Skip to content

fix: include annotations in tool quarantine hash with backward compatibility#343

Merged
Dumbris merged 3 commits intomainfrom
fix/tool-quarantine-annotation-hash
Mar 20, 2026
Merged

fix: include annotations in tool quarantine hash with backward compatibility#343
Dumbris merged 3 commits intomainfrom
fix/tool-quarantine-annotation-hash

Conversation

@Dumbris
Copy link
Member

@Dumbris Dumbris commented Mar 20, 2026

Summary

  • Include tool annotations in the quarantine approval hash to detect "annotation rug-pulls" (e.g., server flipping destructiveHint from true to false)
  • Add two backward-compatibility mechanisms so tools approved before this change are not falsely flagged as changed:
    1. Restore tools whose approved hash now matches the current hash but were incorrectly marked "changed" by a prior binary
    2. Silently re-approve tools whose approved hash matches the legacy formula (without annotations)

Test plan

  • All existing quarantine tests pass (13 tests)
  • New test: legacy hash auto-migration for approved tools
  • New test: legacy hash migration for falsely-changed tools
  • New test: annotation rug-pull detection (destructiveHint flip)
  • New test: falsely-changed tool restored when hash matches
  • Verified on live instance: 207 tools, 145 OK, 2 genuinely changed (tavily)
  • go build succeeds

🤖 Generated with Claude Code

@claude
fix: include annotations in tool quarantine hash with backward compat…
fec0448 
…ibility

The tool quarantine hash now includes serialized annotations to detect
"annotation rug-pulls" (e.g., a server flipping destructiveHint from true
to false). Two backward-compatibility mechanisms ensure existing approved
tools are not falsely flagged as changed:

1. When approved hash matches the current hash but status was incorrectly
   set to "changed" by a prior binary, restore to approved.
2. When approved hash matches the legacy formula (without annotations),
   silently re-approve with the new hash format.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@cloudflare-workers-and-pages
Copy link

cloudflare-workers-and-pages bot commented Mar 20, 2026
edited
Loading

Deploying mcpproxy-docs with  Cloudflare Pages  Cloudflare Pages

Latest commit: bbf5837
Status: ✅  Deploy successful!
Preview URL: https://fe8ae82b.mcpproxy-docs.pages.dev
Branch Preview URL: https://fix-tool-quarantine-annotati.mcpproxy-docs.pages.dev

View logs

claude added 2 commits March 20, 2026 14:52
@claude
fix: avoid unnecessary DB writes on every approved tool check
984b237 
Replace always-true save condition with needsSave flag that only
triggers writes when status is restored or current hash differs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@claude
test: add hash stability golden test to prevent future mass invalidation
bbf5837 
Hardcoded expected SHA-256 values for known inputs. If anyone changes the
hash formula, this test fails with a clear message explaining that backward
compatibility migration is required before updating the golden values.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@Dumbris Dumbris merged commit e3b7566 into main Mar 20, 2026
19 of 23 checks passed
@Dumbris Dumbris deleted the fix/tool-quarantine-annotation-hash branch March 20, 2026 14:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Dumbris @claude