context-mode 1.0.121 → 1.0.123

package/build/adapters/gemini-cli/index.js

@@ -25,7 +25,7 @@ import { BaseAdapter } from "../base.js";
 // ─────────────────────────────────────────────────────────
 // Hook constants (re-exported from hooks.ts)
 // ─────────────────────────────────────────────────────────
-import { HOOK_TYPES as GEMINI_HOOK_NAMES, HOOK_SCRIPTS as GEMINI_HOOK_SCRIPTS, buildHookCommand as buildGeminiHookCommand, } from "./hooks.js";
+import { HOOK_TYPES as GEMINI_HOOK_NAMES, HOOK_SCRIPTS as GEMINI_HOOK_SCRIPTS, buildHookCommand as buildGeminiHookCommand, EXTERNAL_MCP_MATCHER_PATTERN, } from "./hooks.js";
 // ─────────────────────────────────────────────────────────
 // Adapter implementation
 // ─────────────────────────────────────────────────────────
@@ -178,7 +178,9 @@ export class GeminiCLIAdapter extends BaseAdapter {
             ],
             [GEMINI_HOOK_NAMES.BEFORE_TOOL]: [
                 {
-                    matcher: "run_shell_command|read_file|read_many_files|grep_search|search_file_content|web_fetch|activate_skill|mcp__plugin_context-mode",
+                    // Gemini native tools + context-mode own MCP (both canonical and Claude
+                    // shim prefixes) + external MCP catch-all (#529).
+                    matcher: `run_shell_command|read_file|read_many_files|grep_search|search_file_content|web_fetch|activate_skill|mcp__plugin_context-mode|mcp__context-mode|${EXTERNAL_MCP_MATCHER_PATTERN}`,
                     hooks: [
                         {
                             type: "command",

package/build/adapters/kiro/hooks.d.ts

@@ -18,6 +18,21 @@ export declare const HOOK_TYPES: {
 };
 export type HookType = (typeof HOOK_TYPES)[keyof typeof HOOK_TYPES];
 export declare const HOOK_SCRIPTS: Record<string, string>;
+/**
+ * Negative-lookahead matcher for external MCP tool namespaces on Kiro (#529).
+ *
+ * Kiro MCP wire shape: `@<server>/<tool>` (verified in
+ * hooks/core/tool-naming.mjs — context-mode's own tools surface as
+ * `@context-mode/<tool>`). This pattern fires PreToolUse for any external
+ * `@<server>/<tool>` whose server segment is NOT `context-mode`. Without it,
+ * large payloads from slack / telegram / gdrive / notion-style MCPs bypass
+ * the routing nudge and flood the model's context window — PostToolUse runs
+ * too late to keep the raw data out.
+ *
+ * Routing.mjs `isExternalMcpTool` is extended to recognise the `@<server>/`
+ * prefix shape so the routing branch returns external-MCP guidance.
+ */
+export declare const EXTERNAL_MCP_MATCHER_PATTERN = "@(?!context-mode/)";
 /**
  * Tools that context-mode's PreToolUse hook intercepts on Kiro.
  *
@@ -26,7 +41,7 @@ export declare const HOOK_SCRIPTS: Record<string, string>;
  *
  * MCP tools surface as @context-mode/ctx_* in Kiro.
  */
-export declare const PRE_TOOL_USE_MATCHERS: readonly ["execute_bash", "fs_read", "@context-mode/ctx_execute", "@context-mode/ctx_execute_file", "@context-mode/ctx_batch_execute"];
+export declare const PRE_TOOL_USE_MATCHERS: readonly ["execute_bash", "fs_read", "@context-mode/ctx_execute", "@context-mode/ctx_execute_file", "@context-mode/ctx_batch_execute", "@(?!context-mode/)"];
 /**
  * Combined matcher pattern for Kiro hook config (pipe-separated).
  * Used by generateHookConfig and configureAllHooks.

