DeusData
diff --git a/‎README.md‎
Lines changed: 24 additions & 6 deletions b/‎README.md‎
Lines changed: 24 additions & 6 deletions
diff --git a/‎cmd/codebase-memory-mcp/assets/skills/codebase-memory-reference/SKILL.md‎
Lines changed: 46 additions & 2 deletions b/‎cmd/codebase-memory-mcp/assets/skills/codebase-memory-reference/SKILL.md‎
Lines changed: 46 additions & 2 deletions
diff --git a/‎cmd/codebase-memory-mcp/assets/skills/codebase-memory-tracing/SKILL.md‎
Lines changed: 30 additions & 1 deletion b/‎cmd/codebase-memory-mcp/assets/skills/codebase-memory-tracing/SKILL.md‎
Lines changed: 30 additions & 1 deletion
diff --git a/‎cmd/codebase-memory-mcp/install.go‎
Lines changed: 136 additions & 1 deletion b/‎cmd/codebase-memory-mcp/install.go‎
Lines changed: 136 additions & 1 deletion
@@ -4,12 +4,14 @@
 
 Single Go binary. No Docker, no external databases, no API keys. One command to install, say *"Index this project"* — done.
 
-Parses source code with [tree-sitter](https://tree-sitter.github.io/tree-sitter/), extracts functions, classes, modules, call relationships, and cross-service HTTP links. Exposes the graph through 12 MCP tools for use with Claude Code, Codex CLI, or any MCP-compatible client. Also includes a **CLI mode** for direct tool invocation from the shell — no MCP client needed.
+Parses source code with [tree-sitter](https://tree-sitter.github.io/tree-sitter/), extracts functions, classes, modules, call relationships, and cross-service HTTP links. Exposes the graph through 14 MCP tools for use with Claude Code, Codex CLI, Cursor, Windsurf, or any MCP-compatible client. Also includes a **CLI mode** for direct tool invocation from the shell — no MCP client needed.
 
 ## Features
 
 - **35 languages**: Python, Go, JavaScript, TypeScript, TSX, Rust, Java, C++, C#, C, PHP, Lua, Scala, Kotlin, Ruby, Bash, Zig, Elixir, Haskell, OCaml, Objective-C, Swift, Dart, Perl, Groovy, Erlang, R, HTML, CSS, SCSS, YAML, TOML, HCL, SQL, Dockerfile
-- **One-command install**: `codebase-memory-mcp install` auto-detects Claude Code and Codex CLI, registers the MCP server, and installs task-specific skills
+- **Git diff impact mapping**: `detect_changes` maps uncommitted changes to affected graph symbols + blast radius with risk classification (CRITICAL/HIGH/MEDIUM/LOW)
+- **Risk-classified tracing**: `trace_call_path` with `risk_labels=true` adds impact classification to every node in the call chain
+- **One-command install**: `codebase-memory-mcp install` auto-detects Claude Code, Codex CLI, Cursor, and Windsurf, registers the MCP server, and installs task-specific skills
 - **Self-update**: `codebase-memory-mcp update` downloads the latest release, verifies checksums, and atomically swaps the binary
 - **Task-specific skills**: 4 skills (exploring, tracing, quality, reference) that prescribe exact tool sequences — Claude Code automatically uses graph tools instead of defaulting to grep
 - **Fast**: Sub-millisecond graph queries, incremental reindex 4x faster than full scan, optimized SQLite with LIKE pre-filtering for regex searches
@@ -84,7 +86,7 @@ Benchmarked on Apple M3 Pro, macOS Darwin 25.3.0:
 4. **Restart** Claude Code / Codex CLI
 5. Say **"Index this project"** — done.
 
-The `install` command auto-detects Claude Code and Codex CLI, registers the MCP server, installs 4 task-specific skills, and ensures the binary is on your PATH. Use `--dry-run` to preview without making changes.
+The `install` command auto-detects Claude Code, Codex CLI, Cursor, and Windsurf, registers the MCP server, installs 4 task-specific skills, and ensures the binary is on your PATH. Use `--dry-run` to preview without making changes.
 
