Changelog
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
Unreleased
0.8.6 - 2026-04-22
Fixed
- Callees/callers query accuracy:
coraline_calleesandcoraline_callersMCP tools now validate call edges against import/crate boundaries before returning results, eliminating false-positive cross-crate links from name collisions (e.g.,heartbeat()in raccoon-agent falsely callingpost()in raccoon-frontend). Validation checks: same-file, same-directory, or explicit import statements; queries fetch 2x limit to maintain result count after filtering. - CLI callees/callers filtering:
coraline calleesandcoraline callersCLI commands now apply the same boundary validation and show "No callees/callers found" when all edges are filtered out.
Added
is_valid_call_edge()database function — validates whether a call edge respects module/crate boundaries before inclusion in query results.
0.8.5 - 2026-04-21
Dependencies
- Bump
indicatif0.17 → 0.18 - Bump
tree-sitter-scala0.25.0 → 0.26.0
CI
- Bump
actions/upload-artifact7.0.0 → 7.0.1 - Bump
github/codeql-action4.35.1 → 4.35.2 - Bump
actions/deploy-pages4.0.5 → 5.0.0 - Bump
dependabot/fetch-metadata2.3.0 → 3.1.0
[0.8.4] - 2026-04-20
Fixed
- Call graph precision:
coraline_calleesno longer returns false-positive cross-project edges when multiple paths have the same symbol name. Resolver now prefers extractor-provided candidate IDs (better locality signal) and avoids low-confidence global-name fallback for call edges. - Graph queries (
coraline_callees,coraline_callers) now return deterministic, stable result sets via explicitORDER BY (line, col, target/source)in edge retrieval, improving user trust in output consistency across repeated queries. - Windows test portability: graph precision acceptance tests now normalize path separators in assertions, preventing
src\\api.rsvssrc/api.rsmismatches onwindows-latest.
Added
- Graph precision acceptance tests for call-edge disambiguation in mixed active/legacy workspaces, stale-file deletion edge hygiene, and fallback prevention scenarios.
CI
- Replaced hardcoded Rust toolchain commit hashes with
@stabletag to fix transient CI failures and ensure stable Rust channel alignment with MSRV policy.
0.8.3 - 2026-04-17
Changed
coraline index,coraline sync, andcoraline embednow use a Braille spinner with the current phase/file instead of a progress bar, reducing terminal jitter during indexing and embeddingcoraline embednow displays an explicit model-loading status indicator while ONNX Runtime and tokenizer initialization are in progress
Fixed
- Fixed storing-phase progress accounting in
index_allwhere mixed totals (parsed.len()vsfiles.len()) caused visible progress jumps coraline embednow handles ONNX Runtime initialization panics gracefully and returns actionable loader error guidance instead of a panic backtrace
CI
- Release workflow now supports auto-tag-triggered releases via
workflow_runand shared tag/SHA resolution, avoiding theGITHUB_TOKENtag-push trigger gap
0.8.2 - 2026-04-16
Changed
coraline index,coraline sync, andcoraline embednow display anindicatifprogress bar ({spinner} {phase} [{bar}] {pos}/{len}) instead of raw ANSI escape sequences;--quietsuppresses it entirely
Fixed
- macOS
tree-sitter-blazorarchive warning removed — the build now avoids the unsupported BSDar -Dflag probe that previously emitted noisy warnings during local builds on macOS
CI
- Add Dependabot auto-merge workflow — approved Dependabot PRs with passing CI now merge automatically
0.8.1 - 2026-04-15
CI
- Bump
actions/attest-build-provenancefrom 3.0.0 to 4.1.0 - Bump
actions/cachefrom 5.0.4 to 5.0.5 - Bump
actions/configure-pagesfrom 5.0.0 to 6.0.0 - Bump
softprops/action-gh-releasefrom 2.6.1 to 3.0.0 - Bump
actions/upload-pages-artifactfrom 3.0.1 to 5.0.0 - Pin
ortto=2.0.0-rc.11in Dependabot ignore rules pending resolution of VitisAI build regression in rc.12
Security
- Updated
ureqto 3.3.0,rustlsto 0.23.38,rustls-webpkito 0.103.12 — resolves RUSTSEC-2026-0098 and RUSTSEC-2026-0099 (URI name constraint validation bugs)
0.8.0 - 2026-04-15
Added
- Symbol name disambiguation for MCP graph tools —
coraline_callers,coraline_callees,coraline_impact,coraline_find_references,coraline_node,coraline_dependencies,coraline_dependents, andcoraline_pathnow acceptname(+ optionalfile) as an alternative tonode_id, with clear disambiguation errors when multiple symbols share the same name filefilter on search tools —coraline_searchandcoraline_find_symbolaccept an optionalfileparameter to scope results to a specific file pathcoraline_find_fileMCP tool — glob-based file search (*.rs,test_*,[Cc]argo.toml) that walks the project tree, skipping common build/hidden directories
