ctx7 0.3.5 → 0.3.8

package/dist/index.js

@@ -1,4 +1,11 @@
 #!/usr/bin/env node
+import {
+  appendTomlServer,
+  mergeServerEntry,
+  readJsonConfig,
+  resolveMcpPath,
+  writeJsonConfig
+} from "./chunk-WKOIWR6Y.js";
 
 // src/index.ts
 import { Command } from "commander";
@@ -103,6 +110,10 @@ async function downloadSkillFromGitHub(skill) {
       }
       const content = await fileResponse.text();
       const relativePath = item.path.slice(skillPath.length + 1);
+      if (relativePath.includes("..")) {
+        console.warn(`Skipping file with unsafe path: ${item.path}`);
+        continue;
+      }
       files.push({
         path: relativePath,
         content
@@ -123,6 +134,7 @@ var __dirname = dirname(fileURLToPath(import.meta.url));
 var pkg = JSON.parse(readFileSync(join(__dirname, "../package.json"), "utf-8"));
 var VERSION = pkg.version;
 var NAME = pkg.name;
+var CLI_CLIENT_ID = "2veBSofhicRBguUT";
 
 // src/utils/api.ts
 var baseUrl = "https://context7.com";
@@ -432,13 +444,18 @@ async function checkboxWithHover(config, options) {
   );
   const values = choices.map((c) => c.value);
   const totalItems = values.length;
-  let cursorPosition = 0;
+  let cursorPosition = choices.findIndex((c) => !c.disabled);
+  if (cursorPosition < 0) cursorPosition = 0;
   const getName = options?.getName ?? ((v) => v.name);
   const keypressHandler = (_str, key) => {
-    if (key.name === "up" && cursorPosition > 0) {
-      cursorPosition--;
-    } else if (key.name === "down" && cursorPosition < totalItems - 1) {
-      cursorPosition++;
+    if (key.name === "up") {
+      let next = cursorPosition - 1;
+      while (next >= 0 && choices[next].disabled) next--;
+      if (next >= 0) cursorPosition = next;
+    } else if (key.name === "down") {
+      let next = cursorPosition + 1;
+      while (next < totalItems && choices[next].disabled) next++;
+      if (next < totalItems) cursorPosition = next;
     }
   };
   readline.emitKeypressEvents(process.stdin);
@@ -482,7 +499,7 @@ var IDE_GLOBAL_PATHS = {
   claude: ".claude/skills",
   cursor: ".cursor/skills",
   antigravity: ".agent/skills",
-  universal: ".config/agents/skills"
+  universal: ".agents/skills"
 };
 var IDE_NAMES = {
   claude: "Claude Code",
@@ -491,7 +508,7 @@ var IDE_NAMES = {
   universal: "Universal"
 };
 var UNIVERSAL_SKILLS_PATH = ".agents/skills";
-var UNIVERSAL_SKILLS_GLOBAL_PATH = ".config/agents/skills";
+var UNIVERSAL_SKILLS_GLOBAL_PATH = ".agents/skills";
 var UNIVERSAL_AGENTS_LABEL = "Amp, Codex, Gemini CLI, GitHub Copilot, OpenCode + more";
 var VENDOR_SPECIFIC_AGENTS = ["claude", "cursor", "antigravity"];
 var DEFAULT_CONFIG = {
@@ -714,12 +731,15 @@ function getTargetDirFromSelection(ide, scope) {
 
 // src/utils/installer.ts
 import { mkdir, writeFile, rm, symlink, lstat } from "fs/promises";
-import { join as join3 } from "path";
+import { join as join3, resolve, dirname as dirname3 } from "path";
 async function installSkillFiles(skillName, files, targetDir) {
-  const skillDir = join3(targetDir, skillName);
+  const skillDir = resolve(targetDir, skillName);
   for (const file of files) {
-    const filePath = join3(skillDir, file.path);
-    const fileDir = join3(filePath, "..");
+    const filePath = resolve(skillDir, file.path);
+    if (!filePath.startsWith(skillDir + "/") && filePath !== skillDir) {
+      throw new Error(`Skill file path "${file.path}" resolves outside the target directory`);
+    }
+    const fileDir = dirname3(filePath);
     await mkdir(fileDir, { recursive: true });
     await writeFile(filePath, file.content);
   }
@@ -810,17 +830,50 @@ function isTokenExpired(tokens) {
   }
   return Date.now() > tokens.expires_at - 6e4;
 }
+async function refreshAccessToken(refreshToken) {
+  const response = await fetch(`${getBaseUrl()}/api/oauth/token`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "refresh_token",
+      client_id: CLI_CLIENT_ID,
+      refresh_token: refreshToken
+    }).toString()
+  });
+  if (!response.ok) {
+    const err = await response.json().catch(() => ({}));
+    throw new Error(err.error_description || err.error || "Failed to refresh token");
