Releases: dvcdsys/code-index
v0.3.0
What's Changed
Full Changelog: v0.2.7...v0.3.0
Contributors
Assets 7
Server v0.3.0 (Go primary)
First Go-primary server release.
Highlights
- Python → Go migration complete (T1–T8). Prod running on the new image healthy on 2026-04-25.
- New endpoint:
POST /api/v1/projects/{path}/index/cancel(idempotent — used by the CLI watcher's stale-session guard). - Schema migration fix:
path_hashindex creation moved out ofSchemaDDL intomigratePathHashso pre-m7 databases migrate cleanly. AddedTestOpenMigratesPreM7DBregression test. - Go toolchain bumped to 1.25.9 (clears 17 stdlib CVEs surfaced by govulncheck).
- CUDA image hardened:
distroless/cc-debian13:nonrootbase + CUDA libs fromnvidia/cuda:12.8.1-base-ubuntu24.04. 0 HIGH/CRITICAL on Docker Scout. - CI:
server/bench/excluded from Trivy fs scan (Phase 0 PoC module, not shipped in the binary).
Docker images
| Tag | Platform | Size | Digest |
|---|---|---|---|
dvcdsys/code-index:0.3.0 |
linux/amd64, linux/arm64 | ~20 MB | sha256:f6221e104a40 |
dvcdsys/code-index:0.3.0-cu128 |
linux/amd64 | ~1.0 GB | sha256:049476876098 (linux/amd64 manifest: 311a5836533e) |
dvcdsys/code-index:latest |
linux/amd64, linux/arm64 | ~20 MB | (alias of 0.3.0) |
dvcdsys/code-index:cu128 |
linux/amd64 | ~1.0 GB | (alias of 0.3.0-cu128) |
Notes
- The release-server.yml workflow run for this tag failed due to missing repo secrets
DOCKER_USERNAME/DOCKER_PASSWORD. The images above were built and pushed manually with the same Dockerfiles + VERSION arg the workflow would have used. Add those secrets to the repo and re-run the workflow if you want the audit trail / signed attestations on Docker Hub for future tags. - See doc/MIGRATION_FROM_PYTHON.md for upgrade notes.
v0.2.7
v0.2.6
What's Changed
- fix(security): upgrade pyjwt to >=2.12.0 to fix CVE-2026-32597 by @dvcdsys in #18
- fix(cli): config legacy key migration + watcher branch switch detection by @dvcdsys in #19
Full Changelog: v0.2.5...v0.2.6
Contributors
Assets 7
v0.2.5
What's Changed
- Bump actions/upload-artifact from 4 to 7 by @dependabot[bot] in #12
- Bump actions/setup-go from 5 to 6 by @dependabot[bot] in #10
- Bump actions/checkout from 4 to 6 by @dependabot[bot] in #9
- Bump actions/download-artifact from 4 to 8 by @dependabot[bot] in #8
New Contributors
- @dependabot[bot] made their first contribution in #12
Full Changelog: v0.2.4...v0.2.5
Contributors
Assets 7
v0.2.4
What's changed
Breaking change (for self-hosters)
Replaced unmaintained tree_sitter_languages with individual tree-sitter-* packages. The package is incompatible with tree-sitter >=0.22 — this migration unblocks future upgrades and adds support for tree-sitter 0.24–0.25.
New features
- 46 languages supported via individual packages (up from the 6 that were actually working)
- Dockerfile, Makefile, CMakeLists.txt detected by filename (no extension needed)
- Added Zig, Julia, Fortran, ObjC, CommonLisp, GraphQL, Regex to extension map
Fixes
- All structured languages now produce
function/class/method/typechunks — no more silent fallback to sliding-window blocks - Removed unused
TREESITTER_SUPPORTEDconstant fromlanguage.py
Testing
- Added
TestTreeSitterIntegration— catches tree-sitter API incompatibility at load time - Added
TestChunkerMultiLanguage— verifies structured parsing for Python, Go, TypeScript, JavaScript, Rust, Java - E2E verified on CUDA container (RTX 3090, tree-sitter 0.25.2): 6 files → 23 structured chunks, zero fallback
What's Changed
- fix: use semver-based latest detection for releases by @dvcdsys in #6
- fix: rebuild CUDA image to patch CVEs, migrate to multi-stage build by @dvcdsys in #14
- fix: migrate CPU Docker image to Ubuntu 24.04, eliminate CUDA bloat by @dvcdsys in #15
- ci: add security scanning workflow (pip-audit + trivy) by @dvcdsys in #16
Full Changelog: v0.2.2...v0.2.4
Contributors
Assets 7
v0.2.3
Fix: macOS file descriptor exhaustion in cix watch
v0.2.1 macOS binaries were built with CGO_ENABLED=0, causing the watcher to fall back to kqueue (30,000+ FDs). This release builds macOS binaries on macos-latest with CGO_ENABLED=1, enabling FSEvents
(~10 FDs per project).
If you installed v0.2.1 and still see high FD usage, upgrade:
curl -fsSL https://raw.githubusercontent.com/dvcdsys/code-index/main/install.sh | bash
cix watch stop --all
cix watch
Full Changelog: v0.2.1...v0.2.3
v0.2.2
Full Changelog: v0.2.1...v0.2.2
v0.2.1
Fix: file descriptor exhaustion on macOS
The file watcher (cix watch) previously used fsnotify, which relies on kqueue on macOS — opening one file descriptor per watched file. With multiple projects this could reach 7000+ FDs, causing system
instability and even reboots.
Replaced with rjeczalik/notify which uses native OS APIs:
- macOS: FSEvents — 1 FD for the entire recursive watch tree (down from hundreds)
- Linux: inotify — 1 FD per inotify instance
Measured improvement: 10 FDs per watched project vs ~200 previously.
New: binary file detection by content
Files are now detected as binary using http.DetectContentType (MIME sniffing on first 512 bytes), not just by extension. This catches extensionless binaries like compiled executables in build/ directories.
Full Changelog: v0.2.0...v0.2.1
v0.2.0
Per-project filtering: .cixignore and .cixconfig.yaml
- .cixignore — gitignore-style file to exclude paths from indexing. Supports full gitignore syntax, nested files, and is merged with .gitignore rules.
- .cixconfig.yaml — per-project configuration. First supported option: ignore.submodules: true — automatically excludes all git submodule paths by parsing .gitmodules (no git binary required).
- File watcher triggers full reindex on .cixignore or .cixconfig.yaml changes.
- .cixignore, .cixconfig.yaml, and .gitmodules are excluded from the index itself.
Full Changelog: v0.1.2...v0.2.0