@octocodeai/octocode-tools-core 16.3.0 → 16.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (181) hide show
  1. package/README.md +564 -0
  2. package/dist/config.d.ts +7 -0
  3. package/dist/direct.js +39 -41
  4. package/dist/errors/pathUtils.d.ts +1 -1
  5. package/dist/github/directoryFetch.d.ts +2 -1
  6. package/dist/github/githubAPI.d.ts +32 -1
  7. package/dist/github/history.d.ts +3 -0
  8. package/dist/github/prTransformation.d.ts +1 -1
  9. package/dist/github/repoStructureRecursive.d.ts +6 -0
  10. package/dist/index.d.ts +16 -30
  11. package/dist/index.js +44 -46
  12. package/dist/oql/adapters/compile.d.ts +25 -0
  13. package/dist/oql/adapters/github.d.ts +3 -0
  14. package/dist/oql/adapters/local.d.ts +7 -0
  15. package/dist/oql/adapters/materialize.d.ts +11 -0
  16. package/dist/oql/adapters/pagination.d.ts +21 -0
  17. package/dist/oql/adapters/researchTargets.d.ts +50 -0
  18. package/dist/oql/adapters/resultMap.d.ts +20 -0
  19. package/dist/oql/adapters/ruleYaml.d.ts +11 -0
  20. package/dist/oql/adapters/runner.d.ts +14 -0
  21. package/dist/oql/adapters/v2.d.ts +32 -0
  22. package/dist/oql/capabilities.d.ts +31 -0
  23. package/dist/oql/defaults.d.ts +26 -0
  24. package/dist/oql/diagnostics.d.ts +25 -0
  25. package/dist/oql/diffLanes.d.ts +29 -0
  26. package/dist/oql/envelope.d.ts +19 -0
  27. package/dist/oql/features.d.ts +7 -0
  28. package/dist/oql/index.d.ts +26 -0
  29. package/dist/oql/index.js +49 -0
  30. package/dist/oql/normalize.d.ts +5 -0
  31. package/dist/oql/planner.d.ts +7 -0
  32. package/dist/oql/research/analyze.d.ts +134 -0
  33. package/dist/oql/research/packets.d.ts +80 -0
  34. package/dist/oql/run.d.ts +32 -0
  35. package/dist/oql/schema.d.ts +1018 -0
  36. package/dist/oql/schemeText.d.ts +138 -0
  37. package/dist/oql/shorthand.d.ts +177 -0
  38. package/dist/oql/targetParams.d.ts +20 -0
  39. package/dist/oql/transformers/contract.d.ts +19 -0
  40. package/dist/oql/transformers/github/code.d.ts +17 -0
  41. package/dist/oql/transformers/github/common.d.ts +8 -0
  42. package/dist/oql/transformers/language.d.ts +1 -0
  43. package/dist/oql/transformers/registry.d.ts +16 -0
  44. package/dist/oql/transformers/types.d.ts +11 -0
  45. package/dist/oql/types.d.ts +633 -0
  46. package/dist/oql/v2params.d.ts +22 -0
  47. package/dist/providers/providerQueries.d.ts +9 -0
  48. package/dist/providers/providerResults.d.ts +2 -0
  49. package/dist/providers/types.d.ts +1 -1
  50. package/dist/schema.d.ts +13 -0
  51. package/dist/schema.js +8 -0
  52. package/dist/scheme/coreSchemas.d.ts +5 -5
  53. package/dist/scheme/fields.d.ts +6 -6
  54. package/dist/serverConfig.d.ts +1 -2
  55. package/dist/session.d.ts +2 -24
  56. package/dist/shared/config/defaults.d.ts +14 -0
  57. package/dist/shared/config/index.d.ts +9 -0
  58. package/dist/shared/config/index.js +9 -0
  59. package/dist/shared/config/loader.d.ts +7 -0
  60. package/dist/shared/config/resolver.d.ts +2 -0
  61. package/dist/shared/config/resolverCache.d.ts +12 -0
  62. package/dist/shared/config/resolverSections.d.ts +10 -0
  63. package/dist/shared/config/runtimeSurface.d.ts +21 -0
  64. package/dist/shared/config/schemas.d.ts +11 -0
  65. package/dist/shared/config/types.d.ts +92 -0
  66. package/dist/shared/config/validator.d.ts +2 -0
  67. package/dist/shared/credentials/constants.d.ts +2 -0
  68. package/dist/shared/credentials/credentialCache.d.ts +13 -0
  69. package/dist/shared/credentials/credentialEncryption.d.ts +10 -0
  70. package/dist/shared/credentials/credentialUtils.d.ts +4 -0
  71. package/dist/shared/credentials/envTokens.d.ts +9 -0
  72. package/dist/shared/credentials/ghCli.d.ts +1 -0
  73. package/dist/shared/credentials/index.d.ts +3 -0
  74. package/dist/shared/credentials/index.js +8 -0
  75. package/dist/shared/credentials/schemas.d.ts +22 -0
  76. package/dist/shared/credentials/storage.d.ts +30 -0
  77. package/dist/shared/credentials/testing.d.ts +2 -0
  78. package/dist/shared/credentials/testing.js +8 -0
  79. package/dist/shared/credentials/tokenRefresh.d.ts +24 -0
  80. package/dist/shared/credentials/tokenResolution.d.ts +30 -0
  81. package/dist/shared/credentials/types.d.ts +28 -0
  82. package/dist/shared/fs-utils.d.ts +2 -0
  83. package/dist/shared/fs-utils.js +8 -0
  84. package/dist/shared/index.d.ts +6 -0
  85. package/dist/shared/languageSelectors.d.ts +23 -0
  86. package/dist/shared/paths.d.ts +31 -0
  87. package/dist/shared/paths.js +8 -0
  88. package/dist/shared/platform/index.d.ts +1 -0
  89. package/dist/shared/platform/index.js +8 -0
  90. package/dist/shared/platform/platform.d.ts +8 -0
  91. package/dist/shared/session/index.d.ts +5 -0
  92. package/dist/shared/session/index.js +8 -0
  93. package/dist/shared/session/schemas.d.ts +103 -0
  94. package/dist/shared/session/sessionCache.d.ts +9 -0
  95. package/dist/shared/session/sessionDiskIO.d.ts +6 -0
  96. package/dist/shared/session/statsDefaults.d.ts +4 -0
  97. package/dist/shared/session/storage.d.ts +20 -0
  98. package/dist/shared/session/types.d.ts +53 -0
  99. package/dist/tools/directToolCatalog.d.ts +15 -56
  100. package/dist/tools/directToolCatalog.exec.d.ts +11 -0
  101. package/dist/tools/directToolCatalog.meta.d.ts +82 -0
  102. package/dist/tools/github_clone_repo/cache.d.ts +5 -1
  103. package/dist/tools/github_clone_repo/scheme.d.ts +56 -9
  104. package/dist/tools/github_clone_repo/types.d.ts +3 -1
  105. package/dist/tools/github_fetch_content/scheme.d.ts +112 -4
  106. package/dist/tools/github_fetch_content/types.d.ts +39 -0
  107. package/dist/tools/github_search_code/scheme.d.ts +6 -6
  108. package/dist/tools/github_search_pull_requests/contentResponse.d.ts +0 -1
  109. package/dist/tools/github_search_pull_requests/execution.d.ts +1 -11
  110. package/dist/tools/github_search_pull_requests/scheme.d.ts +6 -2
