gitnexus 1.6.10-rc.6 → 1.6.10-rc.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -27,7 +27,7 @@ import { cliError } from './cli-message.js';
27
27
  import { EMBEDDING_DIMS_ERROR, normalizeEmbeddingDims } from './embedding-dims.js';
28
28
  import { formatElapsed } from './format-elapsed.js';
29
29
  import { isHfDownloadFailure } from '../core/embeddings/hf-env.js';
30
- import { isHttpMode, safeUrl } from '../core/embeddings/http-client.js';
30
+ import { isHttpEmbeddingDimsError, isHttpEmbeddingError, isHttpMode, safeUrl, } from '../core/embeddings/http-client.js';
31
31
  import { isLocalEmbeddingRuntimeBlockerMessage, isMissingLocalEmbeddingStackMessage, localEmbeddingPrefixUnloadableMessage, localEmbeddingStackMissingMessage, } from '../core/embeddings/runtime-support.js';
32
32
  import { ANALYZE_EMBEDDING_INSTALL_TIMEOUT_MS, getEmbeddingInstallTimeoutMs, getEmbeddingRuntimeDir, installEmbeddingRuntime, isPrefixRuntimeLoadable, resolveEmbeddingRuntime, } from '../core/embeddings/runtime-install.js';
33
33
  import { warnIfNpm11NpxRisk } from './resolve-invocation.js';
@@ -1262,10 +1262,54 @@ const analyzeCommandImpl = async (inputPath, cliOptions) => {
1262
1262
  process.exitCode = 1;
1263
1263
  return;
1264
1264
  }
1265
+ // Malformed GITNEXUS_EMBEDDING_DIMS env var (#2385). readConfig() throws a
1266
+ // plain Error (a config mistake, not an endpoint failure), surfacing here from
1267
+ // httpEmbed()->readConfig() inside the analysis run. Show a clean config
1268
+ // message rather than a raw stack dump. The --embedding-dims CLI flag is
1269
+ // validated up front (EMBEDDING_DIMS_ERROR); this covers the env-var path.
1270
+ // Checked before the endpoint/HF branches: it is a plain Error, so
1271
+ // isHttpEmbeddingError() is false and the HF network heuristic must not claim it.
1272
+ if (isHttpEmbeddingDimsError(msg)) {
1273
+ cliError(` ${msg.replace(/\n/g, '\n ')}\n`, {
1274
+ recoveryHint: 'embedding-dims-invalid',
1275
+ });
1276
+ process.exitCode = 1;
1277
+ return;
1278
+ }
1279
+ // Custom HTTP embedding endpoint failure (#2385). When a `--embedding-base-url`
1280
+ // is configured, HTTP mode never downloads a model — so a failure talking to
1281
+ // that endpoint must NOT show the huggingface-download guidance. Keyed on the
1282
+ // error *type* (HttpEmbeddingError), not its message text, so it stays correct
1283
+ // regardless of locale or wording. Checked before the HF branch, whose network
1284
+ // heuristic (`fetch failed` / `ECONNREFUSED`) would otherwise also match a
1285
+ // wrapped endpoint-connection error. The header is deliberately neutral: this
1286
+ // type covers both never-reached failures (connection/timeout/DNS) and
1287
+ // reached-but-failed ones (4xx/5xx, dimension/shape mismatch), so it must not
1288
+ // assert "unreachable". The thrown `msg` carries the specific reason (and the
1289
+ // masked URL where one applies), so it is surfaced verbatim.
