fix: lazy engine loading for fast MCP startup

[SimplyLiz]

Summary

• MCP server now responds to initialize handshake in ~0.6s instead of 43+ seconds
• Engine (SCIP index) is loaded lazily on first tool call, not during startup
• Improved ckb setup UX for Claude Code, Grok, and VS Code configuration
• Not-found errors now include repo context when the client doesn't support roots/list

Problem

The MCP server was loading the entire SCIP index synchronously before responding to the initialize handshake. For large codebases (e.g., 48MB index), this took 43+ seconds, causing Claude Code's health check to timeout and report "Failed to connect".

Additionally, when a client like Cursor doesn't support roots/list, CKB can't auto-switch to the correct project. Tool errors like SYMBOL_NOT_FOUND gave no indication that the index might be for a different repo, causing AI agents to hallucinate explanations instead of understanding the mismatch.

Changes

Lazy Engine Loading (internal/mcp/server.go)

• Add NewMCPServerLazy() that accepts an engine loader function
• Engine is created on first tool call that needs it
• MCP handshake completes immediately

Repo-Mismatch Detection (internal/mcp/server.go, internal/mcp/tool_impls_compound.go)

• Add enrichNotFoundError() — when a not-found error occurs and the client didn't provide roots, append the indexed repo path to the error message
• Switch compound tools from s.engine() to s.GetEngine() to prevent nil panics with lazy loading
• Applies to explore, understand, prepareChange, and batchSearch tools

MCP Command (cmd/ckb/mcp.go)

• Use lazy loading path for all scenarios
• Remove tautological nil check flagged by linter
• Temporarily disable multi-repo mode (TODO: add lazy support)

Setup Command (cmd/ckb/setup.go)

• Detect if CKB is already configured correctly (no action needed)
• Warn when configured path differs from current binary
• Show note when switching between npx and local binary
• Automatically update config instead of failing with "already exists"
• Grok global setup: Add getGrokMcpConfig() to read existing config from ~/.grok/user-settings.json; skip CLI call when already configured, remove+re-add when config differs
• VS Code global setup: Add getVSCodeGlobalMcpConfig() to read existing config from VS Code's platform-specific settings.json; skip CLI call when already configured, warn and update when config differs

Test plan

• ckb setup --tool claude-code --global works when not configured
• ckb setup --tool claude-code --global shows "already configured" when same path
• ckb setup --tool claude-code --global warns and updates when path differs
• ckb setup --tool grok --global deduplicates existing entries
• ckb setup --tool vscode --global deduplicates existing entries
• claude mcp list shows CKB as connected (was failing before)
• MCP handshake completes in <1s (was 43s)
• Not-found errors include repo path when client lacks roots support
• All existing tests pass (go test ./cmd/ckb/...)
• Build succeeds (go build -o ckb ./cmd/ckb)

🤖 Generated with Claude Code

[github-actions]

🟡 Change Impact Analysis

Metric	Value
Risk Level	MEDIUM 🟡
Files Changed	5
Symbols Changed	224
Directly Affected	1
Transitively Affected	126

Blast Radius: 0 modules, 1 files, 127 unique callers

📝 Changed Symbols (224)

Symbol	File	Type	Confidence
EngineLoader	internal/mcp/server.go	modified	100%
MCPServer#engineErr	internal/mcp/server.go	modified	100%
MCPServer#engineLoader	internal/mcp/server.go	modified	100%
MCPServer#engineOnce	internal/mcp/server.go	modified	100%
MCPServer#enrichNotFoundError	internal/mcp/server.go	modified	100%
NewMCPServerLazy	cmd/ckb/mcp.go	modified	100%
_test	internal/mcp/server.go	modified	100%
args	cmd/ckb/setup.go	modified	100%
c	cmd/ckb/setup.go	modified	100%
ch	internal/mcp/tool_impls_compound.go	modified	100%
claudeConfigEntry	cmd/ckb/setup.go	modified	100%
claudeConfigEntry#Args	cmd/ckb/setup.go	modified	100%
claudeConfigEntry#Command	cmd/ckb/setup.go	modified	100%
claudeConfigEntry#Type	cmd/ckb/setup.go	modified	100%
claudeMcpAdd	cmd/ckb/setup.go	modified	100%
…	+209 more

