v2.0.0 — Production Audit Fixes
Security
- Fix path traversal in wiki page reader
- Fix git diff argument ordering (broke incremental updates)
- Add regex allowlist for git ref validation
- Add explicit SSL context for MiniMax API
- Add
permissions: contents: readto CI workflow - Migrate to scoped PyPI publish secret
Reliability
- Fix
node_qualified_nameschema mismatch in wiki flow query - Wrap
store_file_nodes_edgesin explicitBEGIN IMMEDIATEtransaction - Narrow post-build exception handling to specific types
- Add error handling to watch mode delete handler
- Add schema version sync CI check (Python ↔ VSCode)
Performance
- Batch N+1 queries in
get_impact_radiusand risk scoring - Replace full edge table scan in wiki with targeted queries
- Merge hybrid search phases into single batch fetch
- Line-targeted replacement in refactor to prevent file corruption
Architecture
- Decompose 386-line
_extract_from_treeinto 6 focused methods - Add 17 public query methods to
GraphStore, eliminate 24_connaccesses - Split 1,782-line
tools.pyinto 10 themed sub-modules - Extract shared
SECURITY_KEYWORDStoconstants.py - Add
_error_response()helper for consistent error patterns - Update VSCode extension schema version to 5
- Update version strings across README, SECURITY.md,
__init__.py
Testing
- Add 5 integration tests with real git repos
- Raise CI coverage threshold from 50% to 65%
- Fix import ordering in test files