AgentSkillsCN

cq

针对Python与Rust的高信号代码查询(搜索/查询宏、邻域组装、运行/链式工作流、LDMD渐进式披露,以及LSP支持的丰富化平面)。

SKILL.md
--- frontmatter
name: cq
description: High-signal code queries for Python and Rust (search/q macros, neighborhood assembly, run/chain workflows, LDMD progressive disclosure, and LSP-backed enrichment planes)
allowed-tools: Bash

Code Query (cq) Skill

Use this skill for high-recall, structured repository analysis before proposing changes. The cq tool provides markdown-formatted analysis injected directly into context. Canonical behavior and output semantics are documented in /home/paul/CodeAnatomy/.claude/skills/cq/reference/cq_reference.md.

Quick Reference

TaskCommand
Search for code/cq search <query>
Search with regex/cq search "pattern.*" --regex
Search in directory/cq search <query> --in src
Search Rust code/cq search <query> --lang rust
Find callers/cq calls <fn>
Trace parameter/cq impact <fn> --param <p>
Check signature change/cq sig-impact <fn> --to "<sig>"
Report bundle/cq report refactor-impact --target function:foo
Neighborhood analysis/cq neighborhood src/foo.py:120:4
Neighborhood alias/cq nb build_graph_product
Multi-step run/cq run --steps '[{"type":"q","query":"entity=function name=foo"},{"type":"calls","function":"foo"}]'
Run neighborhood step/cq run --steps '[{"type":"neighborhood","target":"src/foo.py:120:4"}]'
Plan file execution/cq run --plan analysis.toml
Command chaining/cq chain q "entity=function name=foo" AND calls foo
LDMD index/search/get/cq ldmd get path/to/output.ldmd --id root --mode preview --depth 1
Pattern search (AST)/cq q "pattern='getattr(\$X, \$Y)'"
Entity query/cq q "entity=function name=<name>"
Rust entity query/cq q "entity=function name=<name> lang=rust"
Context search/cq q "entity=function inside='class <C>'"
Find closures/cq q "entity=function scope=closure"
Visualize calls/cq q "entity=function name=<fn> expand=callers" --format mermaid
Security patterns/cq q "pattern='eval(\$X)'"

Decision Guide

Use CQ first for code discovery and structural analysis:

  • Use /cq search for code discovery instead of rg/grep.
  • Use /cq q "pattern=..." for AST-exact matching.
  • Use /cq calls or /cq impact before refactors.
  • Use /cq run for multi-step workflows to avoid repeated scans.
  • Use rg only for non-Python/non-Rust assets or explicit raw text needs.

Validated CQ Behavior (2026-02-11)

The following behaviors are validated and should be treated as current contract:

  • cq run --step and cq run --steps accept type="neighborhood" payloads.
  • cq search --in <dir> is reliable across src/, tools/, and rust/ scopes.
  • Directory include globs are language-constrained without malformed paths.

Known-good command matrix:

bash
# Inline neighborhood run step
/cq run --step '{"type":"neighborhood","target":"tools/cq/search/python_analysis_session.py:1"}' --format summary

# Neighborhood step array
/cq run --steps '[{"type":"neighborhood","target":"tools/cq/search/python_analysis_session.py:1"}]' --format summary

# Scoped search in tools
/cq search PythonAnalysisSession --in tools/cq --format summary

# Scoped rust search
/cq search compile --in rust --lang rust --format summary

# Scoped search in src
/cq search RuntimeProfile --in src --format summary

Neighborhood + LDMD (Implemented)

neighborhood is now a first-class CQ macro (alias: nb) and run-step type.

  • Target formats: file.py:line, file.py:line:col, or symbol_name.
  • Resolution behavior: shared resolver for CLI + run plans with deterministic tie-breaks and explicit degrade events.
  • Assembly behavior: deterministic merge of structural slices plus capability-gated LSP slices.
  • Python LSP slices: references, implementations, supertypes, subtypes via pyrefly adapters.
  • Rust LSP slices: references, implementations, and hover/signature/diagnostic context via rust-analyzer session probes.
  • Rendering path: canonical SemanticNeighborhoodBundleV1 -> CqResult rendering.

Resolution Cascade:

  1. Parse target spec (file:line[:col] or symbol name)
  2. For file targets: validate existence, resolve line/col directly
  3. For symbol targets: search ScanSnapshot, apply deterministic tie-breaking (prefer definitions over references)
  4. Record degrade events when resolution requires fallback

Structural Slice Kinds: definitions, references, call sites, imports (from scan snapshot).

LSP Slice Kinds (capability-gated):

KindPython (Pyrefly)Rust (rust-analyzer)
referencesYesYes
implementationsYesYes
supertypesYesYes (type hierarchy)
subtypesYesYes (type hierarchy)
hoverNoYes
diagnosticsNoYes

Key Types: BundleBuildRequest, SemanticNeighborhoodBundleV1, ScanSnapshot, TargetSpec, ResolvedTarget.

ldmd provides progressive disclosure tooling over marker-structured CQ output:

  • ldmd index for section metadata
  • ldmd search for section-level search
  • ldmd get with --mode full|preview|tldr and --depth
  • ldmd neighbors for adjacent-section traversal

LDMD Marker Grammar:

code
<!--LDMD:BEGIN id="section_id" title="Human Title" level="1" parent="parent_id" tags="tag1,tag2"-->
content...
<!--LDMD:END id="section_id"-->

The parser validates BEGIN/END nesting (stack-based), prevents duplicate IDs, and enforces parent/child relationships.