+  }
+  return await response.json();
+}
+async function getValidAccessToken() {
+  const tokens = loadTokens();
+  if (!tokens) return null;
+  if (!isTokenExpired(tokens)) {
+    return tokens.access_token;
+  }
+  if (!tokens.refresh_token) {
+    return null;
+  }
+  try {
+    const newTokens = await refreshAccessToken(tokens.refresh_token);
+    saveTokens(newTokens);
+    return newTokens.access_token;
+  } catch {
+    return null;
+  }
+}
 var CALLBACK_PORT = 52417;
 function createCallbackServer(expectedState) {
   let resolvePort;
   let resolveResult;
   let rejectResult;
   let serverInstance = null;
-  const portPromise = new Promise((resolve) => {
-    resolvePort = resolve;
+  const portPromise = new Promise((resolve2) => {
+    resolvePort = resolve2;
   });
-  const resultPromise = new Promise((resolve, reject) => {
-    resolveResult = resolve;
+  const resultPromise = new Promise((resolve2, reject) => {
+    resolveResult = resolve2;
     rejectResult = reject;
   });
   const server = http.createServer((req, res) => {
@@ -953,7 +1006,6 @@ function buildAuthorizationUrl(baseUrl3, clientId, redirectUri, codeChallenge, s
 import pc4 from "picocolors";
 import ora from "ora";
 import open from "open";
-var CLI_CLIENT_ID = "2veBSofhicRBguUT";
 var baseUrl2 = "https://context7.com";
 function setAuthBaseUrl(url) {
   baseUrl2 = url;
@@ -1029,18 +1081,13 @@ async function performLogin(openBrowser = true) {
 }
 async function loginCommand(options) {
   trackEvent("command", { name: "login" });
-  const existingTokens = loadTokens();
-  if (existingTokens) {
-    const expired = isTokenExpired(existingTokens);
-    if (!expired || existingTokens.refresh_token) {
-      console.log(pc4.yellow("You are already logged in."));
-      console.log(
-        pc4.dim("Run 'ctx7 logout' first if you want to log in with a different account.")
-      );
-      return;
-    }
-    clearTokens();
+  const existingToken = await getValidAccessToken();
+  if (existingToken) {
+    console.log(pc4.yellow("You are already logged in."));
+    console.log(pc4.dim("Run 'ctx7 logout' first if you want to log in with a different account."));
+    return;
   }
+  clearTokens();
   const token = await performLogin(options.browser);
   if (!token) {
     process.exit(1);
@@ -1058,29 +1105,30 @@ function logoutCommand() {
 }
 async function whoamiCommand() {
   trackEvent("command", { name: "whoami" });
-  const tokens = loadTokens();
-  if (!tokens) {
+  const accessToken = await getValidAccessToken();
+  if (!accessToken) {
     console.log(pc4.yellow("Not logged in."));
     console.log(pc4.dim("Run 'ctx7 login' to authenticate."));
     return;
   }
   console.log(pc4.green("Logged in"));
   try {
-    const userInfo = await fetchUserInfo(tokens.access_token);
-    if (userInfo.name) {
-      console.log(`${pc4.dim("Name:".padEnd(9))}${userInfo.name}`);
+    const whoami = await fetchWhoami(accessToken);
+    if (whoami.name) {
+      console.log(`${pc4.dim("Name:".padEnd(13))}${whoami.name}`);
     }
-    if (userInfo.email) {
-      console.log(`${pc4.dim("Email:".padEnd(9))}${userInfo.email}`);
+    if (whoami.email) {
+      console.log(`${pc4.dim("Email:".padEnd(13))}${whoami.email}`);
     }
-  } catch {
-    if (isTokenExpired(tokens) && !tokens.refresh_token) {
-      console.log(pc4.dim("(Session may be expired - run 'ctx7 login' to refresh)"));
+    if (whoami.teamspace) {
+      console.log(`${pc4.dim("Teamspace:".padEnd(13))}${whoami.teamspace.name}`);
     }
+  } catch {
+    console.log(pc4.dim("(Session may be expired - run 'ctx7 login' to refresh)"));
   }
 }
-async function fetchUserInfo(accessToken) {
-  const response = await fetch("https://clerk.context7.com/oauth/userinfo", {
+async function fetchWhoami(accessToken) {
+  const response = await fetch(`${getBaseUrl()}/api/dashboard/whoami`, {
     headers: {
       Authorization: `Bearer ${accessToken}`
     }
@@ -1288,7 +1336,7 @@ async function generateCommand(options) {
   log.blank();
   if (searchResult.searchFilterApplied) {
     log.warn(
