v1.2.0 — Procurement-defensibility hardening
Single-day cluster (2026-06-28): turn the "we're safe / multi-provider / OAuth-ready" positioning bullets from claims into mechanically-verifiable tests + opt-in production gates.
15 commits · +112 tests (196 → 308) · 0 fail
Added
- Per-cell benchmark regression gate —
CELL_HISTORICAL_FLOORSfrozen from n=6 history, 5-point tolerance. The 87 ± 3 aggregate can hide single-persona collapse; this gate tripsprocess.exitCode=2when any persona × scenario cell drops more than 5 points below its historical min. - MCPTox / OX Security 2026 canary suite (
test/mcptox-canary.test.js) — 28 contract tests covering 6 attack categories (instruction injection · trade-execution verb injection · echo-back probe · oversize buffer · HTML/script injection · nested-JSON auth bypass) × 4 invariants (verdict enum-bounded OR cleanly rejected · enforceAnalysisOnly passes · canary never leaks · response shape pinned). Also covers MosaicLeaks-class multi-turn leakage. - MCP Enterprise OAuth (EMA) scope scaffold + live wiring —
lib/auth/oauth-scaffold.jsdeclares 3 frozen scopes (shadow:read/shadow:council/shadow:admin). Opt-inSHADOW_REQUIRE_BEARER=1makes/api/loan-councilreturn 401 +WWW-Authenticateon missing claims, 403 on insufficient scope, 200 on match. Works with OAuth2scopestrings and Azure ADscp[]arrays. - GLM-5.2 contract tests (
test/glm-call.test.js) — 12 tests with mock-fetch ($0 GLM credits): Bearer header, snake_casemax_tokenswire field, system-then-user order, error paths, base-URL pin. - Catalog-as-code install registry —
installer/tools.json+scripts/check-tools.mjs+test/tools-catalog.test.js. Pattern adapted from msitarzewski/agency-agents (117k stars). 5 MCP hosts × 6 tools ×\$server_contractdeclared in one JSON file. Bidirectional CI drift gate. bin/install.mjsone-line installer — readsinstaller/tools.json, detects which MCP hosts are installed, JSON-merges the correct config (preserving sibling MCP servers).--dry-runshows exact bytes,--allinstalls every detected host.- GLM vs Sonnet A/B benchmark harness (
eval/glm-vs-sonnet-ab.mjs) — 5 voice-prompts × 2 providers × N runs, deterministic structural scoring matchingbenchmark/runner.js, envelope-skip built-in. - OCR live-smoke envelope-skip — Anthropic / Mistral usage-cap / quota errors are treated as
t.skip()not fail. Pins verbatim 2026-06-28 Anthropic wording. - Audit-guardrail edge-case pins — all 12 forbidden verbs individually, case-insensitive, word-boundary anti-FP, ViolationError shape, nested-object scan.
Changed
- README EN + zh-CN: badge from 154 → 308 tests, agentic score auto-computed
docs/positioning-vs-anthropic-fs.md: added "Multi-provider isn't sales copy — own-dogfood evidence (2026-06-28)" section with two real same-day fixes shipped in response to hitting our own Anthropic quota cap- Live demo URL refreshed to current production deploy (old URL was GC'd by Vercel)
Procurement contract
A bank's procurement team that wants to verify Shadow's 2026 named-threat coverage can grep these files in under 10 minutes:
lib/audit-guardrail.js— 12-pattern regex output gate (Schema-Layer Safety)lib/run-loan-council.js—if (loan.fico < CREDIT_THRESHOLDS.FICO_FLOOR) return { verdict: "block", ... }(Determinism Floor)installer/tools.json— frozen install-target × scope catalog (EMA-ready surface)
Plus the four test files for the corresponding mechanical proofs:
test/mcptox-canary.test.js(MCPTox / MosaicLeaks)test/oauth-scaffold.test.js+test/oauth-loan-council-wiring.test.js(EMA)test/glm-call.test.js(multi-provider)test/tools-catalog.test.js(catalog drift)
Distribution
- PR open: punkpeye/awesome-mcp-servers#8878 — Finance & Fintech
- PR open: tolkonepiu/best-of-mcp-servers#278 — finance-and-fintech category