@octocodeai/octocode-engine 16.7.0 โ†’ 17.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -13,9 +13,7 @@
13
13
 
14
14
  **Evidence-first code research for AI agents and developers.**
15
15
 
16
- Octocode gives an agent the full context it needs to change, review, or explain code: real evidence from your **local workspace** and from **external** sources (GitHub repositories, pull requests, and npm packages). One toolset covers all of it: ripgrep and AST structural search, repository tree browsing, precise content fetching, LSP semantic navigation, and binary inspection.
17
-
18
- Run it as a **CLI** or an **MCP server**. A **Rust engine** keeps every call fast and token-efficient, minifying and skeletonizing code so an agent reads the shape of a file instead of every byte, from a single file to a mega-repo. It is also the best tool for **cross-repository research and exploration across millions of repositories**.
16
+ Evidence from your **local workspace** and **external** sources (GitHub repos, PRs, npm). One toolset: ripgrep + AST search, trees, precise reads, and LSP โ€” as a **CLI** or **MCP server**, backed by a **Rust engine** for fast, token-efficient results across single files or mega-repos.
19
17
 
20
18
  ---
21
19
 
@@ -53,7 +51,7 @@ npx octocode auth login
53
51
  npx octocode status # verify the active token source
54
52
  ```
55
53
 
56
- **3. Choose your interface.** The same engine and 14 tools run identically either way.
54
+ **3. Choose your interface.** The same engine and 12 tools run identically either way.
57
55
 
58
56
  **๐Ÿ–ฅ๏ธ CLI** โ€” research straight from your terminal:
59
57
 
@@ -107,8 +105,7 @@ Octocode is useful whenever the next coding step depends on finding and proving
107
105
  | **Semantic navigation** | Resolve definitions, references, callers/callees, call hierarchy, hovers, symbols, diagnostics, and type relationships through LSP. |
108
106
  | **Structural matching** | Run AST-shaped searches with patterns or YAML rules so comments and strings do not become false positives. |
109
107
  | **Large-file context** | Minify, skeletonize, or paginate code so agents spend tokens on relevant structure instead of boilerplate. |
110
- | **Binary or archive inspection** | Inspect archives, compressed streams, native binaries, and strings without leaving the research flow. |
111
- | **Agent workflows** | Expose the same engine through MCP, CLI, OQL, and Agent Skills so assistants and humans use one evidence model. |
108
+ | **Agent workflows** | Same engine via MCP, CLI, OQL, and Agent Skills. |
112
109
 
113
110
  See [Quick Start](#quick-start) to install in your terminal or AI assistant.
114
111
 
@@ -116,7 +113,7 @@ See [Quick Start](#quick-start) to install in your terminal or AI assistant.
116
113
 
117
114
  ## Tools
118
115
 
119
- Octocode ships **14 research tools**; the same implementations run identically over [MCP](#mcp) and the [CLI](#cli). Local tools are enabled by default; `ENABLE_LOCAL=false` disables them. `ghCloneRepo` is opt-in for MCP (`ENABLE_CLONE=true`) and enabled by default for CLI. All flags: [Configuration Reference](https://github.com/bgauryy/octocode/blob/main/docs/CONFIGURATION.md).
116
+ **12 always-on tools** (same on [MCP](#mcp) and [CLI](#cli)). Local tools on by default (`ENABLE_LOCAL=false` to disable). `ghCloneRepo` is MCP opt-in (`ENABLE_CLONE=true`), CLI on by default. Flags: [Configuration](https://github.com/bgauryy/octocode/blob/main/docs/CONFIGURATION.md).
120
117
 
121
118
  **Token knobs.** `concise:true` returns path/title-only lists. `minify` controls file read density: `symbols` = skeleton with line numbers, `standard` = comments/blanks stripped (default), `none` = exact bytes.
122
119
 
@@ -139,7 +136,6 @@ Octocode ships **14 research tools**; the same implementations run identically o
139
136
  | `localViewStructure` | Browse a local directory tree: depth, filters, pagination, metadata. | `concise` |
140
137
  | `localFindFiles` | Find local files and directories by name, path, regex, extension, size, time, permissions, type. | |
141
138
  | `localGetFileContent` | Read a local file or region: exact slice, match string, line range, or paginated chars. | `minify` |
142
- | `localBinaryInspect` | Inspect archives, compressed streams, and native binaries: inspect (format/symbols/imports/deps), list, extract, decompress, strings. | |
143
139
 
144
140
  ### Package Search
145
141
 
@@ -157,7 +153,7 @@ Octocode ships **14 research tools**; the same implementations run identically o
157
153
 
158
154
  | Tool | What it does |
159
155
  |------|--------------|
160
- | `oqlSearch` | Runs typed OQL queries across code, content, structure, files, semantics, repositories, packages, pull requests, commits, artifacts, diff, research, graph, and materialization targets. |
156
+ | `oqlSearch` | Runs typed OQL queries across code, content, structure, files, semantics, repositories, packages, pull requests, commits, diff, research, graph, and materialization targets. |
161
157
 
162
158
  Full schemas, fields, and examples for every tool live in [`docs/OCTOCODE_TOOLS.md`](https://github.com/bgauryy/octocode/blob/main/docs/OCTOCODE_TOOLS.md) (linked under [Documentation](#documentation)).
163
159
 
@@ -225,13 +221,13 @@ npx octocode --help # full usage
225
221
  | `npx octocode search <path\|owner/repo> --tree` | Browse directory or repository structure |
226
222
  | `npx octocode search <file>` | Read file content; `--content-view exact\|compact\|symbols` or `--raw` |
227
223
  | `npx octocode search <file> --symbols` | Symbol outline for a file or source tree |
228
- | `npx octocode search --query <oql-json>` | Full OQL across all target types (code, commits, PRs, packages, artifacts โ€ฆ) |
224
+ | `npx octocode search --query <oql-json>` | Full OQL across all target types (code, commits, PRs, packages, โ€ฆ) |
229
225
 
230
226
  #### More commands
231
227
 
232
- - **GitHub & npm** โ€” `npx octocode search <โ€ฆ> --target repositories|packages|pullRequests|commits|artifacts|diff`
228
+ - **GitHub & npm** โ€” `npx octocode search <โ€ฆ> --target repositories|packages|pullRequests|commits|diff`
233
229
  - **LSP** โ€” `npx octocode search <file> --op definition|references|callers|callees|hover|diagnostic|callHierarchy` (`--symbol`, `--line` to narrow)
234
- - **Cache & clone** โ€” `npx octocode clone`, `npx octocode unzip`, `npx octocode cache fetch|status|clear`
230
+ - **Cache & clone** โ€” `npx octocode clone`, `npx octocode cache fetch|status|clear`
235
231
  - **Skills** โ€” `npx octocode skill --list | --name <skill> | --add <github-path> | --install-all`
236
232
  - **Language servers** โ€” `npx octocode lsp-server list|install|status|uninstall|clean`
237
233
  - **Setup & introspection** โ€” `npx octocode install`, `npx octocode auth`, `npx octocode status`, `npx octocode tools`, `npx octocode context`
@@ -357,42 +353,17 @@ Four code-intelligence axes; three are native to the Rust engine and need no ext
357
353
  > [Agent Skills](https://agentskills.io/what-are-skills) are a lightweight, open format for extending AI agent capabilities.
358
354
  > Browse and install on [**skills.sh/bgauryy/octocode-mcp**](https://www.skills.sh/bgauryy/octocode-mcp)
359
355
 
360
- These are the skills the Octocode team itself uses to build Octocode. **Six source skills** live under [`skills/`](https://github.com/bgauryy/octocode/tree/main/skills); the separately managed **Awareness** skill lives under [`packages/octocode-awareness/skills/`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-awareness/skills) and is bundled alongside them. The table below is the full seven-skill index. โญ **[Research](https://www.skills.sh/bgauryy/octocode-mcp/octocode-research)** is the recommended starting skill for technical research, code work, reviews, refactors, and repeated evidence loops.
361
-
362
- Each skill folder includes a human README with purpose, features, workflow, developer notes, and `npx octocode skill` installation. `SKILL.md` stays the compact agent-facing router.
363
-
364
- Install them with the Octocode CLI through `npx octocode`; no global install is required. Octocode refreshes the canonical source in `~/.octocode/skills/<skill>` and links it into the platform location by default. Pick the platform your agent reads from, or use `common` for the shared `~/.agents/skills` folder.
356
+ **1 skill** under [`skills/`](https://github.com/bgauryy/octocode/tree/main/skills), bundled in the `octocode` package. Start with โญ [Research](https://www.skills.sh/bgauryy/octocode-mcp/octocode-research) for evidence-first code work.
365
357
 
366
358
  ```bash
367
- npx octocode skill --list # browse available Octocode skills
368
- npx octocode skill --name octocode-research # install to ~/.agents/skills (common)
369
- npx octocode skill --name octocode-awareness # install bundled Awareness by name
370
- npx octocode skill --name octocode-research --platform pi # install for Pi
371
- npx octocode skill --name octocode-research --platform all --dry-run # preview before installing everywhere
