npm - gitnexus - Versions diffs - 1.6.3-rc.24 → 1.6.3-rc.26 - Mend

gitnexus 1.6.3-rc.24 → 1.6.3-rc.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/dist/cli/index.js +8 -0
package/dist/cli/tool.d.ts +5 -0
package/dist/cli/tool.js +42 -0
package/dist/core/group/extractors/http-patterns/php.js +126 -18
package/dist/core/search/bm25-index.d.ts +1 -0
package/dist/core/search/bm25-index.js +19 -9
package/dist/mcp/local/local-backend.js +16 -6
package/package.json +1 -1

package/dist/cli/index.js CHANGED Viewed

@@ -111,6 +111,14 @@ program
     .description('Execute raw Cypher query against the knowledge graph')
     .option('-r, --repo <name>', 'Target repository')
     .action(createLazyAction(() => import('./tool.js'), 'cypherCommand'));
+program
+    .command('detect-changes')
+    .alias('detect_changes')
+    .description('Map git diff hunks to indexed symbols and affected execution flows')
+    .option('-s, --scope <scope>', 'What to analyze: unstaged, staged, all, or compare', 'unstaged')
+    .option('-b, --base-ref <ref>', 'Branch/commit for compare scope (e.g. main)')
+    .option('-r, --repo <name>', 'Target repository')
+    .action(createLazyAction(() => import('./tool.js'), 'detectChangesCommand'));
 // ─── Eval Server (persistent daemon for SWE-bench) ─────────────────
 program
     .command('eval-server')

package/dist/cli/tool.d.ts CHANGED Viewed

@@ -36,3 +36,8 @@ export declare function impactCommand(target: string, options?: {
 export declare function cypherCommand(query: string, options?: {
     repo?: string;
 }): Promise<void>;
+export declare function detectChangesCommand(options?: {
+    scope?: string;
+    baseRef?: string;
+    repo?: string;
+}): Promise<void>;

package/dist/cli/tool.js CHANGED Viewed

@@ -124,3 +124,45 @@ export async function cypherCommand(query, options) {
     });
     output(result);
 }
+function formatDetectChangesResult(result) {
+    if (result?.error)
+        return `Error: ${result.error}`;
+    const summary = result?.summary || {};
+    if ((summary.changed_count || 0) === 0) {
+        return 'No changes detected.';
+    }
+    const lines = [];
+    lines.push(`Changes: ${summary.changed_files || 0} files, ${summary.changed_count || 0} symbols`);
+    lines.push(`Affected processes: ${summary.affected_count || 0}`);
+    lines.push(`Risk level: ${summary.risk_level || 'unknown'}`);
+    lines.push('');
+    const changed = result?.changed_symbols || [];
+    if (changed.length > 0) {
+        lines.push('Changed symbols:');
+        for (const symbol of changed.slice(0, 15)) {
+            lines.push(`  ${symbol.type} ${symbol.name} → ${symbol.filePath}`);
+        }
+        if (changed.length > 15) {
+            lines.push(`  ... and ${changed.length - 15} more`);
+        }
+        lines.push('');
+    }
+    const affected = result?.affected_processes || [];
+    if (affected.length > 0) {
+        lines.push('Affected execution flows:');
+        for (const processInfo of affected.slice(0, 10)) {
+            const steps = (processInfo.changed_steps || []).map((s) => s.symbol).join(', ');
+            lines.push(`  • ${processInfo.name} (${processInfo.step_count} steps) — changed: ${steps}`);
+        }
+    }
+    return lines.join('\n').trim();
+}
+export async function detectChangesCommand(options) {
+    const backend = await getBackend();
+    const result = await backend.callTool('detect_changes', {
+        scope: options?.scope || 'unstaged',
+        base_ref: options?.baseRef,
+        repo: options?.repo,
+    });
+    output(formatDetectChangesResult(result));
+}

