Skip to content

v0.4.0

Choose a tag to compare

@github-actions github-actions released this 14 May 12:15
v0.4.0
24fef39

codeiq v0.4.0

Deterministic code knowledge graph — Go single-binary release.
Verify the download:
# Checksum
sha256sum -c checksums.sha256
# Signature (Sigstore keyless, bundle format)
cosign verify-blob
--bundle checksums.sha256.cosign.bundle
--certificate-identity-regexp 'https://github.com/RandomCodeSpace/codeiq/.github/workflows/release-go.yml@.*'
--certificate-oidc-issuer https://token.actions.githubusercontent.com
checksums.sha256

Changelog

  • 24fef39 refactor: hoist Go module from go/ to repo root (#162)
  • c20c109 feat(buildinfo): fall back to debug.BuildInfo when ldflags unset (#161)
  • e5fd3fe docs: post-cutover + Kuzu 0.11 sweep (#160)
  • 799be73 refactor(graph): use Kuzu 0.11 native features (FTS, param LIMIT, []string) (#159)
  • 690fba6 chore(deps)(deps): bump github.com/kuzudb/go-kuzu (#155)
  • 235986c chore(actions)(deps): bump the actions group across 1 directory with 4 updates (#158)
  • fd77ec9 chore(deps)(deps): bump github.com/mattn/go-sqlite3 (#157)
  • 7869842 chore(deps)(deps): bump the cobra-viper group in /go with 2 updates (#156)
  • 2263146 chore(deps): drop Java + npm Dependabot sections; add gomod (#154)
  • cc96e1b fix(parser): unquote TOML keys and section headers (#152)
  • a83b768 fix(enrich): explicit QUOTE/ESCAPE so Kuzu COPY honors RFC-4180 (#153)
  • 4a6d82a fix(analyzer): path-qualify SERVICE node IDs to break PK collisions (#151)
  • 7867a79 fix(enrich): use pipe '|' delimiter for Kuzu COPY staging files (#150)
  • 91e34c3 fix(mcp): correct dispatch arg names in tools_consolidated (#149)
  • 7313a0a ci+docs(perf-gate): enrich memory regression gate + OOM-fix evidence (Phase D) (#148)
  • 51efda7 perf(enrich): --memprofile + --max-buffer-pool + --copy-threads flags (Phase C) (#147)
  • 548a5ec perf(parser): rewrite Walk to use TreeCursor (Task B1) (#146)
  • 9f54673 perf(enrich): Phase A quick wins for OOM fix (#145)
  • 4136977 perf(graph): batch BulkLoad CSV / COPY FROM at 50k rows (#143)
  • 9994900 docs: enrich OOM-fix streaming-refactor plan + gitignore fix (#144)
  • 094cffd test(mcp): per-mode parity for 6 consolidated tools (#139)
  • d2853dd chore(mcp): drop 24 narrow tools from user-facing MCP surface (#142)
  • e544af0 fix(detector/jvm): discriminator guard on KtorRouteDetector + scala/kotlin fixtures (#141)
  • 531e089 fix(detector): anchor nodes for bicep/dockerfile/shell/proto imports (#140)
  • ecb5ede chore: drop Homebrew + delete stale Java-era docs (CLI + MCP only) (#138)
  • c6097e7 feat(release): darwin/arm64 release workflow (#137)
  • ffb3a16 fix(release): cosign v4 bundle format (#136)
  • 13cd11b fix(release): simplify to single-runner linux-only build (#135)
  • e590843 docs: switch version target from v1.0.0 → v0.3.0 (#134)
  • 7f32aa4 fix(release): wrap goreleaser before-hooks in sh -c (#133)
  • e21fe0f feat: Phase 6 cutover — delete Java reference, ship v1.0.0 (#132)
  • c630245 feat(release): Phase 5 — Goreleaser + Sigstore + perf gate (#131)
  • c363727 feat: port codeiq from Java/Spring Boot to Go single-binary (Phases 1-4) (#130)
  • f7e792e perf(treemap): on-demand subtree fetch + visible directory labels (#120)
  • d6e34ea perf(serve): bound JVM/Neo4j memory and dedupe topology snapshot (#118)
  • a2bb2e0 perf(ui): cap initial file-tree fetch at depth 8 on dashboard (#119)
  • 4b7cb45 release: v0.2.0 — frontend rewrite, ActiveMQ detector, mode=none default, drill-down treemap (#112)
  • 3bc3ebf perf(detectors): quick-reject pre-screen on auth detectors (-31% detector CPU) (#111)
  • 9f0d3d2 feat(serving): config validation, integration coverage, docs refresh (PR 5/5) (#110)
  • 5f3021a feat(observability): production-readiness PR 4 — request tracing + JSON logs + structured errors (#109)
  • e40350f feat(supply-chain): production-readiness PR 3 — bundle integrity + secret hygiene + scanner pin (#108)
  • 82ded68 feat(security): prod-readiness PR 1 of 5 — bearer auth, security headers, error envelope (#106)
  • c352720 chore(deps): bump Node from v20.11.0 to v22.12.0 for Vite 8 (unblocks #86) (#105)
  • 833b403 chore(deps)(deps-dev): bump com.github.eirslett:frontend-maven-plugin (#84)
  • 07106fb chore(deps)(deps): bump tools.jackson.core:jackson-databind (#81)
  • 13624c1 chore(deps)(deps): bump tools.jackson.core:jackson-core (#85)
  • 60f826b chore(deps)(deps): bump io.modelcontextprotocol.sdk:mcp-core (#80)
  • c3ea61e chore(deps)(deps): bump org.springdoc:springdoc-openapi-starter-webmvc-ui (#82)
  • e6aa245 chore(actions)(deps): bump the actions group across 1 directory with 4 updates (#100)
  • dac13c6 chore(frontend)(deps-dev): bump the typescript group across 1 directory with 2 updates (#99)
  • 4a097da chore(deps)(deps-dev): bump org.apache.maven.plugins:maven-gpg-plugin (#93)
  • 0c1a4c8 feat: sub-project 1 Phase 4-6 — resolver pipeline wiring + 4 Java detector migrations (#104)
  • 47e6404 feat: AKS read-only deploy hardening (sub-project 2) (#103)
  • 5a46598 feat(resolver): symbol-resolver SPI + Java backend (sub-project 1, Phases 1-4) (#101)
  • 54be162 chore(deps)(deps): bump the spring group across 1 directory with 2 updates (#75)
  • 15c0c3c chore(frontend)(deps): bump the react group across 1 directory with 4 updates (#78)
  • 06b16f3 chore(frontend)(deps): bump the ant-design group across 1 directory with 2 updates (#83)
  • 53a4f67 chore(deps)(deps): bump org.neo4j:neo4j (#77)
  • 58fb9d5 chore(frontend)(deps): bump echarts (#87)
  • 92c6e00 chore(bestpractices): embed URLs inline + resolve SUGGESTED ? placeholders (RAN-52) (#98)
  • 25a365e docs(changelog): add CHANGELOG.md to close OpenSSF release_notes (RAN-52) (#97)
  • 80c2fc8 chore(bestpractices): rewrite to canonical autofill schema (RAN-57) (#96)