372
- npx octocode skill --add --path /path/to/skills/octocode-awareness # install from an agent-known local skill path
373
- npx octocode skill --add owner/repo/skills/my-skill # install any GitHub skill folder
374
- npx octocode skill --add owner/repo/skills # install every skill in a GitHub skills library
375
- npx octocode skill --install-all # install every official Octocode skill to ~/.agents/skills
376
- npx octocode skill --help # read live flags
359
+ npx octocode skill --list
360
+ npx octocode skill --name octocode-research
361
+ npx octocode skill --help
377
362
  ```
378
363
 
379
- Platforms: `common` (default, `~/.agents/skills`), `cursor` (`~/.cursor/skills`), `claude` (`~/.claude/skills` and `~/.claude-desktop/skills`), `codex` (`~/.agents/skills`), `opencode` (`~/.config/opencode/skills`), `pi` (`~/.pi/agent/skills`), `copilot` (`~/.copilot/skills`), `gemini` (`~/.gemini/skills`), `all` ยท Modes: `symlink` (default), `copy`, `hybrid`
380
-
381
- The repository's cross-vendor sync helper is plan-first and path-safe: dry-run previews disclose replacements, writes require explicit approval, and destination names must be safe single path segments. Pi bundle sync also discloses removals during dry-run and preserves separately managed skills such as Awareness. Skill scripts use `@octocodeai/config` as the single environment-loading boundary.
382
-
383
- Workflow contracts are equally explicit: Brainstorming run ledgers and hooks stay workspace-scoped; Research can review a clean file but only recommends `APPROVE` after applicable verification passes; Prompt Optimizer accepts multiple intentional branches when every branch is unambiguous.
384
-
385
- | Skill | Directory | Install with `npx octocode` | Use it when |
386
- |-------|-----------|-----------------------------|-------------|
387
- | [**Brainstorming**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-brainstorming) | `octocode-brainstorming/` | `npx octocode skill --name octocode-brainstorming` | The idea is fuzzy and needs prior-art or opportunity validation. |
388
- | โญ [**Research**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-research) | `octocode-research/` | `npx octocode skill --name octocode-research` | You need evidence-first technical research, code work, review, refactor, architecture analysis, or repeated proof loops. |
389
- | [**RFC Generator**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-rfc-generator) | `octocode-rfc-generator/` | `npx octocode skill --name octocode-rfc-generator` | You need a design doc, RFC, architecture proposal, migration plan, or rollout plan before coding. |
390
- | [**Roast**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-roast) | `octocode-roast/` | `npx octocode skill --name octocode-roast` | You want blunt but actionable code critique. |
391
- | [**Skills**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-skills) | `octocode-skills/` | `npx octocode skill --name octocode-skills` | You are working on Agent Skills themselves. |
392
- | [**Prompt Optimizer**](https://github.com/bgauryy/octocode/tree/main/skills/octocode-prompt-optimizer) | `octocode-prompt-optimizer/` | `npx octocode skill --name octocode-prompt-optimizer` | You want to optimize, strengthen, or shorten a prompt, `SKILL.md`, or `AGENTS.md`. |
393
- | [**Awareness**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-awareness) | `packages/octocode-awareness/skills/octocode-awareness/` | `npx octocode skill --name octocode-awareness` | You need shared agent memory, file locks, notifications, handoffs, reflection, hooks, or verify-before-conclude in a shared repo. |
394
-
395
- Awareness is the primary skill for memory, locks, signals, reflection, schemas, and hooks. Older prompts that name `octocode-reflection` or `octocode-agent-communication` should load the same [`@octocodeai/octocode-awareness`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-awareness) runtime.
364
+ | Skill | Install | Use when |
365
+ |-------|---------|----------|
366
+ | โญ [**Research**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-research) | `npx octocode skill --name octocode-research` | Evidence-first research, review, refactor, architecture. |
396
367
 
397
368
  ---
398
369
 
@@ -437,9 +408,6 @@ client โ†’ sanitize inputs (Rust) โ†’ run tool (GitHub / FS / LSP) โ†’ sanitize
437
408
  | [`packages/octocode-engine`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-engine) | `@octocodeai/octocode-engine` | Rust/napi native engine: security scanning, minification, signatures, structural AST, ripgrep/diff/YAML, LSP. |
438
409
  | [`packages/octocode-config`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-config) | `@octocodeai/config` | Zero-dep env + config loader: `getOctocodeHome`, `.env` parsing, `.octocoderc` reading. Single source used by every package and skill. |
439
410
  | [`packages/octocode-vscode`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-vscode) | `octocode-mcp-vscode` | VS Code extension: GitHub OAuth + multi-editor MCP install. |
440
- | [`packages/octocode-awareness`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-awareness) | `@octocodeai/octocode-awareness` | Shared workspace coordination: file locks, durable memory, agent-to-agent signals, and verification gates over one local SQLite store. Runtime behind Awareness, including the legacy Reflection and Agent Communication workflows. |
441
- | [`packages/octocode-pi-extension`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-pi-extension) | `@octocodeai/pi-extension` | Official [Pi](https://github.com/earendil-works/pi) harness: operating-model system prompt, 13 native research tools registered in-process, memory tools, edit-safety hooks, and bundled workflow skills. |
442
- | [`packages/octocode-agent`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-agent) | `octocode-agent` | Self-working coding agent CLI: launches Pi with `@octocodeai/pi-extension` as its harness under one branded command. |
443
411
 
444
412
  `packages/octocode-benchmark` (private, not published) holds benchmark methodology, evals, and run artifacts โ€” see [Documentation](#documentation).
445
413
 
@@ -454,8 +422,7 @@ Website: **[octocode.ai](https://octocode.ai)** ยท Product docs: **[github.com/b
454
422
  | MCP server | [Octocode MCP Server](https://github.com/bgauryy/octocode/blob/main/docs/OCTOCODE_MCP.md) ยท [Configuration](https://github.com/bgauryy/octocode/blob/main/docs/CONFIGURATION.md) ยท [Authentication](https://github.com/bgauryy/octocode/blob/main/docs/CONFIGURATION.md) |
455
423
  | Tools and workflows | [Octocode Tools Reference](https://github.com/bgauryy/octocode/blob/main/docs/OCTOCODE_TOOLS.md) ยท [Octocode Research Skill](https://github.com/bgauryy/octocode/tree/main/skills/octocode-research) ยท [Search Guide](https://github.com/bgauryy/octocode/blob/main/docs/context/SEARCH_GUIDE.md) |
456
424
  | CLI and query language | [Octocode CLI Guide](https://github.com/bgauryy/octocode/blob/main/docs/OCTOCODE_CLI.md) ยท [Octocode Query Language](https://github.com/bgauryy/octocode/blob/main/docs/OCTOCODE_QUERY_LANGUAGE.md) ยท [OQL Research Graph Flow](https://github.com/bgauryy/octocode/blob/main/docs/context/OQL_RESEARCH_GRAPH_FLOW.md) |
457
- | Agent harness and skills | [Octocode Pi package](https://github.com/bgauryy/octocode/blob/main/packages/octocode-pi-extension/README.md) ยท [Octocode Awareness package](https://github.com/bgauryy/octocode/blob/main/packages/octocode-awareness/README.md) ยท [Skills](https://github.com/bgauryy/octocode/tree/main/skills) |
458
- | Pi | [Pi package README](https://github.com/bgauryy/octocode/blob/main/packages/octocode-pi-extension/README.md) ยท [Pi APPEND_SYSTEM starter](https://github.com/bgauryy/octocode/blob/main/packages/octocode-pi-extension/docs/PI/APPEND_SYSTEM.md) |
425
+ | Skills | [Skills](https://github.com/bgauryy/octocode/tree/main/skills) |
459
426
  | Development and security | [Security Model](https://github.com/bgauryy/octocode/blob/main/docs/SECURITY.md) ยท [LSP Server Lifecycle](https://github.com/bgauryy/octocode/blob/main/docs/LSP_SERVER_LIFECYCLE.md) |
460
427
  | Benchmarks and evals | [Benchmark Summary](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/BENCHMARK.md) ยท [Unified CLI/Tool/OQL Eval](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/benchmark/octocode/README.md) ยท [Benchmark Runbook](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/recipes/agent-benchmark-runbook.md) ยท [Support Matrix](https://github.com/bgauryy/octocode/blob/main/docs/LSP_SERVER_LIFECYCLE.md#full-format-support-matrix) |
461
428
  | Shared internals | [Credentials Architecture](https://github.com/bgauryy/octocode/blob/main/docs/CONFIGURATION.md#github-token) ยท [Session Persistence](https://github.com/bgauryy/octocode/blob/main/docs/OCTOCODE_MCP.md#session-persistence) |
@@ -486,19 +453,13 @@ Read the output and fix accordingly.
486
453
  npx octocode skill --name octocode-research --platform pi
487
454
  ```
488
455
 
