feat: add check command for CI validation predicates

[carlos-alm]

Summary

• Adds codegraph check [ref] command with composable validation predicates that run against git changes (staged or vs a ref) and return exit code 0/1 for CI gates and pre-commit hooks
• Four predicates: --cycles (no dependency cycles involving changed files), --blast-radius <n> (no function exceeds N transitive callers), --signatures (no function declaration lines modified), --boundaries (no cross-owner CODEOWNERS violations)
• All boolean predicates enabled by default; --blast-radius only when explicit threshold provided; configurable via .codegraphrc.json check section
• Builds on existing infrastructure: findCycles (Tarjan SCC), diffImpactData BFS pattern, parseCodeowners/matchOwners boundary detection

Test plan

• 18 integration tests covering all predicates in isolation and end-to-end (tests/integration/check.test.js)
• parseDiffOutput unit tests for new-side/old-side range extraction and new file detection
• Predicate selection: only specified predicates appear in results
• Default activation: all boolean predicates run when no flags given
• JSON output structure validation
• Dogfooded: codegraph check main -T, codegraph check --staged --json, codegraph check main -T --blast-radius 5
• Biome lint/format clean on new files
• Full test suite: no regressions

[greptile-apps]

Greptile Summary

Introduced codegraph check command for CI/CD validation predicates and codegraph batch for multi-target query orchestration.

Major Changes:

• Implemented four validation predicates: cycles (no dependency cycles), blast-radius (max transitive callers), signatures (no function declaration changes), boundaries (no cross-owner CODEOWNERS violations)
• All boolean predicates enabled by default; blast-radius only when explicit threshold provided
• Added unified diff parser (parseDiffOutput) extracting both new-side and old-side line ranges for signature detection
• Batch command supports 10 query types with per-target error isolation and flexible input methods (args, file, stdin)
• Added configuration section in .codegraphrc.json for check defaults
• MCP server integration via batch_query tool for multi-agent dispatch
• 18 integration tests for check predicates + comprehensive batch test suite

Code Quality:

• Clean separation of concerns: parsing, predicates, orchestration, CLI display
• Proper error handling with structured error responses
• Follows existing project patterns (BFS traversal, readonly DB access, config loading)
• Comprehensive test coverage including edge cases and end-to-end scenarios

Confidence Score: 5/5

• Safe to merge with high confidence
• Clean implementation with comprehensive test coverage (18 tests for check, 20+ for batch), proper error handling, follows established patterns, and introduces valuable CI/CD validation capabilities. No bugs or security issues identified.
• No files require special attention

Important Files Changed

Filename	Overview
src/check.js	New file implementing CI validation predicates (cycles, blast-radius, signatures, boundaries) with git diff parsing and comprehensive predicate logic
src/batch.js	New file implementing batch query orchestration for multi-target queries with proper error handling per-target
src/cli.js	Added check and batch commands with appropriate CLI options and parameter validation
tests/integration/check.test.js	Comprehensive integration tests covering all predicates, edge cases, and end-to-end scenarios with git repo fixtures
tests/integration/batch.test.js	Complete integration tests for batch command covering success cases, partial failures, edge cases, and CLI smoke test

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    Start([codegraph check ref]) --> LoadConfig[Load .codegraphrc.json config]
    LoadConfig --> VerifyGit{Git repository?}
    VerifyGit -->|No| ErrorExit[Return error]
    VerifyGit -->|Yes| RunDiff[Execute git diff]
    RunDiff --> ParseDiff[parseDiffOutput: Extract changed/old ranges]
    ParseDiff --> HasChanges{Changes detected?}
    HasChanges -->|No| EmptyResult[Return passed: true, predicates: empty]
    HasChanges -->|Yes| ResolvePredicates[Resolve enabled predicates: CLI → config → defaults]
    
    ResolvePredicates --> Cycles{Cycles enabled?}
    Cycles -->|Yes| CheckCycles[checkNoNewCycles: findCycles + filter changed files]
    Cycles -->|No| BlastCheck
    CheckCycles --> BlastCheck
    