🎯 Affected Downstream (20)

Symbol	Module	Distance	Kind
unknown	``	1	type-dependency
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/cmd/ckb/runMCP().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#GetEngine().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#enrichNotFoundError().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#getIndexStaleness().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#getTelemetryStorage().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#streamFindReferences().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#streamSearchSymbols().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolAnalyzeChange().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolAnalyzeCoupling().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolAnalyzeImpact().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolAnnotateModule().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolAuditRisk().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolCancelJob().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolCheckDocStaleness().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolCompareAPI().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolDoctor().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolExplainFile().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolExplainOrigin().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#toolExplainPath().	``	2	transitive-caller

Recommendations

• ⚠️ test: Significant transitive impact (126 symbols). Run comprehensive test suite.
  • Action: Run full test suite before merging

⚠️ Index is 0 commit(s) behind HEAD. Results may be incomplete.

---

_{Generated by CKB}

[github-actions]

🔐 Security Audit Results

⚠️ Security gate passed with warnings - 7 issue(s) found (review recommended)

Category	Findings
🔑 Secrets	✅ 0
🛡️ SAST	✅ 0
📦 Dependencies	⚠️ 7
📜 Licenses	⚠️ 144 non-permissive

📦 Dependency Vulnerabilities

Found 7 vulnerability(ies) across 2 scanner(s)

Details

Trivy (4 findings)

• CVE-2026-22036 (MEDIUM): undici - undici: Undici: Denial of Service via excessive de...
• CVE-2025-54410 (LOW): github.com/docker/docker - github.com/moby/moby: Moby's Firewalld reload remo...
• GHSA-vrw8-fxc6-2r93 (MEDIUM): github.com/go-chi/chi/v5 - chi Allows Host Header Injection which Leads to Op...
• CVE-2025-47908 (MEDIUM): github.com/rs/cors - github.com/rs/cors: Denial of service via maliciou...

OSV-Scanner (3 findings)

• github.com/docker/docker: 2 vulnerabilities
• github.com/go-chi/chi/v5: 1 vulnerabilities
• github.com/rs/cors: 2 vulnerabilities

📜 License Issues

Found 144 non-permissive license(s)

Details

• github.com/BurntSushi/toml: MIT (notice)
• github.com/google/uuid: BSD-3-Clause (notice)
• github.com/klauspost/compress: Apache-2.0 (notice)
• github.com/klauspost/compress: BSD-3-Clause (notice)
• github.com/klauspost/compress: MIT (notice)
• github.com/pelletier/go-toml/v2: MIT (notice)
• github.com/smacker/go-tree-sitter: MIT (notice)
• github.com/sourcegraph/go-diff: MIT (notice)
• github.com/sourcegraph/scip: Apache-2.0 (notice)
• github.com/spf13/cobra: Apache-2.0 (notice)
• ... and 134 more

---

_{Generated by CKB Security Audit | View Details | Security Tab}

[codecov]

Codecov Report

❌ Patch coverage is 8.15451% with 214 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
cmd/ckb/setup.go	0.0%	161 Missing ⚠️
internal/mcp/server.go	14.2%	32 Missing and 4 partials ⚠️
internal/mcp/tool_impls_compound.go	54.1%	6 Missing and 5 partials ⚠️
cmd/ckb/mcp.go	0.0%	6 Missing ⚠️

❌ Your patch check has failed because the patch coverage (8.1%) is below the target coverage (30.0%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff            @@
##           develop    #123     +/-   ##
=========================================
- Coverage     45.1%   45.0%   -0.2%     
=========================================
  Files          350     350             
  Lines        59773   59968    +195     
=========================================
+ Hits         26978   26988     +10     
- Misses       30970   31144    +174     
- Partials      1825    1836     +11     

Flag	Coverage Δ
unit	45.0% <8.1%> (-0.2%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

📢 Thoughts on this report? Let us know!