489
- - **Adapter route โ€” full tool surface.** Install [`pi-mcp-adapter`](https://github.com/nicobailon/pi-mcp-adapter) to expose all 14 Octocode MCP tools behind a single ~200-token proxy tool, so servers stay disconnected until a tool is actually called. Enable clone tools with `ENABLE_CLONE=true`.
490
-
491
- Tune Pi's behavior with an `APPEND_SYSTEM.md` packaged in [`@octocodeai/pi-extension`](https://github.com/bgauryy/octocode/blob/main/packages/octocode-pi-extension/README.md). The full walkthrough โ€” package install, setup commands, skills, optional MCP setup, and custom models โ€” is in the [**Pi package README**](https://github.com/bgauryy/octocode/blob/main/packages/octocode-pi-extension/README.md).
492
-
493
- ### Octocode Harness
494
-
495
- The Octocode harness is the recommended agent environment for research-driven development: Pi supplies the local coding loop, `npx octocode` supplies structured code research, and Octocode Skills encode the workflows agents should follow before they edit.
456
+ - **Adapter route โ€” full tool surface.** Install [`pi-mcp-adapter`](https://github.com/nicobailon/pi-mcp-adapter) to expose Octocode MCP tools behind a single ~200-token proxy tool, so servers stay disconnected until a tool is actually called. Enable clone tools with `ENABLE_CLONE=true`.
496
457
 
