code-graph-context 1.1.0 → 2.0.1

package/dist/core/config/nestjs-framework-schema.js

@@ -84,6 +84,38 @@ function extractInjectionToken(node) {
     }
     return null;
 }
+/**
+ * Extract constructor parameter types and @Inject tokens for edge detection.
+ * This allows INJECTS detection to work without AST access (for cross-chunk detection).
+ */
+function extractConstructorParamTypes(node) {
+    const types = [];
+    const injectTokens = new Map();
+    const constructors = node.getConstructors();
+    if (constructors.length === 0)
+        return { types, injectTokens };
+    const constructor = constructors[0];
+    const parameters = constructor.getParameters();
+    for (const param of parameters) {
+        const typeNode = param.getTypeNode();
+        if (typeNode) {
+            const typeName = typeNode.getText();
+            types.push(typeName);
+            // Check for @Inject decorator
+            const decorators = param.getDecorators();
+            for (const decorator of decorators) {
+                if (decorator.getName() === 'Inject') {
+                    const args = decorator.getArguments();
+                    if (args.length > 0) {
+                        const token = args[0].getText().replace(/['"]/g, '');
+                        injectTokens.set(typeName, token);
+                    }
+                }
+            }
+        }
+    }
+    return { types, injectTokens };
+}
 function hasDynamicMethods(node) {
     const methods = node.getMethods();
     const dynamicMethods = ['forRoot', 'forFeature', 'forRootAsync', 'forFeatureAsync'];
@@ -103,6 +135,14 @@ function extractModuleControllers(node) {
 function extractModuleExports(node) {
     return extractModuleArrayProperty(node, 'exports');
 }
+/**
+ * Escapes special regex characters in a string to prevent ReDoS attacks.
+ * @param str The string to escape
+ * @returns The escaped string safe for use in a regex
+ */
+function escapeRegexChars(str) {
+    return str.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
 function extractModuleArrayProperty(node, propertyName) {
     const decorator = node.getDecorator('Module');
     if (!decorator)
@@ -111,7 +151,9 @@ function extractModuleArrayProperty(node, propertyName) {
     if (args.length === 0)
         return [];
     const configText = args[0].getText();
-    const regex = new RegExp(`${propertyName}\\s*:\\s*\\[([^\\]]+)\\]`);
+    // SECURITY: Escape propertyName to prevent ReDoS attacks
+    const escapedPropertyName = escapeRegexChars(propertyName);
+    const regex = new RegExp(`${escapedPropertyName}\\s*:\\s*\\[([^\\]]+)\\]`);
     const match = configText.match(regex);
     if (!match)
         return [];
@@ -252,59 +294,39 @@ function detectDependencyInjection(sourceNode, targetNode) {
         return false;
     if (targetNode.properties?.coreType !== CoreNodeType.CLASS_DECLARATION)
         return false;
-    const constructors = sourceNode.sourceNode?.getConstructors();
-    if (!constructors || constructors.length === 0)
-        return false;
-    const constructor = constructors[0];
-    const parameters = constructor.getParameters();
     const targetName = targetNode.properties?.name;
-    return parameters.some((param) => {
-        const paramType = param.getTypeNode()?.getText();
-        if (paramType === targetName)
-            return true;
-        const decorators = param.getDecorators();
-        return decorators.some((decorator) => {
-            if (decorator.getName() === 'Inject') {
-                const args = decorator.getArguments();
-                if (args.length > 0) {
-                    const token = args[0].getText().replace(/['"]/g, '');
-                    return token === targetName;
