v2.3.2

What's New in v2.3.2

Major feature release — 15 new capabilities, 6 community PRs merged, 6 new MCP tools, 4 new languages, multi-format export, and a full graph analysis suite.

New MCP Tools (6)

Tool	What it does
get_hub_nodes_tool	Find most-connected nodes (architectural hotspots)
get_bridge_nodes_tool	Find chokepoints via betweenness centrality
get_knowledge_gaps_tool	Identify isolated nodes, untested hotspots, thin communities
get_surprising_connections_tool	Detect unexpected cross-community/cross-language coupling
get_suggested_questions_tool	Auto-generate prioritized review questions from analysis
traverse_graph_tool	BFS/DFS traversal from any node with token budget

Total MCP tools: 28 (was 22)

New Features

• Edge confidence scoring — three-tier system (EXTRACTED/INFERRED/AMBIGUOUS) with float scores
• Export formats — visualize --format graphml|cypher|obsidian|svg for Gephi, Neo4j, Obsidian vault, SVG
• Graph diff — compare graph snapshots over time (new/removed nodes, edges, community changes)
• Token benchmarking — measure naive-vs-graph token reduction with per-question ratios
• Memory loop — persist Q&A results as markdown for re-ingestion into the graph
• Community auto-split — oversized communities (>25%) recursively split via Leiden
• Visualization — node size by degree, community legend with toggles

New Languages (4)

Zig, PowerShell, Julia, Svelte SFC → 23 languages total

Community PRs Merged (6)

• #127 (xtfer): SQLite compound edge indexes
• #184 (realkotob): batch _compute_summaries — fixes build hangs on large repos
• #202 (lngyeen): Swift extension detection + inheritance edges
• #249 (gzenz): Leiden resolution scaling (21x speedup), 56 new tests, framework-aware dead code
• #253 (cwoolum): auto build graph for new worktrees
• #267 (jindalarpit): Kiro platform support

README Translations

🌐 Simplified Chinese · 日本語 · 한국어 · हिन्दी

Upgrade

pip install --upgrade code-review-graph   # → 2.3.2
code-review-graph install                 # re-run to pick up new config

788 tests pass. Schema v9. Full changelog: CHANGELOG.md

v2.3.1 — Windows MCP hang hotfix (#46, #136)

Summary

Hotfix for the Windows long-running MCP tool hang. v2.2.4 shipped the event-loop policy fix, but @dev-limucc's test on #136 showed that was necessary but not sufficient — read-only tools worked, but build_or_update_graph_tool and embed_graph_tool still hung indefinitely on Windows 11 / Python 3.14.

uvx --reinstall code-review-graph
# or
pip install -U code-review-graph

If you were affected by either #46 or #136 on v2.2.4, this release should fix it.

What's fixed

FastMCP 2.x dispatches sync handlers inline on the only event-loop thread. When a handler runs for more than a few seconds — especially one that spawns subprocesses (full_build uses ProcessPoolExecutor) or does CPU-bound inference (sentence-transformers) — the loop stops pumping stdin/stdout, Claude Code's request never gets a response, and the MCP client shows "Synthesizing…" forever.

Fix: the five heavy tools are now async def and offload their blocking work with asyncio.to_thread. The event loop stays responsive and stdio keeps pumping.

Tools now async

• build_or_update_graph_tool — full_build / incremental_update
• run_postprocess_tool — community detection can take 20s+ on large graphs
• embed_graph_tool — sentence-transformers / Gemini inference
• detect_changes_tool — git diff subprocess + BFS traversal
• generate_wiki_tool — many SQLite reads + file writes

The other 19 tools are fast SQLite-read paths and stay sync.

Lock-in tests

Two new regression tests in tests/test_main.py::TestLongRunningToolsAreAsync:

1. test_heavy_tools_are_coroutines — asserts via mcp.get_tools() introspection that all 5 heavy tools register as coroutine functions.
2. test_heavy_tool_source_uses_to_thread — greps each tool's source for a literal asyncio.to_thread call, so we don't accidentally make a tool async def without actually offloading the work.

