Skip to content

Releases: proofofwork-agency/toolpin

ToolPin 0.5.4

Choose a tag to compare

@nillo nillo released this 10 Jul 10:30

Hardening release: the claim-backed tier acceptance introduced in 0.5.3 was put through an adversarial review; every finding is addressed.

Fixed

  • Locked-side anchoring — the gate now only accepts a recorded verified tier on the basis of claims the lock actually earned with local verification (passed + verifiedByToolPin + trustedAnchor). Registry-declared or unavailable locked evidence no longer qualifies.
  • Exact claim-set comparison — for every locked evidence code the current resolution declares, the claim sets must match exactly. A registry declaring extra claims for the same artifact code (old and new SRI side by side) now reads as drift instead of slipping through subset membership.
  • Unobservable is explicit — evidence codes the current resolution does not declare at all are treated as unobservable without --verify: accepted by default, refused under --strict-tier, never silently matched.
  • Evidence dedupe — trust-evidence deduplication now includes the integrity claim in its identity key, so entries differing only by claim are no longer collapsed.
  • Warning noise — the stale registry-cache warning prints once per run instead of once per cache read.

Notes

ToolPin 0.5.3

Choose a tag to compare

@nillo nillo released this 10 Jul 09:04

Bug-fix release: toolpin ci no longer permanently fails verified-tier lock entries on unverified runs.

Fixed

  • toolpin ci without --verify failed every lock entry recorded at the verified tier with a misleading trust tier decreased verified -> conditional. Since 0.4.0, registry-declared evidence is a claim rather than proof, so an unverified run recomputes trust with verifiedByToolPin: false and can never re-derive a locally earned verified tier — but the frozen-lock comparison still measured the recorded tier against that weaker recomputation. The gate now compares the locked artifact integrity claims (npm SRI, OCI digest, MCPB hash) against the current resolution: unchanged claims are accepted as "no drift"; changed or missing claims still fail, and now say why. This also fixes the composite Action's default invocation (toolpin ci --live) for verified-tier locks.

Added

  • toolpin ci --strict-tier — refuse claim-backed tier acceptance: verified-tier entries then fail unless the run re-earns them with --verify. The lenient-on-unchanged-claims behavior remains the default. Semantics documented in Catch drift in CI.

Notes

  • Tier drift messages now state the reason: artifact claims changed, no claims to compare, or the run could not re-verify (with the flag that fixes it).
  • Release gate: 361 tests (6 new for the tier semantics), self:doctor, self:ci, docs:check, Docusaurus build, curated-registry check, npm audit clean, pack dry-run verified (76 files).
  • Published to npm with provenance: @proofofwork-agency/toolpin@0.5.3

ToolPin 0.5.2

Choose a tag to compare

@nillo nillo released this 09 Jul 23:08

Patch release: repo hygiene fixes discovered in post-release review of 0.5.1.

Fixed

  • .gitignore negation ordering. A cleanup in the 0.5.1 cycle alphabetically sorted .gitignore, which moved the !.env.example and !.codex/config.toml exceptions ahead of the .env.* and .codex/* rules they carve out. Gitignore is last-match-wins, so both negations were silently disabled. Section ordering is restored with negations after their globs; the effective ignore set is otherwise unchanged.
  • npm package README. The immutable 0.5.1 tarball README still referenced internal launch-preparation materials that had been removed from the repository. The 0.5.2 README drops those references.
  • Docs consistency. Action examples across README and docs now pin proofofwork-agency/toolpin@v0.5.2.

Notes

  • v0.5.1 was published to npm but intentionally has no GitHub Release page; its changes are documented in CHANGELOG.md.
  • Release gate: 355/355 tests, self:doctor, self:ci, docs:check, Docusaurus build, curated-registry check, npm audit clean (0 vulnerabilities), pack dry-run verified (76 files).
  • Published to npm with provenance: @proofofwork-agency/toolpin@0.5.2

ToolPin v0.5.0

Choose a tag to compare

@nillo nillo released this 09 Jul 12:38

ToolPin v0.5.0

Node 24 runtime lane for issue #7.

Changed

  • ToolPin now requires Node.js 24 or newer.
  • Runtime dependencies align to undici@7.28.0, @types/node@24.13.3, and TypeScript 6.0.3.
  • CI, release workflow, and the composite GitHub Action now set up Node 24.
  • safeFetch keeps DNS-pinned undici dispatch with a narrow type-boundary adapter.
  • Lock-signature key fingerprints now normalize to public SPKI DER before hashing.
  • Docs explain how projects on Node 18/20/22 can keep app/test jobs unchanged by running ToolPin in a separate CI job or final step.
  • Dependabot now allows minor/patch updates on adopted runtime lanes and defers future incompatible majors.
  • Launch docs include opt-in-only adoption candidates; no automated third-party PRs without approval.

Verification

  • npm run release:check passed under Node 24 in GitHub Actions.
  • npm publish completed with provenance.

Closes #7.

ToolPin 0.4.0 — pin what the agent sees

Choose a tag to compare

@nillo nillo released this 08 Jul 10:47
a6db980

ToolPin 0.4.0 turns the lockfile into a full drift gate for what your agent actually sees: tool input schemas are now pinned, one command scaffolds CI protection, and the lockfile format ships as a vendor-neutral draft specification.