-      "Your results only include libraries matching your access settings. To search across all public libraries, update your settings at https://context7.com/dashboard?tab=libraries"
+      "Your results only include libraries matching your teamspace's library filters. To adjust quality thresholds or blocked libraries, update your filters at https://context7.com/dashboard?tab=policies"
     );
     log.blank();
   }
@@ -1513,12 +1561,11 @@ async function generateCommand(options) {
         previewFileWritten = true;
       }
       const editor = process.env.EDITOR || "open";
-      await new Promise((resolve) => {
+      await new Promise((resolve2) => {
         const child = spawn(editor, [previewFile], {
-          stdio: "inherit",
-          shell: true
+          stdio: "inherit"
         });
-        child.on("close", () => resolve());
+        child.on("close", () => resolve2());
       });
     };
     const syncFromPreviewFile = async () => {
@@ -1527,7 +1574,7 @@ async function generateCommand(options) {
       }
     };
     showPreview();
-    await new Promise((resolve) => setTimeout(resolve, 100));
+    await new Promise((resolve2) => setTimeout(resolve2, 100));
     try {
       let action;
       while (true) {
@@ -2386,7 +2433,7 @@ ${headerLine}`,
 import pc8 from "picocolors";
 import ora4 from "ora";
 import { select as select3 } from "@inquirer/prompts";
-import { mkdir as mkdir4, writeFile as writeFile4 } from "fs/promises";
+import { mkdir as mkdir3, readFile as readFile3, writeFile as writeFile3 } from "fs/promises";
 import { dirname as dirname4, join as join9 } from "path";
 import { randomBytes as randomBytes2 } from "crypto";
 
@@ -2397,7 +2444,8 @@ import { homedir as homedir5 } from "os";
 var SETUP_AGENT_NAMES = {
   claude: "Claude Code",
   cursor: "Cursor",
-  opencode: "OpenCode"
+  opencode: "OpenCode",
+  codex: "Codex"
 };
 var AUTH_MODE_LABELS = {
   oauth: "OAuth",
@@ -2418,12 +2466,13 @@ var agents = {
     name: "claude",
     displayName: "Claude Code",
     mcp: {
-      projectPath: ".mcp.json",
-      globalPath: join8(homedir5(), ".claude.json"),
+      projectPaths: [".mcp.json"],
+      globalPaths: [join8(homedir5(), ".claude.json")],
       configKey: "mcpServers",
       buildEntry: (auth) => withHeaders({ type: "http", url: mcpUrl(auth) }, auth)
     },
     rule: {
+      kind: "file",
       dir: (scope) => scope === "global" ? join8(homedir5(), ".claude", "rules") : join8(".claude", "rules"),
       filename: "context7.md"
     },
@@ -2440,12 +2489,13 @@ var agents = {
     name: "cursor",
     displayName: "Cursor",
     mcp: {
-      projectPath: join8(".cursor", "mcp.json"),
-      globalPath: join8(homedir5(), ".cursor", "mcp.json"),
+      projectPaths: [join8(".cursor", "mcp.json")],
+      globalPaths: [join8(homedir5(), ".cursor", "mcp.json")],
       configKey: "mcpServers",
       buildEntry: (auth) => withHeaders({ url: mcpUrl(auth) }, auth)
     },
     rule: {
+      kind: "file",
       dir: (scope) => scope === "global" ? join8(homedir5(), ".cursor", "rules") : join8(".cursor", "rules"),
       filename: "context7.mdc"
     },
@@ -2462,24 +2512,58 @@ var agents = {
     name: "opencode",
     displayName: "OpenCode",
     mcp: {
-      projectPath: ".opencode.json",
-      globalPath: join8(homedir5(), ".config", "opencode", "opencode.json"),
+      projectPaths: ["opencode.json", "opencode.jsonc", ".opencode.json", ".opencode.jsonc"],
+      globalPaths: [
+        join8(homedir5(), ".config", "opencode", "opencode.json"),
+        join8(homedir5(), ".config", "opencode", "opencode.jsonc"),
+        join8(homedir5(), ".config", "opencode", ".opencode.json"),
+        join8(homedir5(), ".config", "opencode", ".opencode.jsonc")
+      ],
       configKey: "mcp",
       buildEntry: (auth) => withHeaders({ type: "remote", url: mcpUrl(auth), enabled: true }, auth)
     },
     rule: {
-      dir: (scope) => scope === "global" ? join8(homedir5(), ".config", "opencode", "rules") : join8(".opencode", "rules"),
-      filename: "context7.md",
-      instructionsGlob: (scope) => scope === "global" ? join8(homedir5(), ".config", "opencode", "rules", "*.md") : ".opencode/rules/*.md"
