v0.9.4

Patch Changes

• #158 e8ea640 Thanks @SutuSebastian! - Add codemap agents init --targets and --link-mode for non-interactive IDE wiring. Combine with --mcp to write MCP config only for selected integrations (e.g. Cursor + Copilot without Continue/Cline). Mutually exclusive with --interactive.

v0.9.3

Patch Changes

• #156 ae4a143 Thanks @SutuSebastian! - codemap agents init --mcp now includes --root ${workspaceFolder} in the VS Code / Copilot MCP config (.vscode/mcp.json), same as Cursor. Re-run codemap agents init --mcp to upgrade an existing .vscode/mcp.json from older init output (or --interactive and select Copilot only).

v0.9.2

Patch Changes

• #152 150c6c6 Thanks @SutuSebastian! - Adaptive snippet budgets for trace, explore, and node scale with indexed file count when budget_chars is omitted (explicit override unchanged). explore also applies adaptive row limits internally (no transport override).

• #155 450ca2e Thanks @SutuSebastian! - codemap agents init is safer on re-run: IDE mirrors sync bundled template paths only; --force overwrites IDE mirrors only when they carry codemap-init:managed or match the legacy mirror heuristic (pre-marker bundled copies); invalid MCP JSON shapes are rejected instead of reset (even with --force).

• #149 41a4184 Thanks @SutuSebastian! - Add index_freshness metadata on context, MCP tool responses, HTTP headers, and boot stderr warnings so agents can detect commit drift, pending watcher sync, and disk-ahead-of-index states before trusting structural queries.

• #154 1bcca3a Thanks @SutuSebastian! - codemap agents init --mcp writes PM-aware MCP spawn commands (e.g. npx codemap, pnpm exec codemap, yarn exec codemap, bunx codemap, or dlx @stainless-code/codemap@latest) instead of assuming global codemap on PATH.

• #153 048278b Thanks @SutuSebastian! - MCP session lifecycle hygiene: stdio disconnect detection (stdin EOF, stdout EPIPE, parent-PID poll) with graceful watcher shutdown on client exit; HTTP serve --watch refcount-gates the watcher per request (5s release grace, /health excluded). No MCP idle shutdown.

• #151 e717652 Thanks @SutuSebastian! - Rich context bootstrap: start_here with intent-ranked recipe cards, inline index summary, budget-capped hub leaders with export signatures (adaptive caps by repo size), debug-biased marker samples, and optional include_snippets on MCP/HTTP context (no-op when compact: true). Legacy hubs keeps the bundled fan-in recipe default limit; prefer start_here.hub_leaders for signatures.

v0.9.1

Patch Changes

• #146 7afc9eb Thanks @SutuSebastian! - Fix codemap --full (and other worker-pool parses) appearing to hang ~120s after stats print — clear parse timeout timers when workers respond instead of leaving orphaned setTimeout handles on the event loop.

v0.9.0

Minor Changes

• #129 6648add Thanks @SutuSebastian! - Add cross-process index lock with codemap unlock, and append parse failures to <state-dir>/errors.log.

• #130 f5374b8 Thanks @SutuSebastian! - Add per-file parse timeouts with worker recycle during full and incremental indexing; failures log to errors.log and appear in the index summary.

Patch Changes

• #132 8a1de53 Thanks @SutuSebastian! - Add affected-tests recipe and codemap affected CLI for reverse-dependency test selection from changed files.

• #135 c4b4b36 Thanks @SutuSebastian! - Add codemap agents init --mcp — project-level MCP config for Cursor, Claude Code, VS Code, Continue, Cline, Amazon Q (workspace .amazonq/default.json + legacy .amazonq/mcp.json), and Gemini CLI (Windsurf when that integration is selected), with idempotent JSON merge and Claude mcp__codemap__* permissions.

• #138 829075c Thanks @SutuSebastian! - Add field-qualified symbol discovery on codemap show --query and MCP/HTTP show / snippet via a query argument (kind:, name:, path:, in: + optional free text). Includes parameterized SQL engine, optional FTS join, --print-sql Moat-A transparency, and {matches, disambiguation?, warning?} envelope parity across CLI, MCP, and HTTP.

• #124 04c4aa7 Thanks @SutuSebastian! - Honor --state-dir for project recipes; populate function_params.owner_kind; register MCP files/symbols resource templates with optional ?in= filter; watcher fixes for custom state dirs.

