chore(deps): bump @optave/codegraph-darwin-x64 from 3.9.3 to 3.9.4

[dependabot]

Bumps @optave/codegraph-darwin-x64 from 3.9.3 to 3.9.4.

Release notes

Sourced from @​optave/codegraph-darwin-x64's releases.

v3.9.4

Resolution accuracy and incremental-build reliability. The JS/TS extractor now resolves named function references passed as callback arguments — Express middleware, event handlers, Array.map/.filter/.then callbacks, and destructured handler bindings are tracked as real call edges instead of appearing as dead code. On a 1 895-file TypeScript monorepo this surfaced 21 previously-invisible callers of a single auth middleware. A version-mismatch bug that silently forced every native incremental build into a full 5.8s rebuild is fixed — no-op rebuilds now exit in ~200ms. Three WASM incremental-build bugs are also fixed: edge loss during reverse-dep purges, unnecessary reparses, and a V8 crash during GC of orphaned WASM trees. Fan-in/out and import counts are now consistent between full and incremental build paths.

Bug Fixes

• js-extractor: resolve named function references passed as arguments — middleware, callback, and handler references emit dynamic call edges; destructured bindings from factory calls emit function definitions, eliminating false "dead-unresolved" results for functions passed by reference (#947)
• wasm: resolve incremental edge loss, unnecessary reparses, and V8 crash — save-and-reconnect approach preserves edges without reparsing reverse-dep files; error-path tree cleanup prevents GC crashes (#938)
• native: resolve version-mismatch that broke incremental builds — no-op rebuild dropped from 5.8s to 214ms (#928, #930)
• structure: reconcile import_count semantics between fast path and full path — both paths now consistently count distinct imported files (#942)
• include imports-type in fast-path fan_in/fan_out queries — aligns incremental metrics with full-build behavior for files with type-only imports (#948)
• rust: fix test compilation errors in extractor tests — renamed Import.path → Import.source and missing build_import_edges arguments (#950)
• ci: add resilience to Claude Code workflow for fork branch races — concurrency groups and pre-flight branch verification with 3 retries (#949)

Performance

• native: port full-build structure computation to Rust — eliminates JS DB round-trip through reconstructFileSymbolsFromDb() on full builds (#937)
• native: defer NativeDatabase.openReadWrite until after change detection — saves ~60ms on every incremental build invocation, no-op builds exit before opening native connection (#939)
• native: raise native edge-building threshold to smallFilesThreshold — small incrementals (≤5 files) use JS edge path to avoid napi-rs marshaling overhead (#940)

Chores

• disable adaptive thinking via CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING env var (#943)

Changelog

Sourced from @​optave/codegraph-darwin-x64's changelog.

3.9.4 (2026-04-17)

Resolution accuracy and incremental-build reliability. The JS/TS extractor now resolves named function references passed as callback arguments — Express middleware, event handlers, Array.map/.filter/.then callbacks, and destructured handler bindings are tracked as real call edges instead of appearing as dead code. On a 1 895-file TypeScript monorepo this surfaced 21 previously-invisible callers of a single auth middleware. A version-mismatch bug that silently forced every native incremental build into a full 5.8s rebuild is fixed — no-op rebuilds now exit in ~200ms. Three WASM incremental-build bugs are also fixed: edge loss during reverse-dep purges, unnecessary reparses, and a V8 crash during GC of orphaned WASM trees. Fan-in/out and import counts are now consistent between full and incremental build paths.

Bug Fixes

• js-extractor: resolve named function references passed as arguments — middleware, callback, and handler references emit dynamic call edges; destructured bindings from factory calls emit function definitions, eliminating false "dead-unresolved" results for functions passed by reference (#947)
• wasm: resolve incremental edge loss, unnecessary reparses, and V8 crash — save-and-reconnect approach preserves edges without reparsing reverse-dep files; error-path tree cleanup prevents GC crashes (#938)
• native: resolve version-mismatch that broke incremental builds — no-op rebuild dropped from 5.8s to 214ms (#928, #930)
• structure: reconcile import_count semantics between fast path and full path — both paths now consistently count distinct imported files (#942)
• include imports-type in fast-path fan_in/fan_out queries — aligns incremental metrics with full-build behavior for files with type-only imports (#948)
• rust: fix test compilation errors in extractor tests — renamed Import.path → Import.source and missing build_import_edges arguments (#950)
• ci: add resilience to Claude Code workflow for fork branch races — concurrency groups and pre-flight branch verification with 3 retries (#949)

Performance

• native: port full-build structure computation to Rust — eliminates JS DB round-trip through reconstructFileSymbolsFromDb() on full builds (#937)
• native: defer NativeDatabase.openReadWrite until after change detection — saves ~60ms on every incremental build invocation, no-op builds exit before opening native connection (#939)
• native: raise native edge-building threshold to smallFilesThreshold — small incrementals (≤5 files) use JS edge path to avoid napi-rs marshaling overhead (#940)

