gitnexus 1.4.7 → 1.4.8

package/dist/mcp/core/embedder.js

@@ -5,9 +5,9 @@
  * For MCP, we only need to compute query embeddings, not batch embed.
  */
 import { pipeline, env } from '@huggingface/transformers';
+import { isHttpMode, getHttpDimensions, httpEmbedQuery } from '../../core/embeddings/http-client.js';
 // Model config
 const MODEL_ID = 'Snowflake/snowflake-arctic-embed-xs';
-const EMBEDDING_DIMS = 384;
 // Module-level state for singleton pattern
 let embedderInstance = null;
 let isInitializing = false;
@@ -16,6 +16,9 @@ let initPromise = null;
  * Initialize the embedding model (lazy, on first search)
  */
 export const initEmbedder = async () => {
+    if (isHttpMode()) {
+        throw new Error('initEmbedder() should not be called in HTTP mode.');
+    }
     if (embedderInstance) {
         return embedderInstance;
     }
@@ -75,11 +78,14 @@ export const initEmbedder = async () => {
 /**
  * Check if embedder is ready
  */
-export const isEmbedderReady = () => embedderInstance !== null;
+export const isEmbedderReady = () => isHttpMode() || embedderInstance !== null;
 /**
  * Embed a query text for semantic search
  */
 export const embedQuery = async (query) => {
+    if (isHttpMode()) {
+        return httpEmbedQuery(query);
+    }
     const embedder = await initEmbedder();
     const result = await embedder(query, {
         pooling: 'mean',
@@ -90,7 +96,9 @@ export const embedQuery = async (query) => {
 /**
  * Get embedding dimensions
  */
-export const getEmbeddingDims = () => EMBEDDING_DIMS;
+export const getEmbeddingDims = () => {
+    return getHttpDimensions() ?? 384;
+};
 /**
  * Cleanup embedder
  */

package/dist/mcp/core/lbug-adapter.js

@@ -109,6 +109,7 @@ function closeOne(repoId) {
  * Create a new Connection from a repo's Database.
  * Silences stdout to prevent native module output from corrupting MCP stdio.
  */
+let activeQueryCount = 0;
 function silenceStdout() {
     if (stdoutSilenceCount++ === 0) {
         process.stdout.write = (() => true);
@@ -122,8 +123,10 @@ function restoreStdout() {
 }
 // Safety watchdog: restore stdout if it gets stuck silenced (e.g. native crash
 // inside createConnection before restoreStdout runs).
+// Exempts active queries and pre-warm — these legitimately hold silence for
+// longer than 1 second (queries can take up to QUERY_TIMEOUT_MS = 30s).
 setInterval(() => {
-    if (stdoutSilenceCount > 0 && !preWarmActive) {
+    if (stdoutSilenceCount > 0 && !preWarmActive && activeQueryCount === 0) {
         stdoutSilenceCount = 0;
         process.stdout.write = realStdoutWrite;
     }
@@ -389,6 +392,8 @@ export const executeQuery = async (repoId, cypher) => {
     }
     entry.lastUsed = Date.now();
     const conn = await checkout(entry);
+    silenceStdout();
+    activeQueryCount++;
     try {
         const queryResult = await withTimeout(conn.query(cypher), QUERY_TIMEOUT_MS, 'Query');
         const result = Array.isArray(queryResult) ? queryResult[0] : queryResult;
@@ -396,6 +401,8 @@ export const executeQuery = async (repoId, cypher) => {
         return rows;
     }
     finally {
+        activeQueryCount--;
+        restoreStdout();
         checkin(entry, conn);
     }
 };
@@ -410,6 +417,8 @@ export const executeParameterized = async (repoId, cypher, params) => {
     }
     entry.lastUsed = Date.now();
     const conn = await checkout(entry);
+    silenceStdout();
+    activeQueryCount++;
     try {
         const stmt = await withTimeout(conn.prepare(cypher), QUERY_TIMEOUT_MS, 'Prepare');
         if (!stmt.isSuccess()) {
@@ -422,6 +431,8 @@ export const executeParameterized = async (repoId, cypher, params) => {
         return rows;
     }
     finally {
+        activeQueryCount--;
+        restoreStdout();
         checkin(entry, conn);
     }
 };