+      kind: "append",
+      file: (scope) => scope === "global" ? join8(homedir5(), ".config", "opencode", "AGENTS.md") : "AGENTS.md",
+      sectionMarker: "<!-- context7 -->"
     },
     skill: {
       name: "context7-mcp",
       dir: (scope) => scope === "global" ? join8(homedir5(), ".agents", "skills") : join8(".agents", "skills")
     },
     detect: {
-      projectPaths: [".opencode.json"],
+      projectPaths: ["opencode.json", "opencode.jsonc", ".opencode.json", ".opencode.jsonc"],
       globalPaths: [join8(homedir5(), ".config", "opencode")]
     }
+  },
+  codex: {
+    name: "codex",
+    displayName: "Codex",
+    mcp: {
+      projectPaths: [join8(".codex", "config.toml")],
+      globalPaths: [join8(homedir5(), ".codex", "config.toml")],
+      configKey: "mcp_servers",
+      buildEntry: (auth) => {
+        const entry = { type: "http", url: mcpUrl(auth) };
+        if (auth.mode === "api-key" && auth.apiKey) {
+          entry.headers = { CONTEXT7_API_KEY: auth.apiKey };
+        }
+        return entry;
+      }
+    },
+    rule: {
+      kind: "append",
+      file: (scope) => scope === "global" ? join8(homedir5(), ".codex", "AGENTS.md") : "AGENTS.md",
+      sectionMarker: "<!-- context7 -->"
+    },
+    skill: {
+      name: "context7-mcp",
+      dir: (scope) => scope === "global" ? join8(homedir5(), ".agents", "skills") : join8(".agents", "skills")
+    },
+    detect: {
+      projectPaths: [".codex"],
+      globalPaths: [join8(homedir5(), ".codex")]
+    }
   }
 };
 function getAgent(name) {
@@ -2510,58 +2594,58 @@ async function detectAgents(scope) {
 }
 
 // src/setup/templates.ts
-var RULE_CONTENT = `---
-alwaysApply: true
----
+var GITHUB_RAW_URLS = [
+  "https://raw.githubusercontent.com/upstash/context7/master/rules",
+  "https://raw.githubusercontent.com/upstash/context7/main/rules"
+];
+var FALLBACK_MCP = `Use Context7 MCP to fetch current documentation whenever the user asks about a library, framework, SDK, API, CLI tool, or cloud service -- even well-known ones like React, Next.js, Prisma, Express, Tailwind, Django, or Spring Boot. This includes API syntax, configuration, version migration, library-specific debugging, setup instructions, and CLI tool usage. Use even when you think you know the answer -- your training data may not reflect recent changes. Prefer this over web search for library docs.
 
-When working with libraries, frameworks, or APIs \u2014 use Context7 MCP to fetch current documentation instead of relying on training data. This includes setup questions, code generation, API references, and anything involving specific packages.
+Do not use for: refactoring, writing scripts from scratch, debugging business logic, code review, or general programming concepts.
 
 ## Steps
 
-1. Call \`resolve-library-id\` with the library name and the user's question
-2. Pick the best match \u2014 prefer exact names and version-specific IDs when a version is mentioned
-3. Call \`query-docs\` with the selected library ID and the user's question
-4. Answer using the fetched docs \u2014 include code examples and cite the version
+1. \`resolve-library-id\` with the library name and the user's question
+2. Pick the best match by: exact name match, description relevance, code snippet count, source reputation (High/Medium preferred), and benchmark score (higher is better). Use version-specific IDs when the user mentions a version
+3. \`query-docs\` with the selected library ID and the user's full question (not single words)
+4. Answer using the fetched docs
 `;
+var FALLBACK_CLI = `Use the \`ctx7\` CLI to fetch current documentation whenever the user asks about a library, framework, SDK, API, CLI tool, or cloud service -- even well-known ones like React, Next.js, Prisma, Express, Tailwind, Django, or Spring Boot. This includes API syntax, configuration, version migration, library-specific debugging, setup instructions, and CLI tool usage. Use even when you think you know the answer -- your training data may not reflect recent changes. Prefer this over web search for library docs.