-                }
-            }
-            return false;
-        });
-    });
+    if (!targetName)
+        return false;
+    // Use pre-extracted constructor params from context (works after AST cleanup)
+    const constructorParamTypes = sourceNode.properties?.context?.constructorParamTypes ?? [];
+    const injectTokens = sourceNode.properties?.context?.injectTokens ?? {};
+    // Check if target is in constructor params by type
+    if (constructorParamTypes.includes(targetName))
+        return true;
+    // Check if target is referenced via @Inject token
+    return Object.values(injectTokens).includes(targetName);
 }
 function extractInjectionTokenFromRelation(sourceNode, targetNode) {
-    const constructors = sourceNode.sourceNode?.getConstructors();
-    if (!constructors || constructors.length === 0)
+    const targetName = targetNode.properties?.name;
+    if (!targetName)
         return null;
-    const constructor = constructors[0];
-    const parameters = constructor.getParameters();
-    for (const param of parameters) {
-        const decorators = param.getDecorators();
-        for (const decorator of decorators) {
-            if (decorator.getName() === 'Inject') {
-                const args = decorator.getArguments();
-                if (args.length > 0) {
-                    return args[0].getText().replace(/['"]/g, '');
-                }
-            }
+    // Use pre-extracted inject tokens from context (works after AST cleanup)
+    const injectTokens = sourceNode.properties?.context?.injectTokens ?? {};
+    // Find the token that maps to the target
+    for (const [typeName, token] of Object.entries(injectTokens)) {
+        if (token === targetName || typeName === targetName) {
+            return token;
         }
     }
     return null;
 }
 function findParameterIndex(sourceNode, targetNode) {
-    const constructors = sourceNode.sourceNode?.getConstructors();
-    if (!constructors || constructors.length === 0)
-        return 0;
-    const constructor = constructors[0];
-    const parameters = constructor.getParameters();
     const targetName = targetNode.properties?.name;
-    return parameters.findIndex((param) => {
-        const paramType = param.getTypeNode()?.getText();
-        return paramType === targetName;
-    });
+    if (!targetName)
+        return -1;
+    // Use pre-extracted constructor params from context (works after AST cleanup)
+    const constructorParamTypes = sourceNode.properties?.context?.constructorParamTypes ?? [];
+    return constructorParamTypes.indexOf(targetName);
 }
 function computeFullPathFromNodes(sourceNode, targetNode) {
     const basePath = sourceNode.properties?.context?.basePath ?? '';
@@ -781,6 +803,8 @@ export const NESTJS_FRAMEWORK_SCHEMA = {
                 const node = parsedNode.sourceNode;
                 if (!node)
                     return {};
+                // Extract constructor param types for INJECTS edge detection
+                const { types, injectTokens } = extractConstructorParamTypes(node);
                 return {
                     isAbstract: node.getAbstractKeyword() != null,
                     isDefaultExport: node.isDefaultExport(),
@@ -790,6 +814,9 @@ export const NESTJS_FRAMEWORK_SCHEMA = {
                     methodCount: node.getMethods().length,
                     propertyCount: node.getProperties().length,
                     constructorParameterCount: countConstructorParameters(node),
+                    // Pre-extracted for cross-chunk edge detection
+                    constructorParamTypes: types,
+                    injectTokens: Object.fromEntries(injectTokens),
                 };
             },
             priority: 1,

