@sdsrs/code-graph 0.67.0 → 0.69.0

package/claude-plugin/.claude-plugin/plugin.json

@@ -4,7 +4,7 @@
   "author": {
     "name": "sdsrs"
   },
-  "version": "0.67.0",
+  "version": "0.69.0",
   "keywords": [
     "code-graph",
     "ast",

package/claude-plugin/scripts/pre-grep-guide.js

@@ -65,10 +65,20 @@ const SRC_PATH = new RegExp(`(?:^|\\s|["'])(${SRC_PREFIXES})/`);
 const SRC_PATH_TOKEN = new RegExp(`^(?:\\./)?(${SRC_PREFIXES})/`);
 const PIPE_INTO_GREP = /\|\s*(?:grep|rg|ag)\b/;
 const CG_INVOKED = /\bcode-graph-mcp\b/;
-// A file argument that ends in a config/lockfile extension AND no source-tree
-// path appears elsewhere → grep is searching config, not code.
-const CONFIG_TARGET_ONLY =
-  /(?:^|\s)[^\s|<>]*\.(toml|md|json|yml|yaml|lock|txt|cfg|env|gitignore|properties)(?:\s|$)/i;
+// File argument(s) that end in a config/lockfile/data extension. If, after removing
+// ALL of them, no source-tree path remains, the grep is searching config/data not code.
+// v0.69 floor-hardening: (a) extended the extension list (ini/conf/xml/log/csv) and
+// (b) made the strip GLOBAL so multiple data files (`grep X src/a.json src/b.json`) all
+// peel off — previously only the first did, leaving the 2nd's `src/`-prefixed path to
+// false-match SRC_PATH and fire. cg has no structural answer for these, so a deny is
+// friction-without-value that teaches CODE_GRAPH_NO_BLOCK_GREP bypass (2026-06-23 reach
+// audit: the unreached ~75% of greps are genuinely non-foldable — keep precision).
+const NON_SOURCE_EXTS =
+  'toml|md|json|yml|yaml|lock|txt|cfg|env|gitignore|properties|ini|conf|xml|log|csv';
+const CONFIG_TARGET_ONLY = new RegExp(`(?:^|\\s)[^\\s|<>]*\\.(?:${NON_SOURCE_EXTS})(?:\\s|$)`, 'i');
+// Global + trailing-lookahead variant for the strip: lookahead (not consume) so adjacent
+// data-file tokens both match; global so every one is peeled before the SRC_PATH re-check.
+const CONFIG_TARGET_STRIP = new RegExp(`(?:^|\\s)[^\\s|<>]*\\.(?:${NON_SOURCE_EXTS})(?=\\s|$)`, 'gi');
 
 function shouldHint(cmd) {
   if (!cmd || typeof cmd !== 'string') return false;
@@ -79,7 +89,7 @@ function shouldHint(cmd) {
   if (!SRC_PATH.test(cmd)) return false;           // not against indexed source tree
   // If a config file appears AND no source path remains after stripping it, skip.
   if (CONFIG_TARGET_ONLY.test(cmd)) {
-    const stripped = cmd.replace(CONFIG_TARGET_ONLY, ' ');
+    const stripped = cmd.replace(CONFIG_TARGET_STRIP, ' ');
     if (!SRC_PATH.test(stripped)) return false;
   }
   return true;

package/claude-plugin/scripts/pre-grep-guide.test.js

@@ -108,6 +108,42 @@ test('shouldHint: grep on a markdown changelog', () => {
   assert.equal(shouldHint('grep "v0.24" CHANGELOG.md'), false);
 });
 