1290
+ if (isHttpEmbeddingError(err)) {
1291
+ cliError(` The custom embedding endpoint request failed.\n` +
1292
+ ` ${msg.replace(/\n/g, '\n ')}\n` +
1293
+ ` Suggestions:\n` +
1294
+ ` 1. Verify the endpoint URL is reachable and running ` +
1295
+ `(--embedding-base-url / GITNEXUS_EMBEDDING_URL: host, port, /v1 path).\n` +
1296
+ ` 2. Confirm the model name and embedding dimensions match what the endpoint serves.\n` +
1297
+ ` 3. Re-run without --embeddings to index without vectors.\n`, { recoveryHint: 'http-embedding-endpoint-error' });
1298
+ process.exitCode = 1;
1299
+ return;
1300
+ }
1301
+ // isHttpMode() is a pure presence probe (URL+MODEL) that never throws — a
1302
+ // malformed GITNEXUS_EMBEDDING_DIMS is handled by the dims branch above — so
1303
+ // no defensive try/catch is needed here (#2385).
1304
+ const inHttpMode = isHttpMode();
1265
1305
  // HF download failure — show clean guidance without the raw stack trace.
1266
1306
  // Checked before writeFatalToStderr so the user sees one focused message
1267
1307
  // rather than a stack-trace dump followed by a second remediation block.
1268
- if (isHfDownloadFailure(msg) || msg.includes('Failed to download embedding model')) {
1308
+ // Gated on !inHttpMode: with a custom endpoint configured no model download
1309
+ // is ever attempted, so a network error there is the endpoint's, handled by
1310
+ // the HttpEmbeddingError branch above — never HF's (#2385).
1311
+ if ((isHfDownloadFailure(msg) || msg.includes('Failed to download embedding model')) &&
1312
+ !inHttpMode) {
1269
1313
  cliError(` The embedding model could not be downloaded.\n` +
1270
1314
  ` huggingface.co may be unreachable from your network\n` +
1271
1315
  ` (e.g. behind a corporate proxy or a regional firewall).\n` +
@@ -12,7 +12,7 @@ import { type CliMessageKey, type CliMessageVars } from './i18n/index.js';
12
12
  * Consumers can import this type to narrow log-record `recoveryHint`
13
13
  * fields without restating the literal list.
14
14
  */
15
- export type RecoveryHint = 'wal-corruption' | 'wal-checkpoint-threshold' | 'heap-oom-respawn' | 'native-worker-abort' | 'hf-endpoint-unreachable' | 'local-embedding-unsupported' | 'local-embedding-stack-missing' | 'large-repo' | 'npm-resolution' | 'module-not-found' | 'gitnexusrc-invalid' | 'default-branch-invalid';
15
+ export type RecoveryHint = 'wal-corruption' | 'wal-checkpoint-threshold' | 'heap-oom-respawn' | 'native-worker-abort' | 'hf-endpoint-unreachable' | 'http-embedding-endpoint-error' | 'embedding-dims-invalid' | 'local-embedding-unsupported' | 'local-embedding-stack-missing' | 'large-repo' | 'npm-resolution' | 'module-not-found' | 'gitnexusrc-invalid' | 'default-branch-invalid';
16
16
  /**
17
17
  * Common shape for the optional structured-field bag passed to
18
18
  * `cliError`/`cliWarn`/`cliInfo`. Typed so the `recoveryHint` slot is
@@ -11,7 +11,13 @@
11
11
  * via `AbortSignal.timeout` on the underlying fetch.
12
12
  */
13
13
  /**
14
- * Check whether HTTP embedding mode is active (env vars are set).
14
+ * Whether HTTP embedding mode is active i.e. both `GITNEXUS_EMBEDDING_URL` and
15
+ * `GITNEXUS_EMBEDDING_MODEL` are set. A pure presence probe: it deliberately does
16
+ * NOT call {@link readConfig}, so it never throws on a malformed
17
+ * `GITNEXUS_EMBEDDING_DIMS`. This lets its ~13 call sites (analyze, doctor,
18
+ * run-analyze, embedder, mcp) probe the mode without a defensive try/catch; the
19
+ * DIMS value is validated where it is actually used (`readConfig` in
20
+ * `httpEmbed`/`httpEmbedQuery`), surfacing a recognizable config error. See #2385.
15
21
  */
16
22
  export declare const isHttpMode: () => boolean;
17
23
  /**
@@ -26,6 +32,27 @@ export declare const getHttpDimensions: () => number | undefined;
26
32
  * custom-endpoint confirmation can mask the same way.
