fix: community fix wave — 10 PRs, 7 contributors (v0.9.1)#65
Merged
Conversation
… content bombs, stdin guard 4 security vulnerabilities closed: - Search limit clamped to 100 (MAX_SEARCH_LIMIT) with statement_timeout 8s - Frontmatter slug authority enforced (path-derived, mismatch rejected) - Symlink traversal blocked (lstatSync in walker + importFromFile) - Content size guard on importFromContent (Buffer.byteLength, 5MB) - Stdin size guard in parseOpArgs (5MB cap) Search pagination added (--offset param on search + query operations). Clamp warning emitted when limit is capped. Co-Authored-By: garagon <garagon@users.noreply.github.com>
File-based advisory lock using atomic mkdir with PID tracking and 5-minute stale detection. Clear error messages show which process holds the lock and how to recover. Co-Authored-By: danbr <danbr@users.noreply.github.com>
CTE searchKeyword rewrite (SQL-level LIMIT, not JS splice). Write validation on addLink/addTag/addTimelineEntry/putRawData/createVersion. Health metrics now measure real problems (stale_pages, orphan_pages, dead_links). Orphan chunk cleanup on empty pages. Embedding error logging. contentHash now covers all PageInput fields. Stale embedding NULL'd when chunk_text changes (prevents wrong vector on new text). hybridSearch stops double-embedding query. MCP param validation. type/exclude_slugs search filters now work. pgcrypto extension for Postgres <13. Co-Authored-By: win4r <win4r@users.noreply.github.com>
Sliding worker pool (concurrency 20, tunable via GBRAIN_EMBED_CONCURRENCY). O(n²) chunk lookup in embedPage replaced with Map. gbrain ask alias for query (CLI-only, not in MCP tools-json). .idea added to .gitignore. Co-Authored-By: stephenhungg <stephenhungg@users.noreply.github.com> Co-Authored-By: sharziki <sharziki@users.noreply.github.com> Co-Authored-By: hnshah <hnshah@users.noreply.github.com> Co-Authored-By: doguabaris <doguabaris@users.noreply.github.com>
Community fix wave: 10 PRs, 7 contributors. 4 security fixes, PGLite crash fix, 12 data integrity fixes, 30x embed speedup, search pagination, ask alias. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This was referenced Apr 12, 2026
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Community fix wave: 10 PRs from 7 contributors, plus 2 bugs found during eng review (Codex outside voice) and 4 DX improvements from DX review.
Security (4 fixes, garagon):
MAX_SEARCH_LIMIT=100,clampSearchLimit(),statement_timeout: 8slstatSync+isSymbolicLink()in walker andimportFromFileBuffer.byteLengthguard onimportFromContentCrash fix (danbr):
mkdir, PID+age stale detection, 30s timeoutData integrity (12 fixes, win4r + Codex):
searchKeywordrewrite (SQL-level LIMIT, not JS splice)addLink/addTag/addTimelineEntry/putRawData/createVersionstale_pages,dead_links,orphan_pages) now measure real problemschunk_textchanges (Codex finding)contentHashnow covers allPageInputfieldshybridSearchstops double-embedding queryvalidateParamspre-checktype/exclude_slugssearch filters now workpgcryptoextension for Postgres < 13Performance (sharziki + stephenhungg):
embedAllspeedup: sliding worker pool (20 concurrent, tunable viaGBRAIN_EMBED_CONCURRENCY)embedPagereplaced withMapDX (hnshah + doguabaris + review findings):
gbrain askalias forquery(CLI-only)--offsetparam)v0.9.1.mdfor auto-update agent.ideaadded to.gitignoreClosed PRs:
Test Coverage
search-limit,import-walker,pglite-lock,embed, updatedimport-file,utils,cliPre-Landing Review
Eng review (CLEAR) + DX review (CLEAR, 7/10) + Codex outside voice (9 findings, 3 accepted).
Test plan
gbrain search "test" --limit 10000clamps to 100gbrain ask "test"behaves likegbrain query "test"gbrain --tools-jsondoes NOT include "ask"listPages({ limit: 100000 })still works (not clamped)🤖 Generated with Claude Code