package/build/adapters/kiro/hooks.js

@@ -24,6 +24,24 @@ export const HOOK_SCRIPTS = {
     [HOOK_TYPES.AGENT_SPAWN]: "agentspawn.mjs",
 };
 // ─────────────────────────────────────────────────────────
+// External MCP routing matcher (#529)
+// ─────────────────────────────────────────────────────────
+/**
+ * Negative-lookahead matcher for external MCP tool namespaces on Kiro (#529).
+ *
+ * Kiro MCP wire shape: `@<server>/<tool>` (verified in
+ * hooks/core/tool-naming.mjs — context-mode's own tools surface as
+ * `@context-mode/<tool>`). This pattern fires PreToolUse for any external
+ * `@<server>/<tool>` whose server segment is NOT `context-mode`. Without it,
+ * large payloads from slack / telegram / gdrive / notion-style MCPs bypass
+ * the routing nudge and flood the model's context window — PostToolUse runs
+ * too late to keep the raw data out.
+ *
+ * Routing.mjs `isExternalMcpTool` is extended to recognise the `@<server>/`
+ * prefix shape so the routing branch returns external-MCP guidance.
+ */
+export const EXTERNAL_MCP_MATCHER_PATTERN = "@(?!context-mode/)";
+// ─────────────────────────────────────────────────────────
 // PreToolUse matchers
 // ─────────────────────────────────────────────────────────
 /**
@@ -40,6 +58,7 @@ export const PRE_TOOL_USE_MATCHERS = [
     "@context-mode/ctx_execute",
     "@context-mode/ctx_execute_file",
     "@context-mode/ctx_batch_execute",
+    EXTERNAL_MCP_MATCHER_PATTERN,
 ];
 /**
  * Combined matcher pattern for Kiro hook config (pipe-separated).

package/build/adapters/pi/extension.d.ts

@@ -22,5 +22,14 @@
  * a prior load.
  */
 export declare let _mcpBridgeReady: Promise<void>;
+/**
+ * Returns true iff `argv` matches a Pi top-level short-circuit invocation
+ * (help or version). Only argv[0] is inspected — Pi's runCli only checks
+ * the first token, and subcommand-level `--help` (e.g. `pi stats --help`)
+ * still spins up a real session, so we must NOT skip bootstrap there.
+ *
+ * Exported for unit tests.
+ */
+export declare function isPiShortCircuitArgv(argv: readonly string[]): boolean;
 /** Pi extension default export. Called once by Pi runtime with the extension API. */
 export default function piExtension(pi: any): void;

