Release v0.2.3 — language support, dead code, human notes, export

- Rust import resolution (crate::, super::, self::) and Go go.mod parsing
- C/C++ parser: templates, typedef, #define, forward declarations
- Go/Rust parsers: const_spec, var_spec, macro_definition captures
- annotate_file MCP tool for human notes on wiki pages (survives re-index)
- Dead code: dynamic import detection, Flask/FastAPI/Django decorator awareness
- Export --full flag: decisions, dead code, hotspots, provenance in JSON
- CLAUDE.md template: advisory language, indexed_commit display
- get_context freshness included by default, token budget caps on tools
- Decision staleness scoring computed during init
- Frontend: human_notes rendered in wiki viewer
- Docs and README updated for 11 MCP tools

Author: RaghavChamadiya

README.md

@@ -3,7 +3,7 @@
 <img src=".github/assets/logo.png" width="280" alt="repowise" /><br />
 **Codebase intelligence for AI-assisted engineering teams.**
 
-Four intelligence layers. Ten MCP tools. One `pip install`.
+Four intelligence layers. Eleven MCP tools. One `pip install`.
 
 [![PyPI version](https://img.shields.io/pypi/v/repowise?color=F59520&labelColor=0A0A0A)](https://pypi.org/project/repowise/)
 [![License: AGPL v3](https://img.shields.io/badge/license-AGPL--v3-F59520?labelColor=0A0A0A)](https://www.gnu.org/licenses/agpl-3.0)
@@ -23,7 +23,7 @@ Four intelligence layers. Ten MCP tools. One `pip install`.
 
 Your AI coding agent reads files. It does not know who owns them, which ones change together, which ones are dead, or why they were built the way they were. It has the source code and zero institutional knowledge.
 
-repowise fixes that. It indexes your codebase into four intelligence layers — dependency graph, git history, auto-generated documentation, and architectural decisions — and exposes them to Claude Code (and any MCP-compatible AI agent) through ten precisely designed tools. **27× fewer tokens per query. 36% cheaper. Same answer quality.**
+repowise fixes that. It indexes your codebase into four intelligence layers — dependency graph, git history, auto-generated documentation, and architectural decisions — and exposes them to Claude Code (and any MCP-compatible AI agent) through eleven precisely designed tools. **27× fewer tokens per query. 36% cheaper. Same answer quality.**
 
 The result: your agent answers *"why does auth work this way?"* instead of *"here is what auth.ts contains."*
 
@@ -115,7 +115,7 @@ Add to your Claude Code config (optional, `repowise init` already initializes `.
 
 ---
 
-## Ten MCP tools
+## Eleven MCP tools
 
 Most tools are designed around data entities — one module, one file, one symbol — which forces AI agents into long chains of sequential calls. repowise tools are designed around **tasks**. Pass multiple targets in one call. Get complete context back.
 
@@ -131,6 +131,7 @@ Most tools are designed around data entities — one module, one file, one symbo
 | `get_dependency_path(from, to)` | Connection path between two files, modules, or symbols | When tracing how two things are connected |
 | `get_dead_code(min_confidence?, include_internals?, include_zombie_packages?)` | Unreachable code sorted by confidence and cleanup impact | Cleanup tasks |
 | `get_architecture_diagram(module?)` | Mermaid diagram for the repo or a specific module | Documentation and presentation |
+| `annotate_file(target, notes)` | Attach human-authored notes to a wiki page — survives re-indexing | Adding rationale, known issues, or context that the LLM shouldn't overwrite |
 