  111. package/dist/tools/github_search_repos/scheme.d.ts +7 -6
  112. package/dist/tools/github_view_repo_structure/execution.d.ts +0 -9
  113. package/dist/tools/github_view_repo_structure/scheme.d.ts +10 -6
  114. package/dist/tools/local_binary_inspect/archiveOps.d.ts +2 -0
  115. package/dist/tools/local_binary_inspect/binaryInspector.d.ts +48 -7
  116. package/dist/tools/local_binary_inspect/binaryOps.d.ts +16 -7
  117. package/dist/tools/local_binary_inspect/scheme.d.ts +10 -7
  118. package/dist/tools/local_fetch_content/scheme.d.ts +2 -2
  119. package/dist/tools/local_find_files/scheme.d.ts +2 -2
  120. package/dist/tools/local_ripgrep/lspBoost.d.ts +54 -0
  121. package/dist/tools/local_ripgrep/rankingProfile.d.ts +113 -0
  122. package/dist/tools/local_ripgrep/ripgrepResultBuilder.d.ts +10 -1
  123. package/dist/tools/local_ripgrep/scheme.d.ts +29 -4
  124. package/dist/tools/local_ripgrep/structuralSearch.d.ts +3 -4
  125. package/dist/tools/local_view_structure/scheme.d.ts +2 -2
  126. package/dist/tools/local_view_structure/structureFilters.d.ts +1 -3
  127. package/dist/tools/local_view_structure/structureResponse.d.ts +1 -0
  128. package/dist/tools/lsp/semantic_content/scheme.d.ts +174 -10
  129. package/dist/tools/lsp/shared/callHierarchyTraversal.d.ts +2 -2
  130. package/dist/tools/lsp/shared/resolveSymbolAnchor.d.ts +2 -2
  131. package/dist/tools/lsp/shared/semanticTypes.d.ts +36 -6
  132. package/dist/tools/oql_search/execution.d.ts +7 -0
  133. package/dist/tools/package_search/execution.d.ts +10 -0
  134. package/dist/tools/package_search/scheme.d.ts +9 -7
  135. package/dist/tools/providerMappers.d.ts +24 -5
  136. package/dist/tools/toolConfig.d.ts +1 -0
  137. package/dist/tools/toolMetadata/proxies.d.ts +0 -6
  138. package/dist/tools/toolNames.d.ts +2 -0
  139. package/dist/tools/utils.d.ts +3 -7
  140. package/dist/types/bulk.d.ts +0 -2
  141. package/dist/types/execution.d.ts +1 -2
  142. package/dist/types/server.d.ts +0 -1
  143. package/dist/types/session.d.ts +0 -19
  144. package/dist/types/toolResults.d.ts +2 -3
  145. package/dist/utils/contextUtils.d.ts +49 -2
  146. package/dist/utils/core/lines.d.ts +16 -0
  147. package/dist/utils/core/types.d.ts +12 -1
  148. package/dist/utils/file/filters.d.ts +2 -11
  149. package/dist/utils/markdownOutline.d.ts +10 -0
  150. package/dist/utils/parsers/diff.d.ts +18 -0
  151. package/dist/utils/response/error.d.ts +38 -4
  152. package/dist/utils/response/groupedFinalizer.d.ts +0 -25
  153. package/package.json +51 -14
  154. package/dist/commands/BaseCommandBuilder.d.ts +0 -14
  155. package/dist/commands/FindCommandBuilder.d.ts +0 -23
  156. package/dist/commands/LsCommandBuilder.d.ts +0 -15
  157. package/dist/commands/RipgrepCommandBuilder.d.ts +0 -27
  158. package/dist/hints/dynamic.d.ts +0 -6
  159. package/dist/hints/index.d.ts +0 -2
  160. package/dist/hints/types.d.ts +0 -1
  161. package/dist/tools/github_clone_repo/hints.d.ts +0 -2
  162. package/dist/tools/github_fetch_content/hints.d.ts +0 -2
  163. package/dist/tools/github_search_code/hints.d.ts +0 -2
  164. package/dist/tools/github_search_pull_requests/hints.d.ts +0 -2
  165. package/dist/tools/github_search_repos/hints.d.ts +0 -2
  166. package/dist/tools/github_view_repo_structure/hints.d.ts +0 -2
  167. package/dist/tools/local_fetch_content/hints.d.ts +0 -2
  168. package/dist/tools/local_find_files/hints.d.ts +0 -2
  169. package/dist/tools/local_ripgrep/grepFallbackExecutor.d.ts +0 -3
  170. package/dist/tools/local_ripgrep/hints.d.ts +0 -2
  171. package/dist/tools/local_ripgrep/ripgrepParser.d.ts +0 -9
  172. package/dist/tools/local_view_structure/hints.d.ts +0 -2
  173. package/dist/tools/local_view_structure/structureParser.d.ts +0 -3
  174. package/dist/tools/local_view_structure/structureWalker.d.ts +0 -24
  175. package/dist/tools/lsp/semantic_content/hints.d.ts +0 -4
  176. package/dist/tools/package_search/hints.d.ts +0 -2
  177. package/dist/types/metadata.d.ts +0 -69
  178. package/dist/utils/exec/commandAvailability.d.ts +0 -19
  179. package/dist/utils/exec/ripgrepBinary.d.ts +0 -3
  180. package/dist/utils/pagination/outputSizeLimit.d.ts +0 -16
  181. package/dist/utils/response/structuredPagination.d.ts +0 -9
package/README.md ADDED
@@ -0,0 +1,564 @@
1
+ # Octocode - Agentic Research Platform
2
+
3
+ <div align="center">
4
+ <img src="https://github.com/bgauryy/octocode/raw/main/packages/octocode-mcp/assets/logo_white.png" width="400px" alt="Octocode Logo">
5
+
6
+ [![MCP Community Server](https://img.shields.io/badge/Model_Context_Protocol-Official_Community_Server-blue?style=flat-square)](https://github.com/modelcontextprotocol/servers)
7
+ [![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/bgauryy/octocode)
8
+ [![Website](https://img.shields.io/badge/Website-007ACC?style=for-the-badge&logo=link&logoColor=white)](https://octocode.ai)
9
+ [![YouTube](https://img.shields.io/badge/YouTube-FF0000?style=for-the-badge&logo=youtube&logoColor=white)](https://www.youtube.com/@Octocode-ai)
10
+
11
+ </div>
12
+
13
+ **Evidence-first code research for AI agents and developers.**
14
+
15
+ Octocode gives an agent the full context it needs to change, review, or explain code: real evidence from your **local workspace** and from **external** sources (GitHub repositories, pull requests, and npm packages). One toolset covers all of it: ripgrep and AST structural search, repository tree browsing, precise content fetching, LSP semantic navigation, and binary inspection.
16
+
17
+ Run it as a **CLI** or an **MCP server**. A **Rust engine** keeps every call fast and token-efficient, minifying and skeletonizing code so an agent reads the shape of a file instead of every byte, from a single file to a mega-repo. It is also the best tool for **cross-repository research and exploration across millions of repositories**.
