npm - @optave/codegraph - Versions diffs - 1.3.0 → 1.4.1 - Mend

@optave/codegraph 1.3.0 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -366,6 +366,7 @@ See **[docs/recommended-practices.md](docs/recommended-practices.md)** for integ
 - **CI/CD** — PR impact comments, threshold gates, graph caching
 - **AI agents** — MCP server, CLAUDE.md templates, Claude Code hooks
 - **Developer workflow** — watch mode, explore-before-you-edit, semantic search
+- **Secure credentials** — `apiKeyCommand` with 1Password, Bitwarden, Vault, macOS Keychain, `pass`
 ## 🔁 CI / GitHub Actions
@@ -395,6 +396,23 @@ Create a `.codegraphrc.json` in your project root to customize behavior:
 }
 ```
+### LLM credentials
+Codegraph supports an `apiKeyCommand` field for secure credential management. Instead of storing API keys in config files or environment variables, you can shell out to a secret manager at runtime:
+```json
+{
+  "llm": {
+    "provider": "openai",
+    "apiKeyCommand": "op read op://vault/openai/api-key"
+  }
+}
+```
+The command is split on whitespace and executed with `execFileSync` (no shell injection risk). Priority: **command output > `CODEGRAPH_LLM_API_KEY` env var > file config**. On failure, codegraph warns and falls back to the next source.
+Works with any secret manager: 1Password CLI (`op`), Bitwarden (`bw`), `pass`, HashiCorp Vault, macOS Keychain (`security`), AWS Secrets Manager, etc.
 ## 📖 Programmatic API
 Codegraph also exports a full API for use in your own tools:
@@ -449,7 +467,7 @@ const { results: fused } = await multiSearchData(
 See **[ROADMAP.md](ROADMAP.md)** for the full development roadmap. Current plan:
 1. ~~**Rust Core**~~ — **Complete** (v1.3.0) — native tree-sitter parsing via napi-rs, parallel multi-core parsing, incremental re-parsing, import resolution & cycle detection in Rust
-2. **Foundation Hardening** — ~~parser registry~~, complete MCP server, test coverage, enhanced config
+2. ~~**Foundation Hardening**~~ — **Complete** (v1.4.0) — parser registry, 11-tool MCP server, test coverage 62%→75%, `apiKeyCommand` secret resolution
 3. **Intelligent Embeddings** — LLM-generated descriptions, hybrid search
 4. **Natural Language Queries** — `codegraph ask` command, conversational sessions
 5. **Expanded Language Support** — 8 new languages (12 → 20)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@optave/codegraph",
-  "version": "1.3.0",
+  "version": "1.4.1",
   "description": "Local code graph CLI — parse codebases with tree-sitter, build dependency graphs, query them",
   "type": "module",
   "main": "src/index.js",
@@ -61,10 +61,10 @@
   "optionalDependencies": {
     "@huggingface/transformers": "^3.8.1",
     "@modelcontextprotocol/sdk": "^1.0.0",
-    "@optave/codegraph-darwin-arm64": "1.3.0",
-    "@optave/codegraph-darwin-x64": "1.3.0",
-    "@optave/codegraph-linux-x64-gnu": "1.3.0",
-    "@optave/codegraph-win32-x64-msvc": "1.3.0"
+    "@optave/codegraph-darwin-arm64": "1.4.1",
+    "@optave/codegraph-darwin-x64": "1.4.1",
+    "@optave/codegraph-linux-x64-gnu": "1.4.1",
+    "@optave/codegraph-win32-x64-msvc": "1.4.1"
   },
   "devDependencies": {
     "@biomejs/biome": "^2.4.4",

package/src/config.js CHANGED Viewed

@@ -1,6 +1,7 @@
+import { execFileSync } from 'node:child_process';
 import fs from 'node:fs';
 import path from 'node:path';
-import { debug } from './logger.js';
+import { debug, warn } from './logger.js';
 export const CONFIG_FILES = ['.codegraphrc.json', '.codegraphrc', 'codegraph.config.json'];
@@ -18,6 +19,10 @@ export const DEFAULTS = {
     defaultDepth: 3,
     defaultLimit: 20,
   },
+  embeddings: { model: 'minilm', llmProvider: null },
+  llm: { provider: null, model: null, baseUrl: null, apiKey: null, apiKeyCommand: null },
+  search: { defaultMinScore: 0.2, rrfK: 60, topK: 15 },
+  ci: { failOnCycles: false, impactThreshold: null },
 };
 /**
@@ -33,13 +38,50 @@ export function loadConfig(cwd) {
         const raw = fs.readFileSync(filePath, 'utf-8');
         const config = JSON.parse(raw);
         debug(`Loaded config from ${filePath}`);
-        return mergeConfig(DEFAULTS, config);
+        return resolveSecrets(applyEnvOverrides(mergeConfig(DEFAULTS, config)));
       } catch (err) {
         debug(`Failed to parse config ${filePath}: ${err.message}`);
       }
     }
   }
-  return { ...DEFAULTS };
+  return resolveSecrets(applyEnvOverrides({ ...DEFAULTS }));
+}
+const ENV_LLM_MAP = {
+  CODEGRAPH_LLM_PROVIDER: 'provider',