Get Modes:

ModeDescription
fullComplete section content
previewAbbreviated preview (limited to 5 items)
tldrBrief summary

Core Types: LdmdIndex (section metadata with byte offsets and depth), SectionMeta (per-section: id, start/end offset, depth, collapsed).

Advanced LSP Enrichment Planes (Implemented)

The following CQ enrichment planes are implemented under tools/cq/search and used by higher-level CQ flows:

  • semantic_overlays.py: range semantic tokens + inlay hints normalization.
  • diagnostics_pull.py: shared pull-diagnostics helpers for textDocument/diagnostic and workspace/diagnostic.
  • refactor_actions.py: diagnostic item bridging plus code-action resolve/execute helpers.
  • rust_extensions.py: rust-analyzer extensions (expandMacro, runnables) with fail-open behavior.

All advanced planes are capability-gated and on-demand. They must not block base CQ commands when unavailable.

Per-plane key types:

PlaneKey Types
Semantic OverlaysSemanticTokenSpanV1 (decoded token: line, start_char, length, token_type, modifiers), SemanticTokenBundleV1 (legend + encoding + raw data + decoded rows), InlayHintV1
Diagnostics Pullpull_text_document_diagnostics(), pull_workspace_diagnostics() (both capability-gated, return None when unsupported)
Refactor ActionsPrepareRenameResultV1 (rename range + placeholder + can_rename), DiagnosticItemV1 (normalized diagnostic with action-bridge fields)
Rust ExtensionsRustMacroExpansionV1 (macro name + expanded text + byte length), RustRunnableV1 (label, kind, args, location)

Pyrefly LSP Contract Types

TypeDescription
PyreflyTargetLocation target: kind, uri, file, line, col
PyreflySymbolGroundingGrounding: definition, declaration, type definition, implementation targets
PyreflyTypeContractResolved type/signature: resolved type, callable signature, parameters, return type, generics, async/generator flags
PyreflyOverviewSummary: primary symbol, caller/callee counts, implementations, diagnostics, matches enriched
PyreflyTelemetryExecution telemetry: attempted, applied, failed, skipped, timed out

Rust LSP Contract Types

TypeDescription
LspCapabilitySnapshotV1Server/client/experimental capability snapshot for gating decisions
LspSessionEnvV1Session envelope: server name/version, position encoding, health, quiescent state
RustDiagnosticV1Normalized diagnostic: URI, range, severity, code, source, message, data passthrough
RustSymbolGroundingGrounding bundle: definitions, type definitions, implementations, references
RustCallGraphCall graph: incoming callers + outgoing callees
RustLspEnrichmentPayloadUnified payload: session env, grounding, call graph, type hierarchy, symbols, diagnostics, hover

Enrichment Contracts

Shared across Python and Rust pipelines (search/enrichment/contracts.py):

TypeDescription
EnrichmentMetaCommon metadata: language, status, sources, degrade reason, payload size hint, dropped/truncated fields
PythonEnrichmentPayloadPython wrapper: meta: EnrichmentMeta + data: dict[str, object]
RustEnrichmentPayloadRust wrapper: meta: EnrichmentMeta + data: dict[str, object]

Rust Language Support

cq supports searching and querying Rust code (.rs files) alongside Python. Language scope defaults to auto (search both Python and Rust); use --lang rust or lang=rust to narrow scope.

Scope is extension-authoritative:

  • python => .py, .pyi
  • rust => .rs
  • auto => union

Contract and Runtime Policy

  • Use msgspec.Struct for CQ serialized contracts that move between modules (tools/cq/search/contracts.py, tools/cq/search/enrichment/contracts.py).
  • Keep runtime parser/cache objects as runtime-only types; do not force them into serialized contract models.
  • In CQ hot paths (tools/cq/search, tools/cq/query, tools/cq/run), avoid pydantic; use typed runtime objects and boundary serialization instead.
  • Use frozen CqStruct request objects (tools/cq/search/requests.py, tools/cq/core/requests.py) for internal operation input contracts.
  • PythonAnalysisSession (tools/cq/search/python_analysis_session.py) caches per-file analysis artifacts (ast-grep, AST, symtable, LibCST, tree-sitter) keyed by content hash. Maximum 64 cached sessions.

Supported Commands for Rust

CommandRust SupportHow to Use
searchYes--lang rust flag
q (entity)Yeslang=rust in query string
q (pattern)Yeslang=rust in query string
run / chainYeslang field in step specs
neighborhood / nbYes--lang rust with file.rs:line[:col] or symbol target
callsNoPython-only (AST/symtable)
impactNoPython-only (AST/symtable)
sig-impactNoPython-only (AST/symtable)
importsNoPython-only (ast module)
scopesNoPython-only (symtable)
bytecode-surfaceNoPython-only (dis module)
side-effectsNoPython-only
exceptionsNoPython-only

Rust Entity Types

Query EntityMatches in Rust
functionfn declarations (function_item)
classstruct, enum, trait definitions
methodfn inside impl blocks
callsiteFunction/method call expressions
importuse declarations
decoratorNot applicable (empty)

Rust Examples

bash
# Search Rust code for a symbol
/cq search register_udf --lang rust

# Find all Rust function definitions
/cq q "entity=function lang=rust"

# Find Rust structs/enums/traits by name
/cq q "entity=class name=~^Arrow lang=rust"

# Find Rust use declarations
/cq q "entity=import lang=rust in=rust"

# Pattern search in Rust code
/cq q "pattern='pub fn \$F(\$$$) -> \$R' lang=rust"

# Find impl blocks with pattern queries
/cq q "pattern='impl \$T for \$Trait' lang=rust"

# Scoped Rust search
/cq search ScalarUDF --lang rust --in rust

# Multi-step with Rust
/cq run --steps '[{"type":"q","query":"entity=function lang=rust"},{"type":"q","query":"entity=import lang=rust in=rust"}]'

