fix(install): materialize vendored grammars to fix Windows EPERM (#1728)

[magyargergo]

Summary

Fixes #1728 — Windows npx gitnexus / MCP install failing with EPERM when npm tries to symlink vendored tree-sitter-dart (and proto/swift) from file:./vendor/* optionalDependencies.

• Remove file: optionalDependencies for vendored grammars (symlink/junction step during npm reify).
• Add materialize-vendor-grammars.cjs postinstall step: fs.cpSync from vendor/ → node_modules/ (real directories).
• Add build-tree-sitter-swift.cjs and strip Swift vendor install script (same ENOTEMPTY error when upgrading gitnexus globally (node-addon-api rmdir failure) #836 hygiene as dart/proto).
• Update packaging tests and README skip-grammars note.

Root cause

Published @ladybugdb-style issue but for tree-sitter: npm ships vendor/ in the tarball and declares file:./vendor/..., so install still tries to link vendor into node_modules. Windows without Developer Mode / symlink rights → EPERM.

Test plan

• cd gitnexus && npx tsc --noEmit
• npx vitest run test/unit/cli-commands.test.ts test/unit/materialize-vendor-grammars.test.ts
• npm pack + clean npm install ./gitnexus-*.tgz — no EPERM; gitnexus --version works; tree-sitter-dart is a regular directory with built .node
• CI full npm test on Windows runner (recommended follow-up)
• Manual npx gitnexus@<next> mcp on Windows host without Developer Mode

Closes #1728

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
gitnexus	Ready	Preview, Comment	May 21, 2026 3:27pm

[github-actions]

✨ PR Autofix

Found fixable formatting / unused-import issues across 23 changed lines. Comment /autofix on this PR to apply them, or run npm run lint:fix && npm run format locally.

{"schema":"gitnexus.pr-autofix/v2","state":"fixes-available","pr_number":1729,"changed_lines":23,"head_sha":"31d70b538eaa53a21cc84778a6aa5dcd87f7ab1a","run_id":"26185494928","apply_command":"/autofix"}

[github-actions]

CI Report

✅ All checks passed

Pipeline Status

Stage	Status	Details
✅ Typecheck	success	tsc --noEmit
✅ Tests	success	unit tests, 3 platforms
✅ E2E	success	gitnexus-web changes only

Test Results

Tests	Passed	Failed	Skipped	Duration
9418	9417	0	1	482s

✅ All 9417 tests passed

1 test(s) skipped — expand for details

• buildTypeEnv > known limitations (documented skip tests) > Ruby block parameter: users.each { |user| } — closure param inference, different feature

Code Coverage

Tests

Metric	Coverage	Covered	Base	Delta	Status
Statements	78.14%	31053/39737	N/A%	—	🟢 ███████████████░░░░░
Branches	66.67%	19749/29621	N/A%	—	🟢 █████████████░░░░░░░
Functions	82.16%	3164/3851	N/A%	—	🟢 ████████████████░░░░
Lines	81.51%	28010/34363	N/A%	—	🟢 ████████████████░░░░

---

_{📋 View full run · Generated by CI}

[github-actions]

Claude finished @magyargergo's task in 7m 28s —— View job

---

Production-Readiness Review: PR #1729

fix(install): materialize vendored grammars to fix Windows EPERM (#1728)
Branch: verify/issue-1728-symlink → main | Head: 821a79e | Author: magyargergo

---

Review Bar

Production install path for npm install -g gitnexus and npx gitnexus mcp on Windows without Developer Mode. The bar is: no file: symlink EPERM, no vendor artifact pollution, working optional grammar degradation, accurate lockfile/tarball, green CI.

---

Problem Being Solved

Windows npx gitnexus / MCP install fails with EPERM: operation not permitted, symlink (#1728) because npm tries to create junctions/symlinks for file:./vendor/tree-sitter-{dart,proto,swift} optionalDependencies during reify. Without Developer Mode on Windows, this is blocked. The fix removes those file: entries and moves materialization to a postinstall fs.cpSync.

---

Current PR State

• Head: 821a79e (two PR commits + two merge-from-main merges)
• PR commits: 31d70b5 (initial fix) + 4d5bb72 (atomic swap + fail-soft tests)
• CI (latest head): Quality checks green (typecheck, lint, format, PR Autofix, CodeQL, Gitleaks, Dependency Review ✓). tests/windows-latest, tests/ubuntu/coverage, tests/macos-latest still in progress — cannot confirm green.

