magector 2.12.0 → 2.13.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "magector",
-  "version": "2.12.0",
+  "version": "2.13.1",
   "description": "Semantic code search for Magento 2 — index, search, MCP server",
   "type": "module",
   "main": "src/mcp-server.js",
@@ -33,10 +33,10 @@
     "ruvector": "^0.1.96"
   },
   "optionalDependencies": {
-    "@magector/cli-darwin-arm64": "2.12.0",
-    "@magector/cli-linux-x64": "2.12.0",
-    "@magector/cli-linux-arm64": "2.12.0",
-    "@magector/cli-win32-x64": "2.12.0"
+    "@magector/cli-darwin-arm64": "2.13.1",
+    "@magector/cli-linux-x64": "2.13.1",
+    "@magector/cli-linux-arm64": "2.13.1",
+    "@magector/cli-win32-x64": "2.13.1"
   },
   "keywords": [
     "magento",

package/src/mcp-server.js

@@ -3425,6 +3425,175 @@ async function traceCallChain(startClass, startMethod, maxDepth = 3) {
   return result;
 }
 
+// ─── Method Chain Enrichment ────────────────────────────────────
+// Scans PHP files for two-step method chains (->first()->second()) and detects
+// null guards in surrounding code. Results stored in SQLite enrichment.db for
+// instant O(1) queries — eliminates 20+ grep calls for null-risk analyses.
+
+const ENRICHMENT_DB_PATH = (root) => path.join(root, '.magector', 'enrichment.db');
+
+/**
+ * Detect null guard for a chained call in surrounding lines.
+ * Checks ±guardRadius lines for: null checks, ?->, ??, isset()
+ */
+function hasNullGuard(lines, matchLineIdx, receiverExpr, guardRadius = 6) {
+  const start = Math.max(0, matchLineIdx - guardRadius);
+  const end = Math.min(lines.length - 1, matchLineIdx + guardRadius);
+  const matchLine = lines[matchLineIdx] || '';
+  const window = lines.slice(start, end + 1).join('\n');
+
+  // ?-> only counts if it's on the same line as the chain (avoid false positives from unrelated variables)
+  if (matchLine.includes('?->')) return true;
+  if (/\?\?|\?:/.test(window)) return true;
+
+  if (receiverExpr) {
+    const esc = receiverExpr.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+    if (new RegExp(`(?:is_null\\s*\\(\\s*${esc}|${esc}\\s*(?:===|!==)\\s*null|!\\s*${esc}\\s*[,)]|isset\\s*\\(\\s*${esc})`, 'i').test(window)) return true;
+  }
+  return false;
+}
+
+/**
+ * Scan vendor/ PHP files for ->first()->second() chains and store null-safety
+ * analysis in enrichment.db. Called by magento_enrich and after magento_index.
+ */
+async function enrichMethodChains(root) {
+  const dbPath = ENRICHMENT_DB_PATH(root);
+
+  // Use node:sqlite (built-in, no deps)
+  let DatabaseSync;
+  try {
+    ({ DatabaseSync } = await import('node:sqlite'));
+  } catch {
+    throw new Error('node:sqlite not available — requires Node.js 22.5+');
+  }
+
+  const db = new DatabaseSync(dbPath);
+  db.exec('PRAGMA journal_mode = WAL');
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS method_chains (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      file TEXT NOT NULL,
+      line INTEGER NOT NULL,
+      chain TEXT NOT NULL,
+      first_method TEXT NOT NULL,
+      second_method TEXT NOT NULL,
+      has_null_guard INTEGER NOT NULL DEFAULT 0,
+      updated_at INTEGER NOT NULL
+    );
+    CREATE INDEX IF NOT EXISTS idx_first_method ON method_chains (first_method);
+    CREATE INDEX IF NOT EXISTS idx_null_guard ON method_chains (has_null_guard, first_method);
+  `);
+
+  // Two-step chain: $var->firstMethod(...)->secondMethod(
+  // Captures: receiver ($var), firstMethod, secondMethod
+  const chainRegex = /(\$\w+)\s*->\s*(\w+)\s*\([^)]{0,60}\)\s*->\s*(\w+)\s*\(/g;
+  const now = Date.now();
+
+  const phpFiles = await glob('vendor/**/*.php', { cwd: root, absolute: true, nodir: true });
+  let scanned = 0;
+  let chains = 0;
+
+  const insertStmt = db.prepare(
+    'INSERT INTO method_chains (file, line, chain, first_method, second_method, has_null_guard, updated_at) VALUES (?,?,?,?,?,?,?)'
