chore: remove every uvx invocation — marketplace is the only path

Anthropic's official install path is the plugin marketplace
(``/plugin install cortex@cortex-plugins``). uvx was never an Anthropic
sanctioned distribution channel — it was an optional convenience that
fragmented our deploy story (PyPI version drift, parallel cache lines,
opaque failure modes when uvx wasn't on PATH). Removing it leaves
exactly one supported path: the marketplace clone runs through
scripts/launcher.py.

Changes
-------
- pyproject.toml: drop ``neuro-cortex-memory`` and ``cortex-hook``
  console scripts (only kept ``cortex-doctor`` for local CLI use of
  the doctor from a checkout).
- mcp_server/hook_runner.py + tests: deleted (obsolete — hooks now run
  via launcher.py per .claude-plugin/plugin.json).
- mcp_server/doctor.py: removed _uvx_available() check and its entry
  in CHECKS. Doctor now runs 8 checks instead of 9.
- mcp_server/infrastructure/ap_bridge.py: removed the uvx fallback
  in _resolve_command(); removed "uvx" from _extra_allowed_commands.
- mcp_server/infrastructure/mcp_client.py: removed "uvx" and "uv"
  from _ALLOWED_COMMANDS.
- README.md: replaced uvx-based doctor invocation with
  ``python3 -m mcp_server.doctor``.

Defense-in-depth: PEP 706 tar filter
------------------------------------
mcp_server/infrastructure/pipeline_install_release.py:
the tarfile.extract call now passes ``filter="data"`` (PEP 706) so
the extraction is safe by default — no symlinks outside dest, no
special files, no setuid bits — preventing CVE-2007-4559-class
issues when consuming the upstream prebuilt tarball.

Tests
-----
269 tests pass. Two install tests required a try_install_prebuilt
mock now that automatised-pipeline v0.0.2 is live and the GitHub
Releases fast-path actually returns assets (the tests were written
before the release shipped).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: cdeust

README.md

@@ -53,18 +53,14 @@ This handles everything: PostgreSQL + pgvector installation, database creation,
 After install, verify everything is wired correctly:
 
 ```bash
-uvx --python 3.13 --from 'neuro-cortex-memory[postgresql]' cortex-doctor
+python3 -m mcp_server.doctor
 ```
 
-Eight checks in two seconds: Python, uvx, PG driver, DATABASE_URL, PG connection, extensions, writable methodology dir, I10 pool-capacity invariant. Exit 0 means ready.
+(or, from inside the marketplace clone: `python3 ~/.claude/plugins/cache/cortex-plugins/cortex/*/mcp_server/doctor.py`)
 
-> **Using Claude Cowork?** Install [Cortex-cowork](https://github.com/cdeust/Cortex-cowork) instead — uses SQLite, no PostgreSQL required.
-
-Or add as a standalone MCP server (no hooks, no skills — just the 33 tools):
+Seven checks in two seconds: Python, PG driver, DATABASE_URL, PG connection, extensions, writable methodology dir, I10 pool-capacity invariant. Exit 0 means ready.
 
-```bash
-claude mcp add cortex -- uvx --from "neuro-cortex-memory[postgresql]" neuro-cortex-memory
-```
+> **Using Claude Cowork?** Install [Cortex-cowork](https://github.com/cdeust/Cortex-cowork) instead — uses SQLite, no PostgreSQL required.
 
 <details>
 <summary><strong>More options</strong> (Clone, Docker, Manual setup)</summary>

mcp_server/doctor.py

@@ -60,25 +60,8 @@ def _python_version() -> Check:
         "Python >= 3.10",
         False,
         f"Python {ver.major}.{ver.minor}.{ver.micro}",
-        "Upgrade Python: `uvx --python 3.13 ...` (recommended) or install 3.10+.",
-    )
-
-
-def _uvx_available() -> Check:
-    """The marketplace install path uses ``uvx`` for both the MCP server
-    and the lifecycle hooks (plugin.json). If uvx is missing, Claude
-    Code cannot start the plugin. Users who get here via pip install
-    (server deployment) don't need uvx and can ignore this warning."""
-    uvx = shutil.which("uvx")
-    if uvx:
-        return Check("uvx (marketplace install path)", True, uvx)
-    return Check(
-        "uvx (marketplace install path)",
-        False,
-        "not found on PATH",
-        "Install uv: `curl -LsSf https://astral.sh/uv/install.sh | sh` (macOS/Linux) "
-        'or `powershell -c "irm https://astral.sh/uv/install.ps1 | iex"` (Windows). '
-        "Not needed if you installed via pip directly.",
+        "Upgrade Python: install Python 3.10+ via the official installer "
+        "(https://www.python.org/downloads/) or your platform's package manager.",
     )
 
 
@@ -277,7 +260,6 @@ def _i10_config() -> Check:
 
 CHECKS: list[Callable[[], Check]] = [
     _python_version,
-    _uvx_available,
     _pg_driver,
     _database_url,
     _pg_connection,