  • bbacb86 docs(claude-md): document OpenSSF Best Practices + Scorecard baseline (RAN-52 AC #7) (#95)
  • 4117d03 chore(security): revert to OSS-CLI stack (RAN-46 path B board ruling) (#91)
  • 9bdfcc7 docs(badge): wire OpenSSF Best Practices project_id 12650 (RAN-46 AC #8) (#92)
  • 6c3b9e9 chore(ci): add top-level permissions: read-all to workflows (RAN-46 AC) (#90)
  • 6c8497f docs(runbooks): add test-strategy.md (RAN-46 AC #5) (#89)
  • 19c6619 fix(security): enforce max-bytes cap on /api/file + MCP read_file (RAN-9) (#67)
  • f7c4401 fix(security): block path traversal via symlinks in /api/file and read_file (RAN-8) (#65)
  • 0e93226 fix(build): restore SpotBugs quality gate on main (RAN-26) (#68)
  • ffe537a docs(claude-md): refresh stale gotchas (RAN-13) (#63)
  • eb05201 fix(build): unblock mvn test — drop tsconfig baseUrl, add frontend.skip (RAN-27) (#66)
  • d3692cd chore(hygiene): batch 5 LOW-severity follow-ups from RAN-6 review (RAN-33) (#70)
  • b6648c0 refactor(cli): split EnrichCommand.enrichFromCache into phase helpers (RAN-41) (#73)
  • 1ae0278 chore(bootstrap): RAN-46 engineering bootstrap (security, runbooks, OpenSSF wiring) (#74)
  • 8f1ce18 fix(spotbugs): eliminate 12 SpotBugs findings (RAN-23) (#71)
  • 0b47514 perf(detector): hoist inline Pattern.compile to static finals (RAN-32) (#69)
  • cab71a4 refactor: rename code-iq → codeiq across the project (#62)
  • 4c46a60 fix(detector): eliminate regex backtracking in Liquibase YAML patterns (#61)
  • bfab2e7 fix: Sonar follow-ups — ModuleDeps ordering, Express dead code, RepositoryIdentity env (#60)
  • dd8adaa test(coverage): add targeted tests for SonarCloud new-code backfill (#59)
  • eaea1ff chore(sonar): clean unused imports, suppressions, and private members (#58)
  • 1e44b8e feat(detector): SQL/migration detector + SQL_ENTITY NodeKind (#48) (#57)
  • 84e8e65 refactor(detector): reorganize tree into jvm/markup/systems/script/structured/sql taxonomy (#47) (#56)
  • fb86925 refactor(test): slice UnifiedConfigBeansTest to ApplicationContextRunner (#50) (#55)
  • 8ed60f5 fix(intelligence): close ExecutorService via try-with-resources (SonarCloud S2095) (#54)
  • 046ea70 chore(config): freeze CodeIqConfig mutation surface (#49) (#53)
  • 65aac67 chore(config): retire legacy ProjectConfigLoader static API (#52) (#52)
  • 2292051 feat(config): unified config — Phase B (#51)
  • 2f398fb fix(deps): clear all 12 known CVEs from the 2026-04-17 baseline (#50)
  • 066d870 docs(baseline): capture real CVE inventory via OSV-Scanner + Dependabot (#49)
  • bce0a01 phase a/fix playwright webserver (#48)
  • a131a80 phase a/fix bootstrap listener (#47)
  • 3beafd9 fix(serve): publish availability events so /actuator/health returns 200 (#46)
  • 62806c4 fix(baseline): probe /api/stats for serve-smoke readiness instead of /actuator/health (#45)
  • fab34db fix(np-null): eliminate all 26 NP_NULL_ON_SOME_PATH_FROM_RETURN_VALUE findings (#44)
  • ecc224b phase a/fixups spotbugs (#43)
  • caabd1d Merge pull request #42 from RandomCodeSpace/phase-a/audit-baseline
  • 4c0239e chore(baseline): add consolidator and publish first BASELINE.md
  • 81a0e8f chore(baseline): add OWASP dependency-check baseline capture (NVD sync needs retry)
  • 40a5b4e chore(baseline): run pipeline on realworld-express
  • 989b989 chore(baseline): add index/enrich/serve-smoke pipeline capture
  • abe4a70 chore(baseline): add frontend audit (npm audit + Vite + Playwright)
  • c103bb8 chore(baseline): add dependency-tree + license snapshot capture
  • e3a934e chore(baseline): add SpotBugs baseline capture
  • 2ea1b41 chore(baseline): add flaky-test scan (N repeated runs)
  • 86405bf chore(baseline): add Maven verify + JaCoCo capture script
  • c9024dc chore(baseline): add seed-repo fetch script with pinned commits
  • 5a6ac02 chore(baseline): scaffold baseline dirs and gitignore
  • e044268 feat: single-page UI with treemap, stats, MCP console + backend fixes
  • 8da0f91 fix: file tree drops files when directory-like filePaths exist (monorepo bug)
  • 91803c4 fix: collapse single-child directory chains in treemap for usable drill-down
  • 369880b checkpoint: pre-yolo 20260406-120327
  • e7a2697 fix: file-tree returns full depth for treemap drill-down
  • 7570eb4 fix: treemap drill-down and proportional sizing
  • a655a94 fix: file tree LIMIT overflow + edge kind breakdown from Neo4j
  • d531e56 fix: unlimited file tree for codemap, edge kind stats, grayscale theme, nav colors
  • 1db90da fix: codebase map data source, darker theme, edge breakdown
  • 791ed93 fix: consistent card sizes, edge breakdown, blue theme (no purple)
  • c4a325d fix: UI polish — object display, zero-value modals, dark theme, map sizing, console default
  • b2b1c3a fix: UI polish + EXTERNAL node kind + horizontal nav
  • 1e20619 docs: update CLAUDE.md and README.md for UI rewrite
  • b525287 feat: complete UI rewrite — React + Ant Design + ECharts
  • 1068eee docs: rewrite all 34 MCP tool descriptions for AI agent consumption
  • bb8a092 fix: zero edge loss in enrich — stub nodes for external references + use all edges
  • 2663ac5 fix: create stub nodes for external edge references — zero edge loss
  • 0d5e9d8 fix: increase LanguageEnricher timeout to 5min, skip non-source files
  • a367821 feat: add --read-only mode for serving on read-only filesystems (AKS/K8s)
  • b417ee3 refactor: unify data directory to .code-iq/ and --no-cache deletes DB
  • d3c0452 fix: ensure mutable properties map before setting file_type on nodes
  • d3b642b fix: DROP and recreate H2 tables on cache version mismatch
  • 1ef97f3 fix: run_cypher guard now correctly allows CALL db.* read-only procedures
  • a7b8253 fix: allow read-only CALL db.* Cypher queries + fix egg-info exclusion
  • a3f141e Stop tracking generated frontend static assets
  • 92c1813 Fix evidence lookup and deterministic graph metadata