package/build/adapters/pi/extension.js

@@ -193,12 +193,51 @@ function handleCommandText(text, ctx) {
     }
     return { text };
 }
+// ── Pi short-circuit argv detection (#534) ───────────────
+//
+// Pi's runtime loads every extension during module discovery, BEFORE its
+// `runCli()` decides whether the invocation is a real session or a
+// short-lived help / version print. Without this guard, even `pi --help`
+// causes us to spawn `server.bundle.mjs` as a long-lived stdio child —
+// which is then reparented to PID 1 the moment Pi's `--help` handler
+// returns. The MCP SDK's StdioServerTransport CPU-spins on the half-closed
+// pipe until the 30 s ppid poll catches up, accumulating multi-hour orphans
+// (see issue #534, plus the historical #311 / #388 fixes that only addressed
+// the *recovery* path — not the *prevention* path).
+//
+// Token set verified against the Pi 14.x source — specifically:
+//   refs/platforms/oh-my-pi/packages/coding-agent/src/cli.ts:runCli
+//
+//     if (first === "--help" || first === "-h" || first === "--version"
+//      || first === "-v" || first === "help") { /* short-circuit */ }
+//
+// We mirror it exactly — no inferred flags, no `-V` (Pi uses lowercase `-v`),
+// no `--no-help`. Anything else (including `pi stats --help`) routes through
+// the normal launch path and the bridge bootstraps as usual.
+const PI_SHORT_CIRCUIT_TOKENS = new Set(["--help", "-h", "--version", "-v", "help"]);
+/**
+ * Returns true iff `argv` matches a Pi top-level short-circuit invocation
+ * (help or version). Only argv[0] is inspected — Pi's runCli only checks
+ * the first token, and subcommand-level `--help` (e.g. `pi stats --help`)
+ * still spins up a real session, so we must NOT skip bootstrap there.
+ *
+ * Exported for unit tests.
+ */
+export function isPiShortCircuitArgv(argv) {
+    if (argv.length === 0)
+        return false;
+    return PI_SHORT_CIRCUIT_TOKENS.has(argv[0]);
+}
 // ── Extension entry point ────────────────────────────────
 /** Pi extension default export. Called once by Pi runtime with the extension API. */
 export default function piExtension(pi) {
     const buildDir = dirname(fileURLToPath(import.meta.url));
     const pluginRoot = resolve(buildDir, "..", "..", "..");
-    const projectDir = process.env.PI_PROJECT_DIR || process.cwd();
+    // Issue #542 — Pi's runtime sets PI_CONFIG_DIR (not PI_PROJECT_DIR).
+    // PI_PROJECT_DIR remains supported as a legacy override for callers
+    // that historically synthesized it. Cwd is the universal final
+    // fallback.
+    const projectDir = process.env.PI_CONFIG_DIR || process.env.PI_PROJECT_DIR || process.cwd();
     const db = getOrCreateDB();
     // ── 1. session_start — Initialize session ──────────────
     pi.on("session_start", (_event, ctx) => {
@@ -534,6 +573,18 @@ export default function piExtension(pi) {
     // Best-effort: a missing bundle or a spawn failure must NOT prevent
     // the rest of the extension (session capture, hooks, slash commands)
     // from initializing. We log to stderr and continue.
+    // Short-circuit guard (#534): skip the MCP bridge bootstrap for
+    // `pi --help` / `pi --version` / `pi help` and similar. Pi prints and
+    // exits within milliseconds, but the bridge child would otherwise live
+    // long enough to be reparented to PID 1, half-close stdin, and pin a CPU
+    // core via the MCP SDK's stdio loop. We use process.argv directly so the
+    // guard works for any caller that boots Pi with a short-circuit token,
+    // regardless of how the runtime wires its CLI parser.
+    const piArgv = process.argv.slice(2);
+    if (isPiShortCircuitArgv(piArgv)) {
+        _mcpBridgeReady = Promise.resolve();
+        return;
+    }
     const serverBundle = resolve(pluginRoot, "server.bundle.mjs");
     if (existsSync(serverBundle)) {
         _mcpBridgeReady = bootstrapMCPTools(pi, serverBundle).then((handle) => {

package/build/adapters/qwen-code/hooks.d.ts

@@ -0,0 +1,26 @@
+/**
+ * adapters/qwen-code/hooks — Qwen Code hook definitions.
+ *
+ * Qwen Code is a Gemini CLI fork (packages/core/src/tools/tool-names.ts —
+ * shares native names like `run_shell_command`, `read_file`). The hook wire
+ * protocol is JSON stdin / stdout, identical to Claude Code and Gemini CLI.
+ *
+ * Config: ~/.qwen/settings.json under "hooks" key.
+ */
+/**
+ * Negative-lookahead matcher for external MCP tool namespaces on Qwen Code (#529).
+ *
+ * Qwen Code MCP wire shape: `mcp__<server>__<tool>` (shared with Gemini CLI
+ * upstream). Own context-mode MCP surfaces as both
+ * `mcp__plugin_context-mode_context-mode__ctx_*` (Claude shim path when users
+ * install via the Claude marketplace) and `mcp__context-mode__ctx_*` (Qwen
+ * canonical — see hooks/core/tool-naming.mjs). The negative lookahead
+ * `(?!.*context-mode)` excludes both variants from the external-MCP routing
+ * branch so context-mode's own tools (already wired by the explicit entries
+ * above this catch-all) are not double-routed.
+ *
+ * Without this matcher, large payloads from slack / telegram / gdrive / notion
+ * MCPs bypass the routing nudge and flood the model's context window —
+ * PostToolUse runs too late to keep the raw data out.
+ */
+export declare const EXTERNAL_MCP_MATCHER_PATTERN = "mcp__(?!.*context-mode)";