package/dist/core/group/extractors/http-patterns/php.js CHANGED Viewed

@@ -1,27 +1,71 @@
 import PHP from 'tree-sitter-php';
 import { compilePatterns, runCompiledPatterns, unquoteLiteral, } from '../tree-sitter-scanner.js';
 /**
- * PHP HTTP plugin — Laravel `Route::get/post/...` declarations.
+ * PHP HTTP plugin.
+ *
+ * Providers:
+ *   - Laravel `Route::get/post/...`
+ *
+ * Consumers (string-literal URLs only):
+ *   - Laravel HTTP client: `Http::get/post/put/delete/patch($url)`
+ *   - Guzzle / generic object method: `$client->get/post/...($url)`
+ *   - `file_get_contents($url)`
  *
  * The pipeline already uses `PHP.php_only` for ingesting plain `.php`
  * files (see `core/tree-sitter/parser-loader.ts`), and we do the same
  * here so Laravel route files are parsed with the right grammar dialect.
+ *
+ * Scope notes: consumer patterns match string literals only. URLs built
+ * via binary concatenation (`$base . '/path'`), `sprintf`, or config
+ * lookup (`config('services.foo.base').'/path'`) are intentionally left
+ * for a follow-up — they require constant-folding the surrounding
+ * scope to be meaningful.
  */
-const LARAVEL_PATTERNS = compilePatterns({
-    name: 'php-laravel',
+const LARAVEL_ROUTE_SPEC = {
+    meta: {},
+    query: `
+    (scoped_call_expression
+      scope: (name) @scope (#eq? @scope "Route")
+      name: (name) @method (#match? @method "^(get|post|put|delete|patch)$")
+      arguments: (arguments . (argument (string) @path)))
+  `,
+};
+const HTTP_FACADE_SPEC = {
+    meta: {},
+    query: `
+    (scoped_call_expression
+      scope: (name) @scope (#eq? @scope "Http")
+      name: (name) @method (#match? @method "^(get|post|put|delete|patch)$")
+      arguments: (arguments . (argument (string) @path)))
+  `,
+};
+const GUZZLE_MEMBER_SPEC = {
+    meta: {},
+    query: `
+    (member_call_expression
+      name: (name) @method (#match? @method "^(get|post|put|delete|patch)$")
+      arguments: (arguments . (argument (string) @path)))
+  `,
+};
+const FILE_GET_CONTENTS_SPEC = {
+    meta: {},
+    query: `
+    (function_call_expression
+      function: (name) @fn (#eq? @fn "file_get_contents")
+      arguments: (arguments . (argument (string) @path)))
+  `,
+};
+const mk = (spec, suffix) => compilePatterns({
+    name: `php-${suffix}`,
     language: PHP.php_only,
-    patterns: [
-        {
-            meta: {},
-            query: `
-        (scoped_call_expression
-          scope: (name) @scope (#eq? @scope "Route")
-          name: (name) @method (#match? @method "^(get|post|put|delete|patch)$")
-          arguments: (arguments . (argument (string) @path)))
-      `,
-        },
-    ],
+    patterns: [spec],
 });
+const PHP_PATTERNS = {
+    laravelRoute: mk(LARAVEL_ROUTE_SPEC, 'laravel-route'),
+    httpFacade: mk(HTTP_FACADE_SPEC, 'http-facade'),
+    guzzleMember: mk(GUZZLE_MEMBER_SPEC, 'guzzle-member'),
+    fileGetContents: mk(FILE_GET_CONTENTS_SPEC, 'file-get-contents'),
+};
 /**
  * Extract the inner text of a PHP `string` node. The tree-sitter-php
  * grammar wraps single / double-quoted literals differently depending
@@ -30,12 +74,9 @@ const LARAVEL_PATTERNS = compilePatterns({
  * child nodes.
  */
 function phpStringText(node) {
-    // Most single-quoted strings expose their inner content through the
-    // full node text (including quotes), which unquoteLiteral strips.
     const direct = unquoteLiteral(node.text);
     if (direct !== null && direct !== node.text)
         return direct;
