context-mode 1.0.62 → 1.0.64

package/.claude-plugin/marketplace.json

@@ -6,14 +6,14 @@
   },
   "metadata": {
     "description": "Claude Code plugins by Mert Koseoğlu",
-    "version": "1.0.62"
+    "version": "1.0.64"
   },
   "plugins": [
     {
       "name": "context-mode",
       "source": "./",
       "description": "Claude Code MCP plugin that saves 98% of your context window. Sandboxed code execution in 11 languages, FTS5 knowledge base with BM25 ranking, and intent-driven search.",
-      "version": "1.0.62",
+      "version": "1.0.64",
       "author": {
         "name": "Mert Koseoğlu"
       },

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "context-mode",
-  "version": "1.0.62",
+  "version": "1.0.64",
   "description": "MCP server that saves 98% of your context window with session continuity. Sandboxed code execution in 11 languages, FTS5 knowledge base with BM25 ranking, and automatic state restore across compactions.",
   "author": {
     "name": "Mert Koseoğlu",

package/.openclaw-plugin/openclaw.plugin.json

@@ -3,7 +3,7 @@
   "name": "Context Mode",
   "kind": "tool",
   "description": "OpenClaw plugin that saves 98% of your context window. Sandboxed code execution in 11 languages, FTS5 knowledge base with BM25 ranking, and intent-driven search.",
-  "version": "1.0.62",
+  "version": "1.0.64",
   "sandbox": {
     "mode": "permissive",
     "filesystem_access": "full",

package/.openclaw-plugin/package.json

@@ -1,6 +1,6 @@
 {
   "name": "context-mode",
-  "version": "1.0.62",
+  "version": "1.0.64",
   "description": "OpenClaw plugin that saves 98% of your context window. Sandboxed code execution in 11 languages, FTS5 knowledge base with BM25 ranking, and intent-driven search.",
   "author": {
     "name": "Mert Koseoğlu",

package/build/executor.d.ts

@@ -7,9 +7,6 @@ interface ExecuteOptions {
     timeout?: number;
     /** Keep process running after timeout instead of killing it. */
     background?: boolean;
-    /** Env vars to inherit from the parent process (e.g. ['TMPDIR']).
-     *  Security-critical variables (NODE_OPTIONS, LD_PRELOAD, etc.) are always blocked. */
-    inheritEnvKeys?: string[];
 }
 interface ExecuteFileOptions extends ExecuteOptions {
     path: string;