 ### Tool call comparison — a real task
 
@@ -274,7 +275,7 @@ repowise dead-code
   ✗ analytics/v1/tracker.ts         file      0.41   recent activity — review first
 ```
 
-Conservative by design. `safe_to_delete` requires confidence ≥ 0.70 and excludes dynamically-loaded patterns (`*Plugin`, `*Handler`, `*Adapter`, `*Middleware`). repowise surfaces candidates. Engineers decide.
+Conservative by design. `safe_to_delete` requires confidence ≥ 0.70 and excludes dynamically-loaded patterns (`*Plugin`, `*Handler`, `*Adapter`, `*Middleware`). Dynamic import detection (`importlib.import_module()`, `__import__()`) and framework decorator awareness (Flask/FastAPI/Django routes) further reduce false positives. repowise surfaces candidates. Engineers decide.
 
 ---
 
@@ -317,7 +318,7 @@ When a senior engineer leaves, the "why" usually leaves with them. Decision inte
 | Git intelligence (hotspots, ownership, co-changes) | ✅ | ❌ | ❌ | ❌ | ✅ |
 | Bus factor analysis | ✅ | ❌ | ❌ | ❌ | ✅ |
 | Architectural decision records | ✅ | ❌ | ❌ | ❌ | ❌ |
-| MCP server for AI agents | ✅ 10 tools | ❌ | ✅ 3 tools | ✅ | ✅ |
+| MCP server for AI agents | ✅ 11 tools | ❌ | ✅ 3 tools | ✅ | ✅ |
 | Auto-generated CLAUDE.md | ✅ | ❌ | ❌ | ❌ | ❌ |
 | Doc freshness scoring | ✅ | ❌ | ❌ | ⚠️ staleness only | ❌ |
 | Incremental updates on commit | ✅ <30s | ✅ | ❌ | ✅ | ✅ |
@@ -395,6 +396,7 @@ repowise generate-claude-md       # regenerate CLAUDE.md
 
 # Utilities
 repowise export [PATH]            # export wiki as markdown files
+repowise export --full --format json  # full export with decisions, dead code, hotspots
 repowise doctor                   # check setup, API keys, store drift
 repowise doctor --repair          # check and fix detected store mismatches
 repowise reindex                  # rebuild vector store (no LLM calls)
@@ -404,13 +406,15 @@ repowise reindex                  # rebuild vector store (no LLM calls)
 
 ## Supported languages
 
-**Code:** Python · TypeScript · JavaScript · Go · Rust · Java · C · C++ · Ruby · Kotlin
+| Tier | Languages | What works |
+|------|-----------|------------|
+| **Full** | Python · TypeScript · JavaScript · Java | AST parsing, import resolution, dependency graph edges |
+| **Good** | Go · Rust | AST parsing, partial import resolution (`crate::` / module paths) |
+| **Basic** | C · C++ | AST parsing (structs, functions, classes), `#include` resolution with `compile_commands.json` |
+| **Traversal** | Ruby · Kotlin · C# · Swift · Scala · PHP | Files indexed and searchable, but no AST symbol extraction yet |
+| **Config / data** | OpenAPI · Protobuf · GraphQL · Dockerfile · Makefile · YAML · JSON · TOML · SQL · Terraform | Included in the file tree; special handlers extract endpoints/targets where applicable |
 
-**Config / contracts:** OpenAPI · Protobuf · GraphQL · Dockerfile · GitHub Actions YAML · Makefile
-
-More languages coming soon — Swift, Scala, PHP, Dart, and Elixir are on the roadmap.
-
-Adding a new language requires one `.scm` tree-sitter query file and one config entry. No changes to the parser. PRs welcome. See [Adding a new language](docs/CONTRIBUTING.md#adding-a-new-language).
+Dart and Elixir are on the roadmap. Adding a new language requires one `.scm` tree-sitter query file and one config entry. No changes to the parser core. PRs welcome. See [Adding a new language](docs/CONTRIBUTING.md#adding-a-new-language).
 
 ---
 

docs/CHANGELOG.md

@@ -9,6 +9,35 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
+## [0.2.3] — 2026-04-11
+
+### Added
+- **`annotate_file` MCP tool** — attach human-authored notes to any wiki page. Notes survive LLM-driven re-generation and appear in `get_context` responses and the web UI. Pass an empty string to clear notes.
+- **`repowise export --full`** — full JSON export now includes decision records, dead code findings, git hotspots, and per-page provenance metadata (confidence, freshness, model, provider).
+- **Rust import resolution** — `use crate::`, `super::`, and `self::` imports now resolve to local files via crate root detection (`lib.rs`/`main.rs`). External crates mapped to `external:` nodes.
+- **Go import resolution** — `go.mod` module path parsing enables accurate local vs external package classification. Local imports resolve by suffix matching against the module path.
+- **C/C++ parser improvements** — added captures for `template_declaration`, `type_definition` (typedef struct/enum), `preproc_def` (#define), `preproc_function_def`, and forward declarations.
+- **Go parser** — added `const_spec` and `var_spec` captures for package-level constants and variables.
+- **Rust parser** — added `macro_definition` capture for `macro_rules!` macros.
+- **Dynamic import detection** — dead code analysis now scans for `importlib.import_module()` and `__import__()` calls; files in the same package receive reduced confidence (capped at 0.4).