These will fail at collection time if someone converts one of the 5 tools back to sync in a future refactor.

Verification

macOS / Python 3.11:

• All 24 tools register, 5 heavy ones as coroutines
• 737 tests pass (+2 new lock-in tests), coverage 74.63%
• ruff / mypy / bandit clean
• CI matrix 3.10 / 3.11 / 3.12 / 3.13 green

Windows: will be verified by @dev-limucc post-release against the original repro (build_or_update_graph_tool(full_rebuild=True) + embed_graph_tool).

Upgrade notes

• Nothing to do beyond upgrading. The async wrappers are transparent to MCP clients — they still call the tools the same way.
• If you're coming from v2.2.2 or earlier, the usual code-review-graph install is still needed to pick up the v2.2.3 hook schema rewrite.

Closes (pending final Windows test)

• #46 (build hangs on Windows)
• #136 (embed_graph_tool hangs on Windows)

v2.3.0 — Elixir + Obj-C + Bash, Qwen, CRG_DATA_DIR, refactor dry-run

Highlights

Minor-version release with 9 features and 1 bug fix. All additive on top of v2.2.4. Upgrade with:

uvx --reinstall code-review-graph
# or
pip install -U code-review-graph

New language + platform support

• Elixir (#112) — .ex / .exs files parse modules, def/defp/defmacro/defmacrop, alias/import/require/use, and internal call resolution. Close the MathHelpers.double → Calculator.compute loop.
• Objective-C (#88) — .m files parse @interface / @implementation, instance + class methods, [receiver message:args] calls (including multi-part selectors), C-style main(), and #import/#include.
• Bash / Shell (#197) — .sh / .bash / .zsh files parse functions, every command as a CALLS edge, and source path / . path as IMPORTS_FROM with filesystem path resolution.
• Qwen Code (#83) — new MCP install target: code-review-graph install --platform qwen merges into ~/.qwen/settings.json without clobbering existing entries.

MCP tool improvements

• apply_refactor_tool(dry_run=True) (#176) — preview the exact unified diff before committing the rename to disk. The refactor_id stays valid after the dry-run so you can review and then call again with dry_run=False to actually write the changes.
• install --no-instructions + -y/--yes (#173) — new flags on code-review-graph install:
  • --no-instructions skips the CLAUDE.md / AGENTS.md / .cursorrules / .windsurfrules injection entirely.
  • -y / --yes auto-confirms the instruction injection without the interactive TTY prompt.
  • Even without --dry-run, install now prints the target list before writing.
• Cloud embeddings stderr warning (#174) — get_provider() now writes a one-time warning to stderr before returning a Google Gemini or MiniMax provider, making it explicit that source code will be sent to an external API. Set CRG_ACCEPT_CLOUD_EMBEDDINGS=1 to suppress the warning in scripted workflows. The warning is stderr-only — it never touches stdout or stdin so the MCP stdio transport remains uncorrupted.

Graph storage

• CRG_DATA_DIR (#155) — when set, replaces the default <repo>/.code-review-graph directory verbatim. Useful for ephemeral workspaces, Docker volumes, shared CI caches, or multi-repo orchestrators that want graphs outside the working tree.
• CRG_REPO_ROOT (#155) — find_project_root() checks this env var before the usual git-root walk. Lets you script the CLI from any cwd.
• Both variables honor ~ expansion and fall through cleanly if the path doesn't exist.

Fixed

• Multi-edit refactor correctness — apply_refactor() could silently stomp earlier changes when a single refactor touched the same file with multiple edits. The plan-computation step now groups edits by file and applies them sequentially against updated content, in both real-write and dry-run modes.