497
- Docs: [Pi package README](https://github.com/bgauryy/octocode/blob/main/packages/octocode-pi-extension/README.md) ยท [APPEND_SYSTEM starter](https://github.com/bgauryy/octocode/blob/main/packages/octocode-pi-extension/docs/PI/APPEND_SYSTEM.md)
458
+ ### Research-driven loop
498
459
 
499
- It is deliberately research-oriented because most agent failures start before implementation: the agent guesses the owner of a behavior, trusts a snippet without reading the exact source, or edits before proving blast radius. The harness pushes the agent through a cheaper loop first: orient with trees and discovery output, search with Octocode, read exact evidence, use AST/LSP when identity matters, then patch and verify.
460
+ Most agent failures start before implementation: the agent guesses the owner of a behavior, trusts a snippet without reading the exact source, or edits before proving blast radius. Prefer a cheaper loop first: orient with trees and discovery output, search with Octocode, read exact evidence, use AST/LSP when identity matters, then patch and verify.
500
461
 
501
- That shape keeps the editing surface small while preserving context for what matters: file anchors, symbols, call paths, PR/history evidence, package sources, and the verification command that proves the change. In short, Pi is the hands, Octocode is the map, and the skills/system prompt make the habit repeatable.
462
+ That shape keeps the editing surface small while preserving context for what matters: file anchors, symbols, call paths, PR/history evidence, package sources, and the verification command that proves the change. In short, the host edits, Octocode is the map, and skills encode the habit.
502
463
 