Highlights

  • Input-schema pinning (rug-pull defense). The live tool-surface hash (toolSurfaceHash) now covers tool names, descriptions, and input schemas. A server that quietly widens a tool's parameters after you approved it fails your build. Legacy locks keep working with a CI advisory to re-lock.
  • One command to protected. toolpin init ci writes a minimal least-privilege GitHub workflow (checkout SHA-pinned) plus a starter policy (toolpin policy init --recommended) — a repo goes from nothing to an enforced lockfile gate in under five minutes.
  • Three-verdict output. Every server is verified, needs-review, or blocked, with the reason. --explain restores the full evidence detail; JSON output adds verdict without removing any existing field.
  • Hardened GitHub Action. strict preset, doctor: auto|true|false, SARIF output, Marketplace branding, fail-closed input conflict handling, all inputs env-mediated.
  • ci --json + checklist. Machine-readable CI results (ok / checkedEntries / failures[] with remediation) and a per-protection checklist in human output.
  • MCP Install Lockfile spec v1.0 (draft). A vendor-neutral specification with JSON Schemas, byte-exact test vectors, and conformance classes — shipped in the npm tarball so other tools can produce, read, and enforce the same format.

Security

  • Live probes spawn MCP servers with a minimal env allowlist instead of the caller's full process.env (no more GITHUB_TOKEN/cloud-credential exposure to probed packages).
  • Registry ingestion and non-loopback remote probes go through an SSRF firewall: HTTPS-only, no redirects, public addresses only, DNS answers pinned into the socket (rebinding TOCTOU closed).
  • Verification never executes package targets implicitly — live spawning now requires the explicit --allow-execute flag (Action input allow-execute: "true").
  • Registry-carried evidence is read as a claim, never proof: verified tier requires this installation's own recompute.
  • install/remove refuse to overwrite a client config that is not valid JSON.

Full details in CHANGELOG.md.

Install

npm install -g @proofofwork-agency/toolpin
toolpin init ci
- uses: proofofwork-agency/toolpin@v0.4.0

ToolPin 0.3.2

Choose a tag to compare

@nillo nillo released this 29 Jun 23:19
  • TUI trust labels: clarify that REVIEW means missing, stale, unavailable, or only-declared ToolPin-verified npm, OCI, or MCPB artifact proof.
  • TUI overview: label the upper metadata block as a registry summary and separate it from verification gates.
  • Docs: surface toolpin interactive / tpn i in the Docusaurus introduction and document the TUI evidence/status meanings explicitly.
  • Release hygiene: version bump 0.3.1 -> 0.3.2 for the public-launch clarity pass.

ToolPin 0.3.1

Choose a tag to compare

@nillo nillo released this 29 Jun 11:53

ToolPin 0.3.1 is a patch release for the new interactive CLI release line.

Changes:

  • Publishes the npm-normalized bin paths for toolpin and tpn.
  • Updates the publish-target validation to accept the normalized package metadata.
  • Updates README and CI docs examples to use proofofwork-agency/toolpin@v0.3.1.
  • Carries forward the toolpin interactive / tpn i guided CLI mode from v0.3.0.

Validation:

  • npm run release:check passed locally via pre-publish evidence report.
  • GitHub CI passed for commit 526845f.
  • GitHub Release workflow published @proofofwork-agency/toolpin@0.3.1 with provenance.

ToolPin 0.3.0

Choose a tag to compare

@nillo nillo released this 29 Jun 11:30

Highlights

  • Added toolpin interactive [query] and toolpin i [query] / tpn i [query] as a scrollback-friendly guided install flow.
  • Added reviewed command previews, explicit write confirmation, --no-input guidance, and color handling that respects NO_COLOR, FORCE_COLOR, and --color.
  • Preserved machine-readable CLI behavior for --json and --sarif, including no ANSI output by default.
  • Kept the full-screen TUI separate while moving its trust legend above the final shortcut/copyright footer row.
  • Tightened CLI flag validation and command-specific help coverage.

Validation

  • npm run release:check passed.
  • Release evidence: .codex/pre-publish-review/20260629T112851Z.md
  • npm pack --dry-run passed for @proofofwork-agency/toolpin@0.3.0.

v0.2.5

Choose a tag to compare

@nillo nillo released this 27 Jun 23:25
  • Release hygiene: version bump 0.2.4 -> 0.2.5 for the post-release TUI polish.
  • TUI UX: give trust legend swatches horizontal spacing, add vertical breathing room to the footer hotkey row, and anchor the trust legend at the bottom-right of the footer.
  • Dogfood: keep the release pipeline gated by toolpin ci against this repo's own mcp-lock.json.

v0.2.4

Choose a tag to compare

@nillo nillo released this 27 Jun 23:11
  • Release hygiene: version bump 0.2.3 -> 0.2.4 because 0.2.3 was already published.
  • Package hygiene: clean dist/ before every TypeScript build so removed generated files cannot be packed into npm tarballs.
  • TUI command help: align the command palette with the actual broad registry refresh settings and the preferred toolpin audit server <server-name> syntax.
  • Docs/readme polish: update public Action examples, package-facing README resource links, registry mirror URLs, roadmap/threat-model scope, and README terminal artwork for the live npm release.
  • Action metadata: remove pre-publication wording from the toolpin-version input description.