[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1536":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":23,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":27,"readmeContent":28,"aiSummary":29,"trendingCount":16,"starSnapshotCount":16,"syncStatus":30,"lastSyncTime":31,"discoverSource":32},1536,"GitNexus","abhigyanpatwari\u002FGitNexus","abhigyanpatwari","GitNexus: The Zero-Server Code Intelligence Engine - GitNexus is a client-side knowledge graph creator that runs entirely in your browser. Drop in a GitHub repo or ZIP file, and get an interactive knowledge graph wit a built in Graph RAG Agent. Perfect for code exploration","https:\u002F\u002Fgitnexus.vercel.app",null,"TypeScript",41948,4766,147,236,0,68,627,4184,370,45,"Other",false,"main",true,[],"2026-06-12 02:00:29","# GitNexus\n**⚠️ Important Notice:** GitNexus has NO official cryptocurrency, token, or coin. Any token\u002Fcoin using the GitNexus name on Pump.fun or any other platform is **not affiliated with, endorsed by, or created by** this project or its maintainers. Do not purchase any cryptocurrency claiming association with GitNexus.\n\n\u003Cdiv align=\"center\">\n\n \u003Ca href=\"https:\u002F\u002Ftrendshift.io\u002Frepositories\u002F19809\" target=\"_blank\">\n \u003Cimg src=\"https:\u002F\u002Ftrendshift.io\u002Fapi\u002Fbadge\u002Frepositories\u002F19809\" alt=\"abhigyanpatwari%2FGitNexus | Trendshift\" style=\"width: 250px; height: 55px;\" width=\"250\" height=\"55\"\u002F>\n \u003C\u002Fa>\n\n \u003Ch2>Join the official Discord to discuss ideas, issues etc!\u003C\u002Fh2>\n\n \u003Ca href=\"https:\u002F\u002Fdiscord.gg\u002FMgJrmsqr62\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fdiscord\u002F1477255801545429032?color=5865F2&logo=discord&logoColor=white\" alt=\"Discord\"\u002F>\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fwww.npmjs.com\u002Fpackage\u002Fgitnexus\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fnpm\u002Fv\u002Fgitnexus.svg\" alt=\"npm version\"\u002F>\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fpolyformproject.org\u002Flicenses\u002Fnoncommercial\u002F1.0.0\u002F\">\n \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-PolyForm%20Noncommercial-blue.svg\" alt=\"License: PolyForm Noncommercial\"\u002F>\n \u003C\u002Fa>\n \u003Ca href=\"https:\u002F\u002Fsecurityscorecards.dev\u002Fviewer\u002F?uri=github.com\u002Fabhigyanpatwari\u002FGitNexus\">\n \u003Cimg src=\"https:\u002F\u002Fapi.securityscorecards.dev\u002Fprojects\u002Fgithub.com\u002Fabhigyanpatwari\u002FGitNexus\u002Fbadge\" alt=\"OpenSSF Scorecard\"\u002F>\n \u003C\u002Fa>\n\n \u003Cp>\u003Cstrong>Enterprise (SaaS & Self-hosted)\u003C\u002Fstrong> - \u003Ca href=\"https:\u002F\u002Fakonlabs.com\">akonlabs.com\u003C\u002Fa>\u003C\u002Fp>\n\n\u003C\u002Fdiv>\n\n**Building nervous system for agent context.**\n\nIndexes any codebase into a knowledge graph — every dependency, call chain, cluster, and execution flow — then exposes it through smart tools so AI agents never miss code.\n\n\n\n\nhttps:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002F172685ba-8e54-4ea7-9ad1-e31a3398da72\n\n\n\n> *Like DeepWiki, but deeper.* DeepWiki helps you *understand* code. GitNexus lets you *analyze* it — because a knowledge graph tracks every relationship, not just descriptions.\n\n**TL;DR:** The **Web UI** is a quick way to chat with any repo. The **CLI + MCP** is how you make your AI agent actually reliable — it gives Cursor, Claude Code, Codex, and friends a deep architectural view of your codebase so they stop missing dependencies, breaking call chains, and shipping blind edits. Even smaller models get full architectural clarity, making it compete with Goliath models.\n\n---\n\n## Star History\n\n[![Star History Chart](https:\u002F\u002Fapi.star-history.com\u002Fsvg?repos=abhigyanpatwari\u002FGitNexus&type=date&legend=top-left)](https:\u002F\u002Fwww.star-history.com\u002F#abhigyanpatwari\u002FGitNexus&type=date&legend=top-left)\n\n\n## Two Ways to Use GitNexus\n\n| | **CLI + MCP** | **Web UI** |\n| ----------------- | -------------------------------------------------------------- | ------------------------------------------------------------ |\n| **What** | Index repos locally, connect AI agents via MCP | Visual graph explorer + AI chat in browser |\n| **For** | Daily development with Cursor, Claude Code, Codex, Windsurf, OpenCode | Quick exploration, demos, one-off analysis |\n| **Scale** | Full repos, any size | Limited by browser memory (~5k files), or unlimited via backend mode |\n| **Install** | `npm install -g gitnexus` | No install — [gitnexus.vercel.app](https:\u002F\u002Fgitnexus.vercel.app) |\n| **Storage** | LadybugDB native (fast, persistent) | LadybugDB WASM (in-memory, per session) |\n| **Parsing** | Tree-sitter native bindings | Tree-sitter WASM |\n| **Privacy** | Everything local, no network | Everything in-browser, no server |\n\n> **Bridge mode:** `gitnexus serve` connects the two — the web UI auto-detects the local server and can browse all your CLI-indexed repos without re-uploading or re-indexing.