[KLC-2132] Add installer script and landing page#1
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds a static landing page, repo metadata and policies, CI and deploy workflows, and a comprehensive Bash installer that detects platform/arch, resolves versions from CDN with fallbacks, installs Rust/tooling/VM libs, configures PATH and MCP settings, and reports a final install summary. Changes
Estimated code review effort🎯 4 (Complex) | ⏱️ ~45 minutes Warning Review ran into problems🔥 ProblemsErrors were encountered while retrieving linked issues. Errors (1)
Comment |
There was a problem hiding this comment.
Pull request overview
Adds a public-facing installer endpoint (install.sh) and a simple static landing page (index.html) intended to power install.klever.org, plus repo scaffolding for GitHub Pages.
Changes:
- Introduces a non-interactive Bash installer that installs Rust tooling, Klever SDK binaries, and optional WASM tooling.
- Adds a static landing page with install instructions and a copy-to-clipboard helper.
- Adds repository README and
.nojekyllfor GitHub Pages hosting.
Reviewed changes
Copilot reviewed 3 out of 4 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| install.sh | New Bash installer that detects platform, installs dependencies, downloads Klever binaries/VM lib, and configures PATH. |
| index.html | New static landing page with install command + copy button and basic sections. |
| README.md | Project documentation describing install command, components, config, and hosting. |
| .nojekyll | Disables Jekyll processing for GitHub Pages. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@install.sh`:
- Around line 405-455: The setup_path function is re-prepending SDK_PATH and
appending duplicate profile entries on every run; update it to be idempotent by
(1) checking the exact export line (path_line) in the current PATH and profile
before modifying anything, (2) avoiding export PATH="${SDK_PATH}:$PATH" if
SDK_PATH is already present in PATH, and (3) only appending path_line to profile
when grep confirms the exact line is missing; use the existing
variables/function names (setup_path, SDK_PATH, PATH, profile, path_line,
RESULT_PATH) to implement these checks and update RESULT_PATH accordingly so
repeated runs do not change PATH or duplicate profile entries.
- Around line 129-151: The mktemp call in fetch_versions fails on macOS; replace
the bare mktemp usage so temp is created portably (e.g., use mktemp
"${TMPDIR:-/tmp}/klever-sdk.XXXXXX" 2>/dev/null and if that fails, fall back to
creating a temp file with mktemp -t klever-sdk or using a manual fallback like
creating a file via printf and mktemp alternatives), ensure the resulting temp
path is assigned to the local temp variable before use and still removed with rm
-f "$temp" at the end; update the fetch_versions function to try the portable
mktemp pattern first and only fall back if that fails so version fetching works
on macOS and Linux.
- Around line 155-212: The install_rust() function currently uses a hardcoded
curl pipe to run the rustup installer which fails on wget-only systems; replace
that curl invocation with the existing download() helper: use download() to
fetch the rustup installer (either stream to sh or save to a temp file and
execute with sh -s -- -y --default-toolchain stable), keep the same installer
arguments, preserve export PATH="$HOME/.cargo/bin:$PATH" on successful install,
and ensure error handling still sets RESULT_RUST, RESULT_WASM_TARGET and
HAS_ERRORS as before; update the rustup-install step in install_rust() to call
download() instead of curl so both curl and wget environments are supported.
In `@README.md`:
- Around line 37-41: Update the README example to use a user-writable default
path instead of /opt to match the no-root guarantee: change the KLEVER_SDK_PATH
example (the line setting KLEVER_SDK_PATH before invoking the installer) to a
location under the user's home (for example $HOME/.local/share/klever or
${XDG_DATA_HOME:-$HOME/.local/share}/klever or ~/.klever) so the installer
remains idempotent, non-interactive, and does not require root permissions.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@install.sh`:
- Around line 109-112: The script has many inline local assignments (e.g., in
the download function: local url="$1" and local output="$2") which violate
SC2155; for each such occurrence (start by locating the download function and
then search for other inline local=... patterns), change them to separate
declaration and assignment statements (for example: local url; url="$1" and
local output; output="$2"), and apply the same refactor for every inline local
assignment found (variables like url, output, and any other local VAR="$N") so
no local declaration contains an assignment.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 12 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Actionable comments posted: 5
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/PULL_REQUEST_TEMPLATE.md:
- Line 1: The first line uses a level-2 heading "## Summary" which triggers
MD041; change that first-line heading to a top-level H1 by replacing "##
Summary" with "# Summary" so the document begins with an H1 as required (update
the heading text in the file where the string "## Summary" appears).