+  );
+  const deleteFile = db.prepare('DELETE FROM method_chains WHERE file = ?');
+
+  // Build line-offset index for O(1) line number lookups
+  function buildLineIndex(content) {
+    const offsets = [0];
+    let idx = 0;
+    while ((idx = content.indexOf('\n', idx)) !== -1) {
+      idx++;
+      offsets.push(idx);
+    }
+    return offsets;
+  }
+
+  function lineFromOffset(offsets, charIndex) {
+    let lo = 0, hi = offsets.length - 1;
+    while (lo < hi) {
+      const mid = (lo + hi + 1) >> 1;
+      if (offsets[mid] <= charIndex) lo = mid; else hi = mid - 1;
+    }
+    return lo + 1; // 1-based
+  }
+
+  db.exec('BEGIN');
+  try {
+    for (const phpFile of phpFiles) {
+      let content;
+      try { content = readFileSync(phpFile, 'utf-8'); } catch { continue; }
+      if (!content.includes('->')) continue;
+
+      const relPath = phpFile.replace(root + '/', '');
+      const lines = content.split('\n');
+      const lineOffsets = buildLineIndex(content);
+      const rows = [];
+
+      chainRegex.lastIndex = 0;
+      let m;
+      while ((m = chainRegex.exec(content)) !== null) {
+        const lineNum = lineFromOffset(lineOffsets, m.index);
+        rows.push({
+          file: relPath, line: lineNum,
+          chain: `->${m[2]}()->${m[3]}()`,
+          firstMethod: m[2], secondMethod: m[3],
+          hasNullGuard: hasNullGuard(lines, lineNum - 1, m[1]) ? 1 : 0
+        });
+        chains++;
+      }
+
+      if (rows.length > 0) {
+        deleteFile.run(relPath);
+        for (const r of rows) {
+          insertStmt.run(r.file, r.line, r.chain, r.firstMethod, r.secondMethod, r.hasNullGuard, now);
+        }
+      }
+      scanned++;
+    }
+    db.exec('COMMIT');
+  } catch (err) {
+    db.exec('ROLLBACK');
+    throw err;
+  }
+
+  db.close();
+  return { scanned, chains };
+}
+
+/**
+ * Query enrichment.db for unsafe method chains (no null guard).
+ */
+async function queryNullRisks(root, firstMethod, limit = 100) {
+  const dbPath = ENRICHMENT_DB_PATH(root);
+  if (!existsSync(dbPath)) return null;
+
+  let DatabaseSync;
+  try {
+    ({ DatabaseSync } = await import('node:sqlite'));
+  } catch {
+    return null;
+  }
+
+  const db = new DatabaseSync(dbPath, { open: true });
+  let rows;
+  try {
+    if (firstMethod) {
+      rows = db.prepare(
+        'SELECT file, line, chain, second_method FROM method_chains WHERE has_null_guard = 0 AND first_method = ? ORDER BY file, line LIMIT ?'
+      ).all(firstMethod, limit);
+    } else {
+      rows = db.prepare(
+        'SELECT file, line, chain, first_method, second_method FROM method_chains WHERE has_null_guard = 0 ORDER BY first_method, file, line LIMIT ?'
