perf(native): use single rusqlite connection for entire build pipeline

[carlos-alm]

Summary

• When the native addon is available, the build pipeline now uses only rusqlite for all stages via a NativeDbProxy that implements the BetterSqlite3Database interface
• This eliminates the dual-connection WAL corruption problem and removes the open/close/reopen dance that forced most stages (insert, roles, AST, finalize) to fall back to JS
• When native is unavailable, the pipeline falls back to better-sqlite3 unchanged
• CODEGRAPH_FORCE_JS_PIPELINE=1 and --engine wasm bypass native-first mode

Benchmarks (native v3.9.1, 677 files)

Metric	Before	After	Improvement
Full build	6,668ms	5,844ms	12% faster
1-file rebuild	1,375ms	960ms	30% faster
No-op rebuild	17ms	17ms	unchanged
CFG phase	466ms	6.7ms	70x faster
Finalize phase	156ms	25ms	6x faster
DB size	27.2MB	23.3MB	14% smaller

How it works

NativeDbProxy wraps NativeDatabase.queryAll/queryGet/exec/pragma to satisfy the BetterSqlite3Database interface. When native is detected in setupPipeline(), the proxy replaces the real better-sqlite3 connection as ctx.db. All stage code works unchanged — they call ctx.db.prepare(sql).all(...) and the proxy routes it through rusqlite.

Test plan

• All 563 integration tests pass (1 pre-existing CFG parity failure unrelated)
• Benchmark confirms performance improvements
• WASM fallback path untouched
• Verify CODEGRAPH_FORCE_JS_PIPELINE=1 produces identical results
• Verify --engine wasm produces identical results

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review Analysis

Analyzing this performance optimization PR through the 5-phase review process...

Todo List

• Phase 1: Root Cause Analysis
• Phase 2: Configuration Change Detection
• Phase 3: Test Integrity Check
• Phase 4: Code Quality Review
• Phase 5: Backlog Compliance Assessment
• Final Rating and Recommendation

Phase 1: Root Cause Analysis ✅

Problem: The build pipeline suffered from dual-connection WAL corruption when both better-sqlite3 and rusqlite attempted to write to the same SQLite database. This forced most pipeline stages to fall back to JavaScript, eliminating performance gains from the native Rust code.

Approach: Introduce a NativeDbProxy that implements the BetterSqlite3Database interface but delegates all operations to a single rusqlite connection. When native is available, the entire pipeline uses only rusqlite - no dual connections, no WAL dance.

Justification: This is addressing a real architectural problem, not masking symptoms. The approach is sound and benchmarks show significant improvements across multiple metrics.

Phase 2: Configuration Change Detection ✅

No concerning configuration changes detected:

• Version bumps in package.json and Cargo.toml are expected for this optimization
• No linting rules disabled or relaxed
• No test timeouts increased or coverage thresholds lowered
• No TypeScript strict mode flags disabled
• Biome configuration unchanged

Phase 3: Test Integrity ✅

No red flags detected:

• No test modifications alongside code changes
• No weakened assertions or conditional test logic
• Only one legitimate eslint-disable for dynamic commander options
• No skipped tests introduced by this PR
• All 563 integration tests reportedly pass
• PR includes test plan for fallback verification

Phase 4: Code Quality ✅

Strong implementation quality:

Architecture: The NativeDbProxy pattern is well-designed - implements the BetterSqlite3Database interface cleanly, allowing transparent substitution without changing any stage code.

Error handling: Comprehensive fallback logic at multiple levels:

• setupPipeline() falls back to better-sqlite3 if native setup fails (lines 142-154)
• tryNativeInsert() gracefully degrades to JS implementation (lines 394-396)
• Environment variable CODEGRAPH_FORCE_JS_PIPELINE=1 provides override

Security: No injection risks detected - no dynamic SQL construction, all operations delegate to existing rusqlite methods.

Performance: The proxy design is minimal overhead - direct delegation to native methods with no complex translation logic.