In `@install.sh`:
- Around line 547-559: Remove the interactive prompt block that reads from
/dev/tty; instead gate installation on an explicit opt-in environment variable
(e.g. KLEVER_INSTALL_VSCODE_EXT or INSTALL_VSCODE_EXT). Replace the prompt logic
with a non-interactive check that treats common truthy values
("1","y","yes","true") as consent and otherwise skips; when consent is given run
the extension install command (code --install-extension
Klever-org.vscode-kvm-ide) and set RESULT_VSCODE_EXT to "installed" or "skipped
(user declined)" accordingly. Ensure no reads from /dev/tty remain and that the
behavior is safe when piped via curl | bash.
- Line 550: The printf call currently uses variable content directly in the
format string (printf "${BLUE}::${NC} Install Klever KVM IDE extension for VS
Code? [Y/n] "), which triggers SC2059; change it to use a fixed format and pass
the message as an argument — replace that call with printf "%s" "${BLUE}::${NC}
Install Klever KVM IDE extension for VS Code? [Y/n] " so the format string is
constant and the colored prompt is an argument.
- Around line 645-648: The profile variable is being set with quoted tildes
(e.g., profile="~/.bashrc") so the tilde won't expand; update the case branch
that assigns profile (the profile variable inside the shell_name case block
handling zsh, fish, default) to use $HOME (e.g., $HOME/.bashrc, $HOME/.zshrc,
$HOME/.config/fish/config.fish) so subsequent operations on profile (file
existence check, mkdir, append) operate on the real home path; ensure the $HOME
variables are unquoted or properly quoted to allow expansion where needed.
In `@README.md`:
- Around line 69-78: Replace the macOS-only "open index.html" step in README.md
with cross-platform alternatives: mention "xdg-open index.html" for Linux and
"start index.html" for Windows (PowerShell/CMD), or provide a single
cross-platform option like "python -m http.server" (or "python3 -m http.server")
to serve and preview the landing page; update the README.md step to list these
alternatives alongside the original "open index.html" so users on any OS can
follow the instruction.
---
Duplicate comments:
In `@install.sh`:
- Around line 604-607: Split the combined declaration+assignment of the local
array "candidates" into two steps to satisfy SC2155: first declare the variable
with "local candidates" and then assign the array with "candidates=(...)" for
both branches (the branch with "$HOME/.bash_profile" first and the branch with
"$HOME/.bashrc" first); update the two blocks that currently use "local
candidates=(...)" to follow this pattern.
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@index.html`:
- Around line 30-32: The global CSS forces smooth scrolling via the html {
scroll-behavior: smooth; } rule which ignores users' reduced‑motion preferences;
add a prefers‑reduced‑motion media query to override that rule (e.g. `@media`
(prefers-reduced-motion: reduce) { html { scroll-behavior: auto; } }) so the
html selector's scroll-behavior respects the user's accessibility setting.
- Around line 438-450: The fallbackCopy function currently always calls
showCopied(btn) even if copy fails and doesn't account for iOS/legacy quirks;
update fallbackCopy to create a hidden, readonly textarea, move it off-screen,
call textarea.select() and for iOS call textarea.setSelectionRange(0, 99999),
wrap document.execCommand('copy') in try/catch and use its boolean return (or
catch failure) to decide whether to call showCopied(btn), restore previous
selection/focus (save document.activeElement and re-focus it), and always remove
the textarea in finally so the button reports success only when execCommand
returns true; reference function name fallbackCopy and success callback
showCopied to locate where to change.
---
Duplicate comments:
In `@install.sh`:
- Around line 547-559: Remove the interactive VS Code prompt that reads from
/dev/tty and gate the extension install behind an explicit opt-in environment
variable (e.g., INSTALL_VSCODE_EXT or KLEVER_INSTALL_VSCODE_EXT); replace the
read/case block (the read -r answer / case "$answer" in ... RESULT_VSCODE_EXT
assignment) with a non-interactive check that if the env var equals "1" or "yes"
then proceed to run code --install-extension Klever-org.vscode-kvm-ide and set
RESULT_VSCODE_EXT="installed", otherwise set RESULT_VSCODE_EXT="skipped (env var
not set)" and return 0 — do not perform any /dev/tty reads so the script remains
idempotent and safe for piped installs.
