Conversation
Our flow is feature -> develop (dev/manual tests) -> main (release), but Dependabot defaulted to the repo default branch (main), so weekly version bumps landed straight on main, bypassing develop. Set target-branch: "develop" on all five update blocks (gomod x2, npm, docker, github-actions) so scheduled version PRs go to develop. Note: Dependabot reads this config from the default branch (main), so the change only takes effect once it reaches main. Security (alert-triggered) updates still target the default branch by platform design. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* docs: add reindex-after-upgrade disclaimer to README * chore(deps): bump the go group in /server with 6 updates Bumps the go group in /server with 6 updates: | Package | From | To | | --- | --- | --- | | [github.com/getkin/kin-openapi](https://github.com/getkin/kin-openapi) | `0.135.0` | `0.140.0` | | [github.com/go-chi/chi/v5](https://github.com/go-chi/chi) | `5.2.4` | `5.3.0` | | [github.com/oapi-codegen/runtime](https://github.com/oapi-codegen/runtime) | `1.4.0` | `1.4.2` | | [golang.org/x/crypto](https://github.com/golang/crypto) | `0.52.0` | `0.53.0` | | [golang.org/x/sync](https://github.com/golang/sync) | `0.20.0` | `0.21.0` | | [modernc.org/sqlite](https://gitlab.com/cznic/sqlite) | `1.34.1` | `1.53.0` | Updates `github.com/getkin/kin-openapi` from 0.135.0 to 0.140.0 - [Release notes](https://github.com/getkin/kin-openapi/releases) - [Commits](getkin/kin-openapi@v0.135.0...v0.140.0) Updates `github.com/go-chi/chi/v5` from 5.2.4 to 5.3.0 - [Release notes](https://github.com/go-chi/chi/releases) - [Changelog](https://github.com/go-chi/chi/blob/master/CHANGELOG.md) - [Commits](go-chi/chi@v5.2.4...v5.3.0) Updates `github.com/oapi-codegen/runtime` from 1.4.0 to 1.4.2 - [Release notes](https://github.com/oapi-codegen/runtime/releases) - [Commits](oapi-codegen/runtime@v1.4.0...v1.4.2) Updates `golang.org/x/crypto` from 0.52.0 to 0.53.0 - [Commits](golang/crypto@v0.52.0...v0.53.0) Updates `golang.org/x/sync` from 0.20.0 to 0.21.0 - [Commits](golang/sync@v0.20.0...v0.21.0) Updates `modernc.org/sqlite` from 1.34.1 to 1.53.0 - [Changelog](https://gitlab.com/cznic/sqlite/blob/master/CHANGELOG.md) - [Commits](https://gitlab.com/cznic/sqlite/compare/v1.34.1...v1.53.0) --- updated-dependencies: - dependency-name: github.com/getkin/kin-openapi dependency-version: 0.140.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/go-chi/chi/v5 dependency-version: 5.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/oapi-codegen/runtime dependency-version: 1.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: golang.org/x/crypto dependency-version: 0.53.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: golang.org/x/sync dependency-version: 0.21.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: modernc.org/sqlite dependency-version: 1.53.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Anton Tribulkevich <dvcdsys@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… in the go group (#97) * docs: add reindex-after-upgrade disclaimer to README * chore(deps): bump github.com/spf13/cobra in /cli in the go group Bumps the go group in /cli with 1 update: [github.com/spf13/cobra](https://github.com/spf13/cobra). Updates `github.com/spf13/cobra` from 1.8.0 to 1.10.2 - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](spf13/cobra@v1.8.0...v1.10.2) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-version: 1.10.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Anton Tribulkevich <dvcdsys@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…shboard (#103) * docs: add reindex-after-upgrade disclaimer to README * chore(deps-dev): bump @babel/core in /server/dashboard Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.29.0 to 7.29.7. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-version: 7.29.7 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Anton Tribulkevich <dvcdsys@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* docs: add reindex-after-upgrade disclaimer to README * chore(deps): bump alpine from 3.20 to 3.24 in /server Bumps alpine from 3.20 to 3.24. --- updated-dependencies: - dependency-name: alpine dependency-version: '3.24' dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Anton Tribulkevich <dvcdsys@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* docs: add reindex-after-upgrade disclaimer to README * chore(deps): bump actions/setup-go from 5 to 6 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](actions/setup-go@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-go dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Anton Tribulkevich <dvcdsys@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* docs: add reindex-after-upgrade disclaimer to README * chore(deps): bump softprops/action-gh-release from 2 to 3 Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2 to 3. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](softprops/action-gh-release@v2...v3) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-version: '3' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Anton Tribulkevich <dvcdsys@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* docs: add reindex-after-upgrade disclaimer to README * chore(deps): bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Anton Tribulkevich <dvcdsys@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The Docker Hub repo had grown past 150 GB — Docker Hub never prunes tags, so every release (~1 GB CUDA) plus scout/test/dev scan tags accumulated forever (53 tags, ~44 of them stale). Add server/scripts/dockerhub-prune.sh: a deny-by-default retention policy that keeps the floating tags (latest, cu128, develop-cu128) + the newest KEEP_RELEASES (default 3) semver versions, and deletes everything else (scout-*, *-cu130/-cu126, go-*, *-dev*, ci-test-*, unprefixed 0.x, old releases). DRY_RUN=true by default; portable across GNU + BSD (macOS) sort. Enforce it automatically: - release-server.yml: prune job after each release push (keep newest 3). - cleanup-dockerhub.yml: weekly sweep + manual dispatch (dry-run default). Both reuse the existing DOCKER_USERNAME / DOCKER_PASSWORD secrets. Deleted release tags remain rebuildable via the release workflow_dispatch path. Also fix portainer-stack-cuda.yml: it still referenced the obsolete `go-cu128` floating tag (renamed to `cu128` long ago) — a future redeploy from that file would have failed to pull once go-cu128 is pruned. Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* docs: add reindex-after-upgrade disclaimer to README * chore(deps): bump actions/upload-artifact from 4 to 7 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 7. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v7) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Anton Tribulkevich <dvcdsys@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* docs: add reindex-after-upgrade disclaimer to README * chore(deps): bump actions/download-artifact from 4 to 8 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 8. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v8) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Anton Tribulkevich <dvcdsys@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…101) * docs: add reindex-after-upgrade disclaimer to README * chore(deps): bump golang from 1.25-alpine to 1.26-alpine in /server Bumps golang from 1.25-alpine to 1.26-alpine. --- updated-dependencies: - dependency-name: golang dependency-version: 1.26-alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Anton Tribulkevich <dvcdsys@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…106) * feat(cowork): cix in Claude Cowork via MCP connector + skills plugin Claude Cowork doesn't load Claude Code plugins/hooks/slash-commands and doesn't shell out to the cix CLI, so cix was unreachable there — exactly where it's most useful (large cross-repo research). Expose it over MCP. Two-step, server-centric, multi-server: - `cix mcp`: stdio MCP server subcommand (cli/cmd/mcp.go, mcp_tools.go) as a thin front-end over the existing internal/client HTTP client. 11 tools — list servers/projects/workspaces, cross-project workspace_search, and per-project search/definitions/references/symbols/files/summary. No cwd inference and no "current project"; project (host_path) and workspace are explicit, server is an optional per-call selector resolved against a cached serverRegistry. - `cix mcp connect claude`: one-command installer (cli/cmd/mcp_connect.go) that registers this binary in claude_desktop_config.json via the official mcpServers mechanism — absolute path, preserves other servers, writes .bak, idempotent, --print dry-run, disconnect to undo, no secrets. - cli/mcpb/: optional .mcpb desktop-extension bundle (make mcpb) for redistributing the connector to machines without cix. - plugins/cix-cowork/: skills-only marketplace plugin (2nd entry) — the cix and cix-workspace skills adapted from the CLI to the cix_* MCP tools (workspace uses sequential cix_search drill-down, no sub-agent; trust-rules + troubleshooting in references/). Install after connecting the server. - doc/COWORK_MCP.md, marketplace 2nd entry, go.mod (MCP SDK), Makefile mcpb. - fix(plugin): quote the cix-workspace-investigator description so strict `claude plugin validate` passes (unquoted "Do not use for:" colon). The Claude Code `cix` plugin is unchanged (CLI + hooks); this is its Cowork counterpart over the same cix server. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * docs: slim README to a landing page; add credits, Voyage, team-deploy guide Cut README from ~790 to ~320 lines by de-duplicating repeated notes (bootstrap admin, reindex-after-upgrade, drift, GPU) and relocating reference material into focused docs. No content lost — moved, not deleted. New docs: - doc/CLI_REFERENCE.md — full CLI surface + per-project config - doc/DASHBOARD.md — pages, auth, authorization model, drift - doc/TROUBLESHOOTING.md — common issues + search-quality tuning - doc/TEAM_DEPLOYMENT.md — self-hosting cix for a team (DevOps guide) README also gains an Embedding providers section (local / Voyage AI / OpenAI-compatible — Voyage was already a first-class provider but nearly invisible) and an Acknowledgements section crediting upstreams. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * refactor(cowork): MCP install/uninstall seam, drop .mcpb, fix min_score & partial-status Revise the Cowork MCP integration and fix three review findings. Connector UX & packaging: - Rename `cix mcp connect|disconnect claude` → `install|uninstall claude-desktop` behind a host-registry seam (mcpHosts/lookupHost), so adding hosts (e.g. Codex/TOML) is a table entry, not a new command. - Drop the `.mcpb` desktop-extension path (build.sh/manifest.json, Makefile target) — MCP connector + marketplace skills only. - Rewrite doc/COWORK_MCP.md and plugin docs to match. Review fixes (MCP must mirror the CLI — it is just another CLI surface): - cix_search: apply the documented default min_score 0.4 when omitted instead of silently sending nothing (server default 0.2). Single source of truth via searchDefaultMinScore, shared by the `cix search` flag and the MCP tool. min_score is now *float64 — omit → 0.4, explicit (incl 0) → passthrough. - cix_workspace_search: add the missing min_score parameter (the skill docs promise it and the agent errored without it). Thread it through client.WorkspaceSearch (server already supports ?min_score=); add a matching `cix ws search --min-score` flag for CLI parity. - formatWorkspaceSearch: surface status=="partial_failure" with a banner, the way the CLI renderSearch does, so partial results aren't read as complete. Add TestRegisterCixTools_SchemaReflection guarding the *float64 schema reflection. go test ./... green. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> * fix(cowork): tighten host-config perms & warn on empty partial_failure - mcp install/uninstall: preserve the host config's file mode and create a fresh one private (0o600) instead of 0o644 — it sits next to other MCP servers' secret env values; chmod even on overwrite so an already world-readable config is tightened rather than left as-is. - formatWorkspaceSearch: check partial_failure BEFORE the empty-result shortcut (like the CLI's renderSearch) so an empty result caused by repo failures warns about incomplete coverage instead of reading as "no matches". - test: cover the empty partial_failure case. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
The Go tree-sitter binding cix's AST chunking first grew from. Credit where the head start came from. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The acknowledgements covered the server stack but omitted two whole categories. Add them: - CLI: Cobra, Charm (Bubble Tea/Bubbles/Lip Gloss), the MCP Go SDK (which the Cowork integration stands on), rjeczalik/notify, and koanf. - Dashboard: React + Vite, Radix UI + Tailwind (shadcn/ui pattern), TanStack Query, openapi-typescript, lucide, and sonner. Also point the closing note at server/dashboard/package.json for the full frontend dependency list. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| - name: Create develop release | ||
| uses: softprops/action-gh-release@v2 | ||
| uses: softprops/action-gh-release@v3 |
|
|
||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| uses: docker/login-action@v4 |
|
|
||
| - name: Create GitHub release | ||
| uses: softprops/action-gh-release@v2 | ||
| uses: softprops/action-gh-release@v3 |
|
|
||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| uses: docker/login-action@v4 |
|
|
||
| - name: Login to Docker Hub | ||
| uses: docker/login-action@v3 | ||
| uses: docker/login-action@v4 |
|
|
||
| - name: Create GitHub release | ||
| uses: softprops/action-gh-release@v2 | ||
| uses: softprops/action-gh-release@v3 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release: merge
developintomain.Highlights
Feature — cix in Claude Cowork via MCP (#106)
cix mcpstdio MCP server (11 tools) exposing cix's semantic search to Claude Desktop & Cowork — server-centric, multi-server, no cwd inference.cix mcp install|uninstall <host>one-command registrar behind a host-registry seam (claude-desktoptoday; Codex/TOML later).plugins/cix-cowork/skills-only marketplace plugin (cix + cix-workspace adapted to thecix_*tools).searchDefaultMinScore0.4;cix ws search --min-score);partial_failuresurfaced (incl. the empty-result case); host-config written0o600next to other servers' secrets.doc/COWORK_MCP.md, plus the README slim-down and newCLI_REFERENCE/DASHBOARD/TROUBLESHOOTING/TEAM_DEPLOYMENTdocs.Ops — Docker Hub tag retention (#105)
dockerhub-prune.shdeny-by-default retention + a release-time prune job and a weekly cleanup workflow (the repo had grown past 150 GB).Docs — acknowledgements
odvcencio/gotreesitteras the original tree-sitter starting point.Dependency & CI maintenance
develop; Go group + cobra 1.10.2, golang 1.26-alpine, alpine 3.24, several GitHub Actions bumps, and a dashboard@babel/corebump.Release notes
After merging, tag/release per the usual flow (
server/vX.Y.Z→ release-server.yml builds CPU multi-arch + CUDA, pushes:X.Y.Z/:latest/:X.Y.Z-cu128/:cu128, then prunes Docker Hub). CLI is on its own tag stream.Testing
go test ./...green (server + CLI).claude plugin validatepasses; connector smoke-tested end-to-end and verified live from Cowork.🤖 Generated with Claude Code