CKB v9.1.0

Highlights

LIP v2.1 integration — three new RPCs wired into the query engine:

• stream_context → explainFile surfaces semantically-related symbols (top 10, 2048-token budget)
• query_expansion → searchSymbols expands short queries (≤ 2 tokens) with up to 5 related terms for better recall
• explain_match → semantic search hits carry evidence chunks with line ranges and per-chunk scores

LIP index status UX — ckb review now warns when the LIP daemon is reachable but has no index, with an actionable lip index <repo> hint. Suppressed in --ci.

Push-driven LIP health — Engine opens a long-lived connection to the daemon instead of polling on 60s TTL. Worst-case staleness drops from 60s to ~3s.

Fixes

• Bug-pattern false positive on sync.Mutex.Lock() — removed Lock from error-returning heuristic
• err shadowing in subscribe.go eliminated (4 sites)

CI & Review improvements

• ckb review --no-auto-fetch for air-gapped pipelines
• Auth-error detection on auto-fetch with clear remediation guidance
• NoAutoFetch parity on summarizePr / summarizeDiff endpoints
• Shallow-clone auto-fetch for CI environments

Full changelog: https://github.com/SimplyLiz/CodeMCP/blob/main/CHANGELOG.md

Tested with LIP v2.1.1.

CKB v9.0.0

What's New

LIP v2.0 Semantic Integration

CKB now speaks the correct LIP v2.0 wire protocol ("type" discriminator, snake_case variants) and exposes 25 new functions. Key tool upgrades:

• reviewPR — semantic-novelty check flags changed files with novelty score ≥ 0.7 (may lack test coverage)
• getAffectedTests — NearestByFileFiltered("*_test.go") finds semantically proximate tests that aren't connected via the SCIP import graph
• explainFile — FindBoundaries appends a semantic_boundaries section with per-region shift magnitudes
• getArchitecture — SimilarityMatrix + GetCentroid add a semantic_coupling matrix across modules
• doctor — shows LIP coverage %, stale embeddings count, and model provenance

All LIP calls degrade silently — no errors or config required when LIP is not running.

Setup

cargo install lip-cli
LIP_EMBEDDING_URL=http://localhost:11434/v1/embeddings \
LIP_EMBEDDING_MODEL=nomic-embed-text \
lip daemon --socket ~/.local/share/lip/lip.sock
lip index .

See Hybrid-Retrieval for details.

Performance Scanning

New ckb perf structural command and analyzePerf MCP tool. Spec for 6 checkers (n1-queries, resource-leaks, unbounded-growth, large-copies, lock-scope, error-drain) at docs/specs/performance-scanning.md.

Bulk Index Optimizations

Parallel SCIP load, O(n) caller index (was O(n²)), streaming FTS populate, mmap on Linux/macOS.

---

See CHANGELOG.md for the full list.

CKB v8.3.0

Changelog

Features

• d505dd5 feat: Address 5 items from external technical review
• 434a37c feat: Detect languages in subdirectories, support monorepo indexing
• 4d28b07 feat: Detect languages in subdirectories, support monorepo indexing
• 7f7433f feat: token-optimized review skill with early exit and targeted reads (#182)
• 1cae8fc feat: v8.3 — compliance audit, MCP tools, bug-pattern FP fixes (#183)

Bug Fixes

• f791f77 fix(deps): Bump @tastehub/ckb-darwin-arm64 from 8.1.0 to 8.2.0 in /npm (#178)
• b992e5b fix(deps): Bump @tastehub/ckb-darwin-x64 from 8.1.0 to 8.2.0 in /npm (#179)
• 0261932 fix(deps): Bump @tastehub/ckb-linux-arm64 from 8.1.0 to 8.2.0 in /npm (#175)
• 7c5d87c fix(deps): Bump @tastehub/ckb-linux-x64 from 8.1.0 to 8.2.0 in /npm (#177)
• 7bb05a3 fix(deps): Bump @tastehub/ckb-win32-x64 from 8.1.0 to 8.2.0 in /npm (#176)
• cf67be3 fix(deps): bump the go-deps group across 1 directory with 2 updates (#188)
• f5e3535 fix: Address 3 issues from windup PR analysis
• 89b292b fix: Fix 3 bugs found testing on ShellAI repo
• c4261c8 fix: generated file detection, check summary reconciliation, glob matching (#181)
• 6f4c792 fix: gofmt review_test.go
• bf28787 fix: tighten review skill early-exit criteria and add blind spots section (#184)

