Skip to content

Releases: tirth8205/code-review-graph

v2.1.0 — Notebooks, Lua, Zero-Config Onboarding

03 Apr 11:49
@tirth8205 tirth8205
v2.1.0
0f520e3

Choose a tag to compare

View all tags
v2.1.0 — Notebooks, Lua, Zero-Config Onboarding

What's New

Jupyter & Databricks Notebook Parsing

Parse .ipynb files and Databricks .py notebook exports. Extracts functions, classes, and imports across Python, R, and SQL cells — your notebooks are now part of the graph.

Lua Language Support (20th language)

Full parsing for .lua files: functions, local functions, method calls, and require statements.

Perl XS Support

Parse .xs files with improved Perl call detection and test coverage.

Zero-Config Onboarding

install now sets up skills, hooks, and CLAUDE.md by default. Graph instructions are injected into all platform rule files automatically. Smart detection of uvx vs pip install method.

JS/TS Arrow Function Indexing

const foo = () => {} and const bar = function() {} now correctly appear as nodes in the graph.

Website Launch

code-review-graph.com is live.

All Changes

Added

  • Jupyter notebook parsing (.ipynb) with multi-language cell support (Python, R, SQL)
  • Databricks .py notebook export parsing with # COMMAND ---------- cell boundaries
  • Lua language support — functions, local functions, method calls, requires
  • Perl .xs file support with improved call detection
  • Zero-config onboarding: skills, hooks, and CLAUDE.md installed by default
  • Platform rule injection into all supported platform config files on install
  • Smart install method detection (uvx vs pip/pipx)
  • --platform claude-code alias

Fixed

  • JS/TS arrow functions and const exports now indexed as nodes (#66)
  • importers_of path normalization with resolve() (#65)
  • Custom embedding model architecture support restored (#79)

Docs

  • README overhauled with all 9 diagrams, website link, platform-neutral language

Full Changelog: v2.0.0...v2.1.0

pip install --upgrade code-review-graph

Loading

v2.0.0

27 Mar 13:54
@tirth8205 tirth8205
v2.0.0
cac02b2

Choose a tag to compare

View all tags
v2.0.0

v2.0.0 — Production Audit Fixes

Security

  • Fix path traversal in wiki page reader
  • Fix git diff argument ordering (broke incremental updates)
  • Add regex allowlist for git ref validation
  • Add explicit SSL context for MiniMax API
  • Add permissions: contents: read to CI workflow
  • Migrate to scoped PyPI publish secret

Reliability

  • Fix node_qualified_name schema mismatch in wiki flow query
  • Wrap store_file_nodes_edges in explicit BEGIN IMMEDIATE transaction
  • Narrow post-build exception handling to specific types
  • Add error handling to watch mode delete handler
  • Add schema version sync CI check (Python ↔ VSCode)

Performance

  • Batch N+1 queries in get_impact_radius and risk scoring
  • Replace full edge table scan in wiki with targeted queries
  • Merge hybrid search phases into single batch fetch
  • Line-targeted replacement in refactor to prevent file corruption

Architecture

  • Decompose 386-line _extract_from_tree into 6 focused methods
  • Add 17 public query methods to GraphStore, eliminate 24 _conn accesses
  • Split 1,782-line tools.py into 10 themed sub-modules
  • Extract shared SECURITY_KEYWORDS to constants.py
  • Add _error_response() helper for consistent error patterns
  • Update VSCode extension schema version to 5
  • Update version strings across README, SECURITY.md, __init__.py

Testing

  • Add 5 integration tests with real git repos
  • Raise CI coverage threshold from 50% to 65%
  • Fix import ordering in test files
Loading

v1.8.4 — Vue, Solidity, Call Resolution, Docs Overhaul

20 Mar 13:23
@tirth8205 tirth8205
v1.8.4
f9f01ae

Choose a tag to compare

View all tags
v1.8.4 — Vue, Solidity, Call Resolution, Docs Overhaul

What's New

New Languages

  • Vue SFC parsing.vue Single File Components with <script> / <script setup> extraction and lang="ts" detection
  • Solidity support — full parsing for .sol files (functions, events, modifiers, inheritance)

New Features

  • find_large_functions_tool — new MCP tool to find functions/classes/files exceeding a line-count threshold
  • Call target resolution — bare call targets resolved to qualified names using same-file definitions, improving callers_of/callees_of accuracy
  • Multi-word AND searchsearch_nodes now requires all words to match (stricter, more precise)
  • Impact radius paginationget_impact_radius returns truncated flag, total_impacted count, and accepts max_results parameter

Security & Robustness (v1.8.3)

  • Parser recursion guard (_MAX_AST_DEPTH = 180)
  • Module cache bound (_MODULE_CACHE_MAX = 15,000)
  • Embeddings thread safety + Gemini API retry with exponential backoff
  • Visualization XSS hardening
  • Configurable git timeout via CRG_GIT_TIMEOUT env var

Documentation

  • All docs updated: 14 languages, 9 MCP tools, accurate version references
  • VS Code extension updated to v0.2.0 with all 13 commands documented
  • Added CONTRIBUTING.md, SECURITY.md, CODE_OF_CONDUCT.md

Install / Upgrade

pip install --upgrade code-review-graph

Full Changelog: https://github.com/tirth8205/code-review-graph/blob/main/CHANGELOG.md

Loading

v1.8.2 — Fix C# parsing

17 Mar 13:08
@tirth8205 tirth8205
v1.8.2
88f33b7

Choose a tag to compare

View all tags
v1.8.2 — Fix C# parsing

Fixed

  • C# parsing broken: Renamed language identifier from c_sharp to csharp to match tree-sitter-language-pack's actual identifier. Previously, all C# files were silently skipped because _get_parser() swallowed the LookupError.