 
-// src/setup/mcp-writer.ts
-import { readFile as readFile3, writeFile as writeFile3, mkdir as mkdir3 } from "fs/promises";
-import { dirname as dirname3 } from "path";
-async function readJsonConfig(filePath) {
-  let raw;
-  try {
-    raw = await readFile3(filePath, "utf-8");
-  } catch {
-    return {};
-  }
-  raw = raw.trim();
-  if (!raw) return {};
-  return JSON.parse(raw);
-}
-function mergeServerEntry(existing, configKey, serverName, entry) {
-  const section = existing[configKey] ?? {};
-  if (serverName in section) {
-    return { config: existing, alreadyExists: true };
+Do not use for: refactoring, writing scripts from scratch, debugging business logic, code review, or general programming concepts.
+
+## Steps
+
+1. Resolve library: \`npx ctx7@latest library <name> "<user's question>"\`
+2. Pick the best match by: exact name match, description relevance, code snippet count, source reputation (High/Medium preferred), and benchmark score (higher is better). If results don't look right, try the full name with punctuation (e.g., "next.js" not "nextjs")
+3. Fetch docs: \`npx ctx7@latest docs <libraryId> "<user's question>"\`
+4. Answer using the fetched documentation
+
+You MUST call \`library\` first to get a valid ID (format: \`/org/project\`) unless the user provides one directly. Use the user's full question as the query -- specific and detailed queries return better results than vague single words. Do not run more than 3 commands per question. Do not include sensitive information (API keys, passwords, credentials) in queries.
+
+For version-specific docs, use \`/org/project/version\` from the \`library\` output (e.g., \`/vercel/next.js/v14.3.0\`).
+
+If a command fails with a quota error, inform the user and suggest \`npx ctx7@latest login\` or setting \`CONTEXT7_API_KEY\` env var for higher limits. Do not silently fall back to training data.
+`;
+var CURSOR_FRONTMATTER = `---
+alwaysApply: true
+---
+
+`;
+async function fetchRule(filename, fallback) {
+  for (const base of GITHUB_RAW_URLS) {
+    try {
+      const res = await fetch(`${base}/${filename}`);
+      if (res.ok) return await res.text();
+    } catch {
+      continue;
+    }
   }
-  return {
-    config: {
-      ...existing,
-      [configKey]: {
-        ...section,
-        [serverName]: entry
-      }
-    },
-    alreadyExists: false
-  };
-}
-function mergeInstructions(config, glob) {
-  const instructions = config.instructions ?? [];
-  if (instructions.includes(glob)) return config;
-  return { ...config, instructions: [...instructions, glob] };
+  return fallback;
 }
-async function writeJsonConfig(filePath, config) {
-  await mkdir3(dirname3(filePath), { recursive: true });
-  await writeFile3(filePath, JSON.stringify(config, null, 2) + "\n", "utf-8");
+async function getRuleContent(mode, agent) {
+  const [filename, fallback] = mode === "mcp" ? ["context7-mcp.md", FALLBACK_MCP] : ["context7-cli.md", FALLBACK_CLI];
+  const body = await fetchRule(filename, fallback);
+  return agent === "cursor" ? `${CURSOR_FRONTMATTER}${body}` : body;
 }
 
 // src/commands/setup.ts
@@ -2576,16 +2660,16 @@ function getSelectedAgents(options) {
   if (options.claude) agents2.push("claude");
   if (options.cursor) agents2.push("cursor");
   if (options.opencode) agents2.push("opencode");
+  if (options.codex) agents2.push("codex");
   return agents2;
 }
 function registerSetupCommand(program2) {
-  program2.command("setup").description("Set up Context7 for your AI coding agent").option("--claude", "Set up for Claude Code").option("--cursor", "Set up for Cursor").option("--universal", "Set up for Universal (.agents/skills)").option("--antigravity", "Set up for Antigravity (.agent/skills)").option("--opencode", "Set up for OpenCode").option("--mcp", "Set up MCP server mode").option("--cli", "Set up CLI + Skills mode (no MCP server)").option("-p, --project", "Configure for current project instead of globally").option("-y, --yes", "Skip confirmation prompts").option("--api-key <key>", "Use API key authentication").option("--oauth", "Use OAuth endpoint (IDE handles auth flow)").action(async (options) => {