27
33
  */
28
34
  export declare const safeUrl: (url: string) => string;
35
+ /**
36
+ * Error thrown by this module's HTTP embedding path (`httpEmbedBatch` /
37
+ * `httpEmbed` / `httpEmbedQuery`) for any endpoint failure — a
38
+ * connection/timeout/DNS error, an open circuit, a non-OK status, an
39
+ * unparseable or wrong-shape response body, an empty response, or a dimension
40
+ * mismatch.
41
+ *
42
+ * Carrying a distinct type (rather than a plain `Error`) lets the CLI tell a
43
+ * *custom endpoint* failure apart from a HuggingFace *model download* failure
44
+ * without matching message text: the two share the same underlying network
45
+ * substrings (`fetch failed`, `ECONNREFUSED`, …), which is exactly why
46
+ * `isNetworkFetchError` in `hf-env.ts` cannot tell them apart. Keying on the
47
+ * type instead of the message is also locale-proof and survives message
48
+ * rewording. The human-readable `.message` (built with `safeUrl` and the
49
+ * underlying reason) is what the CLI surfaces to the user. See #2385.
50
+ */
51
+ export declare class HttpEmbeddingError extends Error {
52
+ constructor(message: string, options?: {
53
+ cause?: unknown;
54
+ });
55
+ }
29
56
  /**
30
57
  * Embed texts via the HTTP backend, splitting into batches.
31
58
  * Reads config from env vars on every call.
@@ -17,10 +17,26 @@ const HTTP_RETRY_BACKOFF_MS = 1_000;
17
17
  const HTTP_BATCH_SIZE = 64;
18
18
  const DEFAULT_DIMS = 384;
19
19
  const HTTP_BREAKER_KEY = 'embeddings-http';
20
+ /**
21
+ * Stable lead of the {@link readConfig} malformed-`GITNEXUS_EMBEDDING_DIMS`
22
+ * error. `readConfig` throws a plain `Error` (not an {@link HttpEmbeddingError})
23
+ * because this is a *config* mistake, not an endpoint failure — so the CLI
24
+ * recognizes it by this lead ({@link isHttpEmbeddingDimsError}) and prints a
25
+ * clean config message instead of a raw stack dump. See #2385.
26
+ */
27
+ const EMBEDDING_DIMS_ENV_ERROR_LEAD = 'GITNEXUS_EMBEDDING_DIMS must be a positive integer';
28
+ /**
29
+ * @internal Exported for the CLI analyze error handler. True when `message` is
30
+ * the {@link readConfig} malformed-DIMS config error (a plain `Error`).
31
+ */
32
+ export const isHttpEmbeddingDimsError = (message) => message.includes(EMBEDDING_DIMS_ENV_ERROR_LEAD);
20
33
  /**
21
34
  * Build config from the current process.env snapshot.
22
35
  * Returns null when GITNEXUS_EMBEDDING_URL + GITNEXUS_EMBEDDING_MODEL are unset.
23
36
  * Not cached — env vars are read fresh so late configuration takes effect.
37
+ * Validates GITNEXUS_EMBEDDING_DIMS and throws on a malformed value; callers
38
+ * that only need to know whether HTTP mode is *configured* must use
39
+ * {@link isHttpMode} (a presence probe that never throws), not this.