Fixed
- FTS5 search hardened against special-character queries — search terms are now individually double-quoted before SQLite
MATCHexecution, with embedded quotes escaped; blank/whitespace-only input returns empty results instead of an FTS syntax error. Queries containing/(e.g. file paths),", or other FTS special characters now work correctly - MCP tool dispatch resolves prefixed tool names —
ToolRegistrynow normalizes common client prefixes (mcp_coraline_coraline_*,mcp_coraline_*,mcp_*) before lookup, preventingUnknown toolerrors when MCP clients such as VS Code Copilot automatically prefix registered tool names - Removed
#[allow(clippy::cast_possible_truncation)]suppressions — allu64 as usizecasts in MCP toolexecutefunctions replaced withusize::try_from().ok().unwrap_or(N);f64 as f32inSemanticSearchToolnarrowed to a single line-level allow with justification comment - Fixed silent empty-string return in
resolve_node_id— thelen() == 1branch now returns a properinternal_errorinstead of silently producing an empty node ID if the iterator is unexpectedly exhausted - Release workflow not triggered by auto-tag — tags pushed by
github-actions[bot]viaGITHUB_TOKENdon't firepushevents on other workflows; auto-tag now explicitly triggers the release workflow viaworkflow_dispatch
0.7.0 - 2026-04-13
Added
- MCP background auto-sync — the MCP server now spawns a background thread that periodically checks index freshness and performs incremental sync when files have changed, keeping the knowledge graph current without manual intervention
- Automatic incremental embedding — after each background sync, newly-added nodes are automatically embedded when the
embeddingsfeature is enabled and ONNX model files are present on disk auto_sync_interval_secsconfig — new[sync]setting inconfig.tomlcontrols the background check interval (default: 120 seconds, set to 0 to disable)coraline updateCLI command — checks crates.io for newer published versions and prints upgrade instructionsget_unembedded_nodesdatabase query — efficient LEFT JOIN query to find nodes missing vector embeddings, enabling incremental embedding instead of re-embedding everything- Repository logo asset — added
assets/img/coraline_logo.pngand wired it into the README header for consistent project branding
Changed
ureqis now a non-optional dependency — always available for update checking (previously gated behind theembeddingsfeature)tree-sitter-dartupdated to 0.1.0 — migrated from deprecatedlanguage()function to the newLANGUAGEconstant API
Dependencies
- Consolidated Dependabot PRs (#15–#19) — CI action versions (
actions/checkout@v6,codeql-action@v4,upload-artifact@v7,download-artifact@v8.0.1) were already at target versions; no changes needed - Skipped
ort2.0.0-rc.12 due to upstreamVitisAIbuild regression — remains pinned at=2.0.0-rc.11
Documentation
- README cleanup and docs-site routing — removed emoji-heavy formatting, normalized the logo image tag, and updated primary documentation links to point to the published site at
https://greysquirr3l.github.io/coraline/ - Configuration, MCP, and CLI docs updated — documented
auto_sync_interval_secs, background auto-sync behavior, and thecoraline updatecommand
0.6.0 - 2026-04-09
Added
--skip-syncforcoraline embed— allows explicitly bypassing the pre-embed sync check when you intentionally want to embed the current indexed stateSyncStatuspreflight API (extraction::needs_sync) — lightweight sync-status check now returns detailed added/modified/removed counts for reuse by CLI and MCP flows
Changed
coraline embednow preflights index freshness — embed checks for stale index state and auto-runs incrementalsynconly when needed, with progress output that reports detected and applied changescoraline_semantic_searchnow performs periodic freshness maintenance — MCP semantic search throttles freshness checks and, when stale, auto-syncs the graph and refreshes stale/missing node embeddings before serving results
Documentation
- CLI, MCP, and README docs updated — documented
embed --skip-sync, pre-embed auto-sync behavior, and MCP semantic-search freshness metadata - mdBook docs site added — introduced
docs/book/and a GitHub Pages deployment workflow (docs-pages.yml) to publish documentation on the project GitHub Pages site - Architecture docs visual refresh — replaced ASCII overview with GitHub-native Mermaid diagrams for cleaner rendering and maintenance
0.5.0 - 2026-04-08
Added
- MCP protocol negotiation and compatibility fallback — server now negotiates protocol version with clients, preferring