---

Repository History Considered

• ENOTEMPTY error when upgrading gitnexus globally (node-addon-api rmdir failure) #836: vendor/tree-sitter-proto/node_modules/ blocked global-upgrade rmdir → PR fix: devendor tree-sitter-proto install lifecycle to prevent ENOTEMPTY on global upgrade #846 established invariant: no artifacts under vendor/. This PR extends that pattern to Swift and consolidates Dart/Proto.
• fix: add preinstall cleanup to prevent ENOTEMPTY on global upgrade #843: Earlier preinstall cleanup, insufficient. Not affected here.
• Drop tree-sitter-swift — fails to build on Debian/musl, unused by downstream consumers (argus) #1024: Swift build/prebuild fragility — this PR avoids the broken binding.gyp path by shipping platform prebuilds and probing with node-gyp-build.
• Windows: analyze segfaults on real repo, silently no-ops on minimal repo (exit 0 masks crash, no meta.json written, registry stays empty) #1427/Napi::Error #1665: Windows install failures and optional grammar degradation/crash concerns. These define the regression surface this PR must not worsen.

---

Branch Hygiene Assessment

Two Merge branch 'main' into verify/issue-1728-symlink commits (03ae604, 821a79e) brought in #1693 (workers fix) and #1727 (Kotlin scope resolver). The actual PR diff is strictly scoped to install/packaging files. No unrelated churn from the merge commits. Hygiene: clean.

---

Understanding of the Change

File	What changed
package.json	Removed tree-sitter-{dart,proto,swift} from optionalDependencies; postinstall now chains materialize → dart-build → proto-build → swift-build
materialize-vendor-grammars.cjs	New script: cpSync(vendor/NAME, node_modules/NAME.tmp) then atomic rename; fail-soft per-grammar; honors GITNEXUS_SKIP_OPTIONAL_GRAMMARS=1
build-tree-sitter-swift.cjs	New script: probe node-gyp-build(swiftDir) to detect prebuild load failure at install time; Swift runtime loading via parser-loader unchanged
build-tree-sitter-{dart,proto}.cjs	Added skip guards; dart combines `!bindingGyp
vendor/tree-sitter-swift/package.json	Stripped install script and dependencies (same #836 hygiene as dart/proto)
optional-grammars.ts	Added missing-grammar detection for Dart/Proto; minor cleanup
Tests	materialize-vendor-grammars.test.ts (new, 8 scenarios); cli-commands.test.ts updated
.npmignore	Already excludes vendor/**/node_modules and vendor/**/build — vendor hygiene confirmed

---

Findings

---

Finding 1 — README env-var table inconsistency (Swift missing) [CONFIRMED]

Risk: Documentation inconsistency around GITNEXUS_SKIP_OPTIONAL_GRAMMARS=1. The quick note at README.md:109 correctly lists all three grammars:

"skip vendored grammar materialize/build (tree-sitter-dart, tree-sitter-proto, tree-sitter-swift)"

But the env-var reference table at README.md:248 still reads:

"skips native builds for tree-sitter-dart / tree-sitter-proto at install time"

Swift is absent from the table description even though materialize-vendor-grammars.cjs:18-23 and build-tree-sitter-swift.cjs:12-17 both honor the flag.

Evidence: README.md:248 vs. README.md:109; materialize-vendor-grammars.cjs:18-23; build-tree-sitter-swift.cjs:12-17.

Recommended fix: Update README.md:248 to read: "When =1 strictly, skips vendored grammar materialize/build for tree-sitter-dart, tree-sitter-proto, and tree-sitter-swift at install time."

Blocks merge: No (but contradicts DoD point 8 on docs accuracy). Fix this →

---

Finding 2 — optional-grammars.ts omits Swift from OPTIONAL_GRAMMARS [CONFIRMED]

Risk: optional-grammars.ts:30-33 only includes Dart and Proto:

const OPTIONAL_GRAMMARS: OptionalGrammar[] = [
  { name: 'tree-sitter-dart', pkg: 'tree-sitter-dart', extensions: ['.dart'] },
  { name: 'tree-sitter-proto', pkg: 'tree-sitter-proto', extensions: ['.proto'] },
];

Swift is now materialized identically to Dart/Proto (same postinstall order, same skip guard, same prebuild-based load path). warnMissingOptionalGrammars() won't emit a warning if Swift fails to load. Swift degradation warnings exist only in parser-loader.ts:143-146 via the unavailableNote path (separate codepath, only triggered on parser demand, not at startup). Users installing on a platform without a Swift prebuild get silent degradation from the optional-grammars warning perspective.