Language Parity Matrix

FeaturePythonRustNotes
entity=functionFullFull
entity=classFullFullstruct/enum/trait in Rust
entity=importFullFulluse declarations
entity=callsiteFullFullincl. macro invocations
entity=methodFullFullimpl-scoped in Rust
entity=moduleNonePartialRust mod_item only
entity=decoratorFullNoneRust has no decorators
Pattern queriesFullFull
Relational constraintsFullFull
neighborhood macroFullFullAnchor/symbol target resolution with capability-gated LSP slices
Scope filteringFullNonePython symtable only
Bytecode queriesFullNonePython dis only
calls macroFullPartialRust: location only
impact/sig-impactFullNonePython AST only
imports/exceptionsFullNonePython only
side-effects/scopesFullNonePython only
bytecode-surfaceFullNonePython only
ldmd protocolFullFullOutput/post-processing protocol, language-agnostic

Smart Search (Default for Code Discovery)

Smart Search (/cq search) is the primary tool for finding code. It provides semantically-enriched results that are superior to grep for code work.

Basic Usage

bash
# Simple identifier search (auto-detected)
/cq search build_graph

# Regex pattern
/cq search "config.*path" --regex

# Literal string
/cq search "hello world" --literal

# Scoped to directory
/cq search CqResult --in tools/cq/core

# Include strings/comments/docstrings
/cq search build_graph --include-strings

Why Smart Search > grep

AspectSmart Searchgrep/rg
ClassificationDefs, calls, imports, refsText only
GroupingBy containing functionBy file
Non-codeHidden by defaultMixed in
Follow-upsSuggested next commandsNone
RankingBy relevance (code > tests)None

Output Sections

  • Top Contexts: Representative match per containing function
  • Definitions: Function/class definitions (identifier mode)
  • Imports: Import statements
  • Callsites: Function calls
  • Uses by Kind: Category breakdown
  • Non-Code Matches: Strings/comments (collapsed)
  • Hot Files: Files with most matches
  • Suggested Follow-ups: Next commands to explore
  • Code Facts: Per-finding enrichment clusters (Identity, Scope, Interface, Behavior, Structure)
  • Code Overview: Top-level query-focused summary (query/mode/scope/top symbols/top files/categories)
  • Summary/Footer diagnostics: Capability + telemetry data (including dropped_by_scope)

Enrichment Pipeline

Each Python match undergoes a 5-stage enrichment pipeline extracting complementary semantic information:

StageSourceProvides
ast_grepast-grep-pyNode kind, enclosing scope, symbol role
python_astPython astAST node type, scope nesting, decorator context
import_detailImport visitorModule path, alias resolution
libcstLibCST providersQualified names, scope analysis, binding candidates
tree_sittertree-sitter queriesParse quality metrics, structural patterns

Enrichment data is organized into structured sections in the output:

SectionWhat It Tells You
metaPipeline status and per-stage timing
resolutionWhat a symbol resolves to (qualified names, bindings, call targets)
behaviorRuntime characteristics (async, generator, exception handling)
structuralCode structure (enclosing scope, nesting depth, decorators)
parse_qualitySource file health (syntax validity, parse errors)
agreementCross-source confidence ("full"/"partial"/"conflict")

Cross-source agreement compares results from ast_grep, libcst, and tree_sitter:

  • full = high confidence (all sources agree)
  • partial = reasonable confidence (some sources unavailable)
  • conflict = manual review recommended (sources disagree)

Code Facts in Markdown

When using --format md, findings include a compact Code Facts block before the context snippet. Values are grouped by cluster:

  • Identity: language, role, qualified name, binding candidates
  • Scope: enclosing callable/class, alias chain, visibility
  • Interface: signature, parameters, return type, attributes/decorators
  • Behavior: async/generator, await/yield, raise/control-flow context
  • Structure: shape-oriented fields (for example struct/enum metadata when available)

Missing values are explicit:

  • N/A — not applicable
  • N/A — not resolved
  • N/A — enrichment unavailable

Interpretation guidance:

  • not applicable: expected for this language/kind.
  • not resolved: applicable but unresolved; narrow scope or run a structural follow-up query.
  • enrichment unavailable: fail-open/missing enrichment; retry with focused scope if needed.

Parallel Classification

Smart search classification runs in parallel for large result sets:

  • Matches partitioned by file across up to 4 worker processes
  • Uses multiprocessing spawn context for safety in multi-threaded parents
  • Fail-open: falls back to sequential on any worker error
  • Transparent to output (same results, faster execution)

Render-Time Enrichment

For findings missing enrichment (e.g., from macro commands), cq performs on-demand enrichment at markdown render time:

  • Enriches up to 9 unique files in parallel (4 workers)
  • Uses multiprocessing spawn context
  • Results cached by (file, line, col, language) for deduplication
  • Findings beyond the file limit render without render-time enrichment

Plain Query Fallback

Plain queries in /cq q automatically use Smart Search:

bash
/cq q build_graph  # Same as: /cq search build_graph

When to Use Smart Search vs Pattern Queries

NeedUse
Find where symbol is used/cq search <symbol>
Find structural pattern/cq q "pattern='...'"
Find in strings/comments/cq search --include-strings
Find AST-exact matches/cq q "pattern='...'"

Multi-Step Execution

Execute multiple queries with a single repo scan for improved performance.