    BlastCheck{Blast-radius threshold set?}
    BlastCheck -->|Yes| CheckBlast[checkMaxBlastRadius: BFS transitive callers for changed functions]
    BlastCheck -->|No| SigCheck
    CheckBlast --> SigCheck
    
    SigCheck{Signatures enabled?}
    SigCheck -->|Yes| CheckSig[checkNoSignatureChanges: Match declaration lines against old ranges]
    SigCheck -->|No| BoundCheck
    CheckSig --> BoundCheck
    
    BoundCheck{Boundaries enabled?}
    BoundCheck -->|Yes| CheckBound[checkNoBoundaryViolations: Parse CODEOWNERS + match cross-owner edges]
    BoundCheck -->|No| Aggregate
    CheckBound --> Aggregate
    
    Aggregate[Aggregate predicate results] --> Summary[Build summary: total/passed/failed counts]
    Summary --> Format{JSON output?}
    Format -->|Yes| JSONOut[Print JSON + exit with code]
    Format -->|No| PrettyOut[Print formatted results + exit with code]
    JSONOut --> End([Exit 0 if passed, 1 if failed])
    PrettyOut --> End

Loading

_{Last reviewed commit: 49c8f4c}

[greptile-apps]

_{9 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review: feat: add check command for CI validation predicates

Todo List:

• Phase 1: Root Cause Analysis - Understand problem and approach
• Phase 2: Configuration Change Detection - Check for high-risk changes
• Phase 3: Test Integrity - Validate test quality and coverage
• Phase 4: Code Quality - Review implementation details
• Final Assessment - Provide rating and recommendation

Root Cause Analysis

Problem Being Solved: Adding CI validation predicates to prevent problematic changes from being deployed. The PR implements 4 predicates to catch dependency cycles, blast radius violations, function signature changes, and cross-owner boundary violations.

Why This Approach: Builds on existing codegraph infrastructure (Tarjan SCC, BFS traversal, CODEOWNERS parsing) rather than reinventing. Composable predicate system allows granular control for different CI contexts.

Risk Assessment: LOW RISK - Pure addition with comprehensive test coverage, no existing code modified.

Critical Concerns

None Identified - This is a well-engineered feature addition.

Phase 2: Configuration Changes ✅

No High-Risk Changes:

• ✅ No biome/linting rules disabled or relaxed
• ✅ No test timeout increases or coverage threshold lowering
• ✅ No build configuration changes
• ✅ Only safe config additions for check defaults

Phase 3: Test Quality ✅

Excellent Test Coverage:

• ✅ 18 integration tests covering all predicates + edge cases
• ✅ Strong, specific assertions without weakening
• ✅ Proper test isolation with temp directories
• ✅ No skipped/pending tests

Phase 4: Code Quality ✅

Security:

• ✅ execFileSync used safely with hardcoded args (['diff', ...])
• ✅ SQL uses parameterized queries preventing injection
• ✅ No eval/command injection vectors

Implementation Quality:

• ✅ Clean separation of concerns: parsing, predicates, display, CLI
• ✅ Efficient BFS implementation with visited set (src/check.js:100-123)
• ✅ Proper error handling and graceful fallbacks
• ✅ Follows established patterns (readonly DB, config loading)
• ✅ Clear documentation and function contracts

Performance:

• ✅ Uses prepared statements for DB queries
• ✅ BFS with depth limiting (default 3) prevents runaway traversal
• ✅ Early exit conditions (empty frontier at line 122)

Final Recommendation

• Rating: ⭐⭐⭐⭐⭐ (5/5)
• Action: APPROVE
• Reasoning: Exceptional implementation with comprehensive testing, clean architecture, proper security practices, and no identified risks. This adds valuable CI validation capabilities while maintaining high code quality standards. The predicate system is well-designed and extensible.

---