24
40
  */
25
41
  const readConfig = () => {
26
42
  const baseUrl = process.env.GITNEXUS_EMBEDDING_URL;
@@ -31,11 +47,11 @@ const readConfig = () => {
31
47
  let dimensions;
32
48
  if (rawDims !== undefined) {
33
49
  if (!/^\d+$/.test(rawDims)) {
34
- throw new Error(`GITNEXUS_EMBEDDING_DIMS must be a positive integer, got "${rawDims}"`);
50
+ throw new Error(`${EMBEDDING_DIMS_ENV_ERROR_LEAD}, got "${rawDims}"`);
35
51
  }
36
52
  const parsed = parseInt(rawDims, 10);
37
53
  if (parsed <= 0) {
38
- throw new Error(`GITNEXUS_EMBEDDING_DIMS must be a positive integer, got "${rawDims}"`);
54
+ throw new Error(`${EMBEDDING_DIMS_ENV_ERROR_LEAD}, got "${rawDims}"`);
39
55
  }
40
56
  dimensions = parsed;
41
57
  }
@@ -47,9 +63,15 @@ const readConfig = () => {
47
63
  };
48
64
  };
49
65
  /**
50
- * Check whether HTTP embedding mode is active (env vars are set).
66
+ * Whether HTTP embedding mode is active i.e. both `GITNEXUS_EMBEDDING_URL` and
67
+ * `GITNEXUS_EMBEDDING_MODEL` are set. A pure presence probe: it deliberately does
68
+ * NOT call {@link readConfig}, so it never throws on a malformed
69
+ * `GITNEXUS_EMBEDDING_DIMS`. This lets its ~13 call sites (analyze, doctor,
70
+ * run-analyze, embedder, mcp) probe the mode without a defensive try/catch; the
71
+ * DIMS value is validated where it is actually used (`readConfig` in
72
+ * `httpEmbed`/`httpEmbedQuery`), surfacing a recognizable config error. See #2385.
51
73
  */
52
- export const isHttpMode = () => readConfig() !== null;
74
+ export const isHttpMode = () => Boolean(process.env.GITNEXUS_EMBEDDING_URL && process.env.GITNEXUS_EMBEDDING_MODEL);
53
75
  /**
54
76
  * Return the configured embedding dimensions for HTTP mode, or undefined
55
77
  * if HTTP mode is not active or no explicit dimensions are set.
@@ -70,6 +92,63 @@ export const safeUrl = (url) => {
70
92
  return '<invalid-url>';
71
93
  }
72
94
  };
95
+ /**
96
+ * Strip credentials from an underlying transport error message before it is
97
+ * surfaced. A credential-bearing endpoint URL (`https://user:secret@host/v1`)
98
+ * makes undici throw `TypeError: Request cannot be constructed from a URL that
99
+ * includes credentials: <that full URL>`; interpolating `err.message` verbatim
100
+ * would re-leak the secret to stderr + logs even though the URL argument is
101
+ * already masked with {@link safeUrl}. First swap the exact configured `url` for
102
+ * its masked form, then strip any residual `scheme://userinfo@` the transport may
103
+ * have echoed in a normalized (non-exact) form. See #2385.
104
+ */
105
+ const sanitizeReason = (reason, url) => reason
106
+ .split(url)
107
+ .join(safeUrl(url))
108
+ .replace(/([a-z][a-z0-9+.-]*:\/\/)[^/@\s]*@/gi, '$1');
109
+ /**
110
+ * Error thrown by this module's HTTP embedding path (`httpEmbedBatch` /
111
+ * `httpEmbed` / `httpEmbedQuery`) for any endpoint failure — a
112
+ * connection/timeout/DNS error, an open circuit, a non-OK status, an
113
+ * unparseable or wrong-shape response body, an empty response, or a dimension
114
+ * mismatch.
115
+ *
116
+ * Carrying a distinct type (rather than a plain `Error`) lets the CLI tell a
117
+ * *custom endpoint* failure apart from a HuggingFace *model download* failure
118
+ * without matching message text: the two share the same underlying network
119
+ * substrings (`fetch failed`, `ECONNREFUSED`, …), which is exactly why
120
+ * `isNetworkFetchError` in `hf-env.ts` cannot tell them apart. Keying on the
121
+ * type instead of the message is also locale-proof and survives message
122
+ * rewording. The human-readable `.message` (built with `safeUrl` and the
123
+ * underlying reason) is what the CLI surfaces to the user. See #2385.