Docs

• docs/TROUBLESHOOTING.md — new top section covers the 4 most common support questions:
  1. Hooks use a matcher + hooks array error → upgrade to v2.2.4+ and re-run install
  2. command not found after pip install → use pipx / uvx / python -m code_review_graph
  3. "Is this project-scoped or user-scoped?" — the 4-piece scope table (package / graph.db / .mcp.json / registry)
  4. "Built the graph but Claude Code doesn't see it" — 4-item debug checklist (restart, cwd, install step, MCP logs)

Closes

#83, #88, #112, #155, #173, #174, #176, #197, #211 (closed separately as already-implemented)

Superseded contributor PRs (closed with credit)

• PR #204 by @lngyeen (install preview) — reimplemented cleanly in #228 with isatty()-guarded confirmation
• PR #207 by @yashmewada9618 (CRG_DATA_DIR) — reimplemented cleanly in #228 without input()-on-stdio
• PR #179 by @Bakul2006 (cloud embeddings warning) — reimplemented cleanly in #228 with stderr-only messaging

Thank you to all three contributors — your original designs pushed these forward.

Still pending for a future release

• #199 Terraform/Helm — HCL's resource graph needs a design call (dependency-DAG model doesn't fit the call-graph shape); Helm chart template + values cross-referencing is a separate analyzer
• #210 TOON serialization — previously declined; keeping the issue open for long-term tracking
• #143 / #144 fastmcp CVE PRs — already closed as superseded by v2.2.4's fastmcp bump
• VS Code extension v0.2.2 — repackage + republish manually (the PyPI publish.yml doesn't cover it)

v2.2.4 — fastmcp CVE fix, Windows hang, 11 bug fixes

Highlights

Ships the 11 bugs from PR #222 plus the v2.2.3.1 smoke-test hotfixes. If you're on v2.2.3 or earlier, this is a straight upgrade — re-run code-review-graph install afterward to pick up any config updates.

uvx --reinstall code-review-graph
# or
pip install -U code-review-graph

Security — CVE remediation

• fastmcp 1.0 → >=2.14.0,<3 (closes #139, #195)
  • CVE-2025-62800 (XSS)
  • CVE-2025-62801 (command injection via server_name)
  • CVE-2025-66416 (Confused Deputy)
  • Transitively drops the broken docket → fakeredis chain that caused ImportError: FakeConnection renamed to FakeRedisConnection on fresh installs (#195)
  • All 24 MCP tools verified to register and round-trip real data on fastmcp 2.14.6 across a 6-repo smoke test

Fixed

• #46 / #136 — Windows build/embed_graph_tool silent hangs. main() now sets WindowsSelectorEventLoopPolicy before mcp.run() on sys.platform == "win32". The default ProactorEventLoop deadlocks with ProcessPoolExecutor (used by full_build) over stdio MCP. No-op on macOS/Linux.
• #190 — Go method receivers. func (s *T) Foo() now attaches Foo to T as a member with a CONTAINS edge, instead of appearing as a top-level function.
• #87 — Dart parser, three bugs:
  • CALLS edges (_extract_dart_calls_from_children()) — tree-sitter-dart doesn't wrap calls in a call_expression; the pattern is identifier + selector > argument_part.
  • package:<pkg>/<path> URI resolution — walks up to a pubspec.yaml whose name: declaration matches <pkg> and resolves to <root>/lib/<path>.
  • inheritors_of bare-vs-qualified fallback — affects all languages, not just Dart.
• #91 — Nested dependency directories now ignored. node_modules/** also matches packages/app/node_modules/react/index.js in monorepos. Added Laravel (vendor/**, bootstrap/cache/**), Gradle (.gradle/**, *.jar), Flutter (.dart_tool/**, .pub-cache/**), and generic (coverage/**, .cache/**) defaults. Deliberately did not add packages/** or bin/**/obj/** — those are false positives for yarn/pnpm workspaces and .NET source trees respectively.
• #194 — Replaced bare except Exception with specific exception types + logger.debug(...) across 11 files. Debuggability win; no behavioral change at happy path.
• #132 — Visualization no longer hides all edges on graphs above ~300 nodes. The unconditional auto-collapse at page load has been raised to a 2000-node threshold; below that, all File / Function / Class nodes and their connecting edges are visible by default.
• #212 — eval command now surfaces ImportError: pyyaml is required: pip install code-review-graph[eval] instead of AttributeError: 'NoneType' object has no attribute 'safe_load' when PyYAML isn't installed.
• #218 — VS Code extension (v0.2.2 — repackage separately): better-sqlite3@11 → @12.4.1+ for VS Code 1.115 (Electron 39 / V8 14.2). v11 used v8::Context::GetIsolate() which was removed in V8 14.2, causing the extension to fail activation with every command undefined.

