gitnexus 1.3.6 → 1.3.8

package/dist/core/kuzu/csv-generator.js

@@ -19,7 +19,7 @@ const FLUSH_EVERY = 500;
 // ============================================================================
 // CSV ESCAPE UTILITIES
 // ============================================================================
-const sanitizeUTF8 = (str) => {
+export const sanitizeUTF8 = (str) => {
     return str
         .replace(/\r\n/g, '\n')
         .replace(/\r/g, '\n')
@@ -27,14 +27,14 @@ const sanitizeUTF8 = (str) => {
         .replace(/[\uD800-\uDFFF]/g, '')
         .replace(/[\uFFFE\uFFFF]/g, '');
 };
-const escapeCSVField = (value) => {
+export const escapeCSVField = (value) => {
     if (value === undefined || value === null)
         return '""';
     let str = String(value);
     str = sanitizeUTF8(str);
     return `"${str.replace(/"/g, '""')}"`;
 };
-const escapeCSVNumber = (value, defaultValue = -1) => {
+export const escapeCSVNumber = (value, defaultValue = -1) => {
     if (value === undefined || value === null)
         return String(defaultValue);
     return String(value);
@@ -42,7 +42,7 @@ const escapeCSVNumber = (value, defaultValue = -1) => {
 // ============================================================================
 // CONTENT EXTRACTION (lazy — reads from disk on demand)
 // ============================================================================
-const isBinaryContent = (content) => {
+export const isBinaryContent = (content) => {
     if (!content || content.length === 0)
         return false;
     const sample = content.slice(0, 1000);
@@ -72,8 +72,15 @@ class FileContentCache {
         if (!relativePath)
             return '';
         const cached = this.cache.get(relativePath);
-        if (cached !== undefined)
+        if (cached !== undefined) {
+            // Move to end of accessOrder (LRU promotion)
+            const idx = this.accessOrder.indexOf(relativePath);
+            if (idx !== -1) {
+                this.accessOrder.splice(idx, 1);
+                this.accessOrder.push(relativePath);
+            }
             return cached;
+        }
         try {
             const fullPath = path.join(this.repoPath, relativePath);
             const content = await fs.readFile(fullPath, 'utf-8');
@@ -150,11 +157,18 @@ class BufferedCSVWriter {
         const chunk = this.buffer.join('\n') + '\n';
         this.buffer.length = 0;
         return new Promise((resolve, reject) => {
+            this.ws.once('error', reject);
             const ok = this.ws.write(chunk);
-            if (ok)
+            if (ok) {
+                this.ws.removeListener('error', reject);
                 resolve();
-            else
-                this.ws.once('drain', resolve);
+            }
+            else {
+                this.ws.once('drain', () => {
+                    this.ws.removeListener('error', reject);
+                    resolve();
+                });
+            }
         });
     }
     async finish() {
@@ -234,7 +248,7 @@ export const streamAllCSVsToDisk = async (graph, repoPath, csvDir) => {
                 break;
             case 'Community': {
                 const keywords = node.properties.keywords || [];
-                const keywordsStr = `[${keywords.map((k) => `'${k.replace(/'/g, "''")}'`).join(',')}]`;
+                const keywordsStr = `[${keywords.map((k) => `'${k.replace(/\\/g, '\\\\').replace(/'/g, "''").replace(/,/g, '\\,')}'`).join(',')}]`;
                 await communityWriter.addRow([
                     escapeCSVField(node.id),
                     escapeCSVField(node.properties.name || ''),

package/dist/core/kuzu/kuzu-adapter.js

@@ -663,11 +663,17 @@ export const loadFTSExtension = async () => {
     try {
         await conn.query('INSTALL fts');
         await conn.query('LOAD EXTENSION fts');
+        ftsLoaded = true;
     }
-    catch {
-        // Extension may already be loaded
+    catch (err) {
+        const msg = err?.message || '';
+        if (msg.includes('already loaded') || msg.includes('already installed') || msg.includes('already exists')) {
+            ftsLoaded = true;
+        }
+        else {
+            console.error('GitNexus: FTS extension load failed:', msg);
+        }
     }
-    ftsLoaded = true;
 };
 /**
  * Create a full-text search index on a table

package/dist/core/tree-sitter/parser-loader.d.ts

@@ -1,4 +1,5 @@
 import Parser from 'tree-sitter';
 import { SupportedLanguages } from '../../config/supported-languages.js';
+export declare const isLanguageAvailable: (language: SupportedLanguages) => boolean;
 export declare const loadParser: () => Promise<Parser>;
 export declare const loadLanguage: (language: SupportedLanguages, filePath?: string) => Promise<void>;

