# Pitfall Log Project: upstash/context7 Summary: Found 32 structured pitfall item(s), including 1 high/blocking item(s). Top priority: Security or permission risk - Security or permission risk requires verification. ## 1. Security or permission risk - Security or permission risk requires verification - Severity: high - Evidence strength: source_linked - Finding: Developers should check this security_permissions risk before relying on the project: [Bug]: OAuth metadata issuer mismatch for MCP OAuth endpoint - User impact: Developers may expose sensitive permissions or credentials: [Bug]: OAuth metadata issuer mismatch for MCP OAuth endpoint - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [Bug]: OAuth metadata issuer mismatch for MCP OAuth endpoint. Context: Source discussion did not expose a precise runtime context. - Guardrail: Do not recommend enabling privileged or credential-bearing paths until the source-backed risk is reviewed: https://github.com/upstash/context7/issues/2723 - Evidence: failure_mode_cluster:github_issue | fmev_95c37b5d4ec8d5ee4507509dad3c2a1f | https://github.com/upstash/context7/issues/2723 ## 2. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: @upstash/context7-pi@0.1.0 - User impact: Upgrade or migration may change expected behavior: @upstash/context7-pi@0.1.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: @upstash/context7-pi@0.1.0. Context: Observed when using node - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_46f371ada1fbace84d952510823b7f4b | https://github.com/upstash/context7/releases/tag/%40upstash/context7-pi%400.1.0 ## 3. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: Add tool to search by npm package name to skip the initial docs index search, makes MCP server faster - User impact: Developers may fail before the first successful local run: Add tool to search by npm package name to skip the initial docs index search, makes MCP server faster - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Add tool to search by npm package name to skip the initial docs index search, makes MCP server faster. Context: Observed when using node - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_97f541b9c1bdf6a270413d479cb65002 | https://github.com/upstash/context7/issues/230 ## 4. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: [Feature Request] Local docs sync and numerous dx improvements - User impact: Developers may fail before the first successful local run: [Feature Request] Local docs sync and numerous dx improvements - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [Feature Request] Local docs sync and numerous dx improvements. Context: Observed during installation or first-run setup. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_33ab52cf164db9dced1235e8c17026f6 | https://github.com/upstash/context7/issues/103 ## 5. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: ctx7 setup --cli: downloadSkillFromGitHub missing Authorization header causes 403 - User impact: Developers may fail before the first successful local run: ctx7 setup --cli: downloadSkillFromGitHub missing Authorization header causes 403 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: ctx7 setup --cli: downloadSkillFromGitHub missing Authorization header causes 403. Context: Observed when using macos - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_f983d67f6d5644dbb372458c86f98034 | https://github.com/upstash/context7/issues/2363 ## 6. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: ctx7@0.4.5 - User impact: Upgrade or migration may change expected behavior: ctx7@0.4.5 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: ctx7@0.4.5. Context: Observed during installation or first-run setup. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_9786b7981f1e51c97bd00ed6170af655 | https://github.com/upstash/context7/releases/tag/ctx7%400.4.5 ## 7. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this installation risk before relying on the project: ctx7@0.5.1 - User impact: Upgrade or migration may change expected behavior: ctx7@0.5.1 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: ctx7@0.5.1. Context: Observed when using docker - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_5ee21e73150b416333eaa911b8e0c948 | https://github.com/upstash/context7/releases/tag/ctx7%400.5.1 ## 8. Installation risk - Installation risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a installation risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_37c5d19255fa423199c3f5f0b317c9b1 | https://github.com/upstash/context7/issues/230 ## 9. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: @upstash/context7-mcp@3.1.0 - User impact: Upgrade or migration may change expected behavior: @upstash/context7-mcp@3.1.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: @upstash/context7-mcp@3.1.0. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_554228c877dad4ddb42a45c3dcf8b001 | https://github.com/upstash/context7/releases/tag/%40upstash/context7-mcp%403.1.0 ## 10. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: Feature Request: Support multiple product docs in one repo - User impact: Developers may misconfigure credentials, environment, or host setup: Feature Request: Support multiple product docs in one repo - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Feature Request: Support multiple product docs in one repo. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_752d9c6ad1111e7576eb2b756e09be9a | https://github.com/upstash/context7/issues/328 ## 11. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: [Bug]: ctx7 setup on a remote server fails login - User impact: Developers may misconfigure credentials, environment, or host setup: [Bug]: ctx7 setup on a remote server fails login - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: [Bug]: ctx7 setup on a remote server fails login. Context: Observed when using node - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_8bd9c73c4b097b45bbb9bf50dec280be | https://github.com/upstash/context7/issues/2693 ## 12. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this configuration risk before relying on the project: ctx7@0.5.0 - User impact: Upgrade or migration may change expected behavior: ctx7@0.5.0 - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: ctx7@0.5.0. Context: Observed when using docker, linux - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_release | fmev_3704dcb3c12460ca1521e1f999dbba13 | https://github.com/upstash/context7/releases/tag/ctx7%400.5.0 ## 13. Configuration risk - Configuration risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a configuration risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_cd9ab6da5e00494a9a33cf8d052f6d7a | https://github.com/upstash/context7/issues/1985 ## 14. Capability evidence risk - Capability evidence risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a capability evidence risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_494a211c781b4e46bd85dfd878df3b67 | https://github.com/upstash/context7/issues/2404 ## 15. Capability evidence risk - Capability evidence risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a capability evidence risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_dab36bccef7b4502a4745abf500ebff4 | https://github.com/upstash/context7/issues/2402 ## 16. Capability evidence risk - Capability evidence risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: README/documentation is current enough for a first validation pass. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: capability.assumptions | npm_package:@upstash/context7-mcp | https://www.npmjs.com/package/@upstash/context7-mcp ## 17. Maintenance risk - Maintenance risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this migration risk before relying on the project: Library Report: /powershell/powershell - Missing or incorrect documentation. - User impact: Developers may hit a documented source-backed failure mode: Library Report: /powershell/powershell - Missing or incorrect documentation. - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Library Report: /powershell/powershell - Missing or incorrect documentation.. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_759d8757fcc775ebd5f7d6875422b1d5 | https://github.com/upstash/context7/issues/2726 ## 18. Maintenance risk - Maintenance risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Developers should check this migration risk before relying on the project: Library Report: /websites/help_obsidian_md - Missing or incorrect documentation. - User impact: Developers may hit a documented source-backed failure mode: Library Report: /websites/help_obsidian_md - Missing or incorrect documentation. - Suggested check: Before packaging this project, run the relevant install/config/quickstart check for: Library Report: /websites/help_obsidian_md - Missing or incorrect documentation.. Context: Source discussion did not expose a precise runtime context. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_56d642ac71adc3db99b0e8219c5627dd | https://github.com/upstash/context7/issues/2402 ## 19. Maintenance risk - Maintenance risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a maintenance risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: evidence.maintainer_signals | npm_package:@upstash/context7-mcp | https://www.npmjs.com/package/@upstash/context7-mcp ## 20. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: no_demo - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: downstream_validation.risk_items | npm_package:@upstash/context7-mcp | https://www.npmjs.com/package/@upstash/context7-mcp ## 21. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: no_demo - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: risks.scoring_risks | npm_package:@upstash/context7-mcp | https://www.npmjs.com/package/@upstash/context7-mcp ## 22. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_6de89e27738047e3ad152cc882c33ad5 | https://github.com/upstash/context7/issues/2726 ## 23. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_bb840f4b2bcc4021a2526d3871340a11 | https://github.com/upstash/context7/issues/2722 ## 24. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_207c6f65d2774bedb18a4e4f90ee5fb7 | https://github.com/upstash/context7/issues/2723 ## 25. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_38b83de6a9e04a10bebd94d4701fd482 | https://github.com/upstash/context7/issues/2693 ## 26. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_b2aa60378ae44af3b2c8d52a110979a3 | https://github.com/upstash/context7/issues/103 ## 27. Security or permission risk - Security or permission risk requires verification - Severity: medium - Evidence strength: source_linked - Finding: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow. - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: community_evidence:github | cevd_1b962697d290411b87ecb6d82ea39cd9 | https://github.com/upstash/context7/issues/2363 ## 28. Capability evidence risk - Capability evidence risk requires verification - Severity: low - Evidence strength: source_linked - Finding: Developers should check this conceptual risk before relying on the project: Library Report: /websites/antigravity_google_home - Missing or incorrect documentation. - User impact: Developers may hit a documented source-backed failure mode: Library Report: /websites/antigravity_google_home - Missing or incorrect documentation. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_c1062ab49b374733cfc7061d8f78fee3 | https://github.com/upstash/context7/issues/2404 ## 29. Capability evidence risk - Capability evidence risk requires verification - Severity: low - Evidence strength: source_linked - Finding: Developers should check this conceptual risk before relying on the project: Library Report: /websites/openwrt - Missing or incorrect documentation. - User impact: Developers may hit a documented source-backed failure mode: Library Report: /websites/openwrt - Missing or incorrect documentation. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_3f88adbf07c59ef83b3d01a58bd1d4ab | https://github.com/upstash/context7/issues/1985 ## 30. Capability evidence risk - Capability evidence risk requires verification - Severity: low - Evidence strength: source_linked - Finding: Developers should check this conceptual risk before relying on the project: [Feature]: Multiple sources under a single repo - User impact: Developers may hit a documented source-backed failure mode: [Feature]: Multiple sources under a single repo - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Guardrail: State this as source-backed community evidence, not as Doramagic reproduction. - Evidence: failure_mode_cluster:github_issue | fmev_03102ea5cdc3f3e223d11b3e190a442a | https://github.com/upstash/context7/issues/2725 ## 31. Maintenance risk - Maintenance risk requires verification - Severity: low - Evidence strength: source_linked - Finding: issue_or_pr_quality=unknown。 - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: evidence.maintainer_signals | npm_package:@upstash/context7-mcp | https://www.npmjs.com/package/@upstash/context7-mcp ## 32. Maintenance risk - Maintenance risk requires verification - Severity: low - Evidence strength: source_linked - Finding: release_recency=unknown。 - User impact: May increase setup, validation, or first-run risk for the user. - Suggested check: Reproduce the official install and quickstart path in an isolated environment. - Evidence: evidence.maintainer_signals | npm_package:@upstash/context7-mcp | https://www.npmjs.com/package/@upstash/context7-mcp