• #133 386ffa6 Thanks @SutuSebastian! - Add MCP/HTTP affected tool — same preprocessor as codemap affected, composes the affected-tests recipe. Respects CODEMAP_MCP_TOOLS allowlist.

• #126 ed4ca6b Thanks @SutuSebastian! - Add MCP initialize server instructions (tool-selection playbook) and CODEMAP_MCP_TOOLS env for subset tool registration.

• ee9f6b2 Thanks @SutuSebastian! - Bump oxc-parser to ^0.133.0 and @typescript/native-preview to the latest 7.0 dev build.

• 9fa1e9d Thanks @SutuSebastian! - Pin runtime and dev dependencies to exact versions in package.json (drop carets) and refresh bun.lock. Dev tooling: oxfmt 0.52, oxlint 1.67, @typescript/native-preview 20260526. Oxlint 1.67 drops a redundant escape in show-search-mode.ts glob regex (no behavior change).

• #131 a8cf25b Thanks @SutuSebastian! - Add call-path and symbol-neighborhood query recipes for cycle-safe call-graph tracing and bidirectional symbol exploration.

• #143 e475d20 Thanks @SutuSebastian! - Fix type heritage resolve edge cases: default-import bases, re-export barrel incremental scope, homonym dedupe in ancestor walks, and (expression) complex extends handling.

• #142 a085ec6 Thanks @SutuSebastian! - Add type_heritage substrate and rewire type-ancestors / type-descendants recipes to JOIN indexed heritage edges instead of parsing symbols.signature.

• #141 bd5a1fa Thanks @SutuSebastian! - Add type-ancestors and type-descendants query recipes for extends/implements hierarchy walks (backed by the type_heritage substrate after #142).

• #127 4318cc4 Thanks @SutuSebastian! - Add WSL watch policy (auto-disable on /mnt/* mounts) and opt-in git hooks for background incremental index when the watcher is off.

v0.8.0

Minor Changes

• #107 f24f8b6 Thanks @SutuSebastian! - Substrate tiers 1–6 remainder (excludes C.9 / files.is_entry). Schema bump SCHEMA_VERSION 27 → 34 — first run after upgrade auto-rebuilds .codemap/index.db via the existing version-mismatch path.

  Tier 1 — call + import precision

  • calls.{args_count,is_method_call,is_constructor_call,is_optional_chain}; constructor vs call dedup key fix
  • symbols.{return_type,is_async,is_generator}
  • Side-effect import_specifiers rows (kind='side-effect') + import_id FK to imports

  Tier 2 — bindings

  • bindings.resolution_kind='re-exported' when resolution walks a re-export chain

  Tier 3 — JSX

  • New tables jsx_elements / jsx_attributes; extractor with per-file parent linking post-pass

  Tier 5 — behavioral

  • New tables async_calls, try_catch, decorators, jsdoc_tags; context stack for in_loop / in_try

  Tier 6 — module graph (no entry points)

  • dynamic_imports table + extractor
  • Post-pass files.is_barrel and parse-time files.has_side_effects

  Recipes + goldens: find-call-sites (extended), find-async-functions, find-dynamic-imports, find-barrel-files, find-side-effect-files, find-re-exported-bindings, find-side-effect-imports, find-jsx-usages, find-await-in-loop, find-swallowed-errors, find-decorator-usage, find-throws-jsdoc, plus golden coverage for fan-out-sample / fan-out-sample-json and substrate regression tests.

  Read-only CLI hardening: printQueryResult (ad-hoc codemap query "<SQL>") now sets PRAGMA query_only = 1, closing the last gap vs queryRows / executeQuery (#107).

  Out of scope: C.9 plugin layer (files.is_entry, reachability-from-entry); tiers 7–13.

  Migration: No in-place DDL — rebuild on schema mismatch preserves user-data tables (coverage, query_baselines, recipe_recency). Re-run codemap --full (or any index) after upgrade.

Patch Changes

• #118 665c19a Thanks @SutuSebastian! - Reject apply targets that are symlinks so phase-2 rename cannot replace a link with a regular file.

• #117 5ee5f2e Thanks @SutuSebastian! - Fail benchmark reindex runs when the spawned indexer exits non-zero instead of recording misleading timings.