  • d24836c fix: update ServeCommandTest to use Path for repository path assertions and enhance .gitignore for frontend build outputs
  • f96d86a feat: file type classification, test file detection, and searchable snippets
  • 4304caf feat: file inventory nodes, H2 status tracking, and performance optimizations
  • 6886769 fix: skip ANTLR for TS/JS grammars and harden H2 concurrency
  • 442591d feat: zero data loss — ANTLR timeout triggers regex fallback instead of skipping files
  • 543749c fix: update LanguageEnricherTest for parallel execution
  • 15e0aba refactor: use try-with-resources for executor via BoundedExecutor wrapper
  • e6ec6c4 style: use actual emoji characters instead of unicode escapes in log messages
  • f1b8e0d fix: add 500KB ANTLR size guard + emoji logging + skip diagnostics
  • cd07d82 feat: add real-time progress logging and --verbose flag for diagnosing pipeline issues
  • d7a6813 fix: parallelize LanguageEnricher with per-file timeout and minified skip
  • f855c8a fix: use daemon threads for fixed thread pool to prevent JVM exit hang
  • a91c1c9 fix: replace try-with-resources executor with bounded shutdown to prevent end-of-index hang
  • 7e5d79f fix: remove shutdownNow() that caused RejectedExecutionException cascade
  • 84654f8 fix: handle RejectedExecutionException in all analysis submit paths
  • 4a5b31b fix: force shutdownNow() on executor before auto-close to prevent end-of-index hang
  • 3f1a4dd fix: detect minified JS files by content, not just filename
  • 233bcf3 fix: add 30-second per-file timeout to prevent index from hanging
  • 654e920 fix: read version from build-info.properties, rename OSSCodeIQ → Code IQ
  • 4276f11 docs: rename OSSCodeIQ → Code IQ, rewrite README as user guide with Mermaid diagrams
  • 3711f06 docs: update CLAUDE.md and README.md with current project state
  • 82e8d95 fix: address code review findings from refactoring
  • 4ab7b83 refactor: extract AbstractTypeScriptDetector + consolidate CLI output helpers
  • 275548b Merge pull request #41 from RandomCodeSpace/chore/cleanup-ci-workflows
  • 08c9602 chore: merge CI + SonarCloud workflows, drop cross-platform job
  • a3088ae Merge pull request #40 from RandomCodeSpace/fix/reliability-bugs
  • ec5180d fix: resolve all 9 SonarCloud reliability bugs
  • 95292e1 Merge pull request #39 from RandomCodeSpace/fix/sonarcloud-quality-gate
  • c48ec85 fix: resolve SonarCloud reliability bugs, unused imports, string constants, dead code
  • 51f659f checkpoint: pre-yolo 20260404-155212
  • a8f264a Merge pull request #38 from RandomCodeSpace/fix/reduce-duplication
  • 963afa0 refactor: extract within-file helpers to eliminate detectWithAst/detectWithRegex duplication
  • 57dc990 Merge pull request #37 from RandomCodeSpace/coverage/boost-80pct-r2
  • 2067842 refactor: eliminate code duplication across detectors and CLI commands
  • 3575672 checkpoint: pre-yolo 20260404-145054
  • bf28697 checkpoint: pre-yolo 20260404-144727
  • e5d49de Merge pull request #36 from RandomCodeSpace/coverage/boost-80pct-r2
  • dd7586b checkpoint: pre-yolo 20260404-143426
  • 0b45b19 refactor: extract AbstractPythonAntlrDetector + fix MD5 security hotspot
  • daafc78 Merge pull request #35 from RandomCodeSpace/coverage/boost-80pct-r2
  • eefd8ae test(coverage): add 1500+ tests targeting SonarCloud gaps — 90.6% local line coverage
  • eb62f83 test(coverage): add regex-fallback path tests for Python/Java ANTLR detectors
  • b294c16 Merge pull request #34 from RandomCodeSpace/coverage/boost-80pct-r2
  • 6564523 Merge branch 'coverage/cov-java2' into coverage/boost-80pct-r2
  • 668ef83 test(coverage): expand Java/MCP/K8s tests for SonarCloud coverage boost
  • b198271 test(coverage): expand Python detector + FlowViews tests for SonarCloud coverage
  • d45153d Merge pull request #33 from RandomCodeSpace/coverage/boost-80pct
  • a683877 chore: exclude ANTLR grammar package from JaCoCo coverage (already excluded in sonar.exclusions)
  • 7317969 Merge branch 'coverage/cov-cli-support' into coverage/boost-80pct
  • 7bb2494 Merge branch 'coverage/cov-py-go' into coverage/boost-80pct
  • 1ed48f8 Merge branch 'coverage/cov-java' into coverage/boost-80pct
  • 869a9ae test(coverage): expand Java detector + model tests for SonarCloud coverage
  • 98c13a7 test(coverage): expand frontend/C#/auth/linker/cache/intelligence tests
  • e3a34ec test(coverage): expand TypeScript detector tests to boost coverage toward 70%+
  • 9976458 test(coverage): expand Python/Go/Rust/Scala/C++/Kotlin/Proto/Shell detector tests
  • 91c032e Merge pull request #32 from RandomCodeSpace/fix/sonar-issues
  • 3482b22 fix(sonar): S5998 ReDoS regex bounds + S3077 AtomicReference for thread safety + S6856 bind path variable
  • 5fa6b17 fix(sonar): S1751 conditional break + S5850 regex grouping + S5855 redundant alternative + S5841 test emptiness
  • 15be2e3 fix(sonar): S2142 re-interrupt thread on InterruptedException + S3923 dead branch + S2175 Boolean key
  • 541fc81 Merge pull request #31 from RandomCodeSpace/fix/major-issues-phase5
  • 99d5e89 fix: correct endpoint count to 37 in CLAUDE.md + remove dead INTERFACE_METHOD pattern
  • 92a34bd docs: fix stale 31 count in McpTools.java key files row
  • a58bc64 docs: update CLAUDE.md — accurate counts (39 endpoints, 34 MCP tools) + intelligence layer
  • 7ef6e0d fix: remove dead sanitizeRelType method + fix tautological test assertion
  • eea7564 fix: replace fragile String.contains interface detection with regex receiver matching
  • 71117e4 fix: add edge dedup Set seen to GoLanguageExtractor.extractImportEdges
  • 58281d7 fix: replace ThreadLocal with method-local instantiation
  • aabcfdb fix: also wrap ServiceDetector reassignment in mutable ArrayList
  • 93150bf fix: wrap builder.getEdges()/getNodes() in mutable ArrayList in EnrichCommand
