abhigyanpatwari/GitNexus v1.6.4

on GitHub

GitNexus v1.6.4 — 142 commits since v1.6.3, 40 issues closed by this release. Highlights: native-crash recovery (WAL quarantine + ladybug 0.16.x), Windows reliability, Go scope resolution, Unreal Engine C++ support, gitnexus publish, and the U2–U8 server hardening cluster.

npm install -g gitnexus@1.6.4

What's New

gitnexus publish — share your indexed graph

New opt-in command that pushes your indexed graph to the understand-quickly registry for shareable browsing. Universal artefact contract introduced alongside it. (#1425, #1458)

Languages

• Go scope-resolution hooks — Go joins Python / C# / TypeScript on the registry-primary RFC #909 path (#1302)
• TypeScript Ring 3 — TypeScript fully migrated to scope-based resolution; HOC-wrapped exports (forwardRef / memo / useCallback / useMemo / observer) now named correctly (#1050, #1261, #1175)
• Unreal Engine C++ — strips UCLASS / UFUNCTION / UPROPERTY reflection macros before tree-sitter parses (#1439)
• C++ cross-repo includes — new IncludeExtractor joins the group contract pipeline (#1156)
• Thrift contracts extractor — Apache Thrift IDL detection in group mode (#1234)
• Workspace extractors for Node, Python, Go, Java, Elixir — auto-discovery of cross-package boundaries (#1260)
• Rust workspace cross-crate contracts — [workspace] member crate auto-discovery (#1256)

Reliability & DX

• --embeddings <limit> — bound the embeddings pass on huge graphs (#1375, closes #382)
• Pino structured logger — JSON logs with TTY pretty-print across the core (#1336)
• Shared resilient-fetch helper — retries + circuit breaker reused by HF / Docker / publish flows (#1448)
• MCP tool safety annotations — every MCP tool advertises read-only / mutating semantics (#1127)
• /autofix ChatOps button — replaces inline reviewdog with a fork-safe PR autofix pipeline (#1446, #1458)
• Automated security scans in CI (#1297, #1455)

Fixed

Native crashes & WAL corruption

• WAL corruption recovery — quarantine corrupted .wal files instead of failing analyze; CHECKPOINT before close. Closes #1402, #1236, #1273, #1361 (#1417, #1314, #1377)
• Native crash cluster — @ladybugdb/core 0.16.0 → 0.16.1; prevent extension install hangs. Closes #1162, #1160, #273 (#1235, #1326, #1129)
• Windows reliability — pin tree-sitter-c/cpp to fix segfault, prefer .cmd/.bat from where output, robust LadybugDB lock acquisition, surface silent finalize-skips so analyze cannot exit 0 without persisting. Closes #1242, #1427, #1447, #1468, #1400; partial #1218 (#1243, #1299, #1430, #1237, #1226, #1235)

Search & FTS

• FTS read-only DB cluster — hook resolves canonical repo root and guards read-only FTS ensure; missing-FTS warning is now surfaced. Closes #1255, #1287, #1170, #1449, #1440, #1216, #1438 (#1226, #1418, #1107, #1123)

Embeddings

• Embedding download failures — actionable HF_ENDPOINT guidance, retries, timeout, and circuit breaker; bridge HF_ENDPOINT to transformers.js. Closes #1378, #1437, #1205 (#1419, #1252, #1078)

Languages

• C# "Cannot add property" crashes — generic typed properties now included in context and impact, fixing crashes on Unity ECS partial structs and on properties whose name matches the class name. Closes #1426, #1465 (#1399)
• C# frozen-bucket regression + scope-resolution I8 hardening — closes #1066 (#1082, #1085)
• Python — index repos with empty __init__.py and >32 KB files (#1163); deterministic multi-segment dotted imports (#1241, #1253)
• Go — loose equality for Array.find() null checks (#1384)
• Swift — switched to the official prebuilt parser runtime (#1130)

Server & MCP hardening (U2–U8)