Evidence: optional-grammars.ts:30-33; parser-loader.ts:139-147; materialize-vendor-grammars.cjs:16 (Swift in the VENDORED_GRAMMARS list).

Recommended fix: Add Swift to OPTIONAL_GRAMMARS in optional-grammars.ts, matching the Dart/Proto pattern. Extensions: ['.swift']. Fix this →

Blocks merge: No (Swift degradation warning still fires from parser-loader), but it's a behavioral gap introduced by this PR adding Swift to the materialization path without adding it to the warning path.

---

Finding 3 — Atomicity gap: rename failure after dest deletion [CONFIRMED, NARROW RISK]

Risk: materialize-vendor-grammars.cjs:40-43:

fs.cpSync(src, partial, { recursive: true, verbatim: true });  // step 2
fs.rmSync(dest, { recursive: true, force: true });              // step 3
fs.renameSync(partial, dest);                                   // step 4

If step 2 succeeds, step 3 succeeds, and step 4 fails (e.g., Windows AV scanner locks partial between copy completion and rename), then dest no longer exists and the catch block only cleans up partial. The previously-working grammar install is lost. force: true on rmSync suppresses ENOENT but not EPERM on a locked file — if dest is locked at step 3, the catch runs and dest is intact (correct). But step 3 → step 4 failure is the torn-state scenario.

Evidence: materialize-vendor-grammars.cjs:42-43; test at line 149-176 only covers "cpSync fails" (not "rename fails after dest deleted"). On Windows, renameSync (MoveFileExW) on a just-created sibling directory is typically atomic, so this is a narrow real-world window.

Recommended fix: Consider a backup strategy (rename dest → dest.bak, then partial → dest, then remove .bak) or explicitly document the residual failure mode and accept it. The current behavior is still significantly better than the original EPERM which blocked install entirely. Fix this →

Blocks merge: No — the failure scenario is narrow (AV scanner race on rename), recoverable by reinstall, and far less severe than the original EPERM crash.

---

Finding 4 — build-tree-sitter-swift.cjs is a probe, not an activator [CONFIRMED, MINOR]

Risk: Script comment says "Activate tree-sitter-swift prebuilds" but nodeGypBuild(swiftDir) only loads the native binding and discards the result. It doesn't write, copy, or register anything. Runtime loading in parser-loader.ts:140 does the same require('tree-sitter-swift') → node-gyp-build(root) call. The script's value is detecting platform incompatibility at install time (fail-soft warning) rather than at first parse invocation.

Evidence: build-tree-sitter-swift.cjs:27; gitnexus/vendor/tree-sitter-swift/bindings/node/index.js (calls node-gyp-build(root)); prebuilds/ has darwin-arm64, darwin-x64, linux-arm64, linux-x64, win32-arm64, win32-x64 prebuilt .node files.

Recommended fix: Update the script doc comment to "probe/validate tree-sitter-swift prebuild availability at install time" to avoid misleading future maintainers. Not a correctness issue.

Blocks merge: No.

---

Finding 5 — No packed-tarball + global-install smoke test on Windows CI [CONFIRMED COVERAGE GAP]

Risk: The Windows CI job (ci-tests.yml:62-77) runs:

npm ci          # in source checkout → runs postinstall → materialization
npx vitest run  # unit/integration tests

This exercises materialization on Windows and validates the no-symlink path. However, it does NOT simulate npm install -g ./gitnexus-*.tgz from a clean (cold-cache) install on Windows without Developer Mode — the exact scenario in #1728. A developer-mode Windows runner without symlink rights is not tested.

The PR description notes: "CI full npm test on Windows runner (recommended follow-up)" and "Manual npx gitnexus@<next> mcp on Windows host without Developer Mode" are unchecked in the test plan.

Evidence: ci-tests.yml:62-77; .github/actions/setup-gitnexus/action.yml (runs npm ci); PR description test plan.

Recommended fix: The npm ci on windows-latest is a reasonable proxy — it runs postinstall on Windows and validates the removal of file: symlinks. However, to fully close #1728, a follow-up issue should track: (a) adding a Windows pack+install job in CI, or (b) capturing a screenshot of npx gitnexus@next mcp succeeding on a Windows host without Developer Mode before the next release.