 ### Keeping Up to Date
 
@@ -237,7 +239,7 @@ Add the MCP server to your project's `.mcp.json` (per-project, recommended) or `
 }
 ```
 
-Restart Claude Code after adding the config. Verify with `/mcp` — you should see `codebase-memory-mcp` listed with 12 tools.
+Restart Claude Code after adding the config. Verify with `/mcp` — you should see `codebase-memory-mcp` listed with 14 tools.
 
 </details>
 
@@ -330,7 +332,8 @@ The CLI uses the same SQLite database as the MCP server (`~/.cache/codebase-memo
 | Tool | Key Parameters | Description |
 |------|---------------|-------------|
 | `search_graph` | `label`, `name_pattern`, `project`, `file_pattern`, `relationship`, `direction`, `min_degree`, `max_degree`, `exclude_entry_points`, `limit` (default 100), `offset` | Structured search with filters. Use `project` to scope to a single repo when multiple are indexed. Supports pagination via `limit`/`offset` — response includes `has_more` and `total`. |
-| `trace_call_path` | `function_name` (required), `direction` (inbound/outbound/both), `depth` (1-5, default 3) | BFS traversal from/to a function (exact name match). Returns call chains with signatures, constants, and edge types. Capped at 200 nodes. |
+| `trace_call_path` | `function_name` (required), `direction` (inbound/outbound/both), `depth` (1-5, default 3), `risk_labels` (boolean) | BFS traversal from/to a function (exact name match). Returns call chains with signatures, constants, and edge types. Capped at 200 nodes. With `risk_labels=true`, adds CRITICAL/HIGH/MEDIUM/LOW classification and `impact_summary`. |
+| `detect_changes` | `scope` (unstaged/staged/all/branch), `base_branch`, `depth` (1-5, default 3) | Map git diff to affected graph symbols + blast radius. Returns changed files, changed symbols, and impacted callers with risk classification. Requires git in PATH. |
 | `query_graph` | `query` (required) | Execute Cypher-like graph queries (read-only). See [Supported Cypher Subset](#supported-cypher-subset) for what's supported. |
 | `get_graph_schema` | — | Node/edge counts, relationship patterns, sample names. Run this first to understand what's in the graph. |
 | `get_code_snippet` | `qualified_name` (required) | Read source code for a function by its qualified name (reads from disk). See [Qualified Names](#qualified-names) for the format. |
@@ -371,6 +374,20 @@ trace_call_path(function_name="ProcessOrder", depth=3, direction="outbound")
 trace_call_path(function_name="ProcessOrder", depth=2, direction="inbound")
 ```
 
+### Risk-classified impact analysis
+
+```
+trace_call_path(function_name="ProcessOrder", direction="inbound", depth=3, risk_labels=true)
+```
+
+### Detect changes (git diff impact)
+
+```
+detect_changes()
+detect_changes(scope="staged")
+detect_changes(scope="branch", base_branch="main", depth=3)
+```
+
 ### Dead code detection
 
 ```
@@ -577,6 +594,7 @@ make install  # go install
 | `trace_call_path` returns 0 results | Exact name match — no fuzzy matching | Use `search_graph(name_pattern=".*PartialName.*")` to discover the exact function name first. |
 | Queries return results from wrong project | Multiple projects indexed, no filter | Add `project="your-project-name"` to `search_graph`. Use `list_projects` to see indexed project names. |
 | Graph is missing recently added files | Auto-sync hasn't caught up yet, or project was never indexed | Wait a few seconds for auto-sync, or run `index_repository` manually. Auto-sync polls at 1–60s intervals depending on repo size. |
+| `detect_changes` fails with "git not found" | git not installed or not on PATH | Install git. Required at runtime only for `detect_changes`. |
 | Binary not found after install | `~/.local/bin` not on PATH | Add to your shell profile: `export PATH="$HOME/.local/bin:$PATH"` |
 | Cypher query fails with parse error | Unsupported Cypher feature | See [Supported Cypher Subset](#supported-cypher-subset). `WITH`, `COLLECT`, `OPTIONAL MATCH` are not supported. |
 
@@ -606,7 +624,7 @@ internal/
   httplink/               Cross-service HTTP route/call-site matching
   cypher/                 Cypher query lexer, parser, planner, executor
   selfupdate/             GitHub release checking, version comparison, asset download
-  tools/                  MCP tool handlers (12 tools) + CLI dispatch
+  tools/                  MCP tool handlers (14 tools) + CLI dispatch
   watcher/                Background auto-sync (mtime+size polling, adaptive intervals)
   discover/               File discovery with .cgrignore support
   fqn/                    Qualified name computation
 
@@ -9,7 +9,7 @@ description: >
 
 # Codebase Memory MCP — Tool Reference
 
-## Tools (12 total)
+## Tools (14 total)
 
 | Tool | Purpose |
 |------|---------|
@@ -19,12 +19,14 @@ description: >
 | `delete_project` | Remove a project from the graph |
 | `search_graph` | Structured search with filters (name, label, degree, file pattern) |
 | `search_code` | Grep-like text search within indexed project files |
-| `trace_call_path` | BFS call chain traversal (exact name match required) |
+| `trace_call_path` | BFS call chain traversal (exact name match required). Supports `risk_labels=true` for impact classification. |
+| `detect_changes` | Map git diff to affected symbols + blast radius with risk scoring |
 | `query_graph` | Cypher-like graph queries (200-row cap) |
 | `get_graph_schema` | Node/edge counts, relationship patterns |
 | `get_code_snippet` | Read source code by qualified name |
 | `read_file` | Read any file from indexed project |
 | `list_directory` | List files/directories with glob filter |
+| `ingest_traces` | Ingest OpenTelemetry traces to validate HTTP_CALLS edges |
 
 ## Edge Types
 
@@ -90,6 +92,46 @@ MATCH (a)-[r:FILE_CHANGES_WITH]->(b) WHERE r.coupling_score >= 0.5 RETURN a.name
 MATCH (f:Function)-[:CALLS]->(g:Function) WHERE g.name = 'ProcessOrder' RETURN f.name LIMIT 20
 ```
 