• JS path-injection on /api/file + docker-server (U2, #1322); git-clone path/CLI-injection / ReDoS hardening (U3, #1325); per-route rate limiting on FS-touching endpoints (U4, #1327); URL/regex/tag-filter sanitization (U7, #1330); ReDoS in cobol-preprocessor + rust-workspace + cross-impact resource exhaustion (U8, #1331)
• Critical type-confusion + validation helper (#1317); rate-limit /api/analyze and /api/embed (closes #1328, #1339); IPv6 ipKeyGenerator (closes #1360, #1374); IPv4-compatible IPv6 / NAT64 SSRF bypasses in validateGitUrl (closes #1148); predictable tempfile names → crypto.randomBytes (#1387)
• Log-injection / http-to-file-access / client-side request forgery (#1456); pin Docker Node base images + Trivy verification + Dependabot policy (#1455)
• MCP — close MCP server timeout via stdout discipline + cold-start friction (#1383); avoid git from non-repo cwd in sibling-cwd match (closes #1138, #1293); start MCP bridge correctly when using npx (#1114); parallelize staleness checks in list_repos (#1416)

Group / contracts

• runExactMatch honours .gitnexusignore via shared IgnoreService (closes #1185, #1247); custom manifest links resolved against graph symbols (#1254)

Storage / CLI / Docker

• Derive registry name from canonical repo root, not worktree slug (closes #1259, #1296); --skip-git treats cwd as index root (#1245); keep GitNexus ignores inside .gitnexus/ (#1248); surface silent finalize-skips so analyze cannot exit 0 without persisting (closes #1169, #1237); ignore global registry during staleness checks (#1141)
• Dedicated health endpoint for container healthcheck (closes #1147, #1355); HEAD probe so SSE heartbeat doesn't time out healthcheck (#1182); flush WAL after /api/embed so search sees new embeddings (closes #1149, #1359); platform-aware semantic fallback (#1150); skip vector index query on unsupported platforms (closes #1178, #1181); serve web UI at root path instead of 404 (#1048)

Worker pool & performance

• Wait for replacement worker online before dispatch (#1324); prevent premature pool resolution in worker split-and-retry path (#1321); recover worker parse stalls (#1121)
• Replace O(n³) C3 merge loop with O(n²) head-pointer algorithm (#1316)

Contributors

Thanks to everyone who shipped code, filed bugs, and tested release candidates:

@magyargergo, @azizur100389, @Copilot, @evander-wang, @rcarmel999, @SZU-WenjieHuang, @amacsmith, @hiKareeem, @ReidenXerx, @JorrinKievit, @ChrisGVE, @sburdges-eng, @aaronjmars, @LINSUISHENG034, @1PLee, @vijaygali, @LaplaceYoung, @R09722akaBennett, @Morieity, @jelsco, @darianstlex, @b2pacific, @stemirkhan, @genoshide, @mann1x, @chouzz, @eltociear, @Hamzaa6296, @jarvisai1909, @abhigyanpatwari — and dependabot for keeping the supply chain fresh.

New Contributors

• @jarvisai1909 made their first contribution in #1070
• @chouzz made their first contribution in #1078
• @mann1x made their first contribution in #1085
• @eltociear made their first contribution in #1115
• @Hamzaa6296 made their first contribution in #1104
• @genoshide made their first contribution in #1114
• @b2pacific made their first contribution in #1126
• @darianstlex made their first contribution in #1093
• @LaplaceYoung made their first contribution in #1141
• @R09722akaBennett made their first contribution in #1182
• @Morieity made their first contribution in #1181
• @ReidenXerx made their first contribution in #1175
• @sburdges-eng made their first contribution in #1226
• @vijaygali made their first contribution in #1163
• @ChrisGVE made their first contribution in #1254
• @stemirkhan made their first contribution in #1127
• @aaronjmars made their first contribution in #1148
• @LINSUISHENG034 made their first contribution in #1314
• @1PLee made their first contribution in #1234
• @JorrinKievit made their first contribution in #1375
• @rcarmel999 made their first contribution in #1399
• @SZU-WenjieHuang made their first contribution in #1156
• @amacsmith made their first contribution in #1425
• @hiKareeem made their first contribution in #1439

Full Changelog: v1.6.3...v1.6.4