  • cf1cc49 chore: add .worktrees/ to .gitignore
  • ca0d932 feat(intelligence): Phase 5 language-specific enrichment — merge to main (RAN-162)
  • 66bd4fd fix(intelligence): Phase 5 PE re-review round 2 — 4 extractor fixes (RAN-175)
  • 6003cb8 merge: sync feature/ran-162-language-extractors with main
  • 00b62f5 fix(intelligence): Phase 5 PE re-review fixes — determinism, TS dedup, Python ambiguity (RAN-173)
  • f06ff60 feat(intelligence): Phase 4 evidence packs + runtime API (RAN-161) (#30)
  • f7390b7 fix(intelligence): GoLanguageExtractor duplicate IMPORTS edges (RAN-170)
  • eb049ce fix(intelligence): Phase 5 JavaLanguageExtractor — false-positive CALLS, confidence, per-edge provenance (RAN-164)
  • 4f9eddd feat(intelligence): Phase 5 language-specific enrichment — extractors for Java, TS, Python, Go (RAN-162)
  • 03eca64 fix(intelligence): explicit UTF-8 in RepositoryIdentity.runGit() — DM_DEFAULT_ENCODING (RAN-160)
  • c855019 test(intelligence): Phase 1-3 test execution — edge cases, cross-language, RepositoryIdentity (RAN-159)
  • cc08698 feat(intelligence): Phase 2 lexical intelligence — doc comment index + snippet store (RAN-147)
  • eef9dbc fix(intelligence): close InputStream explicitly in runGit() — SonarQube S2095
  • d901b3b fix(intelligence): fix Process resource leak in RepositoryIdentity.runGit()
  • 7b30a33 fix(intelligence): address PE review — cpp capability table + QueryPlanner profile guard (RAN-155)
  • d3e462c fix(intelligence): fix HashMap determinism in FileInventory + gitignore entries (RAN-154)
  • 624fdd3 fix(intelligence): address CTO review — TreeMap determinism + Neo4j provenance round-trip (RAN-146)
  • 59f2e4e fix(intelligence): address PE architecture review — RepositoryIdentity constructor + AnalysisCache hash reuse
  • b33baa9 feat(intelligence): Phase 1 provenance model, repository identity, file inventory (RAN-146)
  • a912c6a feat(intelligence): implement capability matrix and deterministic query planner (RAN-148)
  • c9b8d66 fix(security): add npm override for lodash >= 4.17.24 to fix HIGH CVEs
  • b4d03ea checkpoint: pre-yolo 20260403-163239
  • 1ad6f3c fix: remove duplicate methods and fix test stubs — build fixes
  • d4a49c7 fix(test): update QueryServiceTest stubs for nonEndpointIds batch change
  • 56fb08c fix: remove duplicate methods introduced by phase5 merge (build fixes)
  • 18c0906 fix: remove duplicate findEndpointNeighborsBatch in GraphStore (build fix)
  • 1172238 Merge feat/detection-quality-fixes into main
  • 0aaefdd Merge pull request #18 from RandomCodeSpace/feat/ui-redesign-phase1
  • f87b212 fix(detection): backport CTO-reviewed detector fixes into phase5 branch
  • 4ca2662 Merge pull request #16 from RandomCodeSpace/feat/fulltext-search-index
  • b848ffe Merge pull request #15 from RandomCodeSpace/feat/fix-nestjs-detector-guards
  • 8b81027 Merge pull request #14 from RandomCodeSpace/feat/guard-linker-protects-edges
  • 3755aab Merge pull request #13 from RandomCodeSpace/perf/search-pre-lowered-properties
  • f8148bb fix: replace N+1 loop in QueryService.findRelatedEndpoints() with batch Cypher query
  • 59481af fix(query): add path field to buildTreeOutput for FileTreeNode compatibility
  • 2b9a510 fix(kafka): update CLASS_RE to match Kotlin object declarations and more modifiers
  • 94fd9e6 fix(detector): fix ReactComponentDetector sibling RENDERS edges dropped
  • bfcb543 fix(ui): fix global search — spinner/dropdown separation, keyboard nav, ProjectFileTree crash
  • 95a8342 fix: NestJS discriminator guards, EXPOSES target, GuardLinker, and index await
  • 4ec484d fix(ui): fix global search — role=searchbox, keyboard nav, asset bundle fix
  • ff30577 fix(ui): add data-testid contract and afterrender hook to CodeGraphView
  • c8a55bd checkpoint: pre-yolo 20260403-091754
  • 315311d checkpoint: pre-yolo 20260403-083943
  • e514ea9 test(ui): harden gotoRoute — patch stale JAR index.html + extend timeout
  • fb9ede9 fix(frontend): fix FileTree type mismatch and add ErrorBoundary
  • a580ae4 fix(ui): fix FileTree type mismatch and add ErrorBoundary
  • 38fa346 fix(api): harden GET /api/file-tree — depth cap, heap limit, caching
  • 9155a45 fix: address CTO review — XSS, G6 leak, ARIA, hooks, and stale state
  • 15ce115 checkpoint: pre-yolo 20260402-204358
  • 9f90681 checkpoint: pre-yolo 20260402-014120
  • 7b8bf32 fix(ui): lazy-load G6 graph and remove dead D3 dependency
  • 658bd5a fix(ui): remove read-only contract violations and stale build artifacts
  • 12a223d fix(ui): address PE code review findings — read-only contract, race conditions, leaks
  • c0dbb5b build(ui): rebuild frontend for Phase 6 MCP Console & API Docs redesign
  • df4d7ed feat(ui): redesign API Docs with Tabs — Swagger UI + MCP Tools Reference
  • 18cead1 feat(ui): redesign MCP Console with accordion, command palette, inline params, history
  • 87da9b9 feat(ui): extract MCP tool catalogue to shared mcp-tools.ts (36 tools)
  • d9a955d feat(ui): add shadcn/ui accordion, input, dialog, tabs, scroll-area primitives
  • 8415eb9 feat(ui): add @radix-ui/react-accordion and @radix-ui/react-tabs for Phase 6
  • af54701 Revert "fix(detection): address CTO code review — 5 issues from PR #20"
  • 695344c fix(detection): address CTO code review — 5 issues from PR #20
  • 9750d27 feat(ui): Phase 5 — Dashboard & stats redesign with shadcn/ui
  • 908a598 feat(ui): Phase 4 — Contextual right-panel node details view
  • ee7277c feat(ui): Phase 3 — Replace D3 treemap with @antv/g6 v5 graph visualization
  • 8c021b1 perf: fix Neo4j query hotspots — fulltext index, N+1 batch, single-tx stats, caching
  • 7cec5fd fix(detection): fix TopicLinker SENDS_TO gap, ConfigDefDetector, KafkaDetector Kotlin, and ReactComponentDetector RENDERS scoping
  • f3de21b feat(ui): Phase 2 — Project Explorer file tree in left sidebar
