Conversation
Benchmark Regression ReportThresholds: 10.00% and 50,000 ns absolute delta
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: aaa398b404
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| // leak into the parent's stdio (which is the MCP transport). | ||
| const result = cio.runCapture(.{ | ||
| .allocator = std.heap.page_allocator, | ||
| .argv = &.{ "sh", "-c", "curl -fsSL " ++ auto_update_install_url ++ " | bash" }, |
There was a problem hiding this comment.
The new auto-update worker runs sh -c "curl ... | bash", which executes whatever script is served at runtime and bypasses the binary+checksum verification path already implemented in update.run. Because this now runs automatically on codedb mcp startup, a compromised distribution endpoint (or any unexpected script change) becomes automatic arbitrary code execution on user machines, not a user-initiated update action.
Useful? React with 👍 / 👎.
Comment on lines
+1162
to
+1167
| if (!fallback_attempted and cio.milliTimestamp() - t0 >= fallback_after_ms) { | ||
| fallback_attempted = true; | ||
| // Client never sent indexable roots — fall back to cwd so the | ||
| // server doesn't sit in loading_snapshot forever. | ||
| const empty_roots: []const mcp_server.Root = &.{}; | ||
| _ = mcp_server.triggerDeferredScanWithFallback(ctx, empty_roots, ctx.fallback_cwd); |
There was a problem hiding this comment.
The deferred watcher forces a fallback scan after 3 seconds regardless of whether a roots-capable client is still in the middle of roots/list; once this fires, ds.triggered is set and later real roots are ignored. In sessions where the client responds after 3s and the server cwd is indexable but not the actual workspace, MCP tools will index/search the wrong project for the lifetime of that process.
Useful? React with 👍 / 👎.
…upport Replaces v0.2.5799's "eager-load when cwd is policy-allowed" approach, which raced the client's roots/list reply and silently ignored editor launchers that point at a workspace different from the launcher cwd. Now: cwd-launched mcp always uses deferred mode, but the trigger fires fast — on notifications/initialized for clients that don't advertise the roots capability (immediately falling back to cwd), and via parseRoots when client roots arrive otherwise. The watchdog stays as the safety net for clients that go silent. Net effect: no loading_snapshot stall in the common path, AND editor launchers that point at a different workspace via roots/list get the right index. Includes signed + notarized binaries for the v0.2.5799 release. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> (cherry picked from commit d4f55b0)
…UPDATE On `codedb mcp` startup, fire a detached background thread that pipes `curl -fsSL https://codedb.codegraff.com/install.sh | bash`. The check is throttled to once per 24 hours (tracked in ~/.codedb/last_auto_update_check as an i64 LE unix-ms stamp), and is disabled entirely when the CODEDB_NO_AUTO_UPDATE env var is set. The detached thread means startup is never blocked. The kernel keeps the running binary's inode mapped if the install script replaces the file mid-session, so existing MCP sessions stay healthy and the next invocation gets the upgraded binary. Includes signed + notarized binaries for the v0.2.5799 release. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> (cherry picked from commit be37075)
…ure-timestamp stamp A future timestamp in ~/.codedb/last_auto_update_check (e.g. after an NTP backward jump or a stamp written by a host with a faster clock) makes shouldRunAutoUpdate compute a negative delta, which is always less than the 24h throttle. The auto-update check is then silently skipped until the wall clock catches up — potentially for many days. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…rupt stamp If ~/.codedb/last_auto_update_check decodes to a very negative i64 (e.g. minInt — any byte sequence starting with the high bit set), readAutoUpdateStamp returns it as-is and shouldRunAutoUpdate computes `now_ms - last` with a checked subtraction that overflows, panicking the auto-update gate on every `codedb mcp` startup. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Adds triggerDeferredScanWithFallback helper that fires the deferred scan with the first indexable root, or with a policy-checked cwd fallback when none are available. parseRoots now uses the helper, so empty roots / all-denied-roots responses no longer leave the server stuck in loading_snapshot. watcherDeferredLoop also calls the helper after a 3 s timeout, so clients that don't advertise the roots capability or never reply to roots/list still get scanned automatically instead of forever showing "scan still in progress (state=loading_snapshot)". Closes #384 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> (cherry picked from commit 96d4574)
#402, #403) - #402: a stamp file with a timestamp in the future (clock skew, NTP rollback, faster-clock host writing the stamp) used to silently block every check until wall-clock caught up. Now treated as invalid: returns true so the check fires. - #403: a stamp decoded as a deeply-negative i64 (e.g. minInt(i64) from a corrupted 8-byte stamp) used to panic with integer overflow on the `now - last` subtraction in Debug/ReleaseSafe, crashing codedb mcp startup until the user manually deleted the file. Subtraction now runs in i128 so the magnitude can't overflow; the result is then compared against the throttle window. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
justrach
force-pushed
the
fix/forward-port-auto-updater
branch
from
aaa398b to
4714195
Compare
Benchmark Regression ReportThresholds: 10.00% and 50,000 ns absolute delta
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v0.2.5800 accidentally regressed the auto-updater feature (it lived only on
release/v0.2.5799, never landed on main). This PR forward-ports it and fixes the two p0/p2 bugs found in the recent audit.Summary
release/v0.2.5799:fix(mcp): never eager-load at startup; gate trigger on client roots support(replaces v0.2.5799's brittle eager-load approach with deferred + roots gating)fix(mcp): deferred scan falls back to cwd when no roots arrive(the helper the above relies on)feat(update): auto-update on mcp startup; opt-out via CODEDB_NO_AUTO_UPDATEnow - last; subtraction runs in i128.Test plan
zig build test— issue-394 + issue-395 tests pass; full suite green (461/461).🤖 Generated with Claude Code