chore: release v3.9.2 (#891)

Author: carlos-alm

CHANGELOG.md

@@ -2,6 +2,25 @@
 
 All notable changes to this project will be documented in this file. See [commit-and-tag-version](https://github.com/absolute-version/commit-and-tag-version) for commit guidelines.
 
+## [3.9.2](https://github.com/optave/ops-codegraph-tool/compare/v3.9.1...v3.9.2) (2026-04-06)
+
+**Engine parity fix and build performance improvements.** This patch fixes a native engine deduplication bug that caused divergent results when multiple type map entries existed for the same symbol, improving engine parity. Build performance improves with deferred native database initialization (skipping the native DB entirely on no-op rebuilds) and a fix for an incremental rebuild regression introduced in v3.9.1. The resolution benchmark suite is significantly expanded with dynamic call tracing across all language fixtures, and the release workflow now gates on precision/recall thresholds.
+
+### Bug Fixes
+
+* **native:** confidence-aware dedup in type map for engine parity ([#885](https://github.com/optave/ops-codegraph-tool/pull/885))
+
+### Performance
+
+* defer NativeDatabase init to after no-op early exit ([#884](https://github.com/optave/ops-codegraph-tool/pull/884))
+* **native:** fix incremental rebuild regression ([#882](https://github.com/optave/ops-codegraph-tool/pull/882), [#888](https://github.com/optave/ops-codegraph-tool/pull/888))
+
+### Chores
+
+* **ci:** gate release workflow on resolution precision/recall thresholds ([#886](https://github.com/optave/ops-codegraph-tool/pull/886))
+* **bench:** resolution benchmark v2 — dynamic tracing, 14 languages, per-mode categories ([#878](https://github.com/optave/ops-codegraph-tool/pull/878))
+* **bench:** extend dynamic call tracing to all language fixtures ([#883](https://github.com/optave/ops-codegraph-tool/pull/883))
+
 ## [3.9.1](https://github.com/optave/ops-codegraph-tool/compare/v3.9.0...v3.9.1) (2026-04-05)
 
 **Dead code accuracy, native query performance, and supply-chain hardening.** This release significantly improves dead code detection — class instantiations via `new`, type-only imports, barrel re-exports, and same-file constants are now correctly tracked as consumption. The native Rust engine gains a composite `fnDeps` query that runs dependency resolution in a single cross-language call, and a critical 1238% incremental rebuild regression from v3.9.0 is fixed. WASM grammar validation and npm audit harden the build pipeline. CLI reliability improves with a fix for hangs in git worktree environments.

crates/codegraph-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "codegraph-core"
-version = "3.9.1"
+version = "3.9.2"
 edition = "2021"
 license = "Apache-2.0"
 

docs/roadmap/BACKLOG.md

@@ -1,6 +1,6 @@
 # Codegraph Feature Backlog
 
-**Last updated:** 2026-04-05
+**Last updated:** 2026-04-06
 **Source:** Features derived from [COMPETITIVE_ANALYSIS.md](../../generated/competitive/COMPETITIVE_ANALYSIS.md) and internal roadmap discussions.
 
 ---

docs/roadmap/ROADMAP.md

@@ -1,6 +1,6 @@
 # Codegraph Roadmap
 
-> **Current version:** 3.9.1 | **Status:** Active development | **Updated:** 2026-04-05
+> **Current version:** 3.9.2 | **Status:** Active development | **Updated:** 2026-04-06
 
 Codegraph is a strong local-first code graph CLI. This roadmap describes planned improvements across fourteen phases -- closing gaps with commercial code intelligence platforms while preserving codegraph's core strengths: fully local, open source, zero cloud dependency by default.
 
@@ -1476,6 +1476,14 @@ Upgrade the Phase 4.4 benchmark suite to enforce regression gates on the new res
 - CI gate: fail if caller coverage drops below baseline (initially 29%, ratcheted upward as each sub-phase ships)
 - Benchmark against Jelly and ACG on shared fixture projects for external validation
 
+**Progress (v3.9.2):**
+- ✅ Resolution benchmark v2 — dynamic call tracing across 14 languages, per-mode categories ([#878](https://github.com/optave/ops-codegraph-tool/pull/878))
+- ✅ Dynamic call tracing extended to all language fixtures ([#883](https://github.com/optave/ops-codegraph-tool/pull/883))
+- ✅ Release workflow gated on resolution precision/recall thresholds ([#886](https://github.com/optave/ops-codegraph-tool/pull/886))
+- 🔲 Per-technique breakdown (edges contributed by each resolver)
+- 🔲 Coverage dashboard in `codegraph stats`
+- 🔲 Benchmark against Jelly and ACG on shared fixture projects
+
 **Affected files:** `tests/benchmarks/resolution/`, `src/domain/analysis/symbol-lookup.ts`, `src/presentation/queries-cli/overview.ts`
 
 ### 8.7 -- Reaching Definition Analysis (PDG Foundation)
@@ -1685,8 +1693,8 @@ Commander supports shell completion but it's not implemented. Basic UX gap for a
 **Deliverables:**
 
 1. **CI `npm audit`** -- add `npm audit --omit=dev` step to CI pipeline; fail on critical/high vulnerabilities
-   - ✅ npm audit CI step added (v3.10.0, [#834](https://github.com/optave/ops-codegraph-tool/pull/834))
-   - ✅ WASM grammar validation — build-time integrity checks for tree-sitter grammar files (v3.10.0, [#834](https://github.com/optave/ops-codegraph-tool/pull/834))
+   - ✅ npm audit CI step added (v3.9.1, [#834](https://github.com/optave/ops-codegraph-tool/pull/834))
+   - ✅ WASM grammar validation — build-time integrity checks for tree-sitter grammar files (v3.9.1, [#834](https://github.com/optave/ops-codegraph-tool/pull/834))
 2. **SBOM generation** -- produce CycloneDX or SPDX SBOM on each release via `@cyclonedx/cyclonedx-npm` or similar
    - 🔲 Not yet started
 3. **SLSA provenance** -- enable SLSA Level 2+ build provenance using `actions/attest-build-provenance` in the publish workflow; attach attestation to npm packages

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@optave/codegraph",
-  "version": "3.9.1",
+  "version": "3.9.2",
   "description": "Local code graph CLI — parse codebases with tree-sitter, build dependency graphs, query them",
   "type": "module",
   "main": "dist/index.js",