  • 0292d8d feat: add GET /api/file-tree endpoint for hierarchical codebase structure
  • c2982a7 test(ui): add Playwright E2E test suite for Phase 7 UI redesign
  • 6f8a521 feat(ui): Phase 1 — shadcn/ui foundation and panel-based layout shell
  • 4c3310a perf: replace B-tree CONTAINS scan with fulltext index for search()
  • e8a8040 fix: extend TopicLinker to handle SENDS_TO/RECEIVES_FROM/PUBLISHES/LISTENS edges
  • bfe2c42 fix: add NestJS discriminator guards and fix EXPOSES edge target
  • c5f9852 fix: exclude message-driven and security components from dead code detection
  • ac97db0 feat: add GuardLinker to create PROTECTS edges between GUARD/MIDDLEWARE and ENDPOINT nodes
  • ed2c587 perf: replace toLower() full scans with pre-lowered indexed properties for search
  • 6e6072b fix: replace N+1 loop in findRelatedEndpoints() with single batch Cypher query
  • 11edfd8 feat: add --no-ui flag to serve command to disable web UI
  • 85333f1 feat(frontend): replace Topology/Flow tabs with interactive Code Graph treemap
  • 8f80799 fix: EnrichCommand passes project root to ServiceDetector for filesystem walk
  • e901829 fix: pass project root to ServiceDetector so filesystem walk runs during enrich
  • 801ba72 Merge pull request #8 from RandomCodeSpace/docs/update-claude-readme-accuracy
  • d963ab0 docs: update CLAUDE.md and README.md with verified codebase facts
  • 5ee939d chore: update index.html asset hashes after Thymeleaf removal rebuild
  • 224ce21 Merge pull request #7 from RandomCodeSpace/remove/thymeleaf-ui-consolidation
  • c8d3a7f fix: restore flow/interactive.html — used by FlowRenderer, not Thymeleaf
  • f8b917d refactor: remove Thymeleaf UI, consolidate to React SPA
  • 1d4fff9 fix: CTO code review — close 6 remaining gaps from improvement audit
  • 69e0250 chore: add frontend asset bundles and integration smoke test
  • 2d8f816 test: add coverage for GraphStore Cypher aggregation methods
  • 23cbd3a Merge branch 'fix/api-hardening-validation-cleanup'
  • 90401ee Merge branch 'perf/cypher-stats-cache-invalidation'
  • 820dfab Merge branch 'fix/graphbootstrapper-cache-threadsafety'
  • f046489 Merge branch 'fix/snakeyaml-safeconstructor-cors'
  • b26b963 test: add validation and boundary tests for GraphController coverage
  • 3333498 fix: API hardening — input validation, duplicate endpoint cleanup, config binding
  • 336a40a fix: address PR review blockers — remove cache endpoint, fix casts, revert ThreadLocal
  • 317cf99 fix: GraphBootstrapper OOM, AnalysisCache corruption, and thread-safety bugs
  • 88bf14c Merge pull request #2 from RandomCodeSpace/fix/frontend-dead-button-url-encoding-tailwind-cdn
  • b78db62 fix(security): replace unsafe new Yaml() with SafeConstructor and harden CORS
  • 14bdeb3 fix: encode kindEntry in hx-get path for consistency
  • 9a310da fix: address code review — query params for node IDs, correct brand colors
  • f17eeba perf: replace in-memory stats with Cypher aggregations, add cache invalidation
  • d28f062 fix: remove dead Run Analysis button, URL-encode node IDs, replace Tailwind CDN
  • abf7f92 checkpoint: pre-yolo 20260331-172845
  • 16fb4b1 feat: redesign bundle command — self-contained serve-ready ZIP
  • 78f63eb perf: wait for Neo4j index before edge loading in enrich
  • e05107c fix: batched DETACH DELETE to avoid Neo4j memory pool limit on large graphs
  • bb05efd fix: reduce enrich batch size to 500 to avoid Neo4j memory pool limit
  • 163d800 fix: enrich bulk-load missing properties + progress logging
  • 7ed49ba fix: ServiceDetector filesystem walk was traversing entire directory tree
  • 4c02514 feat: add source bundle via maven-assembly-plugin
  • 0c97e12 docs: update CLAUDE.md with all session learnings
  • f143ef5 refactor: serve is read-only — remove auto-enrich, use CLI pipeline
  • 4ec4134 refactor: make MCP and API strictly read-only — no data manipulation
  • 549f135 feat: ServiceDetector supports all major build systems across all languages
  • b020f3a fix: ServiceDetector now scans filesystem for build files, not just node paths
  • f179c3a checkpoint: pre-yolo 20260331-064707
  • 368a785 fix: MCP client compatibility — ignore unknown fields in protocol messages
  • d75688c feat: auto-enrich Neo4j on serve startup
  • ba8d04d perf: optimize Neo4j bulkSave with UNWIND batches + index, default batch size 500
  • aa5e257 chore: remove Docker, Helm, superpowers docs — bundled separately
  • c1b9437 fix: correct SonarCloud project key from code-iq-java to code-iq
  • 0c599d2 checkpoint: pre-yolo 20260331-040410
  • 77b89cc feat: add automated E2E quality test suite with ground truth validation
  • 2d185fc feat: comprehensive intelligence improvements — framework detection, layer classification, topology, dead code
  • c91d57d fix: Fastify false positive + add E2E ground truth files
  • bcc3df2 feat: fix MCP/API intelligence, add Neo4j persistence, enhance UI dashboard
  • 89cb586 checkpoint: pre-yolo 20260330-220209
  • 3f0ee38 checkpoint: pre-yolo 20260330-220034
  • 9095e3b checkpoint: pre-yolo 20260330-213003
  • fa7911d checkpoint: pre-yolo 20260330-210720
  • 425b2ab checkpoint: pre-yolo 20260330-210705
  • e3e831a feat: detectors emit infrastructure edges using InfrastructureRegistry
  • 3627019 feat: add smart partitioned indexing with config-first pipeline
  • 14776ea feat: add /api/topology endpoint for AppDynamics-style service map
  • 96a0d28 feat: add InfrastructureRegistry and ConfigScanner for config-first indexing
  • f8b21b3 perf: use UNWIND bulk writes in EnrichCommand for 10-100x faster Neo4j loading
  • 12fc1a4 feat: add ArchitectureKeywordFilter for smart file pre-scanning
  • 7520709 docs: Pipeline V2 design spec — config-first smart indexing + infrastructure topology
  • 63b0adb perf: cap config/doc file size at 64KB, apply size check after language detection
