chore: release v3.9.2

[carlos-alm]

Summary

• Bump version to 3.9.2
• Add CHANGELOG entry for all commits since v3.9.1
• Update ROADMAP: version header, Phase 8.6 progress (resolution benchmark v2, dynamic tracing, precision/recall CI gate), fix Phase 10.1 version references (v3.10.0 → v3.9.1)
• Restore missing libc fields in package-lock.json Linux entries
• Update BACKLOG date

Test plan

• npm install succeeds with updated lock file
• CHANGELOG renders correctly on GitHub
• ROADMAP checklist items match actual codebase state

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review Complete ⚠️ Request Changes

Critical Issues Found

🚨 BLOCKING ISSUE: Native binary version mismatch

This release PR has a critical packaging bug that will break the native engine for all users:

// package.json shows v3.9.2 BUT:
"optionalDependencies": {
  "@optave/codegraph-darwin-arm64": "3.9.1",     // ❌ Should be 3.9.2
  "@optave/codegraph-darwin-x64": "3.9.1",       // ❌ Should be 3.9.2
  "@optave/codegraph-linux-arm64-gnu": "3.9.1",  // ❌ Should be 3.9.2
  // ... all platform binaries are stuck at 3.9.1
}

Why this is critical: The changelog specifically mentions native engine fixes for incremental rebuild regression and engine parity bugs. Users installing v3.9.2 would get v3.9.1 native binaries, missing these performance-critical fixes.

Root cause: The scripts/sync-native-versions.ts should have automatically updated these via the npm version hook, but it failed to execute properly during release preparation.

---

Root Cause Analysis

Problem Being Solved: Legitimate v3.9.2 release documenting bug fixes and performance improvements since v3.9.1
Why This Approach: Standard commit-and-tag-version release workflow
Risk Assessment: HIGH RISK due to packaging bug that would ship mismatched binaries

Backlog Compliance

• Zero-dep: ✓ — No new runtime dependencies
• Foundation-aligned: ✓ — Standard release process
• Problem-fit: 3 — Release maintenance (necessary but doesn't directly address core user problem)
• Breaking: No — Patch release with fixes only
• Tier: 1

Critical Concerns

1. Native binary version mismatch — All @optave/codegraph-* optionalDependencies must be updated to v3.9.2
2. The PR description mentions the fix but shows it wasn't applied properly
3. This would cause a regression where users think they have v3.9.2 performance fixes but actually get v3.9.1 binaries

Final Recommendation

• Rating: ⭐⭐☆☆☆ (2/5)
• Action: REQUEST CHANGES
• Reasoning: Critical packaging bug must be fixed before merge. The native version sync script failed and needs to be re-run, or the optionalDependencies must be manually updated to v3.9.2.

Fix required: Update all @optave/codegraph-* versions in optionalDependencies from "3.9.1" to "3.9.2" to match the main package version.

---

[greptile-apps]

Greptile Summary

This is a standard v3.9.2 release PR bumping versions across package.json, package-lock.json, and Cargo.toml, adding a CHANGELOG entry, updating the ROADMAP with Phase 8.6 progress and corrected Phase 10.1 version references, and restoring missing libc fields in the lock file.

• P1: optionalDependencies in package.json (and the resolved entries in package-lock.json) still pin all six native platform packages to 3.9.1 instead of 3.9.2. Since this release includes native engine bug fixes (confidence-aware dedup, incremental rebuild regression), users installing @optave/codegraph@3.9.2 will load the old 3.9.1 native binary and miss those fixes. The scripts/sync-native-versions.ts lifecycle hook should have updated these automatically but did not.

Confidence Score: 4/5

Hold for fix: native optionalDependencies must be updated to 3.9.2 before publish

One P1 defect: native platform packages pinned to 3.9.1 means the native engine bug fixes in this release will not be installed by consumers. All other changes (CHANGELOG, ROADMAP, BACKLOG, Cargo.toml, lock file libc restoration) are correct. Score is 4 because the defect is easily fixed but must be resolved before merging/publishing.

package.json (optionalDependencies version mismatch) and package-lock.json (resolved entries and root optionalDependencies block for all @optave/codegraph-{platform} packages)

Important Files Changed

Filename	Overview
package.json	Version bumped to 3.9.2 but optionalDependencies for all 6 native platform binaries still reference 3.9.1, preventing native engine bug fixes from being delivered
package-lock.json	Root version bumped to 3.9.2; libc fields restored to Linux entries; native platform package resolved entries still at 3.9.1 (matching the stale optionalDependencies)
crates/codegraph-core/Cargo.toml	Native Rust engine version correctly bumped from 3.9.1 to 3.9.2
CHANGELOG.md	3.9.2 entry added covering native dedup fix, performance improvements, and benchmark expansion
docs/roadmap/ROADMAP.md	Version header updated to 3.9.2; Phase 8.6 progress documented; Phase 10.1 version references corrected from v3.10.0 to v3.9.1
docs/roadmap/BACKLOG.md	Last-updated date bumped from 2026-04-05 to 2026-04-06

Sequence Diagram

sequenceDiagram
    participant Dev as Developer
    participant NPM as npm registry
    participant User as End User

    Dev->>NPM: publish @optave/codegraph-linux-x64-gnu@3.9.2 (native fix)
    Dev->>NPM: publish @optave/codegraph@3.9.2
    Note over NPM: optionalDeps still pin 3.9.1
    User->>NPM: npm install @optave/codegraph@3.9.2
    NPM-->>User: @optave/codegraph@3.9.2 (JS)
    NPM-->>User: @optave/codegraph-linux-x64-gnu@3.9.1 (OLD native binary)
    Note over User: Native dedup & rebuild fixes are missing

Loading

Comments Outside Diff (1)

1. package.json, line 132-139 (link)

   Native platform packages not bumped to 3.9.2

   All six optionalDependencies entries for native platform binaries still pin to 3.9.1 despite the main package version being 3.9.2. This release contains native Rust engine fixes (confidence-aware dedup for engine parity, incremental rebuild regression) — users who install @optave/codegraph@3.9.2 will load the 3.9.1 native binary and silently miss those fixes. scripts/sync-native-versions.ts (the version lifecycle hook) reads pkg.version and should rewrite these to 3.9.2, but the output of that script is not reflected here. The same stale version appears in the root optionalDependencies block and the resolved node_modules/@optave/codegraph-{platform} entries of package-lock.json.

_{Reviews (1): Last reviewed commit: "chore: release v3.9.2" | Re-trigger Greptile}