package/dist/mcp/local/local-backend.d.ts

@@ -15,6 +15,26 @@ export declare function isTestFilePath(filePath: string): boolean;
 export declare const VALID_NODE_LABELS: Set<string>;
 /** Valid relation types for impact analysis filtering */
 export declare const VALID_RELATION_TYPES: Set<string>;
+/**
+ * Per-relation-type confidence floor for impact analysis.
+ *
+ * When the graph stores a relation with a confidence value, that stored
+ * value is used as-is (it reflects resolution-tier accuracy from analysis
+ * time).  This map provides the floor for each edge type when no stored
+ * confidence is available, and is also used for display / tooltip hints.
+ *
+ * Rationale:
+ *   CALLS / IMPORTS  – direct, strongly-typed references → 0.9
+ *   EXTENDS          – class hierarchy, statically verifiable → 0.85
+ *   IMPLEMENTS       – interface contract, statically verifiable → 0.85
+ *   OVERRIDES        – method override, statically verifiable → 0.85
+ *   HAS_METHOD       – structural containment → 0.95
+ *   HAS_PROPERTY     – structural containment → 0.95
+ *   ACCESSES         – field read/write, may be indirect → 0.8
+ *   CONTAINS         – folder/file containment → 0.95
+ *   (unknown type)   – conservative fallback → 0.5
+ */
+export declare const IMPACT_RELATION_CONFIDENCE: Readonly<Record<string, number>>;
 /** Regex to detect write operations in user-supplied Cypher queries */
 export declare const CYPHER_WRITE_RE: RegExp;
 /** Check if a Cypher query contains write operations */
@@ -42,6 +62,8 @@ export declare class LocalBackend {
     private repos;
     private contextCache;
     private initializedRepos;
+    private reinitPromises;
+    private lastStalenessCheck;
     /**
      * Initialize from the global registry.
      * Returns true if at least one repo is available.

