gitnexus 1.6.4-rc.73 → 1.6.4-rc.75

package/dist/cli/analyze.d.ts

@@ -9,7 +9,14 @@
  */
 export interface AnalyzeOptions {
     force?: boolean;
-    embeddings?: boolean;
+    /**
+     * Embedding generation toggle. Commander parses `--embeddings [limit]` as:
+     *   - `undefined` when the flag is omitted
+     *   - `true` when passed without an argument (use default 50K node cap)
+     *   - a string when passed with an argument (`--embeddings 0` disables the
+     *     cap, `--embeddings <n>` uses `<n>` as the cap)
+     */
+    embeddings?: boolean | string;
     /**
      * Explicitly drop existing embeddings on rebuild instead of preserving
      * them. Without this flag, a routine `analyze` keeps any embeddings

package/dist/cli/analyze.js

@@ -104,6 +104,22 @@ export const analyzeCommand = async (inputPath, options) => {
         }
         process.env.GITNEXUS_WORKER_SUB_BATCH_TIMEOUT_MS = String(Math.round(workerTimeoutSeconds * 1000));
     }
+    // Parse `--embeddings [limit]`: `true` → default cap, string → numeric cap
+    // (0 disables the cap entirely). Validated up here so failures match the
+    // sibling-validation pattern (exit before bar.start() — otherwise
+    // process.exit() leaves the progress bar's hidden cursor uncleared).
+    let embeddingsNodeLimit;
+    if (typeof options?.embeddings === 'string') {
+        const parsed = Number(options.embeddings);
+        if (!Number.isInteger(parsed) || parsed < 0) {
+            console.error(`  --embeddings expects a non-negative integer (got "${options.embeddings}"). ` +
+                `Pass 0 to disable the safety cap, or omit the value to keep the default.\n`);
+            process.exitCode = 1;
+            return;
+        }
+        embeddingsNodeLimit = parsed;
+    }
+    const embeddingsEnabled = !!options?.embeddings;
     const setPositiveEnv = (optionName, envName, value) => {
         if (value === undefined)
             return true;
@@ -231,7 +247,8 @@ export const analyzeCommand = async (inputPath, options) => {
             // needs a fresh pipelineResult. Has no bearing on the registry
             // collision guard (see allowDuplicateName below).
             force: options?.force || options?.skills,
-            embeddings: options?.embeddings,
+            embeddings: embeddingsEnabled,
+            embeddingsNodeLimit,
             dropEmbeddings: options?.dropEmbeddings,
             skipGit: options?.skipGit,
             skipAgentsMd: options?.skipAgentsMd,

package/dist/cli/index.js

@@ -17,7 +17,8 @@ program
     .command('analyze [path]')
     .description('Index a repository (full analysis)')
     .option('-f, --force', 'Force full re-index even if up to date')
-    .option('--embeddings', 'Enable embedding generation for semantic search (off by default)')
+    .option('--embeddings [limit]', 'Enable embedding generation for semantic search (off by default). ' +
+    'Optional [limit] overrides the 50,000-node safety cap; pass 0 to disable the cap entirely.')
     .option('--drop-embeddings', 'Drop existing embeddings on rebuild. By default, an `analyze` without `--embeddings` ' +
     'preserves any embeddings already present in the index.')
     .option('--skills', 'Generate repo-specific skill files from detected communities')

package/dist/core/embedding-mode.d.ts

@@ -27,4 +27,25 @@ export interface EmbeddingMode {
     /** True when we need to load cached embeddings from the existing DB before the rebuild. */
     shouldLoadCache: boolean;
 }
+/** Default safety cap on graph node count for embedding generation. */
+export declare const DEFAULT_EMBEDDING_NODE_LIMIT = 50000;
+export interface EmbeddingCapDecision {
+    /** True when the node-count cap blocks generation for this graph. */
+    skipForCap: boolean;
+    /** True when the user explicitly disabled the cap (`--embeddings 0`). */
+    capDisabled: boolean;
+    /** Effective node limit applied (`0` means disabled). */
+    nodeLimit: number;
+}
+/**
+ * Decide whether the node-count safety cap blocks embedding generation.
+ *
+ * - `embeddingsNodeLimit === undefined` → use {@link DEFAULT_EMBEDDING_NODE_LIMIT}
+ * - `embeddingsNodeLimit === 0` → cap disabled, generation always proceeds
+ * - any positive integer → custom cap (skip if `nodeCount > limit`)
+ *
+ * Lives in `embedding-mode.ts` (not `run-analyze.ts`) so the branching
+ * contract is unit-testable without spinning up LadybugDB or the pipeline.
+ */
+export declare function deriveEmbeddingCap(nodeCount: number, embeddingsNodeLimit: number | undefined): EmbeddingCapDecision;
 export declare function deriveEmbeddingMode(options: EmbeddingModeInput, existingEmbeddingCount: number): EmbeddingMode;

