
     exclude: excludeSchema,
     model: modelConfigSchema.optional(),
@@ -98,7 +99,7 @@ const serverSchema = zod_1.z.object({
     embeddingApi: embeddingApiSchema.optional(),
     defaultAccess: accessLevelSchema.optional(),
     access: accessMapSchema,
-    jwtSecret: zod_1.z.string().optional(),
+    jwtSecret: zod_1.z.string().min(16).optional(),
     accessTokenTtl: zod_1.z.string().optional(),
     refreshTokenTtl: zod_1.z.string().optional(),
     rateLimit: rateLimitSchema.optional(),
@@ -107,6 +108,7 @@ const serverSchema = zod_1.z.object({
 });
 const wsGraphConfigSchema = zod_1.z.object({
     enabled: zod_1.z.boolean().optional(),
+    readonly: zod_1.z.boolean().optional(),
     exclude: excludeSchema,
     model: modelConfigSchema.optional(),
     embedding: embeddingConfigSchema.optional(),
@@ -301,6 +303,7 @@ function loadMultiConfig(yamlPath) {
             const graphExclude = [...projectExclude, ...parseExclude(gc?.exclude)];
             graphConfigs[gn] = {
                 enabled: gc?.enabled ?? true,
+                readonly: gc?.readonly ?? false,
                 include: gc?.include ?? (gn === 'docs' ? PROJECT_DEFAULTS.docsInclude : gn === 'code' ? PROJECT_DEFAULTS.codeInclude : undefined),
                 exclude: graphExclude,
                 model: resolveModel(gc?.model, projectModel),
@@ -348,6 +351,7 @@ function loadMultiConfig(yamlPath) {
                 const gc = rawGraphs[gn];
                 graphConfigs[gn] = {
                     enabled: gc?.enabled ?? true,
+                    readonly: gc?.readonly ?? false,
                     exclude: [...wsExclude, ...parseExclude(gc?.exclude)],
                     model: resolveModel(gc?.model, wsModel),
                     embedding: resolveEmbedding(gc?.embedding, wsEmbedding),
@@ -418,6 +422,7 @@ function defaultConfig(projectDir) {
     for (const gn of exports.GRAPH_NAMES) {
         graphConfigs[gn] = {
             enabled: true,
+            readonly: false,
             include: gn === 'docs' ? PROJECT_DEFAULTS.docsInclude : gn === 'code' ? PROJECT_DEFAULTS.codeInclude : undefined,
             exclude: [...server.exclude],
             model: MODEL_DEFAULTS,

package/dist/lib/parsers/code.js

@@ -3,43 +3,157 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.clearPathMappingsCache = clearPathMappingsCache;
 exports.parseCodeFile = parseCodeFile;
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
 const languages_1 = require("../../lib/parsers/languages");
 const file_lang_1 = require("../../graphs/file-lang");
+// Strip line and block comments from JSONC, preserving string contents.
+function stripJsoncComments(text) {
+    let result = '';
+    let i = 0;
+    while (i < text.length) {
+        // String literal — copy verbatim
+        if (text[i] === '"') {
+            const start = i++;
+            while (i < text.length && text[i] !== '"') {
+                if (text[i] === '\\')
+                    i++; // skip escaped char
+                i++;
+            }
+            i++; // closing quote
+            result += text.slice(start, i);
+            // Line comment
+        }
+        else if (text[i] === '/' && text[i + 1] === '/') {
+            while (i < text.length && text[i] !== '\n')
+                i++;
+            // Block comment
+        }
+        else if (text[i] === '/' && text[i + 1] === '*') {
+            i += 2;
+            while (i < text.length && !(text[i] === '*' && text[i + 1] === '/'))
+                i++;
+            i += 2;
+        }
+        else {
+            result += text[i++];
+        }
+    }
+    return result;
+}
 // ---------------------------------------------------------------------------
 // Import resolution — replaces ts-morph's getModuleSpecifierSourceFile()
 // ---------------------------------------------------------------------------
 const RESOLVE_EXTENSIONS = ['.ts', '.tsx', '.js', '.jsx', '.mts', '.cts', '.mjs', '.cjs'];
-/** Resolve a relative import specifier to an absolute file path, or null. */
-function resolveRelativeImport(fromFile, specifier) {
-    const dir = path_1.default.dirname(fromFile);
-    const base = path_1.default.resolve(dir, specifier);
-    // Exact match (e.g. './foo.ts')
+function hasFile(p) {
+    try {
+        return fs_1.default.statSync(p).isFile();
+    }