+  CODEGRAPH_LLM_API_KEY: 'apiKey',
+  CODEGRAPH_LLM_MODEL: 'model',
+};
+export function applyEnvOverrides(config) {
+  for (const [envKey, field] of Object.entries(ENV_LLM_MAP)) {
+    if (process.env[envKey] !== undefined) {
+      config.llm[field] = process.env[envKey];
+    }
+  }
+  return config;
+}
+export function resolveSecrets(config) {
+  const cmd = config.llm.apiKeyCommand;
+  if (typeof cmd !== 'string' || cmd.trim() === '') return config;
+  const parts = cmd.trim().split(/\s+/);
+  const [executable, ...args] = parts;
+  try {
+    const result = execFileSync(executable, args, {
+      encoding: 'utf-8',
+      timeout: 10_000,
+      maxBuffer: 64 * 1024,
+      stdio: ['ignore', 'pipe', 'pipe'],
+    }).trim();
+    if (result) {
+      config.llm.apiKey = result;
+    }
+  } catch (err) {
+    warn(`apiKeyCommand failed: ${err.message}`);
+  }
+  return config;
 }
 function mergeConfig(defaults, overrides) {

package/src/mcp.js CHANGED Viewed

@@ -66,6 +66,93 @@ const TOOLS = [
       },
     },
   },
+  {
+    name: 'fn_deps',
+    description: 'Show function-level dependency chain: what a function calls and what calls it',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        name: { type: 'string', description: 'Function/method/class name (partial match)' },
+        depth: { type: 'number', description: 'Transitive caller depth', default: 3 },
+        no_tests: { type: 'boolean', description: 'Exclude test files', default: false },
+      },
+      required: ['name'],
+    },
+  },
+  {
+    name: 'fn_impact',
+    description:
+      'Show function-level blast radius: all functions transitively affected by changes to a function',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        name: { type: 'string', description: 'Function/method/class name (partial match)' },
+        depth: { type: 'number', description: 'Max traversal depth', default: 5 },
+        no_tests: { type: 'boolean', description: 'Exclude test files', default: false },
+      },
+      required: ['name'],
+    },
+  },
+  {
+    name: 'diff_impact',
+    description: 'Analyze git diff to find which functions changed and their transitive callers',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        staged: { type: 'boolean', description: 'Analyze staged changes only', default: false },
+        ref: { type: 'string', description: 'Git ref to diff against (default: HEAD)' },
+        depth: { type: 'number', description: 'Transitive caller depth', default: 3 },
+        no_tests: { type: 'boolean', description: 'Exclude test files', default: false },
+      },
+    },
+  },
+  {
+    name: 'semantic_search',
+    description:
+      'Search code symbols by meaning using embeddings (requires prior `codegraph embed`)',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        query: { type: 'string', description: 'Natural language search query' },
+        limit: { type: 'number', description: 'Max results to return', default: 15 },
+        min_score: { type: 'number', description: 'Minimum similarity score (0-1)', default: 0.2 },
+      },
+      required: ['query'],
+    },
+  },
+  {
+    name: 'export_graph',
+    description: 'Export the dependency graph in DOT (Graphviz), Mermaid, or JSON format',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        format: {
+          type: 'string',
+          enum: ['dot', 'mermaid', 'json'],
+          description: 'Export format',
+        },
+        file_level: {
+          type: 'boolean',
+          description: 'File-level graph (true) or function-level (false)',
+          default: true,
+        },
+      },
+      required: ['format'],
+    },
+  },
+  {
+    name: 'list_functions',
+    description:
+      'List functions, methods, and classes in the codebase, optionally filtered by file or name pattern',
+    inputSchema: {
+      type: 'object',
+      properties: {
+        file: { type: 'string', description: 'Filter by file path (partial match)' },
+        pattern: { type: 'string', description: 'Filter by function name (partial match)' },
+        no_tests: { type: 'boolean', description: 'Exclude test files', default: false },
+      },
+    },
+  },
 ];
 export { TOOLS };
@@ -90,9 +177,16 @@ export async function startMCPServer(customDbPath) {
   }
   // Lazy import query functions to avoid circular deps at module load
-  const { queryNameData, impactAnalysisData, moduleMapData, fileDepsData } = await import(