package/dist/mcp/local/local-backend.js

@@ -38,6 +38,41 @@ export const VALID_NODE_LABELS = new Set([
 ]);
 /** Valid relation types for impact analysis filtering */
 export const VALID_RELATION_TYPES = new Set(['CALLS', 'IMPORTS', 'EXTENDS', 'IMPLEMENTS', 'HAS_METHOD', 'HAS_PROPERTY', 'OVERRIDES', 'ACCESSES']);
+/**
+ * Per-relation-type confidence floor for impact analysis.
+ *
+ * When the graph stores a relation with a confidence value, that stored
+ * value is used as-is (it reflects resolution-tier accuracy from analysis
+ * time).  This map provides the floor for each edge type when no stored
+ * confidence is available, and is also used for display / tooltip hints.
+ *
+ * Rationale:
+ *   CALLS / IMPORTS  – direct, strongly-typed references → 0.9
+ *   EXTENDS          – class hierarchy, statically verifiable → 0.85
+ *   IMPLEMENTS       – interface contract, statically verifiable → 0.85
+ *   OVERRIDES        – method override, statically verifiable → 0.85
+ *   HAS_METHOD       – structural containment → 0.95
+ *   HAS_PROPERTY     – structural containment → 0.95
+ *   ACCESSES         – field read/write, may be indirect → 0.8
+ *   CONTAINS         – folder/file containment → 0.95
+ *   (unknown type)   – conservative fallback → 0.5
+ */
+export const IMPACT_RELATION_CONFIDENCE = {
+    CALLS: 0.9,
+    IMPORTS: 0.9,
+    EXTENDS: 0.85,
+    IMPLEMENTS: 0.85,
+    OVERRIDES: 0.85,
+    HAS_METHOD: 0.95,
+    HAS_PROPERTY: 0.95,
+    ACCESSES: 0.8,
+    CONTAINS: 0.95,
+};
+/**
+ * Return the confidence floor for a given relation type.
+ * Falls back to 0.5 for unknown types so they are not silently elevated.
+ */
+const confidenceForRelType = (relType) => IMPACT_RELATION_CONFIDENCE[relType ?? ''] ?? 0.5;
 /** Regex to detect write operations in user-supplied Cypher queries */
 export const CYPHER_WRITE_RE = /\b(CREATE|DELETE|SET|MERGE|REMOVE|DROP|ALTER|COPY|DETACH)\b/i;
 /** Check if a Cypher query contains write operations */
@@ -53,6 +88,8 @@ export class LocalBackend {
     repos = new Map();
     contextCache = new Map();
     initializedRepos = new Set();
+    reinitPromises = new Map();
+    lastStalenessCheck = new Map();
     // ─── Initialization ──────────────────────────────────────────────
     /**
      * Initialize from the global registry.
@@ -195,12 +232,53 @@ export class LocalBackend {
     }
     // ─── Lazy LadybugDB Init ────────────────────────────────────────────
     async ensureInitialized(repoId) {
-        // Always check the actual pool — the idle timer may have evicted the connection
-        if (this.initializedRepos.has(repoId) && isLbugReady(repoId))
-            return;
+        // If a reinit is already in progress for this repo, wait for it
+        const pending = this.reinitPromises.get(repoId);
+        if (pending)
+            return pending;
         const handle = this.repos.get(repoId);
         if (!handle)
             throw new Error(`Unknown repo: ${repoId}`);
+        // Check if the index was rebuilt since we opened the connection (#297).
+        // Throttle staleness checks to at most once per 5 seconds per repo to
+        // avoid an fs.readFile round-trip on every tool invocation.
+        if (this.initializedRepos.has(repoId) && isLbugReady(repoId)) {
+            const now = Date.now();
+            const lastCheck = this.lastStalenessCheck.get(repoId) ?? 0;
+            if (now - lastCheck < 5000)
+                return; // Checked recently — skip
+            this.lastStalenessCheck.set(repoId, now);
+            try {
+                const metaPath = path.join(handle.storagePath, 'meta.json');
+                const metaRaw = await fs.readFile(metaPath, 'utf-8');
+                const meta = JSON.parse(metaRaw);
+                if (meta.indexedAt && meta.indexedAt !== handle.indexedAt) {
+                    // Index was rebuilt — close stale connection and re-init.
+                    // Wrap in reinitPromises to prevent TOCTOU race where concurrent
+                    // callers both detect staleness and double-close the pool.
+                    const reinit = (async () => {
+                        try {
+                            await closeLbug(repoId);
+                            this.initializedRepos.delete(repoId);
+                            handle.indexedAt = meta.indexedAt;
+                            await initLbug(repoId, handle.lbugPath);
+                            this.initializedRepos.add(repoId);
+                        }
+                        finally {
+                            this.reinitPromises.delete(repoId);
+                        }
+                    })();
+                    this.reinitPromises.set(repoId, reinit);
+                    return reinit;
+                }
+                else {
+                    return; // Pool is current
+                }
+            }
+            catch {
+                return; // Can't read meta — assume pool is fine
+            }
+        }
         try {
             await initLbug(repoId, handle.lbugPath);
             this.initializedRepos.add(repoId);
@@ -1247,14 +1325,21 @@ export class LocalBackend {
                     if (!visited.has(relId)) {
