gitnexus 1.6.8-rc.8 → 1.6.8-rc.9

package/dist/core/ingestion/language-provider.d.ts

@@ -147,6 +147,12 @@ interface LanguageProviderConfig {
      * `undefined` when no constraints exist / the node isn't a templated
      * function. Languages without SFINAE / concept semantics leave this
      * undefined and the disambiguation is a pass-through.
+     *
+     * Cloneability contract: the returned payload crosses the worker boundary
+     * via structured clone, so it MUST be structured-clone-safe (no functions,
+     * symbols, or tree-sitter `SyntaxNode`s — only plain data). Wrap the return
+     * with `assertCloneable` from `workers/clone-safety.ts` so a future leak is a
+     * compile error at the source instead of a runtime DataCloneError (#2143).
      */
     readonly extractTemplateConstraints?: (definitionNode: SyntaxNode) => unknown;
     /** Override the default node label for definition.function captures.
@@ -268,8 +274,12 @@ interface LanguageProviderConfig {
      * disk store WITHOUT a main-thread re-parse. The main thread restores them
      * via the matching `ScopeResolver.applyCaptureSideChannel` hook.
      *
-     * MUST return plain data (objects / arrays / primitives) so it round-trips
-     * through `JSON.stringify` + the parsedfile-store interning reviver.
+     * Cloneability contract: MUST return plain data (objects / arrays /
+     * primitives — no functions, symbols, or tree-sitter `SyntaxNode`s) so it
+     * survives BOTH the worker→main structured clone AND `JSON.stringify` + the
+     * parsedfile-store interning reviver. Wrap the return with `assertCloneable`
+     * from `workers/clone-safety.ts` so a future non-serializable leak is a
+     * compile error at the source instead of a runtime DataCloneError (#2143).
      *
      * Default: undefined (provider has no capture-time module-level side effects).
      */

package/dist/core/ingestion/languages/c-cpp.js

@@ -38,7 +38,8 @@ import { cCallConfig, cppCallConfig } from '../call-extractors/configs/c-cpp.js'
 import { stripUeMacros } from '../cpp-ue-preprocessor.js';
 import { emitCScopeCaptures, interpretCImport, interpretCTypeBinding, cArityCompatibility, cBindingScopeFor, cImportOwningScope, cReceiverBinding, collectCStaticLinkageSideChannel, } from './c/index.js';
 import { emitCppScopeCaptures, interpretCppImport, interpretCppTypeBinding, cppArityCompatibility, cppBindingScopeFor, cppImportOwningScope, cppReceiverBinding, collectCppCaptureSideChannel, } from './cpp/index.js';
-import { extractCppTemplateConstraints } from './cpp/constraint-extractor.js';
+import { extractCppTemplateConstraints, } from './cpp/constraint-extractor.js';
+import { assertCloneable } from '../workers/clone-safety.js';
 const C_BUILT_INS = new Set([
     'printf',
     'fprintf',
@@ -358,7 +359,10 @@ export const cProvider = defineLanguage({
     // `static` functions look non-file-local on the main thread and leak into
     // cross-file global free-call resolution / wildcard imports. See
     // `c/capture-side-channel.ts`.
-    collectCaptureSideChannel: collectCStaticLinkageSideChannel,
+    // `assertCloneable` is a runtime identity; it makes a future non-serializable
+    // value in the side-channel payload a compile error here, at the source, rather
+    // than a DataCloneError at the worker boundary (#2143).
+    collectCaptureSideChannel: (filePath) => assertCloneable(collectCStaticLinkageSideChannel(filePath)),
     interpretImport: interpretCImport,
     interpretTypeBinding: interpretCTypeBinding,
     bindingScopeFor: cBindingScopeFor,
@@ -431,7 +435,7 @@ export const cppProvider = defineLanguage({
     // just populated for this file into plain data on `ParsedFile.captureSideChannel`,
     // so the main thread can restore them via `applyCaptureSideChannel` WITHOUT a
     // re-parse (#1983). See `cpp/capture-side-channel.ts`.
-    collectCaptureSideChannel: collectCppCaptureSideChannel,
+    collectCaptureSideChannel: (filePath) => assertCloneable(collectCppCaptureSideChannel(filePath)),
     interpretImport: interpretCppImport,
     interpretTypeBinding: interpretCppTypeBinding,
     bindingScopeFor: cppBindingScopeFor,
@@ -482,5 +486,8 @@ function extractCppTemplateConstraintsForProvider(definitionNode) {
         }
         break;
     }
-    return extractCppTemplateConstraints(templateDecl, declarator);
+    // Guard the boundary at the source: a future non-cloneable member of the
+    // constraint payload becomes a compile error here, not a runtime
+    // DataCloneError at the worker post (#2143).
+    return assertCloneable(extractCppTemplateConstraints(templateDecl, declarator));
 }

package/dist/core/ingestion/languages/kotlin.js

@@ -10,6 +10,7 @@ import { SupportedLanguages } from '../../../_shared/index.js';
 import { createClassExtractor } from '../class-extractors/generic.js';
 import { kotlinClassConfig } from '../class-extractors/configs/jvm.js';
 import { defineLanguage } from '../language-provider.js';
+import { assertCloneable } from '../workers/clone-safety.js';
 import { kotlinTypeConfig } from '../type-extractors/jvm.js';
 import { kotlinExportChecker } from '../export-detection.js';
 import { createImportResolver } from '../import-resolvers/resolver-factory.js';
@@ -166,7 +167,10 @@ export const kotlinProvider = defineLanguage({
     // so the main thread can restore them via `applyCaptureSideChannel` WITHOUT a
     // re-parse (#1983). Without this, companion/static dispatch emits no CALLS
     // edges on the worker path. See `kotlin/capture-side-channel.ts`.
-    collectCaptureSideChannel: collectKotlinCaptureSideChannel,
+    // `assertCloneable` is a runtime identity; it makes a future non-serializable
+    // value in the side-channel payload a compile error here, at the source, rather
+    // than a DataCloneError at the worker boundary (#2143).
+    collectCaptureSideChannel: (filePath) => assertCloneable(collectKotlinCaptureSideChannel(filePath)),
     interpretImport: interpretKotlinImport,
     interpretTypeBinding: interpretKotlinTypeBinding,
     bindingScopeFor: kotlinBindingScopeFor,

package/dist/core/ingestion/parsing-processor.js

@@ -144,6 +144,27 @@ chunkHash) => {
             .join(', ');
         logger.warn(`  Skipped unsupported languages: ${summary}`);
     }
+    // Clone-safety telemetry (#2112): files whose parse output carried a value
+    // the structured-clone algorithm couldn't serialize across the worker
+    // boundary. The worker sanitized/dropped the offending value so the run
+    // could complete; surface the (rare) data loss so it's visible and the
+    // offending extractor can be fixed at source.
+    const skippedPaths = [];
+    for (const result of chunkResults) {
+        for (const entry of result.skippedPaths ?? [])
+            skippedPaths.push(entry);
+    }
+    if (skippedPaths.length > 0) {
+        // Keep the per-file reason ("stripped N value(s) from nodes" /
+        // "dropped non-serializable parsedFiles entry") — it distinguishes a
+        // recoverable strip from a whole-record drop, which a path-only line loses.
+        const shown = skippedPaths
+            .slice(0, 10)
+            .map((e) => `${e.path} (${e.reason})`)
+            .join(', ');
+        const more = skippedPaths.length > 10 ? ` …and ${skippedPaths.length - 10} more` : '';
+        logger.warn(`  Sanitized ${skippedPaths.length} file(s) with non-serializable parse output: ${shown}${more}`);
+    }
     onFileProgress?.(total, total, 'done');
     return chunkResults;
 };