package/dist/core/embedding-mode.js

@@ -12,6 +12,24 @@
  *   (default) + existing>0    -> preserve only (load + restore, no generation)
  *   any path with existing=0  -> no cache work, no preservation
  */
+/** Default safety cap on graph node count for embedding generation. */
+export const DEFAULT_EMBEDDING_NODE_LIMIT = 50_000;
+/**
+ * Decide whether the node-count safety cap blocks embedding generation.
+ *
+ * - `embeddingsNodeLimit === undefined` → use {@link DEFAULT_EMBEDDING_NODE_LIMIT}
+ * - `embeddingsNodeLimit === 0` → cap disabled, generation always proceeds
+ * - any positive integer → custom cap (skip if `nodeCount > limit`)
+ *
+ * Lives in `embedding-mode.ts` (not `run-analyze.ts`) so the branching
+ * contract is unit-testable without spinning up LadybugDB or the pipeline.
+ */
+export function deriveEmbeddingCap(nodeCount, embeddingsNodeLimit) {
+    const nodeLimit = embeddingsNodeLimit ?? DEFAULT_EMBEDDING_NODE_LIMIT;
+    const capDisabled = nodeLimit === 0;
+    const skipForCap = !capDisabled && nodeCount > nodeLimit;
+    return { skipForCap, capDisabled, nodeLimit };
+}
 export function deriveEmbeddingMode(options, existingEmbeddingCount) {
     const hasExisting = existingEmbeddingCount > 0;
     const drop = !!options.dropEmbeddings;

package/dist/core/run-analyze.d.ts

@@ -21,6 +21,13 @@ export interface AnalyzeOptions {
      */
     force?: boolean;
     embeddings?: boolean;
+    /**
+     * Override the auto-skip node-count cap for embedding generation.
+     * `undefined` (default) keeps the built-in 50,000-node safety limit;
+     * `0` disables the cap entirely; any positive integer sets a custom cap.
+     * Mapped from the CLI's `--embeddings [limit]` argument.
+     */
+    embeddingsNodeLimit?: number;
     /**
      * Explicitly drop any embeddings present in the existing index instead of
      * preserving them. Only meaningful when `embeddings` is false/undefined:
@@ -66,7 +73,7 @@ export interface AnalyzeResult {
     /** The raw pipeline result — only populated when needed by callers (e.g. skill generation). */
     pipelineResult?: any;
 }
-export { deriveEmbeddingMode } from './embedding-mode.js';
+export { deriveEmbeddingMode, DEFAULT_EMBEDDING_NODE_LIMIT } from './embedding-mode.js';
 export type { EmbeddingMode } from './embedding-mode.js';
 export declare const PHASE_LABELS: Record<string, string>;
 /**

