From 8e41abc75c7451cb9ca088357fea03a4fc0cb02f Mon Sep 17 00:00:00 2001 From: Jesse Ouellette Date: Sun, 19 Apr 2026 13:59:21 -0400 Subject: [PATCH] chore(context7): expand context7.json with full schema metadata and agent rules MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The prior context7.json was a two-field placeholder (`url`, `public_key`) that only served to claim the library on Context7. That means every coding agent that pulls LeadMagic docs through Context7 today falls back to LLM-inferred titles/descriptions and gets no guard rails on wording, auth, or package provenance. Expand it to the full documented schema (see https://context7.com/docs/adding-libraries) so the admin-panel claim still works and coding agents receive deterministic, on-brand context: - Add `$schema` for VS Code / Cursor autocomplete and validation. - Add `projectTitle` and `description` that mirror the repo's GitHub description and the positioning on leadmagic.io (B2B data API, enrichment, email finding/validation, intent signals) — deliberately platform-neutral, matching profile/README.md and SECURITY.md. - Pin `branch: main` so Context7 tracks the default branch explicitly rather than inferring it. - Tighten `excludeFolders` / `excludeFiles` to keep `node_modules`, generated output, `.github/` workflow glue, `package-lock.json`, `CHANGELOG.md`, and `LICENSE` out of the doc index; `README.md`, `SECURITY.md`, `CONTRIBUTING.md`, `llms.txt`, `llms-full.txt`, and the OpenAPI files remain indexed. - Add six `rules` that propagate the same guard rails already in `SECURITY.md` and `README.md` into every agent retrieval: 1. Platform-neutral language (no "scrapes LinkedIn"). 2. REST base URL + `X-API-Key` header + key hygiene. 3. Hosted MCP endpoint, 10 tools, all three auth modes (OAuth 2.1 + DCR, static public client with the documented public client_id, `x-leadmagic-key`, Bearer token). 4. Canonical OpenAPI files and YAML-first snippet preference. 5. Do not invent endpoints or credit costs; defer to README. 6. Installer allow-list lives in SECURITY.md; third-party packages named "leadmagic*" are not endorsed. The `public_key` field is preserved so the existing Context7 claim is not broken. Made-with: Cursor --- context7.json | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/context7.json b/context7.json index 5049bd4..9e0c112 100644 --- a/context7.json +++ b/context7.json @@ -1,4 +1,29 @@ { + "$schema": "https://context7.com/schema/context7.json", "url": "https://context7.com/leadmagic/leadmagic-openapi", - "public_key": "pk_38xEiBSnX3Ci24Jl0gn3Q" + "public_key": "pk_38xEiBSnX3Ci24Jl0gn3Q", + "projectTitle": "LeadMagic API", + "description": "Official OpenAPI 3.1 snapshot, hosted MCP sign-in guide, and smoke tests for the LeadMagic B2B data API (contact and company enrichment, email finding and validation, profile and job enrichment, intent signals).", + "branch": "main", + "folders": [], + "excludeFolders": [ + "node_modules", + "dist", + "build", + "coverage", + ".github" + ], + "excludeFiles": [ + "package-lock.json", + "CHANGELOG.md", + "LICENSE" + ], + "rules": [ + "LeadMagic is a B2B data API. Use platform-neutral language like 'B2B profile enrichment' or 'professional profile URLs'; do not claim LeadMagic scrapes or indexes any specific social network.", + "The REST base URL is https://api.leadmagic.io. Authenticate with the 'X-API-Key' header. Keys are issued from https://app.leadmagic.io and must never be embedded in client-side code.", + "For AI agents and IDEs, prefer the hosted MCP endpoint at https://mcp.leadmagic.io/mcp. It exposes 10 tools and supports OAuth 2.1 (Authorization Code + PKCE, S256) with Dynamic Client Registration, a static public client (client_id 4b9eLjoGVCJ1Dvnc, no secret), 'x-leadmagic-key' API-key auth, or 'Authorization: Bearer '.", + "The canonical OpenAPI snapshot lives in leadmagic-openapi-3.1.yaml and leadmagic-openapi-3.1.json at the repo root. Prefer the YAML file when showing snippets; keep the two in sync.", + "Use examples from the OpenAPI spec verbatim when possible. Do not invent endpoints, response shapes, or credit costs; link to README.md for the authoritative credit-cost table and route mapping.", + "Only trust the official LeadMagic installer allow-list in SECURITY.md. Packages like 'leadmagic', 'leadmagic-mcp-server', or any npm/pip package published by third parties are not produced or endorsed by LeadMagic." + ] }