\n\n---\n\n## Enterprise\n\nGitNexus is available as an **enterprise offering** - either as a fully managed **SaaS** or a **self-hosted** deployment. Also available for **commercial use** of the OSS version with proper licensing.\n\nEnterprise includes:\n- **PR Review** - automated blast radius analysis on pull requests\n- **Auto-updating Code Wiki** - always up-to-date documentation (Code Wiki is also available in OSS)\n- **Auto-reindexing** - knowledge graph stays fresh automatically\n- **Multi-repo support** - unified graph across repositories\n- **OCaml support** - additional language coverage\n- **Priority feature\u002Flanguage support** - request new languages or features\n\n**Upcoming:**\n- Auto regression forensics\n- End-to-end test generation\n\n👉 Learn more at [akonlabs.com](https:\u002F\u002Fakonlabs.com)\n\n💬 For commercial licensing or enterprise inquiries, ping us on [Discord](https:\u002F\u002Fdiscord.gg\u002FAAsRVT6fGb) or drop an email at founders@akonlabs.com\n\n---\n\n## Development\n\n- [ARCHITECTURE.md](ARCHITECTURE.md) — packages, index → graph → MCP flow, where to change code\n- [RUNBOOK.md](RUNBOOK.md) — analyze, embeddings, stale index, MCP recovery, CI snippets\n- [GUARDRAILS.md](GUARDRAILS.md) — safety rules and operational “Signs” for contributors and agents\n- [CONTRIBUTING.md](CONTRIBUTING.md) — license, setup, commits, and pull requests\n- [TESTING.md](TESTING.md) — test commands for `gitnexus` and `gitnexus-web`\n\n## CLI + MCP (recommended)\n\nThe CLI indexes your repository and runs an MCP server that gives AI agents deep codebase awareness.\n\n### Quick Start\n\n```bash\n# Index your repo (run from repo root)\nnpx gitnexus analyze\n```\n\nThat's it. This indexes the codebase, installs agent skills, registers Claude Code hooks, and creates `AGENTS.md` \u002F `CLAUDE.md` context files — all in one command.\n\nTo configure MCP for your editor, run `npx gitnexus setup` once — or set it up manually below.\n\n### MCP Setup\n\n`gitnexus setup` auto-detects your editors and writes the correct global MCP config. You only need to run it once.\n\n### Editor Support\n\n| Editor | MCP | Skills | Hooks (auto-augment) | Support |\n| --------------------- | --- | ------ | -------------------- | -------------- |\n| **Claude Code** | Yes | Yes | Yes (PreToolUse + PostToolUse) | **Full** |\n| **Cursor** | Yes | Yes | — | MCP + Skills |\n| **Codex** | Yes | Yes | — | MCP + Skills |\n| **Windsurf** | Yes | — | — | MCP |\n| **OpenCode** | Yes | Yes | — | MCP + Skills |\n\n> **Claude Code** gets the deepest integration: MCP tools + agent skills + PreToolUse hooks that enrich searches with graph context + PostToolUse hooks that detect a stale index after commits and prompt the agent to reindex.\n\n## Community Integrations\n\nBuilt by the community — not officially maintained, but worth checking out.\n\n| Project | Author | Description |\n|---------|--------|-------------|\n| [pi-gitnexus](https:\u002F\u002Fgithub.com\u002Ftintinweb\u002Fpi-gitnexus) | [@tintinweb](https:\u002F\u002Fgithub.com\u002Ftintinweb) | GitNexus plugin for [pi](https:\u002F\u002Fpi.dev) — `pi install npm:pi-gitnexus` |\n| [gitnexus-stable-ops](https:\u002F\u002Fgithub.com\u002FShunsukeHayashi\u002Fgitnexus-stable-ops) | [@ShunsukeHayashi](https:\u002F\u002Fgithub.com\u002FShunsukeHayashi) | Stable ops & deployment workflows (Miyabi ecosystem) |\n\n> Have a project built on GitNexus? Open a PR to add it here!