ycmd is a server that provides APIs for code-completion and other code-comprehension use-cases like semantic GoTo commands (and others). For certain filetypes, ycmd can also provide diagnostic errors and warnings.
ycmd was originally part of YouCompleteMe's codebase, but has been split out into a separate project so that it can be used in editors other than Vim.
The best way to learn how to interact with ycmd is by reading through the
example_client.py
file [NOTE: Which I haven't yet written].
- All strings going into and out of the server are UTF-8 encoded.
- All line and column numbers are 1-based, not 0-based.
- All requests to the server must include an HMAC in the
x-ycm-hmac
HTTP header. The HMAC is computed from the shared secret passed to the server on startup and the request/response body. The digest algorithm is SHA-256. The server will also include the HMAC in its responses; you must verify it before using the response. Seeexample_client.py
[NOTE: Which I haven't yet written] to see how it's done.
ycmd's HTTP+JSON interface follows SemVer. While ycmd has seen extensive use over the last several months as part of YCM, the version number is below 1.0 because some parts of the API might change slightly as people discover possible problems integrating ycmd with other editors. In other words, the current API might unintentionally be Vim-specific. We don't want that.
Note that ycmd's internal API's (i.e. anything other than HTTP+JSON) are NOT covered by SemVer and will randomly change underneath you. DON'T interact with the Python/C++/etc code directly!
Without the HMAC auth, it's possible for a malicious website to impersonate the user. Don't forget that evil.com can send requests to servers listening on localhost if the user visits evil.com in a browser.
This is not a theoretical concern; a working proof-of-concept remote code execution exploit was created for ycmd running on localhost. The HMAC auth was added to block this attack vector.
If you have questions about the plugin or need help, please use the ycmd-users mailing list.
The author's homepage is http://val.markovic.io.
This open-source project is run by me, Strahinja Val Markovic. I also happen to work for Google and the code I write here is under Google copyright (for the sake of simplicity and other reasons). This does NOT mean that this is an official Google product (it isn't) or that Google has (or wants to have) anything to do with it.
This software is licensed under the [GPL v3 license][gpl]. © 2014 Google Inc.