chore(protect-mcp): pin protect-mcp@0.5.5 and @veritasacta/verify@0.3.0#497
Merged
wshobson merged 1 commit intowshobson:mainfrom Apr 18, 2026
Merged
Conversation
Closes the version-pinning suggestion from @wshobson on wshobson#494. The tamper-detection test in plugins/protect-mcp/test/run-tests.sh previously called `npx protect-mcp@latest` and `npx @veritasacta/verify` with no version constraint, meaning an upstream npm publish could flip the test green or red without any repo-side signal. Pinning eliminates that. Changes ─────── - plugins/protect-mcp/hooks/hooks.json: 2 x protect-mcp@latest -> protect-mcp@0.5.5 (PreToolUse evaluate + PostToolUse sign) - plugins/protect-mcp/test/run-tests.sh: 6 x protect-mcp@latest -> protect-mcp@0.5.5 3 x @veritasacta/verify -> @veritasacta/verify@0.3.0 (the four PreToolUse test invocations, keygen, sign, plus the two verify calls in tests 7 and 8) - Header comment at the top of run-tests.sh now mentions the pinned @veritasacta/verify version for clarity. What is NOT pinned ────────────────── README.md and SKILL.md references remain as `npx protect-mcp@latest` and `npx @veritasacta/verify`. Those are documentation of the pattern a user should use in their own project, and "latest" is the right advice for that audience. The test infrastructure is the only executed path where pinning matters for reproducibility. How to bump ─────────── When you want to update (e.g., protect-mcp publishes 0.6.0 with a breaking change to --input handling), update both files together: perl -i -pe 's/protect-mcp\@0\.5\.5/protect-mcp\@0.6.0/g' \ plugins/protect-mcp/hooks/hooks.json \ plugins/protect-mcp/test/run-tests.sh Then re-run ./plugins/protect-mcp/test/run-tests.sh to confirm the tamper-detection guard still passes before merging. This PR does NOT touch review-agent-governance or signed-audit-trails because those plugins are still in review (wshobson#495, wshobson#496). Once they land, a follow-up PR will pin them too. Tests ───── - python3 -m json.tool hooks.json passes - bash -n run-tests.sh passes - No other files touched; no marketplace.json changes (avoids conflict with wshobson#495 and wshobson#496)
5 tasks
tomjwxf
pushed a commit
to tomjwxf/wshobson-agents
that referenced
this pull request
Apr 19, 2026
Resolves wshobson's blocker: npx protect-mcp@latest reintroduces the reproducibility gap closed by wshobson#497 for the protect-mcp plugin. Pins both PreToolUse and PostToolUse hook invocations to 0.5.5.
tomjwxf
pushed a commit
to tomjwxf/wshobson-agents
that referenced
this pull request
Apr 20, 2026
Resolves wshobson's blocker: npx protect-mcp@latest reintroduces the reproducibility gap closed by wshobson#497 for the protect-mcp plugin. Pins both PreToolUse and PostToolUse hook invocations to 0.5.5.
tomjwxf
pushed a commit
to tomjwxf/wshobson-agents
that referenced
this pull request
Apr 26, 2026
Resolves wshobson's blocker: npx protect-mcp@latest reintroduces the reproducibility gap closed by wshobson#497 for the protect-mcp plugin. Pins both PreToolUse and PostToolUse hook invocations to 0.5.5.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Follow-up to the pinning suggestion @wshobson raised on #494. Replaces every
npx protect-mcp@latestin executed paths withnpx protect-mcp@0.5.5, and everynpx @veritasacta/verifyin the test runner withnpx @veritasacta/verify@0.3.0. The tamper-detection test can no longer be silently flipped by an upstream npm publish.What this changes
plugins/protect-mcp/hooks/hooks.jsonprotect-mcp@latest→protect-mcp@0.5.5(PreToolUse + PostToolUse)plugins/protect-mcp/test/run-tests.shprotect-mcp@latest→protect-mcp@0.5.5, 3 ×@veritasacta/verify→@veritasacta/verify@0.3.0Header comment at the top of
run-tests.shupdated to mention the pinned@veritasacta/verifyversion so the dependency is visible without reading the full script.What this deliberately does NOT change
README.mdandskills/protect-mcp-setup/SKILL.md— thenpx protect-mcp@latestreferences there are documentation of the pattern a user should use in their own project, and "latest" is genuinely the right advice for a downstream consumer. The test infrastructure is the only executed path where pinning affects reproducibility.marketplace.json— not touched at all, so no conflict with feat: add review-agent-governance plugin (second inhabitant of governance category) #495 or feat: add signed-audit-trails teaching plugin (third governance-category skill) #496.review-agent-governanceandsigned-audit-trailsplugins — still in review. I will file a follow-up to pin those once they land.How bumps work
When
protect-mcpships a new version with a breaking change, the bump is a two-file sed:Deliberate bumps from here on, not automatic.
Verification
python3 -m json.tool hooks.jsonpassesbash -n run-tests.shpasses syntax checknpm view protect-mcp versionconfirmed 0.5.5 is current stablenpm view @veritasacta/verify versionconfirmed 0.3.0 is current stableWhy this closes the loop from #494
On #494 you said: "run-tests.sh uses
npx protect-mcp@latest, so an upstream release could silently turn the tamper-detection guard green or red without any repo change. Pinning to a specificprotect-mcp@x.y.z(and bumping deliberately) would make the guard fully reproducible. Not blocking — happy to land as-is."This is exactly that pin. The tamper-detection guard is now reproducible at
protect-mcp@0.5.5+@veritasacta/verify@0.3.0, and future changes to those packages require a deliberate bump here.Out of scope (follow-ups after this and #495/#496)
review-agent-governanceandsigned-audit-trailsonce they land.Thanks for the suggestion; small but real tightening of the test contract.