18
+
19
+ ---
20
+
21
+ ## Table of Contents
22
+
23
+ - [Why Octocode](#why-octocode)
24
+ - [What You Can Do](#what-you-can-do)
25
+ - [Tools](#tools)
26
+ - [MCP](#mcp)
27
+ - [CLI](#cli)
28
+ - [Configuration](#configuration)
29
+ - [Authentication Methods](#authentication-methods)
30
+ - [Security](#security)
31
+ - [Language Support](#language-support)
32
+ - [Skills](#skills)
33
+ - [Architecture](#architecture)
34
+ - [Documentation](#documentation)
35
+
36
+ ---
37
+
38
+ ## Why Octocode
39
+
40
+ Agents write better code from evidence than from assumptions. Octocode turns *guess-driven* work into **research-driven** work. Before an agent changes, reviews, or explains code, it gathers real evidence from your local workspace **and** from GitHub repositories, pull requests, and npm packages, then hands it back as compact, citable context. *Code is truth; context is the map.*
41
+
42
+ Most tools cover one slice: searching the web, or grepping your repo. Octocode covers the **whole research flow, end to end**:
43
+
44
+ - **Built for scale.** In organizations with thousands of repositories and endless code, Octocode is the solution: spot a pattern in one repo, follow it through the pull request that introduced it, then trace the same shape across other repos and your own files without leaving the conversation. Clone any repo and study it locally, on any machine.
45
+ - **Smart GitHub workflows.** Parallel bulk queries and built-in **next-step hints** keep the agent on the cheapest path: search broadly, read narrowly, trace semantically. Each result points to the natural follow-up.
46
+ - **No GitHub required.** Even without GitHub, clone any repository locally and point Octocode's local tools (search, structural AST, LSP, content) at it for the same evidence-first research.
47
+ - **Reads the shape, not the noise.** Code is minified and skeletonized on the fly across 70+ languages, so an agent grasps a 100 KB file in a few hundred tokens instead of spending its context on boilerplate.
48
+ - **Fast and self-contained.** Search, parsing, semantic navigation, and redaction run in one prebuilt **Rust engine**: quick on a laptop or a mega-repo, with no extra toolchain to install.
49
+ - **Safe by default.** Every byte returned to the model is scanned and secrets redacted first (see [Security](#security)).
50
+
51
+ ## What You Can Do
52
+
53
+ Octocode is useful whenever the next coding step depends on finding and proving context, not guessing it.
54
+
55
+ | Need | Use Octocode to |
56
+ |------|-----------------|
57
+ | **Codebase questions** | Search local or GitHub code, read exact regions, browse trees, and carry file/line anchors into the answer. |
58
+ | **Implementation research** | Compare patterns across repositories, npm packages, pull requests, commits, and local files before changing code. |
59
+ | **Semantic navigation** | Resolve definitions, references, callers/callees, call hierarchy, hovers, symbols, diagnostics, and type relationships through LSP. |
60
+ | **Structural matching** | Run AST-shaped searches with patterns or YAML rules so comments and strings do not become false positives. |
61
+ | **Large-file context** | Minify, skeletonize, or paginate code so agents spend tokens on relevant structure instead of boilerplate. |
62
+ | **Binary or archive inspection** | Inspect archives, compressed streams, native binaries, and strings without leaving the research flow. |
63
+ | **Agent workflows** | Expose the same engine through MCP, CLI, OQL, and Agent Skills so assistants and humans use one evidence model. |
64
+
65
+ ### Get Started
66
+
67
+ Add Octocode to an AI assistant with MCP, or run the same tools directly from
68
+ your terminal with the CLI.
69
+
70
+ **MCP fast install:**
71
+
72
+ [<img src="https://cursor.com/deeplink/mcp-install-dark.svg" alt="Install in Cursor">](https://cursor.com/en/install-mcp?name=octocode&config=eyJjb21tYW5kIjoibnB4IiwiYXJncyI6WyJvY3RvY29kZS1tY3BAbGF0ZXN0Il19) [<img src="https://img.shields.io/badge/VS_Code-VS_Code?style=flat-square&label=Install%20Server&color=0098FF" alt="Install in VS Code">](https://insiders.vscode.dev/redirect?url=vscode%3Amcp%2Finstall%3F%257B%2522name%2522%253A%2522octocode%2522%252C%2522command%2522%253A%2522npx%2522%252C%2522args%2522%253A%255B%2522octocode-mcp%2540latest%255D%257D) [<img alt="Install in VS Code Insiders" src="https://img.shields.io/badge/VS_Code_Insiders-VS_Code_Insiders?style=flat-square&label=Install%20Server&color=24bfa5">](https://insiders.vscode.dev/redirect?url=vscode-insiders%3Amcp%2Finstall%3F%257B%2522name%2522%253A%2522octocode%2522%252C%2522command%2522%253A%2522npx%2522%252C%2522args%2522%253A%255B%2522octocode-mcp%2540latest%255D%257D)
73
+
74
+ ```bash
75
+ # Interactive installer for Cursor, Claude Code, Codex, VS Code, and more
76
+ npx octocode install
77
+ ```
78
+
79
+ **CLI fast install:**
80
+
81
+ ```bash
82
+ npx octocode
83
+ ```
84
+
85
+ Authenticate GitHub when you want private repositories or higher API limits:
86
+
87
+ ```bash
88
+ npx octocode login
89
+ ```
90
+
91
+ ### Benchmarks
92
+
93
+ Latest benchmark output:
94
+ [packages/octocode-benchmark/output](https://github.com/bgauryy/octocode/tree/main/packages/octocode-benchmark/output/).
95
+
96
+ #### ast-grep Structural Comparison
97
+
98
+ Bars show relative throughput. Higher is better; lower `ms` is better.
99
+
100
+ What we tested: ast-grep CLI and Octocode structural grep on the same real
101
+ repository files, using the same broad AST node-kind searches
102
+ (`call_expression`, `call`, `method_invocation`). The goal was to check
103
+ structural AST grep compatibility by match count, then measure where time is
104
+ spent across Octocode's raw matcher, agent tool path, and public CLI.
105
+
106
+ This benchmark does not test text grep, LSP navigation, rewriting, or the full
107
+ ast-grep rule language. Those are separate capabilities.
108
+
109
+ ```text
110
+ Octocode raw native ████████████████████ 17.1 ms median │ 2.0x faster │ 6/6 matched
111
+ ast-grep CLI ██████████░░░░░░░░░░ 34.6 ms median │ baseline │ 6/6 matched
112
+ ```
113
+
114
+ `Octocode raw native` means the direct Rust/NAPI `structuralSearchFiles`
115
+ matcher: parse and match only, with no tool validation, sanitizer, pagination,
116
+ JSON shaping, or Node CLI startup. The agent-facing `localSearchCode` and public
117
+ `octocode search --pattern/--rule` paths are intentionally slower because they include those safety
118
+ and DX layers.
119
+
120
+ What was checked: we took ast-grep's benchmark scenario repo list, picked one
121
+ deterministic file from each supported repo, asked both tools to find the same
122
+ AST node kind in that file, verified identical match counts, then timed the
123
+ median run.