124
+ */
125
+ export class HttpEmbeddingError extends Error {
126
+ constructor(message, options) {
127
+ super(message, options?.cause !== undefined ? { cause: options.cause } : undefined);
128
+ this.name = 'HttpEmbeddingError';
129
+ }
130
+ }
131
+ /**
132
+ * @internal Exported for the CLI analyze error handler and unit tests.
133
+ *
134
+ * Type-guard for {@link HttpEmbeddingError}. The `name` fallback keeps the
135
+ * check working across module-realm boundaries where `instanceof` can fail
136
+ * (two loaded copies of the class) — mirroring the codebase's existing
137
+ * `err.name === 'TimeoutError'` idiom. Matches on the stable class
138
+ * discriminator, never on the human-readable (potentially localized) message.
139
+ */
140
+ export const isHttpEmbeddingError = (err) => err instanceof HttpEmbeddingError || (err instanceof Error && err.name === 'HttpEmbeddingError');
141
+ /**
142
+ * Runtime guard for a single response item. The `Array.isArray(data.data)` shape
143
+ * check only validates the outer array — a 200 body like `{"data":[null]}` passes
144
+ * it, then crashes at `new Float32Array(item.embedding)` (`httpEmbed`) or
145
+ * `items[0].embedding` (`httpEmbedQuery`) with a raw `TypeError` that escapes the
146
+ * typed boundary, landing on the CLI's generic stack-dump path — the exact class
147
+ * #2385 closes. Validate each item so every wrong-shape body stays classifiable.
148
+ */
149
+ const isEmbeddingItem = (item) => typeof item === 'object' &&
150
+ item !== null &&
151
+ Array.isArray(item.embedding);
73
152
  /**
74
153
  * Send a single batch of texts to the embedding endpoint with retry.
75
154
  *
@@ -111,23 +190,36 @@ const httpEmbedBatch = async (url, batch, model, apiKey, batchIndex = 0, dimensi
111
190
  }
112
191
  catch (err) {
113
192
  if (err instanceof CircuitOpenError) {
114
- throw new Error(`Embedding endpoint circuit open (${safeUrl(url)}, batch ${batchIndex}): retry in ${Math.ceil(err.retryAfterMs / 1000)}s`);
193
+ throw new HttpEmbeddingError(`Embedding endpoint circuit open (${safeUrl(url)}, batch ${batchIndex}): retry in ${Math.ceil(err.retryAfterMs / 1000)}s`, { cause: err });
115
194
  }
116
195
  if (err instanceof DOMException && err.name === 'TimeoutError') {
117
- throw new Error(`Embedding request timed out after ${HTTP_TIMEOUT_MS}ms (${safeUrl(url)}, batch ${batchIndex})`);
196
+ throw new HttpEmbeddingError(`Embedding request timed out after ${HTTP_TIMEOUT_MS}ms (${safeUrl(url)}, batch ${batchIndex})`, { cause: err });
118
197
  }
119
198
  if (err instanceof ResilientFetchExhaustedError) {
120
- throw new Error(`Embedding endpoint returned ${err.response.status} (${safeUrl(url)}, batch ${batchIndex})`);
199
+ throw new HttpEmbeddingError(`Embedding endpoint returned ${err.response.status} (${safeUrl(url)}, batch ${batchIndex})`, { cause: err });
121
200
  }
122
- const reason = err instanceof Error ? err.message : String(err);
123
- throw new Error(`Embedding request failed (${safeUrl(url)}, batch ${batchIndex}): ${reason}`);
201
+ const reason = sanitizeReason(err instanceof Error ? err.message : String(err), url);
202
+ throw new HttpEmbeddingError(`Embedding request failed (${safeUrl(url)}, batch ${batchIndex}): ${reason}`, { cause: err });
124
203
  }
125
204
  if (!resp.ok) {
126
205
  // resilientFetch already retried 5xx/429; any non-OK response here is
127
206
  // a terminal client error (4xx other than 429).