package/dist/core/config/schema.js

@@ -193,7 +193,7 @@ export const CORE_TYPESCRIPT_SCHEMA = {
             relationships: [
                 {
                     edgeType: CoreEdgeType.EXTENDS,
-                    method: 'getBaseClass',
+                    method: 'getExtends', // Use getExtends() instead of getBaseClass() - works in lazy mode
                     cardinality: 'single',
                     targetNodeType: CoreNodeType.CLASS_DECLARATION,
                 },

package/dist/core/config/timeouts.js

@@ -0,0 +1,27 @@
+/**
+ * Timeout Configuration
+ * Centralized timeout settings for external services (Neo4j, OpenAI)
+ */
+export const TIMEOUT_DEFAULTS = {
+    neo4j: {
+        queryTimeoutMs: 30_000, // 30 seconds
+        connectionTimeoutMs: 10_000, // 10 seconds
+    },
+    openai: {
+        embeddingTimeoutMs: 60_000, // 60 seconds
+        assistantTimeoutMs: 120_000, // 2 minutes (assistant/threads can take longer)
+    },
+};
+/**
+ * Get timeout configuration with environment variable overrides
+ */
+export const getTimeoutConfig = () => ({
+    neo4j: {
+        queryTimeoutMs: parseInt(process.env.NEO4J_QUERY_TIMEOUT_MS ?? '', 10) || TIMEOUT_DEFAULTS.neo4j.queryTimeoutMs,
+        connectionTimeoutMs: parseInt(process.env.NEO4J_CONNECTION_TIMEOUT_MS ?? '', 10) || TIMEOUT_DEFAULTS.neo4j.connectionTimeoutMs,
+    },
+    openai: {
+        embeddingTimeoutMs: parseInt(process.env.OPENAI_EMBEDDING_TIMEOUT_MS ?? '', 10) || TIMEOUT_DEFAULTS.openai.embeddingTimeoutMs,
+        assistantTimeoutMs: parseInt(process.env.OPENAI_ASSISTANT_TIMEOUT_MS ?? '', 10) || TIMEOUT_DEFAULTS.openai.assistantTimeoutMs,
+    },
+});