+// ── Floor (v0.69 hardening): non-foldable greps must NEVER deny/hint ──
+// cg has no structural answer for these → a deny is friction-without-value that teaches
+// CODE_GRAPH_NO_BLOCK_GREP bypass. 2026-06-23 reach audit: foldability (~24%) ≈
+// interception (24%), so the floor (precision) is the lever — not reach expansion.
+
+test('floor: grep on an external / non-indexed dir (/tmp clone) never fires', () => {
+  assert.equal(shouldHint('grep -rn "FooBar" /tmp/openwolf-analysis'), false);
+  assert.equal(shouldBlock('grep -rn "FooBar" /tmp/openwolf-analysis'), false);
+});
+
+test('floor: external path with an embedded src/ segment never fires', () => {
+  // SRC_PATH only matches a prefix at ^|\s|quote — `/tmp/clone/src/` is not a project path.
+  assert.equal(shouldHint('grep -rn "FooBar" /tmp/clone/src/'), false);
+});
+
+test('floor: a non-source data file (.log) under src/ never fires', () => {
+  assert.equal(shouldHint('grep "ErrorHandler" src/fixtures/app.log'), false);
+  assert.equal(shouldBlock('grep "ErrorHandler" src/fixtures/app.log'), false);
+});
+
+test('floor: ini/conf/xml/csv data files under src/ never fire', () => {
+  assert.equal(shouldHint('grep "FooBar" src/config.ini'), false);
+  assert.equal(shouldHint('grep "FooBar" src/app.conf'), false);
+  assert.equal(shouldHint('grep "FooBar" src/data.xml'), false);
+  assert.equal(shouldHint('grep "FooBar" src/rows.csv'), false);
+});
+
+test('floor: multiple config files under a src prefix all peel off → skip', () => {
+  // global strip (v0.69): pre-fix only the first .json peeled, the 2nd false-matched SRC_PATH.
+  assert.equal(shouldHint('grep "FooBar" src/a.json src/b.json'), false);
+});
+
+test('floor: mixed target (data file + real source file) STILL fires (no foldable miss)', () => {
+  assert.equal(shouldHint('grep -rn "FooBar" src/app.log src/handler.rs'), true);
+});
+
 // ── Should NOT fire: not search tools ───────────────────────────────
 
 test('shouldHint: ls src/', () => {

package/claude-plugin/scripts/session-init.js

@@ -531,6 +531,9 @@ function injectProjectMap() {
       timeout: 5000,
       encoding: 'utf8',
       stdio: ['pipe', 'pipe', 'pipe'],
+      // Hook-internal delivery, not a model conversion — keep record_cli_use from
+      // logging this `map` run as a phantom `use` (mirror injectRecentImpact's affected call).
+      env: { ...process.env, CODE_GRAPH_INTERNAL: '1' },
     });
 
     if (output && output.trim()) {

package/claude-plugin/scripts/session-init.test.js

@@ -347,3 +347,15 @@ test('consistencyCheck returns version-mismatch when versions differ', (t) => {
   assert.ok(versionIssue.msg.includes('0.0.1'));
 });
 
+test('injectProjectMap map call carries CODE_GRAPH_INTERNAL (delivery, not a model conversion)', () => {
+  // injectProjectMap runs `code-graph-mcp map --compact` to inject the project map.
+  // That run is a hook-internal delivery — it must carry the internal marker so
+  // record_cli_use (src/cli.rs) does not log it as a phantom model `use` event
+  // (the 2026-06-23 mem audit found this leak class; the sibling affected call was
+  // already guarded). Asserted at source level because injectProjectMap is not exported.
+  const src = fs.readFileSync(path.join(__dirname, 'session-init.js'), 'utf8');
+  const i = src.indexOf("['map', '--compact']");
+  assert.ok(i >= 0, 'map injection present');
+  assert.match(src.slice(i, i + 420), /CODE_GRAPH_INTERNAL:\s*'1'/);
+});
+

package/claude-plugin/scripts/user-prompt-context.js

@@ -374,6 +374,15 @@ function determineQueryType(intents, symbols, filePaths, isCoolingDownFn, messag
   return null;
 }
 
+// Hook-internal CLI runs are PUSH deliveries, not model-initiated conversions.
+// Tagging them CODE_GRAPH_INTERNAL=1 keeps record_cli_use (src/cli.rs) from
+// logging them as `use` events — otherwise this hook's own injected callgraph/
+// overview/search results read back as genuine consumer adoption (2026-06-23 mem
+// audit: 100 phantom "model CLI calls" were this hook crediting its own deliveries).
+function buildRunEnv(base = process.env) {
+  return { ...base, CODE_GRAPH_INTERNAL: '1' };
+}
+
 // --- Main execution (only when run directly) ---
 // All exit-on-condition checks (manifest, computeQuietHooks, message length,
 // db presence) live INSIDE this guard so `require()` from tests doesn't
@@ -454,6 +463,7 @@ function runMain() {
       timeout: 3000,
       encoding: 'utf8',
       stdio: ['pipe', 'pipe', 'pipe'],
+      env: buildRunEnv(),
     });
   }
 