+  program2.command("setup").description("Set up Context7 for your AI coding agent").option("--claude", "Set up for Claude Code").option("--cursor", "Set up for Cursor").option("--universal", "Set up for Universal (.agents/skills)").option("--antigravity", "Set up for Antigravity (.agent/skills)").option("--opencode", "Set up for OpenCode").option("--codex", "Set up for Codex").option("--mcp", "Set up MCP server mode").option("--cli", "Set up CLI + Skills mode (no MCP server)").option("-p, --project", "Configure for current project instead of globally").option("-y, --yes", "Skip confirmation prompts").option("--api-key <key>", "Use API key authentication").option("--oauth", "Use OAuth endpoint (IDE handles auth flow)").action(async (options) => {
     await setupCommand(options);
   });
 }
 async function authenticateAndGenerateKey() {
-  const existingTokens = loadTokens();
-  const accessToken = existingTokens && !isTokenExpired(existingTokens) ? existingTokens.access_token : await performLogin();
+  const accessToken = await getValidAccessToken() ?? await performLogin();
   if (!accessToken) return null;
   const spinner = ora4("Configuring authentication...").start();
   try {
@@ -2625,15 +2709,15 @@ async function resolveMode(options) {
   return select3({
     message: "How should your agent access Context7?",
     choices: [
-      {
-        name: `CLI + Skills
-    ${pc8.dim("Installs a find-docs skill that guides your agent to fetch up-to-date library docs using ")}${pc8.dim(pc8.bold("ctx7"))}${pc8.dim(" CLI commands")}`,
-        value: "cli"
-      },
       {
         name: `MCP server
     ${pc8.dim("Agent calls Context7 tools via MCP protocol to retrieve up-to-date library docs")}`,
         value: "mcp"
+      },
+      {
+        name: `CLI + Skills
+    ${pc8.dim("Installs a find-docs skill that guides your agent to fetch up-to-date library docs using ")}${pc8.dim(pc8.bold("ctx7"))}${pc8.dim(" CLI commands")}`,
+        value: "cli"
       }
     ],
     theme: {
@@ -2651,8 +2735,8 @@ async function resolveCliAuth(apiKey) {
     log.plain(`${pc8.green("\u2714")} Authenticated`);
     return;
   }
-  const existingTokens = loadTokens();
-  if (existingTokens && !isTokenExpired(existingTokens)) {
+  const validToken = await getValidAccessToken();
+  if (validToken) {
     log.blank();
     log.plain(`${pc8.green("\u2714")} Authenticated`);
     return;
@@ -2661,8 +2745,13 @@ async function resolveCliAuth(apiKey) {
 }
 async function isAlreadyConfigured(agentName, scope) {
   const agent = getAgent(agentName);
-  const mcpPath = scope === "global" ? agent.mcp.globalPath : join9(process.cwd(), agent.mcp.projectPath);
+  const mcpCandidates = scope === "global" ? agent.mcp.globalPaths : agent.mcp.projectPaths.map((p) => join9(process.cwd(), p));
+  const mcpPath = await resolveMcpPath(mcpCandidates);
   try {
+    if (mcpPath.endsWith(".toml")) {
+      const { readTomlServerExists } = await import("./mcp-writer-IYBCUACD.js");
+      return readTomlServerExists(mcpPath, "context7");
+    }
     const existing = await readJsonConfig(mcpPath);
     const section = existing[agent.mcp.configKey] ?? {};
     return "context7" in section;
@@ -2685,7 +2774,7 @@ async function promptAgents(scope, mode) {
     log.info("Context7 is already configured for all detected agents.");
     return null;
   }
-  const message = mode === "cli" ? "Install find-docs skill for which agents?" : "Which agents do you want to set up?";
+  const message = "Which agents do you want to set up?";
   try {
     return await checkboxWithHover(
       {
@@ -2713,38 +2802,79 @@ async function resolveAgents(options, scope, mode = "mcp") {
   }
   return selected;
 }
+async function installRule(agentName, mode, scope) {
+  const agent = getAgent(agentName);
+  const rule = agent.rule;
+  const content = await getRuleContent(mode, agentName);
+  if (rule.kind === "file") {
+    const ruleDir = scope === "global" ? rule.dir("global") : join9(process.cwd(), rule.dir("project"));
+    const rulePath = join9(ruleDir, rule.filename);