503
464
  ### The Manifest
504
465
 
@@ -11,7 +11,7 @@ import { type PlatformId } from './platform.js';
11
11
  * Live network download is gated and requires a pinned `sha256` per asset.
12
12
  * Until SHAs are pinned the manifest still drives (a) honest detect-and-instruct
13
13
  * guidance and (b) reuse of a server a user/CI has pre-populated into the
14
- * managed cache `~/.octocode/lsp/<server>/<releaseTag>/<binName>`.
14
+ * managed cache `<octocode-home>/lsp/<server>/<releaseTag>/<binName>`.
15
15
  */
16
16
  export type ArchiveKind = 'none' | 'gz' | 'zip' | 'tar.gz' | 'tar.xz';
17
17
  export interface ManifestAsset {
@@ -51,9 +51,9 @@ export declare function listManifestServers(): Array<{
51
51
  /** Whether the manifest can, in principle, auto-provide this server. */
52
52
  export declare function isAutoDownloadable(serverName: string): boolean;
53
53
  /**
54
- * Root of the managed server cache. Defaults to `~/.octocode/lsp` (consistent
55
- * with the rest of octocode's home), overridable via `OCTOCODE_LSP_CACHE_DIR`
56
- * for read-only/ephemeral sandbox HOMEs or to point at a pre-baked image path.
54
+ * Root of the managed server cache. Defaults to `<octocode-home>/lsp` via
55
+ * @octocodeai/config, overridable via `OCTOCODE_LSP_CACHE_DIR` for
56
+ * read-only/ephemeral sandbox HOMEs or to point at a pre-baked image path.
57
57
  */
58
58
  export declare function managedCacheRoot(env?: NodeJS.ProcessEnv): string;
59
59
  /** Where a provisioned binary lives once installed/extracted. */
@@ -1,7 +1,7 @@
1
1
  import { createHash } from 'node:crypto';
2
2
  import { existsSync, readFileSync, statSync } from 'node:fs';
3
- import { homedir } from 'node:os';
4
3
  import path from 'node:path';
4
+ import { getOctocodeHome } from '@octocodeai/config';
5
5
  import { detectPlatformId } from './platform.js';
6
6
  import { MANIFEST } from './serverManifestData.js';
7
7
  function loadManifest() {
@@ -55,15 +55,15 @@ export function isAutoDownloadable(serverName) {
55
55
  return manifestServer(serverName) != null;
56
56
  }
57
57
  /**
58
- * Root of the managed server cache. Defaults to `~/.octocode/lsp` (consistent
59
- * with the rest of octocode's home), overridable via `OCTOCODE_LSP_CACHE_DIR`
60
- * for read-only/ephemeral sandbox HOMEs or to point at a pre-baked image path.
58
+ * Root of the managed server cache. Defaults to `<octocode-home>/lsp` via
59
+ * @octocodeai/config, overridable via `OCTOCODE_LSP_CACHE_DIR` for
60
+ * read-only/ephemeral sandbox HOMEs or to point at a pre-baked image path.
61
61
  */
62
62
  export function managedCacheRoot(env = process.env) {
63
63
  const override = env.OCTOCODE_LSP_CACHE_DIR?.trim();
64
64
  if (override)
65
65
  return path.resolve(override);
66
- return path.join(homedir(), '.octocode', 'lsp');
66
+ return path.join(getOctocodeHome(env), 'lsp');
67
67
  }
68
68
  /** Where a provisioned binary lives once installed/extracted. */
69
69
  export function cachedServerBinPath(serverName, platformId = detectPlatformId()) {
@@ -201,15 +201,9 @@ function validateCommandArgs(command, args) {
201
201
  };
202
202
  }
203
203
  }
204
- else {
205
- const backendError = validateArchiveBackendArgs(command, args);
206
- if (backendError) {
207
- return { isValid: false, error: backendError };
208
- }
209
- }
210
- // grep: no per-flag allowlist โ€” only the shared dangerous-pattern scan below
211
- // applies. grep flags are wide (e.g. -r, -Z, --include) and intentionally
212
- // left to the pattern scan rather than a strict allowlist.
204
+ // grep / ls: no per-flag allowlist โ€” only the shared dangerous-pattern scan
205
+ // below applies. grep flags are wide (e.g. -r, -Z, --include) and
206
+ // intentionally left to the pattern scan rather than a strict allowlist.
213
207
  const patternPositions = getPatternArgPositions(command, args);
214
208
  for (let i = 0; i < args.length; i++) {
215
209
  const arg = args[i];
@@ -283,64 +277,6 @@ function getGrepPatternPositions(args) {
283
277
  }
284
278
  return positions;
285
279
  }
286
- function isPathLikeArg(value) {
287
- return value.length > 0 && !value.startsWith('-');
288
- }
289
- function exactArgs(args, expected) {
290
- return args.length === expected.length && args.every((arg, i) => arg === expected[i]);
291
- }
292
- function validateArchiveBackendArgs(command, args) {
293
- switch (command) {
294
- case 'file':
295
- return args.length === 3 && exactArgs(args.slice(0, 2), ['--mime-type', '-b']) && isPathLikeArg(args[2])
296
- ? null
297
- : 'file arguments are restricted to --mime-type -b <path>';
298
- case 'zcat':
299
- case 'bzcat':
300
- case 'zstdcat':
301
- case 'lz4cat':
302
- return args.length === 1 && isPathLikeArg(args[0])
303
- ? null
304
- : `${command} arguments are restricted to <path>`;
305
- case 'gunzip':
306
- return args.length === 2 && args[0] === '-c' && isPathLikeArg(args[1])
307
- ? null
308
- : 'gunzip arguments are restricted to -c <path>';
309
- case 'xzcat':
310
- return (args.length === 1 && isPathLikeArg(args[0])) ||
311
- (args.length === 2 && args[0] === '--format=lzma' && isPathLikeArg(args[1]))
312
- ? null
313
- : 'xzcat arguments are restricted to <path> or --format=lzma <path>';
314
- case 'zstd':
315
- return args.length === 2 && args[0] === '-dcq' && isPathLikeArg(args[1])
316
- ? null
317
- : 'zstd arguments are restricted to -dcq <path>';
318
- case 'brotli':
319
- return args.length === 2 && args[0] === '-dc' && isPathLikeArg(args[1])
320
- ? null
321
- : 'brotli arguments are restricted to -dc <path>';
322
- case 'lzfse':
323
- return args.length === 5 && exactArgs(args.slice(0, 2), ['-decode', '-i']) && isPathLikeArg(args[2]) && args[3] === '-o' && args[4] === '/dev/stdout'
324
- ? null
325
- : 'lzfse arguments are restricted to -decode -i <path> -o /dev/stdout';
326
- case 'tar':
327
- case 'bsdtar':
328
- return args.length === 4 && args[0] === '-xOf' && isPathLikeArg(args[1]) && args[2] === '--' && args[3].length > 0
329
- ? null
330
- : `${command} arguments are restricted to -xOf <archive> -- <entry>`;
331
- case 'unzip':
332
- return args.length === 3 && args[0] === '-p' && isPathLikeArg(args[1]) && args[2].length > 0
333
- ? null
334
- : 'unzip arguments are restricted to -p <archive> <entry>';
335
- case '7z':
336
- case '7zz':
337
- return args.length === 6 && exactArgs(args.slice(0, 4), ['e', '-so', '-bd', '--']) && isPathLikeArg(args[4]) && args[5].length > 0
338
- ? null
339
- : `${command} arguments are restricted to e -so -bd -- <archive> <entry>`;
340
- default:
341
- return null;
342
- }
343
- }
344
280
  const FIND_PATTERN_ARGS = new Set([
345
281
  '-name',
346
282
  '-iname',
@@ -1,3 +1,3 @@
1
- export declare const ALLOWED_COMMANDS: readonly ["rg", "ls", "find", "grep", "git", "file", "zcat", "gunzip", "bzcat", "xzcat", "zstdcat", "zstd", "lz4cat", "brotli", "lzfse", "tar", "unzip", "bsdtar", "7z", "7zz"];
1
+ export declare const ALLOWED_COMMANDS: readonly ["rg", "ls", "find", "grep", "git"];
2
2
  export declare const DANGEROUS_PATTERNS: readonly [RegExp, RegExp, RegExp];
3
3
  export declare const PATTERN_DANGEROUS_PATTERNS: readonly [RegExp, RegExp, RegExp, RegExp];
@@ -4,21 +4,6 @@ export const ALLOWED_COMMANDS = [
4
4
  'find',
5
5
  'grep',
6
6
  'git',
7
- 'file',
8
- 'zcat',
9
- 'gunzip',
10
- 'bzcat',
11
- 'xzcat',
12
- 'zstdcat',
13
- 'zstd',
14
- 'lz4cat',
15
- 'brotli',
16
- 'lzfse',
17
- 'tar',
18
- 'unzip',
19
- 'bsdtar',
20
- '7z',
21
- '7zz',
22
7
  ];
23
8
  export const DANGEROUS_PATTERNS = [
24
9
  /[;&|`$(){}[\]<>]/, // Shell metacharacters
@@ -6,7 +6,7 @@ export interface SecurityDepsConfig {
6
6
  export declare function configureSecurity(deps: SecurityDepsConfig): void;
7
7
  export declare function withSecurityValidation<T extends Record<string, unknown>, TAuth = unknown>(toolName: string, toolHandler: (sanitizedArgs: T, authInfo?: TAuth, sessionId?: string) => Promise<ToolResult>, options?: {
8
8
  timeoutMs?: number;
9
- }): (args: unknown, extra: {
9
+ }): (args: unknown, extra?: {
10
10
  authInfo?: TAuth;
11
11
  sessionId?: string;
12
12
  signal?: AbortSignal;
package/index.d.ts CHANGED
@@ -45,94 +45,6 @@ export declare function applyContentViewMinification(content: string, filePath:
45
45
  */
46
46
  export declare function applyMinification(content: string, filePath: string): string
47
47
 
