symgraph 2026.6.14

Semantic code intelligence library and MCP server - build knowledge graphs of codebases
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185

//! Handler for diff impact tool

use std::process::Command;

use crate::db::Database;
use crate::mcp::types::DiffImpactRequest;
use crate::ops::format;
use crate::security::safe_join;
use crate::types::Node;

pub fn handle_diff_impact(
    db: &Database,
    project_root: &str,
    req: &DiffImpactRequest,
) -> Result<String, String> {
    if let Some(git_ref) = req.git_ref.as_deref() {
        return handle_git_ref_impact(db, project_root, git_ref);
    }

    let file_path = req
        .file_path
        .as_deref()
        .ok_or("file_path is required when git_ref is not set")?;
    let start_line = req
        .start_line
        .ok_or("start_line is required when git_ref is not set")?;
    let end_line = req
        .end_line
        .ok_or("end_line is required when git_ref is not set")?;

    safe_join(project_root, file_path).map_err(|e| e.to_string())?;

    let nodes = db
        .get_diff_impact(file_path, start_line, end_line)
        .map_err(|e| e.to_string())?;
    Ok(render_impact(file_path, start_line, end_line, nodes))
}

fn handle_git_ref_impact(
    db: &Database,
    project_root: &str,
    git_ref: &str,
) -> Result<String, String> {
    validate_git_ref(git_ref)?;
    let regions = git_changed_regions(project_root, git_ref)?;
    if regions.is_empty() {
        return Ok(format!("No changes detected against `{}`.", git_ref));
    }

    let mut output = format!("# Diff impact vs `{}`\n\n", git_ref);
    output.push_str(&format!("Changed regions: {}\n\n", regions.len()));

    for (file, start, end) in regions {
        let nodes = db
            .get_diff_impact(&file, start, end)
            .map_err(|e| e.to_string())?;
        output.push_str(&render_impact(&file, start, end, nodes));
        output.push_str("\n---\n\n");
    }
    Ok(output)
}

fn render_impact(file_path: &str, start_line: u32, end_line: u32, nodes: Vec<Node>) -> String {
    if nodes.is_empty() {
        return format!(
            "No symbols affected by changes to {}:{}{}\n",
            file_path, start_line, end_line
        );
    }

    let mut output = format!("## Impact: {}:{}{}\n\n", file_path, start_line, end_line);
    output.push_str(&format!(
        "Potentially affected: {} symbol(s)\n\n",
        nodes.len()
    ));

    let mut direct = Vec::new();
    let mut indirect = Vec::new();

    for node in nodes {
        if node.file_path == file_path && node.start_line <= end_line && node.end_line >= start_line
        {
            direct.push(node);
        } else {
            indirect.push(node);
        }
    }

    if !direct.is_empty() {
        output.push_str("### Directly Modified\n\n");
        for node in direct {
            output.push_str(&format::format_node(&node));
            output.push_str("\n\n");
        }
    }

    if !indirect.is_empty() {
        output.push_str("### Indirect Impact (Callers)\n\n");
        for node in indirect {
            output.push_str(&format::format_node(&node));
            output.push_str("\n\n");
        }
    }

    output
}

/// Conservative allow-list for git refs coming from MCP callers.
///
/// Rejects leading `-` (would look like a flag to `git diff`) and any
/// character outside the usual ref/rev-spec alphabet. This is intentionally
/// stricter than `git check-ref-format` — we'd rather bounce a valid-but-
/// weird ref than risk argument injection.
fn validate_git_ref(git_ref: &str) -> Result<(), String> {
    if git_ref.is_empty() {
        return Err("git_ref must not be empty".to_string());
    }
    if git_ref.starts_with('-') {
        return Err("git_ref must not start with '-'".to_string());
    }
    for ch in git_ref.chars() {
        let ok = ch.is_ascii_alphanumeric()
            || matches!(ch, '_' | '-' | '.' | '/' | '~' | '^' | ':' | '@');
        if !ok {
            return Err(format!("git_ref contains unsupported character: {:?}", ch));
        }
    }
    Ok(())
}

/// Run `git diff --unified=0 <ref>` and parse the output into per-file
/// (path, start_line, end_line) regions covering the post-image hunks.
fn git_changed_regions(
    project_root: &str,
    git_ref: &str,
) -> Result<Vec<(String, u32, u32)>, String> {
    // `--` separates revs from paths; we pass no paths, but explicitly
    // closing the rev-spec section still hardens against future callers.
    let output = Command::new("git")
        .args(["diff", "--unified=0", git_ref, "--"])
        .current_dir(project_root)
        .output()
        .map_err(|e| format!("running git diff: {}", e))?;

    if !output.status.success() {
        return Err(format!(
            "git diff failed: {}",
            String::from_utf8_lossy(&output.stderr).trim()
        ));
    }

    let text = String::from_utf8_lossy(&output.stdout);
    let mut regions = Vec::new();
    let mut current_file: Option<String> = None;

    for line in text.lines() {
        if let Some(rest) = line.strip_prefix("+++ b/") {
            current_file = Some(rest.to_string());
            continue;
        }
        if line.starts_with("+++ /dev/null") {
            current_file = None;
            continue;
        }
        if let Some(hunk) = line.strip_prefix("@@") {
            // Format: @@ -<old> +<new_start>[,<new_count>] @@
            if let Some(plus_idx) = hunk.find('+') {
                let after = &hunk[plus_idx + 1..];
                let end_idx = after.find(' ').unwrap_or(after.len());
                let spec = &after[..end_idx];
                let mut parts = spec.split(',');
                let start: u32 = parts.next().and_then(|s| s.parse().ok()).unwrap_or(0);
                let count: u32 = parts.next().and_then(|s| s.parse().ok()).unwrap_or(1);
                if start > 0 {
                    if let Some(file) = current_file.clone() {
                        let end = if count == 0 { start } else { start + count - 1 };
                        regions.push((file, start, end));
                    }
                }
            }
        }
    }

    Ok(regions)
}