From dddba30193e4a9fe6e2c2066f6d87b77661b93bb Mon Sep 17 00:00:00 2001 From: Savio Dias Date: Fri, 29 May 2026 15:25:42 +0530 Subject: [PATCH 1/4] fix(ci): restrict mcp-ci.yml permissions to contents: read MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Workflow inherited the write-all default for GITHUB_TOKEN. Limits to read-only — the job only checks out the repo and runs npm test, no write access to any GitHub resource is needed. Co-Authored-By: Claude Opus 4.7 --- .github/workflows/mcp-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/mcp-ci.yml b/.github/workflows/mcp-ci.yml index 1e1183fd..0670b56e 100644 --- a/.github/workflows/mcp-ci.yml +++ b/.github/workflows/mcp-ci.yml @@ -4,6 +4,9 @@ on: pull_request_review: types: [submitted] +permissions: + contents: read + jobs: test: if: github.event.pull_request.base.ref == 'main' && github.event.review.state == 'approved' From ce76c82b651ff372ffb7c958c97d38c6738c3080 Mon Sep 17 00:00:00 2001 From: Savio Dias Date: Fri, 29 May 2026 15:51:17 +0530 Subject: [PATCH 2/4] fix(ci): add npm provenance to release publish Adds --provenance to the npm publish step and the required id-token: write permission. Attaches a signed attestation to the published package so consumers can verify it was built by this exact workflow on this repo. Defends against trojaned releases via a compromised maintainer machine or NPM_TOKEN. Co-Authored-By: Claude Opus 4.7 --- .github/workflows/npm-publish.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/npm-publish.yml b/.github/workflows/npm-publish.yml index 7e64dfcb..8423e771 100644 --- a/.github/workflows/npm-publish.yml +++ b/.github/workflows/npm-publish.yml @@ -5,6 +5,7 @@ on: permissions: contents: write + id-token: write jobs: publish: @@ -99,7 +100,7 @@ jobs: run: git push origin ${{ steps.get_version.outputs.version }} - name: "Publish to NPM" - run: npm publish --access public + run: npm publish --access public --provenance env: NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} From d46604227321c535e0b29903dc42224f3de25186 Mon Sep 17 00:00:00 2001 From: Savio Dias Date: Fri, 29 May 2026 16:59:01 +0530 Subject: [PATCH 3/4] fix(ci): verify mcp-publisher tarball SHA-256 before extracting MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Previous install step piped curl output straight to tar — any compromise of the release URL (CDN, account, MITM) would have executed arbitrary code with OIDC write access. Now: download to file, verify SHA-256 against pinned digest, then extract. Workflow aborts on mismatch. Pinned to mcp-publisher v1.3.3 linux_amd64 (digest cross-checked against the official registry_1.3.3_checksums.txt file). Co-Authored-By: Claude Opus 4.7 --- .github/workflows/mcp-registry-publish.yml | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/mcp-registry-publish.yml b/.github/workflows/mcp-registry-publish.yml index df42c477..093f0c11 100644 --- a/.github/workflows/mcp-registry-publish.yml +++ b/.github/workflows/mcp-registry-publish.yml @@ -31,8 +31,18 @@ jobs: run: npm run build --if-present - name: Install MCP Publisher + # Pinned to v1.3.3 linux_amd64. To upgrade: bump VERSION and SHA256 + # (capture via: shasum -a 256 mcp-publisher_linux_amd64.tar.gz, or use + # registry__checksums.txt from the release). + env: + VERSION: v1.3.3 + SHA256: 1113b9d6bf59b000966c4f17752cf87b51db03dcc5482721421fd843ce3bf048 run: | - curl -L "https://github.com/modelcontextprotocol/registry/releases/download/v1.3.3/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher + curl -fsSL -o mcp-publisher.tar.gz \ + "https://github.com/modelcontextprotocol/registry/releases/download/${VERSION}/mcp-publisher_linux_amd64.tar.gz" + echo "${SHA256} mcp-publisher.tar.gz" | sha256sum -c - + tar xzf mcp-publisher.tar.gz mcp-publisher + rm mcp-publisher.tar.gz - name: Login to MCP Registry run: ./mcp-publisher login github-oidc From c66b005214ed6d5a5d4f0f1a465be6eebee23685 Mon Sep 17 00:00:00 2001 From: Savio Dias Date: Fri, 29 May 2026 20:08:35 +0530 Subject: [PATCH 4/4] fix: revert mcp publish changes --- .github/workflows/mcp-registry-publish.yml | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/.github/workflows/mcp-registry-publish.yml b/.github/workflows/mcp-registry-publish.yml index 093f0c11..a91b0811 100644 --- a/.github/workflows/mcp-registry-publish.yml +++ b/.github/workflows/mcp-registry-publish.yml @@ -31,19 +31,8 @@ jobs: run: npm run build --if-present - name: Install MCP Publisher - # Pinned to v1.3.3 linux_amd64. To upgrade: bump VERSION and SHA256 - # (capture via: shasum -a 256 mcp-publisher_linux_amd64.tar.gz, or use - # registry__checksums.txt from the release). - env: - VERSION: v1.3.3 - SHA256: 1113b9d6bf59b000966c4f17752cf87b51db03dcc5482721421fd843ce3bf048 run: | - curl -fsSL -o mcp-publisher.tar.gz \ - "https://github.com/modelcontextprotocol/registry/releases/download/${VERSION}/mcp-publisher_linux_amd64.tar.gz" - echo "${SHA256} mcp-publisher.tar.gz" | sha256sum -c - - tar xzf mcp-publisher.tar.gz mcp-publisher - rm mcp-publisher.tar.gz - + curl -L "https://github.com/modelcontextprotocol/registry/releases/download/v1.3.3/mcp-publisher_$(uname -s | tr '[:upper:]' '[:lower:]')_$(uname -m | sed 's/x86_64/amd64/;s/aarch64/arm64/').tar.gz" | tar xz mcp-publisher - name: Login to MCP Registry run: ./mcp-publisher login github-oidc