128
- throw new Error(`Embedding endpoint returned ${resp.status} (${safeUrl(url)}, batch ${batchIndex})`);
207
+ throw new HttpEmbeddingError(`Embedding endpoint returned ${resp.status} (${safeUrl(url)}, batch ${batchIndex})`);
208
+ }
209
+ // A reachable-but-wrong endpoint (e.g. a captive portal or a non-embeddings
210
+ // service) can answer 200 with an HTML/truncated body. Parse inside the
211
+ // typed-error boundary so that lands as an endpoint failure the CLI can
212
+ // classify, not a raw SyntaxError/TypeError on the generic stack-dump path.
213
+ let data;
214
+ try {
215
+ data = (await resp.json());
216
+ }
217
+ catch (err) {
218
+ throw new HttpEmbeddingError(`Embedding endpoint returned an unparseable response (${safeUrl(url)}, batch ${batchIndex})`, { cause: err });
219
+ }
220
+ if (!Array.isArray(data?.data) || !data.data.every(isEmbeddingItem)) {
221
+ throw new HttpEmbeddingError(`Embedding endpoint returned an unexpected response shape (${safeUrl(url)}, batch ${batchIndex})`);
129
222
  }
130
- const data = (await resp.json());
131
223
  return data.data;
132
224
  };
133
225
  /**
@@ -150,7 +242,7 @@ export const httpEmbed = async (texts) => {
150
242
  const batchIndex = Math.floor(i / HTTP_BATCH_SIZE);
151
243
  const items = await httpEmbedBatch(url, batch, config.model, config.apiKey, batchIndex, config.dimensions);
152
244
  if (items.length !== batch.length) {
153
- throw new Error(`Embedding endpoint returned ${items.length} vectors for ${batch.length} texts ` +
245
+ throw new HttpEmbeddingError(`Embedding endpoint returned ${items.length} vectors for ${batch.length} texts ` +
154
246
  `(${safeUrl(url)}, batch ${batchIndex})`);
155
247
  }
156
248
  for (const item of items) {
@@ -162,7 +254,7 @@ export const httpEmbed = async (texts) => {
162
254
  const hint = config.dimensions
163
255
  ? 'Update GITNEXUS_EMBEDDING_DIMS to match your model output.'
164
256
  : `Set GITNEXUS_EMBEDDING_DIMS=${vec.length} to match your model output.`;
165
- throw new Error(`Embedding dimension mismatch: endpoint returned ${vec.length}d vector, ` +
257
+ throw new HttpEmbeddingError(`Embedding dimension mismatch: endpoint returned ${vec.length}d vector, ` +
166
258
  `but expected ${expected}d. ${hint}`);
167
259
  }
168
260
  allVectors.push(vec);
@@ -184,7 +276,7 @@ export const httpEmbedQuery = async (text) => {
184
276
  const url = `${config.baseUrl}/embeddings`;
185
277
  const items = await httpEmbedBatch(url, [text], config.model, config.apiKey, 0, config.dimensions);
186
278
  if (!items.length) {
187
- throw new Error(`Embedding endpoint returned empty response (${safeUrl(url)})`);
279
+ throw new HttpEmbeddingError(`Embedding endpoint returned empty response (${safeUrl(url)})`);
188
280
  }
189
281
  const embedding = items[0].embedding;
190
282
  // Same dimension checks as httpEmbed — catch mismatches before they
@@ -194,7 +286,7 @@ export const httpEmbedQuery = async (text) => {
194
286
  const hint = config.dimensions
195
287
  ? 'Update GITNEXUS_EMBEDDING_DIMS to match your model output.'
196
288
  : `Set GITNEXUS_EMBEDDING_DIMS=${embedding.length} to match your model output.`;
197
- throw new Error(`Embedding dimension mismatch: endpoint returned ${embedding.length}d vector, ` +
289
+ throw new HttpEmbeddingError(`Embedding dimension mismatch: endpoint returned ${embedding.length}d vector, ` +
198
290
  `but expected ${expected}d. ${hint}`);
199
291
  }
200
292
  return embedding;