2025-11-25while retaining compatibility with2024-11-05 tools/listpagination support — cursor-based pagination added viacursorrequest param andnextCursorresponse field
Changed
- MCP lifecycle enforcement tightened — normal operations now require successful
initializefollowed bynotifications/initialized - Tool error semantics aligned with MCP expectations — unknown tool calls return protocol errors; tool execution failures continue returning
isError: trueresults - Tool capability declaration expanded — MCP initialize response now advertises
tools.listChangedcapability (currentlyfalse) - Core dependencies refreshed for 0.5.0 — upgraded key libraries including
toml(1.1),rusqlite(0.39),sha2(0.11),tokenizers(0.22), and multiple tree-sitter parser crates; validated with full workspace tests and clippy - Workflow supply-chain hardening — all CI and CodeQL GitHub Actions are now pinned to immutable commit SHAs to improve OSSF Scorecard
Pinned-Dependenciesposture - Strict lint command is now standardized — added tracked
.cargo/config.tomlalias socargo lintconsistently enforces the project clippy policy in local and CI runs
Fixed
- Tool result schema field casing — MCP tool results now serialize as
isError(camelCase) instead ofis_error - Clippy pedantic compliance in MCP server code — removed no-effect underscore bindings and replaced potential panicking slice/index patterns with safe iterator/object mutation patterns
Documentation
- MCP documentation refreshed across README and docs book — updated protocol/lifecycle notes, pagination behavior, and development examples to reflect current server behavior
[0.4.4] - 2026-04-08
Fixed
- Windows cross-platform CI test failure —
parse_project_root_accepts_file_uriunit test now handles Windows file URI format (file:///C:/...) correctly by normalizing the leading slash when present; test is now platform-aware and uses appropriate URIs for each platform
[0.4.3] - 2026-04-07
Fixed
- Cross-compilation builds failing on OpenSSL — switched TLS backend from
native-tls(OpenSSL) torustlsfor all HTTP operations; musl and ARM cross-builds no longer require OpenSSL headers or linking - Root cause:
ortdependency had default features enabled which pulled intls-native→ureq/native-tls→openssl-sys; now usesdefault-features = falsewith explicittls-rustls
Changed
embeddingsfeature now uses rustls — pure Rust TLS for model downloads, no system OpenSSL dependencyembeddings-dynamicno longer includes any TLS stack — users supply their own ONNX runtime, no HTTP downloads needed
Security
- Pinned all GitHub Actions to commit SHAs — OSSF Scorecard
PinnedDependenciesIDcompliance - Added Dependabot configuration — automated dependency updates for Cargo and GitHub Actions
0.4.2 - 2026-04-07
Fixed
- MCP tools discovery without explicit
--path—tools/listnow lazily initializes the tool registry when clients call it beforeinitialize, so tools are returned even whencoraline serve --mcpstarts without-p - Safer MCP project-root URI parsing — non-
file://URIs (for example, remote client scheme URIs) are no longer treated as filesystem paths duringinitialize; server falls back to an actual local path when needed - Regression coverage for MCP startup flow — added tests for pre-initialize
tools/listbehavior and URI parsing guards to prevent regressions
0.4.1 - 2026-04-03
Added
- Embedding model prompt on
coraline init— when stdin is a TTY,initnow offers to download the embedding model (~137 MB) immediately after initialization; declined or non-interactive runs print a tip and continue normally with full graph functionality embeddingsis now the default feature —cargo install coralineincludes ONNX/semantic search support out of the box; no--featuresflag required for most users
Fixed
- MCP server no longer ghost-creates
.coraline/—MemoryManagerpreviously calledcreate_dir_all(.coraline/memories/)eagerly on every MCP startup, leaving a stub directory that blockedcoraline initfrom running cleanly; it now returns an error if.coraline/doesn't exist, which the MCP tool registry handles gracefully coraline init -ion an already-initialized project no longer prompts to overwrite — when--indexis present without--force, init detects the existing directory, skips the destructive overwrite, and runs indexing directly; use--forceto explicitly wipe and reinitializecoraline_semantic_searchMCP tool degrades gracefully without a model — when no ONNX model file is present the tool is not registered (all other tools remain available) and a warning is emitted to the project log
0.4.0 - 2026-03-20
Added
- Full multi-language symbol extraction coverage across all supported languages, including previously missing Python internals and broad AST node-kind mappings.
