@sdsrs/code-graph 0.4.4 → 0.4.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/claude-plugin/.claude-plugin/plugin.json +1 -1
  2. package/claude-plugin/scripts/auto-update.js +34 -13
  3. package/package.json +6 -6
package/claude-plugin/.claude-plugin/plugin.json CHANGED
@@ -4,6 +4,6 @@
4
4
  "author": {
5
5
  "name": "sdsrs"
6
6
  },
7
- "version": "0.4.4",
7
+ "version": "0.4.5",
8
8
  "keywords": ["code-graph", "ast", "navigation", "mcp", "knowledge-graph"]
9
9
  }
package/claude-plugin/scripts/auto-update.js CHANGED
@@ -1,6 +1,6 @@
1
1
  #!/usr/bin/env node
2
2
  'use strict';
3
- const { execSync } = require('child_process');
3
+ const { execFileSync } = require('child_process');
4
4
  const fs = require('fs');
5
5
  const path = require('path');
6
6
  const os = require('os');
@@ -87,6 +87,21 @@ async function fetchLatestRelease() {
87
87
  } catch { return null; }
88
88
  }
89
89
 
90
+ // ── Helpers ────────────────────────────────────────────────
91
+
92
+ function copyDirSync(src, dst) {
93
+ fs.mkdirSync(dst, { recursive: true });
94
+ for (const entry of fs.readdirSync(src, { withFileTypes: true })) {
95
+ const srcPath = path.join(src, entry.name);
96
+ const dstPath = path.join(dst, entry.name);
97
+ if (entry.isDirectory()) {
98
+ copyDirSync(srcPath, dstPath);
99
+ } else {
100
+ fs.copyFileSync(srcPath, dstPath);
101
+ }
102
+ }
103
+ }
104
+
90
105
  // ── Download & Install ─────────────────────────────────────
91
106
 
92
107
  async function downloadAndInstall(latest) {
@@ -94,13 +109,20 @@ async function downloadAndInstall(latest) {
94
109
  try {
95
110
  fs.mkdirSync(tmpDir, { recursive: true });
96
111
 
97
- // 1. Download and extract tarball (plugin files)
98
- execSync(
99
- `curl -sL -H "Accept: application/vnd.github+json" "${latest.tarballUrl}" | tar xz -C "${tmpDir}" --strip-components=1`,
100
- { timeout: 30000, stdio: 'pipe' }
101
- );
112
+ // 1. Download tarball (safe: no shell interpolation)
113
+ const tarballPath = path.join(tmpDir, 'release.tar.gz');
114
+ execFileSync('curl', [
115
+ '-sL', '-o', tarballPath,
116
+ '-H', 'Accept: application/vnd.github+json',
117
+ latest.tarballUrl,
118
+ ], { timeout: 30000, stdio: 'pipe' });
119
+
120
+ // 2. Extract tarball
121
+ execFileSync('tar', [
122
+ 'xzf', tarballPath, '-C', tmpDir, '--strip-components=1',
123
+ ], { timeout: 15000, stdio: 'pipe' });
102
124
 
103
- // 2. Copy plugin files to cache
125
+ // 3. Copy plugin files to cache (cross-platform)
104
126
  const pluginSrc = path.join(tmpDir, 'claude-plugin');
105
127
  const pluginDst = path.join(
106
128
  os.homedir(), '.claude', 'plugins', 'cache', MARKETPLACE_NAME, 'code-graph', latest.version
@@ -108,11 +130,10 @@ async function downloadAndInstall(latest) {
108
130
 
109
131
  if (fs.existsSync(pluginSrc)) {
110
132
  fs.mkdirSync(pluginDst, { recursive: true });
111
- // Copy recursively
112
- execSync(`cp -r "${pluginSrc}/." "${pluginDst}/"`, { stdio: 'pipe' });
133
+ copyDirSync(pluginSrc, pluginDst);
113
134
  }
114
135
 
115
- // 3. Update installed_plugins.json to point to new version
136
+ // 4. Update installed_plugins.json to point to new version
116
137
  const installedPath = path.join(os.homedir(), '.claude', 'plugins', 'installed_plugins.json');
117
138
  try {
118
139
  const installed = readJson(installedPath);
@@ -124,7 +145,7 @@ async function downloadAndInstall(latest) {
124
145
  }
125
146
  } catch { /* installed_plugins update failed — not fatal */ }
126
147
 
127
- // 4. Update install manifest with tag version
148
+ // 5. Update install manifest with tag version
128
149
  try {
129
150
  const manifest = readManifest();
130
151
  manifest.version = latest.version;
@@ -132,9 +153,9 @@ async function downloadAndInstall(latest) {
132
153
  writeJsonAtomic(path.join(CACHE_DIR, 'install-manifest.json'), manifest);
133
154
  } catch { /* manifest update failed — not fatal */ }
134
155
 
135
- // 5. Update npm binary (non-blocking, best-effort)
156
+ // 6. Update npm binary (non-blocking, best-effort)
136
157
  try {
137
- execSync(`npm install -g ${NPM_PACKAGE}@${latest.version}`, {
158
+ execFileSync('npm', ['install', '-g', `${NPM_PACKAGE}@${latest.version}`], {
138
159
  timeout: 60000,
139
160
  stdio: 'pipe',
140
161
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sdsrs/code-graph",
3
- "version": "0.4.4",
3
+ "version": "0.4.5",
4
4
  "description": "MCP server that indexes codebases into an AST knowledge graph with semantic search, call graph traversal, and HTTP route tracing",
5
5
  "license": "MIT",
6
6
  "repository": {
@@ -33,10 +33,10 @@
33
33
  "node": ">=16"
34
34
  },
35
35
  "optionalDependencies": {
36
- "@sdsrs/code-graph-linux-x64": "0.4.4",
37
- "@sdsrs/code-graph-linux-arm64": "0.4.4",
38
- "@sdsrs/code-graph-darwin-x64": "0.4.4",
39
- "@sdsrs/code-graph-darwin-arm64": "0.4.4",
40
- "@sdsrs/code-graph-win32-x64": "0.4.4"
36
+ "@sdsrs/code-graph-linux-x64": "0.4.5",
37
+ "@sdsrs/code-graph-linux-arm64": "0.4.5",
38
+ "@sdsrs/code-graph-darwin-x64": "0.4.5",
39
+ "@sdsrs/code-graph-darwin-arm64": "0.4.5",
40
+ "@sdsrs/code-graph-win32-x64": "0.4.5"
41
41
  }
42
42
  }