@senoldogann/context-manager 0.1.21 → 0.1.25

package/README.md

@@ -22,7 +22,7 @@
 ### Installation
 
 ```bash
-# 1. Install and configure for Claude Desktop, Antigravity, Cursor, etc.
+# 1. Install and configure for Codex, Cursor, Claude Desktop, Antigravity, etc.
 npx @senoldogann/context-manager install
 
 # 2. Index your project
@@ -31,6 +31,20 @@ npx @senoldogann/context-manager index --path .
 
 **That's it!** Restart your AI editor and start asking questions about your code.
 
+### First-Run Verification
+
+Use this quick smoke test after install:
+
+```bash
+# Verify the CLI responds
+npx @senoldogann/context-manager query --text "src/main.rs:1"
+
+# Verify the MCP binary starts
+npx @senoldogann/context-manager mcp
+```
+
+If the wrapper is healthy, the query command should return code context and the MCP process should stay open waiting for stdio messages.
+
 ---
 
 ## 📖 What is CCM?
@@ -55,6 +69,15 @@ The npm wrapper downloads pre-built binaries and passes commands through:
 | `npx @senoldogann/context-manager mcp` | Run MCP server directly |
 | `npx @senoldogann/context-manager eval --tasks <file>` | Run evaluation tasks |
 
+### Supported Hosts
+
+| Host | Status |
+|------|--------|
+| Codex | Supported |
+| Cursor | Supported |
+| Claude Desktop | Supported |
+| Antigravity | Supported |
+
 ### Options
 
 ```bash
@@ -140,6 +163,15 @@ This package handles:
 2. Binary download from GitHub Releases
 3. Global persistence in `~/.ccm`
 
+### ✅ Release Reliability
+
+- GitHub Releases publish platform binaries plus `checksums.txt`
+- The npm wrapper verifies checksums before using downloaded binaries
+- Redirects are restricted to approved GitHub release hosts
+- Release builds run for Linux, macOS, and Windows before assets are attached
+- npm publishing uses GitHub Actions trusted publishing with OIDC
+- The same smoke path is documented here and in the main repository README
+
 ### ✅ Binary Integrity
 
 Downloads are verified against `checksums.txt` from the GitHub Release.  
@@ -152,10 +184,33 @@ Enable `CCM_EMBED_DATA_FILES=1` to include them in semantic search.
 
 **Source:** https://github.com/senoldogann/LLM-Context-Manager
 
+**Docs:** [English README](https://github.com/senoldogann/LLM-Context-Manager/blob/main/README.md) | [Turkish README](https://github.com/senoldogann/LLM-Context-Manager/blob/main/README.tr.md)
+
 ---
 
 ## 📝 Changelog
 
+### v0.1.25
+- ✅ npm publish now uses GitHub Actions trusted publishing (OIDC)
+- ✅ Clearer first-run verification and release reliability docs
+
+### v0.1.24
+- ✅ Native `protoc` installation in GitHub Actions release builds
+- ✅ Updated release workflow actions for newer runner compatibility
+
+### v0.1.23
+- ✅ JSON-RPC request size limit for safer MCP stdio transport
+- ✅ Sensitive value redaction in MCP debug logs
+- ✅ Hardened path normalization for MCP graph and context tools
+- ✅ GitHub release redirect allowlist for binary downloads
+- ✅ Unused core dependency cleanup
+
+### v0.1.22
+- ✅ Codex installer support via `codex mcp add`
+- ✅ Cursor config support via `~/.cursor/mcp.json`
+- ✅ Evaluation bootstraps missing indexes before scoring
+- ✅ Golden tasks refreshed for the current repo layout
+
 ### v0.1.21
 - ✅ Release checksums (`checksums.txt`) for binary integrity
 - ✅ MCP allowlist with optional strict enforcement

package/bin/ccm.js

@@ -1,47 +1,59 @@
 #!/usr/bin/env node
 
-const { spawn } = require('child_process');
+const { spawn, spawnSync } = require('child_process');
 const path = require('path');
 const fs = require('fs');
 const os = require('os');
 const https = require('https');
 const crypto = require('crypto');
 
-const VERSION = "0.1.21";
+const VERSION = "0.1.25";
 const REPO = 'senoldogann/LLM-Context-Manager';
 const BIN_DIR = path.join(os.homedir(), '.ccm', 'bin');
 const CHECKSUMS_FILE = 'checksums.txt';
 let checksumCache = null;
 
