abhigyanpatwari/GitNexus v1.3.10

on GitHub

Security

• MCP transport buffer cap: Added 10 MB MAX_BUFFER_SIZE limit to prevent out-of-memory attacks via oversized Content-Length headers or unbounded newline-delimited input
• Content-Length validation: Reject Content-Length values exceeding the buffer cap before allocating memory
• Stack overflow prevention: Replaced recursive readNewlineMessage with iterative loop to prevent stack overflow from consecutive empty lines
• Ambiguous prefix hardening: Tightened looksLikeContentLength to require 14+ bytes before matching, preventing false framing detection on short input
• Closed transport guard: send() now rejects with a clear error when called after close(), with proper write-error propagation

Added

• Dual-framing MCP transport (CompatibleStdioServerTransport): Auto-detects Content-Length and newline-delimited JSON framing on the first message, responds in the same format (#207)
• Lazy CLI module loading: All CLI subcommands now use createLazyAction() to defer heavy imports (tree-sitter, ONNX, KuzuDB) until invocation, significantly improving gitnexus mcp startup time (#207)
• Type-safe lazy actions: createLazyAction uses constrained generics to validate export names against module types at compile time
• Regression test suite: 13 unit tests covering transport framing, security hardening, buffer limits, and lazy action loading

Fixed

• CALLS edge sourceId alignment: findEnclosingFunctionId now generates IDs with :startLine suffix matching node creation format, fixing process detector finding 0 entry points (#194)
• LRU cache zero maxSize crash: Guard createASTCache against maxSize=0 when repos have no parseable files (#144)

Changed

• Transport constructor accepts NodeJS.ReadableStream / NodeJS.WritableStream (widened from concrete types)
• processReadBuffer simplified to break on first error instead of stale-buffer retry loop

What's Changed

• feat: local backend mode for web UI by @paulrobello in #49
• feat(plugin): self-contained Claude Code plugin with bundled MCP, hooks, and skills by @L1nusB in #68
• feat(ui): Add a copy button to the Nexus AI and copy the md result by @CrazyBunQnQ in #75
• feat(php): full PHP 8+ / Laravel support with Eloquent model tracking by @gunesbizim in #64
• Probe for CUDA before attempting GPU embeddings by @BlockSecCA in #58
• feat: remote server connection mode and multi-repo switching by @baconwasr1ght in #66
• fix(mcp): don't crash server when no repos are indexed by @abhigyanpatwari in #96
• fix: lazy-import embeddings to avoid onnxruntime crash on Node v24+ by @abhigyanpatwari in #99
• fix: ensure exec usage does not allow poisoning by @strazzere in #61
• feat(ingestion): add AST decorator-based entrypoint hints by @PurpleNewNew in #102
• fix(web): map API path field to repoPath in fetchRepoInfo by @christopheralex-cc in #105
• feat(swift): full Swift / iOS language support with SPM import resolution by @jandyx in #94
• feat: add Kotlin language support by @magyargergo in #84
• Feat/php laravel support by @gunesbizim in #133
• feat: inline imperative instructions in CLAUDE.md/AGENTS.md by @abhigyanpatwari in #190
• chore: bump version to 1.3.7 by @abhigyanpatwari in #191
• fix(cli): force-exit after analyze to prevent KuzuDB hang by @abhigyanpatwari in #192
• chore: bump version to 1.3.8 by @abhigyanpatwari in #193
• fix(ingestion): align CALLS edge sourceId with node ID format by @abhigyanpatwari in #194
• fix: guard createASTCache against zero maxSize to prevent LRU cache crash by @magyargergo in #144
• Improve MCP startup compatibility and lazy-load CLI commands by @Shockang in #207

New Contributors

• @paulrobello made their first contribution in #49
• @L1nusB made their first contribution in #68
• @CrazyBunQnQ made their first contribution in #75
• @gunesbizim made their first contribution in #64
• @BlockSecCA made their first contribution in #58
• @baconwasr1ght made their first contribution in #66
• @strazzere made their first contribution in #61
• @PurpleNewNew made their first contribution in #102
• @christopheralex-cc made their first contribution in #105
• @jandyx made their first contribution in #94
• @magyargergo made their first contribution in #84
• @Shockang made their first contribution in #207

Full Changelog: v1.2.8...v1.3.10