Chores

• disable adaptive thinking via CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING env var (#943)

Commits

• 6fa49a8 docs: prepare release notes for v3.9.4 (#952)
• 7244dbf fix(ci): split impact workflow for fork PR compatibility (#951)
• 7a47ce2 feat(js-extractor): resolve named function references passed as arguments (#947)
• b961d1c fix(ci): add resilience to Claude Code workflow for fork branch races (#949)
• 3640e51 fix: include imports-type in fast-path fan_in/fan_out queries (#948)
• e1c0d66 fix(rust): fix test compilation errors and add verification rule to CLAUDE.md...
• 01d7f8a docs(backlog): add Weft-inspired items #103 and #104 (#945)
• 5c986f4 chore: disable adaptive thinking via env var (#943)
• 060685f fix(structure): reconcile import_count semantics between fast path and full p...
• a770c23 perf(native): defer NativeDatabase.openReadWrite until after change detection...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

Greptile Summary

This Dependabot PR bumps @optave/codegraph-darwin-x64 from 3.9.3 to 3.9.4, a patch release with bug fixes for incremental build reliability, JS/TS extractor accuracy, and WASM edge handling. The package.json change is clean, but the regenerated package-lock.json contains two anomalies worth verifying before merging:

• @optave/codegraph-darwin-x64 now appears in the root dependencies block of the lock file in addition to optionalDependencies — inconsistent with package.json which only declares it optional.
• The libc field was stripped from three unrelated Linux packages (codegraph-linux-arm64-gnu, codegraph-linux-x64-gnu, codegraph-linux-x64-musl), which npm uses to filter ABI-incompatible native binaries on musl vs. glibc systems.

Confidence Score: 3/5

The lock file contains two unintended changes that could silently break Linux builds or force-install a platform-specific binary as required; needs verification before merging.

Two P1 findings in the lock file — darwin-x64 listed under required dependencies (not just optional) and libc constraints dropped from Linux packages — go beyond a normal Dependabot version bump and could cause CI failures or wrong-binary installation on non-macOS environments. These warrant a manual review of the regenerated lock file before merging.

package-lock.json — both the root package dependencies block and the linux native package entries need attention.

Important Files Changed

Filename	Overview
package.json	Bumps @optave/codegraph-darwin-x64 from 3.9.3 to 3.9.4 in optionalDependencies — change is correct and minimal.
package-lock.json	darwin-x64 unexpectedly appears in root dependencies (not just optionalDependencies); libc constraints removed from three unrelated Linux packages, risking wrong-binary installation on musl/glibc systems.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[npm install] --> B{Platform check}
    B -->|darwin x64| C[codegraph-darwin-x64 v3.9.4 installed as optional]
    B -->|darwin arm64| D[codegraph-darwin-arm64 v3.9.3]
    B -->|linux x64| E{libc check}
    E -->|glibc - before PR| F[codegraph-linux-x64-gnu]
    E -->|musl - before PR| G[codegraph-linux-x64-musl]
    E -->|libc field REMOVED| H[Both packages may install regardless of libc variant]
    C --> I[WARNING: lock file lists darwin-x64 in dependencies AND optionalDependencies]

Loading

Comments Outside Diff (1)

1. package-lock.json, line 1314-1346 (link)

   libc field silently removed from unrelated Linux packages

   The libc constraint was removed from @optave/codegraph-linux-arm64-gnu, @optave/codegraph-linux-x64-gnu, and @optave/codegraph-linux-x64-musl — none of which are part of this bump. npm uses the libc field to skip installation of ABI-incompatible binaries (e.g. glibc-linked .node files on Alpine/musl). Without it, the wrong native binary could be installed and silently fail to load at runtime on musl-based Linux environments. These entries should not have changed as part of a darwin-x64 only version bump, suggesting the lock file may have been regenerated with a different npm version.

   

_{Reviews (1): Last reviewed commit: "chore(deps): bump @optave/codegraph-darw..." | Re-trigger Greptile}

[greptile-apps]

darwin-x64 added to required dependencies in lock file root entry

@optave/codegraph-darwin-x64 now appears in both the root dependencies block and optionalDependencies in package-lock.json, but package.json only lists it under optionalDependencies. In npm lockfile v3 format, an optional-only dependency should not appear in the dependencies object of the root package entry — only in optionalDependencies. This duplication is unusual and may cause npm to treat the darwin-x64 native binary as a hard requirement on non-macOS/x64 environments, potentially failing CI on Linux runners or Windows.

[dependabot]

Looks like @optave/codegraph-darwin-x64 is up-to-date now, so this is no longer needed.