package/build/executor.js

@@ -63,7 +63,7 @@ export class PolyglotExecutor {
         this.#backgroundedPids.clear();
     }
     async execute(opts) {
-        const { language, code, timeout = 30_000, background = false, inheritEnvKeys } = opts;
+        const { language, code, timeout = 30_000, background = false } = opts;
         const tmpDir = mkdtempSync(join(OS_TMPDIR, ".ctx-mode-"));
         try {
             const filePath = this.#writeScript(tmpDir, code, language);
@@ -76,7 +76,7 @@ export class PolyglotExecutor {
             // and other project-aware tools work naturally. Non-shell languages
             // run in the temp directory where their script file is written.
             const cwd = language === "shell" ? this.#projectRoot : tmpDir;
-            const result = await this.#spawn(cmd, cwd, tmpDir, timeout, background, inheritEnvKeys);
+            const result = await this.#spawn(cmd, cwd, tmpDir, timeout, background);
             // Skip tmpDir cleanup if process was backgrounded — it may still need files
             if (!result.backgrounded) {
                 try {
@@ -160,7 +160,7 @@ export class PolyglotExecutor {
         // Run
         return this.#spawn([binPath], cwd, cwd, timeout);
     }
-    async #spawn(cmd, cwd, sandboxTmpDir, timeout, background = false, inheritEnvKeys) {
+    async #spawn(cmd, cwd, sandboxTmpDir, timeout, background = false) {
         return new Promise((res) => {
             // Only .cmd/.bat shims need shell on Windows; real executables don't.
             // Using shell: true globally causes process-tree kill issues with MSYS2/Git Bash.
@@ -182,7 +182,7 @@ export class PolyglotExecutor {
             const proc = spawn(spawnCmd, spawnArgs, {
                 cwd,
                 stdio: ["ignore", "pipe", "pipe"],
-                env: this.#buildSafeEnv(sandboxTmpDir, inheritEnvKeys),
+                env: this.#buildSafeEnv(sandboxTmpDir),
                 shell: needsShell,
                 // On Unix, create a new process group so killTree can kill all children
                 detached: !isWin,
@@ -272,7 +272,7 @@ export class PolyglotExecutor {
             });
         });
     }
-    #buildSafeEnv(tmpDir, inheritEnvKeys) {
+    #buildSafeEnv(tmpDir) {
         const realHome = process.env.HOME ?? process.env.USERPROFILE ?? tmpDir;
         // Denylist: env vars that corrupt sandbox stdout, inject code, or break
         // language runtimes. Each entry is backed by CVE, MITRE, or live testing.
@@ -395,16 +395,6 @@ export class PolyglotExecutor {
                 }
             }
         }
-        // Apply user-requested env var inheritance (blocked by DENIED set).
-        // This runs AFTER sandbox overrides so callers can opt-in to inheriting
-        // the parent's value for vars like TMPDIR (needed for Gradle daemon, etc.).
-        if (inheritEnvKeys?.length) {
-            for (const key of inheritEnvKeys) {
-                if (!DENIED.has(key) && process.env[key] !== undefined) {
-                    env[key] = process.env[key];
-                }
-            }
-        }
         return env;
     }
     #wrapWithFileContent(absolutePath, language, code) {

