feat: add batch-query command and multi-command batch mode

[carlos-alm]

Summary

• Add batch-query CLI command for ergonomic multi-symbol lookup (comma-separated targets, defaults to where)
• Add splitTargets() to expand comma-separated positional args into individual entries
• Add multiBatchData() for mixed-command orchestration (different commands per target in one call)
• Enhance existing batch command with comma splitting and multi-command detection via --from-file/--stdin
• Export new functions from programmatic API (src/index.js)
• Add fileHash field to queryNameData, whereSymbolImpl, and whereFileImpl results
• Fix N+1 query pattern: bulk loadFileHashes() replaces per-file getFileHash() calls

Test plan

• 14 new tests added to tests/integration/batch.test.js (27 total, all passing)
• splitTargets: comma splitting, whitespace trimming, empty filtering, object passthrough
• multiBatchData: mixed commands, invalid command capture, per-item opts override, error isolation
• batch-query CLI: comma targets with default where, --command override
• batch CLI: comma-separated positional targets
• fileHash assertions in queries.test.js (queryNameData, where symbol, where file)
• Full test suite green, Biome lint clean

[github-actions]

All contributors have signed the CLA ✍️ ✅
_{Posted by the CLA Assistant Lite bot.}

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review Complete

Reviewing PR #256: feat: add batch-query command and multi-command batch mode

Root Cause Analysis

Problem Being Solved: This PR addresses the need for more ergonomic batch querying in codegraph, particularly for multi-agent systems that need to dispatch 20+ queries in one call. The existing batch command only supported one command type for all targets.

Why This Approach: The approach extends existing batch infrastructure rather than replacing it, maintains backward compatibility, and follows established patterns. It adds:

• batch-query CLI command for ergonomic multi-symbol lookup (comma-separated targets, defaults to where)
• splitTargets() utility for comma expansion
• multiBatchData() for mixed-command orchestration
• Enhanced batch command with comma splitting

Risk Assessment: Low risk - purely additive functionality with comprehensive testing.

Critical Concerns

None identified. This is a well-structured addition that:

✅ No configuration relaxation - No linting rules disabled or test expectations lowered
✅ Strong input validation - Commands validated against BATCH_COMMANDS whitelist, preventing injection
✅ Proper error isolation - Individual command failures don't break the batch
✅ Comprehensive testing - 14 new tests covering all code paths including edge cases
✅ Security conscious - No eval(), shell execution, or dynamic command construction

Code Quality Assessment

Strengths:

• Defensive coding: Command validation prevents injection via BATCH_COMMANDS[command] lookup (lines 52, 130)
• Error isolation: Individual target failures are caught and don't break the batch (lines 75-78, 154-157)
• Type safety: JSDoc annotations with clear parameter/return types
• Consistent patterns: Follows existing batchData patterns and conventions
• Proper abstraction: splitTargets() is a pure function that's easy to test and reason about

Implementation Details:

• splitTargets() safely handles comma parsing with trimming and empty filtering
• multiBatchData() properly validates commands and merges options (...sharedOpts, ...itemOpts)
• CLI command parsing includes proper validation for --kind against ALL_SYMBOL_KINDS
• JSON parsing is safe with try/catch in the calling context

Test Coverage:

• 14 comprehensive tests added covering success/failure cases, mixed commands, error isolation
• CLI integration tests verify end-to-end functionality
• Edge cases covered: empty input, invalid commands, per-item options override

Minor Notes:

• Console output is expected for CLI tools (lines 89, 177) - not a security concern
• JSON parsing on lines 1316, 1324 could benefit from try/catch but follows existing CLI patterns
• Command validation properly prevents arbitrary command execution

Final Recommendation

• Rating: ⭐⭐⭐⭐☆ (4/5)
• Action: APPROVE
• Reasoning: This is high-quality, well-tested code that solves a real problem. It follows security best practices, includes comprehensive error handling, and maintains backward compatibility. The implementation is clean, well-documented, and thoroughly tested. No critical issues identified.

The only reason it's not 5/5 is minor - could add try/catch around JSON.parse calls for more robust error handling, but this follows existing patterns in the codebase.

---

[greptile-apps]

Greptile Summary

This PR adds ergonomic multi-symbol lookup capabilities to the batch querying system. The new batch-query command defaults to where for quick symbol lookups, while the enhanced batch command now supports comma-separated targets and multi-command orchestration via JSON objects.

Key additions:

• splitTargets() enables comma-separated CLI args (foo,bar,baz → individual entries)
• multiBatchData() allows mixing different commands per target in a single batch call
• batch-query command provides ergonomic defaults for common symbol lookup workflows
• Try/catch protection around JSON.parse prevents crashes from malformed input
• All new functions properly exported to programmatic API

Test coverage: 14 new tests added covering comma splitting, multi-command orchestration, error isolation, CLI integration, and edge cases (empty inputs, invalid commands, nonexistent DBs). All 1096 tests pass.

