nikolai-vysotskyi/trace-mcp

1.34.0 (2026-05-10)

Features

• ai: classified provider errors + retry helper with exp backoff (9d0f513)
• ai: consent gate for outbound LLM provider traffic (6ec8630)
• ai: detect local LLM endpoints (Ollama / LM Studio / llama.cpp) (be6075e)
• ai: one-shot stderr warning before cloud-bound embeddings (2753856)
• ai: per-provider quota / auth circuit-breaker (c82fea1)
• ai: stamp embedding provider on the index, refuse cross-provider mix (1ee2a11)
• ai: tier-router helper + tier-separated default models (d0e2848)
• analysis: rank cross-community edges by surprise score (9c184f5)
• communities: seed Leiden PRNG so community IDs are deterministic (8dff326)
• communities: split low-cohesion mega-clusters in a second Leiden pass (3fa7078)
• config: add TRACE_MCP_DATA_DIR + TRACE_MCP_REPO_ROOT env overrides (f326a81)
• daemon: add stdio handshake watchdog (f0d82ea)
• daemon: proxy-backend routes worktree paths to canonical indexed repo (2b22c11)
• db: verify_index + repair_index MCP tools (f66fe32)
• dead-code: drop framework entry points from the candidate set (25a7825)
• dead-code: seed reachability with package.json#exports entries (da7c69d)
• find_usages: drop text_matched edges into ambiguously-named targets (1407af2)
• graph: add float edge confidence on top of resolution_tier (92d7190)
• hooks: guard v0.9 — block bare directory walks + .md doc-tour hint (45a9be2)
• impact,refs: surface resolution_tier on find_usages and get_change_impact (4eff222)
• indexer: add postprocess level knob (full / minimal / none) (cab7e90)
• indexer: detect file renames by content hash and skip re-extraction (46ca974)
• indexer: force-include files declared as package.json entry points (83cada2)
• indexer: per-target PID-guard for reindex / embed_repo (656efe4)
• indexer: warn when a full reindex shrinks the graph by more than half (eb43ee9)
• insights: add generate_insights_report MCP tool (50a4820)
• memory: canonicalise decision file_path to repo-relative on store + query (8d4cdfd)
• memory: CorpusBuilder — materialise corpora via packContext (5e34f59)
• memory: CorpusStore — persistent code-context corpora on disk (6425e26)
• memory: privacy filter for mine_sessions strips internal payloads (1134509)
• memory: worktree adoption — mine_sessions files decisions under parent (9d9b836)
• perf: cooperative yield from heavy CPU loops to keep stdio responsive (6f40b78)
• plugin-api: support async extractNodes in framework plugins (1b6095e)
• plugin: add Claude Code plugin manifest for one-step install (b1f3719)
• plugins: add class-validator, passport, react-table; expand NestJS WS (50c17ec)
• plugins: add Kafka producer/consumer indexer (Spring, kafkajs, Python) (6c80def)
• plugins: index .luau (Roblox Lua) and .qmd (Quarto) files (ccc9c2d)
• plugins: index extensionless scripts via #! shebang fallback (39abbfd)
• registry: add git-worktree probe primitives (a7d489c)
• registry: worktree-aware project resolution (9f4bda3)
• security: add SSRF guard utility for outbound fetches (c8204c5)
• security: add wall-clock budget to searchText regex iteration (b651b90)
• security: extend git env hardening to predictive + impact paths (848c23a)
• security: harden git env in workspace-spawned commands (124bdd0)
• server: expose project state through six MCP resources (59b4267)
• server: sanitize MCP tool output against prompt injection (4331183)
• server: UTF-8 + stdout-guard hardening for the MCP stdio transport (2fa4a4d)
• session: Codex CLI session provider for mine_sessions / discover (207152d)
• shared: centralised path accessors + invariant test (3a32cc8)
• spring: enrich @Autowired/constructor metadata with call-site hints (469534e)
• ssrf-guard: add allowPrivateNetworks opt-in for local LLM endpoints (46ac4d3)
• subproject: add a remote repo as a subproject in one shot via git_url (dd440bc)
• tools: add detail_level=minimal knob on search/get_outline/find_usages (b5af6ef)
• tools: add get_minimal_context — single-call orientation entrypoint (b02a2a1)
• tools: add get_suggested_questions for ranked review checklists (c6090c3)
• tools: add named graph snapshots + diff for tracking evolution (22d6e4b)
• tools: add traverse_graph BFS walker with token budget (7485574)
• tools: coerce empty-string MCP args to undefined for filter fields (0357e7c)
• tools: export the dependency graph as GraphML / Cypher / Obsidian (6c72ff1)
• tools: Knowledge Agent MCP surface — build/list/query/delete corpus (3401e9d)
• topology: cross-project topic tunnels via entity registry (7360aee)
• utils: atomicWriteJson helper + apply at all state-file write sites (470b83f)
• viz: community-aggregation helper for large-graph visualisation (0c36fb3)
• vscode-extension: on-save reindex extension (45d53a1)

