feat: detect installation method for update notifications

[SimplyLiz]

Summary

• Add detection for npm, Homebrew, and Go installations to show the appropriate update command
• Previously only npm was detected, with fallback to GitHub releases page URL
• Now users see the correct update command based on how they installed ckb
• New: Add ckb update command to self-update using the detected package manager

Detection methods

Install Method	Detection	Update Command
npm	node_modules/@tastehub/ckb in path	npm update -g @tastehub/ckb
Homebrew	/opt/homebrew/Cellar/, /usr/local/Cellar/, or linuxbrew paths	brew upgrade ckb
Go	GOBIN, GOPATH/bin, or ~/go/bin paths	go install github.com/SimplyLiz/CodeMCP/cmd/ckb@latest
Unknown	Fallback	Opens GitHub releases page

New CLI command

ckb update [--dry-run]

• Detects installation method and runs the appropriate update command
• --dry-run flag shows the command without executing it
• For unknown installations, opens the GitHub releases page in browser

Test plan

• Unit tests added for each detection function
• Tests for getUpgradeCommand() with all install methods
• All existing tests updated and passing
• Manual test of ckb update --dry-run

🤖 Generated with Claude Code

[github-actions]

NFR Tests ✅ 39 unchanged

Comparing PR against main branch (dynamic baseline).

Regressions: 0 ✅

Thresholds: WARN ≥ +5% • FAIL ≥ +10%

All scenarios

	Scenario	Change	Actual (B)	Base (B)	Time
⚪	analyzeChange / large	+0.0%	193,169	193,169	826µs
⚪	analyzeChange / medium	+0.0%	38,575	38,575	229µs
⚪	analyzeChange / small	+0.0%	4,046	4,046	51µs
⚪	analyzeChange / xlarge	+0.0%	387,417	387,417	1.481426ms
⚪	analyzeImpact / large	+0.0%	17,966	17,966	142µs
⚪	analyzeImpact / small	+0.0%	1,924	1,924	17µs
⚪	batchGet / large	+0.0%	11,789	11,789	59µs
⚪	batchGet / small	+0.0%	4,733	4,733	43µs
⚪	batchSearch / large	+0.0%	90,816	90,816	328µs
⚪	batchSearch / medium	+0.0%	18,036	18,036	106µs
⚪	batchSearch / small	+0.0%	3,379	3,379	24µs
⚪	explore / large	+0.0%	94,262	94,262	525µs
⚪	explore / small	+0.0%	4,253	4,253	58µs
⚪	findReferences / large	+0.0%	445,943	445,943	1.88174ms
⚪	findReferences / medium	+0.0%	44,123	44,123	280µs
⚪	findReferences / small	+0.0%	4,395	4,395	50µs
⚪	getAffectedTests / large	+0.0%	7,521	7,521	81µs
⚪	getAffectedTests / medium	+0.0%	3,110	3,110	34µs
⚪	getAffectedTests / small	+0.0%	903	903	24µs
⚪	getAffectedTests / xlarge	+0.0%	14,870	14,870	112µs
⚪	getArchitecture / large	+0.0%	6,690	6,690	85µs
⚪	getArchitecture / small	+0.0%	960	960	17µs
⚪	getCallGraph / deep	+0.0%	15,238	15,238	101µs
⚪	getCallGraph / shallow	+0.0%	887	887	14µs
⚪	getHotspots / large	+0.0%	16,748	16,748	205µs
⚪	getHotspots / small	+0.0%	886	886	15µs
⚪	listEntrypoints / large	+0.0%	23,798	23,798	162µs
⚪	listEntrypoints / small	+0.0%	4,795	4,795	53µs
⚪	prepareChange / large	+0.0%	16,194	16,194	304µs
⚪	prepareChange / small	+0.0%	2,483	2,483	28µs
⚪	searchSymbols / large	+0.0%	90,246	90,246	536µs
⚪	searchSymbols / medium	+0.0%	17,766	17,766	155µs
⚪	searchSymbols / small	+0.0%	3,588	3,588	41µs
⚪	summarizeDiff / large	+0.0%	19,939	19,939	152µs
⚪	summarizeDiff / small	+0.0%	2,133	2,133	37µs
⚪	traceUsage / large	+0.0%	7,728	7,728	70µs
⚪	traceUsage / small	+0.0%	725	725	12µs
⚪	understand / large	+0.0%	460,608	460,608	1.825115ms
⚪	understand / small	+0.0%	5,555	5,555	48µs

* = new scenario, compared against static baseline

[github-actions]

🟢 Change Impact Analysis

Metric	Value
Risk Level	LOW 🟢
Files Changed	3
Symbols Changed	85
Directly Affected	1
Transitively Affected	11