\n\nIf you prefer manual configuration:\n\n**Claude Code** (full support — MCP + skills + hooks):\n\n```bash\n# macOS \u002F Linux\nclaude mcp add gitnexus -- npx -y gitnexus@latest mcp\n\n# Windows\nclaude mcp add gitnexus -- cmd \u002Fc npx -y gitnexus@latest mcp\n```\n\n**Codex** (full support — MCP + skills):\n\n```bash\ncodex mcp add gitnexus -- npx -y gitnexus@latest mcp\n```\n\n**Cursor** (`~\u002F.cursor\u002Fmcp.json` — global, works for all projects):\n\n```json\n{\n \"mcpServers\": {\n \"gitnexus\": {\n \"command\": \"npx\",\n \"args\": [\"-y\", \"gitnexus@latest\", \"mcp\"]\n }\n }\n}\n```\n\n**OpenCode** (`~\u002F.config\u002Fopencode\u002Fconfig.json`):\n\n```json\n{\n \"mcp\": {\n \"gitnexus\": {\n \"type\": \"local\",\n \"command\": [\"gitnexus\", \"mcp\"]\n }\n }\n}\n```\n\n**Codex** (`~\u002F.codex\u002Fconfig.toml` for system scope, or `.codex\u002Fconfig.toml` for project scope):\n\n```toml\n[mcp_servers.gitnexus]\ncommand = \"npx\"\nargs = [\"-y\", \"gitnexus@latest\", \"mcp\"]\n```\n\n### CLI Commands\n\n```bash\ngitnexus setup # Configure MCP for your editors (one-time)\ngitnexus analyze [path] # Index a repository (or update stale index)\ngitnexus analyze --force # Force full re-index\ngitnexus analyze --skills # Generate repo-specific skill files from detected communities\ngitnexus analyze --skip-embeddings # Skip embedding generation (faster)\ngitnexus analyze --skip-agents-md # Preserve custom AGENTS.md\u002FCLAUDE.md gitnexus section edits\ngitnexus analyze --skip-git # Index folders that are not Git repositories\ngitnexus analyze --embeddings # Enable embedding generation (slower, better search)\ngitnexus analyze --verbose # Log skipped files when parsers are unavailable\ngitnexus analyze --worker-timeout 60 # Increase worker idle timeout for slow parses\ngitnexus mcp # Start MCP server (stdio) — serves all indexed repos\ngitnexus serve # Start local HTTP server (multi-repo) for web UI connection\ngitnexus list # List all indexed repositories\ngitnexus status # Show index status for current repo\ngitnexus clean # Delete index for current repo\ngitnexus clean --all --force # Delete all indexes\ngitnexus wiki [path] # Generate repository wiki from knowledge graph\ngitnexus wiki --model \u003Cmodel> # Wiki with custom LLM model (default: gpt-4o-mini)\ngitnexus wiki --base-url \u003Curl> # Wiki with custom LLM API base URL\n\n# Repository groups (multi-repo \u002F monorepo service tracking)\ngitnexus group create \u003Cname> # Create a repository group\ngitnexus group add \u003Cgroup> \u003CgroupPath> \u003CregistryName> # Add a repo to a group. \u003CgroupPath> is a hierarchy path (e.g. hr\u002Fhiring\u002Fbackend); \u003CregistryName> is the repo's name from the registry (see `gitnexus list`)\ngitnexus group remove \u003Cgroup> \u003CgroupPath> # Remove a repo from a group by its hierarchy path\ngitnexus group list [name] # List groups, or show one group's config\ngitnexus group sync \u003Cname> # Extract contracts and match across repos\u002Fservices\ngitnexus group contracts \u003Cname> # Inspect extracted contracts and cross-links\ngitnexus group query \u003Cname> \u003Cq> # Search execution flows across all repos in a group\ngitnexus group status \u003Cname> # Check staleness of repos in a group\n```\n\nIf `analyze` reports a worker parse timeout on a large or unusual repository, it keeps running and falls back safely. To give slow worker jobs more time, use `gitnexus analyze --worker-timeout 60` or set `GITNEXUS_WORKER_SUB_BATCH_TIMEOUT_MS=60000`. For very large files, `GITNEXUS_WORKER_SUB_BATCH_MAX_BYTES` controls the worker job byte budget.\n\n### What Your AI Agent Gets\n\n**16 tools** exposed via MCP (11 per-repo + 5 group):\n\n| Tool | What It Does | `repo` Param |\n| ------------------ | ----------------------------------------------------------------- | -------------- |\n| `list_repos` | Discover all indexed repositories | — |\n| `query` | Process-grouped hybrid search (BM25 + semantic + RRF) | Optional |\n| `context` | 360-degree symbol view — categorized refs, process participation | Optional |\n| `impact` | Blast radius analysis with depth grouping and confidence | Optional |\n| `detect_changes` | Git-diff impact — maps changed lines to affected processes | Optional |\n| `rename` | Multi-file coordinated rename with graph + text search | Optional |\n| `cypher` | Raw Cypher graph queries | Optional |\n| `group_list` | List configured repository groups | — |\n| `group_sync` | Extract contracts and match across repos\u002Fservices | — |\n| `group_contracts`| Inspect extracted contracts and cross-links | — |\n| `group_query` | Search execution flows across all repos in a group | — |\n| `group_status` | Check staleness of repos in a group | — |\n\n> When only one repo is indexed, the `repo` parameter is optional. With multiple repos, specify which one: `query({query: \"auth\", repo: \"my-app\"})`.