package/dist/core/ingestion/workers/clone-safety.d.ts

@@ -0,0 +1,109 @@
+/**
+ * Structured-clone safety for the worker result boundary (#2112).
+ *
+ * A parse worker delivers its accumulated result to the main thread via
+ * `parentPort.postMessage(...)`. Node serializes that payload with the
+ * structured-clone algorithm SYNCHRONOUSLY on the worker thread, and it
+ * THROWS a `DataCloneError` the instant it meets a value it can't serialize —
+ * a function, a symbol, a Promise, a WeakMap, etc. The reporter of #2112 hit
+ * exactly this: a node record whose `properties` carried an own-enumerable
+ * value pointing at a native function (`function toString() { [native code] }
+ * could not be cloned`). One such value aborted the entire parse phase,
+ * because the worker re-posts the throw as `{type:'error'}` which the pool
+ * counts as a worker death — and under `GITNEXUS_WORKER_POOL_SIZE=1` the same
+ * graph re-throws on every respawn until the slot's budget is exhausted.
+ *
+ * This module is the safety net. It runs ONLY after a real clone failure on
+ * the fast-path post (zero overhead on healthy runs), and rewrites the
+ * boundary-crossing arrays so the result becomes cloneable: a non-cloneable
+ * value inside a plain extraction record is dropped (the record is otherwise
+ * kept — strictly-missing data, never wrong), and a `ParsedFile` that can't be
+ * made cloneable is dropped whole so scope-resolution re-derives it on the
+ * main thread (where there is no clone boundary) with intact edge data.
+ *
+ * Language-neutral by construction: it keys on value shape and field name
+ * only, never on a language (AGENTS.md shared-pipeline rule). The strip
+ * semantics mirror what the store path's `JSON.stringify` already silently
+ * drops, so store / no-store / cold / warm runs converge on the same graph.
+ */
+/** A file whose parse result was sanitized or dropped at the clone boundary. */
+export interface SkippedPath {
+    /** Best-effort source path of the offending record (or `(unknown)`). */
+    path: string;
+    /** Human-readable reason, e.g. "dropped 1 non-serializable value from nodes". */
+    reason: string;
+}
+/**
+ * True iff `value` survives Node's structured-clone algorithm (the same
+ * algorithm `postMessage` uses). This is the authoritative probe — it matches
+ * the real failure exactly, including Map/Set/Date/RegExp/TypedArray support,
+ * so it never false-positives on the `Scope` Maps that clone fine.
+ */
+export declare function isStructuredCloneable(value: unknown): boolean;
+/** The leaf values the structured-clone algorithm copies verbatim. */
+type CloneablePrimitive = undefined | null | boolean | number | bigint | string;
+/**
+ * Maps `T` to itself when every value reachable from it is structured-clone
+ * safe, and to a type containing `never` at the first offending property
+ * otherwise. A function or symbol — the values `postMessage` rejects — becomes
+ * `never`, so a struct carrying one is no longer assignable to its own
+ * `Cloneable<T>` and `assertCloneable` rejects it, naming the bad key.
+ *
+ * Implemented as a homomorphic mapped type (`{ [K in keyof T]: … }`) so it
+ * preserves `interface` shapes and `readonly` modifiers and works WITHOUT
+ * requiring the payload types to carry an index signature — sidestepping the
+ * "closed interface is not assignable to a recursive index-signature type" wall
+ * that blocked the value-typed-`Cloneable` approach (#2143). `Map`/`Set`/array
+ * containers recurse into their element types; `Date`/`RegExp` are clone-safe
+ * leaves.
+ */
+/** True iff `T` is `any` (the canonical `IsAny` probe: only `any` satisfies `0 extends 1 & T`). */
+type IsAny<T> = 0 extends 1 & T ? true : false;
+export type Cloneable<T> = IsAny<T> extends true ? never : T extends CloneablePrimitive | Date | RegExp ? T : T extends (...args: never[]) => unknown ? never : T extends symbol ? never : T extends ReadonlyMap<infer K, infer V> ? ReadonlyMap<Cloneable<K>, Cloneable<V>> : T extends ReadonlySet<infer U> ? ReadonlySet<Cloneable<U>> : T extends readonly (infer U)[] ? T extends unknown[] ? Cloneable<U>[] : readonly Cloneable<U>[] : T extends object ? {
+    [K in keyof T]: Cloneable<T[K]>;
+} : never;
+/**
+ * Identity at runtime (zero cost — returns its argument unchanged); a
+ * compile-time assertion that `value` is structured-clone safe. Wrap a
+ * producer that feeds an `unknown` worker-result sink:
+ *
+ *   collectCaptureSideChannel: (filePath) => assertCloneable(collectFoo(filePath))
+ *
+ * If `collectFoo`'s return type ever gains a non-cloneable member (a function, a
+ * `SyntaxNode`, …) the call fails to compile, pointing at the offending key.
+ *
+ * The parameter is a conditional type rather than an `extends Cloneable<T>`
+ * constraint because a self-referential constraint (`T extends Cloneable<T>`)
+ * is a "circular constraint" error in TypeScript. For a clone-safe `T` the
+ * parameter resolves to `T` (call type-checks as a plain identity); for an
+ * unsafe `T` it resolves to `Cloneable<T>` (which has `never` at the bad key),
+ * so the argument is rejected.
+ */
+export declare function assertCloneable<T>(value: T extends Cloneable<T> ? T : Cloneable<T>): T;
+export interface MakeCloneSafeOptions {
+    /**
+     * Array field names whose offending elements are DROPPED whole rather than
+     * stripped in place (e.g. `parsedFiles` — its `captureSideChannel` drives
+     * edge resolution, so a stripped-and-delivered file would ship WRONG edges;
+     * dropping it lets scope-resolution re-derive it on the main thread).
+     */
+    dropWholeElement: ReadonlySet<string>;
+    /** Field names to skip entirely (e.g. the `skippedPaths` field itself). */
+    skipFields?: ReadonlySet<string>;
+    /** Keys to probe for a file path when attributing a skip. */
+    pathKeys?: readonly string[];
+}
+/**
+ * Make a worker result's boundary-crossing array fields structured-cloneable,
+ * mutating `result` in place. Only arrays that actually contain a
+ * non-cloneable value are rewritten; everything else keeps referential
+ * identity. Returns the list of affected file paths for reporting.
+ *
+ * Call this after ANY failure of the fast-path post — a `DataCloneError`, OR a
+ * throwing getter's own error surfaced by structuredClone (the caller in
+ * `post-result.ts` recovers on any throw, not only `DataCloneError`).
+ */
+export declare function makeWorkerResultCloneSafe(result: Record<string, unknown>, options: MakeCloneSafeOptions): {
+    skipped: SkippedPath[];
+};
+export {};