124
+
125
+ Benchmark files:
126
+ [runner](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/benchmark/ast-grep/compare-upstream-scenarios.mjs) ·
127
+ [scenario manifest](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/benchmark/ast-grep/upstream-outline-scenarios.json) ·
128
+ [latest output](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/output/comparison.md) ·
129
+ [unified CLI/tool/OQL eval](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/benchmark/octocode/README.md) ·
130
+ [agent runbook](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/recipes/agent-benchmark-runbook.md)
131
+
132
+ ---
133
+
134
+ ## Tools
135
+
136
+ Octocode ships **14 research tools**; the same implementations run identically over [MCP](#mcp) and the [CLI](#cli). `ghCloneRepo` is opt-in for MCP (`ENABLE_CLONE=true`) and enabled by default for CLI; local tools require `ENABLE_LOCAL` (CLI default: on, MCP default: off). All flags: [Configuration Reference](https://github.com/bgauryy/octocode/blob/main/docs/mcp/CONFIGURATION.md).
137
+
138
+ **Token knobs.** `concise:true` returns path/title-only lists. `minify` controls file read density: `symbols` = skeleton with line numbers, `standard` = comments/blanks stripped (default), `none` = exact bytes.
139
+
140
+ ### GitHub Tools
141
+
142
+ | Tool | What it does | Knob |
143
+ |------|--------------|------|
144
+ | `ghSearchCode` | Code and path search across GitHub by owner, repo, path, filename, extension, and match filters. Accepts 1 to 5 parallel queries. | `concise` |
145
+ | `ghGetFileContent` | Read a GitHub file or region: full file, line range, match slice, or paginated chars. | `minify` |
146
+ | `ghViewRepoStructure` | Browse a GitHub repository's directory tree before reading files. | |
147
+ | `ghSearchRepos` | Discover repositories by keywords, owner, topic, language, stars, forks, size, dates, license, visibility. | `concise` |
148
+ | `ghHistoryResearch` | Search PR history, or deep-read one PR: files, patches, comments, reviews, commits. | `concise` |
149
+ | `ghCloneRepo` | Clone a repo or sparse subtree into the local cache for local/LSP analysis. **Opt-in** (`ENABLE_CLONE=true`). | `sparsePath` |
150
+
151
+ ### Local Tools
152
+
153
+ | Tool | What it does | Knob |
154
+ |------|--------------|------|
155
+ | `localSearchCode` | Local code/text search returning file and line anchors. `mode:"structural"` runs Octocode AST shape queries (`pattern` or `rule`). | `mode` |
156
+ | `localViewStructure` | Browse a local directory tree: depth, filters, pagination, metadata. | `concise` |
157
+ | `localFindFiles` | Find local files and directories by name, path, regex, extension, size, time, permissions, type. | |
158
+ | `localGetFileContent` | Read a local file or region: exact slice, match string, line range, or paginated chars. | `minify` |
159
+ | `localBinaryInspect` | Inspect archives, compressed streams, and native binaries: inspect (format/symbols/imports/deps), list, extract, decompress, strings. | |
160
+
161
+ ### Package Search
162
+
163
+ | Tool | What it does | Knob |
164
+ |------|--------------|------|
165
+ | `npmSearch` | npm package lookup and keyword search; returns metadata and the source repository for GitHub handoff. | `concise` |
166
+
167
+ ### LSP
168
+
169
+ | Tool | What it does |
170
+ |------|--------------|
171
+ | `lspGetSemantics` | Typed semantic navigation. Raw tools support `definition`, `references`, `callers`, `callees`, `callHierarchy`, `hover`, `documentSymbols`, `typeDefinition`, `implementation`, `workspaceSymbol`, `supertypes`, `subtypes`, and `diagnostic`. The CLI uses `octocode search <file> --op <type>` for semantics and `octocode search <file> --symbols` for file or directory symbol outlines. Navigation runs through installed language servers (see the [LSP Tools Reference](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/LSP_TOOLS.md)). |
172
+
173
+ ### OQL Search
174
+
175
+ | Tool | What it does |
176
+ |------|--------------|
177
+ | `oqlSearch` | Runs typed OQL queries across code, content, structure, files, semantics, repositories, packages, pull requests, commits, artifacts, diff, research, graph, and materialization targets. |
178
+
179
+ **Per-tool references** (full schemas, fields, and examples) live in **[`docs/mcp`](https://github.com/bgauryy/octocode/tree/main/docs/mcp)**:
180
+ - [GitHub Tools](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/GITHUB_TOOLS.md)
181
+ - [Local Tools](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/LOCAL_TOOLS.md)
182
+ - [Binary Tools](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/BINARY_TOOLS.md)
183
+ - [LSP Tools](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/LSP_TOOLS.md)
184
+ - [Tool Behavior Guide](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/TOOL_BEHAVIOR.md)
185
+
186
+ ---
187
+
188
+ ## MCP
189
+
190
+ The MCP server exposes the Octocode tool catalog directly to your AI assistant over stdio. Install once; the assistant calls tools automatically.
191
+
192
+ ### Install
193
+
194
+ **Fast install:**
195
+
196
+ [<img src="https://cursor.com/deeplink/mcp-install-dark.svg" alt="Install in Cursor">](https://cursor.com/en/install-mcp?name=octocode&config=eyJjb21tYW5kIjoibnB4IiwiYXJncyI6WyJvY3RvY29kZS1tY3BAbGF0ZXN0Il19) [<img src="https://img.shields.io/badge/VS_Code-VS_Code?style=flat-square&label=Install%20Server&color=0098FF" alt="Install in VS Code">](https://insiders.vscode.dev/redirect?url=vscode%3Amcp%2Finstall%3F%257B%2522name%2522%253A%2522octocode%2522%252C%2522command%2522%253A%2522npx%2522%252C%2522args%2522%253A%255B%2522octocode-mcp%2540latest%255D%257D) [<img alt="Install in VS Code Insiders" src="https://img.shields.io/badge/VS_Code_Insiders-VS_Code_Insiders?style=flat-square&label=Install%20Server&color=24bfa5">](https://insiders.vscode.dev/redirect?url=vscode-insiders%3Amcp%2Finstall%3F%257B%2522name%2522%253A%2522octocode%2522%252C%2522command%2522%253A%2522npx%2522%252C%2522args%2522%253A%255B%2522octocode-mcp%2540latest%255D%257D)
197
+
198
+ **Or use the installer (detects your installed clients):**
199
+
200
+ ```bash
201
+ # Interactive: detects your installed clients
202
+ npx octocode install
203
+
204
+ # Non-interactive
205
+ octocode install --ide cursor
206
+ octocode install --ide claude-code
207
+ ```
208
+
209
+ https://github.com/user-attachments/assets/de8d14c0-2ead-46ed-895e-09144c9b5071
210
+
211
+ ### Manual Configuration
212
+
213
+ Add to your MCP client config file:
214
+
215
+ ```json
216
+ {
217
+ "mcpServers": {
218
+ "octocode": {
219
+ "command": "npx",
220
+ "args": ["octocode-mcp@latest"]
221
+ }
222
+ }
223
+ }
224
+ ```
225
+
226
+ For GitHub auth, add a token under `env` (see [Authentication Methods](#authentication-methods)).
227
+
228
+ ### Configuration
229
+
230
+ Set tokens and options as `env` entries here, or machine-wide in `.octocoderc`. See [Configuration](#configuration) for every setting, the home-folder layout, and precedence.
231
+
232
+ ---
233
+
234
+ ## CLI
235
+
236
+ The CLI exposes the same research engine without an MCP client. Use quick commands for humans, or call raw tools from scripts and CI. It is agent-friendly by design: `npx octocode --help`, `npx octocode context`, and `npx octocode tools <name> --scheme` publish the research protocol, tool descriptions, and exact schemas, while command output returns compact anchors, pagination, and follow-up hints that guide agents through evidence-first research.