- Around line 604-606: The local array variable candidates is declared and
assigned inline which triggers SC2155; change both branches to first declare the
variable (local candidates) and then assign the array to it on the next line
(candidates=(...)) so the if branch uses: local candidates then
candidates=("$HOME/.bash_profile" "$HOME/.bashrc" "$HOME/.profile") and the else
branch uses: local candidates then candidates=("$HOME/.bashrc"
"$HOME/.bash_profile" "$HOME/.profile"); keep the existing quoting and array
syntax intact.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/PULL_REQUEST_TEMPLATE.md:
- Line 7: Remove or replace the bare list item "-" in
.github/PULL_REQUEST_TEMPLATE.md (the empty list marker) so the markdown is
valid; either add placeholder text after the dash (e.g., "- Describe
changes...") or delete the line entirely to avoid a malformed list in the
template.
---
Duplicate comments:
In `@install.sh`:
- Around line 613-616: The inline array initializations using local
candidates=(...) should be split to satisfy SC2155 rules: declare the local
variable first (e.g., local candidates or declare -a candidates) and then assign
the array elements in a separate statement; apply this change to both
occurrences inside the if and else branches where the variable candidates is set
so the declaration and the assignment are two distinct steps.
- Around line 551-568: The current interactive prompt using /dev/tty and read
(variables: answer, RESULT_VSCODE_EXT) must be replaced by a non-interactive
opt-in check: remove the prompt block and instead detect an explicit environment
flag (e.g., INSTALL_VSCODE_EXT or INSTALL_VSCODE_EXT=true/1) to trigger
installation; if the flag is set, run the extension install and set
RESULT_VSCODE_EXT="installed" (or an error state on failure), otherwise set
RESULT_VSCODE_EXT="skipped (default)" and log via info — keep the behavior
idempotent and non-root, and ensure no read/from-tty is used.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 13 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 13 changed files in this pull request and generated 8 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Bash installer (install.sh) for the full Klever smart contract dev environment - Installs Rust, wasm32v1-none target, ksc, koperator, VM library, klever-sc-meta, wasm-opt - Configures Klever MCP server for Claude Code and VS Code - Prompts to install Klever KVM IDE extension for VS Code - Platform detection: macOS/Linux, arm64/amd64 - Idempotent, non-root, safe for curl | bash - Static landing page (index.html) with install command and copy button - Repository scaffolding: LICENSE (MIT), SECURITY.md, CONTRIBUTING.md, CODEOWNERS, PR template, .editorconfig, CI/CD workflows - CI: ShellCheck, bash syntax, dry-run matrix, HTML validation - Deploy: GitHub Pages via actions/deploy-pages
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 13 changed files in this pull request and generated 9 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Clarify sudo usage in index.html and SECURITY.md (no longer claims "no root required" without caveat) - Add aria-label to copy button for screen reader accessibility - Add specific error messages for MCP config file creation failures (codes 5/6) - Remove unnecessary 2>&1 redirections from brew/cargo install commands
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Actionable comments posted: 7
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/ci.yml:
- Around line 41-42: The dry-run job currently repeats the syntax check by
running "bash -n install.sh" (the step titled "Verify script loads without
errors"); remove that step from the dry-run job to avoid duplication, or
alternatively add "needs: syntax" to the dry-run job to make the dependency
explicit so the check only runs once in the existing "syntax" job.
In @.github/workflows/deploy.yml:
- Around line 29-32: The Pages artifact is uploading the entire repo (with the
Upload artifact step using actions/upload-pages-artifact@v4 and with: path: .);
change this to only include your built/site output (e.g., set with: path: public
or the build output directory) or explicitly exclude unnecessary files, and if
not already present, move or output the site into a dedicated public/ (or dist/)
directory so the Upload artifact step references only site files rather than the
repo root.