Bug Fixes

• ai: classify caller-driven aborts in withRetry as kind=aborted (c01a854)
• app: declare @types/node directly so tsc -p tsconfig.main.json works under pnpm (49e5502)
• config: atomic write for global JSONC config mutations (d22be14)
• daemon: atomic write for PID file + atomic stale-lock takeover (5c0f5ea)
• daemon: identity-token PID-reuse guard for daemon lifecycle (e948a22)
• db: bound WAL growth and add periodic checkpoint to long-lived stores (68b4157)
• db: centralise symbols_fts DDL so repair-fts cannot drift from schema (89a1bea)
• dead-code: never flag symbols that have any incoming call/ref edge (a3fc0e0)
• git-worktree: use fs.realpathSync.native for Win32 8.3-shortname normalisation (b3d5f41)
• indexer: normalize relTarget separators when resolving import edges (fc28bfb)
• indexer: parse tsconfig.json as JSONC to recover path aliases (3ac3cd9)
• indexer: serialize register_edit and reindex through the same lock (918921f)
• indexer: suppress shrinkWarning + execFileSync for git rev-parse (5f0cbf1)
• navigation: explicit degradation signal for semantic search without AI (6bbeb53)
• pin zod to 4.3.6 via pnpm.overrides (4.4.x breaks dist/cli.js) (4cf12c7)
• refactoring: normalize result paths to forward slashes for cross-platform consistency (848f668)
• resolver: parse tsconfig.json as JSONC, not strict JSON (5cadb07)
• security: chmod 0700 on ~/.trace-mcp and 0600 on local SQLite stores (0c0fac2)
• security: keep hook source lookup inside the trace-mcp install tree (32bcda7)
• security: validate git refs and replace shell-mode execSync with execFileSync (3b08ed0)
• security: validate git_ref before passing to git --branch in subproject_add_repo (e197184)
• security: wire SSRF guard into AI provider fetches and git-clone path (b7fb294)
• ssrf-guard: import LookupAddress from node:dns instead of node:dns/promises (8f1e184)

Documentation

• bump headline figures to 99% and refresh hero copy (43d12e0)
• confidence: clarify trigger contract + add SQL-level regression tests (f4a85bd)
• readme: add CI status badge (33169e4)
• update contributor instructions for pnpm (3a4344a)

Tests

• ci: align test-side realpath with production native binding (782097b)
• ci: fix 7 baseline Windows-only failures (path separators + 8.3 names) (82ab7eb)
• cover remaining Windows-runner failures from cross-platform CI (086aedd)
• cover the long-tail Windows-runner failures from cross-platform CI (6075495)
• docs: regression test for numeric README claims + sync stale numbers (1b18d46)
• impact,refs: cover resolution_tier surfacing (4915eb1)
• markdown: include .qmd in supportedExtensions assertion (a38c18a)
• perf: de-flake batched-inserts benchmark across CI runners (c9f8988)
• perf: re-deflake batched-inserts benchmark — loosen to regression guard (d524b1e)
• perf: skip batched-inserts benchmark on Windows runner (a434dcf)
• security: cover hook-source path-traversal validators (d414327)
• security: make path expectations Windows-safe (61e3345)

Chores

• app: migrate packages/app from npm to pnpm (3d75a19)
• migrate root package manager from npm to pnpm (d36486c)
• security: drop unused restrictHomeDirPerms helper (4b5b827)
• wip: version-stamp init helper + daemon session change (cd45cde)

CI/CD

• also run on push to master (c2382ca)
• switch CI install path to pnpm + add cross-platform test matrix (6bc2f7a)

Upgrade

npm install -g trace-mcp@latest
trace-mcp init