package/build/adapters/qwen-code/hooks.js

@@ -0,0 +1,29 @@
+/**
+ * adapters/qwen-code/hooks — Qwen Code hook definitions.
+ *
+ * Qwen Code is a Gemini CLI fork (packages/core/src/tools/tool-names.ts —
+ * shares native names like `run_shell_command`, `read_file`). The hook wire
+ * protocol is JSON stdin / stdout, identical to Claude Code and Gemini CLI.
+ *
+ * Config: ~/.qwen/settings.json under "hooks" key.
+ */
+// ─────────────────────────────────────────────────────────
+// External MCP routing matcher (#529)
+// ─────────────────────────────────────────────────────────
+/**
+ * Negative-lookahead matcher for external MCP tool namespaces on Qwen Code (#529).
+ *
+ * Qwen Code MCP wire shape: `mcp__<server>__<tool>` (shared with Gemini CLI
+ * upstream). Own context-mode MCP surfaces as both
+ * `mcp__plugin_context-mode_context-mode__ctx_*` (Claude shim path when users
+ * install via the Claude marketplace) and `mcp__context-mode__ctx_*` (Qwen
+ * canonical — see hooks/core/tool-naming.mjs). The negative lookahead
+ * `(?!.*context-mode)` excludes both variants from the external-MCP routing
+ * branch so context-mode's own tools (already wired by the explicit entries
+ * above this catch-all) are not double-routed.
+ *
+ * Without this matcher, large payloads from slack / telegram / gdrive / notion
+ * MCPs bypass the routing nudge and flood the model's context window —
+ * PostToolUse runs too late to keep the raw data out.
+ */
+export const EXTERNAL_MCP_MATCHER_PATTERN = "mcp__(?!.*context-mode)";

package/build/adapters/qwen-code/index.js

@@ -16,6 +16,7 @@ import { readFileSync, writeFileSync, existsSync, } from "node:fs";
 import { resolve, join } from "node:path";
 import { homedir } from "node:os";
 import { ClaudeCodeBaseAdapter } from "../claude-code-base.js";
+import { EXTERNAL_MCP_MATCHER_PATTERN } from "./hooks.js";
 import { buildNodeCommand, } from "../types.js";
 // ─────────────────────────────────────────────────────────
 // Adapter implementation
@@ -55,6 +56,9 @@ export class QwenCodeAdapter extends ClaudeCodeBaseAdapter {
             "mcp__plugin_context-mode_context-mode__ctx_execute",
             "mcp__plugin_context-mode_context-mode__ctx_execute_file",
             "mcp__plugin_context-mode_context-mode__ctx_batch_execute",
+            // External MCP catch-all (#529). Negative-lookahead excludes context-mode's
+            // own server segments so the explicit entries above are not double-routed.
+            EXTERNAL_MCP_MATCHER_PATTERN,
         ].join("|");
         return {
             PreToolUse: [
@@ -247,6 +251,8 @@ export class QwenCodeAdapter extends ClaudeCodeBaseAdapter {
                     "mcp__plugin_context-mode_context-mode__ctx_execute",
                     "mcp__plugin_context-mode_context-mode__ctx_execute_file",
                     "mcp__plugin_context-mode_context-mode__ctx_batch_execute",
+                    // External MCP catch-all (#529) — keep in sync with generateHookConfig above.
+                    EXTERNAL_MCP_MATCHER_PATTERN,
                 ].join("|"),
             },
             {