Carried forward from v2.2.3.1

• #223 — code-review-graph serve --repo <X> now honored by all 24 MCP tools (was only read by get_docs_section_tool).
• #223 — Wiki slug collisions no longer silently overwrite pages. Previously a ~70% data loss bug on real repos: "Data Processing" / "data processing" / "Data Processing" all slugged to the same filename and later iterations overwrote earlier content. Now tracks used slugs per-run and appends -2/-3/… suffixes.

⚠️ Windows note

The Windows event-loop fix (#46 / #136) was applied blind — the maintainer is on macOS and could not verify it on Windows before release. The fix itself is surgical (a single line in main.py behind sys.platform == "win32" — no-op everywhere else) and is the canonical remediation for the ProactorEventLoop + ProcessPoolExecutor + stdio-MCP deadlock, so it's unlikely to regress anything. But if you're on Windows and still see build or embed_graph_tool hang on v2.2.4, please open a fresh issue with:

• python -c "import sys, platform; print(sys.version, platform.platform())"
• Which tool hangs (build, embed, both, other)
• Any stack trace from Ctrl+C

A follow-up patch will ship quickly if needed.

Upgrade notes

• Re-run code-review-graph install after upgrading to pick up any config updates (this is still a requirement if you're coming from v2.2.2 or earlier — the hook schema was rewritten in v2.2.3).
• The VS Code extension needs to be repackaged and republished separately; the existing publish.yml workflow only covers PyPI.

Closes

#46, #87, #91, #132, #136, #139, #190, #194, #195, #212, #218, #223

v2.2.3.1 — --repo flag + wiki slug collisions

Hotfix on top of 2.2.3

Two bugs surfaced by a full first-time-user smoke test run against six real OSS repos (express, fastapi, flask, gin, httpx, next.js). Both are pre-existing and independent of any ongoing work on v2.2.4.

uvx --reinstall code-review-graph
# or
pip install -U code-review-graph

Fixed

• serve --repo <X> was ignored by 21 of 24 MCP tools (#223). main.py captured the flag into _default_repo_root, but only get_docs_section_tool actually read it — every other tool wrapper passed repo_root=None straight through to the impl, which then resolved against the server's cwd. Real-world blast radius is small because install writes a .mcp.json that launches the server with cwd=<repo>, so first-time Claude Code users don't hit this. But anyone scripting serve manually or running a multi-repo orchestrator would silently get the wrong graph. Fixed with a single _resolve_repo_root() helper with explicit precedence (client arg > --repo flag > cwd) threaded through all 24 wrappers.

• Wiki slug collisions silently overwrote pages (#223). _slugify() folds non-alphanumerics to dashes and truncates to 80 chars, so similar community names collided ("Data Processing" / "data processing" / "Data Processing" → data-processing.md). The previous generate_wiki() loop wrote each community to its <slug>.md regardless of collisions — overwriting earlier content while the counter reported overwrites as "updated". On the express smoke test this was ~70% silent data loss (32 real files on disk vs 107 claimed pages). Fixed by tracking used slugs per-run and appending -2, -3, … suffixes until the slug is unique; every community now gets its own page and the counter matches the physical file count. get_wiki_page() lookup still resolves by name via the existing partial-match fallback.