Phase 5: Backlog Compliance Assessment ✅

Root Cause Analysis

Problem Being Solved: Dual-connection WAL corruption between better-sqlite3 and rusqlite causing performance degradation and forced JS fallbacks
Why This Approach: Single-connection design via proxy pattern eliminates WAL conflicts while maintaining interface compatibility
Risk Assessment: Low risk - comprehensive fallback mechanisms and environment override available

Backlog Compliance

• Zero-dep: ✅ — No new runtime dependencies, builds on existing rusqlite integration
• Foundation-aligned: ✅ — Fully compliant with P1 (always-current), P4 (zero-cost core), P5 (embeddable-first), P8 (not linting/CI)
• Problem-fit: 5 — Directly improves agent experience by making builds 12-30% faster, reducing wait times
• Breaking: No — Purely internal optimization, no API or output changes
• Tier: 1 (Zero-dep ✓ + Foundation-aligned ✓)

Final Recommendation

• Rating: ⭐⭐⭐⭐⭐ (5/5)
• Action: APPROVE
• Reasoning: Exceptional performance optimization that solves a real architectural problem. Clean implementation with comprehensive fallback mechanisms. Significant measurable improvements (12% faster builds, 30% faster rebuilds, 70x faster CFG). No breaking changes, excellent test coverage, and aligns perfectly with project principles.

Outstanding work. This is exactly the type of performance optimization that makes codegraph more responsive for AI agents while maintaining reliability.

[github-actions]

Codegraph Impact Analysis

23 functions changed → 31 callers affected across 16 files

• acquireAdvisoryLock in src/db/connection.ts:112 (15 transitive callers)
• releaseAdvisoryLock in src/db/connection.ts:132 (20 transitive callers)
• PipelineContext in src/domain/graph/builder/context.ts:21 (6 transitive callers)
• sanitize in src/domain/graph/builder/native-db-proxy.ts:15 (3 transitive callers)
• NativeDbProxy in src/domain/graph/builder/native-db-proxy.ts:19 (5 transitive callers)
• NativeDbProxy.constructor in src/domain/graph/builder/native-db-proxy.ts:24 (0 transitive callers)
• NativeDbProxy.prepare in src/domain/graph/builder/native-db-proxy.ts:28 (0 transitive callers)
• NativeDbProxy.all in src/domain/graph/builder/native-db-proxy.ts:31 (0 transitive callers)
• NativeDbProxy.get in src/domain/graph/builder/native-db-proxy.ts:34 (0 transitive callers)
• NativeDbProxy.run in src/domain/graph/builder/native-db-proxy.ts:37 (0 transitive callers)
• NativeDbProxy.iterate in src/domain/graph/builder/native-db-proxy.ts:44 (0 transitive callers)
• NativeDbProxy.raw in src/domain/graph/builder/native-db-proxy.ts:47 (0 transitive callers)
• NativeDbProxy.exec in src/domain/graph/builder/native-db-proxy.ts:54 (0 transitive callers)
• NativeDbProxy.pragma in src/domain/graph/builder/native-db-proxy.ts:59 (0 transitive callers)
• NativeDbProxy.close in src/domain/graph/builder/native-db-proxy.ts:63 (0 transitive callers)
• NativeDbProxy.open in src/domain/graph/builder/native-db-proxy.ts:68 (0 transitive callers)
• NativeDbProxy.name in src/domain/graph/builder/native-db-proxy.ts:72 (0 transitive callers)
• NativeDbProxy.transaction in src/domain/graph/builder/native-db-proxy.ts:76 (0 transitive callers)
• setupPipeline in src/domain/graph/builder/pipeline.ts:114 (6 transitive callers)
• runPostNativeAnalysis in src/domain/graph/builder/pipeline.ts:456 (4 transitive callers)

[greptile-apps]

Greptile Summary

This PR introduces NativeDbProxy — a thin BetterSqlite3Database shim backed by a single rusqlite connection — so the entire build pipeline (including bulkInsertNodes, AST, CFG, and finalize) runs through one rusqlite handle instead of the previous dual-connection WAL dance. The result is the 12–30% build speedup and 70x CFG improvement shown in the benchmarks.

• P1 — silent empty return on orchestrator failure: When nativeFirstProxy=true and tryNativeOrchestrator throws after nativeDb.buildGraph() has already committed its data (e.g. during setBuildMeta), the catch block in buildGraph() falls through to runPipelineStages without resetting nativeFirstProxy. detectChanges sees all hashes as current, triggers earlyExit, and buildGraph() returns undefined — discarding a completed build. See inline comment on pipeline.ts:794.