package/build/cli.js

@@ -25,7 +25,7 @@ import { resolveClaudeConfigDir } from "./util/claude-config.js";
 // v1.0.119 — Issue #523 Layer 5 heal: post-bump assertion on .claude-plugin/plugin.json
 // mcpServers args. Single source of truth shared with start.mjs HEAL block + postinstall.
 // @ts-expect-error — JS module, no TS declarations
-import { healPluginJsonMcpServers } from "../scripts/heal-installed-plugins.mjs";
+import { healPluginJsonMcpServers, healMcpJsonArgs } from "../scripts/heal-installed-plugins.mjs";
 // Private 16-LOC copy of browserOpenArgv. Canonical version lives in src/server.ts;
 // duplicated here so the cli bundle does not pull server.ts top-level boot side effects.
 // Keep in sync — pure data, no I/O.
@@ -125,7 +125,16 @@ if (args[0] === "doctor") {
     doctor().then((code) => process.exit(code));
 }
 else if (args[0] === "upgrade") {
-    upgrade().catch((err) => {
+    // Issue #542 — accept --platform <id> from the ctx_upgrade MCP handler,
+    // which forwards the live MCP clientInfo's resolved PlatformId. The flag
+    // wins over upgrade()'s own detectPlatform() heuristic chain so an
+    // ambiguous config-dir collision (e.g. ~/.cursor + ~/.pi both present)
+    // can never misroute the upgrade.
+    const platformFlagIdx = args.indexOf("--platform");
+    const platformArg = platformFlagIdx >= 0 && args[platformFlagIdx + 1]
+        ? args[platformFlagIdx + 1]
+        : undefined;
+    upgrade(platformArg ? { platform: platformArg } : undefined).catch((err) => {
         const message = err instanceof Error ? err.message : String(err);
         p.log.error(color.red(message));
         process.exit(1);
@@ -601,11 +610,18 @@ async function insight(port) {
 /* -------------------------------------------------------
  * Upgrade — adapter-aware hook configuration
  * ------------------------------------------------------- */
-async function upgrade() {
+async function upgrade(opts) {
     if (process.stdout.isTTY)
         console.clear();
-    // Detect platform
-    const detection = detectPlatform();
+    // Issue #542 — when the MCP ctx_upgrade handler threads through an
+    // explicit --platform <id> (resolved from live clientInfo), trust it
+    // over the local heuristic chain. detectPlatform() with no args cannot
+    // see the MCP handshake and falls through to the config-dir tier,
+    // which misdetects Pi/OMP installs as Cursor on systems where both
+    // ~/.cursor/ and ~/.pi/ exist.
+    const detection = opts?.platform
+        ? { platform: opts.platform, confidence: "high", reason: `--platform ${opts.platform} from ctx_upgrade handler` }
+        : detectPlatform();
     const adapter = await getAdapter(detection.platform);
     p.intro(color.bgCyan(color.black(" context-mode upgrade ")));
     p.log.info(`Platform: ${color.cyan(adapter.name)}` +
@@ -804,6 +820,31 @@ async function upgrade() {
                 const message = err instanceof Error ? err.message : String(err);
                 throw new Error(`plugin.json drift check failed: ${message}`);
             }
+            // v1.0.122 — Issue #531 — Layer 6 heal: assert .mcp.json's
+            // mcpServers["context-mode"].args[0] is the literal ${CLAUDE_PLUGIN_ROOT}/start.mjs
+            // placeholder. Asymmetric-heal sibling of the plugin.json assertion above.
+            // cli.ts writes .mcp.json at ~line 829-845 with the placeholder, but never
+            // asserted the on-disk shape afterwards — if a future regression dropped
+            // the placeholder write or a parallel normalize baked in an absolute path,
+            // upgrade() would declare success on a poisoned tree. Belt-and-braces:
+            // first call cleans any drift; second call MUST return healed:[] or throw.
+            // Single source of truth shared with start.mjs HEAL block + postinstall.
+            try {
+                const pluginCacheRoot = resolve(resolveClaudeConfigDir(), "plugins", "cache");
+                const pluginKey = "context-mode@context-mode";
+                const firstPass = healMcpJsonArgs({ pluginRoot, pluginCacheRoot, pluginKey });
+                if (firstPass && firstPass.error) {
+                    throw new Error(firstPass.error);
+                }
+                const secondPass = healMcpJsonArgs({ pluginRoot, pluginCacheRoot, pluginKey });
+                if (secondPass && Array.isArray(secondPass.healed) && secondPass.healed.length > 0) {
+                    throw new Error(`.mcp.json drift: mcpServers.args still poisoned after first heal pass (healed=${secondPass.healed.join(",")})`);
+                }
+            }
+            catch (err) {
+                const message = err instanceof Error ? err.message : String(err);
+                throw new Error(`.mcp.json drift check failed: ${message}`);
+            }
             // v1.0.114 hotfix — marketplace post-pull assertion: clone (if
             // present) MUST be on newVersion. Mert's case showed marketplace
             // stuck at v1.0.89 — the sync block above swallowed that silently.