Run/Chain Notes

  • --step and --steps accept JSON in a single token (quote the entire JSON).
  • cq run continues on error by default; --stop-on-error fails fast.
  • Merged results include details.data["source_step"] and details.data["source_macro"].
  • cq chain uses a delimiter token (default AND); quote multi-word queries.

cq run (JSON/TOML Plans)

bash
# Inline JSON steps (agent-friendly)
/cq run --steps '[{"type":"search","query":"build_graph"},{"type":"q","query":"entity=function name=build_graph"},{"type":"calls","function":"build_graph"}]'

# From TOML plan file
/cq run --plan docs/plans/refactor_check.toml

# Mixed: plan + inline steps
/cq run --plan base.toml --step '{"type":"impact","function":"foo","param":"x"}'

# Neighborhood step (anchor target)
/cq run --steps '[{"type":"neighborhood","target":"tools/cq/search/rust_lsp.py:745:1","lang":"python","top_k":8}]'

cq chain (Command Chaining)

bash
# Default AND delimiter
/cq chain q "entity=function name=build_graph" AND calls build_graph AND search build_graph

# Custom delimiter
/cq chain q "..." OR calls foo --delimiter OR

Step Types

TypeRequired FieldsOptional Fields
qqueryid
searchqueryregex, literal, include_strings, in_dir, id
callsfunctionid
impactfunction, paramdepth, id
importscycles, module, id
exceptionsfunction, id
sig-impactsymbol, toid
side-effectsmax_files, id
scopestargetmax_files, id
bytecode-surfacetargetshow, max_files, id
neighborhoodtargetlang, top_k, no_lsp, id

When to Use Multi-Step

ScenarioApproach
Ad-hoc multi-query/cq chain cmd1 AND cmd2 AND cmd3
Repeatable workflow/cq run --plan workflow.toml
Agent automation/cq run --steps '[...]'
Pre-refactoring checklistCreate TOML plan, run before changes

TOML Plan File Format

toml
version = 1
in_dir = "src/"           # Optional global scope
exclude = ["tests/"]      # Optional global excludes

[[steps]]
type = "search"
query = "build_graph"

[[steps]]
type = "q"
query = "entity=function name=build_graph expand=callers"

[[steps]]
type = "calls"
function = "build_graph"

Performance Benefit

Multiple q steps share a single repo scan instead of scanning once per query. This provides significant speedup when running multiple entity queries against the same codebase.

Global Options

All commands support these global options:

OptionEnv VarDefaultDescription
--root PATHCQ_ROOTAuto-detectRepository root
--config PATHCQ_CONFIG.cq.tomlConfig file path
--no-configCQ_NO_CONFIGfalseSkip config loading
--verbose NCQ_VERBOSE0Verbosity (0-3)
--format FMTCQ_FORMATmdOutput format
--artifact-dir PATHCQ_ARTIFACT_DIR.cq/artifactsArtifact directory
--no-save-artifactCQ_NO_SAVE_ARTIFACTfalseSkip saving artifacts

Filters

  • --include, --exclude (glob or ~regex)
  • --impact (low,med,high)
  • --confidence (low,med,high)
  • --severity (error,warning,info)
  • --limit (max findings)

Output Formats

FormatDescription
mdMarkdown (default) - optimized for Claude and Codex context
jsonFull JSON - for programmatic use
bothMarkdown followed by JSON
summaryCondensed single-line - for CI
mermaidMermaid flowchart - call graphs
mermaid-classMermaid class diagram
dotGraphviz DOT format
ldmdLDMD marker format for progressive disclosure

Examples with Global Options

bash
# Use JSON output
/cq calls build_graph --format json

# Specify custom root
/cq q "entity=function" --root /path/to/repo

# Verbose output for debugging
/cq impact foo --param bar --verbose 2

# Skip config file (use defaults only)
/cq calls foo --no-config

Configuration

Config File

Create .cq.toml in your repo root:

toml
[cq]
format = "md"
verbose = 0
artifact_dir = ".cq/artifacts"
save_artifact = true

Environment Variables

All options can be set via environment variables with CQ_ prefix:

bash
export CQ_FORMAT=json
export CQ_VERBOSE=1
export CQ_ROOT=/path/to/repo
export CQ_PY_ENRICHMENT_CROSSCHECK=1
export CQ_RUST_ENRICHMENT_CROSSCHECK=1

Precedence

  1. CLI flags (highest)
  2. Environment variables
  3. Config file
  4. Defaults (lowest)

Reference Documentation

For detailed information on architecture, scoring, filtering, and troubleshooting:

  • Complete reference: reference/cq_reference.md

Quick Command Reference

Analysis Commands

CommandPurposeExample
searchSmart code search with enrichment/cq search build_graph
impactTrace data flow from a parameter/cq impact build_graph_product --param repo_root
callsCensus all call sites for a function/cq calls build_graph_product
sig-impactTest signature change viability/cq sig-impact foo --to "foo(a, *, b=None)"
importsAnalyze import structure/cycles/cq imports --cycles
exceptionsAnalyze exception handling/cq exceptions
side-effectsDetect import-time side effects/cq side-effects
scopesAnalyze closure captures/cq scopes path/to/file.py
bytecode-surfaceAnalyze bytecode dependencies/cq bytecode-surface file.py
neighborhood / nbAnalyze semantic neighborhood around anchor/symbol target/cq neighborhood tools/cq/search/rust_lsp.py:745:1
qDeclarative entity queries/cq q "entity=import name=Path"
runMulti-step execution (shared scan)/cq run --steps '[{"type":"q","query":"entity=function name=foo"},{"type":"calls","function":"foo"}]'
chainCommand chaining frontend/cq chain q "entity=function name=foo" AND calls foo
ldmdProgressive disclosure protocol for LDMD docs/cq ldmd get path/to/output.ldmd --id root --mode preview --depth 1

Command Details

impact - Parameter Flow Analysis

Traces how data flows from a parameter through the codebase.