package/dist/core/run-analyze.js

@@ -18,12 +18,10 @@ import { getCurrentCommit, getRemoteUrl, hasGitDir, getInferredRepoName, resolve
 import { generateAIContextFiles } from '../cli/ai-context.js';
 import { EMBEDDING_TABLE_NAME } from './lbug/schema.js';
 import { STALE_HASH_SENTINEL } from './lbug/schema.js';
-/** Threshold: auto-skip embeddings for repos with more nodes than this */
-const EMBEDDING_NODE_LIMIT = 50_000;
 // Re-export the pure flag-derivation helper so external callers (and tests)
 // keep importing from this module's stable surface.
-export { deriveEmbeddingMode } from './embedding-mode.js';
-import { deriveEmbeddingMode as _deriveEmbeddingMode } from './embedding-mode.js';
+export { deriveEmbeddingMode, DEFAULT_EMBEDDING_NODE_LIMIT } from './embedding-mode.js';
+import { deriveEmbeddingMode as _deriveEmbeddingMode, deriveEmbeddingCap, DEFAULT_EMBEDDING_NODE_LIMIT, } from './embedding-mode.js';
 export const PHASE_LABELS = {
     extracting: 'Scanning files',
     structure: 'Building structure',
@@ -206,8 +204,21 @@ export async function runFullAnalysis(repoPath, options, callbacks) {
         let embeddingSkipped = true;
         let semanticMode;
         if (shouldGenerateEmbeddings) {
-            if (stats.nodes <= EMBEDDING_NODE_LIMIT) {
+            const { skipForCap, capDisabled, nodeLimit } = deriveEmbeddingCap(stats.nodes, options.embeddingsNodeLimit);
+            if (!skipForCap) {
                 embeddingSkipped = false;
+                if (capDisabled && stats.nodes > DEFAULT_EMBEDDING_NODE_LIMIT) {
+                    log(`Embedding node-count cap disabled — generating embeddings for ` +
+                        `${stats.nodes.toLocaleString()} nodes. Ensure sufficient memory; ` +
+                        `the default ${DEFAULT_EMBEDDING_NODE_LIMIT.toLocaleString()}-node ` +
+                        `cap exists to prevent OOM.`);
+                }
+            }
+            else {
+                log(`Embeddings skipped: ${stats.nodes.toLocaleString()} nodes exceeds ` +
+                    `the ${nodeLimit.toLocaleString()}-node safety cap. ` +
+                    `Override with \`--embeddings 0\` to disable the cap, or ` +
+                    `\`--embeddings <n>\` to set a custom cap.`);
             }
         }
         if (!embeddingSkipped) {

package/dist/server/validation.d.ts

@@ -86,6 +86,9 @@ export interface RouteLimiterOverrides {
  *   - keyGenerator: req.ip with a socket.remoteAddress fallback so abruptly
  *     closed connections do not trigger ERR_ERL_UNDEFINED_IP_ADDRESS
  *     (which would 500 the request via Express's default error handler).
+ *     The IP is passed through `ipKeyGenerator` so IPv6 addresses are
+ *     normalised to their /56 subnet — without this, each IPv6 address
+ *     gets its own counter and the limit is trivially bypassed (#1360).
  *     Caller must wire `app.set('trust proxy', ...)` correctly — see
  *     createServer in api.ts.
  *

package/dist/server/validation.js

@@ -18,7 +18,7 @@
  * in this module too but are introduced with the dependency they require.
  */
 import path from 'node:path';
-import rateLimit from 'express-rate-limit';
+import rateLimit, { ipKeyGenerator } from 'express-rate-limit';
 /**
  * Thrown by validation helpers when user input is rejected.
  * Routes catch via existing try/catch and convert with err.status / err.message.
@@ -116,6 +116,9 @@ const DEFAULT_RATE_LIMIT_RPM = 60;
  *   - keyGenerator: req.ip with a socket.remoteAddress fallback so abruptly
  *     closed connections do not trigger ERR_ERL_UNDEFINED_IP_ADDRESS
  *     (which would 500 the request via Express's default error handler).
+ *     The IP is passed through `ipKeyGenerator` so IPv6 addresses are
+ *     normalised to their /56 subnet — without this, each IPv6 address
+ *     gets its own counter and the limit is trivially bypassed (#1360).
  *     Caller must wire `app.set('trust proxy', ...)` correctly — see
  *     createServer in api.ts.
  *
@@ -129,7 +132,10 @@ export function createRouteLimiter(opts) {
         standardHeaders: 'draft-7',
         legacyHeaders: false,
         passOnStoreError: true,
-        keyGenerator: (req) => req.ip ?? req.socket?.remoteAddress ?? 'unknown',
+        keyGenerator: (req) => {
+            const ip = req.ip ?? req.socket?.remoteAddress;
+            return ip ? ipKeyGenerator(ip) : 'unknown';
+        },
         message: { error: 'Too many requests, please try again later.' },
         ...opts,
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gitnexus",
-  "version": "1.6.4-rc.73",
+  "version": "1.6.4-rc.75",
   "description": "Graph-powered code intelligence for AI agents. Index any codebase, query via MCP or CLI.",
   "author": "Abhigyan Patwari",
   "license": "PolyForm-Noncommercial-1.0.0",