                         visited.add(relId);
                         nextFrontier.push(relId);
+                        const storedConfidence = rel.confidence ?? rel[6];
+                        const relationType = rel.relType || rel[5];
+                        // Prefer the stored confidence from the graph (set at analysis time);
+                        // fall back to the per-type floor for edges without a stored value.
+                        const effectiveConfidence = typeof storedConfidence === 'number' && storedConfidence > 0
+                            ? storedConfidence
+                            : confidenceForRelType(relationType);
                         impacted.push({
                             depth,
                             id: relId,
                             name: rel.name || rel[2],
                             type: rel.type || rel[3],
                             filePath,
-                            relationType: rel.relType || rel[5],
-                            confidence: rel.confidence || rel[6] || 1.0,
+                            relationType,
+                            confidence: effectiveConfidence,
                         });
                     }
                 }
@@ -1279,30 +1364,49 @@ export class LocalBackend {
         let affectedProcesses = [];
         let affectedModules = [];
         if (impacted.length > 0) {
-            const allIds = impacted.map(i => `'${i.id.replace(/'/g, "''")}'`).join(', ');
-            const d1Ids = (grouped[1] || []).map((i) => `'${i.id.replace(/'/g, "''")}'`).join(', ');
-            // Affected processes: which execution flows are broken and at which step
-            const [processRows, moduleRows, directModuleRows] = await Promise.all([
-                executeQuery(repo.id, `
-          MATCH (s)-[r:CodeRelation {type: 'STEP_IN_PROCESS'}]->(p:Process)
-          WHERE s.id IN [${allIds}]
-          RETURN p.heuristicLabel AS name, COUNT(DISTINCT s.id) AS hits, MIN(r.step) AS minStep, p.stepCount AS stepCount
-          ORDER BY hits DESC
-          LIMIT 20
-        `).catch(() => []),
-                executeQuery(repo.id, `
-          MATCH (s)-[:CodeRelation {type: 'MEMBER_OF'}]->(c:Community)
-          WHERE s.id IN [${allIds}]
-          RETURN c.heuristicLabel AS name, COUNT(DISTINCT s.id) AS hits
-          ORDER BY hits DESC
-          LIMIT 20
-        `).catch(() => []),
-                d1Ids ? executeQuery(repo.id, `
-          MATCH (s)-[:CodeRelation {type: 'MEMBER_OF'}]->(c:Community)
-          WHERE s.id IN [${d1Ids}]
-          RETURN DISTINCT c.heuristicLabel AS name
-        `).catch(() => []) : Promise.resolve([]),
-            ]);
+            // Cap IN-clause to 100 IDs to prevent oversized queries that crash
+            // the native DB engine on arm64 macOS (#292)
+            const cappedImpacted = impacted.slice(0, 100);
+            const allIds = cappedImpacted.map(i => `'${String(i.id ?? '').replace(/'/g, "''")}'`).join(', ');
+            const d1Items = (grouped[1] || []).slice(0, 100);
+            const d1Ids = d1Items.map((i) => `'${String(i.id ?? '').replace(/'/g, "''")}'`).join(', ');
+            // Enrichment queries: sequential on arm64 macOS to avoid SIGSEGV from
+            // concurrent native DB access (#285, #290, #292); parallel elsewhere
+            // to preserve performance on unaffected platforms.
+            const isArm64Mac = process.platform === 'darwin' && process.arch === 'arm64';
+            const processQuery = executeQuery(repo.id, `
+        MATCH (s)-[r:CodeRelation {type: 'STEP_IN_PROCESS'}]->(p:Process)
+        WHERE s.id IN [${allIds}]
+        RETURN p.heuristicLabel AS name, COUNT(DISTINCT s.id) AS hits, MIN(r.step) AS minStep, p.stepCount AS stepCount
+        ORDER BY hits DESC
+        LIMIT 20
+      `).catch(() => []);
+            const moduleQuery = () => executeQuery(repo.id, `
+        MATCH (s)-[:CodeRelation {type: 'MEMBER_OF'}]->(c:Community)
+        WHERE s.id IN [${allIds}]
+        RETURN c.heuristicLabel AS name, COUNT(DISTINCT s.id) AS hits
+        ORDER BY hits DESC
+        LIMIT 20
+      `).catch(() => []);
+            const directModuleQuery = () => d1Ids
+                ? executeQuery(repo.id, `
+            MATCH (s)-[:CodeRelation {type: 'MEMBER_OF'}]->(c:Community)
+            WHERE s.id IN [${d1Ids}]
+            RETURN DISTINCT c.heuristicLabel AS name
+          `).catch(() => [])
+                : Promise.resolve([]);
+            let processRows, moduleRows, directModuleRows;
+            if (isArm64Mac) {
+                // Sequential: avoid concurrent native DB access
+                processRows = await processQuery;
+                moduleRows = await moduleQuery();
+                directModuleRows = await directModuleQuery();
+            }
+            else {
+                // Parallel: safe on non-arm64 platforms
+                processRows = await processQuery;
+                [moduleRows, directModuleRows] = await Promise.all([moduleQuery(), directModuleQuery()]);
+            }
             affectedProcesses = processRows.map((r) => ({
                 name: r.name || r[0],
                 hits: r.hits || r[1],