Results: !./scripts/cq impact "$1" --param "$2" --root . Usage: /cq impact <FUNCTION_NAME> --param <PARAM_NAME> [--depth N]

Example: /cq impact build_graph_product --param repo_root

calls - Call Site Census

Finds all call sites with argument shape analysis, forwarding detection, and context enrichment.

Results: !./scripts/cq calls "$1" --root . Usage: /cq calls <FUNCTION_NAME>

Example: /cq calls build_graph_product

Output Sections:

  • Summary: total sites, files, signature preview
  • Argument Shape Histogram: distribution of arg patterns
  • Keyword Argument Usage: which kwargs used how often
  • Calling Contexts: which functions call this one
  • Hazards: dynamic dispatch patterns detected
  • Call Sites: detailed list with previews and context

Context Window Enrichment:

Each call site includes a context window showing the containing function:

FieldDescription
context_windowLine range (start_line, end_line) of containing function
context_snippetSource code snippet of the containing function (truncated if >30 lines)

The context snippet uses smart block selection to show the most relevant code:

  • Function header: The def line and signature are always included
  • Docstring skipping: Leading docstrings are omitted to focus on logic
  • Anchor block: Lines around the actual call site are prioritized
  • Omission markers: Gaps show # ... omitted (N lines) ... instead of truncating

This ensures the call site is always visible in context, even in long functions, rather than being truncated away.

sig-impact - Signature Change Analysis

Classifies call sites as would_break, ambiguous, or ok for a proposed signature change.

Results: !./scripts/cq sig-impact "$1" --to "$2" --root . Usage: /cq sig-impact <FUNCTION_NAME> --to "<new_signature>"

Example: /cq sig-impact _find_repo_root --to "_find_repo_root(start: Path | None = None, *, strict: bool = False)"

imports - Import Structure Analysis

Analyzes module import structure and detects import cycles.

Results: !./scripts/cq imports --cycles --root . Usage: /cq imports [--cycles] [--module <MODULE>]

Example: /cq imports --cycles

exceptions - Exception Handling Analysis

Analyzes exception handling patterns, uncaught exceptions, and bare except clauses.

Results: !./scripts/cq exceptions --root . Usage: /cq exceptions [--function <FUNCTION>]

Example: /cq exceptions

side-effects - Import-Time Side Effects

Detects side effects at module import time (top-level calls, global mutations).

Results: !./scripts/cq side-effects --root . Usage: /cq side-effects [--max-files <N>]

Example: /cq side-effects --max-files 500

scopes - Closure Scope Analysis

Uses symtable to analyze scope capture: free vars, cell vars, globals, nonlocals.

Results: !./scripts/cq scopes "$1" --root . Usage: /cq scopes <FILE_OR_SYMBOL>

Example: /cq scopes tools/cq/macros/impact.py

bytecode-surface - Bytecode Dependency Analysis

Analyzes bytecode for hidden dependencies: globals, attributes, constants.

Results: !./scripts/cq bytecode-surface "$1" --root . Usage: /cq bytecode-surface <FILE_OR_SYMBOL> [--show <globals,attrs,constants,opcodes>]

Example: /cq bytecode-surface tools/cq/macros/calls.py --show globals,attrs

neighborhood / nb - Semantic Neighborhood Analysis

Builds a semantic neighborhood around a target and returns structural plus LSP-backed slices.

Results: !./scripts/cq neighborhood "$1" --root . Usage: /cq neighborhood <TARGET> [--lang python|rust] [--top-k N] [--no-lsp]

Target formats:

  • path/to/file.py:line
  • path/to/file.py:line:col
  • symbol_name

Example: /cq neighborhood tools/cq/search/rust_lsp.py:745:1 --lang python Example: /cq nb enrich_with_rust_lsp --lang python

Run-step equivalent:

json
{"type":"neighborhood","target":"tools/cq/search/rust_lsp.py:745:1","lang":"python","top_k":10}

ldmd - Progressive Disclosure Protocol

LDMD commands operate on marker-structured CQ output and support depth/mode retrieval.

Usage:

  • /cq ldmd index <PATH>
  • /cq ldmd search <PATH> --query "<text>"
  • /cq ldmd get <PATH> --id <SECTION_ID> --mode full|preview|tldr --depth N
  • /cq ldmd neighbors <PATH> --id <SECTION_ID>

Example: /cq ldmd get path/to/output.ldmd --id root --mode preview --depth 1

Bytecode Queries (dis Module Integration)

Query bytecode instructions directly using Python's dis module (Python-only).

Instruction Filters:

FilterDescriptionExample
bytecode.opname=XExact opcode matchbytecode.opname=LOAD_GLOBAL
bytecode.opname=~regexOpcode regex matchbytecode.opname=~^CALL
bytecode.is_jump_target=trueJump target instructionsBranch points
bytecode.stack_effect>=NStack effect filterNet stack changes

Examples:

bash
# Find functions using LOAD_GLOBAL
/cq q "entity=function bytecode.opname=LOAD_GLOBAL"

# Find functions with any CALL opcode
/cq q "entity=function bytecode.opname=~^CALL"

# Find complex control flow (many basic blocks)
/cq q "entity=function fields=basic_block_count" | grep -E "blocks: [0-9]{2,}"

q - Declarative Entity Queries

The q command provides a composable query DSL for finding code entities.