48
- /**
49
- * Structural inspection of a binary (executable / object / archive) file.
50
- *
51
- * `format`/`arch`/`bits`/`endianness`/`stripped` are always populated (the
52
- * fields the old `identify` mode produced). The list fields are populated only
53
- * when the file is a recognized executable format `goblin` could parse; for an
54
- * unrecognized file they stay empty and `notes` explains why (e.g. "use
55
- * mode=list/decompress for archives").
56
- *
57
- * Every list is capped (see `crate::binary::inspect::LIST_CAP`); the `*_count`
58
- * fields carry the true totals, and `truncated` is set when any list was cut.
59
- */
60
- export interface BinaryInspectInfo {
61
- /** elf | macho | macho-fat | pe | coff | archive | wasm | unknown */
62
- format: string
63
- /** Human-readable one-line summary (drop-in for `file -b`). */
64
- description: string
65
- /** Space-separated hex of the leading bytes (drop-in for `xxd -p -l 32`). */
66
- magicHex: string
67
- arch?: string
68
- bits?: number
69
- /** "little" | "big" */
70
- endianness?: string
71
- stripped?: boolean
72
- /** Hex entry-point address, when the format has one. */
73
- entry?: string
74
- symbols: Array<string>
75
- imports: Array<string>
76
- exports: Array<string>
77
- sections: Array<string>
78
- /** Dynamic dependencies / needed shared libraries. */
79
- libraries: Array<string>
80
- symbolCount: number
81
- importCount: number
82
- exportCount: number
83
- /** True when any list was capped. */
84
- truncated: boolean
85
- /** Advisory notes (unrecognized format, parse degradation, size truncation). */
86
- notes: Array<string>
87
- }
88
-
89
- /** Result of a strings extraction pass over a binary buffer. */
90
- export interface BinaryStrings {
91
- /**
92
- * Printable runs, longest-first. ASCII **and** UTF-16 (LE/BE) โ€” the win
93
- * over GNU `strings -a`, which misses wide strings. Each entry is prefixed
94
- * with its hex byte offset when offsets were requested.
95
- */
96
- strings: Array<string>
97
- /** Total runs found before any display capping. */
98
- totalFound: number
99
- /**
100
- * True when more of the file remains to scan beyond this window โ€” follow
101
- * `next_scan_offset`. Lossless continuation cursor, **not** a data-loss
102
- * flag (the old fixed-cap meaning): every byte is reachable by paging.
103
- */
104
- truncated: boolean
105
- /**
106
- * Absolute byte offset to start the next scan window, or `None` at EOF.
107
- * Rewound to a safe break so no string is split across windows.
108
- */
109
- nextScanOffset?: number
110
- }
111
-
112
- /**
113
- * Native strings extraction. Recovers printable ASCII **and** UTF-16 (LE/BE)
114
- * runs of at least `min_length` from the scan window of `path` beginning at
115
- * `scan_offset`, longest-first, optionally hex offset-prefixed. Replaces the
116
- * `strings` shell-out and additionally surfaces the wide strings GNU
117
- * `strings -a` misses.
118
- *
119
- * Lossless pagination: the returned `nextScanOffset` (when set) is the absolute
120
- * byte offset of the next window, rewound to a safe break so no string is split
121
- * across windows. Pass `scanOffset = 0` for the first window.
122
- */
123
- export declare function extractBinaryStringsNative(path: string, minLength: number, includeOffsets: boolean, scanOffset: number): BinaryStrings
124
-
125
- /**
126
- * Native binary inspection (format lane). Parses `path` as an executable /
127
- * object / archive and returns its identity plus โ€” for recognized executable
128
- * formats โ€” symbols, imports, exports, sections and dynamic dependencies.
129
- *
130
- * Replaces the `file` + `xxd` shell-outs. Never throws on malformed input: a
131
- * parse failure degrades to magic-byte identity with an explanatory note. The
132
- * only `Err` cases are unreadable / oversized files.
133
- */
134
- export declare function inspectBinaryNative(path: string): BinaryInspectInfo
135
-
136
48
  /** Extract a byte-range substring from `content`. */
137
49
  export declare function byteSliceContent(content: string, byteStart: number, byteEnd: number): string
138
50
 