\n\n**Resources** for instant context:\n\n| Resource | Purpose |\n| ----------------------------------------- | ---------------------------------------------------- |\n| `gitnexus:\u002F\u002Frepos` | List all indexed repositories (read this first) |\n| `gitnexus:\u002F\u002Frepo\u002F{name}\u002Fcontext` | Codebase stats, staleness check, and available tools |\n| `gitnexus:\u002F\u002Frepo\u002F{name}\u002Fclusters` | All functional clusters with cohesion scores |\n| `gitnexus:\u002F\u002Frepo\u002F{name}\u002Fcluster\u002F{name}` | Cluster members and details |\n| `gitnexus:\u002F\u002Frepo\u002F{name}\u002Fprocesses` | All execution flows |\n| `gitnexus:\u002F\u002Frepo\u002F{name}\u002Fprocess\u002F{name}` | Full process trace with steps |\n| `gitnexus:\u002F\u002Frepo\u002F{name}\u002Fschema` | Graph schema for Cypher queries |\n\n**2 MCP prompts** for guided workflows:\n\n| Prompt | What It Does |\n| ----------------- | ------------------------------------------------------------------------- |\n| `detect_impact` | Pre-commit change analysis — scope, affected processes, risk level |\n| `generate_map` | Architecture documentation from the knowledge graph with mermaid diagrams |\n\n**4 agent skills** installed to `.claude\u002Fskills\u002F` automatically:\n\n- **Exploring** — Navigate unfamiliar code using the knowledge graph\n- **Debugging** — Trace bugs through call chains\n- **Impact Analysis** — Analyze blast radius before changes\n- **Refactoring** — Plan safe refactors using dependency mapping\n\n**Repo-specific skills** generated with `--skills`:\n\nWhen you run `gitnexus analyze --skills`, GitNexus detects the functional areas of your codebase (via Leiden community detection) and generates a `SKILL.md` file for each one under `.claude\u002Fskills\u002Fgenerated\u002F`. Each skill describes a module's key files, entry points, execution flows, and cross-area connections — so your AI agent gets targeted context for the exact area of code you're working in. Skills are regenerated on each `--skills` run to stay current with the codebase.\n\n---\n\n## Multi-Repo MCP Architecture\n\nGitNexus uses a **global registry** so one MCP server can serve multiple indexed repos. No per-project MCP config needed — set it up once and it works everywhere.\n\n```mermaid\nflowchart TD\n subgraph CLI [CLI Commands]\n Setup[\"gitnexus setup\"]\n Analyze[\"gitnexus analyze\"]\n Clean[\"gitnexus clean\"]\n List[\"gitnexus list\"]\n end\n\n subgraph Registry [\"~\u002F.gitnexus\u002F\"]\n RegFile[\"registry.json\"]\n end\n\n subgraph Repos [Project Repos]\n RepoA[\".gitnexus\u002F in repo A\"]\n RepoB[\".gitnexus\u002F in repo B\"]\n end\n\n subgraph MCP [MCP Server]\n Server[\"server.ts\"]\n Backend[\"LocalBackend\"]\n Pool[\"Connection Pool\"]\n ConnA[\"LadybugDB conn A\"]\n ConnB[\"LadybugDB conn B\"]\n end\n\n Setup -->|\"writes global MCP config\"| CursorConfig[\"~\u002F.cursor\u002Fmcp.json\"]\n Analyze -->|\"registers repo\"| RegFile\n Analyze -->|\"stores index\"| RepoA\n Clean -->|\"unregisters repo\"| RegFile\n List -->|\"reads\"| RegFile\n Server -->|\"reads registry\"| RegFile\n Server --> Backend\n Backend --> Pool\n Pool -->|\"lazy open\"| ConnA\n Pool -->|\"lazy open\"| ConnB\n ConnA -->|\"queries\"| RepoA\n ConnB -->|\"queries\"| RepoB\n```\n\n**How it works:** Each `gitnexus analyze` stores the index in `.gitnexus\u002F` inside the repo (portable, gitignored) and registers a pointer in `~\u002F.gitnexus\u002Fregistry.json`. When an AI agent starts, the MCP server reads the registry and can serve any indexed repo. LadybugDB connections are opened lazily on first query and evicted after 5 minutes of inactivity (max 5 concurrent). If only one repo is indexed, the `repo` parameter is optional on all tools — agents don't need to change anything.\n\n---\n\n## Web UI (browser-based)\n\nA client-side graph explorer and AI chat — your code never leaves your machine.\n\n**Try it now:** [gitnexus.vercel.app](https:\u002F\u002Fgitnexus.vercel.app) — run `npx gitnexus@latest serve` locally and the page auto-connects to your local backend.\n\n\u003Cimg width=\"2550\" height=\"1343\" alt=\"gitnexus_img\" src=\"https:\u002F\u002Fgithub.com\u002Fuser-attachments\u002Fassets\u002Fcc5d637d-e0e5-48e6-93ff-5bcfdb929285\" \u002F>\n\nOr run the frontend locally:\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fabhigyanpatwari\u002Fgitnexus.git\ncd gitnexus\u002Fgitnexus-shared && npm install && npm run build\ncd ..