upstash/context7

[email protected] scope: ctx7 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 14h MCP Developer Tools

✓ No known CVEs patched

✓ No known CVEs patched in this version

Topics

llm mcp mcp-server vibe-coding

Affected surfaces

auth

ReleasePort's take

Moderate signal

editorial:auto 13h

The `ctx7 login` command now exclusively uses the device-code flow and no longer supports the localhost-callback path or the `--device` flag.

Why it matters: Affects any scripts or CI pipelines that invoked `ctx7 login --device`; migration is required before upgrading to [email protected].

AI summary

ctx7 login always uses device-code flow and removes the localhost-callback path and --device flag.

Type	Severity	Summary	CVE
Breaking	High	Removes `--device` flag and localhost-callback path for `ctx7 login`. Removes `--device` flag and localhost-callback path for `ctx7 login`. Source: llm_adapter@2026-06-05 Confidence: high	—

Full changelog

ea91d7d: ctx7 login now always uses the device-code flow. The localhost-callback path is removed — every install (laptop, SSH, Codespace, Docker, CI) goes through the same boxed prompt and verification page. Drops the --device flag (it was the opt-in for what's now the default). Older CLI versions (≤ 0.5.0) continue to work against the unchanged auth endpoints, so pinned installs are unaffected.

Removed localhost-callback path for `ctx7 login` and deprecated the `--device` flag (now default behavior).

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track upstash/context7

Get notified when new releases ship.

About upstash/context7

Up-to-date code documentation for LLMs and AI code editors.