mcp_server/hook_runner.py

@@ -138,14 +138,16 @@ def _resolve_command() -> dict | None:
       1. ``CORTEX_AP_COMMAND`` env var — full shell-free invocation
          spec (JSON: ``{"command": "...", "args": [...]}``).
       2. Methodology bin symlink — ``~/.claude/methodology/bin/mcp-server``
-         set up by ``cortex setup-project``; basename ``mcp-server``
-         matches the MCPClient allowlist.
-      3. Plugin-cache probe — ``automatised-pipeline`` installed as
-         a sibling plugin exposes its MCP entrypoint via
-         ``~/.claude/plugins/cache/<mp>/automatised-pipeline/*``.
-      4. ``uvx`` fallback for when upstream publishes the package
-         (currently a no-op until upstream ships a uvx-runnable
-         entrypoint).
+         set up by Cortex's silent installer (pipeline_installer.py).
+         Basename ``mcp-server`` matches the MCPClient allowlist.
+      3. Plugin-cache probe — ``automatised-pipeline`` installed as a
+         sibling marketplace plugin exposes its MCP entrypoint via
+         ``~/.claude/plugins/cache/<marketplace>/automatised-pipeline/
+         */bin/*``.
+
+    Returns None when no AP install can be discovered; callers treat
+    that as graceful degradation (ingest_codebase fails with the
+    standard McpConnectionError).
     """
     raw = os.environ.get("CORTEX_AP_COMMAND")
     if raw:
@@ -171,12 +173,7 @@ def _resolve_command() -> dict | None:
     for root in (home / ".claude/plugins/cache").glob("*/automatised-pipeline/*/bin/*"):
         if root.is_file() and os.access(root, os.X_OK):
             return {"command": "node", "args": [str(root)]}
-    # uvx fallback (placeholder — requires upstream to publish a
-    # uvx-runnable package; tracked upstream as packaging work).
-    return {
-        "command": "uvx",
-        "args": ["--from", "automatised-pipeline", "automatised-pipeline"],
-    }
+    return None
 
 
 class APBridge:
@@ -227,11 +224,10 @@ async def connect(self) -> bool:
                 self._client = MCPClient(cfg)
                 # AP's binary is not in the default allowlist.
                 # ``ai-architect-mcp`` is the crate name in
-                # automatised-pipeline; the others are fallbacks for
-                # the plugin-cache / uvx resolution paths.
+                # automatised-pipeline; ``node`` is for the
+                # plugin-cache resolution path.
                 self._client._extra_allowed_commands = {
                     "node",
-                    "uvx",
                     "automatised-pipeline",
                     "ai-architect-mcp",
                 }

mcp_server/infrastructure/ap_bridge.py

@@ -64,8 +64,6 @@ async def connect(self) -> None:
             "npx",
             "python",
             "python3",
-            "uvx",
-            "uv",
             "cortex",
             "mcp-server",
         }

mcp_server/infrastructure/mcp_client.py

@@ -108,7 +108,11 @@ def _verify_and_extract(tar_path: str, expected_sha: str, dest_dir: str) -> Opti
             if not str(target).startswith(str(dest) + os.sep) and target != dest:
                 return None
             if member.isfile() and Path(member.name).name == "ai-architect-mcp":
-                tar.extract(member, dest_dir)
+                # filter="data" enforces safe extraction (no symlinks
+                # outside dest, no special files, no setuid bits) —
+                # required default in Python 3.14, opt-in earlier.
+                # PEP 706 / CVE-2007-4559.
+                tar.extract(member, dest_dir, filter="data")
                 extracted = dest / member.name
                 os.chmod(extracted, 0o755)
                 return str(extracted)

mcp_server/infrastructure/pipeline_install_release.py

@@ -32,9 +32,15 @@ Homepage = "https://github.com/cdeust/Cortex"
 Repository = "https://github.com/cdeust/Cortex"
 
 [project.scripts]
-neuro-cortex-memory = "mcp_server.__main__:main"
+# Cortex's only supported install path is Anthropic's plugin marketplace
+# (`/plugin install cortex@cortex-plugins`). The marketplace clones this
+# repo into ~/.claude/plugins/cache/cortex-plugins/cortex/<version>/ and
+# Claude Code spawns the MCP server + hooks via scripts/launcher.py
+# (see .mcp.json + .claude-plugin/plugin.json). Cortex is NOT published
+# to PyPI and uvx-based invocation is NOT supported.
+# The single console script below is for local CLI use of the doctor
+# from a checkout (not from a PyPI install).
 cortex-doctor = "mcp_server.doctor:run"
-cortex-hook = "mcp_server.hook_runner:run"
 
 [project.optional-dependencies]
 postgresql = [

pyproject.toml

@@ -259,6 +259,14 @@ def test_zero_byte_binary_not_trusted(self, tmp_path, monkeypatch):
         for k in pipeline_installer._CI_ENV_VARS:
             monkeypatch.delenv(k, raising=False)
         monkeypatch.setenv("CORTEX_AUTO_INSTALL_RUST", "0")
+        # Disable the GitHub-Releases fast-path so the missing-toolchain
+        # branch is reachable. (Without this, the test pulls the real
+        # release binary and short-circuits at installed_prebuilt.)
+        monkeypatch.setattr(
+            pipeline_installer,
+            "try_install_prebuilt",
+            lambda *a, **kw: {"action": "prebuilt_disabled"},
+        )
         # No cargo on PATH and no ~/.cargo/bin — should fall through
         # to missing_toolchain rather than short-circuit.
         monkeypatch.setattr(pipeline_installer.shutil, "which", lambda n: None)
@@ -313,6 +321,13 @@ def test_missing_toolchain_returns_structured_failure(self, tmp_path, monkeypatc
             tmp_path / "nonexistent" / "mcp-server",
         )
         from mcp_server.infrastructure import pipeline_install_rust
+        # Disable the GitHub-Releases fast-path so the missing-toolchain
+        # branch is reachable.
+        monkeypatch.setattr(
+            pipeline_installer,
+            "try_install_prebuilt",
+            lambda *a, **kw: {"action": "prebuilt_disabled"},
+        )
         monkeypatch.setattr(pipeline_installer.shutil, "which", lambda n: None)
         monkeypatch.setattr(pipeline_install_rust.shutil, "which", lambda n: None)
         monkeypatch.setattr(