+      ).all(limit);
+    }
+  } finally {
+    db.close();
+  }
+  return rows;
+}
+
 // ─── AST Search (semgrep) ───────────────────────────────────────
 
 async function astSearch(pattern, searchPath, lang, maxResults) {
@@ -4243,6 +4412,29 @@ server.setRequestHandler(ListToolsRequestSchema, async () => ({
         required: ['pattern']
       }
     },
+    {
+      name: 'magento_enrich',
+      description: 'Build the method-chain enrichment index. Scans all vendor/ PHP files for two-step method chains (->firstMethod()->secondMethod()) and analyses whether each call has a null guard in surrounding code. Results stored in .magector/enrichment.db. Run this once after magento_index, then use magento_find_null_risks for instant O(1) null-safety queries instead of 20+ grep calls. Also runs automatically after magento_index completes.',
+      inputSchema: { type: 'object', properties: {} }
+    },
+    {
+      name: 'magento_find_null_risks',
+      description: 'Find method chains without null guards using the pre-built enrichment index. Returns all ->firstMethod()->secondMethod() calls where no null check (=== null, !== null, ?->, ??, isset, is_null) was detected in surrounding code. Requires magento_enrich to have been run first. 100× faster than grep — O(1) SQLite query vs O(n) file scan. Use firstMethod to filter (e.g., "getPayment" finds all ->getPayment()->anything() without null guard). ⚡ For multi-query workflows use magento_batch.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          firstMethod: {
+            type: 'string',
+            description: 'Filter by first method name. Example: "getPayment" returns all ->getPayment()->$X() without null guard. Omit to get all unsafe chains.'
+          },
+          limit: {
+            type: 'number',
+            description: 'Maximum results (default: 100, max: 500)',
+            default: 100
+          }
+        }
+      }
+    },
     {
       name: 'magento_trace_api',
       description: 'Trace a REST or GraphQL API endpoint from URL to implementation. Parses webapi.xml to find the service interface, resolves the DI preference to the concrete class, reads the execute/method body, and checks di.xml for constructor arguments. Returns the complete chain in one call.',
@@ -4309,7 +4501,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
     // These tools have filesystem/di.xml fallbacks — work without serve process
     'magento_find_class', 'magento_find_method', 'magento_find_plugin',
     'magento_find_observer', 'magento_find_di_wiring', 'magento_module_structure',
-    'magento_batch', 'magento_find_config', 'magento_find_callers', 'magento_grep', 'magento_read', 'magento_trace_api', 'magento_ast_search'];
+    'magento_batch', 'magento_find_config', 'magento_find_callers', 'magento_grep', 'magento_read', 'magento_trace_api', 'magento_ast_search', 'magento_find_null_risks'];
   if (warmupInProgress && !indexFreeTools.includes(name)) {
     logToFile('REQ', `${name} → blocked (warmup: loading index)`);
     return {
@@ -4572,10 +4764,16 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
       case 'magento_index': {
         const root = args.path || config.magentoRoot;
         const output = rustIndex(root);
+        // Auto-enrich after indexing: runs in background, doesn't block response
+        enrichMethodChains(root).then(({ scanned, chains }) => {
+          logToFile('INFO', `Auto-enrich complete: ${scanned} files, ${chains} chains`);
+        }).catch(err => {
+          logToFile('WARN', `Auto-enrich failed: ${err.message}`);
+        });
         return {
           content: [{
             type: 'text',
-            text: `Indexing complete (Rust core).\n\n${output}`
+            text: `Indexing complete (Rust core).\n\n${output}\n\n_Method-chain enrichment index is being built in the background. Use \`magento_enrich\` to run it manually or wait ~30-60s._`
           }]
         };
       }
@@ -6173,8 +6371,7 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 const maxRes = Math.min(a.maxResults || 30, 100);
                 const batchCtx = a.context !== undefined ? a.context : 4;
                 const batchFilesOnly = a.filesOnly || false;