Blocks merge: Maybe. The npm ci on Windows does exercise the key path (no file: link entries in lockfile → no symlink attempt → postinstall materialization). But it's not an end-to-end npx gitnexus mcp validation on a privileged-symlink-disabled Windows host.

---

Finding 6 — CI still pending for test jobs [BLOCKING UNTIL GREEN]

Risk: At time of review, tests/windows-latest, tests/ubuntu/coverage, and tests/macos-latest are in-progress/queued. The earlier head (31d70b5) had failing typecheck and autofix issues. Commit 4d5bb72 claims to fix those, and quality checks on the latest head are green (typecheck ✓, lint ✓, format ✓, PR Autofix ✓). But the test jobs haven't completed.

Evidence: CI run 26213141697; jobs 77129094850 (windows), 77129094861 (ubuntu), 77129094868 (macos) — conclusion: null.

Recommended fix: Wait for CI to complete and confirm all test jobs pass on all three platforms before merging.

Blocks merge: Yes — per DoD point 7.

---

PR-Specific Assessment Sections

A. Windows npm install / MCP

Status: Structurally correct, CI validation pending.

The file: entries for tree-sitter-{dart,proto,swift} are confirmed absent from package.json and package-lock.json. The lockfile has vendor/tree-sitter-* as extraneous: true (npm sees the source dirs but won't manage them). There are no node_modules/tree-sitter-dart|proto|swift or link: true entries that would cause npm to attempt symlinks. The CI Windows job runs npm ci which exercises this path. A full cold-cache packed-tarball install on a no-symlink Windows host is not in CI (Finding 5).

B. Package lifecycle and materialization

Status: Correct, with one narrow atomicity gap (Finding 3).

Lifecycle order in package.json:51: materialize → dart-build → proto-build → swift-build. Materialization creates node_modules/ before build scripts run. Idempotency confirmed by test at line 83-98. Fail-soft per grammar confirmed at materialize-vendor-grammars.cjs:44-52. The force: true on both rmSync calls correctly handles ENOENT. The torn-state on rename failure is documented in Finding 3.

C. Native grammar runtime compatibility

Status: Correct for all three grammars.

• Dart/Proto: Build via node-gyp-build + npx node-gyp rebuild in node_modules/ (not vendor). Idempotent binding check. Pre-flight for node-addon-api and node-gyp-build availability.
• Swift: Prebuilds for darwin-{arm64,x64}, linux-{arm64,x64}, win32-{arm64,x64} in vendor/tree-sitter-swift/prebuilds/. Runtime loading via bindings/node/index.js → node-gyp-build(root). No compilation needed. build-tree-sitter-swift.cjs is an install-time probe (Finding 4 — acceptable).
• Parser-loader: Swift (parser-loader.ts:139-147), Dart (148-156), Proto (not in parser-loader grep results — likely handled via tree-sitter-proto require elsewhere) all have optional: true with unavailableNote.

D. Lockfile/package/tarball hygiene

Status: Clean.

• package-lock.json: No file:./vendor for vendored grammars. No link: true for them. node_modules/gitnexus-shared: {link: true} is correct (devDependency). vendor/tree-sitter-* are extraneous: true — expected.
• .npmignore: Excludes vendor/**/node_modules, vendor/**/build. Vendor source included via "files": ["vendor"] in package.json.
• Vendor manifests: No install scripts, no dependencies on any of the three vendored packages. Test at line 178-186 asserts this.
• Test at line 200-213 asserts no node_modules/tree-sitter-{dart,proto,swift} entries in lockfile — passes currently.

E. Degraded-mode behavior

Status: Mostly correct; Swift warning gap confirmed (Finding 2).

• GITNEXUS_SKIP_OPTIONAL_GRAMMARS=1: Honored by all three scripts (materialize, dart-build, proto-build, swift-build). Strict === '1' check in all. Test at line 58-68 validates no node_modules entries when skipped.
• Missing vendor dir: materialize-vendor-grammars.cjs:29-32 warns and continues per grammar.
• Missing toolchain: Dart/proto build scripts pre-flight node-addon-api/node-gyp-build and warn + exit 0.
• Swift missing platform prebuild: node-gyp-build throws → caught → warn + exit 0.
• Gap: optional-grammars.ts doesn't include Swift (Finding 2). Parser-loader does provide a degraded warning for Swift at load time.

