Fix Python/FastAPI/SQL parsing: route false positives, Depends() tracking, SQL size guard, DLL calls

[kingchenc]

Summary

• Fix Python: dict .get() calls misidentified as Route nodes #28: Restrict source-based route extractors to matching file extensions — prevents Python dict.get() from creating spurious Route nodes
• Fix Python: FastAPI Depends() not tracked, causes false dead code positives #27: Track FastAPI Depends(func_ref) parameter defaults as CALLS edges with import alias resolution
• Fix Windows: Stack overflow (0xc00000fd) in tree-sitter SQL parser on large .sql files during mode=full index #62: Add per-language file size guard to prevent tree-sitter SQL stack overflow on large .sql files
• Fix Feature request: dynamic dll calling #29: Detect dynamic DLL resolution patterns (GetProcAddress/dlsym/Resolve) in C/C++ and emit CALLS edges to stub nodes

Details

#28 — Python dict .get() misidentified as Route nodes

Source-based route extractors (extractGoRoutes, extractExpressRoutes, extractLaravelRoutes, extractKtorRoutes) were running on all function nodes regardless of file type. The Ktor regex \b(get|post|...)\("..." matched payload.get("sub") in Python files, creating ~125 false Route nodes.

Fix: File extension guard via switch filepath.Ext() — each extractor only runs on its own language (.go, .js/.ts, .php, .kt).

#27 — FastAPI Depends() not tracked

Functions passed to Depends() as parameter defaults (e.g. user = Depends(get_current_user)) were not extracted as calls — making critical auth/DI functions appear as dead code with in_degree=0.

Fix: New extractPythonDependsEdges() scans Python function signatures for Depends(func_ref) patterns and emits CALLS edges (resolution_strategy: "fastapi_depends"). Includes fallback for import aliases (from X import Y as Z) by extracting the original function name from the import path.

Tested: 392 Depends edges across 39 router files on a real FastAPI project. require_admin went from in_degree: 64 → in_degree: 180.

#62 — Stack overflow in tree-sitter SQL parser

Large .sql files (bulk INSERT dumps ~4.5MB) cause deep recursion in the tree-sitter SQL grammar, exhausting the C stack (especially on Windows with 1MB default).

Fix: Per-language file size guard in cbmParseFile(): SQL >1MB skipped, any file >4MB skipped. Logged as cbm.skip.large_sql / cbm.skip.large_file.

#29 — Dynamic DLL calling not tracked

C/C++ code using GetProcAddress(handle, "Func"), dlsym(handle, "func"), or .Resolve("Func") for dynamic DLL loading had no call graph edges to the resolved functions.

Fix: New extractDLLResolveEdges() detects these patterns via regex, creates CALLS edges to synthetic stub nodes with dll_name/dll_function metadata. Stubs are created during the sequential flush phase (same path as LSP stub nodes).

Test plan

• All existing tests pass (go test ./internal/... — 12 packages)
• go vet clean on modified packages
• Python: dict .get() calls misidentified as Route nodes #28: Verified 0 false Route nodes from .get() on real FastAPI project
• Python: FastAPI Depends() not tracked, causes false dead code positives #27: Verified 392 fastapi_depends edges including aliased imports
• Windows: Stack overflow (0xc00000fd) in tree-sitter SQL parser on large .sql files during mode=full index #62: Binary builds, size guard logged correctly
• Feature request: dynamic dll calling #29: Compiles clean, stub node creation integrated

Changed files

• internal/httplink/httplink.go — file extension guard in discoverRoutes()
• internal/pipeline/pipeline_cbm.go — SQL size guard, extractPythonDependsEdges(), extractDLLResolveEdges()
• internal/pipeline/pipeline.go — extend createLSPStubNodes() to handle dll_resolve strategy