-                const gArgs = ['-rn', '-E'];
-                if (batchFilesOnly) { gArgs[0] = '-rl'; gArgs.splice(1, 1); } // -rl = recursive + files-only, drop -n
+                const gArgs = batchFilesOnly ? ['-rl', '-E'] : ['-rn', '-E'];
                 if (a.ignoreCase) gArgs.push('-i');
                 if (!batchFilesOnly && batchCtx > 0) gArgs.push('-C', String(batchCtx));
                 for (const pat of include.split(',').map(p => p.trim())) gArgs.push('--include=' + pat);
@@ -6203,6 +6400,19 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
                 }
                 break;
               }
+              case 'magento_find_null_risks': {
+                const bRoot = config.magentoRoot;
+                const bLimit = Math.min(a.limit || 100, 500);
+                const bRows = bRoot ? await queryNullRisks(bRoot, a.firstMethod || null, bLimit) : null;
+                if (!bRows) { text = '⚠️ Run magento_enrich first.'; break; }
+                if (bRows.length === 0) { text = 'No unsafe chains found.'; break; }
+                text = `Found ${bRows.length} unsafe chain(s):\n`;
+                for (const r of bRows.slice(0, 50)) {
+                  const chain = r.chain || `->${r.first_method}()->${r.second_method}()`;
+                  text += `${r.file}:${r.line}: ${chain}\n`;
+                }
+                break;
+              }
               default:
                 text = `Unsupported batch tool: ${q.tool}`;
             }
@@ -6460,6 +6670,51 @@ server.setRequestHandler(CallToolRequestSchema, async (request) => {
         return { content: [{ type: 'text', text }] };
       }
 
+      case 'magento_enrich': {
+        const root = config.magentoRoot;
+        if (!root) return { content: [{ type: 'text', text: 'MAGENTO_ROOT not set.' }], isError: true };
+        let text = `## magento_enrich\n\nScanning vendor/ PHP files for method chains...\n`;
+        try {
+          const { scanned, chains } = await enrichMethodChains(root);
+          text += `\n✅ **Done**\n- Files scanned: ${scanned}\n- Method chains indexed: ${chains}\n- Null-risk index saved to: \`.magector/enrichment.db\`\n\nUse \`magento_find_null_risks\` to query unsafe chains.`;
+        } catch (err) {
+          text += `\n❌ Error: ${err.message}`;
+        }
+        return { content: [{ type: 'text', text }] };
+      }
+
+      case 'magento_find_null_risks': {
+        const root = config.magentoRoot;
+        if (!root) return { content: [{ type: 'text', text: 'MAGENTO_ROOT not set.' }], isError: true };
+        const limit = Math.min(args.limit || 100, 500);
+        const rows = await queryNullRisks(root, args.firstMethod || null, limit);
+        if (rows === null) {
+          return { content: [{ type: 'text', text: `## magento_find_null_risks\n\n⚠️ Enrichment index not found. Run \`magento_enrich\` first to build the method-chain index.` }] };
+        }
+        if (rows.length === 0) {
+          const filter = args.firstMethod ? ` for \`->${args.firstMethod}()\`` : '';
+          return { content: [{ type: 'text', text: `## magento_find_null_risks${filter}\n\nNo unsafe chains found. All detected chains have null guards.` }] };
+        }
+        const filter = args.firstMethod ? ` for \`->${args.firstMethod}()\`` : '';
+        let text = `## magento_find_null_risks${filter}\n\nFound **${rows.length}** chain(s) without null guard:\n\n`;
+        // Group by chain type for readability
+        const byChain = {};
+        for (const r of rows) {
+          const key = r.chain || `->${r.first_method}()->${r.second_method}()`;
+          if (!byChain[key]) byChain[key] = [];
+          byChain[key].push(r);
+        }
+        for (const [chain, sites] of Object.entries(byChain)) {
+          text += `### \`${chain}\` (${sites.length} site${sites.length > 1 ? 's' : ''})\n`;
+          for (const s of sites.slice(0, 20)) {
+            text += `- \`${s.file}:${s.line}\`\n`;
+          }
+          if (sites.length > 20) text += `- ... and ${sites.length - 20} more\n`;
+          text += '\n';
+        }
+        return { content: [{ type: 'text', text }] };
+      }
+
       default:
         return {
           content: [{