+- **Framework decorator awareness** — Flask, FastAPI, and Django route/endpoint decorators added to `_FRAMEWORK_DECORATORS`. Decorated functions are never flagged as dead code.
+- **`human_notes` column on wiki pages** — persists across re-indexing. Alembic migration `0014_page_human_notes`.
+- **Decision staleness scoring during ingestion** — `compute_staleness()` now runs during `repowise init`, not just `repowise update`.
+
+### Changed
+- **CLAUDE.md template** — replaced imperative "MUST use" / "CRITICAL" language with advisory framing. Added `indexed_commit` display. Made `update_decision_records` optional ("SHOULD for architectural changes").
+- **`get_context` freshness** — freshness data now included by default instead of requiring explicit `include=["freshness"]`.
+- **`get_answer` docstring** — removed "do NOT verify by Read" instruction. High-confidence note changed to "verify cited file paths exist before acting on them".
+- **Token budget caps** — `get_overview` caps knowledge_silos (30), module_pages (20), entry_points (15). `get_why` caps file_commits (10).
+- **Dead code patterns** — expanded `_DEFAULT_DYNAMIC_PATTERNS` with `*Mixin`, `*Command`, `*_view`, `*_endpoint`, `*_route`, `*_callback`, `*_signal`, `*_task`.
+
+### Docs
+- **README** — tool count updated to 11, `annotate_file` added to MCP tools table, `--full` export flag documented, dynamic import detection noted, comparison table updated.
+- **Supported languages** — tiered table with accurate "What works" descriptions per language.
+- Updated USER_GUIDE.md, ARCHITECTURE.md, and deep-dives.md to reflect all changes.
+
+---
+
 ## [0.2.2] — 2026-04-11
 
 ### Added

docs/USER_GUIDE.md

@@ -315,7 +315,7 @@ This is how you connect repowise to Claude Code, Cursor, Cline, Windsurf, and ot
 | `--transport` | Protocol: `stdio` (default, for editors) or `sse` (for web clients) |
 | `--port` | Port for SSE transport (default: 7338) |
 
-**MCP tools exposed (10 tools):**
+**MCP tools exposed (11 tools):**
 
 | Tool | What it does |
 |------|-------------|
@@ -329,6 +329,7 @@ This is how you connect repowise to Claude Code, Cursor, Cline, Windsurf, and ot
 | `get_dependency_path` | Find how two modules connect through the dependency graph |
 | `get_dead_code` | Tiered dead code report grouped by confidence |
 | `get_architecture_diagram` | Mermaid diagram with optional churn heat map |
+| `annotate_file` | Attach human-authored notes to a wiki page — survives re-indexing |
 
 See [MCP Integration](#mcp-integration-with-ai-editors) for setup instructions.
 
@@ -485,6 +486,7 @@ repowise export [PATH]
 |------|-------------|
 | `--format` | `markdown` (default), `html`, `json` |
 | `--output / -o` | Output directory (default: `.repowise/export`) |
+| `--full` | Include decisions, dead code findings, hotspots, and provenance metadata (JSON format only) |
 
 **Examples:**
 

docs/architecture/ARCHITECTURE.md

@@ -16,7 +16,7 @@ For per-package detail (installation, full API reference, all CLI flags, file ma
 |---------|--------|----------------|
 | `packages/core` | [`packages/core/README.md`](../packages/core/README.md) | Ingestion, generation, persistence, providers — all key classes with code examples |
 | `packages/cli` | [`packages/cli/README.md`](../packages/cli/README.md) | All 10 CLI commands with every flag documented |
-| `packages/server` | [`packages/server/README.md`](../packages/server/README.md) | All REST API endpoints, 10 MCP tools, webhook setup, scheduler jobs |
+| `packages/server` | [`packages/server/README.md`](../packages/server/README.md) | All REST API endpoints, 11 MCP tools, webhook setup, scheduler jobs |
 | `packages/web` | [`packages/web/README.md`](../packages/web/README.md) | Every frontend file with purpose — API client, hooks, components, pages |
 
 ---
@@ -959,9 +959,10 @@ affected files, modules, tags, and evidence commits. Deduplication key:
 
 ### Staleness Tracking
 
-Decisions have a `staleness_score` (0.0 = fresh, 1.0 = very stale) recomputed on every
-`repowise update`. Staleness rises when affected files receive commits after the decision
-was recorded. Decisions with `staleness_score > 0.5` are flagged as stale.
+Decisions have a `staleness_score` (0.0 = fresh, 1.0 = very stale) computed during
+`repowise init` and recomputed on every `repowise update`. Staleness rises when affected
+files receive commits after the decision was recorded. Decisions with `staleness_score > 0.5`
+are flagged as stale.
 
 ### MCP Tools
 
@@ -1008,7 +1009,7 @@ and supports two transports:
 - **stdio** — for Claude Code, Cursor, Cline (add to their MCP config)
 - **SSE** — for web-based MCP clients (served on port 7338)
 
-### Tools (9 total)
+### Tools (11 total)
 
 | Tool | What it answers | When to call |
 |------|----------------|-------------|
@@ -1021,6 +1022,9 @@ and supports two transports:
 | `get_dependency_path(from, to)` | Connection path between two files/modules in the dependency graph. | When you need to understand how two things are connected. |
