* Both bugs have been fixed:
**Bug 1 - Corrupted Cache from Interrupted Downloads:**
- `download.js:33-91`: Downloads now write to a `.tmp` file first, verify the checksum, then atomically rename to the final path using `fs.renameSync()`. If anything fails (network error, checksum mismatch, rename error), the temp file is cleaned up.
**Bug 2 - False "Update Available" Message:**
- `download.js:117`: `getLatestVersion()` now returns `manifest.latestVersion` (the npm version like `0.0.137`) instead of `manifest.latest` (the full tag)
- `pre-release.yml:557-559`: The global manifest now includes both `latest` (full tag) and `latestVersion` (npm version), e.g., `{"latest": "v0.0.137-20251216142426", "latestVersion": "0.0.137"}`
* Now you can test:
```bash
# 1. Go to npx-cli directory
cd /private/var/folders/v2/8cnj633d15l3ckfh4445tk5h0000gn/T/vibe-kanban/worktrees/0ade-fix-corrupted-bi/vibe-kanban/npx-cli
# 2. Install dependencies
npm install
# 3. Clear the cache for this version to force re-download
rm -rf ~/.vibe-kanban/bin/v0.0.137-20251216142426
# 4. Corrupt the MCP zip mid-download simulation - create a partial file
mkdir -p ~/.vibe-kanban/bin/v0.0.137-20251216142426/macos-arm64
echo "corrupted partial download" > ~/.vibe-kanban/bin/v0.0.137-20251216142426/macos-arm64/vibe-kanban-mcp.zip
# 5. Run in MCP mode - should fail on corrupt zip, then delete it
node bin/cli.js --mcp
# 6. Run again - should re-download successfully
node bin/cli.js --mcp
```
To test the atomic download fix specifically (interrupted download leaves no corrupt file):
```bash
# Clear cache
rm -rf ~/.vibe-kanban/bin/v0.0.137-20251216142426
# Start download and Ctrl+C quickly
node bin/cli.js --mcp
# Press Ctrl+C during "Downloading..."
# Check that NO .zip file exists, only possibly a .zip.tmp
ls -la ~/.vibe-kanban/bin/v0.0.137-20251216142426/macos-arm64/
# Should see either nothing or vibe-kanban-mcp.zip.tmp (not .zip)
```
* Tests passed:
- **Bug 1 fix verified**: Corrupt zip is detected, deleted on extraction failure, and re-downloaded on next run
- **Atomic download**: Downloads now go to `.tmp` file first, then get renamed to final path only after checksum verification
The code is ready for PR with placeholders restored.
RM package-lock
* Remove update available message from mcp (vibe-kanban c20cecfd)
```javascript
```
Update available: 0.0.137 -> v0.0.137-20251216142426
Run: npx vibe-kanban@latest
```
violates the mcp protocol accoring to https://github.com/BloopAI/vibe-kanban/issues/1585.
Double check this is true and fix appropriately
```
* Done. Now download progress and messages go to stderr instead of stdout. This keeps the MCP protocol clean on first run when binaries need to be downloaded.
Should I update the PR description to include this fix as well?
* Done. Now:
- Global manifest: `{"latest": "0.0.138"}` (just the version, no tag)
- `getLatestVersion()` returns `manifest.latest` (the clean version)
The comparison will be `"0.0.137" !== "0.0.138"` which works correctly.
b0b8560350