Others

• 16fad6f Fix false positives in review checks (#174)
• ef273f4 Merge develop into main: ShellAI test fixes
• b4c6bca Merge remote-tracking branch 'origin/main' into develop
• 47da5b3 release: v8.3.0 (#189)

CKB v8.2.0

Changelog

Features

• daed8cf feat: Add --lint-report flag to deduplicate findings against SARIF
• 224320a feat: Add LLM FP triage, PR posting, feedback learning, skill shipping
• f5838af feat: Add Large PR Intelligence — Batch 3
• d23d369 feat: Add code health, baselines, compliance, CI/CD formats — Batches 4-7
• 22b3a8e feat: Add comment-drift, format-consistency checks and enhance existing review checks
• de69cf1 feat: Add review engine v8.4 — HoldTheLine, bug-patterns, LLM narrative
• f1437e4 feat: Add unified PR review engine (ckb review) — MVP Batch 1+2
• 08f4b01 feat: Auto-resolve active repository from file paths in MCP tool params
• a621676 feat: Reduce review noise, add multi-provider LLM, compact MCP mode
• a5e8894 feat: Wire dead-code, test-gaps, blast-radius checks and --staged/--scope into review

Bug Fixes

• 4550ffb fix(deps): bump the go-deps group with 2 updates
• be97882 fix: Add missing SCORE env var in CI, omitempty on reviewers JSON field
• 0e9fcde fix: Address review findings — health scoring, format constants, API tests
• 1db8266 fix: Annotate all gosec G115 integer overflow false positives
• 1e6f48c fix: Annotate remaining gosec G304/G306 path traversal false positives
• 148c598 fix: Bump Go 1.26.0→1.26.1 (4 stdlib CVEs), fix download-artifact SHA
• f185889 fix: Bump Go to 1.24.13 and add tests for repo resolver/engine cache
• f13bcee fix: Bump Go to 1.26.0 and exclude G703 from gosec security gate
• 0fbf748 fix: Eliminate O(N) GetHotspots/GetOwnership calls causing review hang
• 06bdda6 fix: Eliminate dead-code FP, show test-gap details, fix config merge
• 471702a fix: Fix 4 bugs found by CKB review, add marketing docs
• fdb6503 fix: Fix lint errors, remove dead code, tighten file permissions
• c256a69 fix: Fix non-CGO build for v8.2.0 release
• c28bd90 fix: Harden action.yml, cap score deductions, clean up dead code
• ecc1e49 fix: Make pr-review job resilient to upstream CI failures
• 68139c7 fix: Make review output useful for large PRs (600+ files)
• e9db780 fix: Overhaul review formatter output and update CI workflows
• 5b22e63 fix: Re-enable Homebrew upload, add token validation to release workflow
• aa0a617 fix: Reduce review noise — secrets false positives, coupling CI spam, unclamped risk
• c59409d fix: Render Top Risks in markdown review, fix null reviewers fallback
• 33f5896 fix: Resolve remaining gosec findings (rune bugs + annotations)
• f50f2bb fix: Serialize tree-sitter checks, fix SARIF compliance, harden inputs
• d8d3ed2 fix: Skip Homebrew tap upload (token expired)
• 019ef6e fix: Sort findings by tier before budget cap, enrich reviewer routing
• eb3a2bc fix: Update index metadata after incremental refresh and ignore untracked files in repo state
• 65f565c fix: Use /v1/tokens endpoint for npm token validation
• 7688190 fix: Use correct gosec rule IDs (G703/G122) for nosec annotations

Documentation

• 3c10ef7 docs: Add review architecture SVG, update CLAUDE.md for 17 checks
• 88cb5d1 docs: Add v8.2.0 changelog
• 3155d99 docs: Update CLAUDE.md and fix reviewPR tool description, reuse analyzer

Others

• f271bb8 ci(deps): bump the actions group across 1 directory with 7 updates
• e5e2f0e ci: Add PR review to CI pipeline, add example workflow
• 11b2765 ci: Add review engine test job to CI pipeline
• 616184c perf: Break tree-sitter serialization, batch git ops, cache hotspot scores
• 0d654a1 perf: Cut health check subprocess calls by ~60%, add cancellation
• 8d7c179 security: Reject path traversal in repo IDs, sanitize error responses
• cef1a49 security: Scope PR permissions, fix cancel-in-progress, pin action SHA
• 8d915b4 security: Upgrade docker/cli (CVE-2025-15558) and otel/sdk (CVE-2026-24051)