What is NOT in this release

Everything on #222, which is still pending Windows verification:

• fastmcp 1.0 → 2.14.6 (CVEs — #139, fakeredis rename — #195)
• Windows ProactorEventLoop deadlock fix (#46, #136)
• Go receiver methods (#190), Dart parser fixes (#87), nested node_modules ignores (#91), except Exception cleanup (#194), viz auto-collapse (#132), eval yaml.safe_load guard (#212), VS Code better-sqlite3 12.x for VS Code 1.115 (#218)

Once Windows reporters confirm the fix on PR #222's branch, we'll cut v2.2.4 with all of the above.

Upgrade notes

• No schema changes; no action required beyond upgrading.
• No .claude/settings.json rewrite needed (that was a v2.2.3 thing).

Closes

#223

v2.2.3 — hook schema + SQLite transaction fix

Highlights

This release ships 16 fix/feature commits that had been sitting on main since v2.2.2. If you're on v2.2.2, upgrade now — most of the hooks/SQLite issues opened in the last few days are already fixed here.

uvx --reinstall code-review-graph
# or
pip install -U code-review-graph
# then re-run `code-review-graph install` to rewrite .claude/settings.json

Fixed

• Claude Code hook schema (#208) — fixes #97, #138, #163, #168, #172, #182, #188, #191, #201. generate_hooks_config() now emits the valid v1.x+ schema — every hook entry has matcher + a nested hooks: [{type, command, timeout}] array, timeouts are in seconds (not ms), and the invalid PreCommit event is gone. Pre-commit checks now install as a real git pre-commit hook via install_git_hook(). After upgrading, re-run code-review-graph install to rewrite .claude/settings.json.
• SQLite transaction nesting (#205) — fixes #110, #135, #181. GraphStore.__init__ now connects with isolation_level=None, disabling Python's implicit transactions that caused sqlite3.OperationalError: cannot start a transaction within a transaction on update. store_file_nodes_edges flushes any stray open transaction before BEGIN IMMEDIATE as defense-in-depth.
• Go method receivers (#166) — method names are now resolved from field_identifier inside method_declaration (previously they'd get picked up as the result type, e.g. int64).
• UTF-8 decode errors in detect_changes (#170) — fixes #169. Diffs with binary files no longer crash.
• --platform target scope (#142) — fixes #133. code-review-graph install --platform <target> now correctly filters which skills, hooks, and instruction files get written.
• Large-repo community detection hangs (#213, #183) — removed recursive sub-community splitting, capped Leiden at n_iterations=2, batched store_communities writes. 100k+ node graphs no longer hang.
• CI: ruff + tomllib on Python 3.10 (#220) — tomli backport for 3.10, assorted N806/E501/W291 fixes.
• Missing dev dependencies (#159) — pytest-cov added, 50 ruff errors swept.
• JSX component CALLS edges (#154) — JSX component usage now produces graph edges.

Added

• Codex platform install support (#177) — code-review-graph install --platform codex appends to ~/.codex/config.toml without clobbering existing settings.
• Luau language support (#165) — closes #153. Roblox Luau .luau parsing.
• REFERENCES edge type (#217) — new edge kind for symbol references that aren't direct calls (map/dispatch lookups, string-keyed handlers).
• recurse_submodules build option (#215) — optionally recurse into git submodules during build/update.
• Default .gitignore entry for .code-review-graph/ (#185) — fresh installs auto-add the SQLite DB to .gitignore.
• Clearer gitignore docs (#171) — closes #157.

Upgrade notes

• Re-run code-review-graph install after upgrading so your .claude/settings.json is rewritten with the correct hook schema. The old schema from v2.2.2 will remain and continue to throw "Hooks use a matcher + hooks array" errors until you do.
• If you hit "cannot start a transaction within a transaction" on update in v2.2.2, that's fixed here — no action needed beyond upgrading.