+## Regex-Powered Search (No Full-Text Index Needed)
+
+`search_graph` and `search_code` support full Go regex, making full-text search indexes unnecessary. Regex patterns provide precise, composable queries that cover all common discovery scenarios:
+
+### search_graph — name_pattern / qn_pattern
+
+| Pattern | Matches | Use case |
+|---------|---------|----------|
+| `.*Handler$` | names ending in Handler | Find all handlers |
+| `(?i)auth` | case-insensitive "auth" | Find auth-related symbols |
+| `get\|fetch\|load` | any of three words | Find data-loading functions |
+| `^on[A-Z]` | names starting with on + uppercase | Find event handlers |
+| `.*Service.*Impl` | Service...Impl pattern | Find service implementations |
+| `^(Get\|Set\|Delete)` | CRUD prefixes | Find CRUD operations |
+| `.*_test$` | names ending in _test | Find test functions |
+| `.*\\.controllers\\..*` | qn_pattern for directory scoping | Scope to controllers dir |
+
+### search_code — regex=true
+
+| Pattern | Matches | Use case |
+|---------|---------|----------|
+| `TODO\|FIXME\|HACK` | multi-pattern scan | Find tech debt markers |
+| `(?i)password\|secret\|token` | case-insensitive secrets | Security scan |
+| `func\\s+Test` | Go test functions | Find test entry points |
+| `api[._/]v[0-9]` | API version references | Find versioned API usage |
+| `import.*from ['"]@` | scoped npm imports | Find package imports |
+
+### Combining Filters for Surgical Queries
+
+```
+# Find unused auth handlers
+search_graph(name_pattern="(?i).*auth.*handler.*", max_degree=0, exclude_entry_points=true)
+
+# Find high fan-out functions in the services directory
+search_graph(qn_pattern=".*\\.services\\..*", min_degree=10, relationship="CALLS", direction="outbound")
+
+# Find all route handlers matching a URL pattern
+search_code(pattern="(?i)(POST|PUT).*\\/api\\/v[0-9]\\/orders", regex=true)
+```
+
 ## Critical Pitfalls
 
