Skip to content

Releases: jununfly/ZCodeGraph

v0.10.2

Choose a tag to compare

@github-actions github-actions released this 30 Jun 06:06

[0.10.2] - 2026-06-30

New Features

  • Source checkouts now install an explicit zcodegraph-dev dogfood command, so maintainers can test local builds across projects without taking over the release zcodegraph command.
  • zcodegraph init and zcodegraph index now explain degraded rust-hybrid fallback health on the first screen, including whether the graph is usable, the top fallback reasons, and the exact doctor command to collect deeper diagnostics.
  • zcodegraph doctor --engine rust-hybrid --bundle now prints a compact local summary after creating a bundle, so maintainers can see the graph size, fallback health, and top diagnostic reasons without opening the bundle files first.
  • zcodegraph doctor --engine rust-hybrid --bundle --json now emits a parseable machine-readable summary for agents and CI while preserving the existing human-readable default output.

Fixes

  • Legacy source-checkout install helpers now migrate to zcodegraph-dev instead of linking the development checkout onto the release zcodegraph command.

v0.10.1

Choose a tag to compare

@github-actions github-actions released this 29 Jun 08:15

[0.10.1] - 2026-06-29

New Features

  • rust-hybrid indexing now locks in guarded Rust finalization for direct named TypeScript and JavaScript imports, while ambiguous bindings remain safely reported as resolver residuals. (#666)
  • rust-hybrid indexing now compares Rust-produced EventEmitter shadow candidates against the existing TypeScript heuristic graph in finalization diagnostics without changing graph output. (#665)
  • rust-hybrid indexing now reports a dynamic-dispatch heuristic edge protocol seed in finalization diagnostics, making callback and EventEmitter migration planning visible without changing graph output. (#664)
  • rust-hybrid indexing now reports a Rust-declared cleanup protocol handoff in finalization diagnostics while keeping TypeScript responsible for the existing safe cleanup execution path. (#663)
  • rust-hybrid indexing now has a cross-platform CI smoke that verifies the built CLI can run init, index, status, and doctor on Linux, macOS, and Windows before migration work reaches release. (#662)
  • rust-hybrid indexing now has a guarded Rust-side framework post-extract update protocol for NestJS RouterModule route prefixes, preserving route identity while moving the first bounded framework finalization shape toward Rust ownership. (#659, #660, #661)
  • Rust indexing now reports macro-related diagnostics for Rust projects, making macro definitions, invocations, attributes, and deferred macro-expanded semantics visible without adding unsafe graph edges. (#582, #583, #584, #585)
  • Rust indexing now reports Cargo package and workspace diagnostics, including crate roots, local path dependencies, and deferred Cargo resolver areas, without writing unsafe cross-package graph edges. (#578, #579, #580, #581)

Fixes

  • Rust-owned indexing no longer reports this repository's Rust core as a parse gap when indexing the large Rust core source file.
  • CI now documents and tests the cross-platform rust-packaged-path job as the required Rust indexing health gate for migration work. (#642)
  • The Release workflow now runs a local Linux package smoke after staging npm packages and before publishing, catching broken bundle or npm layouts without creating releases or contacting registries. (#641)
  • npm packaging now fails fast if the staged platform bundles do not exactly match the Rust core release artifact contract, preventing incomplete or unexpected platform packages from being published. (#640)
  • Diagnostic bundles now include replay-safe per-file classification fields and a short replay guide, so degraded rust-hybrid reports are easier to classify without exposing source paths or source slices. (#639)
  • Degraded rust-hybrid runs now point to zcodegraph doctor --engine rust-hybrid --bundle --last-run even when the issue is a Rust-owned parse or extraction gap rather than a TypeScript fallback append.
  • Rust files now use the default rust-hybrid Rust-owned indexing path for baseline structural symbols, while deeper Rust-specific semantics remain tracked separately.
  • Troubleshooting now tells users how to verify which zcodegraph binary their shell is running when doctor or its diagnostic flags appear to be missing.
  • The README now distinguishes the rust-hybrid indexing engine from Rust language semantic support, so .rs coverage is described as structural indexing while deeper Rust-specific analysis is tracked separately.