Blast Radius: 0 modules, 1 files, 12 unique callers

📝 Changed Symbols (85)

Symbol	File	Type	Confidence
Checker#InstallMethod	cmd/ckb/update.go	added	100%
Checker#cache	internal/update/check.go	modified	100%
Checker#installMethod	internal/update/check.go	modified	100%
InstallMethod	cmd/ckb/update.go	added	100%
InstallMethodBrew	cmd/ckb/update.go	added	100%
InstallMethodGo	cmd/ckb/update.go	added	100%
InstallMethodNPM	cmd/ckb/update.go	added	100%
InstallMethodUnknown	internal/update/check.go	modified	100%
_test	cmd/ckb/update.go	added	100%
brewPackageName	internal/update/check.go	modified	100%
ch	cmd/ckb/update.go	added	100%
data	cmd/ckb/update.go	added	100%
detectBrewInstall	internal/update/check.go	modified	100%
detectGoInstall	internal/update/check.go	modified	100%
detectInstallMethod	internal/update/check.go	modified	100%
…	+70 more

🎯 Affected Downstream (12)

Symbol	Module	Distance	Kind
unknown	``	1	type-dependency
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/cmd/ckb/main().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/cmd/ckb/runUpdate().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/Checker#Check().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/Checker#CheckAsync().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/Checker#CheckCached().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/Checker#RefreshCache().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/Checker#compareVersions().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/NewChecker().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/TestChecker_Check_DisabledByEnv().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/TestChecker_FetchLatestVersion_Timeout().	``	2	transitive-caller
scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/TestChecker_GetUpgradeCommand().	``	2	transitive-caller

Recommendations

• ℹ️ split: Large change with 85 symbols modified. Consider splitting into smaller PRs.
  • Action: Break into smaller, focused changes

⚠️ Index is 0 commit(s) behind HEAD. Results may be incomplete.

---

_{Generated by CKB}

[github-actions]

CKB Analysis

🎯 85 changed → 11 affected · 🔥 1 hotspot · 📊 1 complex · 💣 1 blast · 📚 143 stale

Risk factors: Touches 1 hotspot(s)

Metric	Value
Impact Analysis	85 symbols → 11 affected	🟢
Doc Coverage	9.090909090909092%	⚠️
Complexity	1 violations	⚠️
Coupling	0 gaps	✅
Blast Radius	0 modules, 1 files	✅
Index	indexed (6s)	💾

🎯 Change Impact Analysis · 🟢 LOW · 85 changed → 12 affected

Metric	Value
Symbols Changed	85
Directly Affected	1
Transitively Affected	11
Modules in Blast Radius	0
Files in Blast Radius	1

Symbols changed in this PR:

• Checker#InstallMethod [added] (100%) — cmd/ckb/update.go
• Checker#cache [modified] (100%) — internal/update/check.go
• Checker#installMethod [modified] (100%) — internal/update/check.go
• InstallMethod [added] (100%) — cmd/ckb/update.go
• InstallMethodBrew [added] (100%) — cmd/ckb/update.go
• InstallMethodGo [added] (100%) — cmd/ckb/update.go
• InstallMethodNPM [added] (100%) — cmd/ckb/update.go
• InstallMethodUnknown [modified] (100%) — internal/update/check.go
• _test [added] (100%) — cmd/ckb/update.go
• brewPackageName [modified] (100%) — internal/update/check.go
• … and 75 more

Downstream symbols affected:
Direct callers (1):

• unknown
  Transitive callers (11):
• scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/cmd/ckb/main(). (depth 2)
• scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/cmd/ckb/runUpdate(). (depth 2)
• scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/Checker#Check(). (depth 2)
• scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/Checker#CheckAsync(). (depth 2)
• scip-go gomod github.com/SimplyLiz/CodeMCP 769d4ee0bb5f github.com/SimplyLiz/CodeMCP/internal/update/Checker#CheckCached(). (depth 2)
• … and 6 more transitive callers

Recommendations:

• ℹ️ Large change with 85 symbols modified. Consider splitting into smaller PRs.
  • Action: Break into smaller, focused changes

⚠️ Index is undefined commit(s) behind HEAD. Results may be incomplete. Run ckb index to refresh.

