fix: stack overflow on Linux + conditional codesign

[rawwerks]

Problem

codedb fails to build and run on Linux:

1. build.zig unconditionally runs codesign, which doesn't exist on Linux → build fails
2. src/main.zig — Zig inlines all command branches into main(), creating a ~33MB stack frame that overflows the default 16MB Linux stack → segfault on startup

Fix

• build.zig: Gate the codesign step on target.result.os.tag == .macos
• src/main.zig: Trampoline through a spawned thread with 64MB stack (std.Thread.spawn with .stack_size = 64 * 1024 * 1024)

Tested

• Zig 0.15.2 on Linux x86_64
• All CLI commands work: tree, outline, find, search, word, hot, serve, mcp, snapshot
• 190/195 tests pass (zig build test) — 5 pre-existing failures (perf regression + git-related)

[justrach]

Security & Code Review — Tested in turbobox sandbox

Reviewed the full diff and tested the build + all CLI commands inside an isolated turbobox sandbox (Hetzner AX41 bare metal, Zig 0.15.2, Alpine Linux).

Code changes reviewed

build.zig (safe ✓)

• Wraps codesign in if (target.result.os.tag == .macos) — correct fix. codesign doesn't exist on Linux. No new commands introduced, no network calls, no file writes outside the build dir.

src/main.zig (safe ✓)

• Adds a thread trampoline: std.Thread.spawn(.{ .stack_size = 64 * 1024 * 1024 }, mainInner, .{}). This is the standard Zig pattern for large stack frames. No new imports, no syscalls, no network access. The original main() body is moved verbatim to mainImpl().
• 64MB stack is reasonable — Zig's inlining of all command branches creates ~33MB frames on Linux.

.gitignore (safe ✓)

• Adds codedb.snapshot — generated binary file, correct to ignore.

docs/cli.md (safe ✓)

• Documentation only. No executable code.

scripts/codedb-cli (safe ✓)

• Bash script (~144 lines). Uses curl, jq, pkill.
• No external downloads, no eval, no arbitrary code execution.
• _urlencode() is a safe percent-encoding function.
• _ensure_server() starts codedb via nohup "$BINARY" "$root" serve — uses the configured binary, not downloading anything.
• No credentials, tokens, or sensitive data handling.

scripts/codedb.service (safe ✓)

• Standard systemd user service file. No ExecStartPre hooks, no privileged operations. Runs as user, not root.

No malicious code found

• No network exfiltration
• No reverse shells or bind shells
• No obfuscated code
• No new dependencies added
• No changes to existing logic (main.zig change is a pure refactor — trampoline wrapper)
• No file writes outside expected paths
• No environment variable sniffing beyond CODEDB_PORT and CODEDB_BINARY (documented, expected)

Test results (turbobox sandbox)

Build:         zig build ✓ (Zig 0.15.2, Linux x86_64)
Binary:        122MB debug build, ELF x86_64
codedb help:   ✓ shows all commands
codedb tree:   ✓ indexed in 7.8s, full file tree with language detection
codedb outline: ✓ src/main.zig — 664 lines, all symbols listed
codedb search:  ✓ "pub fn" — 50 results
codedb hot:     ✓ recently modified files
Stack overflow: ✓ FIXED — thread trampoline with 64MB stack prevents crash
Codesign:       ✓ FIXED — skipped on Linux, no build failure

Verdict: Safe to merge. All changes are minimal, correct, and well-documented. The two bugs (stack overflow + codesign) are real issues that this PR fixes properly.