-    // Fall back to child string_content / string_value node if present.
     for (const child of node.children) {
         if (child.type === 'string_content' || child.type === 'string_value') {
             return child.text;
@@ -43,12 +84,29 @@ function phpStringText(node) {
     }
     return direct;
 }
+/**
+ * HTTP client helpers (`Http::`, Guzzle) are almost always called with
+ * a path relative to a configured base URL, or a full URL. File paths
+ * are rare. Accept both relative (`/api/...`) and absolute (`http(s)://`).
+ */
+function isHttpClientPath(path) {
+    return path.startsWith('/') || path.startsWith('http://') || path.startsWith('https://');
+}
+/**
+ * `file_get_contents` is used for both HTTP and filesystem reads. Only
+ * emit a consumer contract when the URL is an absolute HTTP(S) URL to
+ * avoid false positives for local file paths and stream wrappers
+ * (`php://input`, `file://`, `data:`, ...).
+ */
+function isHttpUrlLiteral(path) {
+    return path.startsWith('http://') || path.startsWith('https://');
+}
 export const PHP_HTTP_PLUGIN = {
     name: 'php-http',
     language: PHP.php_only,
     scan(tree) {
         const out = [];
-        for (const match of runCompiledPatterns(LARAVEL_PATTERNS, tree)) {
+        for (const match of runCompiledPatterns(PHP_PATTERNS.laravelRoute, tree)) {
             const methodNode = match.captures.method;
             const pathNode = match.captures.path;
             if (!methodNode || !pathNode)
@@ -65,6 +123,56 @@ export const PHP_HTTP_PLUGIN = {
                 confidence: 0.8,
             });
         }
+        for (const match of runCompiledPatterns(PHP_PATTERNS.httpFacade, tree)) {
+            const methodNode = match.captures.method;
+            const pathNode = match.captures.path;
+            if (!methodNode || !pathNode)
+                continue;
+            const path = phpStringText(pathNode);
+            if (path === null || !isHttpClientPath(path))
+                continue;
+            out.push({
+                role: 'consumer',
+                framework: 'laravel-http',
+                method: methodNode.text.toUpperCase(),
+                path,
+                name: null,
+                confidence: 0.7,
+            });
+        }
+        for (const match of runCompiledPatterns(PHP_PATTERNS.guzzleMember, tree)) {
+            const methodNode = match.captures.method;
+            const pathNode = match.captures.path;
+            if (!methodNode || !pathNode)
+                continue;
+            const path = phpStringText(pathNode);
+            if (path === null || !isHttpClientPath(path))
+                continue;
+            out.push({
+                role: 'consumer',
+                framework: 'guzzle',
+                method: methodNode.text.toUpperCase(),
+                path,
+                name: null,
+                confidence: 0.7,
+            });
+        }
+        for (const match of runCompiledPatterns(PHP_PATTERNS.fileGetContents, tree)) {
+            const pathNode = match.captures.path;
+            if (!pathNode)
+                continue;
+            const path = phpStringText(pathNode);
+            if (path === null || !isHttpUrlLiteral(path))
+                continue;
+            out.push({
+                role: 'consumer',
+                framework: 'file-get-contents',
+                method: 'GET',
+                path,
+                name: null,
+                confidence: 0.7,
+            });
+        }
         return out;
     },
 };