package/dist/core/ingestion/workers/clone-safety.js

@@ -0,0 +1,465 @@
+/**
+ * Structured-clone safety for the worker result boundary (#2112).
+ *
+ * A parse worker delivers its accumulated result to the main thread via
+ * `parentPort.postMessage(...)`. Node serializes that payload with the
+ * structured-clone algorithm SYNCHRONOUSLY on the worker thread, and it
+ * THROWS a `DataCloneError` the instant it meets a value it can't serialize —
+ * a function, a symbol, a Promise, a WeakMap, etc. The reporter of #2112 hit
+ * exactly this: a node record whose `properties` carried an own-enumerable
+ * value pointing at a native function (`function toString() { [native code] }
+ * could not be cloned`). One such value aborted the entire parse phase,
+ * because the worker re-posts the throw as `{type:'error'}` which the pool
+ * counts as a worker death — and under `GITNEXUS_WORKER_POOL_SIZE=1` the same
+ * graph re-throws on every respawn until the slot's budget is exhausted.
+ *
+ * This module is the safety net. It runs ONLY after a real clone failure on
+ * the fast-path post (zero overhead on healthy runs), and rewrites the
+ * boundary-crossing arrays so the result becomes cloneable: a non-cloneable
+ * value inside a plain extraction record is dropped (the record is otherwise
+ * kept — strictly-missing data, never wrong), and a `ParsedFile` that can't be
+ * made cloneable is dropped whole so scope-resolution re-derives it on the
+ * main thread (where there is no clone boundary) with intact edge data.
+ *
+ * Language-neutral by construction: it keys on value shape and field name
+ * only, never on a language (AGENTS.md shared-pipeline rule). The strip
+ * semantics mirror what the store path's `JSON.stringify` already silently
+ * drops, so store / no-store / cold / warm runs converge on the same graph.
+ */
+/**
+ * True iff `value` survives Node's structured-clone algorithm (the same
+ * algorithm `postMessage` uses). This is the authoritative probe — it matches
+ * the real failure exactly, including Map/Set/Date/RegExp/TypedArray support,
+ * so it never false-positives on the `Scope` Maps that clone fine.
+ */
+export function isStructuredCloneable(value) {
+    try {
+        structuredClone(value);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Identity at runtime (zero cost — returns its argument unchanged); a
+ * compile-time assertion that `value` is structured-clone safe. Wrap a
+ * producer that feeds an `unknown` worker-result sink:
+ *
+ *   collectCaptureSideChannel: (filePath) => assertCloneable(collectFoo(filePath))
+ *
+ * If `collectFoo`'s return type ever gains a non-cloneable member (a function, a
+ * `SyntaxNode`, …) the call fails to compile, pointing at the offending key.
+ *
+ * The parameter is a conditional type rather than an `extends Cloneable<T>`
+ * constraint because a self-referential constraint (`T extends Cloneable<T>`)
+ * is a "circular constraint" error in TypeScript. For a clone-safe `T` the
+ * parameter resolves to `T` (call type-checks as a plain identity); for an
+ * unsafe `T` it resolves to `Cloneable<T>` (which has `never` at the bad key),
+ * so the argument is rejected.
+ */
+export function assertCloneable(value) {
+    return value;
+}
+/**
+ * Recursion cap for the module's own traversal. An over-deep subtree is treated
+ * as non-cloneable rather than recursing to a stack overflow — without this, a
+ * deeply-nested record would throw `RangeError` inside the sanitizer and (since
+ * the recovery path is the safety net) re-arm the very cascade #2112 fixes. Set
+ * far below the observed ~3000-frame overflow and far above any real
+ * parse-result record (extraction records are shallow plain data). Note: this
+ * caps the module's recursion only; `structuredClone`'s own internal recursion
+ * (the `isStructuredCloneable` probe of non-plain objects) is bounded by that
+ * helper's catch-all, which turns a probe-side `RangeError` into a
+ * non-cloneable verdict — so do not narrow that catch.
+ */
+const MAX_CLONE_DEPTH = 200;
+/**
+ * True iff `key` is a canonical array-index string (`"0"`, `"1"`, … `< 2^32-1`)
+ * — i.e. one of the slots the numeric index loop already visits. Everything
+ * else returned by `Object.keys(array)` is a NON-index own-enumerable property
+ * (`arr.meta = …`), which the structured-clone algorithm ALSO serializes (and
+ * throws on if non-cloneable). The array branches of `containsNonCloneable` and
+ * `stripNonCloneable` use this to scan those extra keys in lockstep.
+ */
+function isArrayIndexKey(key) {
+    const n = Number(key);
+    return Number.isInteger(n) && n >= 0 && n < 4294967295 && String(n) === key;
+}
+/**
+ * Non-allocating scan: returns true on the FIRST value structured-clone would
+ * reject. Used to decide whether an array (or element) needs rewriting at all,
+ * so clean arrays keep their referential identity and pay no copy cost.
+ */
+function containsNonCloneable(value, seen, depth = 0) {
+    const t = typeof value;
+    if (t === 'function' || t === 'symbol')
+        return true;
+    if (value === null || t !== 'object')
+        return false;
+    // Depth bound: treat an over-deep subtree as non-cloneable (the element is
+    // then stripped/dropped) instead of overflowing the stack.
+    if (depth >= MAX_CLONE_DEPTH)
+        return true;
+    const obj = value;
+    // Cycles clone fine; don't recurse into one twice.
+    if (seen.has(obj))
+        return false;
+    // Structured-clone-native containers carry no non-cloneable payload of their
+    // own; their *contents* still need scanning (a Map value could be a fn).
+    if (obj instanceof Date || obj instanceof RegExp)
+        return false;
+    // Buffers/views usually clone, but a DETACHED one is rejected by
+    // structuredClone — probe rather than wave it through. No byteLength
+    // heuristic: a legitimately empty `new Uint8Array(0)` also has byteLength 0
+    // yet clones fine, so a length check would false-positive.
+    if (obj instanceof ArrayBuffer || ArrayBuffer.isView(obj))
+        return !isStructuredCloneable(obj);
+    seen.add(obj);
+    if (Array.isArray(obj)) {
+        for (let i = 0; i < obj.length; i++) {
+            if (containsNonCloneable(obj[i], seen, depth + 1))
+                return true;
+        }
+        // structuredClone also serializes an array's NON-index own-enumerable
+        // properties and throws on a non-cloneable one — scan them too (lockstep
+        // with stripNonCloneable's array branch; see isArrayIndexKey).
+        for (const key of Object.keys(obj)) {
+            if (isArrayIndexKey(key))
+                continue;
+            let child;
+            try {
+                child = obj[key];
+            }
+            catch {
+                return true; // a throwing getter can't be serialized either
+            }
+            if (containsNonCloneable(child, seen, depth + 1))
+                return true;
+        }
+        return false;
+    }
+    if (obj instanceof Map) {
+        for (const [k, v] of obj) {
+            if (containsNonCloneable(k, seen, depth + 1) || containsNonCloneable(v, seen, depth + 1))
+                return true;
+        }
+        return false;
+    }
+    if (obj instanceof Set) {
+        for (const v of obj) {
+            if (containsNonCloneable(v, seen, depth + 1))
+                return true;
+        }
+        return false;
+    }
+    // A non-plain object (Promise, WeakMap, class instance with internal slots)
+    // that structured clone can't handle: detect via the authoritative probe.
+    // Plain objects fall through to a property scan (cheap, no allocation).
+    const proto = Object.getPrototypeOf(obj);
+    if (proto !== Object.prototype && proto !== null) {
+        if (!isStructuredCloneable(obj))
+            return true;
+        return false;
+    }
+    for (const key of Object.keys(obj)) {
+        let child;
+        try {
+            child = obj[key];
+        }
+        catch {
+            // A getter that throws can't be serialized either — treat as non-cloneable.
+            return true;
+        }
+        if (containsNonCloneable(child, seen, depth + 1))
+            return true;
+    }
+    return false;
+}
+/** Record a strip at `path` (root → `(root)`); keeps the count + key path in sync. */
+function recordStrip(ctx, path) {
+    ctx.stripped++;
+    ctx.keys.push(path === '' ? '(root)' : path);
+}
+/**
+ * Deep-copy `value`, replacing any value structured-clone would reject with
+ * `undefined` (which clones fine). Preserves primitives, arrays, plain
+ * objects, and the structured-clone-native containers (Date, RegExp, Map,
+ * Set, ArrayBuffer, TypedArray). Rebuilds only what it must — clean leaves are
+ * returned by reference. `path` is the dotted key path of `value` (for the
+ * diagnostic record).
+ */
+function stripNonCloneable(value, ctx, depth = 0, path = '') {
+    const t = typeof value;
+    if (t === 'function' || t === 'symbol') {
+        recordStrip(ctx, path);
+        return undefined;
+    }
+    if (value === null || t !== 'object')
+        return value;
+    // Depth bound (mirrors containsNonCloneable): drop an over-deep subtree to
+    // `undefined` (itself cloneable, and a legal property value / array element)
+    // rather than overflowing the stack.
+    if (depth >= MAX_CLONE_DEPTH) {
+        recordStrip(ctx, path);
+        return undefined;
+    }
+    const obj = value;
+    // Memoized? Return the SAME stripped copy (preserves DAG shape; terminates
+    // cycles by returning the in-progress copy inserted before recursing below).
+    if (ctx.seen.has(obj))
+        return ctx.seen.get(obj);
+    // Leaf-like values: returned by reference, but still memoize the decision so
+    // a second alias resolves identically.
+    if (obj instanceof Date || obj instanceof RegExp) {
+        ctx.seen.set(obj, value);
+        return value;
+    }
+    if (obj instanceof ArrayBuffer || ArrayBuffer.isView(obj)) {
+        // Keep a live buffer/view (even an empty one); drop a detached one, which
+        // structuredClone rejects. The probe is exact — no byteLength heuristic.
+        if (!isStructuredCloneable(obj)) {
+            recordStrip(ctx, path);
+            ctx.seen.set(obj, undefined);
+            return undefined;
+        }
+        ctx.seen.set(obj, value);
+        return value;
+    }
+    // Containers: allocate the empty copy, memoize it BEFORE recursing, then fill
+    // — so a cycle/alias that re-enters gets this in-progress copy.