237
+
238
+ ### Install
239
+
240
+ ```bash
241
+ npx octocode
242
+ ```
243
+
244
+ ```bash
245
+ npx octocode login
246
+ npx octocode status
247
+ ```
248
+
249
+ ### All Commands
250
+
251
+ Local paths route to local tools; `owner/repo[/path]` targets route to GitHub tools.
252
+
253
+ | Command | Use it for |
254
+ |---------|------------|
255
+ | `octocode search <term> <path\|owner/repo>` | Text/regex search, file discovery with `--search path` / `--target files`, AST structural search with `--pattern` / `--rule`, and full OQL with `--query`. Use `--lang` for language/extension scope. |
256
+ | `octocode search <path\|owner/repo> --tree` | Browse local or GitHub structure |
257
+ | `octocode search <file>` | Read content, line ranges, and matched slices; add `--content-view exact|compact|symbols` or `--raw` |
258
+ | `octocode search <file> --symbols` | Show a symbol outline for a file or source tree |
259
+ | `octocode search <owner/repo[#N]\|PR-URL> --target pullRequests` | Search or deep-read pull requests |
260
+ | `octocode search <owner/repo[/path]> --target commits` | Inspect commit history for a repo, directory, or file |
261
+ | `octocode search <keywords...> --target repositories` | Discover GitHub repositories |
262
+ | `octocode search <package\|keywords> --target packages` | Search npm and hand off to source repositories |
263
+ | `octocode search <file> --op <type> [--symbol <name>] [--line <n>]` | Trace `definition`, `references`, `callers`, `callees`, `callHierarchy`, `hover`, `typeDefinition`, `implementation`, `workspaceSymbol`, `supertypes`, `subtypes`, and `diagnostic`; `documentSymbols` outlines a file directly |
264
+ | `octocode search <file> --target artifacts` | Inspect archives, compressed files, and native binaries with `--inspect`, `--list`, `--extract`, `--decompress`, or `--strings` |
265
+ | `octocode unzip <archive>` | Unpack an archive to `<octocode-home>/tmp/unzip/<name>-<timestamp>/`, then use local `search --tree`, `search`, and `search <file>` |
266
+ | `octocode clone <owner/repo[/path][@branch]>` | Clone a repo or subtree to `<octocode-home>/tmp/clone/` for local/LSP analysis (`ENABLE_CLONE=true`) |
267
+ | `octocode cache fetch <owner/repo[@ref]> [path] [--depth file\|tree\|clone]` | Materialize remote content locally and return the absolute `localPath`; reuses the cache or force-refreshes with `--force-refresh` |
268
+ | `octocode cache status` | Show size and entry count of clone/tree/binary/unzip cache buckets |
269
+ | `octocode cache clear [--clone\|--repos\|--tree\|--binary\|--unzip\|--all]` | Remove cached materialization data |
270
+ | `octocode search --query <oql-json>` | Route typed OQL across code, content, structure, files, semantics, repositories, packages, pull requests, commits, artifacts, diff, research, graph, and materialization targets |
271
+ | `octocode tools` | List tools, read schemas, or run any MCP tool directly from the terminal |
272
+ | `octocode context` | Print agent-facing protocol, system prompt, tool descriptions, and schemas |
273
+ | `octocode skill --add <github-folder> --platform <common\|cursor\|claude\|codex\|all>` | Install one GitHub Agent Skill folder into deterministic agent destinations; full flags, no prompt |
274
+ | `octocode install` | Configure Octocode in MCP clients |
275
+ | `octocode auth` | Manage GitHub authentication with `login`, `logout`, `refresh`, or read-only `status` |
276
+ | `octocode login` / `octocode logout` | Open the interactive auth picker or clear stored GitHub credentials |
277
+ | `octocode status` | Check token presence, auth identity, MCP installs, sync state, and cache paths |
278
+
279
+ Full command syntax, flags, examples, and exit codes live in the [CLI Reference](https://github.com/bgauryy/octocode/blob/main/docs/cli/REFERENCE.md).
280
+
281
+ ---
282
+
283
+ ## Configuration
284
+
285
+ Everything is optional; Octocode runs on sensible defaults. Settings resolve from three sources, in priority order:
286
+
287
+ ```text
288
+ environment variables > <octocode-home>/.octocoderc > built-in defaults
289
+ ```
290
+
291
+ 1. **MCP / environment variables** (highest): per client or per project, set in your MCP config `env` or your shell.
292
+ 2. **Global config**: `<octocode-home>/.octocoderc`, machine-wide defaults read by **both the CLI and the MCP server**.
293
+ 3. **Built-in defaults**: used when neither is set.
294
+
295
+ **Octocode home** (`<octocode-home>`) holds the global config, encrypted credentials, sessions, stats, and tmp materialization caches. Its location is fixed per platform (there is no override):
296
+
297
+ | Platform | Location |
298
+ |----------|----------|
299
+ | macOS | `~/.octocode` |
300
+ | Linux | `${XDG_CONFIG_HOME:-~/.config}/.octocode` |
301
+ | Windows | `%APPDATA%\.octocode` |
302
+
303
+ **Set in MCP** (env entries; these win over `.octocoderc`):
304
+
305
+ ```json
306
+ {
307
+ "mcpServers": {
308
+ "octocode": {
309
+ "command": "npx",
310
+ "args": ["octocode-mcp@latest"],
311
+ "env": {
312
+ "GITHUB_TOKEN": "ghp_xxxxxxxx",
313
+ "ENABLE_LOCAL": "true",
314
+ "ENABLE_CLONE": "false"
315
+ }
316
+ }
317
+ }
318
+ }
319
+ ```
320
+
321
+ **Set globally** for both the CLI and MCP in `<octocode-home>/.octocoderc` (JSON, comments and trailing commas tolerated; never put tokens here). See the ready-to-copy [example below](#example-octocoderc).
322
+
323
+ ### Common settings
324
+
325
+ The **Scope** column shows where a setting applies: `Both`, or `MCP` (the CLI ignores it).
326
+
327
+ | Env var | `.octocoderc` key | Default | Scope | What it does |
328
+ |---------|-------------------|---------|-------|--------------|
329
+ | `OCTOCODE_TOKEN` / `GH_TOKEN` / `GITHUB_TOKEN` | env only | unset | Both | GitHub token, in priority order. Tokens stay in env, never in `.octocoderc`. |
330
+ | `GITHUB_API_URL` | `github.apiUrl` | `https://api.github.com` | Both | API endpoint; use `/api/v3` for GitHub Enterprise. |
331
+ | `ENABLE_LOCAL` | `local.enabled` | CLI `true`, MCP `false` | Both | Turns local filesystem + LSP tools on/off. |
332
+ | `ENABLE_CLONE` | `local.enableClone` | CLI `true`, MCP `false` | Both | `ghCloneRepo` and directory fetch. Default differs by surface; set `false` to disable in either. |
333
+ | `WORKSPACE_ROOT` | `local.workspaceRoot` | `cwd` | Both | Absolute root for resolving relative local paths. |
334
+ | `ALLOWED_PATHS` | `local.allowedPaths` | `[]` | Both | Extra path allowlist for local access; empty means home directory only after validation. |
335
+ | `TOOLS_TO_RUN` / `ENABLE_TOOLS` / `DISABLE_TOOLS` | `tools.*` | unset | **MCP** | Whitelist, add to, or remove from the registered tool set. The CLI exposes every tool. |
336
+ | `REQUEST_TIMEOUT` | `network.timeout` | `30000` | Both | Request timeout in ms (clamped `5000..300000`). |
337
+ | `MAX_RETRIES` | `network.maxRetries` | `3` | Both | Retry attempts (clamped `0..10`). |
338
+ | `OCTOCODE_OUTPUT_FORMAT` | `output.format` | `yaml` | Both | Response format: `yaml` or `json`. |
339
+
340
+ > **Local and clone defaults differ by surface.** The **CLI** honors `ENABLE_LOCAL` and defaults local tools on; clone is enabled by default. The **MCP server** honors `ENABLE_LOCAL` and defaults local tools and clone off, so a deployment can control what an assistant may touch. Explicit env or `.octocoderc` values override those defaults.