  • 98e6b48 perf: remove low-value extensions, skip lock files, reduce max file size
  • cd87bfe fix: update tests for extension cleanup and batch size change
  • 8cf2c7a feat: add --graph option to enrich command for multi-repo support
  • 160b114 chore: increase default index batch size from 500 to 1000
  • bac851f fix: flow CI/CD and Deploy views crash — filter edges with nonexistent nodes
  • c4b479f fix: dashboard shows 0 files/languages — return ComputedStatsResponse format
  • ba7db94 fix: flow page broken — add flat nodes list to FlowDiagram and hydrate edges for findAll
  • 0a67ef5 chore: increase default GraphBuilder batch size from 500 to 1000
  • 2b1f1ef fix: bypass SDN for all read queries to prevent recursive relationship hydration OOM
  • 75baa52 fix: update GraphStore tests for embedded Neo4j API migration
  • eb17b4f fix: use embedded Neo4j API for multi-column aggregation queries
  • 6a49e64 fix: update tests for OOM fix — use aggregation queries instead of findAll()
  • 07ae4cc fix: remove in-memory graph cache from GraphController, require Neo4j for serving
  • 5d334dc fix: remove in-memory graph cache from McpTools, delegate to QueryService
  • bdf2f31 fix: replace findAll() with Cypher aggregation in QueryService to prevent OOM
  • 0a1f473 feat: add Cypher aggregation queries to GraphRepository and GraphStore for OOM fix
  • 34255be fix: add -Xmx2g heap limit to Dockerfile to prevent unbounded memory growth
  • a1a2f11 checkpoint: pre-yolo 20260330-170757
  • 4d3a3dd Fix findByKind query: use explicit @query to avoid converter on String param
  • 2960e5b Fix Neo4j enum conversion: add NodeKind/EdgeKind converters for SDN
  • 15e51df Remove Hazelcast entirely — use Spring simple cache instead
  • 858afae Revert Hazelcast cache to simple — HazelcastInstance lifecycle conflict with Spring Boot 4
  • 7f64496 Fix serve to use Neo4j as primary query engine after enrich
  • b9c28fc Fix Hazelcast CacheManager: create HazelcastInstance bean, rebuild frontend
  • 34bf771 Fix all deep review issues: Hazelcast, Swagger, detectors, MCP, dead code, H2 cache
  • 624196a Fix all review issues: security, determinism, infra, docs, frontend
  • 777ed98 Remove docs/ — specs, plans, benchmarks, migration guide (internal only)
  • 9e7e7a0 Remove uv.lock (Python package manager lock file)
  • 55bf79a Clean up Python artifacts and update .gitignore for Java-only project
  • 089d4e4 Merge branch 'java'
  • e77fcf8 Remove Python CI/CD workflows — project is now Java only
  • e3efc41 Remove Python CI/CD workflows — project is now Java only
  • 9491eac Fix McpTools FlowEngine dependency: make Optional for H2 fallback
  • 6dc2ac9 Fix McpTools FlowEngine dependency: make Optional for H2 fallback
  • 7c3085d Fix UI dashboard, topology connections, H2 dedup, Neo4j serve, ResultSet leaks
  • 1ef2b1b Fix UI dashboard, topology connections, H2 dedup, Neo4j serve, ResultSet leaks
  • a6a26a6 Fix flow command and API to work from H2 cache without Neo4j
  • 84ee8ad Fix flow command and API to work from H2 cache without Neo4j
  • 4c0f008 Update README: accurate counts, 3-command architecture, topology, React UI, benchmarks
  • 4807d2d Update README: accurate counts, 3-command architecture, topology, React UI, benchmarks
  • 698db3f Fix beta workflow: add missing GPG passphrase for Maven Central signing
  • c2a4f72 Fix beta workflow: add missing GPG passphrase for Maven Central signing
  • 81b645c OSSCodeIQ: Complete Java rewrite — Spring Boot 4 + Java 25 LTS
  • 0255efd Fix CI/CD: add permissions, target main branch, harden Dockerfile
  • e30fcca Add React UI dashboard with Vite, Tailwind, Cytoscape.js, and Monaco Editor
  • 7643757 Add serve E2E (H2-backed REST), multi-repo --graph flag, fix TS detector parity
  • f95bc54 Add dedicated TypeScript ANTLR grammar for TS-specific syntax detection
  • 89c0f43 Document Kotlin Compiler API evaluation: regex approach sufficient
  • 245d856 Fix all code review bugs: security, thread safety, correctness, and cleanup
  • 1ac7acd Fix BundleCommand: add no-arg constructor for Picocli instantiation
  • 29be78a Fix CLI command crashes and H2 cache data loss
  • ea6e213 Switch to manual beta releases with auto-versioning and add CLI classifier
  • 428cb64 Fix Spring bean wiring: make Neo4j-dependent beans conditional for indexing profile
  • 3900087 Implement Phase C: Service Topology — SERVICE nodes, TopologyService, REST + MCP + CLI
  • 1030f7b Implement index/enrich/serve three-command architecture for memory optimization
  • a40098e Add readFile line range support, startup optimization, and cleanup unused imports
  • 3d0c187 Add @DetectorInfo annotation to all 97 detectors with category-based registry queries
  • 1b07042 fix: move central-publishing-maven-plugin to release profile so SNAPSHOT deploys work
  • b99703a docs: add pipeline configuration & discovery spec
  • 7c5573a docs: update memory optimization spec with 3-command architecture (index/enrich/serve)
  • ff517b7 Migrate analysis cache from SQLite to H2 for virtual thread compatibility
  • c00a47c fix: move GPG signing to release profile only — SNAPSHOTs don't need signing
  • 8f4ab51 chore: clean Python code from java branch, update .gitignore
  • f6eedf2 build: switch from beta releases to SNAPSHOT deploys
  • 53e7b6f docs: add Java version README, CLAUDE.md, and migration guide
  • 89f7691 build: cross-platform CI matrix, SonarCloud config, Docker AOT + health check
  • 3a0a55f build: remove JaCoCo coverage enforcement, let SonarCloud handle quality gate
  • 73fa1f4 feat: add stats CLI command with rich categorized output
  • 7ad7d99 feat: add stats CLI command with rich categorized graph statistics
  • 78e2ab8 fix: synchronize SQLite cache for virtual thread safety
  • 0a2a0f2 feat: wire MCP tools, bundle with flow.html, incremental analysis cache