package/dist/mcp/resources.js

@@ -277,6 +277,8 @@ node_properties:
   Function: "parameterCount (INT32), returnType (STRING), isVariadic (BOOL)"
   Property: "declaredType (STRING) — the field's type annotation (e.g., 'Address', 'City'). Used for field-access chain resolution."
   Constructor: "parameterCount (INT32)"
+  Community: "heuristicLabel (STRING), cohesion (DOUBLE), symbolCount (INT32), keywords (STRING[]), description (STRING), enrichedBy (STRING)"
+  Process: "heuristicLabel (STRING), processType (STRING — 'intra_community' or 'cross_community'), stepCount (INT32), communities (STRING[]), entryPointId (STRING), terminalId (STRING)"
 
 relationships:
   - CONTAINS: File/Folder contains child

package/dist/mcp/tools.js

@@ -93,8 +93,8 @@ OUTPUT: Returns { markdown, row_count } — results formatted as a Markdown tabl
 
 TIPS:
 - All relationships use single CodeRelation table — filter with {type: 'CALLS'} etc.
-- Community = auto-detected functional area (Leiden algorithm)
-- Process = execution flow trace from entry point to terminal
+- Community = auto-detected functional area (Leiden algorithm). Properties: heuristicLabel, cohesion, symbolCount, keywords, description, enrichedBy
+- Process = execution flow trace from entry point to terminal. Properties: heuristicLabel, processType, stepCount, communities, entryPointId, terminalId
 - Use heuristicLabel (not label) for human-readable community/process names`,
         inputSchema: {
             type: 'object',

package/dist/server/api.d.ts

@@ -5,6 +5,24 @@
  * Also hosts the MCP server over StreamableHTTP for remote AI tool access.
  *
  * Security: binds to 127.0.0.1 by default (use --host to override).
- * CORS is restricted to localhost and the deployed site.
+ * CORS is restricted to localhost, private/LAN networks, and the deployed site.
  */
+/**
+ * Determine whether an HTTP Origin header value is allowed by CORS policy.
+ *
+ * Permitted origins:
+ * - No origin (non-browser requests such as curl or server-to-server calls)
+ * - http://localhost:<port> — local development
+ * - http://127.0.0.1:<port> — loopback alias
+ * - RFC 1918 private/LAN networks (any port):
+ *     10.0.0.0/8      → 10.x.x.x
+ *     172.16.0.0/12   → 172.16.x.x – 172.31.x.x
+ *     192.168.0.0/16  → 192.168.x.x
+ * - https://gitnexus.vercel.app — the deployed GitNexus web UI
+ *
+ * @param origin - The value of the HTTP `Origin` request header, or `undefined`
+ *                 when the header is absent (non-browser request).
+ * @returns `true` if the origin is allowed, `false` otherwise.
+ */
+export declare const isAllowedOrigin: (origin: string | undefined) => boolean;
 export declare const createServer: (port: number, host?: string) => Promise<void>;