package/dist/core/search/bm25-index.d.ts CHANGED Viewed

@@ -14,6 +14,7 @@ export interface BM25SearchResult {
     filePath: string;
     score: number;
     rank: number;
+    nodeIds?: string[];
 }
 /**
  * Search using LadybugDB's built-in FTS (always fresh, reads from disk)

package/dist/core/search/bm25-index.js CHANGED Viewed

@@ -69,6 +69,7 @@ async function queryFTSViaExecutor(executor, tableName, indexName, query, limit)
             return {
                 filePath: node.filePath || '',
                 score: typeof score === 'number' ? score : parseFloat(score) || 0,
+                nodeId: node.nodeId || node.id || '',
             };
         });
     }
@@ -118,17 +119,13 @@ export const searchFTSFromLbug = async (query, limit = 20, repoId) => {
         methodResults = await queryFTS('Method', 'method_fts', query, limit, false).catch(() => []);
         interfaceResults = await queryFTS('Interface', 'interface_fts', query, limit, false).catch(() => []);
     }
-    // Merge results by filePath, summing scores for same file
-    const merged = new Map();
+    // Collect all node scores per filePath to track which nodes actually matched
+    const fileNodeScores = new Map();
     const addResults = (results) => {
         for (const r of results) {
-            const existing = merged.get(r.filePath);
-            if (existing) {
-                existing.score += r.score;
-            }
-            else {
-                merged.set(r.filePath, { filePath: r.filePath, score: r.score });
-            }
+            if (!fileNodeScores.has(r.filePath))
+                fileNodeScores.set(r.filePath, []);
+            fileNodeScores.get(r.filePath).push({ score: r.score, nodeId: r.nodeId });
         }
     };
     addResults(fileResults);
@@ -136,6 +133,18 @@ export const searchFTSFromLbug = async (query, limit = 20, repoId) => {
     addResults(classResults);
     addResults(methodResults);
     addResults(interfaceResults);
+    // Sum the top-3 highest-scoring nodes per file and collect their nodeIds.
+    // Summing all nodes naively inflates scores for files with many mediocre
+    // matches (e.g. test files) over files with a single highly-relevant symbol.
+    const merged = new Map();
+    for (const [filePath, entries] of fileNodeScores) {
+        const top3 = [...entries].sort((a, b) => b.score - a.score).slice(0, 3);
+        merged.set(filePath, {
+            filePath,
+            score: top3.reduce((acc, e) => acc + e.score, 0),
+            nodeIds: top3.map((e) => e.nodeId).filter((id) => id),
+        });
+    }
     // Sort by score descending and add rank
     const sorted = Array.from(merged.values())
         .sort((a, b) => b.score - a.score)
@@ -144,5 +153,6 @@ export const searchFTSFromLbug = async (query, limit = 20, repoId) => {
         filePath: r.filePath,
         score: r.score,
         rank: index + 1,
+        nodeIds: r.nodeIds,
     }));
 };

package/dist/mcp/local/local-backend.js CHANGED Viewed

@@ -707,12 +707,22 @@ export class LocalBackend {
         for (const bm25Result of bm25Results) {
             const fullPath = bm25Result.filePath;
             try {
-                const symbols = await executeParameterized(repo.id, `
-          MATCH (n)
-          WHERE n.filePath = $filePath
-          RETURN n.id AS id, n.name AS name, labels(n)[0] AS type, n.filePath AS filePath, n.startLine AS startLine, n.endLine AS endLine
-          LIMIT 3
-        `, { filePath: fullPath });
+                // Prefer direct nodeId lookup (exact FTS-matched nodes) over filePath fallback.
+                // Without this, LIMIT 3 on filePath returns arbitrary symbols rather than
+                // the nodes that actually scored highest in the BM25 index.
+                const nodeIds = bm25Result.nodeIds?.length ? bm25Result.nodeIds : null;
+                const symbols = nodeIds
+                    ? await executeParameterized(repo.id, `
+              MATCH (n)
+              WHERE n.id IN $nodeIds
+              RETURN n.id AS id, n.name AS name, labels(n)[0] AS type, n.filePath AS filePath, n.startLine AS startLine, n.endLine AS endLine
+            `, { nodeIds })
+                    : await executeParameterized(repo.id, `
+              MATCH (n)
+              WHERE n.filePath = $filePath
+              RETURN n.id AS id, n.name AS name, labels(n)[0] AS type, n.filePath AS filePath, n.startLine AS startLine, n.endLine AS endLine
+              LIMIT 3
+            `, { filePath: fullPath });
                 if (symbols.length > 0) {
                     for (const sym of symbols) {
                         results.push({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "gitnexus",
-  "version": "1.6.3-rc.24",
+  "version": "1.6.3-rc.26",
   "description": "Graph-powered code intelligence for AI agents. Index any codebase, query via MCP or CLI.",
   "author": "Abhigyan Patwari",
   "license": "PolyForm-Noncommercial-1.0.0",