+    if (Array.isArray(obj)) {
+        const out = [];
+        ctx.seen.set(obj, out);
+        for (let i = 0; i < obj.length; i++)
+            out.push(stripNonCloneable(obj[i], ctx, depth + 1, `${path}[${i}]`));
+        // Carry NON-index own-enumerable props through the same strip (lockstep
+        // with containsNonCloneable): structuredClone serializes them, so a
+        // non-cloneable one must be stripped rather than left to throw on re-post.
+        for (const key of Object.keys(obj)) {
+            if (isArrayIndexKey(key))
+                continue;
+            const childPath = `${path}.${key}`;
+            let child;
+            try {
+                child = obj[key];
+            }
+            catch {
+                recordStrip(ctx, childPath);
+                continue;
+            }
+            out[key] = stripNonCloneable(child, ctx, depth + 1, childPath);
+        }
+        return out;
+    }
+    if (obj instanceof Map) {
+        // Scope limit (acceptable): object keys aren't identity-preserved across
+        // stripping. Parse-result Maps are primitive-keyed, so this never bites.
+        const out = new Map();
+        ctx.seen.set(obj, out);
+        for (const [k, v] of obj)
+            out.set(stripNonCloneable(k, ctx, depth + 1, `${path}<key>`), stripNonCloneable(v, ctx, depth + 1, `${path}<map>`));
+        return out;
+    }
+    if (obj instanceof Set) {
+        const out = new Set();
+        ctx.seen.set(obj, out);
+        for (const v of obj)
+            out.add(stripNonCloneable(v, ctx, depth + 1, `${path}<set>`));
+        return out;
+    }
+    const proto = Object.getPrototypeOf(obj);
+    if (proto !== Object.prototype && proto !== null) {
+        // Non-plain object that the probe already flagged as non-cloneable and
+        // that we can't safely reconstruct (Promise, WeakMap, class instance with
+        // internal slots). Drop it whole — memoize the decision so aliases agree.
+        if (!isStructuredCloneable(obj)) {
+            recordStrip(ctx, path);
+            ctx.seen.set(obj, undefined);
+            return undefined;
+        }
+        ctx.seen.set(obj, value);
+        return value;
+    }
+    const out = {};
+    ctx.seen.set(obj, out);
+    for (const key of Object.keys(obj)) {
+        const childPath = path === '' ? key : `${path}.${key}`;
+        let child;
+        try {
+            child = obj[key];
+        }
+        catch {
+            // A getter that throws is non-serializable — drop the property.
+            recordStrip(ctx, childPath);
+            continue;
+        }
+        out[key] = stripNonCloneable(child, ctx, depth + 1, childPath);
+    }
+    return out;
+}
+/** Keys checked (top-level and one level deep) to attribute a record to a file. */
+const DEFAULT_PATH_KEYS = ['filePath', 'path', 'file'];
+/** Read `obj[key]`, returning undefined if the access throws (throwing getter / Proxy trap). */
+function safeGet(obj, key) {
+    try {
+        return obj[key];
+    }
+    catch {
+        return undefined;
+    }
+}
+/** Read a path key off a child object (one level deep); never throws. */
+function pathFromChild(child, pathKeys) {
+    if (child === null || typeof child !== 'object')
+        return undefined;
+    const crec = child;
+    for (const pk of pathKeys) {
+        const v = safeGet(crec, pk);
+        if (typeof v === 'string')
+            return v;
+    }
+    return undefined;
+}
+/**
+ * Best-effort source-path extraction for reporting; never throws. Reads are
+ * defensive (a throwing getter / Proxy trap on a path-attribution key must not
+ * escape and abandon the sanitize — it would re-arm the fail-closed cascade).
+ */
+function findFilePath(element, pathKeys) {
+    if (element === null || typeof element !== 'object')
+        return undefined;
+    const rec = element;
+    // Top level first — a ParsedFile carries `filePath` here.
+    for (const key of pathKeys) {
+        const v = safeGet(rec, key);
+        if (typeof v === 'string')
+            return v;
+    }
+    // Known child next — a ParsedNode carries its path at `properties.filePath`.
+    // Prefer it over the generic sweep so attribution is deterministic when a
+    // sibling child also happens to carry a path-like key.
+    const fromProps = pathFromChild(safeGet(rec, 'properties'), pathKeys);
+    if (fromProps !== undefined)
+        return fromProps;
+    // Generic one-level sweep as the fallback for other shapes.
+    let keys;
+    try {
+        keys = Object.keys(rec);
+    }
+    catch {
+        return undefined; // a Proxy ownKeys trap that throws — give up on attribution
+    }
+    for (const key of keys) {
+        if (key === 'properties')
+            continue; // already checked above
+        const fromChild = pathFromChild(safeGet(rec, key), pathKeys);
+        if (fromChild !== undefined)
+            return fromChild;
+    }
+    return undefined;
+}
+/**
+ * Make a worker result's boundary-crossing array fields structured-cloneable,
+ * mutating `result` in place. Only arrays that actually contain a
+ * non-cloneable value are rewritten; everything else keeps referential
+ * identity. Returns the list of affected file paths for reporting.
+ *
+ * Call this after ANY failure of the fast-path post — a `DataCloneError`, OR a
+ * throwing getter's own error surfaced by structuredClone (the caller in
+ * `post-result.ts` recovers on any throw, not only `DataCloneError`).
+ */
+export function makeWorkerResultCloneSafe(result, options) {
+    const pathKeys = options.pathKeys ?? DEFAULT_PATH_KEYS;
+    const skipped = [];
+    for (const field of Object.keys(result)) {
+        if (options.skipFields?.has(field))
+            continue;
+        const value = result[field];
+        if (!Array.isArray(value))
+            continue;
+        const dropWhole = options.dropWholeElement.has(field);
+        // `out` is built lazily — only once a dirty element appears — by copying the
+        // clean prefix, so a fully-clean array is never rebuilt and keeps its
+        // referential identity (no field reassignment). A dirty element is scanned
+        // (containsNonCloneable) and then stripped (stripNonCloneable): two passes,
+        // deliberately. The non-allocating pre-scan is exactly what lets CLEAN
+        // elements stay by reference (zero-copy) — replacing it with an
+        // always-allocating strip would regress that. This whole path is
+        // failure-path-only (the fast post already threw), so the second pass over
+        // the rare dirty element is acceptable.
+        let out = null;
+        for (let i = 0; i < value.length; i++) {
+            const element = value[i];
+            try {
+                if (!containsNonCloneable(element, new WeakSet())) {
+                    if (out)
+                        out.push(element);
+                    continue;
+                }
+                if (!out)
+                    out = value.slice(0, i); // first dirty element: copy clean prefix
+                const path = findFilePath(element, pathKeys) ?? '(unknown)';
+                if (dropWhole) {
+                    skipped.push({ path, reason: `dropped non-serializable ${field} entry` });
+                    continue;
+                }
+                const ctx = { stripped: 0, seen: new Map(), keys: [] };
+                const cleaned = stripNonCloneable(element, ctx);
+                // Last-resort guard: if stripping functions/symbols still left something
+                // structured-clone rejects, drop the element rather than re-throw.
+                if (isStructuredCloneable(cleaned)) {
+                    out.push(cleaned);
+                    // Name the offending key path(s) so the leak is locatable from the log
+                    // (e.g. "from nodes: properties.toString") — not just the array field.
+                    const at = ctx.keys.slice(0, 3).join(', ');
+                    const more = ctx.keys.length > 3 ? `, …+${ctx.keys.length - 3}` : '';
+                    skipped.push({
+                        path,
+                        reason: `stripped ${ctx.stripped} non-serializable value(s) from ${field}: ${at}${more}`,
+                    });
+                }
+                else {
+                    skipped.push({ path, reason: `dropped unsalvageable ${field} entry` });
+                }
+            }
+            catch {
+                // A throw DURING this element's scan/strip — a Proxy with a throwing
+                // `getPrototypeOf`/`ownKeys` trap reached by Object.getPrototypeOf /
+                // Object.keys, or any other structural-enumeration throw. Drop the
+                // element rather than let the throw escape to postResultCloneSafe's
+                // fail-closed {type:'error'} (which under POOL_SIZE=1 re-arms the
+                // cascade this net prevents). One pathological element can't sink the
+                // whole result.
+                if (!out)
+                    out = value.slice(0, i);
+                skipped.push({ path: '(unknown)', reason: `dropped ${field} entry (sanitizer error)` });
+            }
+        }
+        if (out)
+            result[field] = out;
+    }
+    // Final safety gate. The loop above only rewrites ARRAY fields, so a future
+    // non-array result sink (a nested object / Map) — or an array field whose own
+    // non-index property the element loop didn't reach — could still hold a
+    // non-cloneable value and throw on the re-post. Make "the returned result is
+    // structured-cloneable" a hard postcondition: strip any remaining offending
+    // field in place. Failure-path-only and a no-op once the result is already
+    // clean (the per-field probe short-circuits every clean field).
+    if (!isStructuredCloneable(result)) {
+        for (const field of Object.keys(result)) {
+            if (options.skipFields?.has(field))
+                continue;
+            if (isStructuredCloneable(result[field]))
+                continue;
+            const ctx = { stripped: 0, seen: new Map(), keys: [] };
+            result[field] = stripNonCloneable(result[field], ctx);
+            const at = ctx.keys.slice(0, 3).join(', ');
+            skipped.push({
+                path: '(result)',
+                reason: `stripped ${ctx.stripped} non-serializable value(s) from ${field}${at ? `: ${at}` : ''}`,
+            });
+        }
+    }
+    return { skipped };
+}