@@ -443,6 +355,19 @@ export interface FilterPatchOptions {
443
355
  contextLines?: number
444
356
  }
445
357
 
358
+ /**
359
+ * Myers line diff (`oldText` โ†’ `newText`). Returns a full edit script of
360
+ * `{ opType, line }` ops (`same` | `add` | `remove`). Prefer this over an
361
+ * O(NยทM) LCS for agent edit previews on mid/large files.
362
+ */
363
+ export declare function computeLineDiff(oldText: string, newText: string): Array<LineDiffOp>
364
+
365
+ export interface LineDiffOp {
366
+ /** `"same"` | `"add"` | `"remove"` */
367
+ opType: string
368
+ line: string
369
+ }
370
+
446
371
  /** Convert a `file://` URI string back to an absolute filesystem path. */
447
372
  export declare function fromUri(uri: string): string
448
373
 
@@ -490,8 +415,10 @@ export declare const SUPPORTED_STRUCTURAL_EXTENSIONS: readonly string[]
490
415
  *
491
416
  * Char offsets match JavaScript `string.substring()` โ€” pass them directly to
492
417
  * JavaScript string slicing without conversion.
418
+ *
419
+ * Runs on libuv's worker pool (tree-sitter parse) โ€” returns a Promise.
493
420
  */
494
- export declare function getSemanticBoundaryOffsets(content: string, filePath: string): Array<number>
421
+ export declare function getSemanticBoundaryOffsets(content: string, filePath: string): Promise<Array<number>>
495
422
 
496
423
  /**
497
424
  * Returns all extensions that have signature extraction support
@@ -979,8 +906,10 @@ export interface StructuralSearchDetailedResult {
979
906
  * (exactly one). Returns node ranges (1-based lines, ready as `lineHint`s)
980
907
  * plus captured metavariables. Throws on unsupported extension, invalid
981
908
  * pattern/rule, or both/neither query supplied.
909
+ *
910
+ * Runs on libuv's worker pool (tree-sitter parse) โ€” returns a Promise.
982
911
  */
983
- export declare function structuralSearch(content: string, filePath: string, pattern?: string | undefined | null, rule?: string | undefined | null): Array<StructuralMatch>
912
+ export declare function structuralSearch(content: string, filePath: string, pattern?: string | undefined | null, rule?: string | undefined | null): Promise<Array<StructuralMatch>>
984
913
 
985
914
  /**
986
915
  * Detailed structural search. Unsupported extensions and invalid queries return
@@ -993,7 +922,11 @@ export interface StructuralSearchFileResult {
993
922
  matches: Array<StructuralMatch>
994
923
  }
995
924
 
996
- export declare function structuralSearchFiles(options: StructuralSearchFilesOptions): StructuralSearchFilesResult
925
+ /**
926
+ * Runs on libuv's worker pool โ€” the directory walk + per-file parse is
927
+ * CPU/IO-bound and can span thousands of files. Returns a Promise.
928
+ */
929
+ export declare function structuralSearchFiles(options: StructuralSearchFilesOptions): Promise<StructuralSearchFilesResult>
997
930
 
998
931
  export declare function structuralSearchFilesDetailed(options: StructuralSearchFilesOptions): StructuralSearchFilesDetailedResult
999
932
 