package/build/executor.js

@@ -238,11 +238,11 @@ export class PolyglotExecutor {
                     ? cmd.slice(1).map(a => a.replace(/\\/g, "/"))
                     : cmd.slice(1);
             }
-            const proc = spawn(spawnCmd, spawnArgs, {
+            // Common options shared by both spawn variants below.
+            const commonOpts = {
                 cwd,
                 stdio: ["ignore", "pipe", "pipe"],
                 env: this.#buildSafeEnv(sandboxTmpDir),
-                shell: needsShell,
                 // On Unix, create a new process group so killTree can kill all children
                 detached: !isWin,
                 // Hide the spawned-process console window on Windows. Without this,
@@ -250,7 +250,22 @@ export class PolyglotExecutor {
                 // leaving the MCP response empty and popping a Git Bash terminal over
                 // the user's IDE. Issue #384.
                 ...buildSpawnOptions(process.platform),
-            });
+            };
+            // DEP0190 fix: when shell is true (Windows .cmd/.bat shims), pass a
+            // single command string instead of cmd + args array. Node.js warns
+            // that args are unsafely concatenated when shell:true is combined with
+            // the args-array form of spawn(). Colllapsing to a string avoids the
+            // warning while preserving the same shell behavior.
+            let proc;
+            if (needsShell) {
+                const fullCmd = [spawnCmd, ...spawnArgs]
+                    .map(a => /\s/.test(a) ? JSON.stringify(a) : a)
+                    .join(" ");
+                proc = spawn(fullCmd, [], { ...commonOpts, shell: true });
+            }
+            else {
+                proc = spawn(spawnCmd, spawnArgs, { ...commonOpts, shell: false });
+            }
             let timedOut = false;
             let resolved = false;
             // Issue #406 — if the caller didn't pass a timeout we don't fire one.

package/build/lifecycle.d.ts

@@ -44,6 +44,21 @@ export interface IsParentAliveDeps {
  * {@link defaultIsParentAlive} (captured once at module load).
  */
 export declare function makeDefaultIsParentAlive(deps?: IsParentAliveDeps): () => boolean;
+/**
+ * Resolve the parent-liveness poll interval based on context (#534).
+ *
+ * When this process is the MCP bridge child spawned by the Pi adapter
+ * (`bootstrapMCPTools` in `src/adapters/pi/mcp-bridge.ts` sets
+ * `CONTEXT_MODE_BRIDGE_DEPTH=1` in the child env), we tighten the poll to
+ * 1 s. The Pi parent can disappear in under 50 ms (`pi --help` prints
+ * usage and returns), so the default 30 s window leaves a long-lived
+ * CPU-spinning orphan. For top-level MCP servers (depth 0 / absent) we
+ * keep the original 30 s cadence — the existing #311/#388 ppid + stdin
+ * recovery paths already cover Claude Code style hosts.
+ *
+ * Exported for unit-testing.
+ */
+export declare function lifecycleGuardIntervalForEnv(env?: NodeJS.ProcessEnv): number;
 /**
  * Start the lifecycle guard. Returns a cleanup function.
  * Skipped automatically when stdin is a TTY (e.g. OpenCode ts-plugin).

package/build/lifecycle.js

@@ -71,12 +71,35 @@ export function makeDefaultIsParentAlive(deps = {}) {
     };
 }
 const defaultIsParentAlive = makeDefaultIsParentAlive();
+/**
+ * Resolve the parent-liveness poll interval based on context (#534).
+ *
+ * When this process is the MCP bridge child spawned by the Pi adapter
+ * (`bootstrapMCPTools` in `src/adapters/pi/mcp-bridge.ts` sets
+ * `CONTEXT_MODE_BRIDGE_DEPTH=1` in the child env), we tighten the poll to
+ * 1 s. The Pi parent can disappear in under 50 ms (`pi --help` prints
+ * usage and returns), so the default 30 s window leaves a long-lived
+ * CPU-spinning orphan. For top-level MCP servers (depth 0 / absent) we
+ * keep the original 30 s cadence — the existing #311/#388 ppid + stdin
+ * recovery paths already cover Claude Code style hosts.
+ *
+ * Exported for unit-testing.
+ */
+export function lifecycleGuardIntervalForEnv(env = process.env) {
+    const raw = env.CONTEXT_MODE_BRIDGE_DEPTH;
+    if (raw === undefined)
+        return 30_000;
+    const depth = Number.parseInt(raw, 10);
+    if (!Number.isFinite(depth) || depth <= 0)
+        return 30_000;
+    return 1000;
+}
 /**
  * Start the lifecycle guard. Returns a cleanup function.
  * Skipped automatically when stdin is a TTY (e.g. OpenCode ts-plugin).
  */
 export function startLifecycleGuard(opts) {
-    const interval = opts.checkIntervalMs ?? 30_000;
+    const interval = opts.checkIntervalMs ?? lifecycleGuardIntervalForEnv();
     const check = opts.isParentAlive ?? defaultIsParentAlive;
     let stopped = false;
     const shutdown = () => {