Closes

Hooks-schema cluster: #97, #138, #163, #168, #172, #182, #188, #191, #201
SQLite transaction cluster: #110, #135, #181
Other: #133, #147, #148, #149, #153, #157, #169, #175

Full changelog: see CHANGELOG.md.

v2.2.2

What's Changed

Added

• Kotlin call extraction: simple_identifier + navigation_expression support for Kotlin method calls (PR #107 by @gzenz)
• JUnit/Kotlin test detection: Annotation-based test classification (@Test, @ParameterizedTest, etc.) for Java/Kotlin/C# (PR #107 by @gzenz)

Fixed

• Windows encoding crash: All write_text/read_text calls in skills.py now use encoding='utf-8' explicitly (PR #152 by @rishi-yadav — fixes #147, #148)
• Invalid --quiet flag in hooks: Removed non-existent --quiet and --json flags from generated hook commands (PR #152 by @rishi-yadav — fixes #149)

Housekeeping

• Untracked .claude-plugin/ directory and added to .gitignore
• GitHub issue triage: responded to 30+ issues, closed 14, reviewed 24 PRs

Full Changelog: v2.2.1...v2.2.2

VS Code Extension v0.2.1

VS Code Extension v0.2.1

Fixed

• Compatible with Python backend schema v6 (no extension-side schema changes in this release)

Full Changelog: v2.2.2...vscode-v0.2.1

v2.2.1 — Scaling + Token Efficiency

What's New in v2.2.1

Complete scaling and token-efficiency overhaul in 12 phases. Builds are 3-5x faster, tool outputs use 40-60% fewer tokens, and graphs with 10k+ nodes are now fully usable.

Highlights

• Parallel parsing — ProcessPoolExecutor for multi-core Tree-sitter parsing
• get_minimal_context — new entry point tool returns ~100 tokens with risk, communities, flows, and suggested next tools
• detail_level="minimal" — 8 most-used tools now support ultra-compact output (80-150 tokens)
• SQLite-native BFS — recursive CTE replaces NetworkX for faster impact analysis
• Lazy post-processing — postprocess="minimal"|"none" to skip expensive flows/communities
• Incremental updates — only re-trace affected flows, skip community re-detection when unaffected
• Visualization aggregation — community/file modes with drill-down for large graphs
• DB schema v6 — pre-computed summary tables for sub-ms queries
• Multi-hop dependents — 2-hop expansion (configurable) with 500-file cap
• Token eval benchmarks — 5 workflow benchmarks for regression testing

Housekeeping

• Untracked marketing-diagram.excalidraw, evaluate/results/, evaluate/reports/ from git
• Updated FEATURES.md, LLM-OPTIMIZED-REFERENCE.md, CHANGELOG.md
• Fixed CI: mypy type errors, ruff import sorting, bandit false positive, VS Code schema sync

Environment Variables

Variable	Default	Description
CRG_PARSE_WORKERS	min(cpu_count, 8)	Parallel parse worker count
CRG_SERIAL_PARSE	""	Set to 1 to disable parallel parsing
CRG_MAX_IMPACT_NODES	500	Max nodes in impact radius
CRG_MAX_IMPACT_DEPTH	2	Max BFS depth for impact
CRG_MAX_BFS_DEPTH	15	Max BFS depth for flow tracing
CRG_MAX_SEARCH_RESULTS	20	Default search result limit
CRG_BFS_ENGINE	sql	sql or networkx for impact BFS
CRG_DEPENDENT_HOPS	2	N-hop dependent discovery depth

New MCP Tools

• get_minimal_context_tool — ultra-compact context entry point
• run_postprocess_tool — run post-processing independently

Full Changelog

See CHANGELOG.md for complete details.

615 tests passing across Python 3.10-3.13.

🤖 Generated with Claude Code

v2.2.0 — Scaling + Token Efficiency

What's New

Scaling + Token Efficiency

A comprehensive 12-phase overhaul to make code-review-graph fast on 10k+ file repos and dramatically reduce token usage in agent workflows.

Parallel Parsing (3-5x faster builds)

full_build() and incremental_update() now use ProcessPoolExecutor for multi-core parsing. Configurable via CRG_PARSE_WORKERS (defaults to min(cpu_count, 8)). Serial fallback with CRG_SERIAL_PARSE=1.