\u002Fgitnexus-web && npm install\nnpm run dev\n# Then in another terminal, start the backend the frontend connects to:\nnpx gitnexus@latest serve\n```\n\n## Docker\n\nThe official Docker setup ships **two signed images** orchestrated by `docker-compose.yaml`. Each image is published to both **GitHub Container Registry** (GHCR) and **Docker Hub** — same build, same digest, same Cosign signature — so pick whichever registry you prefer:\n\n| Purpose | GHCR (default in `docker-compose.yaml`) | Docker Hub mirror |\n| ---------------------------------------------------------------------- | --------------------------------------------- | ------------------------------------------- |\n| CLI \u002F `gitnexus serve` backend (HTTP API on port `4747`, MCP, indexer) | `ghcr.io\u002Fabhigyanpatwari\u002Fgitnexus:latest` | `akonlabs\u002Fgitnexus:latest` |\n| Static web UI (port `4173`) | `ghcr.io\u002Fabhigyanpatwari\u002Fgitnexus-web:latest` | `akonlabs\u002Fgitnexus-web:latest` |\n\n> **Heads-up — image rename.** Earlier releases published the web UI under\n> `ghcr.io\u002Fabhigyanpatwari\u002Fgitnexus`. Starting with the introduction of the\n> bundled backend, that slug now hosts the CLI\u002Fserver image and the UI moved\n> to `ghcr.io\u002Fabhigyanpatwari\u002Fgitnexus-web`. The previous tags remain\n> available for pulling, but new versions are only published under the new\n> slugs. Update your `docker run` \u002F compose files accordingly (or just adopt\n> the bundled compose).\n\n### One-command setup\n\n```bash\ndocker compose up -d\n```\n\nThis starts the server on `http:\u002F\u002Flocalhost:4747` and the web UI on\n`http:\u002F\u002Flocalhost:4173`. The UI auto-detects the server because the browser\nruns on the host and reaches the container via the mapped port.\n\nA named volume (`gitnexus-data`) persists the global registry, indexes, and\ncloned repos at `\u002Fdata\u002Fgitnexus` inside the server container. To make repos on\nyour host machine indexable, set `WORKSPACE_DIR` before bringing the stack up:\n\n```bash\nWORKSPACE_DIR=$HOME\u002Fcode docker compose up -d\n# Inside the server container the directory is mounted read-only at \u002Fworkspace.\ndocker compose exec gitnexus-server gitnexus index \u002Fworkspace\u002Fmy-repo\n```\n\n### Direct `docker run`\n\n```bash\n# Server\ndocker run --rm -d \\\n --name gitnexus-server \\\n -p 4747:4747 \\\n -v gitnexus-data:\u002Fdata\u002Fgitnexus \\\n ghcr.io\u002Fabhigyanpatwari\u002Fgitnexus:latest\n\n# Web UI\ndocker run --rm -d \\\n --name gitnexus-web \\\n -p 4173:4173 \\\n ghcr.io\u002Fabhigyanpatwari\u002Fgitnexus-web:latest\n```\n\nOptional env file (override image tags, container names, ports, workspace dir):\n\n```bash\ncp .env.example .env\ndocker compose --env-file .env up -d\n```\n\n### Versioning & supply-chain protection\n\nThe Docker images are version-locked to the npm package:\n\n- Stable images are **only published from `vX.Y.Z` git tags** (via `docker.yml`\n triggered directly by the tag push), and the workflow refuses to build unless\n the tag exactly matches `gitnexus\u002Fpackage.json`'s version. So\n `ghcr.io\u002Fabhigyanpatwari\u002Fgitnexus:1.6.2` (and its Docker Hub mirror\n `akonlabs\u002Fgitnexus:1.6.2`) is byte-for-byte the same release as\n `npm install gitnexus@1.6.2` — no drift, no floating builds from `main`.\n Both registries receive the same digest from a single build step, so you can\n pull from either and the signature verifies identically.\n- Release-candidate images (e.g. `:1.7.0-rc.1`) are published alongside each\n RC npm release. They are built by `release-candidate.yml` calling `docker.yml`\n as a reusable workflow after the RC tag is created and pushed.\n- `:latest` is auto-promoted only from non-prerelease tags by the Docker\n metadata action, so it always points at a real, npm-published version.\n\nBoth images are signed with [Cosign keyless signing][cosign-keyless] using the\nworkflow's GitHub OIDC identity, and shipped with build provenance and SBOM\nattestations. **This is your protection against supply-chain attacks**: even if\nan attacker republishes a same-named image elsewhere (or somehow pushes to a\ntypo-squatted registry), they cannot forge a Cosign signature tied to\n`abhigyanpatwari\u002FGitNexus`'s `docker.yml`. Always verify before pulling into\nsensitive environments:\n\n**Stable releases** — signed from the `v*` tag ref:\n\n```bash\ncosign verify ghcr.io\u002Fabhigyanpatwari\u002Fgitnexus:1.6.2 \\\n --certificate-identity-regexp '^https:\u002F\u002Fgithub\\.com\u002Fabhigyanpatwari\u002FGitNexus\u002F\\.github\u002Fworkflows\u002Fdocker\\.yml@refs\u002Ftags\u002Fv[0-9]+\\.[0-9]+\\.[0-9]+(-[a-zA-Z0-9.]+)?