Results: !./scripts/cq q "$1" --root . Usage: /cq q "<query_string>"

Query Syntax: entity=TYPE [name=PATTERN] [in=DIR] [expand=KIND] [fields=FIELDS] [limit=N]

Note: limit=N is enforced for pattern queries only. Entity queries do not currently cap results via limit.

Entity Types (Python, default):

EntityFindsNotes
functionFunction definitions
classClass definitions
importImport statements (all forms)
callsiteFunction/method call sites
methodFunction definitions (not class-context validated)Matches all functions, not just methods
moduleNot implementedAlways returns empty results
decoratorDecorated definitionsSee Decorator Queries section

Entity Types (Rust, with lang=rust):

EntityFinds
functionfn declarations
classstruct, enum, trait definitions
methodfn inside impl blocks
importuse declarations
callsiteCall expressions

Name Patterns:

  • Exact: name=build_graph_product
  • Regex: name=~^test_.* (prefix with ~)

Scope:

  • in=src/semantics - Search only in directory
  • exclude=tests,__pycache__ - Exclude directories

Expanders:

  • expand=callers - Find functions that call the target
  • expand=callees - Find functions called by target
  • expand=callers(depth=2) - Transitive callers

Fields:

  • fields=def - Include definition metadata
  • fields=callers - Include caller section

Examples:

bash
# Find all imports of Path
/cq q "entity=import name=Path"

# Find functions matching pattern with callers
/cq q "entity=function name=~^build expand=callers in=src"

# Find class definitions with definition metadata
/cq q "entity=class in=src/semantics fields=def"

# Show query plan explanation
/cq q "entity=function name=compile explain=true"

Pattern Queries (Structural Search)

Pattern queries use ast-grep syntax for structural code matching without false positives from strings/comments.

SyntaxDescription
pattern='$X = getattr($Y, $Z)'Match getattr assignments
pattern='def $F($$$)'Match any function definition
pattern='async def $F($$$)'Match async functions
strictness=signatureMatch signatures only

Examples:

bash
# Find dynamic attribute access
/cq q "pattern='getattr(\$X, \$Y)'"

# Find all f-string usages
/cq q "pattern='f\"\$\$\$\"'"

# Find specific decorator usage
/cq q "pattern='@dataclass'"

# Find eval/exec (security-sensitive pattern)
/cq q "pattern='eval(\$X)'"

# Find pickle.load (unsafe deserialization pattern)
/cq q "pattern='pickle.load(\$X)'"

Pattern Objects (Disambiguation)

When a simple pattern has multiple interpretations (e.g., { "k": v } could match dict literals or JSON pair assignments), use pattern objects with context and selector to disambiguate.

Syntax:

bash
/cq q "pattern.context='<containing_pattern>' pattern.selector=<node_kind>"
FieldDescription
pattern.contextThe outer pattern providing context
pattern.selectorAST node kind to extract (e.g., pair, argument)

Examples:

bash
# Find JSON-style key-value pairs (not dict literals)
/cq q "pattern.context='{ \"\$K\": \$V }' pattern.selector=pair"

# Find specific argument positions in calls
/cq q "pattern.context='func(\$A, \$B)' pattern.selector=argument"

# Extract decorators from decorated functions
/cq q "pattern.context='@\$D def \$F(\$$$): \$$$' pattern.selector=decorator"

Strictness Modes

Control how precisely patterns match code structure.

ModeDescriptionUse Case
cstExact CST match (whitespace-sensitive)Formatting-aware queries
smartBalances precision and recall (default)General-purpose
astPure AST match (ignores whitespace, parens)Structure-only matching
relaxedLooser matching for explorationFinding similar patterns
signatureMatch function signatures onlyAPI shape queries

Examples:

bash
# Match signatures only (ignore body)
/cq q "pattern='def \$F(\$A, \$B)' strictness=signature"

# AST-only (ignore formatting differences)
/cq q "pattern='x + y' strictness=ast"

Meta-Variable Enhancements

Meta-variables capture code structure in patterns.

SyntaxNameDescription
$XSingleMatch exactly one AST node
$$XMulti-namedMatch zero or more nodes, bind to X
$$$Multi-anonymousMatch zero or more nodes (no binding)
$_XNon-capturingMatch one node, no equality enforcement

Equality Enforcement: When the same named meta-variable appears multiple times, all captures must match:

bash
# Find self-assignment (x = x)
/cq q "pattern='\$X = \$X'"

# Find swaps (a, b = b, a)
/cq q "pattern='\$A, \$B = \$B, \$A'"

Meta-Variable Filtering: Filter captures with regex patterns:

SyntaxDescription
$X=~patternCapture must match regex
$X=!~patternCapture must NOT match regex

Examples:

bash
# Find getattr with string literal attribute names
/cq q "pattern='getattr(\$X, \$Y)' \$Y=~'^\"'"

# Find operators that aren't equality
/cq q "pattern='\$A \$\$OP \$B' \$\$OP=!~'^[=!]'"

# Find function calls starting with 'test_'
/cq q "pattern='\$F(\$$$)' \$F=~'^test_'"

Composite Queries (all/any/not)

Combine multiple patterns with logical operators.