In `@index.html`:
- Around line 295-308: Add keyboard focus styles for footer links by updating
the CSS rules that target footer a (and related selectors) to include a visible,
high-contrast focus state (use :focus and preferably :focus-visible) alongside
the existing :hover rule; ensure the focus style (outline, outline-offset or
box-shadow) uses accessible color (e.g., var(--accent) or a contrasting color)
and preserves existing transitions so keyboard users can clearly see which
footer link is focused while keeping current hover behavior and layout set in
footer nav.
- Around line 81-91: Add visible keyboard focus styles for header navigation
links by updating the CSS selectors used for "header nav a" to include a :focus
(and :focus-visible) rule that sets a clear, high-contrast outline or box-shadow
and preserves existing hover behavior; specifically modify the rules for header
nav a and add header nav a:focus, header nav a:focus-visible so keyboard users
get a persistent focus indicator (use accessible color/contrast and avoid
relying solely on color change). Ensure the focus style does not remove default
outlines elsewhere and fits the existing transition by matching transition:
color 0.2s or adding transition for the outline/box-shadow as needed.
- Around line 143-159: Add a visible keyboard focus style for the install block
button by handling the :focus-visible state on .install-block button so keyboard
users get a clear outline/contrast when tabbing; update the CSS rule for
.install-block button to include a :focus-visible selector (e.g., .install-block
button:focus-visible) that sets a high-contrast outline, outline-offset, and
retains existing border-radius and background transition to match visual style
and accessibility guidelines.
In `@install.sh`:
- Around line 153-177: The install script's ensure_build_tools logic uses sudo
for installing system packages but this requirement isn't documented; update the
README to add a short note explaining that installing system build dependencies
(referencing the ensure_build_tools behavior and packages like build-essential /
gcc / make / pkg-config / libssl-dev or openssl-devel / base-devel / pkgconf)
may require sudo/root on Linux distributions and recommend running the installer
with sudo or pre-installing those packages when a C compiler is not present;
include which package managers are handled (apt, yum, dnf, pacman) and a brief
troubleshooting step if permission is denied.
In `@README.md`:
- Line 56: Update the README text to clarify that while the script is designed
to run without root for its main operations, the helper function
ensure_build_tools may prompt for elevated privileges (e.g., invoking sudo on
Linux) to install OS-level build dependencies like gcc, pkg-config, and
openssl-dev; replace "No root access required" with a brief note mentioning that
root/sudo may be needed only when ensure_build_tools installs missing system
packages.
---
Duplicate comments:
In `@install.sh`:
- Around line 737-740: The inline local array declarations for candidates should
be split into separate declaration and assignment to match the SC2155 style used
elsewhere; replace occurrences of lines like `local candidates=(...)` inside the
conditional with `local candidates` followed by `candidates=(...)` (update both
branches where `candidates` is set) so the variable is declared first and then
assigned.
- Remove redundant bash -n from dry-run job, add needs: [syntax] dependency - Limit GitHub Pages deploy artifact to site files only - Add focus-visible styles for keyboard accessibility on nav links and copy button
- Add focus-visible styles for footer links (keyboard accessibility) - Clarify sudo usage for build dependencies in README
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 11 out of 13 changed files in this pull request and generated 9 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| margin: 0 auto; | ||
| } | ||
|
|
||
| .install-block code { | ||
| font-family: "SF Mono", "Fira Code", "Fira Mono", Menlo, Consolas, monospace; | ||
| font-size: 14px; | ||
| color: var(--green); | ||
| white-space: nowrap; | ||
| overflow-x: auto; |
There was a problem hiding this comment.
The install command block displays the command in a code element with overflow-x: auto for horizontal scrolling. However, there is no visual indication (like a scrollbar hint or fade effect) that the content can be scrolled horizontally on mobile devices where the command may be truncated. Consider adding a visual affordance such as a subtle gradient fade on the right edge, or ensuring mobile browsers show the scrollbar, to indicate that users can scroll to see the full command.