Confidence Score: 4/5

Safe to merge after addressing the nativeFirstProxy reset in the orchestrator catch block.

One P1 issue remains: the catch block in buildGraph() doesn't reset nativeFirstProxy when the orchestrator fails after writing data, which can cause a silent empty return. The P2 sanitize() gap is low-risk in practice since pipeline SQL params are strings/numbers. All other changes are clean and previous thread concerns are resolved.

src/domain/graph/builder/pipeline.ts — the catch block around tryNativeOrchestrator needs a nativeFirstProxy reset.

Vulnerabilities

No security concerns identified. The advisory lock is acquired before the native DB is opened and released by closeDb via __lockPath on the proxy — the lock lifecycle is preserved. No new external inputs are deserialized without validation, and no credentials or secrets are introduced.

Important Files Changed

Filename	Overview
src/domain/graph/builder/native-db-proxy.ts	New class wrapping NativeDatabase to satisfy BetterSqlite3Database; sanitize() only coerces undefined→null, leaving other non-primitive types unguarded at runtime.
src/domain/graph/builder/pipeline.ts	Core orchestrator updated for native-first mode; catch block after tryNativeOrchestrator does not reset nativeFirstProxy, risking a silent empty return when the orchestrator fails after committing data.
src/domain/graph/builder/context.ts	Adds nativeFirstProxy boolean flag to PipelineContext; straightforward and well-documented addition.
src/domain/graph/builder/stages/insert-nodes.ts	WAL checkpoint logic correctly split between native-first (no checkpoint needed) and dual-connection paths; logic is clean.
src/db/connection.ts	acquireAdvisoryLock and releaseAdvisoryLock exported; no logic changes, straightforward visibility promotion.
src/db/index.ts	Re-exports the two newly-exported lock helpers; trivial change.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[buildGraph] --> B[setupPipeline]
    B --> C{native available & FORCE_JS != 1?}
    C -- Yes --> D[acquireAdvisoryLock / openReadWrite / initSchema]
    D --> E[NativeDbProxy wraps NativeDatabase]
    E --> F[ctx.db = proxy / nativeFirstProxy = true]
    C -- No --> G[openDb better-sqlite3 / initSchema]
    G --> H[nativeFirstProxy = false]
    F --> I[tryNativeOrchestrator]
    H --> I
    I --> J{shouldSkip?}
    J -- Yes --> K[runPipelineStages]
    J -- No --> L[nativeDb.buildGraph]
    L --> M{result.earlyExit?}
    M -- Yes --> N[closeDbPair → return]
    M -- No --> O[setBuildMeta / runPostNative…]
    O --> P{throws?}
    P -- Yes --> Q[⚠️ catch: nativeFirstProxy still true]
    Q --> K
    P -- No --> R[closeDbPair → return BuildResult]
    K --> S{nativeFirstProxy?}
    S -- Yes --> T[Native-first stages: collect→detect→parse→insert→resolve→edges→structure→analyses→finalize]
    S -- No --> U[Legacy dual-connection stages with WAL dance]

Loading

Comments Outside Diff (1)

1. src/domain/graph/builder/pipeline.ts, line 794-801 (link)

   nativeFirstProxy not reset when orchestrator fails after writing data

   When nativeFirstProxy=true and tryNativeOrchestrator throws after nativeDb.buildGraph() has already committed its writes (e.g. during setBuildMeta), the catch block falls through to runPipelineStages with ctx.nativeFirstProxy still true. detectChanges then sees all file hashes as current (the orchestrator just updated them), sets ctx.earlyExit=true, and buildGraph() returns undefined — silently discarding the finished orchestrator build and leaving the DB missing its updated build_meta.