• #109 02a628f Thanks @SutuSebastian! - Validate codemap index --files operands before indexing starts.

• #110 7767a97 Thanks @SutuSebastian! - Validate VERSION output in detect-pm before writing GitHub Actions outputs.

• #112 ec31949 Thanks @SutuSebastian! - Harden apply and diff-json path containment against traversal outside the project root.

• #123 54ad25a Thanks @SutuSebastian! - Fix high-severity bugs (describe.each parent stack, git porcelain -z paths, CLI symlink entry, pr-comment TTY stdin), medium bugs (changed-since -z paths, perf baseline RUNS guard, qualified typeof, decorator args_text, for-of binding refs, HTTP body drain, benchmark regex validation, jsx INSERT RETURNING id, sqlite stmt cache on close), and low bugs (CLI parse guards, incremental delete transaction, apply summary.files, extension case, pnpm # paths, coverage db.transaction, impact walk delimiter, worker errors, pointer dedup, benchmark readAll visibility).

• #114 ae54ce0 Thanks @SutuSebastian! - Fix diff preview deletions, config empty-array overrides, resolver path containment, impact call-site selection, and FTS cleanup on file delete.

• #122 4e191ba Thanks @SutuSebastian! - Run full check (not build-only) in prepublishOnly so npm publish cannot skip tests or typecheck.

• #113 126066d Thanks @SutuSebastian! - Reject opaque Origin: null in codemap serve CSRF checks.

• #120 17dcbd1 Thanks @SutuSebastian! - Reject unexpected arguments on codemap skill and codemap rule instead of silently printing bundled content.

• #119 cf0532b Thanks @SutuSebastian! - Print symbol signature in codemap snippet terminal output, matching codemap show and the documented contract.

• #116 a444c40 Thanks @SutuSebastian! - Fix V8 coverage ingest so innermost-wins applies across all FunctionCoverage entries in a script, not per-function iteration order.

• #115 eb18750 Thanks @SutuSebastian! - Fix watcher priming race, parse-worker stat errors, incremental rename cleanup, and several indexer extractor gaps (scopes, references, tests.each, process.env, CSS imports).

• #121 f5d013c Thanks @SutuSebastian! - Reject malformed CODEMAP_PARSE_WORKERS values (e.g. 2abc, 1.5) instead of silently truncating with parseInt.

v0.7.5

Patch Changes

• #96 cc8daed Thanks @SutuSebastian! - Performance: full-rebuild wall down ~21% on small trees and ~18% on a real-world ~2k-file external corpus. Headline contributor: collectFiles switched to a single tinyglobby call with ignore patterns (collect_ms -93%, file set bit-identical via followSymbolicLinks: false). Bindings/cycles/re-exports phase now keeps the bulk-INSERT PRAGMA-OFF window open through full rebuild (bindings_ms -33% on the 2k corpus). Plus query_batch single connection, incremental double-read kill, shared countLines helper, stmtCache placeholder memo, SQLite busy_timeout, adapter Map lookup, byte-order sort, FTS5 batched delete, and getAllFileHashes hoist.

  Instrumentation: IndexPerformanceReport now surfaces bindings_ms, module_cycles_ms, re_export_chains_ms (previously rolled into total_ms with no breakdown). Set CODEMAP_PERFORMANCE_JSON=<path> to dump the report as JSON post-run (no new CLI flag added).

  Knobs: CODEMAP_PARSE_WORKERS=N (clamped [1, 32]) overrides the default max(2, min(cpus, 6)) worker count. bun run check:perf-baseline + a non-blocking CI job (📈 Perf baseline (self-index)) guard against per-phase regressions vs fixtures/benchmark/perf-baseline.json; CODEMAP_PERF_RUNS / CODEMAP_PERF_REGRESSION_PCT / CODEMAP_PERF_NOISE_FLOOR_MS tune the checker.

  Behavior change (correctness hardening): queryRows (the implementation behind Codemap.query(), codemap apply recipe SQL execution, bun run test:golden, and the cmd-query print/grouped paths) now sets PRAGMA query_only = 1 to mirror executeQuery's read-only enforcement. DML / DDL slipping through these paths now errors at SQLite instead of mutating the database. All these call sites are contractually read-only; this turns a contract into an enforceable boundary. Existing tests pass unchanged. Anyone who relied on undocumented mutation through Codemap.query("DELETE FROM ...") would now get an error — but that was always API abuse.