| margin: 0 auto; | |
| } | |
| .install-block code { | |
| font-family: "SF Mono", "Fira Code", "Fira Mono", Menlo, Consolas, monospace; | |
| font-size: 14px; | |
| color: var(--green); | |
| white-space: nowrap; | |
| overflow-x: auto; | |
| margin: 0 auto; | |
| position: relative; | |
| overflow: hidden; | |
| } | |
| .install-block::after { | |
| content: ""; | |
| position: absolute; | |
| top: 0; | |
| right: 0; | |
| width: 32px; | |
| height: 100%; | |
| pointer-events: none; | |
| background: linear-gradient(to left, var(--surface), transparent); | |
| } | |
| .install-block code { | |
| font-family: "SF Mono", "Fira Code", "Fira Mono", Menlo, Consolas, monospace; | |
| font-size: 14px; | |
| color: var(--green); | |
| white-space: nowrap; | |
| overflow-x: auto; | |
| -webkit-overflow-scrolling: touch; |
|
|
||
| if command -v wasm-opt &>/dev/null; then | ||
| local version | ||
| version=$(wasm-opt --version 2>/dev/null | grep -oE '[0-9]+' | head -1) || version="unknown" |
There was a problem hiding this comment.
The version detection pattern in wasm-opt relies on extracting the first number with grep -oE '[0-9]+' | head -1, which only captures major version and discards minor/patch versions. This could be misleading in the summary output (e.g., "wasm-opt 118" when the actual version is "118.0.0"). Consider using a pattern that captures the full semantic version if available, similar to the extract_version function used elsewhere.
| if ! printf '{\n "%s": {\n "%s": %s\n }\n}\n' \ | ||
| "$wrapper_key" "$server_key" "$(echo "$mcp_entry" | sed 's/^/ /' | sed '1s/^ *//')" > "$file"; then | ||
| return 6 | ||
| fi |
There was a problem hiding this comment.
The upsert_mcp_json function creates a new JSON config file using printf with a multiline format string that embeds the JSON entry via command substitution and sed. If the mcp_entry contains special characters or the sed operation fails to format correctly, the resulting JSON could be malformed. Additionally, the printf command can fail but its exit code is not checked before returning success. Consider verifying the JSON is valid (e.g., with jq if available) before declaring success, or at minimum check the printf exit code.
| fi | |
| fi | |
| # Optionally validate the generated JSON if jq is available | |
| if command -v jq >/dev/null 2>&1; then | |
| if ! jq . "$file" >/dev/null 2>&1; then | |
| rm -f "$file" | |
| return 7 | |
| fi | |
| fi |
| local answer | ||
| if [ -r /dev/tty ]; then | ||
| printf '%b:: %bInstall Klever KVM IDE extension for VS Code? [Y/n] ' "$BLUE" "$NC" | ||
| read -r answer < /dev/tty 2>/dev/null || answer="n" |
There was a problem hiding this comment.
The interactive prompt for the VS Code extension uses read -r answer < /dev/tty which will hang indefinitely if /dev/tty exists but no input is provided (e.g., in a detached or automated environment where /dev/tty is present but non-interactive). The fallback || answer="n" only triggers if the read command itself fails, not if it blocks. Consider adding a timeout to the read command (e.g., read -r -t 10 answer) to avoid hanging in semi-interactive environments.
| read -r answer < /dev/tty 2>/dev/null || answer="n" | |
| read -r -t 10 answer < /dev/tty 2>/dev/null || answer="n" |
| fish) | ||
| profile="$HOME/.config/fish/config.fish" | ||
| path_line="set -gx PATH \"${SDK_PATH}\" \$PATH" |
There was a problem hiding this comment.
The fish shell PATH configuration uses set -gx PATH "$SDK_PATH" $PATH, which prepends the SDK path. However, this differs from the bash/zsh approach where the PATH is quoted as "$SDK_PATH:$PATH". In fish, $PATH is a list variable, so this syntax is correct for fish. But the check for whether the PATH is already configured uses grep -qF ":${SDK_PATH}:" which expects colon-separated paths. Fish stores PATH as a list internally but exports it with colons, so the check should work, but this could be confusing. Consider adding a comment explaining that fish uses list syntax while the check uses the colon-separated exported form.
| *) | ||
| # Detect the appropriate bash startup file | ||
| if [ "$(uname -s)" = "Darwin" ]; then | ||
| # macOS login shells read .bash_profile, not .bashrc | ||
| local candidates=("$HOME/.bash_profile" "$HOME/.bashrc" "$HOME/.profile") | ||
| else | ||
| local candidates=("$HOME/.bashrc" "$HOME/.bash_profile" "$HOME/.profile") | ||
| fi | ||
| profile="${candidates[0]}" | ||
| for candidate in "${candidates[@]}"; do | ||
| if [ -f "$candidate" ]; then | ||
| profile="$candidate" | ||
| break | ||
| fi | ||
| done |
There was a problem hiding this comment.