package/dist/core/ingestion/workers/parse-worker.d.ts

@@ -1,4 +1,5 @@
 import { SupportedLanguages } from '../../../_shared/index.js';
+import type { SkippedPath } from './clone-safety.js';
 import type { ExtractedRouterInclude, ExtractedRouterImport, ExtractedRouterModuleAlias } from '../route-extractors/fastapi-router-bindings.js';
 import { type MixedChainStep } from '../utils/call-analysis.js';
 import type { ConstructorBinding } from '../type-env.js';
@@ -201,6 +202,15 @@ export interface ParseWorkerResult {
      */
     parsedFiles: ParsedFile[];
     skippedLanguages: Record<string, number>;
+    /**
+     * Files whose parse output carried a value the structured-clone algorithm
+     * couldn't serialize across the worker boundary (#2112). The clone-safety
+     * net stripped or dropped the offending value so the result could be
+     * delivered; these paths are surfaced to the operator so the (rare) data
+     * loss is visible. Optional for cache backward compatibility — older cache
+     * entries predate the field; consumers must guard with `?? []`.
+     */
+    skippedPaths?: SkippedPath[];
     fileCount: number;
 }
 export interface ParseWorkerInput {

package/dist/core/ingestion/workers/parse-worker.js

@@ -17,6 +17,8 @@ import { getProvider } from '../languages/index.js';
 import { getTreeSitterBufferSize, getTreeSitterContentByteLength, TREE_SITTER_MAX_BUFFER, } from '../constants.js';
 import { ARRAY_METHOD_HOC_BLOCKLIST_SET, DEFAULT_EXPORT_IDENTIFIER_BLOCKLIST_SET, deriveDefaultExportHocName, } from '../ts-js-hoc-utils.js';
 import { parseSourceSafe } from '../../tree-sitter/safe-parse.js';
+import { postResultCloneSafe } from './post-result.js';
+import { mergeResult } from './result-merge.js';
 // ── Worker grammar loading — enforcement boundary (#2091/#2093, #2101) ───────
 // The worker maintains its own grammar table (the guarded `_require`s below +
 // `languageMap`) and intentionally does NOT consult the runtime
@@ -1793,41 +1795,8 @@ let accumulated = {
     fileCount: 0,
 };
 let cumulativeProcessed = 0;
-// Use a loop instead of push(...spread) to avoid hitting V8's argument limit
-// when merging large result sets (push(...arr) calls apply() under the hood
-// and blows the stack when arr has >~65k elements).
-const appendAll = (target, src) => {
-    for (let i = 0; i < src.length; i++)
-        target.push(src[i]);
-};
-const mergeResult = (target, src) => {
-    appendAll(target.nodes, src.nodes);
-    appendAll(target.relationships, src.relationships);
-    appendAll(target.symbols, src.symbols);
-    appendAll(target.calls, src.calls);
-    appendAll(target.assignments, src.assignments);
-    appendAll(target.routes, src.routes);
-    appendAll(target.fetchCalls, src.fetchCalls);
-    appendAll(target.fetchWrapperDefs, src.fetchWrapperDefs);
-    appendAll(target.decoratorRoutes, src.decoratorRoutes);
-    if (src.routerIncludes)
-        appendAll(target.routerIncludes, src.routerIncludes);
-    if (src.routerImports)
-        appendAll(target.routerImports, src.routerImports);
-    if (src.routerModuleAliases) {
-        target.routerModuleAliases ??= [];
-        appendAll(target.routerModuleAliases, src.routerModuleAliases);
-    }
-    appendAll(target.toolDefs, src.toolDefs);
-    appendAll(target.ormQueries, src.ormQueries);
-    appendAll(target.constructorBindings, src.constructorBindings);
-    appendAll(target.fileScopeBindings, src.fileScopeBindings);
-    appendAll(target.parsedFiles, src.parsedFiles);
-    for (const [lang, count] of Object.entries(src.skippedLanguages)) {
-        target.skippedLanguages[lang] = (target.skippedLanguages[lang] || 0) + count;
-    }
-    target.fileCount += src.fileCount;
-};
+// `mergeResult` (+ its `appendAll`) lives in ./result-merge.ts (extracted so it
+// can be unit-tested without importing this entry module).
 // Signal the pool that worker-side initialization (parser imports, language
 // grammars, type-env setup, all helper modules) is complete and the message
 // handler below is about to be attached. The pool's `waitForWorkerReady`
@@ -1920,7 +1889,7 @@ parentPort.on('message', (msg) => {
                     accumulated.parsedFiles = [];
                 }
             }
-            parentPort.postMessage({ type: 'result', data: accumulated });
+            postResultCloneSafe(accumulated);
             // Reset for potential reuse
             accumulated = {
                 nodes: [],