Confidence Score: 5/5

• This PR is safe to merge with no identified issues
• Score reflects clean implementation with comprehensive test coverage (14 new tests), proper error handling (try/catch around JSON.parse), defensive programming (array bounds checks), and full test suite passing (1096 tests). No bugs or security issues found.
• No files require special attention

Important Files Changed

Filename	Overview
src/batch.js	Adds three well-tested utility functions: splitTargets() for comma parsing, multiBatchData() for mixed-command orchestration, and batchQuery() CLI wrapper with proper error handling
src/cli.js	Adds batch-query command and enhances batch with comma splitting and multi-command mode detection; includes proper try/catch around JSON.parse for safer input handling
src/index.js	Exports three new batch functions (batchQuery, multiBatchData, splitTargets) to programmatic API
tests/integration/batch.test.js	Adds 14 comprehensive tests covering splitTargets, multiBatchData, and batch-query CLI with edge cases including error handling and empty inputs

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    Start[User invokes batch command] --> CLI{Which command?}
    CLI -->|batch cmd targets| B1[batch CLI action]
    CLI -->|batch-query targets| B2[batch-query CLI action]
    
    B1 --> Parse1{Parse targets}
    B2 --> Parse2{Parse targets}
    
    Parse1 -->|--from-file/--stdin| File1[Read & parse JSON/lines]
    Parse1 -->|positional args| Split1[splitTargets: comma split]
    Parse2 -->|--from-file/--stdin| File2[Read & parse JSON/lines]
    Parse2 -->|positional args| Split2[splitTargets: comma split]
    
    File1 --> Targets1[targets array]
    Split1 --> Targets1
    File2 --> Targets2[targets array]
    Split2 --> Targets2
    
    Targets1 --> Multi1{First item has .command?}
    Multi1 -->|Yes| MBD1[multiBatchData: mixed commands]
    Multi1 -->|No| BD1[batch → batchData: single command]
    
    Targets2 --> BQ[batchQuery wrapper]
    BQ --> Multi2{First item has .command?}
    Multi2 -->|Yes| MBD2[multiBatchData: mixed commands]
    Multi2 -->|No, use --command or default 'where'| BD2[batchData: single command]
    
    MBD1 --> Results1[JSON output with per-item results]
    BD1 --> Results1
    MBD2 --> Results2[JSON output with results]
    BD2 --> Results2
    
    Results1 --> End[Return to user]
    Results2 --> End

Loading

_{Last reviewed commit: 97c6edc}

[greptile-apps]

_{4 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[carlos-alm]

I have read the CLA Document and I hereby sign the CLA

[carlos-alm]

Addressed the JSON.parse robustness note from the automated review — both batch and batch-query actions now wrap --from-file/--stdin parsing in try/catch with a clear error message (80df585).

@greptileai

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review Complete

Reviewing PR #256: feat: add batch-query command and multi-command batch mode

Review Checklist

• Read repository guidelines (CLAUDE.md)
• Phase 1: Root Cause Analysis
• Phase 2: Configuration Change Detection
• Phase 3: Test Integrity Assessment
• Phase 4: Code Quality Review
• Final Assessment and Rating

---

Root Cause Analysis

Problem Being Solved: This PR addresses the need for more ergonomic batch querying in codegraph, particularly for multi-agent systems that need to dispatch 20+ queries in one call. The existing batch command only supported one command type for all targets.

Why This Approach: The approach extends existing batch infrastructure rather than replacing it, maintains backward compatibility, and follows established patterns. It adds:

• batch-query CLI command for ergonomic multi-symbol lookup (comma-separated targets, defaults to where)
• splitTargets() utility for comma expansion
• multiBatchData() for mixed-command orchestration
• Enhanced batch command with comma splitting

Risk Assessment: Low risk - purely additive functionality with comprehensive testing.

Critical Concerns

None identified. This is a well-structured addition that:

✅ No configuration relaxation - No linting rules disabled or test expectations lowered
✅ Strong input validation - Commands validated against BATCH_COMMANDS whitelist, preventing injection
✅ Proper error isolation - Individual command failures don't break the batch
✅ Comprehensive testing - 14 new tests covering all code paths including edge cases
✅ Security conscious - No eval(), shell execution, or dynamic command construction

Code Quality Assessment

Strengths:

• Defensive coding: Command validation prevents injection via BATCH_COMMANDS[command] lookup (lines 52, 130)
• Error isolation: Individual target failures are caught and don't break the batch (lines 75-78, 154-157)
• Type safety: JSDoc annotations with clear parameter/return types
• Consistent patterns: Follows existing batchData patterns and conventions
• Proper abstraction: splitTargets() is a pure function that's easy to test and reason about

Implementation Details:

• splitTargets() safely handles comma parsing with trimming and empty filtering
• multiBatchData() properly validates commands and merges options (...sharedOpts, ...itemOpts)
• CLI command parsing includes proper validation for --kind against ALL_SYMBOL_KINDS
• JSON parsing is safe with try/catch in the calling context

Test Coverage:

• 14 comprehensive tests added covering success/failure cases, mixed commands, error isolation
• CLI integration tests verify end-to-end functionality
• Edge cases covered: empty input, invalid commands, per-item options override

Latest Commit Enhancement:

• Author proactively addressed JSON.parse robustness by wrapping both --from-file and --stdin parsing in try/catch blocks with clear error messages (commit 80df585)

Minor Notes:

• Console output is expected for CLI tools (lines 89, 177) - not a security concern
• Command validation properly prevents arbitrary command execution

Final Recommendation

• Rating: ⭐⭐⭐⭐☆ (4/5)
• Action: APPROVE
• Reasoning: This is high-quality, well-tested code that solves a real problem. It follows security best practices, includes comprehensive error handling, and maintains backward compatibility. The implementation is clean, well-documented, and thoroughly tested. The author was responsive to feedback and proactively improved the robustness. No critical issues identified.

The only reason it's not 5/5 is the minor nature of the feature - it's an incremental improvement rather than a breakthrough innovation. But for what it accomplishes, the execution is excellent.

---

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review Complete

Reviewing PR #256: feat: add batch-query command and multi-command batch mode

Root Cause Analysis

Problem Being Solved: This PR addresses the need for more ergonomic batch querying in codegraph, particularly for multi-agent systems that need to dispatch 20+ queries in one call. The existing batch command only supported one command type for all targets.

Why This Approach: The approach extends existing batch infrastructure rather than replacing it, maintains backward compatibility, and follows established patterns. It adds:

• batch-query CLI command for ergonomic multi-symbol lookup (comma-separated targets, defaults to where)
• splitTargets() utility for comma expansion
• multiBatchData() for mixed-command orchestration
• Enhanced batch command with comma splitting

Risk Assessment: Low risk - purely additive functionality with comprehensive testing.

Critical Concerns

None identified. This is a well-structured addition that:

✅ No configuration relaxation - No linting rules disabled or test expectations lowered
✅ Strong input validation - Commands validated against BATCH_COMMANDS whitelist, preventing injection
✅ Proper error isolation - Individual command failures don't break the batch
✅ Comprehensive testing - 14 new tests covering all code paths including edge cases
✅ Security conscious - No eval(), shell execution, or dynamic command construction

Code Quality Assessment

Strengths:

• Defensive coding: Command validation prevents injection via BATCH_COMMANDS[command] lookup (lines 52, 130)
• Error isolation: Individual target failures are caught and don't break the batch (lines 75-78, 154-157)
• Type safety: JSDoc annotations with clear parameter/return types
• Consistent patterns: Follows existing batchData patterns and conventions
• Proper abstraction: splitTargets() is a pure function that's easy to test and reason about

Implementation Details:

• splitTargets() safely handles comma parsing with trimming and empty filtering
• multiBatchData() properly validates commands and merges options (...sharedOpts, ...itemOpts)
• CLI command parsing includes proper validation for --kind against ALL_SYMBOL_KINDS
• JSON parsing is safe with try/catch in the calling context

Test Coverage:

• 14 comprehensive tests added covering success/failure cases, mixed commands, error isolation
• CLI integration tests verify end-to-end functionality
• Edge cases covered: empty input, invalid commands, per-item options override

Latest Commit Enhancement:

• Author proactively addressed JSON.parse robustness by wrapping both --from-file and --stdin parsing in try/catch blocks with clear error messages (commit 80df585)

Minor Notes:

• Console output is expected for CLI tools (lines 89, 177) - not a security concern
• Command validation properly prevents arbitrary command execution

Final Recommendation

• Rating: ⭐⭐⭐⭐☆ (4/5)
• Action: APPROVE
• Reasoning: This is high-quality, well-tested code that solves a real problem. It follows security best practices, includes comprehensive error handling, and maintains backward compatibility. The implementation is clean, well-documented, and thoroughly tested. The author was responsive to feedback and proactively improved the robustness. No critical issues identified.

The only reason it's not 5/5 is the minor nature of the feature - it's an incremental improvement rather than a breakthrough innovation. But for what it accomplishes, the execution is excellent.

---

[carlos-alm]

Fixed the N+1 query pattern flagged in the review:

• Added loadFileHashes(db) — bulk-loads all file hashes in a single SELECT file, hash FROM file_hashes query into a Map
• Replaced all 3 per-item getFileHash(db, file) calls inside .map() loops (queryNameData, whereSymbolImpl, whereFileImpl) with hashes.get(file) ?? null
• Removed the now-unused getFileHash function (Biome confirmed it was dead code)
• Cleaned up unused cherry-picked imports in queries.test.js

@greptileai