  • 6fe7cf6 feat: add YAML export, --parallelism flag, /api/file endpoint, .osscodeiq.yml config loading
  • f80a7dd fix: resolve ANTLR performance regression — skip parsing for regex-only detectors, add parse cache
  • 5427eeb Rewrite 13 TypeScript/JavaScript detectors from regex to ANTLR AST
  • ebbac6b Rewrite 12 detectors (Go/C#/Rust/Kotlin/Scala/C++) from regex to ANTLR AST
  • dddddb1 Rewrite 11 Python detectors from regex to ANTLR AST with regex fallback
  • cdf947b checkpoint: pre-yolo 20260329-143828
  • 7031310 fix: suppress all logging noise in CLI mode for clean output
  • a8bc0f8 fix: add source JAR, javadoc JAR, GPG signing for Maven Central
  • e366852 fix: switch Maven Central publishing from OSSRH to Central Portal
  • edd7cbd docs: update benchmark results with actual measured data
  • 4383d6e test: add extended tests to boost JaCoCo coverage from 77% to 87%
  • d605e48 fix: add JacksonConfig, clean up McpTools unused import
  • a6f482e feat: add beta auto-release workflow for Java rewrite
  • 3ffadac docs: add comprehensive benchmark results — Java vs Python
  • cf86baf feat: add Phase 5 — Thymeleaf + HTMX web UI for graph exploration
  • f464364 feat: add Phase 6 — CI/CD pipelines, Docker image, Helm chart, and release setup
  • a720d7b feat: add Phase 4 — Picocli CLI layer with all 11 commands
  • 07944fe feat: add Phase 3 — query engine, REST API, MCP server, Hazelcast caching
  • d73b1eb fix: make JavaParser thread-safe with ThreadLocal to close node gap
  • 4a8e1e1 feat: upgrade 6 Java detectors to JavaParser AST parsing with regex fallback
  • 4e81645 fix: close edge count gap — set module on all nodes and fix structured parser wrappers
  • 9bc141b test: add full analysis integration test against real spring-boot codebase
  • b7c3d84 feat: add analysis pipeline — file discovery, graph builder, linkers, layer classifier
  • 3dcc737 feat: port remaining 27 detectors from Python to Java (13 categories)
  • 496c9d1 feat: port all 28 Java detectors from Python to Java
  • 702564a feat: port all 18 config/infrastructure detectors from Python to Java
  • 2f6a69a feat: port all 13 TypeScript/JavaScript detectors from Python to Java
  • cbb926c feat: port all 11 Python-language detectors to Java
  • 32e1b0b feat: detector infrastructure + benchmarks + test framework
  • 8254424 feat: add detector infrastructure — interface, records, base classes, registry, and utilities
  • bb4c8ef feat: add benchmark tests, language mapping test, and DetectorUtils
  • 40e4611 fix: address Phase 1 code review findings for Java rewrite
  • e0060f5 feat: Spring Boot 4 project foundation (Phase 1 Java rewrite)
  • c9418f4 checkpoint: pre-yolo 20260329-071346
  • 963e692 fix: flow view uses iframe for full-page HTML, add API docs links to header
  • efda176 Fix critical bugs and polish NiceGUI Explorer UI to production grade
  • 78135b0 docs: update README with Explorer UI, MCP console, correct stats
  • 5ad4807 feat: rename .code-intelligence to .osscodeiq, add nicegui dep, add design specs
  • f04efc3 Boost server/ui test coverage: extract testable logic, add 35 new tests
  • 55d0689 Wire NiceGUI UI into FastAPI server (Task 9)
  • f4c8733 Add MCP Console and Flow View UI pages (Tasks 7-8)
  • dd35046 Add Explorer page with card grid, drill-down nav, search, and pagination (Task 6)
  • 53b3de8 Add Explorer UI theme module and components helpers (Tasks 4-5)
  • d81ecf1 Add Explorer UI service methods and API routes (Tasks 2-3)
  • 9e0e1e9 checkpoint: pre-yolo 20260328-202904
  • fad24cf checkpoint: pre-yolo 20260328-202708
  • a0d58a8 Rewrite CLAUDE.md for OSSCodeIQ — comprehensive project reference
  • e3efc6c Add GitHub release creation to PyPI publish workflow
  • 32bebc6 Fix pyproject.toml: move dependencies back under [project] section
  • 64355e7 Add project URLs, classifiers, and keywords for PyPI metadata
  • be93848 Fix PyPI publish: patch version from workflow input before building
  • dd1ac56 Add 109 more tests to reach 86% coverage (2074 total)
  • b6a730c Add 109 more tests to reach 86% coverage (2074 total)
  • 598678a Install kuzu in CI and SonarCloud pipelines for full test coverage
  • a0e9b3c Restore PyPI trusted publisher environment for verified publishing
  • 1afe1e9 Add README and license metadata to pyproject.toml for PyPI
  • 08670ed Fix 3 SonarCloud reliability bugs
  • c6f7266 Add 277 tests to reach 85% code coverage
  • 6e7b669 checkpoint: pre-yolo 20260328-184404
  • 28d49db Fix SonarCloud issues: vulnerabilities, bugs, and code smells
  • 729fd62 Fix BLOCKER BUG: wrong keyword argument in generate_flow route
  • df5d28a Suppress websockets deprecation warnings in serve command
  • 9523a4f Fix GitHub repo URLs back to RandomCodeSpace/code-iq
  • abddd00 Fix SonarCloud source path after rename to osscodeiq
  • 5ad9975 Rename project to osscodeiq
  • 1945f6e Move server dependencies to core, restore optional-dependencies section
  • 9cc4f81 Update uv.lock with server dependencies
  • aeb5ec5 Remove environment block from PyPI publish workflow
  • 4075699 Add unified REST API + MCP server on a single port
  • 8d5822a Remove Python 3.11 support for Ubuntu 20.04
  • ac7797a Remove Amazon Linux 2023 from publish workflow
  • 67cf039 Fix Windows encoding error when writing flow HTML output
  • db6fde6 Fix Windows encoding error when reading vendor JS files
  • 2daecc1 Replace Mermaid with Cytoscape.js for interactive flow visualization
  • a5f1002 Use PEP 440 format for beta tags (v0.0.1b0 instead of v0.0.1-beta.0)
  • 276ff5e Use latest stable release tag for beta base version instead of pyproject.toml
  • b2e57f4 Reset versioning to 0.0.0 and use incremental beta numbering
  • 495c281 checkpoint: pre-yolo 20260328-162842
  • 047cbfd checkpoint: pre-yolo 20260328-162231
  • f23fadb checkpoint: pre-yolo 20260328-162212
  • 2823173 checkpoint: pre-yolo 20260328-162119