package/dist/server/api.js

@@ -5,7 +5,7 @@
  * Also hosts the MCP server over StreamableHTTP for remote AI tool access.
  *
  * Security: binds to 127.0.0.1 by default (use --host to override).
- * CORS is restricted to localhost and the deployed site.
+ * CORS is restricted to localhost, private/LAN networks, and the deployed site.
  */
 import express from 'express';
 import cors from 'cors';
@@ -20,6 +20,69 @@ import { hybridSearch } from '../core/search/hybrid-search.js';
 // at server startup — crashes on unsupported Node ABI versions (#89)
 import { LocalBackend } from '../mcp/local/local-backend.js';
 import { mountMCPEndpoints } from './mcp-http.js';
+/**
+ * Determine whether an HTTP Origin header value is allowed by CORS policy.
+ *
+ * Permitted origins:
+ * - No origin (non-browser requests such as curl or server-to-server calls)
+ * - http://localhost:<port> — local development
+ * - http://127.0.0.1:<port> — loopback alias
+ * - RFC 1918 private/LAN networks (any port):
+ *     10.0.0.0/8      → 10.x.x.x
+ *     172.16.0.0/12   → 172.16.x.x – 172.31.x.x
+ *     192.168.0.0/16  → 192.168.x.x
+ * - https://gitnexus.vercel.app — the deployed GitNexus web UI
+ *
+ * @param origin - The value of the HTTP `Origin` request header, or `undefined`
+ *                 when the header is absent (non-browser request).
+ * @returns `true` if the origin is allowed, `false` otherwise.
+ */
+export const isAllowedOrigin = (origin) => {
+    if (origin === undefined) {
+        // Non-browser requests (curl, server-to-server) have no Origin header
+        return true;
+    }
+    if (origin.startsWith('http://localhost:')
+        || origin === 'http://localhost'
+        || origin.startsWith('http://127.0.0.1:')
+        || origin === 'http://127.0.0.1'
+        || origin.startsWith('http://[::1]:')
+        || origin === 'http://[::1]'
+        || origin === 'https://gitnexus.vercel.app') {
+        return true;
+    }
+    // RFC 1918 private network ranges — allow any port on these hosts.
+    // We parse the hostname out of the origin URL and check against each range.
+    let hostname;
+    let protocol;
+    try {
+        const parsed = new URL(origin);
+        hostname = parsed.hostname;
+        protocol = parsed.protocol;
+    }
+    catch {
+        // Malformed origin — reject
+        return false;
+    }
+    // Only allow HTTP(S) origins — reject ftp://, file://, etc.
+    if (protocol !== 'http:' && protocol !== 'https:')
+        return false;
+    const octets = hostname.split('.').map(Number);
+    if (octets.length !== 4 || octets.some(o => !Number.isInteger(o) || o < 0 || o > 255)) {
+        return false;
+    }
+    const [a, b] = octets;
+    // 10.0.0.0/8
+    if (a === 10)
+        return true;
+    // 172.16.0.0/12  →  172.16.x.x – 172.31.x.x
+    if (a === 172 && b >= 16 && b <= 31)
+        return true;
+    // 192.168.0.0/16
+    if (a === 192 && b === 168)
+        return true;
+    return false;
+};
 const buildGraph = async () => {
     const nodes = [];
     for (const table of NODE_TABLES) {
@@ -101,14 +164,11 @@ const requestedRepo = (req) => {
 };
 export const createServer = async (port, host = '127.0.0.1') => {
     const app = express();
-    // CORS: only allow localhost origins and the deployed site.
+    // CORS: allow localhost, private/LAN networks, and the deployed site.
     // Non-browser requests (curl, server-to-server) have no origin and are allowed.
     app.use(cors({
         origin: (origin, callback) => {
-            if (!origin
-                || origin.startsWith('http://localhost:')
-                || origin.startsWith('http://127.0.0.1:')
-                || origin === 'https://gitnexus.vercel.app') {
+            if (isAllowedOrigin(origin)) {
                 callback(null, true);
             }
             else {