CKB v8.1.0

What's New

New Tools

• findCycles — Detect circular dependencies using Tarjan's SCC algorithm (module/directory/file granularity), with break-edge recommendations
• suggestRefactorings — Proactive refactoring suggestions covering complexity, coupling, dead code, and extract candidates
• prepareChange (move) — Move/relocate analysis with import tracking and conflict detection
• prepareChange (extract) — Tree-sitter flow analysis for extract variable/function with parameter/return detection and signature generation
• planRefactor — Unified refactoring planner combining risk assessment, impact analysis, test gaps, and ordered steps

Improvements

• Coverage configuration via .ckb/config.json (custom paths, auto-detect, max age)
• Orphaned index detection in ckb doctor
• Test mapping via ckb affected-tests
• --include-tests flag wiring for ckb impact diff
• Lazy engine loading and enriched error messages
• switchProject tool for multi-repo workflows

Bug Fixes

• Go 1.24.12 security update
• Improved doctor command error messages
• Disabled patch coverage check on main/develop branches

Stats

• 46 files changed, +6,425 lines
• 102 new tests
• All CI checks passing

Full Changelog: v8.0.6...v8.1.0

CKB v8.0.6

What's Changed

SCIP Index Path

• Breaking change: Default SCIP index location changed from .scip/index.scip to index.scip (repository root)
• This aligns with the Sourcegraph standard convention
• Existing .scip/index.scip files are automatically migrated on next ckb index

New Features

• Added ckb config set and ckb config get commands for runtime configuration

  ckb config set scip.indexPath index.scip
  ckb config get scip.indexPath

Bug Fixes

• Fixed --output flag not being passed to scip-typescript and scip-python indexers

Internal

• Refactored index command to use IndexerConfig.BuildCommand()
• Only add --output flag when using non-default index path

CKB v8.0.5

Changelog

Bug Fixes

• e177ef5 fix: set MaxOpenConns(1) for in-memory SQLite test databases

CKB v8.0.3

Fixed

MCP Registry Publishing

• Fixed mcpName casing in npm package.json to match GitHub username (io.github.SimplyLiz/ckb instead of io.github.simplyliz/ckb). The official MCP registry namespace verification is case-sensitive.

Added

MCP Registry server.json

Added server.json for publishing to the official MCP Registry via mcp-publisher. CKB is now listed as io.github.SimplyLiz/ckb.

Install

npm install -g @tastehub/ckb
# or
npx @tastehub/ckb mcp

CKB v8.0.2

Added

Grok Support in ckb setup

Grok is now a supported AI coding tool in the setup wizard:

ckb setup --tool=grok          # project-level (.grok/settings.json)
ckb setup --tool=grok --global # global (~/.grok/user-settings.json)

Uses grok mcp add CLI when available, falls back to file-based configuration.

MCP Registry Support

Added mcpName field to npm package.json for publishing to the official MCP Registry (io.github.simplyliz/ckb).

Compound Tool NFR Scenarios

NFR test suite expanded from 28 to 39 scenarios, adding coverage for v8.0 compound tools:

• explore (small, large)
• understand (small, large)
• prepareChange (small, large)
• batchGet (small, large)
• batchSearch (small, medium, large)

Changed

Dynamic NFR Baselines

NFR tests now compare PR results against the base branch (dynamic baseline) instead of static hardcoded values. Two parallel CI jobs run the tests on both HEAD and base, then a comparison job reports regressions.

NFR Tests Scope

NFR tests now only run on PRs targeting main, reducing CI noise on feature branches.

v8.0.1: UX Enhancements

v8.0.1: UX Enhancements

Improved

Human-Readable Output by Default

All CLI commands now default to --format=human instead of --format=json. This makes the CLI more friendly for interactive use while still supporting --format=json for scripting and automation.

Quieter Indexer Output

External SCIP indexers (scip-go, scip-typescript, etc.) no longer spam stdout during ckb index. Output is now captured and only shown on error or when using -v verbose mode.

Better Error Messages

• ckb dead-code now clearly indicates it's for telemetry-based analysis and suggests using ckb telemetry dead-code
• ckb impact diff no longer shows confusing "Symbol not found: diff" error; instead provides helpful guidance
• Symbol not found errors now suggest using ckb search to find valid symbol IDs

Index Missing Guidance

ckb status now shows helpful guidance when no SCIP index is found:

• Lists commands that work without index (git-based): hotspots, ownership, reviewers, diff-summary, pr-summary
• Lists commands that need SCIP index: search, refs, callgraph, impact, dead-code, trace, explain

Fixed

• Consistent --format=human support for diff-summary, concepts, and impact diff commands

---

Full Changelog: v8.0.0...v8.0.1