OperatorSyntaxDescription
allall='p1,p2'AND - all patterns must match
anyany='p1,p2'OR - at least one pattern matches
notnot='pattern'Exclude matches

Examples:

bash
# Find functions with both await and return
/cq q "entity=function all='await \$X,return \$Y'"

# Find any form of logging
/cq q "any='logger.\$M(\$$$),print(\$$$),console.log(\$$$)'"

# Find functions without docstrings
/cq q "entity=function not.has='\"\"\"'"

# Exclude test functions
/cq q "entity=function name=~^build not.has='@pytest'"

# Complex: async functions that don't use await
/cq q "entity=function has='async def' not.has='await'"

Ordered Capture with all: Patterns in all= preserve capture order for meta-variables:

bash
# Find where $A is used before being assigned
/cq q "all='use(\$A)', '\$A = \$B'"

nthChild Positional Matching

Match elements by their position within a parent.

ParameterDescription
nthChild=NMatch exactly the Nth child (1-indexed)
nthChild='2n+1'Match odd-positioned children
nthChild.reverse=trueCount from end instead of start
nthChild.ofRule='...'Count only matching siblings

Examples:

bash
# Find first argument in function calls
/cq q "pattern='\$F(\$ARG)' nthChild=1"

# Find last parameter in definitions
/cq q "pattern='def \$F(\$$$, \$LAST)' nthChild.reverse=true nthChild=1"

# Find every other decorator
/cq q "pattern='@\$D' nthChild='2n'"

Relational Constraints (Contextual Search)

Find code in specific structural contexts.

ConstraintDescription
inside='class Config'Within a class
has='return $X'Contains a pattern
precedes='$X'Before a pattern
follows='$X'After a pattern

stopBy Control: Control how far to search for containment:

ModeSyntaxDescription
neighborDefaultStop at immediate neighbors
endinside.stopBy=endSearch to end of scope
Custominside.stopBy='def \$F'Stop at matching pattern

Field-Scoped Searches: Limit searches to specific AST fields (only for inside/has):

SyntaxDescription
inside.field=bodySearch only in function body
has.field=argumentsSearch only in function arguments
has.field=returnsSearch only in return type annotation

Examples:

bash
# Find methods inside Config classes
/cq q "entity=function inside='class Config'"

# Find functions that contain getattr
/cq q "entity=function has='getattr(\$X, \$Y)'"

# Find functions inside async context managers
/cq q "entity=function inside='async with \$X'"

# Search to end of containing scope
/cq q "pattern='return \$X' inside='def \$F' inside.stopBy=end"

# Find only in function body (not decorators/annotations)
/cq q "pattern='yield \$X' inside='def \$F' inside.field=body"

# Find patterns in decorator arguments only
/cq q "pattern='\$X' has.field=arguments inside='@\$D(\$$$)'"

Validation Note: The field parameter only works with inside and has, not with precedes or follows.

Scope Filtering (Closure Analysis)

Filter functions by scope characteristics using Python's symtable (Python-only).

FilterDescription
scope=closureFunctions that capture variables
scope=nestedFunctions nested inside other functions
scope=toplevelTop-level (module-level) functions
captures=var_nameFunctions capturing specific variable

Examples:

bash
# Find all closures
/cq q "entity=function scope=closure"

# Find closures in a specific directory
/cq q "entity=function scope=closure in=src/semantics"

# Find functions capturing a specific variable
/cq q "entity=function captures=config"

Decorator Queries

Find decorated definitions using entity=decorator.

Note: decorated_by and decorator_count_* filters only take effect with entity=decorator. They are silently ignored for entity=function or entity=class.

SyntaxDescription
entity=decoratorFind decorated definitions
decorated_by=dataclassFilter to specific decorator
decorator_count_min=2Filter by decorator count

Examples:

bash
# Find all decorated definitions
/cq q "entity=decorator"

# Find definitions with @pytest.fixture
/cq q "entity=decorator decorated_by=fixture"

# Find definitions with 3+ decorators
/cq q "entity=decorator decorator_count_min=3"

# Alternative: use pattern queries for decorator search on functions
/cq q "pattern='@dataclass' inside='class \$C'"

Join Queries (Cross-Entity Relationships) — Planned

Status: Planned. Join syntax is parsed but join filters are not yet enforced at runtime. Queries with join clauses will return unfiltered results. Use expand=callers or pattern queries for relationship analysis until joins are implemented.

Find entities by their relationships to other entities.

JoinDescription
used_by=function:mainCalled by main function
defines=class:ConfigModules defining Config class
raises=class:ValueErrorFunctions raising ValueError
exports=function:mainModules exporting main

Examples:

bash
# Find functions called by main
/cq q "entity=function used_by=function:main"

# Find modules that define Config class
/cq q "entity=module defines=class:Config"

# Find functions that raise ValueError
/cq q "entity=function raises=class:ValueError"

Visualization Outputs

Generate visual representations of code structure.

FormatDescriptionUse Case
--format mermaidMermaid flowchartCall graphs
--format mermaid-classMermaid class diagramClass hierarchies
--format dotGraphviz DOTComplex graphs

Examples:

bash
# Generate call graph
/cq q "entity=function name=build_graph expand=callers" --format mermaid

# Generate class diagram
/cq q "entity=class in=src/semantics" --format mermaid-class

# Export for Graphviz
/cq q "entity=function expand=callees" --format dot > graph.dot

Security Pattern Queries

Use pattern queries to find security-sensitive constructs without a dedicated scanner.

bash
# Dynamic code execution
/cq q "pattern='eval(\$X)'"
/cq q "pattern='exec(\$X)'"

# Unsafe deserialization
/cq q "pattern='pickle.load(\$X)'"
/cq q "pattern='yaml.load(\$X)'"

# Shell injection risks
/cq q "pattern='subprocess.\$M(\$$$, shell=True)'"

Enrichment Telemetry

Smart search summary includes pipeline performance data:

MetricDescription
summary.enrichment_telemetry.python.appliedPython findings that received enrichment
summary.enrichment_telemetry.python.degradedPython findings with partial enrichment
summary.enrichment_telemetry.python.skippedPython findings where enrichment was skipped
summary.enrichment_telemetry.python.stages.*Per-stage applied/degraded/skipped counts and timing
summary.enrichment_telemetry.rust.appliedRust findings that received enrichment
summary.enrichment_telemetry.rust.degradedRust findings with partial enrichment
summary.enrichment_telemetry.rust.skippedRust findings where enrichment was skipped

Per-stage breakdown covers: ast_grep, python_ast, import_detail, libcst, tree_sitter.

