github yvgude/lean-ctx v3.8.4
on GitHub

23 hours ago

Fixed

  • ctx_tree/ctx_search/ctx_glob ignored an out-of-scope path and
    scanned the whole project instead (#401)    : when an explicit path (or
    paths) argument pointed outside the project root — or was otherwise
    unresolvable — the dispatcher's PathJail rejection was swallowed and the tools
    silently fell back to the project root, returning the entire repository tree
    for an unrelated path. The resolution error is now surfaced
    (ERROR: path escapes project root: … (root: …)) instead of a misleading
    full-tree result. Non-existent paths inside the project keep their clear
    "does not exist" message.

Added

  • lean-ctx doctor overhead (#572): per-client fixed-cost report — how many
    tokens your editor pays every session for tool schemas, instructions and
    rules files, with duplicate detection across CLAUDE.md/.cursorrules/AGENTS.md.
  • lean-ctx rules dedup [--apply] (#578): finds and removes lean-ctx-owned
    duplicate rule files and stale marked blocks across editors. The
    .cursorrules template is now a pointer to the canonical rules, and the
    compression block is no longer double-injected for Cursor.

Changed

  • Token-efficiency epic, phase 1 (#571) — fixed per-session overhead cut
    from ~13.7K to ~6.0K tokens on a typical setup:
    • Lean default tool surface (#575): setup no longer pins a
      tool_profile; the default surface is 13 lazy-core tools instead of 61.
      lean-ctx tools lean/reset manage it explicitly.
    • Schema diet (#576): core tool descriptions and schemas trimmed
      3031→1935 tokens (−36%); large action enums folded into pipe-delimited
      descriptions; a budget regression test keeps it from creeping back.
    • Instructions cap (#579): the static instruction skeleton stays ≤400
      tokens (Off/Compact CRP) / ≤500 (TDD); the decoder block is mode-aware and
      canonical rule blocks were condensed.
    • Honest metrics (#573): dashboard, footer and ledger report observed
      tokens only — the modeled 2.5× grep baseline moves to the estimated
      series; ctx_cost splits cached vs uncached input at cache-read pricing;
      the benchmark measures the real CCP resume payload.
    • Self-describing outputs (#580): plain notation uses real language
      keywords (struct/trait/pub), and TDD symbol outputs carry a minimal
      inline legend (≤15 tokens) so agents never guess the notation.
  • Codex hook: native rewrite instead of block-and-retry (#399, community
    contribution)    : on Codex ≥ 0.20 the PreToolUse hook now returns
    updatedInput to rewrite shell commands through lean-ctx in place — no more
    deny + model-retry round-trip per command.

Security

  • Bumped the postgres crate family past three fresh RUSTSEC advisories
    (unbounded SCRAM iteration DoS, hstore/DataRow decode panics) — found by
    cargo-deny the moment they were published; lean-ctx never exposed the
    vulnerable paths to untrusted servers (#399).

Fixed

  • lean-ctx overview flooded the terminal with thousands of node_modules
    entries on projects without a top-level .git (#400)    : the ignore crate
    only applies .gitignore files inside git repositories — in a monorepo
    whose subprojects carry their own .gitignore but whose root is not a git
    repo, every scanner walked node_modules wholesale (74k+ files in the
    report). Two-part fix, applied to all 15 directory walkers (graph/BM25/
    trigram index builders, ctx_impact, ctx_search/ctx_tree/ctx_glob,
    CLI scans): a shared walk_filter now prunes unambiguous vendor dirs
    (node_modules, __pycache__, bower_components, virtualenvs with a
    pyvenv.cfg) regardless of git state, and require_git(false) makes
    .gitignore files effective without a .git directory. Explicit roots
    stay reachable (ctx_tree node_modules/react works), and
    respect_gitignore=false remains the escape hatch for searching inside
    vendor dirs.
  • macOS privacy prompts ("lean-ctx would like to access …") fired repeatedly
    while the MCP server was running (#356 follow-up)    : editors spawn the
    user-level MCP server with cwd == $HOME. A ctx_search/ctx_tree/
    ctx_glob call whose path fell back to "." then walked the entire
    home directory     — every stat under ~/Library, ~/Desktop, ~/Pictures
    trips a TCC prompt (Calendar/Reminders/AddressBook/Photos), and the walk
    burned 10–20 s per call. The index builders already refused broad roots;
    the direct walk fallbacks did not. All three walk tools now share that same
    root policy (new walk_guard): relative paths are absolutized against the
    process cwd first — so lean-ctx grep/ls inside a real project keep
    working — and broad or privacy-protected roots ($HOME, /, ~/Library,
    TCC dirs without project markers) return an actionable error telling the
    agent to pass an explicit project path instead of silently scanning.
  • ctx_impact reported C# classes as leaf nodes when consumers had no
    using directive (#398)    : C# resolves types in the same namespace without
    any import, and DI-style code never news its dependencies — so a class
    consumed only as a type (constructor parameter, field, property, base
    class, generic argument) produced zero graph edges and a false-negative
    "no files depend on X". The property-graph builder now extracts type
    usages     from the AST (fields, parameters, returns, base lists, generics,
    casts, typeof) for C# and Java — the two supported languages with implicit
    same-namespace/package visibility — and links consumer files to defining
    files with type_ref edges, which impact_analysis already traverses.
    Names defined in more than 3 files are skipped as too generic to attribute.
  • Same root cause, second symptom: classes consumed only as a type were
    flagged by the dead_code smell — its SQL already exempted type_ref
    targets, but nothing ever created those edges. The builder now also emits
    symbol-level type_ref edges, so DI-consumed classes no longer show up as
    dead code while genuinely unreferenced ones still do.
  • Both property-graph builder paths (default and minimal) now share one
    analysis pass and definition index, so the fix applies regardless of build
    features.

Upgrade

lean-ctx update                 # recommended (auto-downloads + refreshes shell hooks)
cargo install lean-ctx          # or
npm update -g lean-ctx-bin      # or
brew upgrade lean-ctx

Note: After upgrading via cargo/npm/brew, run lean-ctx setup to refresh shell aliases. lean-ctx update does this automatically.

Full Changelog: v3.8.4...v3.8.4

Check out latest releases or
releases around yvgude/lean-ctx v3.8.4

Don't miss a new lean-ctx release

NewReleases is sending notifications on new releases.

Get notifications