+const MCP_SERVER_NAME = 'context-manager';
+const MCP_COMMAND = 'npx';
+const MCP_ARGS = ['-y', '@senoldogann/context-manager', 'mcp'];
+const MCP_ENV = {
+    RUST_LOG: 'info'
+};
+const ALLOWED_REDIRECT_HOSTS = new Set([
+    'github.com',
+    'objects.githubusercontent.com',
+    'release-assets.githubusercontent.com'
+]);
+
 function allowUnverifiedBinaries() {
     const raw = process.env.CCM_ALLOW_UNVERIFIED_BINARIES || process.env.CCM_SKIP_CHECKSUM || '';
     return ['1', 'true', 'yes'].includes(raw.toLowerCase());
 }
 
 async function installMcp() {
-    const configPaths = [];
     const home = os.homedir();
+    const jsonTargets = [];
 
     if (os.platform() === 'darwin') {
-        configPaths.push(path.join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json'));
-        configPaths.push(path.join(home, '.gemini', 'antigravity', 'mcp_config.json'));
-        configPaths.push(path.join(home, 'Library', 'Application Support', 'Code', 'User', 'globalStorage', 'saoudrizwan.claude-dev', 'settings', 'cline_mcp_settings.json'));
-        configPaths.push(path.join(home, 'Library', 'Application Support', 'Code', 'User', 'globalStorage', 'rooveterinaryinc.roo-cline', 'settings', 'cline_mcp_settings.json'));
+        jsonTargets.push(path.join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json'));
+        jsonTargets.push(path.join(home, '.gemini', 'antigravity', 'mcp_config.json'));
+        jsonTargets.push(path.join(home, 'Library', 'Application Support', 'Code', 'User', 'globalStorage', 'saoudrizwan.claude-dev', 'settings', 'cline_mcp_settings.json'));
+        jsonTargets.push(path.join(home, 'Library', 'Application Support', 'Code', 'User', 'globalStorage', 'rooveterinaryinc.roo-cline', 'settings', 'cline_mcp_settings.json'));
     } else if (os.platform() === 'win32') {
         const appData = process.env.APPDATA || '';
-        configPaths.push(path.join(appData, 'Claude', 'claude_desktop_config.json'));
-        configPaths.push(path.join(process.env.USERPROFILE || '', 'AppData', 'Roaming', 'Code', 'User', 'globalStorage', 'saoudrizwan.claude-dev', 'settings', 'cline_mcp_settings.json'));
+        jsonTargets.push(path.join(appData, 'Claude', 'claude_desktop_config.json'));
+        jsonTargets.push(path.join(process.env.USERPROFILE || '', 'AppData', 'Roaming', 'Code', 'User', 'globalStorage', 'saoudrizwan.claude-dev', 'settings', 'cline_mcp_settings.json'));
     } else if (os.platform() === 'linux') {
-        configPaths.push(path.join(home, '.config', 'Claude', 'claude_desktop_config.json'));
-        configPaths.push(path.join(home, '.config', 'Code', 'User', 'globalStorage', 'saoudrizwan.claude-dev', 'settings', 'cline_mcp_settings.json'));
+        jsonTargets.push(path.join(home, '.config', 'Claude', 'claude_desktop_config.json'));
+        jsonTargets.push(path.join(home, '.config', 'Code', 'User', 'globalStorage', 'saoudrizwan.claude-dev', 'settings', 'cline_mcp_settings.json'));
     }
 
+    jsonTargets.push(path.join(home, '.cursor', 'mcp.json'));
+
     const mcpConfig = {
-        "command": "npx",
-        "args": ["-y", "@senoldogann/context-manager", "mcp"],
-        "env": {
-            "RUST_LOG": "info"
-        }
+        command: MCP_COMMAND,
+        args: MCP_ARGS,
+        env: MCP_ENV
     };
 
     console.log("[CCM] Pre-downloading binaries for all tools...");
@@ -49,38 +61,104 @@ async function installMcp() {
     await getBinaryFor('ccm-mcp');
 
     let installedCount = 0;
-    for (const configPath of configPaths) {
-        const dir = path.dirname(configPath);
-        if (fs.existsSync(dir)) {
-            let config = { mcpServers: {} };
-            if (fs.existsSync(configPath)) {
-                try {
-                    const content = fs.readFileSync(configPath, 'utf8');
-                    config = JSON.parse(content);
-                    fs.copyFileSync(configPath, `${configPath}.bak`);
-                } catch (e) {
-                    console.warn(`[CCM] Could not parse ${configPath}, creating backup and starting fresh section.`);
-                }
-            }
-
-            if (!config.mcpServers) config.mcpServers = {};
-            config.mcpServers["context-manager"] = mcpConfig;
 
-            fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
-            console.log(`[CCM] ✓ Successfully updated: ${configPath}`);
+    for (const configPath of jsonTargets) {
+        if (installJsonConfig(configPath, mcpConfig)) {
             installedCount++;
         }
     }
 
+    if (installCodexConfig()) {
+        installedCount++;
+    }
+
     if (installedCount === 0) {
         console.log("[CCM] No supported MCP config directories found.");
-        console.log("[CCM] Please add this to your mcp_config.json manually:");
-        console.log(JSON.stringify({ "context-manager": mcpConfig }, null, 2));
+        console.log("[CCM] Add this server manually:");
+        console.log(JSON.stringify({ [MCP_SERVER_NAME]: mcpConfig }, null, 2));
+        console.log("[CCM] Codex example:");
+        console.log(`codex mcp add ${MCP_SERVER_NAME} --env RUST_LOG=info -- ${MCP_COMMAND} ${MCP_ARGS.join(' ')}`);
     } else {
         console.log("[CCM] Installation complete! Restart your AI editor to see the changes.");
     }
 }
 