Lazy Post-Processing

New postprocess parameter on build_or_update_graph(): "full" (default), "minimal" (signatures + FTS only), "none" (raw parse). CLI flags --skip-flows and --skip-postprocess. New postprocess CLI command and MCP tool for running post-processing independently.

SQLite-Native BFS (replaces NetworkX)

Impact analysis now uses SQLite recursive CTEs instead of building a full NetworkX graph in Python — significantly faster for large graphs. Configurable limits via CRG_MAX_IMPACT_NODES, CRG_MAX_IMPACT_DEPTH, CRG_MAX_BFS_DEPTH, CRG_MAX_SEARCH_RESULTS. NetworkX fallback via CRG_BFS_ENGINE=networkx.

Multi-Hop Dependent Discovery

find_dependents() now traverses N hops (configurable via CRG_DEPENDENT_HOPS, default 2) with a 500-file safety cap.

Token-Efficient Tool Output (detail_level)

8 most-used tools now accept detail_level="minimal" for ultra-compact output (80-150 tokens vs 500+). 40-60% token reduction on typical workflows. Affected tools: query_graph, get_impact_radius, semantic_search_nodes, detect_changes, get_review_context, list_communities, list_flows.

get_minimal_context — New Entry Point Tool

Single tool that returns graph stats, risk score, top communities/flows, and suggested next tools in ~100 tokens. Task-based routing suggests the optimal next tool based on what you're doing.

Token-Efficient Prompts

All 5 MCP prompts rewritten with shared token-efficiency preamble. Workflows enforce get_minimal_context first, detail_level="minimal" by default, escalation only on high-risk findings.

Incremental Flow & Community Updates

incremental_trace_flows() only re-traces flows touching changed files. incremental_detect_communities() skips re-detection when no communities are affected.

Visualization Aggregation

New mode parameter for generate_html: "community" (super-nodes by community with drill-down), "file" (nodes by file), "auto" (switches at 3000 nodes). CLI: code-review-graph visualize --mode community.

Token-Efficiency Eval Benchmarks

New eval/token_benchmark.py measures tokens consumed by 5 agent workflows (review, architecture, debug, onboard, pre-merge) for regression testing.

Pre-Computed Summary Tables (DB Schema v6)

New community_summaries, flow_snapshots, and risk_index tables for sub-ms responses from minimal-mode tools. Populated automatically during post-processing.

---

All Changes

Added

• Parallel parsing with ProcessPoolExecutor (CRG_PARSE_WORKERS, CRG_SERIAL_PARSE)
• postprocess parameter: "full" / "minimal" / "none" on builds
• run_postprocess MCP tool + CLI postprocess command
• SQLite recursive CTE BFS engine (CRG_BFS_ENGINE)
• Configurable limits: CRG_MAX_IMPACT_NODES, CRG_MAX_IMPACT_DEPTH, CRG_MAX_BFS_DEPTH, CRG_MAX_SEARCH_RESULTS
• CRG_DEPENDENT_HOPS for N-hop dependent discovery
• detail_level="minimal" on 8 tools
• compact_response() helper in tools/_common.py
• get_minimal_context MCP tool with task-based routing
• Token-efficiency preamble in all 5 MCP prompts
• incremental_trace_flows() and incremental_detect_communities()
• Visualization community/file/auto aggregation modes with drill-down
• eval/token_benchmark.py with 5 workflow benchmarks
• DB schema v6: community_summaries, flow_snapshots, risk_index tables
• _compute_summaries() post-processing step
• Token Efficiency Rules in all skill templates
• Graph Tool Usage section in CLAUDE.md

Changed

• find_dependents() now does 2-hop expansion by default (was 1-hop)
• CLI build/update support --skip-flows, --skip-postprocess
• PostToolUse hook uses --skip-flows for faster incremental updates
• All prompts now enforce minimal-first workflows

Fixed

• mypy type errors in parallel parsing branch and context tool