F. CI/test lane

Status: Quality checks green; test jobs pending.

• Typecheck ✓ (job 77129095093)
• Lint ✓ (job 77129094863)
• Format ✓ (job 77129094936)
• PR Autofix ✓ (run 26213141762 — no fixes needed on latest head)
• CodeQL ✓, Gitleaks ✓, Dependency Review ✓
• tests/windows-latest, tests/ubuntu/coverage, tests/macos-latest — pending

Earlier CI failure (on 31d70b5) with typecheck errors and 23-line autofix issues is resolved in 4d5bb72. The materialize tests (materialize-vendor-grammars.test.ts) have 8 scenarios covering: copy to real dir, skip flag, vendor hygiene (#836), idempotency, missing grammar, fail-soft per grammar (POSIX-only trigger), atomicity preservation (POSIX-only trigger), and manifest hygiene.

The POSIX-only partial-failure tests (skipOnWin) are documented at line 116: "The behavior they verify is platform-agnostic; only the trigger is." This is a reasonable documentation of the limitation.

G. Docs/user-facing behavior

Status: Mostly correct; one table row stale (Finding 1).

• README.md:109 ✓ — correctly lists all three grammars in the quick note.
• README.md:248 ✗ — table row only mentions Dart/Proto; Swift missing (Finding 1).
• Inline console.warn messages in all scripts are clear and actionable.
• optional-grammars.ts warning messages mention .dart/.proto correctly but don't cover .swift (Finding 2).

H. Branch hygiene/cross-domain scope

Status: Clean.

Changed files are entirely in: gitnexus/scripts/ (install), gitnexus/src/cli/optional-grammars.ts (degradation warnings), gitnexus/vendor/*/package.json (hygiene), gitnexus/test/unit/ (coverage), gitnexus/package{,-lock}.json (manifest), README.md (docs). No parser query logic, no graph schema, no web UI, no embeddings changes. Branch hygiene is clean.

---

Back-and-Forth Avoided by Verifying

Claim	Status
No file: links in package-lock.json for vendored grammars	✓ Confirmed
Vendor manifests have no install script or dependencies	✓ Confirmed
.npmignore excludes vendor build artifacts	✓ Confirmed
Swift prebuilds exist for all major platforms	✓ Confirmed (prebuilds/{darwin,linux,win32}-{arm64,x64})
node-gyp-build used for Swift (not node-gyp rebuild)	✓ Confirmed — prebuilt, no compilation
Idempotency: re-running materialize clears stale dest	✓ Confirmed by test at line 83-98
Earlier typecheck/lint failures (on 31d70b5) are resolved	✓ Confirmed — quality checks green on 821a79e

---

Open Questions

1. Does npm install (not ci) inside the package dir remove materialized grammars as extraneous? Scope: affects developers working on the package; not the global install use case. npm install in a dev checkout re-runs postinstall → re-materializes, so no net issue. npm prune --production could remove them. Low priority.

2. Does node-gyp-build on windows-latest CI correctly find the win32-x64 or win32-arm64 prebuild? The prebuilds directory has both. Not verifiable until CI completes.

---

Final Verdict

not production-ready

The core approach is sound and directly addresses the EPERM root cause: removing file: optional dependencies eliminates the npm symlink/junction step that fails on Windows without Developer Mode. The lockfile is clean, vendor hygiene is maintained (#836 invariant preserved), all three vendor manifests are stripped of install scripts and dependencies, and the materialization logic is fail-soft per grammar. Quality checks (typecheck, lint, format, autofix) are green on the latest head.

However, three issues prevent merging now: (1) The tests/windows-latest, tests/ubuntu/coverage, and tests/macos-latest CI jobs are still in progress — cannot confirm the materialize tests pass on Windows, which is the platform this fix targets. (2) README.md:248 still says only Dart/Proto are skipped under GITNEXUS_SKIP_OPTIONAL_GRAMMARS=1; Swift is absent from the table description despite being added to all three skip guards. (3) optional-grammars.ts doesn't include Swift in OPTIONAL_GRAMMARS, meaning warnMissingOptionalGrammars() won't warn users when Swift is unavailable — an asymmetry introduced by this PR that adds Swift to the materialization path. Items (2) and (3) are minor fixes; item (1) is a blocking gate that should resolve on its own once CI completes.

---

| PR #1729 | CI run