v0.10.0

Choose a tag to compare

@github-actions github-actions released this 26 Jun 07:41

[0.10.0] - 2026-06-26

Breaking Changes

  • The public Subgraph type now exposes entryNodes instead of roots, matching the project terminology for Entry Nodes.
  • Database access interfaces now use Access Model names, so TypeScript users should import AgentAccessModel, MaintenanceAccessModel, ResolutionAccessModel, and StatusAccessModel from the new access-model module.
  • ZCodeGraph now uses a private zcodegraph namespace for new project indexes and MCP server configs: project data lives in .zcodegraph/zcodegraph.db, and installers write the MCP server key zcodegraph. Existing .codegraph/ indexes are no longer opened as initialized projects; run zcodegraph init to build a fresh index in the new namespace.
  • zcodegraph init is now the clean initialization command and always builds the initial index; the historical -i / --index flag has been removed.
  • Index engine selection now uses explicit --engine flags only; ZCODEGRAPH_INDEX_ENGINE is no longer supported and now points users to zcodegraph index --engine typescript.

Security

  • Closed a path-traversal hole where a symbolic link inside an indexed project that pointed outside the project root could make CodeGraph serve that out-of-root file's contents (for example a file under your home directory) to the AI agent. CodeGraph now resolves symlinks when validating file access and refuses to read anything whose real location is outside the project, while still allowing symlinks that stay within it. Thanks @sulthonzh. (#527)
  • CodeGraph now indexes Spring configuration files (application.properties / application.yml) by key only, and never includes their values in codegraph_explore or codegraph_node output. Previously a secret committed to one of these files — a database password, API key, or connection string with embedded credentials — could be surfaced to an AI agent that asked about nearby code, even though the agent never opened the file. The configuration keys are still indexed, so reference and impact analysis are unaffected; an agent that genuinely needs a value reads the file itself. Shopify Liquid {% schema %} blocks are likewise indexed by name only. (#383)