+    catch {
+        return false;
+    }
+}
+/** Try resolving a base path with extensions and index files. */
+function tryResolve(base) {
     if (hasFile(base))
         return base;
-    // Try adding extensions (e.g. './foo' → './foo.ts')
     for (const ext of RESOLVE_EXTENSIONS) {
-        const candidate = base + ext;
-        if (hasFile(candidate))
-            return candidate;
+        if (hasFile(base + ext))
+            return base + ext;
     }
-    // Try index files (e.g. './foo' → './foo/index.ts')
     for (const ext of RESOLVE_EXTENSIONS) {
-        const candidate = path_1.default.join(base, 'index' + ext);
-        if (hasFile(candidate))
-            return candidate;
+        const idx = path_1.default.join(base, 'index' + ext);
+        if (hasFile(idx))
+            return idx;
     }
     return null;
 }
-function hasFile(p) {
-    try {
-        return fs_1.default.statSync(p).isFile();
+/** Resolve a relative import specifier to an absolute file path, or null. */
+function resolveRelativeImport(fromFile, specifier) {
+    const dir = path_1.default.dirname(fromFile);
+    return tryResolve(path_1.default.resolve(dir, specifier));
+}
+/** Cache: directory → parsed path mappings (null = no tsconfig found up to root). */
+const _pathMappings = new Map();
+/** Clear cached path mappings (call between projects or on config change). */
+function clearPathMappingsCache() { _pathMappings.clear(); }
+/**
+ * Find the nearest tsconfig.json / jsconfig.json walking up from `dir` to `root`.
+ * Cached per directory — each directory remembers its resolved mappings.
+ */
+function findPathMappings(dir, root) {
+    if (_pathMappings.has(dir))
+        return _pathMappings.get(dir);
+    // Try this directory
+    const result = _parseTsConfig(dir);
+    if (result) {
+        _pathMappings.set(dir, result);
+        return result;
     }
-    catch {
-        return false;
+    // Walk up unless we've reached the project root
+    const parent = path_1.default.dirname(dir);
+    if (dir === root || parent === dir) {
+        _pathMappings.set(dir, null);
+        return null;
+    }
+    const parentResult = findPathMappings(parent, root);
+    _pathMappings.set(dir, parentResult);
+    return parentResult;
+}
+function _parseTsConfig(dir) {
+    for (const name of ['tsconfig.json', 'jsconfig.json']) {
+        const configPath = path_1.default.join(dir, name);
+        if (!hasFile(configPath))
+            continue;
+        try {
+            // Strip JSONC comments while preserving string contents
+            const raw = stripJsoncComments(fs_1.default.readFileSync(configPath, 'utf-8'));
+            const config = JSON.parse(raw);
+            const compilerOptions = config.compilerOptions;
+            if (!compilerOptions?.paths)
+                continue;
+            const baseUrl = compilerOptions.baseUrl
+                ? path_1.default.resolve(dir, compilerOptions.baseUrl)
+                : dir;
+            const mappings = [];
+            for (const [pattern, targets] of Object.entries(compilerOptions.paths)) {
+                // Pattern like "@/*" → prefix "@/", or "utils/*" → prefix "utils/"
+                const prefix = pattern.endsWith('/*') ? pattern.slice(0, -1) : pattern;
+                const resolvedTargets = targets
+                    .map(t => {
+                    const target = t.endsWith('/*') ? t.slice(0, -1) : t;
+                    return path_1.default.resolve(baseUrl, target);
+                });
+                mappings.push({ prefix, targets: resolvedTargets });
+            }
+            if (mappings.length > 0)
+                return mappings;
+        }
+        catch {
+            // Malformed config — skip
+        }
+    }
+    return null;
+}
+/** Resolve a path-aliased import (e.g. @/lib/foo) using nearest tsconfig paths. */
+function resolveAliasImport(specifier, fromFile, projectDir) {
+    const fileDir = path_1.default.dirname(fromFile);
+    const mappings = findPathMappings(fileDir, projectDir);
+    if (!mappings)
+        return null;
+    for (const mapping of mappings) {
+        if (specifier.startsWith(mapping.prefix)) {
+            const rest = specifier.slice(mapping.prefix.length);
+            for (const targetDir of mapping.targets) {