package/dist/storage/git.d.ts

@@ -4,3 +4,15 @@ export declare const getCurrentCommit: (repoPath: string) => string;
  * Find the git repository root from any path inside the repo
  */
 export declare const getGitRoot: (fromPath: string) => string | null;
+/**
+ * Check whether a directory contains a .git entry (file or folder).
+ *
+ * This is intentionally a simple filesystem check rather than running
+ * `git rev-parse`, so it works even when git is not installed or when
+ * the directory is a git-worktree root (which has a .git file, not a
+ * directory).  Use `isGitRepo` for a definitive git answer.
+ *
+ * @param dirPath - Absolute path to the directory to inspect.
+ * @returns `true` when `.git` is present, `false` otherwise.
+ */
+export declare const hasGitDir: (dirPath: string) => boolean;

package/dist/storage/git.js

@@ -1,4 +1,5 @@
 import { execSync } from 'child_process';
+import { statSync } from 'fs';
 import path from 'path';
 // Git utilities for repository detection, commit tracking, and diff analysis
 export const isGitRepo = (repoPath) => {
@@ -33,3 +34,23 @@ export const getGitRoot = (fromPath) => {
         return null;
     }
 };
+/**
+ * Check whether a directory contains a .git entry (file or folder).
+ *
+ * This is intentionally a simple filesystem check rather than running
+ * `git rev-parse`, so it works even when git is not installed or when
+ * the directory is a git-worktree root (which has a .git file, not a
+ * directory).  Use `isGitRepo` for a definitive git answer.
+ *
+ * @param dirPath - Absolute path to the directory to inspect.
+ * @returns `true` when `.git` is present, `false` otherwise.
+ */
+export const hasGitDir = (dirPath) => {
+    try {
+        statSync(path.join(dirPath, '.git'));
+        return true;
+    }
+    catch {
+        return false;
+    }
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gitnexus",
-  "version": "1.4.7",
+  "version": "1.4.8",
   "description": "Graph-powered code intelligence for AI agents. Index any codebase, query via MCP or CLI.",
   "author": "Abhigyan Patwari",
   "license": "PolyForm-Noncommercial-1.0.0",
@@ -20,6 +20,7 @@
     "knowledge-graph",
     "cursor",
     "claude",
+    "codex",
     "ai-agent",
     "gitnexus",
     "static-analysis",
@@ -50,6 +51,7 @@
   },
   "dependencies": {
     "@huggingface/transformers": "^3.0.0",
+    "@ladybugdb/core": "^0.15.2",
     "@modelcontextprotocol/sdk": "^1.0.0",
     "cli-progress": "^3.12.0",
     "commander": "^12.0.0",
@@ -59,10 +61,10 @@
     "graphology": "^0.25.4",
     "graphology-indices": "^0.17.0",
     "graphology-utils": "^2.3.0",
-    "@ladybugdb/core": "^0.15.2",
     "ignore": "^7.0.5",
     "lru-cache": "^11.0.0",
     "mnemonist": "^0.39.0",
+    "onnxruntime-node": "^1.24.0",
     "pandemonium": "^2.4.0",
     "tree-sitter": "^0.21.0",
     "tree-sitter-c": "^0.21.0",
@@ -89,10 +91,16 @@
     "@types/node": "^20.0.0",
     "@types/uuid": "^10.0.0",
     "@vitest/coverage-v8": "^4.0.18",
+    "husky": "^9.1.7",
     "tsx": "^4.0.0",
     "typescript": "^5.4.5",
     "vitest": "^4.0.18"
   },
+  "overrides": {
+    "@huggingface/transformers": {
+      "onnxruntime-node": "$onnxruntime-node"
+    }
+  },
   "engines": {
     "node": ">=18.0.0"
   }