341
+
342
+ ### Example `.octocoderc`
343
+
344
+ Drop this at `<octocode-home>/.octocoderc` for machine-wide defaults shared by the CLI and the MCP server. Every field is optional; keep only what you want to change. **Tokens never go here** (use env or `octocode login`).
345
+
346
+ ```jsonc
347
+ {
348
+ // GitHub Enterprise users: point at your API endpoint.
349
+ "github": { "apiUrl": "https://api.github.com" },
350
+
351
+ "local": {
352
+ "enabled": true, // overrides the surface default for CLI and MCP
353
+ "enableClone": false, // false disables ghCloneRepo for CLI and MCP
354
+ "workspaceRoot": "~/code", // base for relative local paths (absolute or ~)
355
+ "allowedPaths": [] // extra dirs the local tools may read
356
+ },
357
+
358
+ "network": { "timeout": 30000, "maxRetries": 3 },
359
+
360
+ "output": { "format": "yaml" } // "yaml" or "json"
361
+ }
362
+ ```
363
+
364
+ Per-project overrides and custom LSP servers live in a workspace `.octocode/` folder (for example `.octocode/lsp-servers.json`). For every variable, the full `.octocoderc` schema, clone-cache tuning, GitHub Enterprise setup, local-state paths, and precedence details, see the [Configuration Reference](https://github.com/bgauryy/octocode/blob/main/docs/mcp/CONFIGURATION.md).
365
+
366
+ ---
367
+
368
+ ## Authentication Methods
369
+
370
+ GitHub-backed tools require authentication. Any one method is enough. Full details: [Authentication Setup](https://github.com/bgauryy/octocode/blob/main/docs/mcp/AUTHENTICATION.md).
371
+
372
+ ### Option 1: Octocode CLI (Recommended)
373
+
374
+ ```bash
375
+ npx octocode login
376
+ npx octocode status # verify the active token source
377
+ ```
378
+
379
+ Interactive login lets you choose Octocode browser OAuth or `gh auth login`. Octocode OAuth credentials are stored encrypted on disk.
380
+
381
+ ### Option 2: GitHub CLI (also supported)
382
+
383
+ ```bash
384
+ gh auth login
385
+ ```
386
+
387
+ Octocode reads the `gh` token automatically — no further config needed.
388
+
389
+ ### Option 3: Personal Access Token (also supported)
390
+
391
+ Set `OCTOCODE_TOKEN`, `GH_TOKEN`, or `GITHUB_TOKEN` in your shell. Required scopes: `repo`, `read:user`, `read:org`.
392
+
393
+ Create a token at [github.com/settings/tokens](https://github.com/settings/tokens).
394
+
395
+ > **Security tip**: Never commit tokens to version control. Use environment variables or secure secret management.
396
+
397
+ ---
398
+
399
+ ## Security
400
+
401
+ **Every byte that reaches the model is scanned and redacted first.** All content (local files, GitHub and npm responses, error messages, and tool outputs) passes through the Rust engine's secret scanner on the way *in* (tool inputs) and on the way *out* (results), so secrets never reach the LLM. The same enforcement runs identically under MCP and the CLI.
402
+
403
+ - **Secret redaction, in and out.** 300+ provider credential patterns (AWS, Azure, GCP, GitHub, OpenAI, Anthropic, Stripe, Slack, 1Password, and more) plus generic JWTs, PEM/private keys, bearer tokens, database connection strings, and high-entropy strings. Masked values surface a redaction warning so the agent knows.
404
+ - **Content sanitized at the source.** Local reads (`localGetFileContent`, ripgrep, structural search, binary, file discovery, structure) and external fetches (GitHub code/files, npm) are scanned as they are read, not only at the boundary.
405
+ - **Path safety.** Relative inputs resolve from `WORKSPACE_ROOT` / config / `cwd`, then local reads are bounded to the engine's allowed roots (home by default, plus `ALLOWED_PATHS` and Octocode-registered roots). Symlinks are resolved and the real target is **re-validated**, so a link cannot escape into a blocked location.
406
+ - **Sensitive files and directories are blocked by default.** Octocode refuses to read known secret-bearing files and folders wherever they live, returning a redacted error instead of contents. Blocked patterns include:
407
+ - **Keys and certs:** `*.pem`, `*.key`, `*.crt`/`*.cer`/`*.csr`, `*.p12`/`*.pfx`/`*.jks`/`*.keystore`, and SSH keys (`id_rsa`, `*_ed25519`, `authorized_keys`, `known_hosts`, `.ssh/`).
408
+ - **Credentials and tokens:** `.env` / `.env.*`, `.netrc`, `.npmrc`, `.pgpass`, `.git-credentials`, `*_token` / `.token`, `client_secret*.json`, `*service-account*.json`, `auth.json`, `.htpasswd`.
409
+ - **Cloud and infra:** `.aws/`, `.azure/`, `.config/gcloud/`, `.kube/` / `kubeconfig`, `.docker/`, `.terraform/` and `*.tfstate`.
410
+ - **OS and app secret stores:** `.git/`, `secrets/`, `private/`, browser login data (Chrome/Firefox), OS keychains, password managers (`*.kdbx`), shell history files, and crypto wallets.
411
+ - **Command safety.** Normal local search runs in-process inside `octocode-engine`. External helpers are fixed per lane, command/argument allowlisted, and run via `spawn` with argument arrays: no shell strings, no injection.
412
+ - **Schema validation** runs before any tool executes; untrusted input size and shape are bounded.
413
+ - **Credentials.** GitHub auth via env tokens, AES-256-GCM-encrypted on-disk OAuth, or the `gh` CLI; tokens are never logged.