-    './queries.js'
-  );
+  const {
+    queryNameData,
+    impactAnalysisData,
+    moduleMapData,
+    fileDepsData,
+    fnDepsData,
+    fnImpactData,
+    diffImpactData,
+    listFunctionsData,
+  } = await import('./queries.js');
   const require = createRequire(import.meta.url);
   const Database = require('better-sqlite3');
@@ -130,6 +224,78 @@ export async function startMCPServer(customDbPath) {
         case 'module_map':
           result = moduleMapData(dbPath, args.limit || 20);
           break;
+        case 'fn_deps':
+          result = fnDepsData(args.name, dbPath, {
+            depth: args.depth,
+            noTests: args.no_tests,
+          });
+          break;
+        case 'fn_impact':
+          result = fnImpactData(args.name, dbPath, {
+            depth: args.depth,
+            noTests: args.no_tests,
+          });
+          break;
+        case 'diff_impact':
+          result = diffImpactData(dbPath, {
+            staged: args.staged,
+            ref: args.ref,
+            depth: args.depth,
+            noTests: args.no_tests,
+          });
+          break;
+        case 'semantic_search': {
+          const { searchData } = await import('./embedder.js');
+          result = await searchData(args.query, dbPath, {
+            limit: args.limit,
+            minScore: args.min_score,
+          });
+          if (result === null) {
+            return {
+              content: [
+                { type: 'text', text: 'Semantic search unavailable. Run `codegraph embed` first.' },
+              ],
+              isError: true,
+            };
+          }
+          break;
+        }
+        case 'export_graph': {
+          const { exportDOT, exportMermaid, exportJSON } = await import('./export.js');
+          const db = new Database(findDbPath(dbPath), { readonly: true });
+          const fileLevel = args.file_level !== false;
+          switch (args.format) {
+            case 'dot':
+              result = exportDOT(db, { fileLevel });
+              break;
+            case 'mermaid':
+              result = exportMermaid(db, { fileLevel });
+              break;
+            case 'json':
+              result = exportJSON(db);
+              break;
+            default:
+              db.close();
+              return {
+                content: [
+                  {
+                    type: 'text',
+                    text: `Unknown format: ${args.format}. Use dot, mermaid, or json.`,
+                  },
+                ],
+                isError: true,
+              };
+          }
+          db.close();
+          break;
+        }
+        case 'list_functions':
+          result = listFunctionsData(dbPath, {
+            file: args.file,
+            pattern: args.pattern,
+            noTests: args.no_tests,
+          });
+          break;
         default:
           return { content: [{ type: 'text', text: `Unknown tool: ${name}` }], isError: true };
       }

package/src/queries.js CHANGED Viewed

@@ -566,6 +566,36 @@ export function diffImpactData(customDbPath, opts = {}) {
   };
 }
+export function listFunctionsData(customDbPath, opts = {}) {
+  const db = openReadonlyOrFail(customDbPath);
+  const noTests = opts.noTests || false;
+  const kinds = ['function', 'method', 'class'];
+  const placeholders = kinds.map(() => '?').join(', ');
+  const conditions = [`kind IN (${placeholders})`];
+  const params = [...kinds];
+  if (opts.file) {
+    conditions.push('file LIKE ?');
+    params.push(`%${opts.file}%`);
+  }
+  if (opts.pattern) {
+    conditions.push('name LIKE ?');
+    params.push(`%${opts.pattern}%`);
+  }
+  let rows = db
+    .prepare(
+      `SELECT name, kind, file, line FROM nodes WHERE ${conditions.join(' AND ')} ORDER BY file, line`,
+    )
+    .all(...params);
+  if (noTests) rows = rows.filter((r) => !isTestFile(r.file));
+  db.close();
+  return { count: rows.length, functions: rows };
+}
 // ─── Human-readable output (original formatting) ───────────────────────
 export function queryName(name, customDbPath, opts = {}) {

package/src/resolve.js CHANGED Viewed

@@ -12,7 +12,7 @@ import { loadNative } from './native.js';
 export function convertAliasesForNative(aliases) {
   if (!aliases) return null;
   return {
-    baseUrl: aliases.baseUrl || null,
+    baseUrl: aliases.baseUrl || '',
     paths: Object.entries(aliases.paths || {}).map(([pattern, targets]) => ({
       pattern,
       targets,