$' \\\n --certificate-oidc-issuer https:\u002F\u002Ftoken.actions.githubusercontent.com\n\n# Same signature verifies the Docker Hub mirror (identical digest):\ncosign verify docker.io\u002Fakonlabs\u002Fgitnexus:1.6.2 \\\n --certificate-identity-regexp '^https:\u002F\u002Fgithub\\.com\u002Fabhigyanpatwari\u002FGitNexus\u002F\\.github\u002Fworkflows\u002Fdocker\\.yml@refs\u002Ftags\u002Fv[0-9]+\\.[0-9]+\\.[0-9]+(-[a-zA-Z0-9.]+)?$' \\\n --certificate-oidc-issuer https:\u002F\u002Ftoken.actions.githubusercontent.com\n```\n\nThe regex pins the certificate identity to this repo's `docker.yml` workflow\n**run from a `v*` tag** — rejecting unsigned images, images signed by other\nworkflows, and images signed from unprotected refs. It is identical for both\nregistries because both sets of tags were signed at the same digest in one\nworkflow run.\n\n**Release candidates** — signed from `refs\u002Fheads\u002Fmain` (the caller's ref when\n`release-candidate.yml` invokes `docker.yml` as a reusable workflow):\n\n```bash\ncosign verify ghcr.io\u002Fabhigyanpatwari\u002Fgitnexus:1.7.0-rc.1 \\\n --certificate-identity 'https:\u002F\u002Fgithub.com\u002Fabhigyanpatwari\u002FGitNexus\u002F.github\u002Fworkflows\u002Fdocker.yml@refs\u002Fheads\u002Fmain' \\\n --certificate-oidc-issuer https:\u002F\u002Ftoken.actions.githubusercontent.com\n```\n\nYou can also inspect the build provenance and SBOM:\n\n```bash\ncosign download attestation ghcr.io\u002Fabhigyanpatwari\u002Fgitnexus:1.6.2 \\\n --predicate-type https:\u002F\u002Fslsa.dev\u002Fprovenance\u002Fv1\n```\n\n#### Kubernetes: enforce signatures at admission\n\nFor Kubernetes deployments, ship the bundled\n[`ClusterImagePolicy`](deploy\u002Fkubernetes\u002Fcluster-image-policy.yaml) so the\n[Sigstore policy-controller][policy-controller] rejects any GitNexus pod whose\nimage is not signed by this repo's `docker.yml` running from a `vX.Y.Z` tag —\nthe same identity the `cosign verify` snippet above pins.\n\n```bash\n# 1. Install the controller (one-time, cluster-wide)\nhelm repo add sigstore https:\u002F\u002Fsigstore.github.io\u002Fhelm-charts && helm repo update\nhelm install policy-controller -n cosign-system --create-namespace \\\n sigstore\u002Fpolicy-controller\n\n# 2. Opt your namespace in\nkubectl label namespace \u003Cyour-ns> policy.sigstore.dev\u002Finclude=true\n\n# 3. Apply the policy\nkubectl apply -f deploy\u002Fkubernetes\u002Fcluster-image-policy.yaml\n```\n\nAfter this, attempting to deploy an unsigned image — or one signed by anything\nother than `abhigyanpatwari\u002FGitNexus`'s `docker.yml` at a `v*` tag — fails the\nadmission webhook before a pod is ever created. This turns the verifiable\nsignature into an enforced policy, which is the supply-chain control most\nclusters actually need.\n\n[cosign-keyless]: https:\u002F\u002Fdocs.sigstore.dev\u002Fcosign\u002Fsigning\u002Foverview\u002F\n[policy-controller]: https:\u002F\u002Fdocs.sigstore.dev\u002Fpolicy-controller\u002Foverview\u002F\n\n### Files\n\n- [Dockerfile.web](Dockerfile.web) — builds `gitnexus-shared` and `gitnexus-web`, then serves the production frontend.\n- [Dockerfile.cli](Dockerfile.cli) — builds the CLI\u002Fserver (with its native deps) and runs `gitnexus serve --host 0.0.0.0`.\n- [docker-compose.yaml](docker-compose.yaml) — starts both signed images side by side.\n- [.env.example](.env.example) — overrides for image names, container names, ports, and the workspace mount.\n\nThe web UI uses the same indexing pipeline as the CLI but runs entirely in WebAssembly (Tree-sitter WASM, LadybugDB WASM, in-browser embeddings). It's great for quick exploration but limited by browser memory for larger repos.\n\n**Local Backend Mode:** Run `gitnexus serve` and open the web UI locally — it auto-detects the server and shows all your indexed repos, with full AI chat support. No need to re-upload or re-index. The agent's tools (Cypher queries, search, code navigation) route through the backend HTTP API automatically.\n\n---\n\n## The Problem GitNexus Solves\n\nTools like **Cursor**, **Claude Code**, **Codex**, **Cline**, **Roo Code**, and **Windsurf** are powerful — but they don't truly know your codebase structure.\n\n**What happens:**\n\n1. AI edits `UserService.validate()`\n2. Doesn't know 47 functions depend on its return type\n3. **Breaking changes ship**\n\n### Traditional Graph RAG vs GitNexus\n\nTraditional approaches give the LLM raw graph edges and hope it explores enough. GitNexus **precomputes structure at index time** — clustering, tracing, scoring — so tools return complete context in one call:\n\n```mermaid\nflowchart TB\n subgraph Traditional[\"Traditional Graph RAG\"]\n direction TB\n U1[\"User: What depends on UserService?