+    await mkdir3(dirname4(rulePath), { recursive: true });
+    await writeFile3(rulePath, content, "utf-8");
+    return { status: "installed", path: rulePath };
+  }
+  const filePath = scope === "global" ? rule.file("global") : join9(process.cwd(), rule.file("project"));
+  const escapedMarker = rule.sectionMarker.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+  const section = `${rule.sectionMarker}
+${content}${rule.sectionMarker}`;
+  let existing = "";
+  try {
+    existing = await readFile3(filePath, "utf-8");
+  } catch {
+  }
+  if (existing.includes(rule.sectionMarker)) {
+    const regex = new RegExp(`${escapedMarker}\\n[\\s\\S]*?${escapedMarker}`);
+    const updated = existing.replace(regex, section);
+    await writeFile3(filePath, updated, "utf-8");
+    return { status: "updated", path: filePath };
+  }
+  const separator = existing.length > 0 && !existing.endsWith("\n") ? "\n\n" : existing.length > 0 ? "\n" : "";
+  await mkdir3(dirname4(filePath), { recursive: true });
+  await writeFile3(filePath, existing + separator + section + "\n", "utf-8");
+  return { status: "installed", path: filePath };
+}
 async function setupAgent(agentName, auth, scope) {
   const agent = getAgent(agentName);
-  const mcpPath = scope === "global" ? agent.mcp.globalPath : join9(process.cwd(), agent.mcp.projectPath);
+  const mcpCandidates = scope === "global" ? agent.mcp.globalPaths : agent.mcp.projectPaths.map((p) => join9(process.cwd(), p));
+  const mcpPath = await resolveMcpPath(mcpCandidates);
   let mcpStatus;
   try {
-    const existing = await readJsonConfig(mcpPath);
-    const { config, alreadyExists } = mergeServerEntry(
-      existing,
-      agent.mcp.configKey,
-      "context7",
-      agent.mcp.buildEntry(auth)
-    );
-    if (alreadyExists) {
-      mcpStatus = "already configured";
+    if (mcpPath.endsWith(".toml")) {
+      const { alreadyExists } = await appendTomlServer(
+        mcpPath,
+        "context7",
+        agent.mcp.buildEntry(auth)
+      );
+      mcpStatus = alreadyExists ? "already configured" : `configured with ${AUTH_MODE_LABELS[auth.mode]}`;
     } else {
-      mcpStatus = `configured with ${AUTH_MODE_LABELS[auth.mode]}`;
-    }
-    const finalConfig = agent.rule.instructionsGlob ? mergeInstructions(config, agent.rule.instructionsGlob(scope)) : config;
-    if (finalConfig !== existing) {
-      await writeJsonConfig(mcpPath, finalConfig);
+      const existing = await readJsonConfig(mcpPath);
+      const { config, alreadyExists } = mergeServerEntry(
+        existing,
+        agent.mcp.configKey,
+        "context7",
+        agent.mcp.buildEntry(auth)
+      );
+      if (alreadyExists) {
+        mcpStatus = "already configured";
+      } else {
+        mcpStatus = `configured with ${AUTH_MODE_LABELS[auth.mode]}`;
+      }
+      if (config !== existing) {
+        await writeJsonConfig(mcpPath, config);
+      }
     }
   } catch (err) {
     mcpStatus = `failed: ${err instanceof Error ? err.message : String(err)}`;
   }
-  const rulePath = scope === "global" ? join9(agent.rule.dir("global"), agent.rule.filename) : join9(process.cwd(), agent.rule.dir("project"), agent.rule.filename);
   let ruleStatus;
+  let rulePath;
   try {
-    await mkdir4(dirname4(rulePath), { recursive: true });
-    await writeFile4(rulePath, RULE_CONTENT, "utf-8");
-    ruleStatus = "installed";
+    const result = await installRule(agentName, "mcp", scope);
+    ruleStatus = result.status;
+    rulePath = result.path;
   } catch (err) {
     ruleStatus = `failed: ${err instanceof Error ? err.message : String(err)}`;
+    rulePath = "";
   }
   const skillDir = scope === "global" ? agent.skill.dir("global") : join9(process.cwd(), agent.skill.dir("project"));
   const skillPath = join9(skillDir, agent.skill.name, "SKILL.md");
@@ -2800,13 +2930,34 @@ async function setupMcp(agents2, options, scope) {
   trackEvent("setup", { agents: agents2, scope, authMode: auth.mode });
   trackEvent("install", { skills: ["/upstash/context7/context7-mcp"], ides: agents2 });
 }