The bash profile detection logic checks if a file exists and breaks on the first match, but doesn't verify that the file is actually sourced by the user's shell. For example, if .bashrc exists but the user only sources .bash_profile (or vice versa), the PATH update will be written to the wrong file. Consider checking which file is actually sourced, or at minimum documenting this limitation so users know to verify their shell configuration.
| case "$answer" in | ||
| [yY]*|"") | ||
| ;; | ||
| *) | ||
| info "Skipped (install later: code --install-extension Klever-org.vscode-kvm-ide)" | ||
| RESULT_VSCODE_EXT="skipped (user declined)" | ||
| return 0 | ||
| ;; | ||
| esac |
There was a problem hiding this comment.
The case statement matching the user's response treats an empty string (just pressing Enter) as "yes" by matching [yY]*|""). However, the prompt says "[Y/n]" which conventionally means "Y" is the default. While the logic is consistent with the prompt, the case pattern is fragile: if the user enters only whitespace, it won't match either branch and will fall through to the decline case. Consider trimming whitespace from the answer before the case statement, or explicitly handling empty/whitespace input.
| }); | ||
| } else { | ||
| fallbackCopy(command, btn); | ||
| } | ||
| } | ||
|
|
||
| function fallbackCopy(text, btn) { | ||
| var textarea = document.createElement('textarea'); | ||
| textarea.value = text; | ||
| textarea.readOnly = true; | ||
| textarea.style.position = 'fixed'; | ||
| textarea.style.opacity = '0'; | ||
| document.body.appendChild(textarea); | ||
| textarea.select(); | ||
| textarea.setSelectionRange(0, text.length); | ||
| var ok = false; | ||
| try { | ||
| ok = document.execCommand('copy'); | ||
| } finally { | ||
| document.body.removeChild(textarea); | ||
| } | ||
| if (ok) { |
There was a problem hiding this comment.
The fallbackCopy function uses document.execCommand('copy') which has been deprecated for several years and may not work in modern browsers or future browser versions. While it's currently maintained for backward compatibility, consider adding user feedback if the fallback also fails, such as displaying an alert or updating the button text to instruct the user to manually copy the command. This would improve the user experience when both clipboard methods fail.
| mcp_entry=$(cat <<'MCPJSON' | ||
| { | ||
| "type": "stdio", | ||
| "command": "npx", | ||
| "args": ["-y", "@klever/mcp-server"], | ||
| "env": { | ||
| "MODE": "mcp", | ||
| "STORAGE_TYPE": "memory" | ||
| } |
There was a problem hiding this comment.
The MCP configuration written by upsert_mcp_json hardcodes an npx command ("command": "npx", "args": ["-y", "@klever/mcp-server"]) without pinning the package to an immutable version or verifying its integrity. This means every time the MCP server is started, the tooling may fetch and execute the latest @klever/mcp-server from the npm registry, so a compromised package or registry could execute arbitrary code with the developer’s privileges (access to source code, keys, and other secrets). To reduce this supply-chain risk, pin @klever/mcp-server to a specific, trusted version (e.g., @klever/mcp-server@x.y.z) and/or require a previously installed local binary instead of a mutable npx fetch, and consider using additional integrity checks where feasible.
Summary
install.sh— single-command installer for the full Klever smart contract development environment (curl -fsSL https://install.klever.org/install.sh | bash)index.html— static landing page forinstall.klever.orgwith install instructions, platform support, and copy-to-clipboardREADME.mdand.nojekyllfor repo setup and GitHub Pages compatibilityWhat the installer does
wasm32v1-nonetargetkscandkoperatorbinaries + VM library from Klever CDNklever-sc-metavia cargowasm-opt(optional, via Homebrew or cargo)Script is idempotent, non-interactive, requires no root, and supports
KLEVER_SDK_PATHfor custom install locations.Test plan
bash -n install.sh)curl -fsSLserves install.sh correctly from GitHub PagesSummary by CodeRabbit
New Features
Documentation
CI / Deployment
Repository