package/build/runtime.js

@@ -60,11 +60,15 @@ function runnableExists(cmd) {
     // fallthrough can be slow). On POSIX, 1500ms is plenty for a real binary
     // and keeps cold detection of python3 → python → py under ~5s total (#454).
     try {
-        execFileSync(cmd, ["--version"], {
-            shell: isWindows,
-            stdio: "pipe",
-            timeout: isWindows ? 5000 : 1500,
-        });
+        // DEP0190 fix: avoid args array with shell:true on Windows.
+        // Use execSync with a command string when shell is required;
+        // keep execFileSync (no shell) on POSIX.
+        if (isWindows) {
+            execSync(`"${cmd}" --version`, { stdio: "pipe", timeout: 5000 });
+        }
+        else {
+            execFileSync(cmd, ["--version"], { stdio: "pipe", timeout: 1500 });
+        }
         return true;
     }
     catch {
@@ -152,14 +156,31 @@ function resolveWindowsBash() {
 }
 function getVersion(cmd, args = ["--version"]) {
     try {
-        return execFileSync(cmd, args, {
-            encoding: "utf-8",
-            shell: process.platform === "win32",
-            stdio: ["pipe", "pipe", "pipe"],
-            timeout: 5000,
-        })
-            .trim()
-            .split(/\r?\n/)[0];
+        // DEP0190 fix: avoid args array with shell:true on Windows.
+        if (process.platform === "win32") {
+            // Hardening (PR #537 review): quote any cmd.exe metacharacter, not just
+            // whitespace. Current arg sources are internally controlled, but cheap
+            // defense-in-depth for future call sites.
+            const cmdStr = [cmd, ...args]
+                .map(a => /[\s"&|<>^()%!]/.test(a) ? JSON.stringify(a) : a)
+                .join(" ");
+            return execSync(cmdStr, {
+                encoding: "utf-8",
+                stdio: ["pipe", "pipe", "pipe"],
+                timeout: 5000,
+            })
+                .trim()
+                .split(/\r?\n/)[0];
+        }
+        else {
+            return execFileSync(cmd, args, {
+                encoding: "utf-8",
+                stdio: ["pipe", "pipe", "pipe"],
+                timeout: 5000,
+            })
+                .trim()
+                .split(/\r?\n/)[0];
+        }
     }
     catch {
         return "unknown";

package/build/server.js

@@ -2745,12 +2745,27 @@ server.registerTool("ctx_upgrade", {
         }
     }
     catch { /* best effort — don't block upgrade */ }
+    // Issue #542 — thread MCP clientInfo into the spawned upgrade
+    // process. detectPlatform() runs IN-PROCESS here (no spawn boundary)
+    // so clientInfo from the MCP handshake is the highest-confidence
+    // signal available. We forward the resolved PlatformId as a
+    // --platform flag (cross-shell safe on POSIX, Git Bash, PowerShell,
+    // and cmd.exe — unlike env-var prefixes). If detection fails we
+    // skip the flag and let upgrade()'s own detectPlatform() fall back.
+    let platformFlag = "";
+    try {
+        const { detectPlatform } = await import("./adapters/detect.js");
+        const clientInfo = server.server.getClientVersion();
+        const signal = detectPlatform(clientInfo ?? undefined);
+        platformFlag = ` --platform ${signal.platform}`;
+    }
+    catch { /* best effort — fall back to upgrade()'s own detect */ }
     let cmd;
     if (existsSync(bundlePath)) {
-        cmd = `${buildNodeCommand(bundlePath)} upgrade`;
+        cmd = `${buildNodeCommand(bundlePath)} upgrade${platformFlag}`;
     }
     else if (existsSync(fallbackPath)) {
-        cmd = `${buildNodeCommand(fallbackPath)} upgrade`;
+        cmd = `${buildNodeCommand(fallbackPath)} upgrade${platformFlag}`;
     }
     else {
         // Inline fallback: neither CLI file exists (e.g. marketplace installs).