 1. **`search_graph(relationship="HTTP_CALLS")` does NOT return edges** — it filters nodes by degree. Use `query_graph` with Cypher to see actual edges.
@@ -107,4 +149,6 @@ MATCH (f:Function)-[:CALLS]->(g:Function) WHERE g.name = 'ProcessOrder' RETURN f
 | Find by name pattern | `search_graph(name_pattern="...")` |
 | Dead code | `search_graph(max_degree=0, exclude_entry_points=true)` |
 | Cross-service edges | `query_graph` with Cypher |
+| Impact of local changes | `detect_changes()` |
+| Risk-classified trace | `trace_call_path(risk_labels=true)` |
 | Text search | `search_code` or Grep |
@@ -16,12 +16,18 @@ Use graph tools to trace function call relationships. One `trace_call_path` call
 
 ### Step 1: Discover the exact function name
 
-`trace_call_path` requires an **exact** name match. If you don't know the exact name, discover it first:
+`trace_call_path` requires an **exact** name match. If you don't know the exact name, discover it first with regex:
 
 ```
 search_graph(name_pattern=".*Order.*", label="Function")
 ```
 
+Use full regex for precise discovery — no full-text search needed:
+- `(?i)order` — case-insensitive
+- `^(Get|Set|Delete)Order` — CRUD variants
+- `.*Order.*Handler$` — handlers only
+- `qn_pattern=".*services\\.order\\..*"` — scope to order service directory
+
 This returns matching functions with their qualified names and file locations.
 