💣 Blast radius · 0 symbols · 1 tests · 0 consumers

Tests that may break:

• internal/update/check_test.go

🔥 Hotspots · 1 volatile files

File	Churn Score
internal/update/check.go	9.57

📊 Complexity · 1 violations

File	Cyclomatic	Cognitive
internal/update/check_test.go	12	⚠️ 22

💡 Quick wins · 10 suggestions

• 🟡 Add tests → internal/query/engine_test.go
• 🟡 Add tests → internal/incremental/store_test.go
• 🟡 Add tests → internal/api/index_processor.go
• 🟡 Add tests → internal/backends/git/diff.go
• 🟡 Add tests → internal/paths/paths_test.go
• 🟢 Assign backup owner → internal/query/engine_test.go
• 🟢 Assign backup owner → internal/incremental/store_test.go
• 🟢 Assign backup owner → internal/api/index_processor.go

📚 Stale docs · 143 broken references

• docs/CONTRIBUTING.md:108 → errors.New
• docs/CONTRIBUTING.md:108 → errors.SYMBOL_NOT_FOUND
• docs/CONTRIBUTING.md:111 → errors.Wrap
• docs/backlog/index-refresh-improvements.md:36 → watcher.Add
• docs/backlog/index-refresh-improvements.md:36 → filepath.Join
• docs/backlog/index-refresh-improvements.md:97 → time.Second
• docs/featureplans/change-impact-analysis-checklist.md:208 → coverage.out
• docs/featureplans/change-impact-analysis-checklist.md:214 → lcov.info
• docs/featureplans/change-impact-analysis-checklist.md:309 → coverage.out
• docs/featureplans/change-impact-analysis.md:448 → scip.SCIPIndex
• docs/featureplans/change-impact-analysis.md:478 → context.Context
• docs/featureplans/change-impact-analysis.md:669 → coverage.out
• docs/ideas.md:16 → provenance.backends
• docs/ideas.md:21 → queryPolicy.coalesceWindowMs
• docs/ideas.md:302 → confidence.factors

---

_{Generated by CKB · Run details}

[github-actions]

🔐 Security Audit Results

⚠️ Security gate passed with warnings - 7 issue(s) found (review recommended)

Category	Findings
🔑 Secrets	✅ 0
🛡️ SAST	✅ 0
📦 Dependencies	⚠️ 7
📜 Licenses	⚠️ 119 non-permissive

📦 Dependency Vulnerabilities

Found 7 vulnerability(ies) across 2 scanner(s)

Details

Trivy (4 findings)

• CVE-2026-22036 (MEDIUM): undici - undici: Undici: Denial of Service via excessive de...
• CVE-2025-54410 (LOW): github.com/docker/docker - github.com/moby/moby: Moby's Firewalld reload remo...
• GHSA-vrw8-fxc6-2r93 (MEDIUM): github.com/go-chi/chi/v5 - chi Allows Host Header Injection which Leads to Op...
• CVE-2025-47908 (MEDIUM): github.com/rs/cors - github.com/rs/cors: Denial of service via maliciou...

OSV-Scanner (3 findings)

• github.com/docker/docker: 2 vulnerabilities
• github.com/go-chi/chi/v5: 1 vulnerabilities
• github.com/rs/cors: 2 vulnerabilities

📜 License Issues

Found 119 non-permissive license(s)

Details

• github.com/BurntSushi/toml: MIT (notice)
• github.com/google/uuid: BSD-3-Clause (notice)
• github.com/klauspost/compress: Apache-2.0 (notice)
• github.com/klauspost/compress: BSD-3-Clause (notice)
• github.com/klauspost/compress: MIT (notice)
• github.com/pelletier/go-toml/v2: MIT (notice)
• github.com/smacker/go-tree-sitter: MIT (notice)
• github.com/sourcegraph/go-diff: MIT (notice)
• github.com/sourcegraph/scip: Apache-2.0 (notice)
• github.com/spf13/cobra: Apache-2.0 (notice)
• ... and 109 more

---

_{Generated by CKB Security Audit | View Details | Security Tab}

[codecov]

Codecov Report

❌ Patch coverage is 27.67857% with 81 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
cmd/ckb/update.go	4.9%	58 Missing ⚠️
internal/update/check.go	54.9%	20 Missing and 3 partials ⚠️

❌ Your patch check has failed because the patch coverage (27.6%) is below the target coverage (30.0%). You can increase the patch coverage or adjust the target coverage.

Additional details and impacted files

@@           Coverage Diff           @@
##            main    #120     +/-   ##
=======================================
- Coverage   45.1%   45.1%   -0.1%     
=======================================
  Files        350     351      +1     
  Lines      59739   59844    +105     
=======================================
+ Hits       26957   26995     +38     
- Misses     30955   31021     +66     
- Partials    1827    1828      +1     

Flag	Coverage Δ
unit	45.1% <27.6%> (-0.1%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

📢 Thoughts on this report? Let us know!

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.