package/dist/core/embeddings/embeddings.service.js

@@ -1,15 +1,57 @@
 import OpenAI from 'openai';
+import { debugLog } from '../../mcp/utils.js';
+import { getTimeoutConfig } from '../config/timeouts.js';
+/**
+ * Custom error class for OpenAI configuration issues
+ * Provides helpful guidance on how to resolve the issue
+ */
+export class OpenAIConfigError extends Error {
+    constructor(message) {
+        super(message);
+        this.name = 'OpenAIConfigError';
+    }
+}
+/**
+ * Custom error class for OpenAI API issues (rate limits, quota, etc.)
+ */
+export class OpenAIAPIError extends Error {
+    statusCode;
+    constructor(message, statusCode) {
+        super(message);
+        this.statusCode = statusCode;
+        this.name = 'OpenAIAPIError';
+    }
+}
+export const EMBEDDING_BATCH_CONFIG = {
+    maxBatchSize: 100, // OpenAI supports up to 2048, but 100 is efficient
+    delayBetweenBatchesMs: 500, // Rate limit protection (500ms = ~2 batches/sec)
+};
 export class EmbeddingsService {
     openai;
     model;
     constructor(model = 'text-embedding-3-large') {
         const apiKey = process.env.OPENAI_API_KEY;
         if (!apiKey) {
-            throw new Error('OPENAI_API_KEY environment variable is required');
+            throw new OpenAIConfigError('OPENAI_API_KEY environment variable is required.\n\n' +
+                'To use semantic search features (search_codebase, natural_language_to_cypher), ' +
+                'you need an OpenAI API key.\n\n' +
+                'Set it in your environment:\n' +
+                '  export OPENAI_API_KEY=sk-...\n\n' +
+                'Or in .env file:\n' +
+                '  OPENAI_API_KEY=sk-...\n\n' +
+                'Alternative: Use impact_analysis or traverse_from_node which do not require OpenAI.');
         }
-        this.openai = new OpenAI({ apiKey });
+        const timeoutConfig = getTimeoutConfig();
+        this.openai = new OpenAI({
+            apiKey,
+            timeout: timeoutConfig.openai.embeddingTimeoutMs,
+            maxRetries: 2, // Built-in retry for transient errors
+        });
         this.model = model;
     }
+    /**
+     * Embed a single text string
+     */
     async embedText(text) {
         try {
             const response = await this.openai.embeddings.create({
@@ -19,8 +61,86 @@ export class EmbeddingsService {
             return response.data[0].embedding;
         }
         catch (error) {
+            // Handle specific error types with helpful messages
+            if (error.code === 'ETIMEDOUT' || error.message?.includes('timeout')) {
+                throw new OpenAIAPIError('OpenAI embedding request timed out. Consider increasing OPENAI_EMBEDDING_TIMEOUT_MS.');
+            }
+            if (error.status === 429) {
+                throw new OpenAIAPIError('OpenAI rate limit exceeded.\n\n' +
+                    'This usually means:\n' +
+                    '- You have hit your API rate limit\n' +
+                    '- You have exceeded your quota\n\n' +
+                    'Solutions:\n' +
+                    '- Wait a few minutes and try again\n' +
+                    '- Check your OpenAI usage at https://platform.openai.com/usage\n' +
+                    '- Use impact_analysis or traverse_from_node which do not require OpenAI', 429);
+            }
+            if (error.status === 401) {
+                throw new OpenAIAPIError('OpenAI API key is invalid or expired.\n\n' + 'Please check your OPENAI_API_KEY environment variable.', 401);
+            }
+            if (error.status === 402 || error.message?.includes('quota') || error.message?.includes('billing')) {
+                throw new OpenAIAPIError('OpenAI quota exceeded or billing issue.\n\n' +
+                    'Solutions:\n' +
+                    '- Check your OpenAI billing at https://platform.openai.com/settings/organization/billing\n' +
+                    '- Add credits to your account\n' +
+                    '- Use impact_analysis or traverse_from_node which do not require OpenAI', 402);
+            }
             console.error('Error creating embedding:', error);
             throw error;
         }
     }
+    /**
+     * Embed multiple texts in a single API call.
+     * OpenAI's embedding API supports batching natively.
+     */
+    async embedTexts(texts) {
+        if (texts.length === 0)
+            return [];
+        try {
+            const response = await this.openai.embeddings.create({
+                model: this.model,
+                input: texts,
+            });
+            // Map results back to original order (OpenAI returns with index)
+            return response.data.sort((a, b) => a.index - b.index).map((d) => d.embedding);
+        }
+        catch (error) {
+            if (error.code === 'ETIMEDOUT' || error.message?.includes('timeout')) {
+                throw new OpenAIAPIError('OpenAI batch embedding request timed out. Consider reducing batch size or increasing timeout.');
+            }
+            // Rate limited - SDK already has maxRetries:2, don't add recursive retry
+            if (error.status === 429) {
+                throw new OpenAIAPIError('OpenAI rate limit exceeded. Wait a few minutes and try again.\n' +
+                    'Check your usage at https://platform.openai.com/usage', 429);
+            }
+            // Re-throw with context
+            throw new OpenAIAPIError(`OpenAI embedding failed: ${error.message}`, error.status);
+        }
+    }
+    /**
+     * Embed texts in batches with rate limiting.
+     * Returns array of embeddings in same order as input.
+     * @param texts Array of texts to embed
+     * @param batchSize Number of texts per API call (default: 100)
+     */
+    async embedTextsInBatches(texts, batchSize = EMBEDDING_BATCH_CONFIG.maxBatchSize) {
+        await debugLog('Batch embedding started', { textCount: texts.length });
+        const results = [];
+        const totalBatches = Math.ceil(texts.length / batchSize);
+        for (let i = 0; i < texts.length; i += batchSize) {
+            const batch = texts.slice(i, i + batchSize);
+            const batchIndex = Math.floor(i / batchSize) + 1;
+            await debugLog('Embedding batch progress', { batchIndex, totalBatches, batchSize: batch.length });
+            const batchResults = await this.embedTexts(batch);
+            results.push(...batchResults);
+            // Rate limit protection between batches
+            if (i + batchSize < texts.length) {
+                await this.delay(EMBEDDING_BATCH_CONFIG.delayBetweenBatchesMs);
+            }
+        }
+        return results;
+    }
+    delay(ms) {
+        return new Promise((resolve) => setTimeout(resolve, ms));
+    }
 }