+async function setupCliAgent(agentName, scope, downloadData) {
+  const agent = getAgent(agentName);
+  const skillDir = scope === "global" ? agent.skill.dir("global") : join9(process.cwd(), agent.skill.dir("project"));
+  let skillStatus;
+  try {
+    await installSkillFiles("find-docs", downloadData.files, skillDir);
+    skillStatus = "installed";
+  } catch (err) {
+    skillStatus = `failed: ${err instanceof Error ? err.message : String(err)}`;
+  }
+  const skillPath = join9(skillDir, "find-docs");
+  let ruleStatus;
+  let rulePath;
+  try {
+    const result = await installRule(agentName, "cli", scope);
+    ruleStatus = result.status;
+    rulePath = result.path;
+  } catch (err) {
+    ruleStatus = `failed: ${err instanceof Error ? err.message : String(err)}`;
+    rulePath = "";
+  }
+  return { skillPath, skillStatus, rulePath, ruleStatus };
+}
 async function setupCli(options) {
   await resolveCliAuth(options.apiKey);
-  const targets = await promptForInstallTargets({ ...options, global: !options.project }, false);
-  if (!targets) {
-    log.warn("Setup cancelled");
-    return;
-  }
+  const scope = options.project ? "project" : "global";
+  const agents2 = await resolveAgents(options, scope, "cli");
+  if (agents2.length === 0) return;
   log.blank();
   const spinner = ora4("Downloading find-docs skill...").start();
   const downloadData = await downloadSkill("/upstash/context7", "find-docs");
@@ -2815,28 +2966,27 @@ async function setupCli(options) {
     return;
   }
   spinner.succeed("Downloaded find-docs skill");
-  const targetDirs = getTargetDirs(targets);
-  const installSpinner = ora4("Installing find-docs skill...").start();
-  for (const dir of targetDirs) {
-    installSpinner.text = `Installing to ${dir}...`;
-    await installSkillFiles("find-docs", downloadData.files, dir);
+  const installSpinner = ora4("Installing...").start();
+  const results = [];
+  for (const agentName of agents2) {
+    installSpinner.text = `Setting up ${getAgent(agentName).displayName}...`;
+    const r = await setupCliAgent(agentName, scope, downloadData);
+    results.push({ agent: getAgent(agentName).displayName, ...r });
   }
-  installSpinner.stop();
+  installSpinner.succeed("Context7 CLI setup complete");
   log.blank();
-  log.plain(`${pc8.green("\u2714")} Context7 CLI setup complete`);
-  log.blank();
-  for (const dir of targetDirs) {
-    log.itemAdd(
-      `find-docs  ${pc8.dim("Guides your agent to fetch up-to-date library docs on demand using ctx7 CLI commands")}`
-    );
-    log.plain(`    ${pc8.dim(dir)}`);
+  for (const r of results) {
+    log.plain(`  ${pc8.bold(r.agent)}`);
+    const skillIcon = r.skillStatus === "installed" ? pc8.green("+") : pc8.dim("~");
+    log.plain(`    ${skillIcon} Skill ${r.skillStatus}`);
+    log.plain(`      ${pc8.dim(r.skillPath)}`);
+    const ruleIcon = r.ruleStatus === "installed" || r.ruleStatus === "updated" ? pc8.green("+") : pc8.dim("~");
+    log.plain(`    ${ruleIcon} Rule ${r.ruleStatus}`);
+    log.plain(`      ${pc8.dim(r.rulePath)}`);
   }
   log.blank();
-  log.plain(`  ${pc8.bold("Next steps")}`);
-  log.plain(`    Ask your agent: ${pc8.cyan(`"Use ctx7 CLI to look up React hooks"`)}`);
-  log.blank();
   trackEvent("setup", { mode: "cli" });
-  trackEvent("install", { skills: ["/upstash/context7/find-docs"], ides: targets.ides });
+  trackEvent("install", { skills: ["/upstash/context7/find-docs"], ides: agents2 });
 }
 async function setupCommand(options) {
   trackEvent("command", { name: "setup" });
@@ -2925,7 +3075,7 @@ async function resolveCommand(library, query, options) {
   log.blank();
   if (data.searchFilterApplied) {
     log.warn(
-      "Your results only include libraries matching your access settings. To search across all public libraries, update your settings at https://context7.com/dashboard?tab=libraries"
+      "Your results only include libraries matching your teamspace's library filters. To adjust quality thresholds or blocked libraries, update your filters at https://context7.com/dashboard?tab=policies"
     );
     log.blank();
   }