+                const resolved = tryResolve(path_1.default.join(targetDir, rest));
+                if (resolved)
+                    return resolved;
+            }
+        }
     }
+    return null;
 }
 // ---------------------------------------------------------------------------
 // Main parser
@@ -62,8 +176,8 @@ async function parseCodeFile(absolutePath, codeDir, mtime) {
         };
     }
     const source = fs_1.default.readFileSync(absolutePath, 'utf-8');
-    const rootNode = await (0, languages_1.parseSource)(source, language);
-    if (!rootNode) {
+    const tree = await (0, languages_1.parseSource)(source, language);
+    if (!tree) {
         return {
             fileId,
             mtime,
@@ -74,17 +188,23 @@ async function parseCodeFile(absolutePath, codeDir, mtime) {
             edges: [],
         };
     }
+    const rootNode = tree.rootNode;
     const mapper = (0, languages_1.getMapper)(language);
-    const symbols = mapper.extractSymbols(rootNode);
-    const edgeInfos = mapper.extractEdges(rootNode);
-    const imports = mapper.extractImports(rootNode);
+    let symbols, edgeInfos, imports, fileDocComment, importSummary, lastLine;
+    try {
+        symbols = mapper.extractSymbols(rootNode);
+        edgeInfos = mapper.extractEdges(rootNode);
+        imports = mapper.extractImports(rootNode);
+        fileDocComment = extractFileDocComment(rootNode);
+        importSummary = buildImportSummary(rootNode);
+        lastLine = (rootNode.endPosition?.row ?? 0) + 1;
+    }
+    finally {
+        tree.delete();
+    }
     const nodes = [];
     const edges = [];
     const fileNodeId = fileId;
-    // --- File root node ---
-    const fileDocComment = extractFileDocComment(rootNode);
-    const importSummary = buildImportSummary(rootNode);
-    const lastLine = (rootNode.endPosition?.row ?? 0) + 1;
     nodes.push({
         id: fileNodeId,
         attrs: makeFileAttrs(fileId, fileDocComment, importSummary, lastLine, mtime),
@@ -147,13 +267,20 @@ async function parseCodeFile(absolutePath, codeDir, mtime) {
     }
     // --- Import edges: file → imported file ---
     for (const imp of imports) {
-        const targetAbsolute = resolveRelativeImport(absolutePath, imp.specifier);
+        let targetAbsolute = null;
+        if (imp.specifier.startsWith('./') || imp.specifier.startsWith('../')) {
+            // Relative import
+            targetAbsolute = resolveRelativeImport(absolutePath, imp.specifier);
+        }
+        else {
+            // Try path alias resolution (e.g. @/lib/foo, ~/utils)
+            targetAbsolute = resolveAliasImport(imp.specifier, absolutePath, codeDir);
+        }
         if (!targetAbsolute)
             continue;
-        const targetRel = path_1.default.relative(codeDir, targetAbsolute);
-        if (targetRel.startsWith('..') || path_1.default.isAbsolute(targetRel))
-            continue;
         const targetFileId = path_1.default.relative(codeDir, targetAbsolute);
+        if (targetFileId.startsWith('..') || path_1.default.isAbsolute(targetFileId))
+            continue;
         if (targetFileId !== fileNodeId) {
             edges.push({
                 from: fileNodeId,

package/dist/lib/parsers/codeblock.js

@@ -6,7 +6,7 @@ const languages_1 = require("../../lib/parsers/languages");
 const TAG_TO_LANGUAGE = {
     ts: 'typescript',
     typescript: 'typescript',
-    tsx: 'typescript',
+    tsx: 'tsx',
     js: 'javascript',
     javascript: 'javascript',
     jsx: 'javascript',
@@ -20,12 +20,17 @@ async function extractSymbols(code, language) {
     if (!lang || !(0, languages_1.isLanguageSupported)(lang))
         return [];
     try {
-        const rootNode = await (0, languages_1.parseSource)(code, lang);
-        if (!rootNode)
+        const tree = await (0, languages_1.parseSource)(code, lang);
+        if (!tree)
             return [];
-        const mapper = (0, languages_1.getMapper)(lang);
-        const symbols = mapper.extractSymbols(rootNode);
-        return symbols.map(s => s.name).filter(Boolean);
+        try {
+            const mapper = (0, languages_1.getMapper)(lang);
+            const symbols = mapper.extractSymbols(tree.rootNode);
+            return symbols.map(s => s.name).filter(Boolean);
+        }
+        finally {
+            tree.delete();
+        }
     }
     catch {
         return [];