- Expanded import/export resolution across languages for stronger cross-file graph relationships and MCP traversal behavior.
- Broader call-expression detection and callee extraction across language grammars to improve call graph completeness.
Changed
- Cross-language resolution quality improved for callers/callees/impact tooling due to richer import/export and call mapping.
Internal
- Strict lint compliance restored after expansion (
cargo clippy --all-features -- -D warnings). - Release validated with build + full test suite.
0.3.1 - 2026-03-18
Added
embeddings-dynamicfeature flag — alternative toembeddingsthat usesort/load-dynamicinstead ofort/download-binaries, allowing users on systems with older glibc (e.g., Rocky Linux, HPC nodes) to supply their ownlibonnxruntime.sobuilt against their local glibc (#8)- musl static binaries in releases —
x86_64-unknown-linux-muslandaarch64-unknown-linux-musltargets added to the release CI matrix, producing fully static binaries with zero glibc dependency
0.3.0 - 2026-03-07
Added
- Vector math optimizations — cosine similarity and L2 normalization now use fused multiply-add for improved numerical stability
Changed
- Dependencies updated — refreshed core dependencies and applied transitive updates for security and compatibility (tree-sitter, clap, tempfile, syn, and 16+ transitive deps)
Internal
- All tests validated (37/37 passing); property tests ensure numerical accuracy
0.2.3 - 2026-03-01
Fixed
coraline init -ion an already-initialized project — instead of hard-failing, the CLI now prompts "Overwrite? [y/N]" when stdin is a TTY, or prints a clear error with--forceguidance in non-interactive contexts;--force/-fflag added toinitto skip the prompt- UNIQUE constraint failures on minified/single-line files — node IDs now incorporate
start_columnin addition tostart_line, preventing hash collisions for multiple symbols on the same line - Garbled progress output during
index/sync— progress lines now use\r\x1B[K(erase-to-end-of-line) instead of bare\r, andstdoutis flushed after each update to prevent interleaving with log output
Internal
- OSSF Scorecard CI workflow added
- Security audit workflow now also triggers on
deny.tomlchanges cargo fmtstyle pass acrossconfig.rsandresolution/mod.rs
0.2.2 - 2026-02-21
Fixed
- Release pipeline: binary builds failing on
ort-sys—ort,tokenizers, andndarrayare now optional, gated behind anembeddingsfeature flag; default builds no longer require ONNX Runtime prebuilt binaries - Release pipeline:
coraline publishfailing when version already on crates.io — publish steps for bothtree-sitter-blazorandcoralinenow skip gracefully if the version already exists - Release pipeline: build matrix cancelling all jobs on first failure — added
fail-fast: falseso platform builds run independently - Dropped
x86_64-apple-darwinrelease binary — Intel Mac is not a supported target; ONNX Runtime provides no prebuilt binaries for it
0.2.1 - 2026-02-21
Fixed
coraline initblocked by log directory —logging::init()eagerly created.coraline/logs/beforeis_initialized()ran, making every re-init attempt report "already initialized"synccrash on UNIQUE constraint — incremental sync now catches per-file store errors (warn + continue) instead of aborting the entire sync, consistent withindex_allcallers/calleesCLI showing incorrect results — CLI was passing no edge-kind filter, surfacingcontainsedges as false callers; now filters tocallsedges only, consistent with MCP tools- CI
actions/checkout@v6— updated all workflow steps to the current stablev4
0.2.0 - 2026-02-20
Added
- Vector embeddings — full ONNX pipeline using
