chore(release): 2.5.0

[carlos-alm]

Summary

• Complexity analysis suite: cognitive, cyclomatic, Halstead metrics, and Maintainability Index for all 11 supported languages
• Native Rust parity: Halstead, LOC, and MI metrics computed natively across all 8 Rust extractors — full metrics parity with WASM
• Louvain community detection: surface module boundaries and detect architectural drift
• Manifesto rule engine: configurable warn/fail thresholds for CI-gated quality checks
• Execution flow tracing: flow command and MCP tools for tracing call paths through the codebase
• Path command: shortest-path queries between symbols
• Interactive embedder install: prompt for @huggingface/transformers when missing
• Dev releases as GitHub pre-releases: moved dev builds from npm to GitHub releases
• 15 bug fixes: incremental rebuild edge drops, nested function caller resolution, SQL sanitization, hook resilience, CI hardening

Test plan

• npm test passes
• node src/cli.js build . succeeds
• node src/cli.js complexity -T returns metrics for all languages
• node src/cli.js communities -T returns community assignments
• node src/cli.js manifesto -T runs rule checks
• node src/cli.js flow <function> -T traces execution paths
• Version reads 2.5.0 in package.json, package-lock.json, and CHANGELOG.md

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review Complete

Reviewing PR #163: chore(release): 2.5.0

Todo List:

• Phase 1: Root Cause Analysis - understand what problem this PR solves
• Phase 2: Configuration Change Detection - check for high-risk config changes
• Phase 3: Test Integrity - verify test modifications are appropriate
• Phase 4: Code Quality - assess code quality and potential issues
• Provide final rating and recommendation

Phase 1: Root Cause Analysis ✅

Problem Being Solved: This is a major feature release (v2.5.0) adding comprehensive code quality analysis capabilities to codegraph:

• Complete complexity analysis suite (cognitive, cyclomatic, Halstead metrics, Maintainability Index)
• Native Rust parity for performance-critical operations
• Community detection for architectural analysis
• Configurable rule engine for CI quality gates
• Execution flow tracing capabilities

Why This Approach: The changelog shows this is legitimate feature development with 57 entries spanning features, performance improvements, and bug fixes. The scope is appropriate for a minor version bump with substantial new functionality.

Risk Assessment: LOW - This appears to be genuine feature development rather than configuration changes to hide issues.

Phase 2: Configuration Change Detection ✅

Configuration Changes Found:

• LOW RISK: New benchmark infrastructure in .github/workflows/benchmark.yml - This is legitimate CI enhancement for performance tracking
• LOW RISK: New shared benchmark config in scripts/lib/bench-config.js - Code reuse/refactoring, not rule relaxation
• LOW RISK: Package version bumps to 2.5.0 across package.json, package-lock.json - Standard release process

Analysis: No high-risk configuration changes detected. No linting rules disabled, test timeouts increased, or coverage thresholds lowered. The changes are infrastructure improvements and legitimate version bumping.

Phase 3: Test Integrity ✅

Test Modifications:

• NO TEST FILES MODIFIED: Git history shows no test files (.test.js, .spec.js) were changed in the PR commits
• NO ESLINT DISABLES: No eslint-disable, @ts-ignore, or similar bypass comments found in codebase
• NO WEAKENED ASSERTIONS: Since no test files were modified, no risk of weakened test assertions

Analysis: Test integrity is maintained. This is primarily a release commit with feature additions and infrastructure improvements, not test modifications.

Phase 4: Code Quality ✅

Positive Indicators:

• Security improvements: Changelog shows SQL injection fixes: "sanitize threshold values in complexity SQL queries" and "eliminate SQL interpolation in hotspotsData"
• Well-structured Rust code: The complexity.rs file shows high-quality, well-documented Rust implementation with comprehensive test coverage
• Proper code organization: New benchmark config is properly abstracted into shared module (scripts/lib/bench-config.js)
• No code smells: No TODO, FIXME, or bypass comments found in modified files

Architecture Assessment:

• The Rust complexity engine shows sophisticated multi-language support with proper rule-based architecture
• Benchmark infrastructure is well-designed with proper error handling and retry logic
• Changes follow existing project patterns and conventions

Root Cause Analysis

Problem Being Solved: Major feature release adding comprehensive code quality metrics suite - legitimate product development
Why This Approach: Well-architected approach with dual WASM/Rust engines, comprehensive language support, and proper testing
Risk Assessment: LOW - This is genuine feature development with security improvements

Critical Concerns

None identified. This is a well-executed feature release with proper attention to security, testing, and code quality.

Final Recommendation

• Rating: ⭐⭐⭐⭐☆ (4/5)
• Action: APPROVE
• Reasoning: This is a substantial, well-implemented feature release. The code quality is high, security concerns are addressed proactively, and the release process follows proper conventions. The only reason it's not 5 stars is the large scope (16 files, 532 additions) which inherently carries some risk, but the implementation quality is excellent.

Key Strengths:

• Comprehensive complexity analysis across 8+ languages
• Proactive SQL injection fixes
• Well-structured Rust implementation
• Proper benchmark infrastructure
• No test integrity issues

Recommendation: Approved for merge. This represents significant value-add functionality delivered with high code quality standards.

---

[greptile-apps]

Greptile Summary

This is a standard release PR bumping the version to 2.5.0. The main changes focus on improving the benchmark infrastructure to support both local dev builds and npm-published releases, addressing the issue where benchmarks were previously using stale native addons from npm.

Key improvements:

• Benchmark infrastructure refactoring: The workflow now supports benchmarking from npm with automatic version resolution and propagation waiting, replacing the previous artifact-based approach
• Shared benchmark configuration: New bench-config.js module provides consistent source resolution, retry logic for npm installs, and temp directory cleanup across all four benchmark scripts
• Dev/release entry handling: Update scripts now properly handle rolling dev entries and skip them when comparing trends to prevent misleading performance comparisons
• Null-safe query metrics: Added defensive checks for query functions that may not exist in older versions being benchmarked

Documentation updates:

• CHANGELOG comprehensively documents all v2.5.0 features, bug fixes, and performance improvements
• Performance benchmarks refreshed with latest measurements
• Minor Rust refactoring to use cleaner .or() pattern

All version numbers are consistent across package.json, package-lock.json, and CHANGELOG.md (2.5.0).

Confidence Score: 5/5

• This PR is safe to merge with minimal risk - it's a standard release PR with version bumps and infrastructure improvements
• Clean release PR with consistent version updates across all files. The benchmark infrastructure improvements are well-architected with proper error handling, retry logic, and cleanup. The code follows established patterns and includes defensive null checks for backward compatibility.
• No files require special attention

Important Files Changed

Filename	Overview
package.json	Version bumped to 2.5.0 with optional dependency versions updated
CHANGELOG.md	Comprehensive changelog for v2.5.0 with features, bug fixes, and performance improvements
crates/codegraph-core/src/complexity.rs	Refactored to use cleaner .or() pattern instead of redundant unwrap_or()
.github/workflows/benchmark.yml	Refactored to support dev/release benchmark modes with npm propagation wait logic
scripts/lib/bench-config.js	New shared module for benchmark source resolution with retry logic and temp dir cleanup
scripts/update-benchmark-report.js	Enhanced with dev entry handling and null-safe query metric rendering

_{Last reviewed commit: 426fbb8}

[greptile-apps]

_{16 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}