@@ -477,4 +487,4 @@ if (require.main === module) {
   runMain();
 }
 
-module.exports = { shouldSkip, extractFilePaths, extractSymbols, detectIntents, scoreIntent, INTENT_PATTERNS, INTENT_THRESHOLD, determineQueryType, computeQuietHooks, STOP_WORDS, PLAIN_WORD_EXCLUDE, hasSymptom, SYMPTOM_PATTERNS };
+module.exports = { shouldSkip, extractFilePaths, extractSymbols, detectIntents, scoreIntent, INTENT_PATTERNS, INTENT_THRESHOLD, determineQueryType, computeQuietHooks, STOP_WORDS, PLAIN_WORD_EXCLUDE, hasSymptom, SYMPTOM_PATTERNS, buildRunEnv };

package/claude-plugin/scripts/user-prompt-context.test.js

@@ -14,6 +14,7 @@ const {
   INTENT_THRESHOLD,
   determineQueryType,
   computeQuietHooks,
+  buildRunEnv,
 } = require('./user-prompt-context');
 
 // ── shouldSkip ──────────────────────────────────────────
@@ -713,3 +714,30 @@ test('integration: Why does this not work? → symptom-hint', () => {
   const r = analyze('Why does this not work?');
   assert.equal(r.query && r.query.type, 'symptom-hint');
 });
+
+// ── buildRunEnv: hook-internal delivery marker (anti phantom-conversion) ──
+
+test('buildRunEnv: tags CODE_GRAPH_INTERNAL=1 so deliveries are not logged as model `use`', () => {
+  const env = buildRunEnv({ PATH: '/usr/bin', HOME: '/home/x' });
+  assert.equal(env.CODE_GRAPH_INTERNAL, '1');
+  // preserves the base env (binary still resolves on PATH, cwd inherited, etc.)
+  assert.equal(env.PATH, '/usr/bin');
+  assert.equal(env.HOME, '/home/x');
+});
+
+test('buildRunEnv: defaults to process.env when no base given', () => {
+  const env = buildRunEnv();
+  assert.equal(env.CODE_GRAPH_INTERNAL, '1');
+});
+
+test('run() wires buildRunEnv() into execFileSync (no phantom use-event leak)', () => {
+  // run() lives inside runMain() (the file top-level-executes on require), so assert
+  // the wiring at the source level: every code-graph-mcp invocation this hook makes
+  // must carry the internal marker, else its PUSH injections read back as model
+  // adoption (the 2026-06-23 mem audit: 100 phantom "model CLI calls"). Mirrors the
+  // cg-answer.js / pre-edit-guide.js internal-env guard.
+  const src = fs.readFileSync(path.join(__dirname, 'user-prompt-context.js'), 'utf8');
+  const i = src.indexOf('function run(');
+  assert.ok(i >= 0, 'run() helper present');
+  assert.match(src.slice(i, i + 320), /env:\s*buildRunEnv\(\)/);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sdsrs/code-graph",
-  "version": "0.67.0",
+  "version": "0.69.0",
   "description": "MCP server that indexes codebases into an AST knowledge graph with semantic search, call graph traversal, and HTTP route tracing",
   "license": "MIT",
   "repository": {
@@ -35,10 +35,10 @@
     "node": ">=16"
   },
   "optionalDependencies": {
-    "@sdsrs/code-graph-linux-x64": "0.67.0",
-    "@sdsrs/code-graph-linux-arm64": "0.67.0",
-    "@sdsrs/code-graph-darwin-x64": "0.67.0",
-    "@sdsrs/code-graph-darwin-arm64": "0.67.0",
-    "@sdsrs/code-graph-win32-x64": "0.67.0"
+    "@sdsrs/code-graph-linux-x64": "0.69.0",
+    "@sdsrs/code-graph-linux-arm64": "0.69.0",
+    "@sdsrs/code-graph-darwin-x64": "0.69.0",
+    "@sdsrs/code-graph-darwin-arm64": "0.69.0",
+    "@sdsrs/code-graph-win32-x64": "0.69.0"
   }
 }