\"]\n U1 --> LLM1[\"LLM receives raw graph\"]\n LLM1 --> Q1[\"Query 1: Find callers\"]\n Q1 --> Q2[\"Query 2: What files?\"]\n Q2 --> Q3[\"Query 3: Filter tests?\"]\n Q3 --> Q4[\"Query 4: High-risk?\"]\n Q4 --> OUT1[\"Answer after 4+ queries\"]\n end\n\n subgraph GN[\"GitNexus Smart Tools\"]\n direction TB\n U2[\"User: What depends on UserService?\"]\n U2 --> TOOL[\"impact UserService upstream\"]\n TOOL --> PRECOMP[\"Pre-structured response:\n 8 callers, 3 clusters, all 90%+ confidence\"]\n PRECOMP --> OUT2[\"Complete answer, 1 query\"]\n end\n```\n\n**Core innovation: Precomputed Relational Intelligence**\n\n- **Reliability** — LLM can't miss context, it's already in the tool response\n- **Token efficiency** — No 10-query chains to understand one function\n- **Model democratization** — Smaller LLMs work because tools do the heavy lifting\n\n---\n\n## How It Works\n\nGitNexus builds a complete knowledge graph of your codebase through a multi-phase indexing pipeline:\n\n1. **Structure** — Walks the file tree and maps folder\u002Ffile relationships\n2. **Parsing** — Extracts functions, classes, methods, and interfaces using Tree-sitter ASTs\n3. **Resolution** — Resolves imports, function calls, heritage, constructor inference, and `self`\u002F`this` receiver types across files with language-aware logic\n4. **Clustering** — Groups related symbols into functional communities\n5. **Processes** — Traces execution flows from entry points through call chains\n6. **Search** — Builds hybrid search indexes for fast retrieval\n\n### Supported Languages\n\n| Language | Imports | Named Bindings | Exports | Heritage | Type Annotations | Constructor Inference | Config | Frameworks | Entry Points |\n|----------|---------|----------------|---------|----------|-----------------|---------------------|--------|------------|-------------|\n| TypeScript | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |\n| JavaScript | ✓ | ✓ | ✓ | ✓ | — | ✓ | ✓ | ✓ | ✓ |\n| Python | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |\n| Java | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | — | ✓ | ✓ |\n| Kotlin | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | — | ✓ | ✓ |\n| C# | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |\n| Go | ✓ | — | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |\n| Rust | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | — | ✓ | ✓ |\n| PHP | ✓ | ✓ | ✓ | — | ✓ | ✓ | ✓ | ✓ | ✓ |\n| Ruby | ✓ | — | ✓ | ✓ | — | ✓ | — | ✓ | ✓ |\n| Swift | — | — | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |\n| C | — | — | ✓ | — | ✓ | ✓ | — | ✓ | ✓ |\n| C++ | — | — | ✓ | ✓ | ✓ | ✓ | — | ✓ | ✓ |\n| Dart | ✓ | — | ✓ | ✓ | ✓ | ✓ | — | ✓ | ✓ |\n\n**Imports** — cross-file import resolution · **Named Bindings** — `import { X as Y }` \u002F re-export tracking · **Exports** — public\u002Fexported symbol detection · **Heritage** — class inheritance, interfaces, mixins · **Type Annotations** — explicit type extraction for receiver resolution · **Constructor Inference** — infer receiver type from constructor calls (`self`\u002F`this` resolution included for all languages) · **Config** — language toolchain config parsing (tsconfig, go.mod, etc.) · **Frameworks** — AST-based framework pattern detection · **Entry Points** — entry point scoring heuristics\n\n---\n\n## Tool Examples\n\n### Impact Analysis\n\n```\nimpact({target: \"UserService\", direction: \"upstream\", minConfidence: 0.8})\n\nTARGET: Class UserService (src\u002Fservices\u002Fuser.ts)\n\nUPSTREAM (what depends on this):\n Depth 1 (WILL BREAK):\n handleLogin [CALLS 90%] -> src\u002Fapi\u002Fauth.ts:45\n handleRegister [CALLS 90%] -> src\u002Fapi\u002Fauth.ts:78\n UserController [CALLS 85%] -> src\u002Fcontrollers\u002Fuser.ts:12\n Depth 2 (LIKELY AFFECTED):\n authRouter [IMPORTS] -> src\u002Froutes\u002Fauth.ts\n```\n\nOptions: `maxDepth`, `minConfidence`, `relationTypes` (`CALLS`, `IMPORTS`, `EXTENDS`, `IMPLEMENTS`), `includeTests`\n\n### Process-Grouped Search\n\n```\nquery({query: \"authentication middleware\"})\n\nprocesses:\n - summary: \"LoginFlow\"\n priority: 0.042\n symbol_count: 4\n process_type: cross_community\n step_count: 7\n\nprocess_symbols:\n - name: validateUser\n type: Function\n filePath: src\u002Fauth\u002Fvalidate.ts\n process_id: proc_login\n step_index: 2\n\ndefinitions:\n - name: AuthConfig\n type: Interface\n filePath: src\u002Ftypes\u002Fauth.ts\n```\n\n### Context (360-degree Symbol View)\n\n```\ncontext({name: \"validateUser\"})\n\nsymbol:\n uid: \"Function:validateUser\"\n kind: Function\n filePath: src\u002Fauth\u002Fvalidate.ts\n startLine: 15\n\nincoming:\n calls: [handleLogin, handleRegister, UserController]\n imports: [authRouter]\n\noutgoing:\n calls: [checkPassword, createSession]\n\nprocesses:\n - name: LoginFlow (step 2\u002F7)\n - name: RegistrationFlow (step 3\u002F5)\n```\n\n### Detect Changes (Pre-Commit)\n\n```\ndetect_changes({scope: \"all\"})\n\nsummary:\n changed_count: 12\n affected_count: 3\n changed_files: 4\n risk_level: medium\n\nchanged_symbols: [validateUser, AuthService, ...]