package/dist/core/tree-sitter/parser-loader.js

@@ -8,6 +8,7 @@ import CPP from 'tree-sitter-cpp';
 import CSharp from 'tree-sitter-c-sharp';
 import Go from 'tree-sitter-go';
 import Rust from 'tree-sitter-rust';
+import Kotlin from 'tree-sitter-kotlin';
 import PHP from 'tree-sitter-php';
 import { createRequire } from 'node:module';
 import { SupportedLanguages } from '../../config/supported-languages.js';
@@ -30,9 +31,11 @@ const languageMap = {
     [SupportedLanguages.CSharp]: CSharp,
     [SupportedLanguages.Go]: Go,
     [SupportedLanguages.Rust]: Rust,
+    [SupportedLanguages.Kotlin]: Kotlin,
     [SupportedLanguages.PHP]: PHP.php_only,
     ...(Swift ? { [SupportedLanguages.Swift]: Swift } : {}),
 };
+export const isLanguageAvailable = (language) => language in languageMap;
 export const loadParser = async () => {
     if (parser)
         return parser;

package/dist/mcp/core/kuzu-adapter.d.ts

@@ -17,11 +17,12 @@
  * Retries on lock errors (e.g., when `gitnexus analyze` is running).
  */
 export declare const initKuzu: (repoId: string, dbPath: string) => Promise<void>;
+export declare const executeQuery: (repoId: string, cypher: string) => Promise<any[]>;
 /**
- * Execute a query on a specific repo's connection pool.
- * Automatically checks out a connection, runs the query, and returns it.
+ * Execute a parameterized query on a specific repo's connection pool.
+ * Uses prepare/execute pattern to prevent Cypher injection.
  */
-export declare const executeQuery: (repoId: string, cypher: string) => Promise<any[]>;
+export declare const executeParameterized: (repoId: string, cypher: string, params: Record<string, any>) => Promise<any[]>;
 /**
  * Close one or all repo pools.
  * If repoId is provided, close only that repo's connections.