 | `get_dead_code` | Dead/unused code findings sorted by confidence and cleanup impact. | Before cleanup tasks. |
 | `get_architecture_diagram` | Mermaid diagram for repo or specific module. | For documentation or presentation. |
+| `get_answer` | One-call RAG: confidence-gated synthesis with cited answers and question cache. | First call on any code question — collapses search → read → reason. |
+| `get_symbol` | Resolve a qualified symbol id to source body, signature, and docstring. | When the question names a specific class, function, or method. |
+| `annotate_file` | Attach human-authored notes to a wiki page — survives re-indexing. | Adding rationale, known issues, or context the LLM shouldn't overwrite. |
 
 ### Auto-generated Config
 
@@ -1112,7 +1116,7 @@ file, tokens used, estimated cost, estimated time remaining).
 repowise includes an interactive chat interface that lets users ask questions about
 their codebase and receive answers grounded in the wiki, dependency graph, git
 history, and architectural decisions. The chat agent uses whichever LLM provider
-the user has configured and has access to all 10 MCP tools.
+the user has configured and has access to all 11 MCP tools.
 
 See [`docs/CHAT.md`](CHAT.md) for the full technical reference covering the
 backend agentic loop, SSE streaming protocol, provider abstraction extensions,
@@ -1123,7 +1127,7 @@ database schema, frontend component architecture, and artifact rendering system.
 - **Provider-agnostic** — the chat agent goes through the same provider abstraction
   as documentation generation. A `ChatProvider` protocol extends `BaseProvider` with
   `stream_chat()` for streaming + tool use without breaking existing callers.
-- **Tool reuse** — the 10 MCP tools are called directly as Python functions (no
+- **Tool reuse** — the 11 MCP tools are called directly as Python functions (no
   subprocess round-trip). Tool schemas are defined once in `chat_tools.py` and
   fed to both the LLM and the executor.
 - **SSE streaming** — `POST /api/repos/{repo_id}/chat/messages` runs the agentic

docs/architecture/deep-dives.md

@@ -43,9 +43,9 @@ For each node in the dependency graph:
 
 **Why in_degree alone isn't enough:**
 
-Consider `plugin_auth.py`. Nothing imports it directly because the plugin framework loads it dynamically at runtime via `importlib.import_module()`. The graph doesn't capture dynamic imports because they don't appear in the AST as static import statements.
+Consider `plugin_auth.py`. Nothing imports it directly because the plugin framework loads it dynamically at runtime via `importlib.import_module()`. The graph doesn't capture dynamic imports as edges because they don't appear in the AST as static import statements.
 
-Repowise handles this with multiple layers of filtering:
+Repowise handles this with multiple layers of filtering, including **dynamic import detection** — files in the same package as `importlib.import_module()` or `__import__()` calls automatically get reduced confidence scores:
 
 **Layer 1 — Structural exclusions** (never flagged):
 
@@ -69,13 +69,33 @@ _DEFAULT_DYNAMIC_PATTERNS = (
     "*Handler",      # Event handler registration
     "*Adapter",      # Adapter patterns
     "*Middleware",    # Middleware chains
+    "*Mixin",        # Mixin classes
+    "*Command",      # CLI/management commands
     "register_*",    # Registration functions
     "on_*",          # Event callbacks
+    "*_view",        # Django/Flask views
+    "*_endpoint",    # API endpoints
+    "*_route",       # Route handlers
+    "*_callback",    # Callback functions
+    "*_signal",      # Signal handlers
+    "*_task",        # Background tasks
 )
 ```
 
 Files matching these patterns aren't marked `safe_to_delete` even if confidence is high, because they're likely loaded dynamically.
 
+**Layer 2b — Framework decorator awareness:**
+
+Functions decorated with framework-specific route/endpoint decorators are never flagged as dead code:
+
+- Flask: `@app.route`, `@blueprint.route`, `@app.before_request`, `@app.errorhandler`, etc.
+- FastAPI: `@app.get`, `@app.post`, `@router.get`, `@app.on_event`, `@app.middleware`, etc.
+- Django: `@admin.register`, `@receiver`, `@login_required`, etc.
+
+**Layer 2c — Dynamic import detection:**
+
+Files in the same package as `importlib.import_module()` or `__import__()` calls automatically receive a reduced confidence score (capped at 0.4), since they may be loaded dynamically at runtime.
+
 **Layer 3 — Confidence scoring with git metadata:**
 
 This is where it gets interesting. A file with zero importers might be dead, or it might be actively used via dynamic loading. Git history helps distinguish:

packages/cli/src/repowise/cli/__init__.py

@@ -6,4 +6,4 @@
 AI-generated documentation.
 """
 
-__version__ = "0.2.2"
+__version__ = "0.2.3"