package/dist/core/ingestion/workers/post-result.d.ts

@@ -0,0 +1,22 @@
+import type { ParseWorkerResult } from './parse-worker.js';
+/**
+ * Deliver the accumulated result to the pool, surviving a non-cloneable value
+ * (#2112). Fast path: post as-is — on a healthy result this is the only thing
+ * that runs, so clone-safety adds zero overhead to normal runs. If structured
+ * clone rejects the payload (a function/symbol leaked into an extraction
+ * record — the reporter's case was a node `properties` value pointing at a
+ * native `toString`), rewrite the boundary-crossing arrays so the result is
+ * cloneable, record the affected paths on `result.skippedPaths`, warn the
+ * operator naming the offending field + file (so the still-unpinned leak is
+ * diagnosable from logs and fixable at source), and re-post.
+ *
+ * Recovery is attempted for ANY first-post failure, not only a `DataCloneError`.
+ * structuredClone invokes getters, and a getter that THROWS surfaces its own
+ * error (a `RangeError`, etc.) — NOT a `DataCloneError` (confirmed against a
+ * real MessageChannel). Gating recovery on `DataCloneError` let such a throw
+ * re-throw past the sanitizer and re-arm, under `POOL_SIZE=1`, the worker-death
+ * cascade this net prevents. The recovery path is wrapped in its own try/catch
+ * so a still-uncloneable re-post fails closed to a primitive-only
+ * `{type:'error'}` DELIBERATELY rather than escaping the worker.
+ */
+export declare function postResultCloneSafe(result: ParseWorkerResult): void;

package/dist/core/ingestion/workers/post-result.js

@@ -0,0 +1,87 @@
+/**
+ * Worker → main result delivery with clone-safety (#2112).
+ *
+ * Extracted from `parse-worker.ts` into its own side-effect-free module so it
+ * can be imported and exercised directly (the parse worker is an entry module:
+ * importing it would construct the parser, post `ready`, and attach the real
+ * message handler). The integration test imports `postResultCloneSafe` from
+ * here to cover the production wiring end to end rather than re-implementing it.
+ */
+import { parentPort } from 'node:worker_threads';
+import { makeWorkerResultCloneSafe } from './clone-safety.js';
+/**
+ * Strict mode (opt-in via `GITNEXUS_STRICT_CLONE=1`, inherited by workers). When
+ * on, a clone failure THROWS with the offending key path instead of silently
+ * sanitizing + delivering — so a leak introduced by a future provider/extractor
+ * change fails LOUDLY (in CI / dev) at its origin rather than being quietly
+ * stripped in production. The silent-recovery behavior is exactly what hid the
+ * original #2112 leak; strict mode removes the silence where we want loudness.
+ * Off in production, where the net's job is to keep the run alive.
+ */
+const STRICT_CLONE = process.env.GITNEXUS_STRICT_CLONE === '1';
+/**
+ * Deliver the accumulated result to the pool, surviving a non-cloneable value
+ * (#2112). Fast path: post as-is — on a healthy result this is the only thing
+ * that runs, so clone-safety adds zero overhead to normal runs. If structured
+ * clone rejects the payload (a function/symbol leaked into an extraction
+ * record — the reporter's case was a node `properties` value pointing at a
+ * native `toString`), rewrite the boundary-crossing arrays so the result is
+ * cloneable, record the affected paths on `result.skippedPaths`, warn the
+ * operator naming the offending field + file (so the still-unpinned leak is
+ * diagnosable from logs and fixable at source), and re-post.
+ *
+ * Recovery is attempted for ANY first-post failure, not only a `DataCloneError`.
+ * structuredClone invokes getters, and a getter that THROWS surfaces its own
+ * error (a `RangeError`, etc.) — NOT a `DataCloneError` (confirmed against a
+ * real MessageChannel). Gating recovery on `DataCloneError` let such a throw
+ * re-throw past the sanitizer and re-arm, under `POOL_SIZE=1`, the worker-death
+ * cascade this net prevents. The recovery path is wrapped in its own try/catch
+ * so a still-uncloneable re-post fails closed to a primitive-only
+ * `{type:'error'}` DELIBERATELY rather than escaping the worker.
+ */
+export function postResultCloneSafe(result) {
+    try {
+        parentPort.postMessage({ type: 'result', data: result });
+        return;
+    }
+    catch {
+        // Fall through to recovery on ANY failure (DataCloneError OR a throwing
+        // getter's own error). A healthy post returned above and never reaches here.
+    }
+    try {
+        // `as unknown as Record<string, unknown>` is the standard widening for a
+        // no-index-signature interface (TS rejects a single-step `as`). The field
+        // sets are typed to `keyof ParseWorkerResult` so renaming a field is a
+        // compile error here, not a silent loss of the drop-whole / skip protection.
+        const { skipped } = makeWorkerResultCloneSafe(result, {
+            dropWholeElement: new Set(['parsedFiles']),
+            skipFields: new Set(['skippedPaths']),
+        });
+        if (skipped.length > 0) {
+            if (STRICT_CLONE) {
+                // Surface the leak loudly with its exact key path(s) instead of
+                // delivering a sanitized result. Routes to the catch below → a
+                // primitive-only {type:'error'} the pool reports, failing CI.
+                const detail = skipped.map((s) => `${s.path}: ${s.reason}`).join('; ');
+                throw new Error(`GITNEXUS_STRICT_CLONE: worker result was not structured-cloneable — ${detail}`);
+            }
+            result.skippedPaths = [...(result.skippedPaths ?? []), ...skipped];
+            const sample = skipped
+                .slice(0, 5)
+                .map((s) => `${s.path} (${s.reason})`)
+                .join('; ');
+            const more = skipped.length > 5 ? ` …and ${skipped.length - 5} more` : '';
+            if (parentPort) {
+                parentPort.postMessage({
+                    type: 'warning',
+                    message: `Sanitized ${skipped.length} file(s) with non-serializable parse output before delivery: ${sample}${more}`,
+                });
+            }
+        }
+        parentPort.postMessage({ type: 'result', data: result });
+    }
+    catch (err) {
+        const e = err instanceof Error ? err : new Error(String(err));
+        parentPort.postMessage({ type: 'error', error: e.message, errorStack: e.stack });
+    }
+}