ort 2.0.0-rc.11and nomic-embed-text-v1.5 (384-dim).coraline embedCLI command andcoraline_semantic_searchMCP tool - 25 MCP tools (26 with embeddings) — complete symbol, graph, file, memory, config, stats, and sync toolset
coraline_stats— detailed graph statistics grouped by language, node kind, and edge kindcoraline_dependencies/coraline_dependents— traversal tools for outgoing/incoming dependenciescoraline_path— find shortest paths between any two nodescoraline_syncMCP tool — trigger incremental sync from an MCP clientcoraline_semantic_search— semantic similarity search over indexed symbolscoraline_find_symbol/coraline_get_symbols_overview/coraline_node/coraline_find_references— symbol-level tools matching Serena's precisioncoraline_read_file/coraline_list_dir/coraline_get_file_nodes— file exploration toolscoraline_get_config/coraline_update_config— TOML config management via MCP- Memory tools —
coraline_write_memory,coraline_read_memory,coraline_list_memories,coraline_delete_memory,coraline_edit_memory(regex + literal modes) - TOML configuration —
.coraline/config.tomlwith sections for indexing, context, sync, and vectors; written as a commented template oncoraline init - Structured logging —
tracingwith daily-rotating file appender to.coraline/logs/coraline.log; level viaCORALINE_LOGenv var - Framework-specific resolvers — Rust, React, Blazor, Laravel
- CLI commands —
callers,callees,impact,config,stats,embed;--jsonflag on all query commands - Criterion benchmark suite — 9 benchmarks across indexing, search, graph traversal, and context building groups (
cargo bench --bench indexing) - CI/CD — GitHub Actions for multiplatform builds (Linux x86_64/ARM64, macOS x86_64/ARM64, Windows x86_64), crates.io publishing, CodeQL scanning, daily dependency auditing
- 28+ language support via tree-sitter: Rust, TypeScript, JavaScript, TSX, JSX, Python, Go, Java, C, C++, C#, PHP, Ruby, Swift, Kotlin, Bash, Dart, Elixir, Elm, Erlang, Fortran, Groovy, Haskell, Julia, Lua, Markdown, MATLAB, Nix, Perl, PowerShell, R, Scala, TOML, YAML, Zig, Blazor
Fixed
- TypeScript import extraction:
import_statementwas wrongly mapped asimport_declarationin tree-sitter AST import_clauselookup: switched fromchild_by_field_name(alwaysNone) to child iteration- Cross-file import edges test:
SELECT *placed integeridat column 0; changed to explicitSELECT source, target - FTS multi-word search: now uses
ORlogic so partial matches are found - Glob pattern matching: completely rewritten using
globsetcrate; prior regex implementation was non-functional - Parallel indexing: CPU-bound parse phase separated from sequential DB writes; SQLite PRAGMA tuning (
synchronous=NORMAL, 64 MB cache, 256 MB mmap)
Changed
- Database filename:
codegraph.db→coraline.db - Project directory:
.codegraph/→.coraline/ - Post-commit git hook updated to check
.coraline/directory
0.1.3 - 2026-02-15
Added
coraline_statsMCP tool — graph statistics by language, node kind, and edge kind- TypeScript import extraction fix
Fixed
- Cross-file import edge detection
0.1.2 - 2026-02-13
Added
- PHP, Swift, Kotlin, Markdown, TOML parser support
- CI/CD infrastructure (GitHub Actions)
.coraline/directory rename from.codegraph/
Fixed
- Critical glob pattern matching bug (rewritten with
globset)
0.1.1 - 2026-02-10
Added
- Memory system with 5 MCP tools
- Tool abstraction layer and registry
- Integration test suite
0.1.0 - 2026-02-07
Added
- Initial release
- Tree-sitter based AST extraction for Rust, TypeScript, JavaScript, Python, Go, Java, C, C++, C#, Ruby
- SQLite graph storage
- MCP server (
coraline serve --mcp) - Basic CLI:
init,index,sync,status,query,context coraline_search,coraline_callers,coraline_callees,coraline_impact,coraline_contextMCP tools- Git post-commit hook integration