 ### Step 2: Trace callers (who calls this function?)
@@ -88,9 +94,32 @@ query_graph(query="MATCH (s)-[r:OVERRIDE]->(i) WHERE i.name = 'Read' RETURN s.na
 query_graph(query="MATCH (a)-[r:USAGE]->(b) WHERE b.name = 'ProcessOrder' RETURN a.name, a.file_path LIMIT 20")
 ```
 
+## Risk-Classified Impact Analysis
+
+Add `risk_labels=true` to get risk classification on each node:
+
+```
+trace_call_path(function_name="ProcessOrder", direction="inbound", depth=3, risk_labels=true)
+```
+
+Returns nodes with `risk` (CRITICAL/HIGH/MEDIUM/LOW) based on hop depth, plus an `impact_summary` with counts. Risk mapping: hop 1=CRITICAL, 2=HIGH, 3=MEDIUM, 4+=LOW.
+
+## Detect Changes (Git Diff Impact)
+
+Map uncommitted changes to affected symbols and their blast radius:
+
+```
+detect_changes()
+detect_changes(scope="staged")
+detect_changes(scope="branch", base_branch="main")
+```
+
+Returns changed files, changed symbols, and impacted callers with risk classification. Scopes: `unstaged`, `staged`, `all` (default), `branch`.
+
 ## Key Tips
 
 - Start with `depth=1` for quick answers, increase only if needed (max 5).
 - Edge types in trace results: `CALLS` (direct), `HTTP_CALLS` (cross-service), `ASYNC_CALLS` (async dispatch), `USAGE` (read reference), `OVERRIDE` (interface implementation).
 - `search_graph(relationship="HTTP_CALLS")` filters nodes by degree — it does NOT return edges. Use `query_graph` with Cypher to see actual edges with properties.
 - Results are capped at 200 nodes per trace.
+- `detect_changes` requires git in PATH.
@@ -2,6 +2,7 @@ package main
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"os"
 	"os/exec"
@@ -61,7 +62,15 @@ func runInstall(args []string) int {
 		fmt.Println("[Codex CLI] not found — skipping")
 	}
 
-	fmt.Println("\nDone. Restart Claude Code / Codex to activate.")
+	fmt.Println()
+
+	// Cursor
+	installEditorMCP(binaryPath, cursorConfigPath(), "Cursor", cfg)
+
+	// Windsurf
+	installEditorMCP(binaryPath, windsurfConfigPath(), "Windsurf", cfg)
+
+	fmt.Println("\nDone. Restart Claude Code / Codex / Cursor / Windsurf to activate.")
 	return 0
 }
 
@@ -91,6 +100,12 @@ func runUninstall(args []string) int {
 		removeCodexInstructions(cfg)
 	}
 
+	// Cursor
+	removeEditorMCP(cursorConfigPath(), "Cursor", cfg)
+
+	// Windsurf
+	removeEditorMCP(windsurfConfigPath(), "Windsurf", cfg)
+
 	fmt.Println("\nDone. Binary and databases were NOT removed.")
 	return 0
 }
@@ -462,3 +477,123 @@ func execCLI(path string, args ...string) error {
 	cmd.Stderr = os.Stderr
 	return cmd.Run()
 }
+
+// --- Editor MCP config (Cursor, Windsurf) ---
+
+const mcpServerKey = "codebase-memory-mcp"
+
+// cursorConfigPath returns the Cursor MCP config path.
+func cursorConfigPath() string {
+	home, err := os.UserHomeDir()
+	if err != nil {
+		return ""
+	}
+	return filepath.Join(home, ".cursor", "mcp.json")
+}
+
+// windsurfConfigPath returns the Windsurf MCP config path.
+func windsurfConfigPath() string {
+	home, err := os.UserHomeDir()
+	if err != nil {
+		return ""
+	}
+	return filepath.Join(home, ".codeium", "windsurf", "mcp_config.json")
+}
+
+// installEditorMCP upserts our MCP server entry in an editor's JSON config file.
+func installEditorMCP(binaryPath, configPath, editorName string, cfg installConfig) {
+	if configPath == "" {
+		return
+	}
+
+	fmt.Printf("[%s] MCP config: %s\n", editorName, configPath)
+
+	if cfg.dryRun {
+		fmt.Printf("  [dry-run] Would upsert %s in %s\n", mcpServerKey, configPath)
+		return
+	}
+
+	// Read existing config or start fresh
+	root := make(map[string]any)
+	if data, err := os.ReadFile(configPath); err == nil {
+		if jsonErr := json.Unmarshal(data, &root); jsonErr != nil {
+			// File exists but is invalid JSON — back up and overwrite
+			fmt.Printf("  ⚠ Invalid JSON in %s, overwriting\n", configPath)
+			root = make(map[string]any)
+		}
+	}
+
+	// Ensure mcpServers map exists
+	servers, ok := root["mcpServers"].(map[string]any)
+	if !ok {
+		servers = make(map[string]any)
+	}
+
+	// Upsert our server entry
+	servers[mcpServerKey] = map[string]any{
+		"command": binaryPath,
+	}
+	root["mcpServers"] = servers
+
+	// Write back
+	if err := os.MkdirAll(filepath.Dir(configPath), 0o750); err != nil {
+		fmt.Printf("  ⚠ mkdir %s: %v\n", filepath.Dir(configPath), err)
+		return
+	}
+	out, err := json.MarshalIndent(root, "", "  ")
+	if err != nil {
+		fmt.Printf("  ⚠ marshal JSON: %v\n", err)
+		return
+	}
+	if err := os.WriteFile(configPath, append(out, '\n'), 0o600); err != nil {
+		fmt.Printf("  ⚠ write %s: %v\n", configPath, err)
+		return
+	}
+	fmt.Printf("  ✓ MCP server registered in %s\n", configPath)
+}
+
+// removeEditorMCP removes our MCP server entry from an editor's JSON config file.
+func removeEditorMCP(configPath, editorName string, cfg installConfig) {
+	if configPath == "" {
+		return
+	}
+
+	data, err := os.ReadFile(configPath)
+	if err != nil {
+		return // no config file, nothing to remove
+	}
+
+	var root map[string]any
+	if err := json.Unmarshal(data, &root); err != nil {
+		return
+	}
+
+	servers, ok := root["mcpServers"].(map[string]any)
+	if !ok {
+		return
+	}
+	if _, exists := servers[mcpServerKey]; !exists {
+		return
+	}
+
+	fmt.Printf("[%s] MCP config: %s\n", editorName, configPath)
+
+	if cfg.dryRun {
+		fmt.Printf("  [dry-run] Would remove %s from %s\n", mcpServerKey, configPath)
+		return
+	}
+
+	delete(servers, mcpServerKey)
+	root["mcpServers"] = servers
+
+	out, err := json.MarshalIndent(root, "", "  ")
+	if err != nil {
+		fmt.Printf("  ⚠ marshal JSON: %v\n", err)
+		return
+	}
+	if err := os.WriteFile(configPath, append(out, '\n'), 0o600); err != nil {
+		fmt.Printf("  ⚠ write %s: %v\n", configPath, err)
+		return
+	}
+	fmt.Printf("  ✓ Removed %s from %s\n", mcpServerKey, configPath)
+}