  Full design context: docs/plans/perf-triangulation-rollout.md (synthesis + execution rollout of 5 independent perf/architecture audits authored 2026-05-17).

v0.7.4

Patch Changes

• #93 d92b917 Thanks @SutuSebastian! - Fix: project recipes (<root>/.codemap/recipes/<id>.sql) are now visible via the CLI.

  parseQueryRest validates --recipe <id> / --recipes-json / --print-sql <id> BEFORE runQueryCmd calls bootstrapCodemap, so the recipe registry hit getProjectRoot() pre-init, the throw was silently caught, and the loader fell back to bundled-only. The MCP and HTTP transports always bootstrap before reaching the loader, so project recipes worked there throughout — only the CLI path was affected.

  Fix is surgical:

  • New setQueryRecipesProjectRoot(root) API in application/query-recipes.ts — caller-supplied root takes precedence over the runtime config (which isn't initialised yet during argv parse).
  • cli/main.ts calls it once right after parseBootstrapArgs returns root, so every subsequent verb (parser-side and post-bootstrap) sees the same value.

  Single source of truth: the override is the same root bootstrapCodemap resolves to — no parallel walk-up heuristic, no new env var, no second resolution path. The registry cache invalidates when the override changes.

  Adds regression tests (query-recipes.pre-bootstrap.test.ts) exercising the override-only path (no initCodemap) plus a dogfood project recipe (.codemap/recipes/src-deprecated.sql) that scopes the bundled deprecated-symbols audit to src/ only — useful for codemap's own deprecation lifecycle, and a permanent regression case against this bug recurring.

  Consumers with project recipes authored on 0.6.x–0.7.2 didn't need to wait — recipes worked via MCP / HTTP throughout. After upgrading, the CLI auto-picks them up.

v0.7.3

Patch Changes

• #91 82bca4b Thanks @SutuSebastian! - Slim the auto-generated <state-dir>/.gitignore header for consumer clarity:

  • Drop the internal function-name reference (ensureStateGitignore) — consumers can't look it up.
  • Drop the "Rule 9 analogue" / "bump alongside any new cache" line — it was guidance for codemap contributors, leaking into every consumer's checkout.
  • Reframe "blacklist" / parenthetical mention of tracked files in plainer language.

  Existing two-line header (# codemap-managed — edits will be overwritten by ensureStateGitignore. / # Blacklist of generated artifacts...) becomes:

  # Managed by codemap — overwritten on next run.
  # Generated artifacts only; user-authored config (config.*, recipes/) stays tracked.
  

  One-time rewrite on consumer side. The reconciler matches the canonical body via exact string comparison, so every consumer's next codemap run rewrites <state-dir>/.gitignore to the new shape (no entries change — only the comment lines). Harmless; the blacklist entries (index.db, index.db-shm, index.db-wal, audit-cache/) are unchanged.

v0.7.2

Patch Changes

• #89 6e53458 Thanks @SutuSebastian! - codemap audit --base <ref> now materialises the sha-keyed cache via git archive | tar -x instead of git worktree add. The cache entry at .codemap/audit-cache/<sha>/ is a plain extracted tree with no .git pointer file and no registered git worktree, so:

  • git clean -xdf sweeps it without needing -ff (which used to also nuke unrelated nested repos).
  • Plain rm -rf works — no more dangling registrations under <repo>/.git/worktrees/ that needed git worktree prune.

  All other invariants preserved: cache path layout, hit detection (<sha>/.codemap/index.db exists), atomic populate (per-pid temp + POSIX rename), LRU eviction (5 entries / 500 MiB), error code names (worktree-add-failed etc. kept for API stability — external consumers discriminate on code, not the underlying primitive).

  Also: the cache reindex now stamps meta.last_indexed_commit with the resolved sha directly instead of shelling out to git rev-parse HEAD inside the cache dir — silences a fatal: not a git repository stderr line that older revisions leaked.

  Migration — existing consumers with .codemap/audit-cache/<sha>/ worktrees from earlier versions can run git worktree prune once after upgrade to clear dangling registrations. The registrations are inert when the path is gone, so skipping the prune is harmless.