   The catch block should reset ctx.nativeFirstProxy to false, close the existing native connection, and reopen a fresh better-sqlite3 handle before falling through:

   } catch (err) {
     warn(`Native build orchestrator failed, falling back to JS pipeline: ${toErrorMessage(err)}`);
     if (ctx.nativeFirstProxy) {
       ctx.nativeFirstProxy = false;
       try { ctx.nativeDb?.close(); } catch { /* ignore */ }
       ctx.nativeDb = undefined;
       try {
         ctx.db = openDb(ctx.dbPath);
         initSchema(ctx.db);
       } catch (reopenErr) {
         warn(`DB reopen failed after orchestrator failure: ${toErrorMessage(reopenErr)}`);
         throw reopenErr;
       }
     }
     // Fall through to JS pipeline
   }

_{Reviews (2): Last reviewed commit: "fix: sanitize undefined params and retri..." | Re-trigger Greptile}

[greptile-apps]

run() stub silently drops changes and lastInsertRowid

RUN_STUB always returns { changes: 0, lastInsertRowid: 0 }, so any caller that inspects these fields — e.g. if (stmt.run(...).changes === 0) throw … — will silently get wrong data. No pipeline stage currently consumes these values, but the proxy advertises full BetterSqlite3Database compatibility, which could surprise future contributors.

Consider delegating to a dedicated exec-style method on NativeDatabase (if one exists or is added) that returns actual rowcount/rowid, or at minimum document the known limitation at the call site.

Suggested change

	run(...params: unknown[]): { changes: number; lastInsertRowid: number | bigint } {
	ndb.queryAll(sql, params as Array<string | number | null>);
	return RUN_STUB;
	},
	run(...params: unknown[]): { changes: number; lastInsertRowid: number | bigint } {
	// NOTE: changes and lastInsertRowid are not available via queryAll —
	// callers that rely on these values must use the native fast-paths directly.
	ndb.queryAll(sql, params as Array<string | number | null>);
	return RUN_STUB;
	},

[carlos-alm]

Added a NOTE comment on the run() stub clarifying that changes and lastInsertRowid are not available via queryAll and callers relying on these values must use native fast-paths directly. This documents the known limitation at the call site as suggested.

[carlos-alm]

Follow-up: the run() stub was actually causing a real bug — undefined params from callers like block.label threw serde_json::Value errors in napi-rs, and the zero-valued lastInsertRowid broke CFG block-edge mapping. Fixed in de237e4: added sanitize() to coerce undefined to null, and replaced the static stub with a real SELECT last_insert_rowid() query.

[greptile-apps]

transaction() doesn't support nested transactions

better-sqlite3's .transaction() automatically promotes to a savepoint when called inside an existing transaction, so nesting is safe. This implementation always issues BEGIN, which SQLite will reject with "cannot start a transaction within a transaction" if a transaction is already active.

The current pipeline stages (detectChanges, insertNodes, buildEdges, buildStructure) each call db.transaction(...) at the top level and not recursively, so this isn't a bug today. But since the proxy claims the same interface, a future stage that wraps an existing helper in a transaction will break in native-first mode without an obvious error message. Consider adding a comment documenting this limitation.

Suggested change

	transaction<F extends (...args: any[]) => any>(
	fn: F,
	): (...args: F extends (...a: infer A) => unknown ? A : never) => ReturnType<F> {
	const ndb = this.#ndb;
	return ((...args: unknown[]) => {
	ndb.exec('BEGIN');
	try {
	const result = fn(...args);
	ndb.exec('COMMIT');
	return result;
	} catch (e) {
	try {
	ndb.exec('ROLLBACK');
	} catch {
	// Ignore rollback errors — the original error is more important
	}
	throw e;
	}
	}) as any;
	}
	transaction<F extends (...args: any[]) => any>(
	fn: F,
	): (...args: F extends (...a: infer A) => unknown ? A : never) => ReturnType<F> {
	const ndb = this.#ndb;
	return ((...args: unknown[]) => {
	// NOTE: nested transactions (savepoints) are not supported — ensure callers
	// do not invoke a transaction() wrapper from within an existing transaction.
	ndb.exec('BEGIN');
	try {
	const result = fn(...args);
	ndb.exec('COMMIT');
	return result;
	} catch (e) {
	try {
	ndb.exec('ROLLBACK');
	} catch {
	// Ignore rollback errors — the original error is more important
	}
	throw e;
	}
	}) as any;
	}

[carlos-alm]

Added a NOTE comment on the transaction() method documenting that nested transactions (savepoints) are not supported and callers must not invoke a transaction() wrapper from within an existing transaction. This makes the behavioral divergence from better-sqlite3 explicit as suggested.

[carlos-alm]

@greptileai