Updated the jose library from version 6.1.3 to 6.2.3.
context7
OAuth request failures now report the underlying network error with a hint (TLS interception, DNS, firewall, timeout), and non-JSON error responses show the HTTP status and a body excerpt.
The query-docs query description now clarifies that callers should make a separate query per concept when a question spans multiple distinct topics, unless the question is about how the concepts interact. This guidance is applied consistently across the MCP server, CLI, pi, and AI SDK tools to avoid diluted, shallow results.
Client IP extraction from X-Forwarded-For now skips loopback (127.0.0.0/8, ::1), link-local (169.254.0.0/16, fe80::/10), CGNAT (100.64.0.0/10), and IPv6 unique-local (fc00::/7) addresses to prevent proxy-internal hops from polluting the reported client IP. Also clarified query-docs guidance to request single concepts per query, improving result quality when questions span multiple topics.
The query-docs query description has been clarified to request a single concept per query, instructing callers to make separate queries per concept when a question spans multiple distinct topics, unless the question concerns how the concepts interact. This change is applied consistently across the MCP server, CLI, and AI SDK tools.
The query-docs query description now clarifies that callers should make a separate query per concept when a question spans multiple distinct topics, unless the question is about how the concepts interact. This guidance is applied consistently across the MCP server, CLI, pi, and AI SDK tools to avoid diluted results.
Enterprise-Managed Auth (id-jag) access tokens are now validated at the MCP server, enabling MCP clients to authenticate to Context7 through an enterprise IdP such as Okta.
GitHub API failures during ctx7 setup now show the HTTP status and error body (e.g. "HTTP 403: API rate limit exceeded") instead of the opaque "GitHub API error". A 403/429 hint suggests gh auth login or setting GITHUB_TOKEN.
Restored Node 18 support by pinning undici to ^6.26.0 and commander to ^13.1.0, resolving a "File is not defined" crash on startup.
The MCP server now fires an elicitation/create request instead of appending instructions into the tool result when an anonymous client crosses the per-IP threshold. This presents a client-rendered dialog with sign-in options, bypassing trust issues with model-visible text. Dependencies have also been updated.
Context7 library IDs mangled by Git Bash on Windows are now recovered, allowing commands like ctx7 docs to accept arguments like /owner/repo. CLI files are now stored in XDG Base Directory locations instead of ~/.context7, with automatic migration of existing files. Runtime dependencies commander and ora were also updated.
Avoids throwing a raw SyntaxError when the server returns a non-JSON error body. HttpClient.request() now wraps the error-path res.json() in a .catch, so non-JSON responses fall back to res.statusText and always surface as a typed Context7Error.