New Features

  • rust-hybrid profile output now includes shadow semantic replay diagnostics for direct named TypeScript and JavaScript imports, helping audit resolver migration without changing indexed results. (#521)
  • rust-hybrid profile output now labels the LowerName, QualifiedName, and FileNodes candidate-fact protocol shapes with their ownership status and semantic boundary, making resolver migration work easier to audit without changing indexed results. (#520)
  • rust-hybrid indexing now owns baseline Python extraction by default, so ordinary Python files are indexed by the Rust path instead of being appended through same-language TypeScript fallback. (#485, #486, #487)
  • rust-hybrid indexing now understands repo-local TypeScript config inheritance for module resolution, including inherited paths aliases, rootDirs, and safer package-map behavior for classic module resolution. (#447, #448, #449)
  • rust-hybrid indexing now follows repo-local package exports and imports condition order more closely, including types, CommonJS require, and configured custom conditions. (#451, #452, #453)
  • rust-hybrid indexing now resolves extensionless repo-local imports through modern TypeScript source extensions such as .mts and .cts, while keeping config/data files out of graph-edge candidates. (#455, #456, #457)
  • rust-hybrid indexing now resolves explicit JavaScript runtime extensions to matching TypeScript source files, so imports like ./thing.js can link to thing.ts or thing.tsx when that is how the project is authored. (#446)
  • Programmatic SDK full indexing now uses the same rust-hybrid default as the CLI, while still offering explicit typescript and rust engine choices for compatibility and debugging. (#263)
  • zcodegraph_explore now handles Gin-style METHOD /path route questions more directly, surfacing the matched route and handler in one response for first-user Go projects. (#281)
  • The first-user rust-hybrid release path now has refreshed pre-release docs, troubleshooting, smoke evidence, and README-backed Agent Sufficiency validation for TypeScript/JavaScript and Go.
  • rust-hybrid indexing now safely falls back to the TypeScript indexer for individual Rust-owned files that hit a Rust parse gap, marks the run as degraded, and records privacy-preserving diagnostics for replayable bug reports. (#257)
  • The Rust indexing profiler now breaks reference resolution into database, name-matching, import, framework, and other timing buckets, so large-repo bottlenecks can be targeted with evidence. (#87)
  • The experimental Rust indexer now accepts more modern TypeScript syntax used in large VS Code sources, including import-type queries and contextual keyword identifiers. (#88)
  • Phase 4 readiness work now records profile, memory, package-safety, and large VS Code sufficiency evidence for experimental Rust indexing, with a continue opt-in decision while follow-up blockers are addressed. (#83)
  • New Rust indexing profiler script reports source scanning, parsing/extraction, SQLite writing, TypeScript finalization, and subprocess handoff timings as JSON, making the experimental Rust path easier to compare across local runs. (#66)
  • The experimental Rust indexing path now batches SQLite writes in one transaction, reducing write overhead while preserving the TypeScript indexer as the default. (#67)
  • zcodegraph index now has an experimental opt-in Rust indexing engine path for the first JavaScript/TypeScript migration slice; the TypeScript indexer remains the default while the Rust core proves out parity, performance, memory, safe SQLite handoff, JS/TS/JSX/TSX indexing, graph-resolution, semantic-parity, CLI/MCP integration, benchmark, agent-sufficiency, and packaging-readiness gates. (#50, #51, #52, #53, #54, #55, #56, #57, #58, #59)
  • New zcodegraph upgrade command updates CodeGraph to the latest release in place — it detects how you installed (the standalone install.sh / install.ps1 bundle, npm, or npx) and does the right thing for each, on macOS, Linux, and Windows. Use zcodegraph upgrade --check to see whether an update is available without installing, or zcodegraph upgrade <version> to move to a specific version. After upgrading it reminds you to re-index your projects so they pick up the newer engine's improvements. (#679)
  • zcodegraph status now flags when a project's index was built by an older engine than the one you're running and recommends re-indexing (also surfaced in zcodegraph status --json), so you know when a zcodegraph index -f or zcodegraph sync will add coverage a newer release introduced.
  • Cross-file impact and blast-radius coverage now spans all 22 supported languages and 14 web frameworks, each validated on a real-world repo — see the new coverage table in the README. This release ships the cross-file resolution behind it, including Lua and Luau require, Shopify OS 2.0 Liquid section templates, Delphi form code-behind, Rust cross-module calls and Rocket route macros, Swift Fluent relationships, and the SvelteKit / Nuxt / Vapor / Axum route conventions. The residual everywhere is genuine static-analysis frontiers (runtime dispatch, reflection / DI, framework-convention entry points), never hidden.
  • C# types are now tracked by their namespace-qualified name. Same-named types in different namespaces — a domain entity and a DTO both called CatalogBrand, say — are told apart instead of collapsing into one arbitrary match, so a reference resolves to the right one and impact no longer conflates them. (C#)
  • ASP.NET Razor (.cshtml) and Blazor (.razor) markup are now parsed for code relationships. A @model / @inherits / @inject directive links the view to the C# view-model, base type, or service it names; a Blazor <MyComponent/> tag (plus @typeof(...) and generic TItem="..." arguments) links to the component class; and the C# inside @code { } / @functions { } / @{ } blocks is analyzed too, so services and types used in component logic are linked. A view-model, component, or service referenced only from markup is no longer reported as having no dependents, and editing it surfaces the views that use it. (ASP.NET, Blazor)
  • A Razor/Blazor type reference now resolves through the component's @using namespaces — including the folder's cascading _Imports.razor — so a simple name that exists in several namespaces lands on the right one. A @model / <MyComponent> / @code reference to CatalogBrand resolves to the @using'd DTO (BlazorShared.Models.CatalogBrand) rather than a same-named domain entity. (ASP.NET, Blazor)
  • zcodegraph status --json now also reports the running CLI version, the index directory (indexPath), and a lastIndexed timestamp (ISO-8601, or null when nothing's indexed yet), so CI and scripts can pin the CLI version and check index freshness from a single command. A matching CodeGraph.getLastIndexedAt() library method exposes the same freshness check without shelling out. Thanks @12122J and @eddieran. (#329)

Fixes

  • rust-hybrid indexing now batches more candidate lookups during reference resolution, reducing default indexing time on TypeScript-heavy projects without changing indexed results or fallback behavior. (#491)
  • rust-hybrid indexing now completes sparse-checkout projects when a planned non-Rust-owned fallback file is missing, and reports the missing fallback coverage as degraded diagnostics instead of failing the whole run. (#482, #483, #484)
  • rust-hybrid indexing now reuses Rust parser instances by source language during extraction, reducing repeated parser setup work without changing indexed results or fallback behavior. (#292)
  • rust-hybrid indexing now writes Rust-extracted source fac...
Read more