package/dist/mcp/core/kuzu-adapter.js

@@ -24,6 +24,9 @@ const MAX_CONNS_PER_REPO = 8;
 /** Connections created eagerly on init */
 const INITIAL_CONNS_PER_REPO = 2;
 let idleTimer = null;
+/** Saved real stdout.write — used to silence KuzuDB native output without race conditions */
+const realStdoutWrite = process.stdout.write.bind(process.stdout);
+let stdoutSilenceCount = 0;
 /**
  * Start the idle cleanup timer (runs every 60s)
  */
@@ -33,7 +36,7 @@ function ensureIdleTimer() {
     idleTimer = setInterval(() => {
         const now = Date.now();
         for (const [repoId, entry] of pool) {
-            if (now - entry.lastUsed > IDLE_TIMEOUT_MS) {
+            if (now - entry.lastUsed > IDLE_TIMEOUT_MS && entry.checkedOut === 0) {
                 closeOne(repoId);
             }
         }
@@ -51,7 +54,7 @@ function evictLRU() {
     let oldestId = null;
     let oldestTime = Infinity;
     for (const [id, entry] of pool) {
-        if (entry.lastUsed < oldestTime) {
+        if (entry.checkedOut === 0 && entry.lastUsed < oldestTime) {
             oldestTime = entry.lastUsed;
             oldestId = id;
         }
@@ -71,28 +74,46 @@ function closeOne(repoId) {
         try {
             conn.close();
         }
-        catch { }
+        catch (e) {
+            console.error('GitNexus [pool:close-conn]:', e instanceof Error ? e.message : e);
+        }
     }
     try {
         entry.db.close();
     }
-    catch { }
+    catch (e) {
+        console.error('GitNexus [pool:close-db]:', e instanceof Error ? e.message : e);
+    }
     pool.delete(repoId);
 }
 /**
  * Create a new Connection from a repo's Database.
  * Silences stdout to prevent native module output from corrupting MCP stdio.
  */
+function silenceStdout() {
+    if (stdoutSilenceCount++ === 0) {
+        process.stdout.write = (() => true);
+    }
+}
+function restoreStdout() {
+    if (--stdoutSilenceCount <= 0) {
+        stdoutSilenceCount = 0;
+        process.stdout.write = realStdoutWrite;
+    }
+}
 function createConnection(db) {
-    const origWrite = process.stdout.write;
-    process.stdout.write = (() => true);
+    silenceStdout();
     try {
         return new kuzu.Connection(db);
     }
     finally {
-        process.stdout.write = origWrite;
+        restoreStdout();
     }
 }
+/** Query timeout in milliseconds */
+const QUERY_TIMEOUT_MS = 30_000;
+/** Waiter queue timeout in milliseconds */
+const WAITER_TIMEOUT_MS = 15_000;
 const LOCK_RETRY_ATTEMPTS = 3;
 const LOCK_RETRY_DELAY_MS = 2000;
 /**
@@ -118,13 +139,12 @@ export const initKuzu = async (repoId, dbPath) => {
     // avoids lock conflicts when `gitnexus analyze` is writing.
     let lastError = null;
     for (let attempt = 1; attempt <= LOCK_RETRY_ATTEMPTS; attempt++) {
-        const origWrite = process.stdout.write;
-        process.stdout.write = (() => true);
+        silenceStdout();
         try {
             const db = new kuzu.Database(dbPath, 0, // bufferManagerSize (default)
             false, // enableCompression (default)
             true);
-            process.stdout.write = origWrite;
+            restoreStdout();
             // Pre-create a small pool of connections
             const available = [];
             for (let i = 0; i < INITIAL_CONNS_PER_REPO; i++) {
@@ -135,7 +155,7 @@ export const initKuzu = async (repoId, dbPath) => {
             return;
         }
         catch (err) {
-            process.stdout.write = origWrite;
+            restoreStdout();
             lastError = err instanceof Error ? err : new Error(String(err));
             const isLockError = lastError.message.includes('Could not set lock')
                 || lastError.message.includes('lock');
@@ -164,10 +184,19 @@ function checkout(entry) {
         entry.checkedOut++;
         return Promise.resolve(createConnection(entry.db));
     }
-    // At capacity — queue the caller. checkin() will resolve this when
-    // a connection is returned, handing it directly to the next waiter.
-    return new Promise(resolve => {
-        entry.waiters.push(resolve);
+    // At capacity — queue the caller with a timeout.
+    return new Promise((resolve, reject) => {
+        const waiter = (conn) => {
+            clearTimeout(timer);
+            resolve(conn);
+        };
+        const timer = setTimeout(() => {
+            const idx = entry.waiters.indexOf(waiter);
+            if (idx !== -1)
+                entry.waiters.splice(idx, 1);
+            reject(new Error(`Connection pool exhausted: timed out after ${WAITER_TIMEOUT_MS}ms waiting for a free connection`));
+        }, WAITER_TIMEOUT_MS);
+        entry.waiters.push(waiter);
     });
 }
 /**
@@ -190,6 +219,14 @@ function checkin(entry, conn) {
  * Execute a query on a specific repo's connection pool.
  * Automatically checks out a connection, runs the query, and returns it.
  */
+/** Race a promise against a timeout */
+function withTimeout(promise, ms, label) {
+    let timer;
+    const timeout = new Promise((_, reject) => {
+        timer = setTimeout(() => reject(new Error(`${label} timed out after ${ms}ms`)), ms);
+    });
+    return Promise.race([promise, timeout]).finally(() => clearTimeout(timer));
+}
 export const executeQuery = async (repoId, cypher) => {
     const entry = pool.get(repoId);
     if (!entry) {
@@ -198,7 +235,33 @@ export const executeQuery = async (repoId, cypher) => {
     entry.lastUsed = Date.now();
     const conn = await checkout(entry);
     try {
-        const queryResult = await conn.query(cypher);
+        const queryResult = await withTimeout(conn.query(cypher), QUERY_TIMEOUT_MS, 'Query');
+        const result = Array.isArray(queryResult) ? queryResult[0] : queryResult;
+        const rows = await result.getAll();
+        return rows;
+    }
+    finally {
+        checkin(entry, conn);
+    }
+};
+/**
+ * Execute a parameterized query on a specific repo's connection pool.
+ * Uses prepare/execute pattern to prevent Cypher injection.
+ */
+export const executeParameterized = async (repoId, cypher, params) => {
+    const entry = pool.get(repoId);
+    if (!entry) {
+        throw new Error(`KuzuDB not initialized for repo "${repoId}". Call initKuzu first.`);
+    }
+    entry.lastUsed = Date.now();
+    const conn = await checkout(entry);
+    try {
+        const stmt = await withTimeout(conn.prepare(cypher), QUERY_TIMEOUT_MS, 'Prepare');
+        if (!stmt.isSuccess()) {
+            const errMsg = await stmt.getErrorMessage();
+            throw new Error(`Prepare failed: ${errMsg}`);
+        }
+        const queryResult = await withTimeout(conn.execute(stmt, params), QUERY_TIMEOUT_MS, 'Execute');
         const result = Array.isArray(queryResult) ? queryResult[0] : queryResult;
         const rows = await result.getAll();
         return rows;

package/dist/mcp/local/local-backend.d.ts

@@ -6,6 +6,19 @@
  * KuzuDB connections are opened lazily per repo on first query.
  */
 import { type RegistryEntry } from '../../storage/repo-manager.js';
+/**
+ * Quick test-file detection for filtering impact results.
+ * Matches common test file patterns across all supported languages.
+ */
+export declare function isTestFilePath(filePath: string): boolean;
+/** Valid KuzuDB node labels for safe Cypher query construction */
+export declare const VALID_NODE_LABELS: Set<string>;
+/** Valid relation types for impact analysis filtering */
+export declare const VALID_RELATION_TYPES: Set<string>;
+/** Regex to detect write operations in user-supplied Cypher queries */
+export declare const CYPHER_WRITE_RE: RegExp;
+/** Check if a Cypher query contains write operations */
+export declare function isWriteQuery(query: string): boolean;
 export interface CodebaseContext {
     projectName: string;
     stats: {