Use telemetry to diagnose enrichment issues: high degraded counts suggest parse errors, high skipped counts suggest missing dependencies, and stage timing identifies bottlenecks.

Markdown Output Structure

The markdown output follows this ordering:

  1. Title - Command and target
  2. Code Overview - Query-focused overview (code-informative, not diagnostics-first)
  3. Key Findings - Top-level actionable insights
  4. Sections - Organized finding groups with per-finding Code Facts
  5. Evidence - Supporting details
  6. Artifacts - Saved JSON artifact references
  7. Summary - Single ordered JSON line with priority-keyed metrics

The summary appears at the end as a compact JSON line:

code
{"macro":"search","total_matches":45,"definitions":3,"callsites":12,...}

Summary keys are ordered by priority: core metrics first, then classification breakdown, enrichment telemetry, and timing data.

Filtering & Output

Filter Options (all commands)

OptionDescription
--impact high,med,lowFilter by impact bucket
--confidence high,med,lowFilter by confidence bucket
--severity error,warning,infoFilter by severity
--include <pattern>Include files (glob or ~regex)
--exclude <pattern>Exclude files (glob or ~regex)
--limit NMax findings

Output Formats

FormatFlagUse Case
Markdown--format mdClaude context (default)
JSON--format jsonProgrammatic use
Both--format bothMarkdown + JSON in one response
Summary--format summaryCI integration
Mermaid--format mermaidFlow/call graph output
Mermaid Class--format mermaid-classClass hierarchy output
DOT--format dotGraphviz pipelines
LDMD--format ldmdMarker-preserving output for progressive disclosure

Filtering Examples

bash
# High-impact findings in src/
/cq impact build_graph_product --param repo_root --impact high --include "src/"

# Exclude tests
/cq exceptions --exclude "tests/" --limit 100

# Multiple filters
/cq calls build_graph_product --impact med,high --include "src/relspec/" --exclude "*test*"

# Regex pattern
/cq side-effects --include "~src/(extract|normalize)/.*\\.py$"

Scoring System

Impact Score (0.0-1.0)

Weighted formula:

  • Sites affected (45%)
  • Files affected (25%)
  • Propagation depth (15%)
  • Breaking changes (10%)
  • Ambiguous cases (5%)

Confidence Score (0.0-1.0)

Based on evidence quality:

  • resolved_ast = 0.95 (full AST with symbol resolution)
  • bytecode = 0.90 (bytecode inspection)
  • resolved_ast_heuristic = 0.75 (AST with heuristic matching)
  • bytecode_heuristic = 0.75 (bytecode with heuristics)
  • cross_file_taint = 0.70 (multi-file taint propagation)
  • heuristic = 0.60 (pattern matching only)
  • rg_only = 0.45 (ripgrep text search only)
  • unresolved = 0.30 (unverified/fallback)

Buckets

BucketThreshold
high>= 0.7
med>= 0.4
low< 0.4

DetailPayload

Finding.details is now a structured DetailPayload (not dict[str, Any]):

FieldTypeDescription
kindstr | NoneFinding detail kind
scoreScoreDetails | NoneNested scoring metadata (impact_score, impact_bucket, confidence_score, confidence_bucket, evidence_kind)
datadict[str, object]Arbitrary additional data

DetailPayload supports mapping-style access and from_legacy() for backward-compatible conversion from unstructured dicts.

When to Use

ScenarioCommand
Refactoring a function/cq calls <function>
Modifying a parameter/cq impact <function> --param <param>
Changing a signature/cq sig-impact <function> --to "<new_sig>"
Import cycle issues/cq imports --cycles
Improving error handling/cq exceptions
Test isolation issues/cq side-effects
Extracting nested functions/cq scopes <file>
Finding hidden deps/cq bytecode-surface <file>
Exploring local impact around anchor/symbol/cq neighborhood <file:line[:col] | symbol>
Finding specific imports/cq q "entity=import name=pandas"
Finding functions by pattern/cq q "entity=function name=~^test_"
Quick entity census/cq q "entity=class in=src"
Finding structural patterns/cq q "pattern='getattr(\$X, \$Y)'"
Context-aware search/cq q "entity=function inside='class Config'"
Closure investigation/cq q "entity=function scope=closure"
Understanding code flow/cq q "entity=function expand=callers" --format mermaid
Decorator analysis/cq q "entity=decorator decorated_by=fixture"
Security pattern queries/cq q "pattern='eval(\$X)'"
Searching Rust code/cq search <query> --lang rust
Finding Rust entities/cq q "entity=function lang=rust"
Rust structural patterns/cq q "pattern='impl \$T' lang=rust"
Progressive retrieval of long CQ output/cq ldmd get <path> --id <section> --mode preview --depth 1

Artifacts

JSON artifacts saved to .cq/artifacts/ by default.

Options:

  • --artifact-dir <path> - Custom location
  • --no-save-artifact - Skip saving