414
+
415
+ **Full security model, pipeline, and threat coverage: [SECURITY.md](https://github.com/bgauryy/octocode/blob/main/docs/SECURITY.md).** Related: [Authentication](https://github.com/bgauryy/octocode/blob/main/docs/mcp/AUTHENTICATION.md) · [Configuration](https://github.com/bgauryy/octocode/blob/main/docs/mcp/CONFIGURATION.md) · [Credentials](https://github.com/bgauryy/octocode/blob/main/docs/mcp/CREDENTIALS.md)
416
+
417
+ ---
418
+
419
+ ## Language Support
420
+
421
+ Four code-intelligence axes; three are native to the Rust engine and need no external tooling:
422
+
423
+ | Axis | What it does | How to use it |
424
+ |------|--------------|---------------|
425
+ | **Structural AST** | Tree-sitter shape queries (`pattern` or YAML `rule`) across 33 grammars. | `localSearchCode mode:"structural"` · CLI `search --pattern`/`--rule` |
426
+ | **Signature outline** | Body-free skeleton with line numbers from real tree-sitter parsing, no heuristics. An anti-growth guard returns the real file when a skeleton wouldn't be smaller. | `minify:"symbols"` · CLI `search <file> --content-view symbols` |
427
+ | **Content minification** | Comment/whitespace stripping for 70+ languages and config formats; HTML/Vue/Svelte also minify embedded `<style>`/`<script>`. | `minify:"standard"` (default) |
428
+ | **LSP navigation** | definition, references, callers/callees, callHierarchy, hover, typeDefinition, implementation, documentSymbols, via an installed language server; JS/TS also have a native, no-server path. | `lspGetSemantics` · CLI `search --op` / `search --symbols` |
429
+
430
+ 📋 **Full support matrix:** every extension with its exact AST, signature, LSP, and minify capability, machine-generated from the shipped binary, lives in **[`benchmark/SUPPORT.md`](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/benchmark/SUPPORT.md)** (150 extensions: 61 AST, 47 signature, 56 LSP, 89 minify-only). Regenerate or verify with `yarn workspace @octocodeai/octocode-benchmark matrix:check`.
431
+
432
+ ---
433
+
434
+ ## Skills
435
+
436
+ > [Agent Skills](https://agentskills.io/what-are-skills) are a lightweight, open format for extending AI agent capabilities.
437
+ > Browse and install on [**skills.sh/bgauryy/octocode-mcp**](https://www.skills.sh/bgauryy/octocode-mcp) · Skills index: [skills/README.md](https://github.com/bgauryy/octocode/blob/main/skills/README.md)
438
+
439
+ These are the skills the Octocode team itself uses to build Octocode. **9 skills** live under [`skills/`](https://github.com/bgauryy/octocode/tree/main/skills); the table mirrors the [Skills Index](https://github.com/bgauryy/octocode/blob/main/skills/README.md). ⭐ **[Engineer](https://www.skills.sh/bgauryy/octocode-mcp/octocode-engineer)** is the recommended starting skill.
440
+
441
+ Install any GitHub skill folder directly from the Octocode CLI:
442
+
443
+ ```bash
444
+ # Shared cross-agent location: ~/.agents/skills
445
+ npx octocode skill --add bgauryy/octocode-mcp/skills/octocode-engineer --platform common
446
+
447
+ # Agent-safe install for multiple clients; never prompts
448
+ npx octocode skill --add https://github.com/bgauryy/octocode-mcp/tree/main/skills/octocode-engineer --platform cursor,codex --mode copy --json
449
+ ```
450
+
451
+ Platforms: `common` (`~/.agents/skills`), `cursor`, `claude` (Claude Code + Claude Desktop), `codex`, or `all`. Use `--mode symlink` to keep each agent pointed at the Octocode-managed source cache. Full guide: [Skills Guide](https://github.com/bgauryy/octocode/blob/main/docs/SKILLS_GUIDE.md).
452
+
453
+ | Skill | Directory | Use it when |
454
+ |-------|-----------|-------------|
455
+ | [**CLI**](https://www.skills.sh/bgauryy/octocode-mcp/octocode) | `octocode/` | You want to research code from the terminal without MCP: local, GitHub, npm, file, repo, PR, or package lookup. |
456
+ | ⭐ [**Engineer**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-engineer) | `octocode-engineer/` | You need to understand, implement, review, refactor, or audit code. The default for "work on this code." |
457
+ | [**Loop**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-loop) | `octocode-loop/` | The goal and research path are clear and the work needs grounded Act -> Observe -> Learn -> Repeat loops until evidence converges. |
458
+ | [**Brainstorming**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-brainstorming) | `octocode-brainstorming/` | The idea is fuzzy: validate prior art, check whether something is worth building, or produce a decision brief. |
459
+ | [**RFC Generator**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-rfc-generator) | `octocode-rfc-generator/` | You need a design doc, RFC, architecture proposal, migration plan, or rollout plan before coding. |
460
+ | [**Roast**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-roast) | `octocode-roast/` | You want brutal but actionable code critique with severity-ranked findings and fixes. |
461
+ | [**Skills**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-skills) | `octocode-skills/` | You are working on Agent Skills themselves: find, evaluate, install, lint, create, or update `SKILL.md` folders. |
462
+ | [**Awareness**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-awareness) | `octocode-awareness/` | You need memory, file locks, or verify-before-conclude across runs or concurrent agents in a shared/dirty repo. |
463
+ | [**Stats**](https://www.skills.sh/bgauryy/octocode-mcp/octocode-stats) | `octocode-stats/` | You want to visualize Octocode usage: tokens/chars saved, cache hits, errors, and rate limits from `stats.json`. |
464
+
465
+ ---
466
+
467
+ ## Architecture
468
+
469
+ A yarn-workspaces monorepo. The **MCP server** and the **CLI** are thin front-ends over one shared TypeScript tool core, which delegates every CPU-heavy path to a single **Rust engine** (compiled via [napi-rs](https://napi.rs) to prebuilt `.node` binaries). One tool catalog, one security layer, one response shaper, reached two ways.
470
+
471
+ ```mermaid
472
+ graph LR
473
+ CLI["octocode<br/>CLI"]
474
+ MCP["octocode-mcp<br/>MCP server, stdio"]
475
+ VSC["VS Code extension<br/>OAuth + install"]
476
+ CORE["octocode-tools-core<br/>tools, GitHub client, auth, pagination, security bridge"]
477
+ ENGINE["octocode-engine (Rust)<br/>secrets, minify, AST, signatures, ripgrep/diff/YAML, LSP"]
478
+ EXT["GitHub API, local FS + ripgrep, language servers"]
479
+
480
+ CLI --> CORE
481
+ MCP --> CORE
482
+ VSC -. starts .-> MCP
483
+ CORE --> ENGINE
484
+ CORE --> EXT
485
+ ENGINE --> EXT
486
+
487
+ style ENGINE fill:#1a1a2e,stroke:#e75d2a,color:#fff
488
+ ```
489
+
490
+ **Request flow** is identical whether a call arrives over MCP or the CLI:
491
+
492
+ ```text
493
+ client → sanitize inputs (Rust) → run tool (GitHub / FS / LSP) → sanitize + YAML-serialize + paginate (Rust) → result + next-step hints
494
+ ```
495
+
496
+ **One Rust engine** owns secret detection, sanitization, path/command validation, minification (70+ languages), signature extraction, structural AST search, ripgrep parsing, diff filtering, YAML serialization, and LSP, so the Node event loop stays unblocked and there is no duplicate native loader. It ships prebuilt for darwin (arm64/x64), linux (arm64/x64, gnu + musl), and win32-x64; no Rust toolchain is needed at runtime.