3 previously-skipped C# tests now pass (111 total, 0 skipped).

Loading

v1.8.1 — CI fix

17 Mar 13:05
@tirth8205 tirth8205
v1.8.1
308e01a

Choose a tag to compare

View all tags
v1.8.1 — CI fix

Fixes missing max_nodes parameter in get_impact_radius method signature and updates test assertion for expanded .gitignore format. No functional changes beyond v1.8.0.

Loading

v1.8.0 — Security Hardening

17 Mar 12:52
@tirth8205 tirth8205
v1.8.0
6a60538

Choose a tag to compare

View all tags
v1.8.0 — Security Hardening

Security Release

This release addresses 12 security findings from a comprehensive pre-launch audit.

Security Fixes

  • Prompt injection mitigation — node names sanitized before MCP tool responses
  • Path traversal protectionrepo_root validated as a project directory
  • VSCode RCE fixcliPath locked to machine-level settings only
  • XSS fix — visualization HTML escapes quotes and backticks
  • SRI for CDN — D3.js loaded with integrity hash
  • Secure noncescrypto.randomBytes() replaces Math.random()
  • Symlink protection — symlinks skipped in build and watch mode
  • TOCTOU fix — file read once, hash and parse from same buffer

Reliability Fixes

  • Thread-safe NetworkX cache with threading.Lock
  • BFS capped at 500 nodes to prevent resource exhaustion
  • SQL IN clause batched to respect SQLite parameter limits
  • Dependency version upper bounds pinned

See CHANGELOG.md for full details.

Loading

v1.7.2

09 Mar 16:48
@tirth8205 tirth8205
v1.7.2
8d8ca6a

Choose a tag to compare

View all tags
v1.7.2

Fixes

  • Watch mode thread safety: SQLite connections now use check_same_thread=False for Python 3.10/3.11 compatibility with watchdog's background threads
  • Full rebuild stale data: full_build now purges nodes/edges from files deleted since last build
  • Removed unused dependency: gitpython was listed in dependencies but never imported — removed to shrink install footprint
  • Stale Docker reference: Removed non-existent Docker image suggestion from Python version check
  • Malformed .mcp.json handling: Now warns before overwriting instead of silently replacing
  • Documentation fixes: Corrected stale docstring, grammar, and install commands across docs

Install / Upgrade

# Claude Code plugin (recommended)
claude plugin add tirth8205/code-review-graph

# pip
pip install --upgrade code-review-graph

Full Changelog: v1.7.1...v1.7.2

Loading

v1.7.1

09 Mar 16:28
@tirth8205 tirth8205
v1.7.1
cb9d1db

Choose a tag to compare

View all tags
v1.7.1

What's New

Install Command

pip install code-review-graph
code-review-graph install

New install command as the primary entry point. init remains as a backwards-compatible alias. Supports --dry-run to preview changes.

Benchmarked README

README rewrite with real benchmark data from 3 production repos (httpx, FastAPI, Next.js):

  • Code reviews: 6.8x fewer tokens on average
  • Live coding tasks: 14.1x average, up to 49x on large monorepos

Automatic PyPI Publishing

GitHub releases now automatically publish to PyPI.

Docs

All documentation updated for v1.7.1. Professional tone throughout.

Full Changelog: v1.6.4...v1.7.1

Loading

v1.6.3

06 Mar 19:15
@tirth8205 tirth8205
v1.6.3
5b2edb5

Choose a tag to compare

View all tags
v1.6.3

v1.6.3

  • SessionStart hook: Claude Code now automatically prefers graph tools over full codebase scans, saving tokens on every query
  • Fixed plugin.json schema for official marketplace submission (keywords, homepage, author URL)
  • Removed screenshot placeholders from README
Loading

v1.6.2

27 Feb 21:32
@tirth8205 tirth8205
v1.6.2
ad6474b

Choose a tag to compare

View all tags
v1.6.2

v1.6.2

24 Audit Fixes

  • Critical: Incremental hash comparison bug — file_hash read from wrong field, causing every file to re-parse
  • Parser: C/C++ support — full node extraction (structs, classes, functions, includes, calls, inheritance)
  • Parser: name extraction fixes for Kotlin/Swift (simple_identifier), Ruby (constant), C/C++ nested function_declarator
  • Performance: NetworkX graph caching, batch edge queries, chunked embedding search, git subprocess timeouts
  • CI hardening: Coverage enforcement (50%), bandit security scanning, mypy type checking
  • Tests: +40 new tests for incremental updates, embeddings, and 7 new language fixtures
  • Docs: API response schemas, ignore pattern documentation, fixed hook config reference
  • Accessibility: ARIA labels throughout D3.js visualization

See CHANGELOG.md for full details.

Loading