\naffected_processes: [LoginFlow, RegistrationFlow, ...]\n```\n\n### Rename (Multi-File)\n\n```\nrename({symbol_name: \"validateUser\", new_name: \"verifyUser\", dry_run: true})\n\nstatus: success\nfiles_affected: 5\ntotal_edits: 8\ngraph_edits: 6 (high confidence)\ntext_search_edits: 2 (review carefully)\nchanges: [...]\n```\n\n### Cypher Queries\n\n```cypher\n-- Find what calls auth functions with high confidence\nMATCH (c:Community {heuristicLabel: 'Authentication'})\u003C-[:CodeRelation {type: 'MEMBER_OF'}]-(fn)\nMATCH (caller)-[r:CodeRelation {type: 'CALLS'}]->(fn)\nWHERE r.confidence > 0.8\nRETURN caller.name, fn.name, r.confidence\nORDER BY r.confidence DESC\n```\n\n---\n\n## Wiki Generation\n\nGenerate LLM-powered documentation from your knowledge graph:\n\n```bash\n# Requires an LLM API key (OPENAI_API_KEY, etc.)\ngitnexus wiki\n\n# Use a custom model or provider\ngitnexus wiki --model gpt-4o\ngitnexus wiki --base-url https:\u002F\u002Fapi.anthropic.com\u002Fv1\n\n# Force full regeneration\ngitnexus wiki --force\n```\n\nThe wiki generator reads the indexed graph structure, groups files into modules via LLM, generates per-module documentation pages, and creates an overview page — all with cross-references to the knowledge graph.\n\n---\n\n## Tech Stack\n\n| Layer | CLI | Web |\n| ------------------------- | ------------------------------------- | --------------------------------------- |\n| **Runtime** | Node.js (native) | Browser (WASM) |\n| **Parsing** | Tree-sitter native bindings | Tree-sitter WASM |\n| **Database** | LadybugDB native | LadybugDB WASM |\n| **Embeddings** | HuggingFace transformers.js (GPU\u002FCPU) | transformers.js (WebGPU\u002FWASM) |\n| **Search** | BM25 + semantic + RRF | BM25 + semantic + RRF |\n| **Agent Interface** | MCP (stdio) | LangChain ReAct agent |\n| **Visualization** | — | Sigma.js + Graphology (WebGL) |\n| **Frontend** | — | React 18, TypeScript, Vite, Tailwind v4 |\n| **Clustering** | Graphology | Graphology |\n| **Concurrency** | Worker threads + async | Web Workers + Comlink |\n\n---\n\n## Roadmap\n\n### Actively Building\n\n- [ ] **LLM Cluster Enrichment** — Semantic cluster names via LLM API\n- [ ] **AST Decorator Detection** — Parse @Controller, @Get, etc.\n- [ ] **Incremental Indexing** — Only re-index changed files\n\n### Recently Completed\n\n- [X] Constructor-Inferred Type Resolution, `self`\u002F`this` Receiver Mapping\n- [X] Wiki Generation, Multi-File Rename, Git-Diff Impact Analysis\n- [X] Process-Grouped Search, 360-Degree Context, Claude Code Hooks\n- [X] Multi-Repo MCP, Zero-Config Setup, 14 Language Support\n- [X] Community Detection, Process Detection, Confidence Scoring\n- [X] Hybrid Search, Vector Index\n\n---\n\n## Security & Privacy\n\n- **CLI**: Everything runs locally on your machine. No network calls. Index stored in `.gitnexus\u002F` (gitignored). Global registry at `~\u002F.gitnexus\u002F` stores only paths and metadata.\n- **Web**: Everything runs in your browser. No code uploaded to any server. API keys stored in localStorage only.\n- Open source — audit the code yourself.\n\n---\n\n## Acknowledgments\n\n- [Tree-sitter](https:\u002F\u002Ftree-sitter.github.io\u002F) — AST parsing\n- [LadybugDB](https:\u002F\u002Fladybugdb.com\u002F) — Embedded graph database with vector support (formerly KuzuDB)\n- [Sigma.js](https:\u002F\u002Fwww.sigmajs.org\u002F) — WebGL graph rendering\n- [transformers.js](https:\u002F\u002Fhuggingface.co\u002Fdocs\u002Ftransformers.js) — Browser ML\n- [Graphology](https:\u002F\u002Fgraphology.github.io\u002F) — Graph data structures\n- [MCP](https:\u002F\u002Fmodelcontextprotocol.io\u002F) — Model Context Protocol\n","GitNexus 是一个零服务器代码智能引擎,能够在浏览器中运行并生成知识图谱。其核心功能是将GitHub仓库或ZIP文件转换为交互式知识图谱,并内置Graph RAG代理,帮助用户深入分析代码结构和依赖关系。项目采用TypeScript编写,具有完全客户端处理能力,无需后端支持。它特别适合用于代码探索、理解和维护,尤其是在需要快速掌握复杂代码库的场景下,如软件重构、团队协作等。此外,通过其提供的命令行工具和多组件平台,可以进一步增强AI代理对代码库的理解,使其在处理代码时更加可靠。",2,"2026-06-11 02:44:33","top_all"]