Skip to content

Code Analysis

Jump to bottom
wody edited this page May 24, 2026 · 3 revisions

Code Analysis

Introduced in v0.35.0. Three independent in-process tools that read the workspace tree:

Tool URL Purpose
Gradle wrapper /projects/{id}/wrapper Show current wrapper version + 1-click upgrade
Code statistics /projects/{id}/stats File / LoC / size per language
Workspace grep /code-search Cross-project source-tree search

None of these depend on external binaries (no cloc, no ripgrep). The walks are sequential JVM I/O — fine for typical Android projects (a few thousand files), noticeable but acceptable on multi-GB monorepos.

Gradle wrapper management

What's shown

/projects/{id}/wrapper parses gradle/wrapper/gradle-wrapper.properties:

  • Current version — from distributionUrl (https\://services.gradle.org/distributions/gradle-9.5.1-bin.zip9.5.1).
  • Distribution typebin (binary only, ~150 MB download) or all (binary + source + docs, ~400 MB).
  • Raw URL — copy/inspect.
  • Properties file path — for direct shell editing if you need it.

Upgrading

Type a new version (regex ^[0-9]+(\.[0-9]+)*(-rc-[0-9]+)?$), pick bin or all, submit. Server:

  1. Reads the existing file.
  2. Replaces only the distributionUrl= line. Other properties (zipStoreBase, validateDistributionUrl, etc.) are preserved.
  3. Writes to .tmp and atomically moves into place.

Next ./gradlew invocation will download the new distribution automatically. The audit log records wrapper.update with the version in the detail JSON.

Safety

  • Version regex blocks shell / path injection.
  • Distribution type whitelist (bin / all) only.
  • Atomic write — a crashed save can't leave a half-written .properties.

What this doesn't do

  • It does not edit gradle.properties (use Env Files Quick Edit for that).
  • It does not validate that the upgraded version is compatible with your project's plugins. A --refresh-dependencies rebuild is the fastest way to catch issues.

Code statistics

Method

/projects/{id}/stats walks the project root and:

  1. Filters out .git, build, .gradle, node_modules, .idea, .vibecoder/.
  2. Skips binary extensions (30+ — .apk / .aab / .jar / .png / .mp4 / .ttf / …).
  3. Skips files larger than 5 MB.
  4. Classifies remaining files by extension into one of 35+ languages (Kotlin / Java / Swift / Go / Rust / TS / JS / Vue / Svelte / Python / Ruby / SQL / GraphQL / Terraform / …).
  5. Counts lines (Files.lines(p).count()).

This is not cloc-grade accuracy — blank lines and comments are counted. But for "is this app mostly Kotlin or mostly XML?" the result is right.

Output

Column Notes
Language Friendly name (e.g. Kotlin, not kt)
Files Count
Lines Total
Bar Visual share of total lines (relative to the biggest language)

Top-line summary cards: total files / total lines / total bytes / walk duration ms.

Workspace grep (/code-search)

The companion to /history (conversation search) and /logs (build-log search) — this one walks source files.

Filters

  • Query — required (≥ 1 char). Empty query returns an empty result, preventing accidental "dump everything" requests.
  • Project filter — optional substring match against the project id.
  • Case sensitive — checkbox.

Behavior

  • Walks every project directory at the top of workspace.root (skipping .vibecoder and other dotfiles).
  • Per file: skips if >5 MB, skips if a known binary extension.
  • Reads line-by-line; stops the file scan as soon as 200 total matches accumulate.
  • Match preview shows the full line (clipped to 400 chars) with the matched substring wrapped in <mark style="background:#facc15">.
  • File link goes to /projects/{id}/view?path=<file> — the existing file viewer renders the file with syntax highlighting (highlight.js) and navigates to the line.

Performance characteristics

Workspace size Typical scan time
1 small Android project (~500 files, 50 K LoC) < 1 s
5 mid-size projects (~5 K files, 500 K LoC) 1-3 s
10+ large projects (10 K+ files, 1M+ LoC) 5-15 s

Future improvement: detect rg in $PATH and use it for big workspaces.

Why no regex?

The current input field treats the query as a literal substring (with Regex.escape applied for the <mark> highlight). Regex would be more powerful but also a footgun (catastrophic backtracking on user input). A future version may add an explicit "regex mode" checkbox with a timeout-bounded Matcher.

Roadmap

  • CVE matching on dependencies — see Dependency Audit for the related Gradle dependency tree feature; CVE lookup is the obvious add.
  • ripgrep fallback for code-search — auto-detect rg in $PATH and delegate.
  • Per-language tokei-style stats — separate code / comment / blank line columns. Probably a small library import.

Related

  • Build Cache Management — clean Gradle / Android / npm caches when stats show your project ballooning.
  • Dependency Audit — Gradle dependency tree with coordinate extraction (sibling feature).
  • Backup & Restore/backup excludes the same caches that bloat your stats.

Clone this wiki locally