+function installJsonConfig(configPath, mcpConfig) {
+    const dir = path.dirname(configPath);
+
+    if (!fs.existsSync(dir)) {
+        return false;
+    }
+
+    let config = { mcpServers: {} };
+    if (fs.existsSync(configPath)) {
+        try {
+            const content = fs.readFileSync(configPath, 'utf8');
+            config = JSON.parse(content);
+            fs.copyFileSync(configPath, `${configPath}.bak`);
+        } catch (e) {
+            console.warn(`[CCM] Could not parse ${configPath}, creating backup and starting fresh section.`);
+        }
+    }
+
+    if (!config.mcpServers || typeof config.mcpServers !== 'object') {
+        config.mcpServers = {};
+    }
+
+    config.mcpServers[MCP_SERVER_NAME] = mcpConfig;
+    fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+    console.log(`[CCM] ✓ Successfully updated: ${configPath}`);
+    return true;
+}
+
+function installCodexConfig() {
+    const listResult = spawnSync('codex', ['mcp', 'list', '--json'], {
+        encoding: 'utf8'
+    });
+
+    if (listResult.error) {
+        return false;
+    }
+
+    if (listResult.status !== 0) {
+        console.warn(`[CCM] Codex MCP inspection failed: ${listResult.stderr.trim()}`);
+        return false;
+    }
+
+    let existingServers = [];
+    try {
+        existingServers = JSON.parse(listResult.stdout);
+    } catch (error) {
+        console.warn('[CCM] Could not parse Codex MCP list output.');
+        return false;
+    }
+
+    const existing = existingServers.find((server) => server.name === MCP_SERVER_NAME);
+    if (existing) {
+        const removeResult = spawnSync('codex', ['mcp', 'remove', MCP_SERVER_NAME], {
+            encoding: 'utf8'
+        });
+
+        if (removeResult.status !== 0) {
+            console.warn(`[CCM] Codex MCP removal failed: ${removeResult.stderr.trim()}`);
+            return false;
+        }
+    }
+
+    const addArgs = ['mcp', 'add', MCP_SERVER_NAME, '--env', 'RUST_LOG=info', '--', MCP_COMMAND, ...MCP_ARGS];
+    const addResult = spawnSync('codex', addArgs, {
+        encoding: 'utf8'
+    });
+
+    if (addResult.status !== 0) {
+        console.warn(`[CCM] Codex MCP install failed: ${addResult.stderr.trim()}`);
+        return false;
+    }
+
+    console.log('[CCM] ✓ Successfully updated: ~/.codex/config.toml');
+    return true;
+}
+
 async function getBinaryFor(commandName) {
     const platform = os.platform();
     const arch = os.arch();
@@ -152,7 +230,12 @@ function downloadFile(url, dest) {
     return new Promise((resolve, reject) => {
         https.get(url, (response) => {
             if (response.statusCode === 302 || response.statusCode === 301) {
-                return downloadFile(response.headers.location, dest).then(resolve).catch(reject);
+                try {
+                    const redirectUrl = resolveRedirectUrl(url, response.headers.location);
+                    return downloadFile(redirectUrl, dest).then(resolve).catch(reject);
+                } catch (error) {
+                    return reject(error);
+                }
             }
             if (response.statusCode !== 200) {
                 return reject(new Error(`Failed to download: ${response.statusCode}`));
@@ -177,7 +260,12 @@ function downloadText(url) {
     return new Promise((resolve, reject) => {
         https.get(url, (response) => {
             if (response.statusCode === 302 || response.statusCode === 301) {
-                return downloadText(response.headers.location).then(resolve).catch(reject);
+                try {
+                    const redirectUrl = resolveRedirectUrl(url, response.headers.location);
+                    return downloadText(redirectUrl).then(resolve).catch(reject);
+                } catch (error) {
+                    return reject(error);
+                }
             }
             if (response.statusCode !== 200) {
                 return reject(new Error(`Failed to download: ${response.statusCode}`));
@@ -205,6 +293,22 @@ async function getChecksums() {
     }
 }
 
+function resolveRedirectUrl(sourceUrl, location) {
+    if (!location) {
+        throw new Error('Redirect response did not include a Location header');
+    }
+
+    const resolved = new URL(location, sourceUrl);
+    if (resolved.protocol !== 'https:') {
+        throw new Error(`Blocked redirect to non-HTTPS URL: ${resolved.href}`);
+    }
+    if (!ALLOWED_REDIRECT_HOSTS.has(resolved.hostname)) {
+        throw new Error(`Blocked redirect to unexpected host: ${resolved.hostname}`);
+    }
+
+    return resolved.toString();
+}
+
 function parseChecksums(text) {
     const map = new Map();
     for (const line of text.split('\n')) {

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@senoldogann/context-manager",
-    "version": "0.1.21",
+    "version": "0.1.25",
     "description": "LLM Context Manager MCP Server & CLI wrapper using npx",
     "main": "bin/ccm.js",
     "bin": {