497
+
498
+ ### Packages
499
+
500
+ | Directory | npm package | Role |
501
+ |-----------|-------------|------|
502
+ | [`packages/octocode`](https://github.com/bgauryy/octocode/tree/main/packages/octocode) | `octocode` | CLI: quick commands, raw tool runner, skill installs, auth/login/logout, install, status, context. |
503
+ | [`packages/octocode-mcp`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-mcp) | `octocode-mcp` | MCP server (stdio) that registers the tool catalog for AI assistants. |
504
+ | [`packages/octocode-tools-core`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-tools-core) | `@octocodeai/octocode-tools-core` | Shared tool core: implementations, GitHub client, credentials and token resolution, session, pagination, security bridge. |
505
+ | [`packages/octocode-engine`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-engine) | `@octocodeai/octocode-engine` | Rust/napi native engine: security scanning, minification, signatures, structural AST, ripgrep/diff/YAML, LSP. |
506
+ | [`packages/octocode-vscode`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-vscode) | `octocode-mcp-vscode` | VS Code extension: GitHub OAuth + multi-editor MCP install. |
507
+
508
+ ---
509
+
510
+ ## Documentation
511
+
512
+ Website: **[octocode.ai](https://octocode.ai)** · Product docs: **[github.com/bgauryy/octocode/tree/main/docs](https://github.com/bgauryy/octocode/tree/main/docs)** · Index: **[docs/README.md](https://github.com/bgauryy/octocode/blob/main/docs/README.md)**. Product documentation lives in [`docs/`](https://github.com/bgauryy/octocode/tree/main/docs); benchmark methodology, evals, and run artifacts live in [`packages/octocode-benchmark`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-benchmark).
513
+
514
+ **Docs map**
515
+ - [`docs/mcp/`](https://github.com/bgauryy/octocode/tree/main/docs/mcp): MCP server configuration, authentication, tools, workflows, architecture
516
+ - [`docs/cli/`](https://github.com/bgauryy/octocode/tree/main/docs/cli): CLI commands, flags, and reference material
517
+ - [`docs/`](https://github.com/bgauryy/octocode/tree/main/docs): guides for development, security, and Pi setup
518
+ - [`packages/octocode-benchmark/`](https://github.com/bgauryy/octocode/tree/main/packages/octocode-benchmark): benchmark methodology, support matrix, unified eval, recipes, output schema, and run artifacts
519
+
520
+ **Setup**
521
+ - [Authentication Setup](https://github.com/bgauryy/octocode/blob/main/docs/mcp/AUTHENTICATION.md)
522
+ - [Configuration Reference](https://github.com/bgauryy/octocode/blob/main/docs/mcp/CONFIGURATION.md)
523
+ - [Using octocode-mcp with Pi](https://github.com/bgauryy/octocode/blob/main/docs/PI/PI_SETUP_GUIDE.md)
524
+
525
+ **Tool References**
526
+ - [GitHub Tools](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/GITHUB_TOOLS.md)
527
+ - [Local Tools](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/LOCAL_TOOLS.md)
528
+ - [Binary Tools](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/BINARY_TOOLS.md)
529
+ - [LSP Tools](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/LSP_TOOLS.md)
530
+ - [Clone & Local Workflow](https://github.com/bgauryy/octocode/blob/main/docs/mcp/CLONE_WORKFLOW.md)
531
+ - [Tool Behavior Guide](https://github.com/bgauryy/octocode/blob/main/docs/mcp/tools/TOOL_BEHAVIOR.md)
532
+
533
+ **Benchmarks & Evals**
534
+ - [Benchmark Summary](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/BENCHMARK.md)
535
+ - [Unified CLI/Tool/OQL Eval](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/benchmark/octocode/README.md)
536
+ - [Benchmark Runbook](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/recipes/agent-benchmark-runbook.md)
537
+ - [Support Matrix](https://github.com/bgauryy/octocode/blob/main/packages/octocode-benchmark/benchmark/SUPPORT.md)
538
+
539
+ **Security, CLI & Skills**
540
+ - [Security Model](https://github.com/bgauryy/octocode/blob/main/docs/SECURITY.md)
541
+ - [CLI Reference](https://github.com/bgauryy/octocode/blob/main/docs/cli/REFERENCE.md)
542
+ - [Skills Guide](https://github.com/bgauryy/octocode/blob/main/docs/SKILLS_GUIDE.md)
543
+ - [Skills Index](https://github.com/bgauryy/octocode/blob/main/skills/README.md)
544
+
545
+ **Shared Internals**
546
+ - [Credentials Architecture](https://github.com/bgauryy/octocode/blob/main/docs/mcp/CREDENTIALS.md) · [Session Persistence](https://github.com/bgauryy/octocode/blob/main/docs/mcp/SESSION.md)
547
+
548
+ ### Recommended dev mode: Pi + Octocode
549
+
550
+ [Pi](https://github.com/earendil-works/pi) is a fast, local-first coding agent whose stated philosophy is *"CLI tools with READMEs (Skills) over MCP."* Pairing it with Octocode gives a lean, evidence-driven dev loop — **Pi edits, Octocode researches**. Two routes, pick by how much surface you need:
551
+
552
+ - **Skill route — recommended, leanest.** Drop the [`octocode-engineer`](https://www.skills.sh/bgauryy/octocode-mcp/octocode-engineer) skill into Pi's global skills dir. It drives the Octocode **CLI** directly — no MCP transport, minimal token overhead — and Pi auto-discovers it:
553
+
554
+ ```bash
555
+ npx octocode skill --add bgauryy/octocode-mcp/skills/octocode-engineer --platform common
556
+ ```
557
+
558
+ - **Adapter route — full tool surface.** Install [`pi-mcp-adapter`](https://github.com/nicobailon/pi-mcp-adapter) to expose all 14 Octocode MCP tools behind a single ~200-token proxy tool, so servers stay disconnected until a tool is actually called. Enable clone tools with `ENABLE_CLONE=true`.
559
+
560
+ Tune Pi's behavior with an `APPEND_SYSTEM.md` (a compact starter lives at [`docs/PI/APPEND_SYSTEM.md`](https://github.com/bgauryy/octocode/blob/main/docs/PI/APPEND_SYSTEM.md)). The full walkthrough — adapter install, MCP config scopes, skills, system-prompt tuning, and custom models — is in the [**Pi Setup Guide**](https://github.com/bgauryy/octocode/blob/main/docs/PI/PI_SETUP_GUIDE.md).
561
+
562
+ ### The Manifest
563
+
564
+ **"Code is Truth, but Context is the Map."** Read the [Manifest of Octocode for Research Driven Development](https://github.com/bgauryy/octocode/blob/main/MANIFEST.md) to understand the philosophy behind Octocode.
package/dist/config.d.ts CHANGED
@@ -14,3 +14,10 @@ export declare const MAX_CONTEXT_LINES = 100;
14
14
  export declare const MAX_CHAR_LENGTH = 50000;
15
15
  export declare const GITHUB_FILE_CONTENT_DEFAULT_CHAR_LENGTH = 8000;
16
16
  export declare const MAX_MATCH_CONTENT_LENGTH = 100000;
17
+ /**
18
+ * Default per-match snippet length (Unicode scalars). Mirrors the Rust engine's
19
+ * `DEFAULT_MAX_SNIPPET_CHARS` so GitHub code-search fragments are bounded by the
20
+ * same rule that bounds local ripgrep snippets — char-safe truncation with `...`.
21
+ * The render layer must not re-truncate; this is the single data-layer bound.
22
+ */
23
+ export declare const DEFAULT_MATCH_SNIPPET_CHARS = 500;