@@ -1002,7 +935,25 @@ export interface StructuralSearchFilesOptions {
1002
935
  pattern?: string
1003
936
  rule?: string
1004
937
  include?: Array<string>
938
+ /**
939
+ * File-path globs to skip (gitignore-style, e.g. `"*.min.js"`, `"src/gen/**"`).
940
+ * Mirrors `localSearchCode.exclude` so OQL `scope.exclude` is honored on the
941
+ * structural lane โ€” previously silently dropped (typed-contract violation).
942
+ */
943
+ exclude?: Array<string>
1005
944
  excludeDir?: Array<string>
945
+ /**
946
+ * Include hidden (dot) files. `None` preserves the default walker behavior
947
+ * (hidden ignored); `Some(true)` forces them in.
948
+ */
949
+ hidden?: boolean
950
+ /**
951
+ * Bypass `.gitignore`/`.ignore` rules. `None` preserves defaults; `Some(true)`
952
+ * searches files normally hidden by ignore files (mirrors `localSearchCode.noIgnore`).
953
+ */
954
+ noIgnore?: boolean
955
+ /** Maximum directory descent depth (0 = just the root). `None` = unbounded. */
956
+ maxDepth?: number
1006
957
  maxFiles?: number
1007
958
  maxFileBytes?: number
1008
959
  }
@@ -1012,6 +963,13 @@ export interface StructuralSearchFilesResult {
1012
963
  totalMatches: number
1013
964
  parsedFiles: number
1014
965
  skippedByPreFilter: number
966
+ /**
967
+ * Candidate files whose extension has no grammar โ€” not evaluated, hence
968
+ * not proof of absence. Mirrors the detailed result's counter so the two
969
+ * shapes agree and the warning text can't collapse unevaluated into
970
+ * anchor-absent.
971
+ */
972
+ skippedUnsupported: number
1015
973
  skippedUnreadable: number
1016
974
  skippedLarge: number
1017
975
  warnings: Array<string>
package/index.js CHANGED
@@ -42,6 +42,7 @@ export const structuralSearchFiles = nativeBinding.structuralSearchFiles
42
42
  export const structuralSearchFilesDetailed = nativeBinding.structuralSearchFilesDetailed
43
43
  export const getSupportedStructuralExtensions = nativeBinding.getSupportedStructuralExtensions
44
44
  export const getSemanticBoundaryOffsets = nativeBinding.getSemanticBoundaryOffsets
45
+
45
46
  export const getSupportedSignatureExtensions = nativeBinding.getSupportedSignatureExtensions
46
47
  export const jsonToYamlString = nativeBinding.jsonToYamlString
47
48
  export const getMINIFY_CONFIG = nativeBinding.getMINIFY_CONFIG
@@ -59,9 +60,8 @@ export const byteSliceContent = nativeBinding.byteSliceContent
59
60
  export const sliceContent = nativeBinding.sliceContent
60
61
  export const extractMatchingLines = nativeBinding.extractMatchingLines
61
62
  export const filterPatch = nativeBinding.filterPatch
63
+ export const computeLineDiff = nativeBinding.computeLineDiff
62
64
  export const PatchLineType = nativeBinding.PatchLineType
63
- export const inspectBinaryNative = nativeBinding.inspectBinaryNative
64
- export const extractBinaryStringsNative = nativeBinding.extractBinaryStringsNative
65
65
  export const NativeLspClient = nativeBinding.NativeLspClient
66
66
  export const resolvePosition = nativeBinding.resolvePosition
67
67
  export const resolvePositionFromContent = nativeBinding.resolvePositionFromContent
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@octocodeai/octocode-engine",
3
- "version": "16.7.0",
3
+ "version": "17.0.1",
4
4
  "description": "Rust native Octocode engine for context compression, structural search, and LSP semantic navigation",
5
5
  "type": "module",
6
6
  "main": "index.cjs",
@@ -12,7 +12,7 @@
12
12
  },
13
13
  "repository": {
14
14
  "type": "git",
15
- "url": "https://github.com/bgauryy/octocode-mcp.git",
15
+ "url": "https://github.com/bgauryy/octocode.git",
16
16
  "directory": "packages/octocode-engine"
17
17
  },
18
18
  "exports": {
@@ -263,12 +263,12 @@
263
263
  "README.md"
264
264
  ],
265
265
  "optionalDependencies": {
266
- "@octocodeai/octocode-engine-darwin-arm64": "16.7.0",
267
- "@octocodeai/octocode-engine-darwin-x64": "16.7.0",
268
- "@octocodeai/octocode-engine-linux-arm64-gnu": "16.7.0",
269
- "@octocodeai/octocode-engine-linux-x64-gnu": "16.7.0",
270
- "@octocodeai/octocode-engine-linux-x64-musl": "16.7.0",
271
- "@octocodeai/octocode-engine-win32-x64-msvc": "16.7.0"
266
+ "@octocodeai/octocode-engine-darwin-arm64": "17.0.1",
267
+ "@octocodeai/octocode-engine-darwin-x64": "17.0.1",
268
+ "@octocodeai/octocode-engine-linux-arm64-gnu": "17.0.1",
269
+ "@octocodeai/octocode-engine-linux-x64-gnu": "17.0.1",
270
+ "@octocodeai/octocode-engine-linux-x64-musl": "17.0.1",
271
+ "@octocodeai/octocode-engine-win32-x64-msvc": "17.0.1"
272
272
  },
273
273
  "engines": {
274
274
  "node": ">=20.0.0"
@@ -319,7 +319,7 @@
319
319
  "check:rust": "cargo check --all-targets --all-features",
320
320
  "fmt:rust": "cargo fmt --all",
321
321
  "fmt:rust:check": "cargo fmt --all -- --check",
322
- "test:rust": "cargo test --all-targets --all-features",
322
+ "test:rust": "cargo test --lib --tests --all-features && cargo build --benches --all-features",
323
323
  "test:node": "vitest run",
324
324
  "test:node:coverage": "vitest run --coverage",
325
325
  "test:watch": "vitest watch",
@@ -341,6 +341,7 @@
341
341
  "prepublishOnly": "yarn version:sync"
342
342
  },
343
343
  "dependencies": {
344
+ "@octocodeai/config": "17.0.0",
344
345
  "bash-language-server": "^5.6.0",
345
346
  "intelephense": "^1.14.1",
346
347
  "pyright": "^1.1.411",