  • 33ff7de checkpoint: pre-yolo 20260328-162113
  • 35d313b Redesign flow UI with Tailwind CSS — premium look + working edges
  • 29682a8 Add .codeignore + .gitignore support, fix node_modules exclude bug
  • 5f4c37c Replace Snyk with SBOM + pip-audit dependency scan workflow
  • 53cf042 Fix Snyk badge: use shields.io dynamic badge, link to Snyk dashboard
  • 64e202f Remove requirements.txt — Snyk supports pyproject.toml directly
  • 5d04b2c Fix CVE-2025-59844: upgrade sonarqube-scan-action v5 → v6
  • d9bb1f6 Add requirements.txt for Snyk vulnerability scanning
  • a0253d9 Add SonarCloud workflow with coverage + test results
  • c45e1ba Replace custom security workflow with Snyk + Sonarcloud badges
  • 08b2ce6 Replace static security badges with live GitHub Actions status
  • 5176eab Fix security scan: exclude local package from pip-audit, fix pip-licenses format
  • b315653 Fix pip-audit: skip editable/local package, scan dependencies only
  • 832a0e2 Allow all security scan jobs to fail without blocking
  • 47e1931 Add comprehensive security scanning workflow (Nexus IQ alternative)
  • ffc7ad7 Rename CLI to code-iq, add version command, fix beta versioning
  • dc80b01 Add manual trigger to beta workflow
  • 2dce46c Fix beta workflow: merge duplicate env blocks
  • f717be2 Make release badge dynamic — pulls latest from GitHub Releases API
  • bffa7f3 Add auto-increment beta publish on every push to main
  • 8db62ac Fix 2 CodeQL alerts: pin pypi-publish action SHA + fix Svelte regex
  • 77180fa Simplify publish workflow: no root/system deps needed for install
  • e231732 Update publish workflow: comprehensive cross-platform matrix + refresh uv.lock
  • 9167205 Add manual publish workflow for PyPI with cross-platform testing
  • b0ad4b0 Remove scripts/ — badge update script no longer needed
  • d4feef9 Remove auto-commit badge workflow — causes push race conditions
  • e1933a3 Remove docs/specs from repo, add to .gitignore
  • 8e254b5 Fix README: resolve merge conflicts, update with current stats
  • fdd31e9 chore: update README badges [skip ci]
  • ecf5d38 Phase 4b: 5 ORM/database detectors (Prisma, Sequelize, Mongoose, Pydantic, Django models)
  • 99318e1 chore: update README badges [skip ci]
  • 2baea28 Phase 4a: 6 high-impact structure + framework detectors
  • 592daba chore: update README badges [skip ci]
  • 9f51f57 Add comprehensive edge case, race condition, and boundary tests
  • 2c2562f Phase 3: Flow generator with interactive HTML drill-down UI
  • e442189 Add flow generator implementation plan
  • e7ebc49 Add flow generator design spec
  • 15bd098 Eliminate all code duplication + add 150 tests for 20 dark detectors
  • 5689c01 Update README badges and CLAUDE.md for Phase 2 completion
  • bebf0d9 chore: update README badges [skip ci]
  • cf47ac8 Phase 2: Tech debt cleanup — auto-discovery, utils, split imports, dispatch table, linker protocol, extensions, tests
  • 6c4fd92 Add project CLAUDE.md with architecture, conventions, and rules
  • a59a45f chore: update README badges [skip ci]
  • e5335e0 feat: add cypher and find CLI commands for querying the graph
  • 7a9778f chore: update README badges [skip ci]
  • 620b32c feat: KuzuDB CSV bulk import + buffered node/edge insertion in GraphBuilder
  • da3aef3 chore: update README badges [skip ci]
  • beaf335 fix: buffer edges in GraphBuilder for 100% cross-backend parity
  • 794e1f7 chore: update README badges [skip ci]
  • 367fb5e fix: enforce consistent edge behavior across all backends
  • 7a103d3 chore: update README badges [skip ci]
  • c7b1900 feat: multi-backend graph storage — KuzuDB, SQLite, NetworkX adapters
  • c2ae257 feat: introduce GraphBackend protocol and refactor GraphStore as facade
  • 2e34d7c chore: update README badges [skip ci]
  • d58b133 Fix LayerClassifier to update networkx data in-place via classify_store
  • 287f185 Add 14 new detectors: 9 auth + 5 frontend + layer classifier integration
  • c72241a feat: add LayerClassifier for deterministic graph node layer assignment
  • 246eea0 feat: add COMPONENT, GUARD, MIDDLEWARE, HOOK node kinds and PROTECTS, RENDERS edge kinds
  • f8b4efa Add implementation plan for layer classification, auth, and frontend detectors
  • 8675eca Add design spec for layer classification, auth detection, and frontend components
  • 2e45893 chore: update README badges [skip ci]
  • f7c9c24 Add .markdown extension support (quick win: +1,586 files covered)
  • 4ef716a chore: update README badges [skip ci]
  • 71187a2 Fix non-determinism bug: ensure 100% consistent results across runs
  • 08c6a17 Remove custom CodeQL workflow, use GitHub default setup instead
  • 3ea5617 Add permissions to CI/CodeQL workflows, fix vulnerability badge 404
  • a9a7e79 Dismiss Pygments CVE-2026-4539 (low, no fix available), update vulnerability badge to 0
  • 2de0b5f Fix 404 badges: replace dynamic Release and Dependabot with static ones
  • 076cc5a Add dynamic vulnerability badge to README
  • 7f9e2ec Add security badges and CodeQL workflow
  • 7f25f2d Add GitHub Actions for CI and dynamic README badge updates
  • 6ea2081 Fix README: remove stats table, add file/LOC badges, fix PyPI link
  • 3d27ed1 Add README.md with full documentation and MIT LICENSE
  • d722a51 Add docs/superpowers/ to .gitignore
  • a15c244 Remove superpowers design docs from repo
  • 5d26339 Update .gitignore with comprehensive exclusions
  • 6431cca Add 16 structured data detectors for JSON, YAML, TOML, INI, Markdown, Proto, SQL, Batch
  • 5d2ac25 Add design spec for 16 new structured data detectors
  • 822161d checkpoint: pre-yolo 20260327-202059
  • e84b5a5 checkpoint: pre-yolo 20260327-201539
  • 5b96d3d checkpoint: pre-yolo 20260327-201507
  • d8f7ba4 checkpoint: pre-yolo 20260327-201337
  • 3a527ea checkpoint: pre-yolo 20260327-170944

Built with Go 1.25.10 via Goreleaser.