package/dist/core/ingestion/workers/result-merge.d.ts

@@ -0,0 +1,20 @@
+/**
+ * Merge of accumulated parse-worker results (sub-batch result → the conceptual
+ * job's running accumulator).
+ *
+ * Extracted from `parse-worker.ts` into this side-effect-free module so the
+ * merge can be imported and unit-tested directly — the parse worker is an entry
+ * module (importing it constructs the parser, posts `ready`, and attaches the
+ * real MessagePort handler), so a main-thread test cannot import a helper out of
+ * it. Mirrors the `post-result.ts` extraction.
+ *
+ * `import type` of `ParseWorkerResult` is erased at runtime, so there is no
+ * import cycle with `parse-worker.ts` (which imports this module's runtime).
+ */
+import type { ParseWorkerResult } from './parse-worker.js';
+/**
+ * Merge `src` into `target` in place: append every boundary-crossing array,
+ * sum the per-language skip counts, union the clone-safety `skippedPaths`, and
+ * add the file count.
+ */
+export declare const mergeResult: (target: ParseWorkerResult, src: ParseWorkerResult) => void;

package/dist/core/ingestion/workers/result-merge.js

@@ -0,0 +1,43 @@
+// Use a loop instead of push(...spread) to avoid hitting V8's argument limit
+// when merging large result sets (push(...arr) calls apply() under the hood
+// and blows the stack when arr has >~65k elements).
+const appendAll = (target, src) => {
+    for (let i = 0; i < src.length; i++)
+        target.push(src[i]);
+};
+/**
+ * Merge `src` into `target` in place: append every boundary-crossing array,
+ * sum the per-language skip counts, union the clone-safety `skippedPaths`, and
+ * add the file count.
+ */
+export const mergeResult = (target, src) => {
+    appendAll(target.nodes, src.nodes);
+    appendAll(target.relationships, src.relationships);
+    appendAll(target.symbols, src.symbols);
+    appendAll(target.calls, src.calls);
+    appendAll(target.assignments, src.assignments);
+    appendAll(target.routes, src.routes);
+    appendAll(target.fetchCalls, src.fetchCalls);
+    appendAll(target.fetchWrapperDefs, src.fetchWrapperDefs);
+    appendAll(target.decoratorRoutes, src.decoratorRoutes);
+    if (src.routerIncludes)
+        appendAll(target.routerIncludes, src.routerIncludes);
+    if (src.routerImports)
+        appendAll(target.routerImports, src.routerImports);
+    if (src.routerModuleAliases) {
+        target.routerModuleAliases ??= [];
+        appendAll(target.routerModuleAliases, src.routerModuleAliases);
+    }
+    appendAll(target.toolDefs, src.toolDefs);
+    appendAll(target.ormQueries, src.ormQueries);
+    appendAll(target.constructorBindings, src.constructorBindings);
+    appendAll(target.fileScopeBindings, src.fileScopeBindings);
+    appendAll(target.parsedFiles, src.parsedFiles);
+    for (const [lang, count] of Object.entries(src.skippedLanguages)) {
+        target.skippedLanguages[lang] = (target.skippedLanguages[lang] || 0) + count;
+    }
+    if (src.skippedPaths && src.skippedPaths.length > 0) {
+        (target.skippedPaths ??= []).push(...src.skippedPaths);
+    }
+    target.fileCount += src.fileCount;
+};

package/dist/core/ingestion/workers/worker-pool.d.ts

@@ -273,6 +273,12 @@ export declare function resolveAutoPoolSize(): number;
  *   time spent across all attempts/splits/retries. When the budget is
  *   exhausted, the pool surfaces the in-flight path via `WorkerPoolDispatchError`
  *   instead of letting timeouts compound indefinitely.
+ *
+ * Upstream of these layers, the parse worker self-sanitizes a result that the
+ * structured-clone algorithm can't serialize (#2112) — stripping or dropping
+ * the offending value and reporting the affected paths on the result — so a
+ * single non-cloneable value can't masquerade as a worker death and exhaust a
+ * slot's respawn budget here.
  */
 export declare const createWorkerPool: (workerUrl: URL, poolSize?: number, options?: WorkerPoolOptions) => WorkerPool;
 export {};

package/dist/core/ingestion/workers/worker-pool.js

@@ -523,6 +523,12 @@ function createJobs(items, maxItems, maxBytes, timeoutMs, chunkHash) {
  *   time spent across all attempts/splits/retries. When the budget is
  *   exhausted, the pool surfaces the in-flight path via `WorkerPoolDispatchError`
  *   instead of letting timeouts compound indefinitely.
+ *
+ * Upstream of these layers, the parse worker self-sanitizes a result that the
+ * structured-clone algorithm can't serialize (#2112) — stripping or dropping
+ * the offending value and reporting the affected paths on the result — so a
+ * single non-cloneable value can't masquerade as a worker death and exhaust a
+ * slot's respawn budget here.
  */
 export const createWorkerPool = (workerUrl, poolSize, options) => {
     // Validate worker script exists before spawning to prevent uncaught
@@ -1313,14 +1319,19 @@ export const createWorkerPool = (workerUrl, poolSize, options) => {
                     if (settled || stopped)
                         return;
                     // Native postMessage delivers POJO directly via Node's
-                    // structured clone. V8 deserialization failures (malformed
-                    // frame, non-cloneable value) surface as a `messageerror`
-                    // event handled below — they never reach this handler. The
-                    // only thing we need to guard for here is a worker that
-                    // sends a message without a `type` discriminant (a bug in
-                    // the worker, not a wire-format issue): without the guard
-                    // `null.type` would throw a TypeError out of the
-                    // EventEmitter listener → uncaughtException on the main
+                    // structured clone. Two distinct clone failure modes exist,
+                    // and NEITHER reaches this handler: (1) a SENDER-side
+                    // non-cloneable value (a function/symbol that leaked into the
+                    // result) throws a synchronous `DataCloneError` on the
+                    // worker's own postMessage — the parse worker self-sanitizes
+                    // such results before delivery (#2112) and falls back to a
+                    // primitive-only `{type:'error'}` if it still can't serialize;
+                    // (2) a RECEIVER-side deserialization failure surfaces as a
+                    // `messageerror` event handled below. The only thing THIS
+                    // handler guards is a worker that sends a message without a
+                    // `type` discriminant (a worker bug, not a wire-format issue):
+                    // without the guard `null.type` would throw a TypeError out of
+                    // the EventEmitter listener → uncaughtException on the main
                     // thread.
                     const msg = raw;
                     if (msg === null || typeof msg !== 'object' || typeof msg.type !== 'string') {
@@ -1417,12 +1428,15 @@ export const createWorkerPool = (workerUrl, poolSize, options) => {
                             `Likely OOM or native addon failure${inFlightSuffix}.`, excludes);
                     }
                 };
-                // `messageerror` fires when V8 fails to deserialize a postMessage
-                // payload (e.g., the worker tries to send a non-cloneable value
-                // back, or structured-clone hits an unsupported shape). The worker
-                // stays ALIVE but the message is lost — without this handler the
-                // pool would sit on the dropped message until the idle timeout
-                // expires. Treat it as worker death so the resilience layers fire:
+                // `messageerror` fires when V8 fails to DESERIALIZE a postMessage
+                // payload on THIS (receiver) side — a value that serialized on the
+                // worker but can't be reconstructed here. (A non-cloneable value on
+                // the SENDER side instead throws a synchronous DataCloneError on the
+                // worker's own postMessage; that path is caught and sanitized
+                // worker-side (#2112) and never arrives here.) The worker stays ALIVE
+                // but the message is lost — without this handler the pool would sit on
+                // the dropped message until the idle timeout expires. Treat it as
+                // worker death so the resilience layers fire:
                 // requeue the remainder via `recoverAndResume`, attribute the
                 // in-flight file from the `starting-file` signal (if observed),
                 // and let the per-slot respawn budget and circuit breaker decide

