feat: add code graphs#452
Conversation
|
| Filename | Overview |
|---|---|
| apps/api/src/lib/repository-url.ts | New file: public-repository git-clone ingestion. Symlink traversal and broken-symlink crash previously flagged are both fixed (realpath + isPathInsideRoot double-check; try-catch continue on ENOENT). stdout limit throws a RepositoryUrlError. Looks correct. |
| apps/worker/workflows/sync-repository-graph.ts | Durable repository sync workflow. Top-level try/catch calls markBindingFailed on run.retryTerminal. findReusableProcessRun provides idempotent step recovery. behind/diverged and compare_timeout fall back to full-snapshot sync as expected. |
| apps/api/src/routes/connector-webhooks.ts | Webhook ingestion endpoint. JSON.parse is now wrapped in parseWebhookPayload. Binding query is scoped to the verified connector via inner join on connectorInstallationsTable. enqueueBindingWorkflows has error recovery that marks already-enqueued bindings as pending and failed bindings as failed. |
| apps/api/src/routes/connectors.ts | Connector admin and installation routes. assertInstallationBelongsToConnector guards all routes that accept an installationId. Manual sync endpoint resets binding to failed on enqueue error. Installation-connector mismatch issue from prior review is fixed. |
| apps/api/src/routes/graph.ts | New POST /:id/urls endpoint. Dedup key is per-repository (repository.url + checksum). Passes retiredFileIds: result.supersededFileIds to processFilesSpec so stale sources are expired. Archive-upload retry now passes retiredFileIds: [] to avoid invalidating unrelated sources. |
| packages/connectors/src/github.ts | GitHub provider client. behind and diverged status now return { isIncremental: false } instead of throwing, triggering full-snapshot fallback in the workflow. Tree truncation is checked and raises a limit error. |
| packages/connectors/src/gitlab.ts | GitLab provider client. compare_timeout: true now returns { isIncremental: false } so the workflow falls back to a full-snapshot sync rather than marking the binding failed. |
| apps/api/src/lib/graph-route.ts | commitGraphFileUploads added. Supersession uses JSONB extraction (metadata::jsonb ->> 'repositoryUrl') without an index; could be slow for large graphs. Logic is otherwise correct; superseded file IDs are returned for source invalidation. |
| migrations/20260615094125_fluffy_gladiator/migration.sql | Promotes files_graph_active_key_idx from a non-unique to a UNIQUE partial index (WHERE deleted = false), closing the insertRepositoryFiles idempotency gap identified in earlier review. |
| packages/db/src/source-validity.ts | New helpers for source/file predicate building. quoteIdentifier validates against an allowlist regex before injecting into raw SQL, preventing SQL injection through alias strings. |
| apps/worker/lib/code-repository-finalizer.ts | New file: invalidateSupersededRepositorySources correctly branches on retiredFileIds presence - empty array hits the early-return guard, undefined falls through to the latestFileIds path. Addresses the single-file retry invalidation issue from the prior review. |
Reviews (18): Last reviewed commit: "fix(worker): scope duplicate webhook eve..." | Re-trigger Greptile
- mark bindings failed with `sync_failed` when terminal processing aborts - add coverage for failed child workflow cleanup path
- Return an empty non-incremental snapshot when GitLab compare times out - Keep invalid compare payloads rejected
- Resolve repo and file paths before reading code files - Skip entries whose real paths escape the clone root - Add regression coverage for symlinked repository files
- Fetch installation account details during GitHub connector setup - Split connector installation uniqueness by org and team scope - Add coverage for the new account lookup and upsert behavior
- Avoid reusing finished process runs when a file insert hits a conflict - Add regression coverage for completed run filtering
- Skip repository files when realpath resolution fails - Reject truncated GitHub tree responses with a limit error - Add tests for both edge cases
- Mark manual repository graph syncs failed when workflow enqueue throws - Preserve typed provider errors for non-JSON GitLab API failures
- Reject repository, branch, and graph requests when an installation belongs to another connector - Normalize connector error messages before mapping them to API responses - Add tests for the new 403 checks
- Add `getRepository` to GitHub and GitLab clients - Use direct repository fetches for branch and graph sync flows - Move credential helpers into the credentials module and update tests
- require org admin or matching team access when signing and consuming connector state - avoid reprocessing completed graph runs and reuse exact matching runs when possible - add coverage for cross-org install callbacks and process run reuse
# Conflicts: # packages/graph/src/file-type.ts
|
Will be done in another way later |
Summary
Adds backend and API support for code graph ingestion and connector-backed repository graph sync. This PR intentionally excludes the connector UI; the remaining frontend changes are typed API helper functions for the new backend routes.
Type of Change
Changes Made
POST /graphs/:id/urls, including repository snapshot supersession and code workflow routing.POST /connectors/webhooks/:providerand durable repository sync workflows for initial, incremental, and full-snapshot syncs.apps/frontend/lib/api/connectors.tsfor the follow-up UI work; no connector pages/components are included in this PR.API Surface
GET /connectorsPOST /connectors/github/manifest/startGET /connectors/github/manifest/callbackPOST /connectors/gitlabPATCH /connectors/:idGET /connectors/:id/connectGET /connectors/github/install/callbackGET /connectors/:id/installationsGET /connectors/:id/repositories?installationId=...GET /connectors/:id/repositories/:repositoryId/branches?installationId=...POST /connectors/:id/repository-graphsGET /repository-graph-bindings/:idPOST /repository-graph-bindings/:id/syncPOST /connectors/webhooks/:providerPOST /graphs/:id/urlsAccess Model
Related Issues
Closes #
Testing
Targeted tests cover graph extraction, connector clients, repository URL imports, file proxying, code manifests, repository sync workflows, migration compatibility, webhooks, API routes, and frontend API helpers.
Checklist
make generateif SQL queries were modified (backend)Screenshots (if applicable)
Connector UI is intentionally deferred to a frontend follow-up issue.