package/build/server.js

@@ -389,7 +389,7 @@ export function formatBatchQueryResults(store, queries, source, maxOutput = 80 *
 // ─────────────────────────────────────────────────────────
 server.registerTool("ctx_execute", {
     title: "Execute Code",
-    description: `MANDATORY: Use for any command where output exceeds 20 lines. Execute code in a sandboxed subprocess. Only stdout enters context — raw data stays in the subprocess.${bunNote} Available: ${langList}.\n\nPREFER THIS OVER BASH for: API calls (gh, curl, aws), test runners (npm test, pytest), git queries (git log, git diff), data processing, and ANY CLI command that may produce large output. Bash should only be used for file mutations, git writes, and navigation.`,
+    description: `MANDATORY: Use for any command where output exceeds 20 lines. Execute code in a sandboxed subprocess. Only stdout enters context — raw data stays in the subprocess.${bunNote} Available: ${langList}.\n\nPREFER THIS OVER BASH for: API calls (gh, curl, aws), test runners (npm test, pytest), git queries (git log, git diff), data processing, and ANY CLI command that may produce large output. Bash should only be used for file mutations, git writes, and navigation.\n\nTHINK IN CODE: When you need to analyze, count, filter, compare, or process data — write code that does the work and console.log() only the answer. Do NOT read raw data into context to process mentally. Program the analysis, don't compute it in your reasoning. Write robust, pure JavaScript (no npm dependencies). Use only Node.js built-ins (fs, path, child_process). Always wrap in try/catch. Handle null/undefined. Works on both Node.js and Bun.`,
     inputSchema: z.object({
         language: z
             .enum([
@@ -426,13 +426,8 @@ server.registerTool("ctx_execute", {
             "indexes output into knowledge base and returns section titles + previews — not full content. " +
             "Use search(queries: [...]) to retrieve specific sections. Example: 'failing tests', 'HTTP 500 errors'." +
             "\n\nTIP: Use specific technical terms, not just concepts. Check 'Searchable terms' in the response for available vocabulary."),
-        inheritEnvKeys: z
-            .array(z.string())
-            .optional()
-            .describe("Environment variables to inherit from the parent process (e.g. ['TMPDIR']). " +
-            "Security-critical variables (NODE_OPTIONS, LD_PRELOAD, etc.) are always blocked."),
     }),
-}, async ({ language, code, timeout, background, intent, inheritEnvKeys }) => {
+}, async ({ language, code, timeout, background, intent }) => {
     // Security: deny-only firewall
     if (language === "shell") {
         const denied = checkDenyPolicy(code, "execute");
@@ -499,7 +494,7 @@ ${code}
 __cm_main().catch(e=>{console.error(e);process.exitCode=1});${background ? '\nsetInterval(()=>{},2147483647);' : ''}
 })(typeof require!=='undefined'?require:null);`;
         }
-        const result = await executor.execute({ language, code: instrumentedCode, timeout, background, inheritEnvKeys });
+        const result = await executor.execute({ language, code: instrumentedCode, timeout, background });
         // Parse sandbox network metrics from stderr
         const netMatch = result.stderr?.match(/__CM_NET__:(\d+)/);
         if (netMatch) {
@@ -668,7 +663,7 @@ function intentSearch(stdout, intent, source, maxResults = 5) {
 // ─────────────────────────────────────────────────────────
 server.registerTool("ctx_execute_file", {
     title: "Execute File Processing",
-    description: "Read a file and process it without loading contents into context. The file is read into a FILE_CONTENT variable inside the sandbox. Only your printed summary enters context.\n\nPREFER THIS OVER Read/cat for: log files, data files (CSV, JSON, XML), large source files for analysis, and any file where you need to extract specific information rather than read the entire content.",
+    description: "Read a file and process it without loading contents into context. The file is read into a FILE_CONTENT variable inside the sandbox. Only your printed summary enters context.\n\nPREFER THIS OVER Read/cat for: log files, data files (CSV, JSON, XML), large source files for analysis, and any file where you need to extract specific information rather than read the entire content.\n\nTHINK IN CODE: Write code that processes FILE_CONTENT and console.log() only the answer. Don't read files into context to analyze mentally. Write robust, pure JavaScript — no npm deps, try/catch, null-safe. Node.js + Bun compatible.",
     inputSchema: z.object({
         path: z
             .string()
@@ -1272,7 +1267,8 @@ server.registerTool("ctx_batch_execute", {
         "Returns search results directly — no follow-up calls needed.\n\n" +
         "THIS IS THE PRIMARY TOOL. Use this instead of multiple execute() calls.\n\n" +
         "One batch_execute call replaces 30+ execute calls + 10+ search calls.\n" +
-        "Provide all commands to run and all queries to search — everything happens in one round trip.",
+        "Provide all commands to run and all queries to search — everything happens in one round trip.\n\n" +
+        "THINK IN CODE: When commands produce data you need to analyze, add processing commands that filter and summarize. Don't pull raw output into context — let the sandbox do the work.",
     inputSchema: z.object({
         commands: z.preprocess(coerceCommandsArray, z
             .array(z.object({
@@ -1296,13 +1292,8 @@ server.registerTool("ctx_batch_execute", {
             .optional()
             .default(60000)
             .describe("Max execution time in ms (default: 60s)"),
-        inheritEnvKeys: z
-            .array(z.string())
-            .optional()
-            .describe("Environment variables to inherit from the parent process (e.g. ['TMPDIR']). " +
-            "Security-critical variables (NODE_OPTIONS, LD_PRELOAD, etc.) are always blocked."),
     }),
-}, async ({ commands, queries, timeout, inheritEnvKeys }) => {
+}, async ({ commands, queries, timeout }) => {
     // Security: check each command against deny patterns
     for (const cmd of commands) {
         const denied = checkDenyPolicy(cmd.command, "batch_execute");
@@ -1328,7 +1319,6 @@ server.registerTool("ctx_batch_execute", {
                 language: "shell",
                 code: `${cmd.command} 2>&1`,
                 timeout: remaining,
-                inheritEnvKeys,
             });
             const output = result.stdout || "(no output)";
             perCommandOutputs.push(`# ${cmd.label}\n\n${output}\n`);