githits 0.4.2 → 0.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -6,7 +6,7 @@
6
6
  },
7
7
  "metadata": {
8
8
  "description": "GitHits plugins for Claude Code - code examples from global open source",
9
- "version": "0.4.2"
9
+ "version": "0.4.4"
10
10
  },
11
11
  "plugins": [
12
12
  {
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "githits",
3
- "version": "0.4.2",
3
+ "version": "0.4.4",
4
4
  "description": "Code examples from global open source for developers and AI assistants",
5
5
  "author": {
6
6
  "name": "GitHits"
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "githits",
3
- "version": "0.4.2",
3
+ "version": "0.4.4",
4
4
  "description": "Code examples from global open source for developers and AI assistants",
5
5
  "author": {
6
6
  "name": "GitHits"
package/README.md CHANGED
@@ -106,10 +106,10 @@ GitHits also exposes indexed package/source tools:
106
106
  | `search_status` | Follow up a prior indexed `search` by `searchRef` |
107
107
  | `docs_list` | Browse mixed package documentation pages |
108
108
  | `docs_read` | Read a documentation page by page ID |
109
- | `pkg_info` | Quick package overview: version, license, downloads, quickstart, advisories |
110
- | `pkg_vulns` | CVE / OSV advisories for a package or specific version |
109
+ | `pkg_info` | Quick package triage: version, license, repository popularity, downloads, vulnerabilities |
110
+ | `pkg_vulns` | CVE / OSV advisories for a package or specific version, with filter echo and compact/verbose modes |
111
111
  | `pkg_deps` | Direct dependencies, dependency groups, and optional transitive graph |
112
- | `pkg_changelog` | Release notes / changelog entries for a package or GitHub repo |
112
+ | `pkg_changelog` | Release notes / changelog entries for a package or GitHub repo, with compact timeline and body-preview controls |
113
113
  | `code_files` | Discover what files a dependency or repo contains |
114
114
  | `code_read` | Read a dependency file by path |
115
115
  | `code_grep` | Deterministic text grep across indexed dependency or repo files |
@@ -132,7 +132,7 @@ GitHits requires authentication. There are two options:
132
132
  npx githits login
133
133
  ```
134
134
 
135
- Opens your browser for secure OAuth authentication. Tokens are stored in the system keychain by default and refreshed automatically on next use. If a refresh fails (e.g., after an extended idle period), run `githits login` again.
135
+ Opens your browser for secure OAuth authentication. Tokens are stored in the system keychain by default and refreshed automatically on next use. If a refresh fails (for example, after an extended idle period), run `githits login` again.
136
136
 
137
137
  Useful flags:
138
138
 
@@ -148,30 +148,54 @@ For CI or environments where browser login isn't practical, set an environment v
148
148
  export GITHITS_API_TOKEN=ghi-your-token-here
149
149
  ```
150
150
 
151
- For machines without a usable keychain, OAuth file storage must be explicit:
151
+ ### Keychain Prompts and File Storage
152
+
153
+ GitHits uses the system keychain by default because OAuth credentials include a refresh token. On macOS this means Keychain Access; on Windows it means Credential Manager; on Linux it means the available Secret Service or keyring backend.
154
+
155
+ If macOS shows a prompt such as "githits wants to access ... in your keychain", choose **Always Allow** when you trust the installed `githits` CLI. GitHits cannot customize that operating-system prompt with extra explanation; it is generated by macOS.
156
+
157
+ GitHits also writes a small non-secret metadata file so recent startup checks do not need to read the keychain. The keychain is only read when GitHits actually needs the token, for example during a tool call, token refresh, `githits auth status`, or a login check after metadata is stale or expired.
158
+
159
+ If your agent keeps showing keychain prompts even after **Always Allow**, switch OAuth storage to file mode:
152
160
 
153
161
  ```toml
154
- # ~/.config/githits/config.toml on Linux
162
+ # macOS/Linux: ~/.config/githits/config.toml, or $XDG_CONFIG_HOME/githits/config.toml
163
+ # Windows: %APPDATA%\githits\config.toml
155
164
  [auth]
156
165
  storage = "file"
157
166
  ```
158
167
 
159
- File storage is plaintext on disk. Prefer `GITHITS_API_TOKEN` for CI and automation.
168
+ The config directory may be empty until you create `config.toml` or GitHits writes auth metadata. Older macOS installs may have used `~/Library/Application Support/githits`; GitHits still reads that location for migration, but new auth config and file storage use `~/.config/githits`.
169
+
170
+ You can also opt in for one process:
171
+
172
+ ```sh
173
+ GITHITS_AUTH_STORAGE=file githits login --force
174
+ ```
175
+
176
+ File mode stores OAuth credentials as JSON files under the GitHits config directory. The files are written with private permissions where the platform supports it, but they are not encrypted. Any process that can read files as your operating-system user may be able to read the tokens.
160
177
 
161
- You can also opt in for one process with `GITHITS_AUTH_STORAGE=file`. Use file storage only on machines where local file access is trusted.
178
+ Use file mode only on machines where you trust local user-account access. For CI and automation, prefer `GITHITS_API_TOKEN` instead of browser OAuth.
179
+
180
+ To inspect the current auth setup, run:
181
+
182
+ ```sh
183
+ githits auth status
184
+ ```
162
185
 
163
186
  ## Commands
164
187
 
165
188
  ```
166
- githits init Authenticate and configure your coding tools with GitHits MCP
167
- githits login Authenticate with your GitHits account (also runs as part of init)
168
- githits logout Remove stored credentials
169
- githits mcp Show setup instructions in a terminal; starts MCP server when piped
170
- githits mcp start Always start MCP server (for use in MCP config files)
171
- githits auth status Show current authentication status
172
- githits example Get canonical code examples from global open source
173
- githits languages List or filter supported language names
174
- githits feedback Send feedback on a returned example
189
+ githits init Authenticate and configure your coding tools with GitHits MCP
190
+ githits init uninstall Remove GitHits MCP configuration from your coding tools
191
+ githits login Authenticate with your GitHits account (also runs as part of init)
192
+ githits logout Remove stored credentials
193
+ githits mcp Show setup instructions in a terminal; starts MCP server when piped
194
+ githits mcp start Always start MCP server (for use in MCP config files)
195
+ githits auth status Show current authentication status
196
+ githits example Get canonical code examples from global open source
197
+ githits languages List or filter supported language names
198
+ githits feedback Send feedback on a returned example
175
199
  ```
176
200
 
177
201
  These indexed package/source commands are also available:
@@ -223,6 +247,8 @@ A typical MCP config looks like this (check your tool's docs for exact schema/ke
223
247
 
224
248
  If you'd like another tool to be included in `githits init` for auto-configuration, open an issue or PR.
225
249
 
250
+ To undo automatic setup, run `githits init uninstall`. It removes only GitHits MCP/plugin configuration and preserves stored credentials; use `githits logout` separately to remove credentials.
251
+
226
252
  ## Development
227
253
 
228
254
  ```sh