package/dist/server/analyze-worker-ipc.d.ts

@@ -0,0 +1,58 @@
+/**
+ * JSON-safe projection of `AnalyzeResult` for the analyze-worker → parent IPC
+ * boundary (#2112 boundary audit; #2135).
+ *
+ * The forked analyze worker (`analyze-worker.ts`) reports completion to the
+ * parent over `child_process` IPC, which uses Node's DEFAULT `'json'`
+ * serialization — `api.ts` forks the worker with no `serialization:` option, so
+ * the channel runs `JSON.stringify`/`JSON.parse`, NOT V8 structured clone.
+ *
+ * `AnalyzeResult.pipelineResult` is populated on every successful analysis
+ * (`run-analyze.ts`) and carries `pipelineResult.graph` — the live
+ * `KnowledgeGraph` closure object. Sending the raw result across this channel is
+ * wrong three ways:
+ *   1. Waste — the graph's `nodes`/`relationships` getters force-materialize the
+ *      ENTIRE graph into two arrays, then JSON-stringify them, on every analyze.
+ *      On a large repo (the #2112 scenario) that is a multi-hundred-MB
+ *      stringify+parse whose result is immediately discarded.
+ *   2. Silent corruption — the graph's methods are own function properties;
+ *      `JSON.stringify` drops them with no error, so a `pipelineResult.graph`
+ *      that survived the wire is a data-only husk whose `forEachNode(...)` throws
+ *      "is not a function" far from the cause.
+ *   3. Conditional crash — a BigInt or circular reference anywhere in the
+ *      payload makes `process.send` throw `TypeError` synchronously; the throw is
+ *      caught in the worker and re-sent as `{type:'error'}`, turning a
+ *      SUCCESSFUL analysis (DB already written) into a reported FAILURE. This is
+ *      the #2112 failure family on the server path, and — unlike the parse-worker
+ *      result boundary — it has no clone-safety net.
+ *
+ * The parent (`api.ts`) reads only `result.repoName`; `pipelineResult`'s real
+ * consumers (CLI skill generation) call `runFullAnalysis` in-process and never
+ * cross this fork. So the worker sends an explicit allowlist of the scalar
+ * fields, JSON-safe by construction.
+ */
+import type { AnalyzeResult } from '../core/run-analyze.js';
+/**
+ * The JSON-safe subset of `AnalyzeResult` that crosses the analyze-worker IPC
+ * boundary. A `Pick` allowlist — NOT `Omit<…, 'pipelineResult'>`. With `Pick`
+ * the allowlist IS the type, so the projection is exhaustive by construction:
+ * `projectAnalyzeResultForIpc`'s return literal must name exactly these keys
+ * (omitting one is a compile error), and a new field added to `AnalyzeResult`
+ * is simply absent from the wire until it is *deliberately* added here. `Omit`
+ * couldn't give that guarantee — it kept every other field, including OPTIONAL
+ * ones (e.g. `isPrimaryBranch?`), so an optional non-serializable field could be
+ * advertised by the type yet silently dropped by the runtime allowlist.
+ *
+ * `isPrimaryBranch` is intentionally excluded: the parent (`api.ts`) reads only
+ * `repoName`, and nothing consumes `isPrimaryBranch` across this fork (its CLI
+ * consumer calls `runFullAnalysis` in-process). Add a field here only when a
+ * server-side IPC consumer actually needs it — and only if it is JSON-safe.
+ */
+export type AnalyzeResultIpc = Pick<AnalyzeResult, 'repoName' | 'repoPath' | 'stats' | 'alreadyUpToDate' | 'ftsRepairedOnly' | 'ftsSkipped'>;
+/**
+ * Project an `AnalyzeResult` down to the JSON-safe fields the parent consumes,
+ * dropping `pipelineResult` (the live `KnowledgeGraph`) and any other field not
+ * in the `AnalyzeResultIpc` allowlist. The return literal is exhaustive over
+ * `AnalyzeResultIpc` (a missing key is a compile error).
+ */
+export declare function projectAnalyzeResultForIpc(result: AnalyzeResult): AnalyzeResultIpc;

package/dist/server/analyze-worker-ipc.js

@@ -0,0 +1,16 @@
+/**
+ * Project an `AnalyzeResult` down to the JSON-safe fields the parent consumes,
+ * dropping `pipelineResult` (the live `KnowledgeGraph`) and any other field not
+ * in the `AnalyzeResultIpc` allowlist. The return literal is exhaustive over
+ * `AnalyzeResultIpc` (a missing key is a compile error).
+ */
+export function projectAnalyzeResultForIpc(result) {
+    return {
+        repoName: result.repoName,
+        repoPath: result.repoPath,
+        stats: result.stats,
+        alreadyUpToDate: result.alreadyUpToDate,
+        ftsRepairedOnly: result.ftsRepairedOnly,
+        ftsSkipped: result.ftsSkipped,
+    };
+}

package/dist/server/analyze-worker.js

@@ -11,6 +11,7 @@
  *   Child -> Parent: { type: 'error', message: string }
  */
 import { runFullAnalysis } from '../core/run-analyze.js';
+import { projectAnalyzeResultForIpc } from './analyze-worker-ipc.js';
 import { closeLbug } from '../core/lbug/lbug-adapter.js';
 function send(msg) {
     process.send?.(msg);
@@ -48,7 +49,12 @@ process.on('message', async (msg) => {
                 send({ type: 'progress', phase: 'log', percent: -1, message });
             },
         });
-        send({ type: 'complete', result });
+        // Send a JSON-safe projection, NOT the raw result: the IPC channel is
+        // default-JSON serialization and `result.pipelineResult` carries the live
+        // KnowledgeGraph (wasteful to materialize, silently corrupted by JSON, and
+        // a BigInt/circular value would throw and mis-report this success as a
+        // failure). See analyze-worker-ipc.ts.
+        send({ type: 'complete', result: projectAnalyzeResultForIpc(result) });
     }
     catch (err) {
         send({ type: 'error', message: err?.message || 'Analysis failed' });

package/dist/storage/parse-cache.js

@@ -149,6 +149,9 @@ export const slimParseWorkerResultsForCache = (chunkResults) => {
             assignments: [],
             constructorBindings: [],
             parsedFiles: [],
+            // #2112: a clone-safety skip list is per-run telemetry, not graph data —
+            // replay ignores it. Drop it so it doesn't bloat the cached shard.
+            skippedPaths: [],
         });
     }
     return slim;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gitnexus",
-  "version": "1.6.8-rc.8",
+  "version": "1.6.8-rc.9",
   "description": "Graph-powered code intelligence for AI agents. Index any codebase, query via MCP or CLI.",
   "author": "Abhigyan Patwari",
   "license": "PolyForm-Noncommercial-1.0.0",