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

CKB Analysis

🎯 224 changed → 126 affected · 🔥 4 hotspots · 📊 4 complex · 📚 143 stale

Risk factors: Touches 4 hotspot(s)

Metric	Value
Impact Analysis	224 symbols → 126 affected	🟡
Doc Coverage	9.090909090909092%	⚠️
Complexity	4 violations	⚠️
Coupling	0 gaps	✅
Blast Radius	0 modules, 1 files	✅
Index	indexed (7s)	💾

🎯 Change Impact Analysis · 🟡 MEDIUM · 224 changed → 20 affected

Metric	Value
Symbols Changed	224
Directly Affected	1
Transitively Affected	126
Modules in Blast Radius	0
Files in Blast Radius	1

Symbols changed in this PR:

• EngineLoader [modified] (100%) — internal/mcp/server.go
• MCPServer#engineErr [modified] (100%) — internal/mcp/server.go
• MCPServer#engineLoader [modified] (100%) — internal/mcp/server.go
• MCPServer#engineOnce [modified] (100%) — internal/mcp/server.go
• MCPServer#enrichNotFoundError [modified] (100%) — internal/mcp/server.go
• NewMCPServerLazy [modified] (100%) — cmd/ckb/mcp.go
• _test [modified] (100%) — internal/mcp/server.go
• args [modified] (100%) — cmd/ckb/setup.go
• c [modified] (100%) — cmd/ckb/setup.go
• ch [modified] (100%) — internal/mcp/tool_impls_compound.go
• … and 214 more

Downstream symbols affected:
Direct callers (1):

• unknown
  Transitive callers (19):
• scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/cmd/ckb/runMCP(). (depth 2)
• scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#GetEngine(). (depth 2)
• scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#enrichNotFoundError(). (depth 2)
• scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#getIndexStaleness(). (depth 2)
• scip-go gomod github.com/SimplyLiz/CodeMCP 029318dbe7c2 github.com/SimplyLiz/CodeMCP/internal/mcp/MCPServer#getTelemetryStorage(). (depth 2)
• … and 14 more transitive callers

Recommendations:

• ⚠️ Significant transitive impact (126 symbols). Run comprehensive test suite.
  • Action: Run full test suite before merging

⚠️ Index is undefined commit(s) behind HEAD. Results may be incomplete. Run ckb index to refresh.

🔥 Hotspots · 4 volatile files

File	Churn Score
cmd/ckb/mcp.go	11.08
cmd/ckb/setup.go	10.30
internal/mcp/server.go	10.53
internal/mcp/tool_impls_compound.go	8.07

📊 Complexity · 4 violations

File	Cyclomatic	Cognitive
cmd/ckb/mcp.go	⚠️ 28	⚠️ 65
cmd/ckb/setup.go	⚠️ 27	⚠️ 52
internal/mcp/server.go	9	⚠️ 22
internal/mcp/tool_impls_compound.go	14	⚠️ 25

💡 Quick wins · 10 suggestions

• 🟡 Add tests → internal/query/engine_test.go
• 🟡 Add tests → internal/incremental/store_test.go
• 🟡 Add tests → internal/api/index_processor.go
• 🟡 Add tests → internal/backends/git/diff.go
• 🟡 Add tests → internal/query/doctor.go
• 🟢 Assign backup owner → internal/query/engine_test.go
• 🟢 Assign backup owner → internal/incremental/store_test.go
• 🟢 Assign backup owner → internal/api/index_processor.go

📚 Stale docs · 143 broken references

• docs/CONTRIBUTING.md:108 → errors.New
• docs/CONTRIBUTING.md:108 → errors.SYMBOL_NOT_FOUND
• docs/CONTRIBUTING.md:111 → errors.Wrap
• docs/backlog/index-refresh-improvements.md:36 → watcher.Add
• docs/backlog/index-refresh-improvements.md:36 → filepath.Join
• docs/backlog/index-refresh-improvements.md:97 → time.Second
• docs/featureplans/change-impact-analysis-checklist.md:208 → coverage.out
• docs/featureplans/change-impact-analysis-checklist.md:214 → lcov.info
• docs/featureplans/change-impact-analysis-checklist.md:309 → coverage.out
• docs/featureplans/change-impact-analysis.md:448 → scip.SCIPIndex
• docs/featureplans/change-impact-analysis.md:478 → context.Context
• docs/featureplans/change-impact-analysis.md:669 → coverage.out
• docs/ideas.md:16 → provenance.backends
• docs/ideas.md:21 → queryPolicy.coalesceWindowMs
• docs/ideas.md:302 → confidence.factors

---

_{Generated by CKB · Run details}