agent-supply-chain
CommunityVerify AI plugin integrity and provenance
Legal & Compliance#supply chain#plugin audit#dependency pinning#sha-256#integrity verification#ci security
Authorselfagency
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Protect agent plugins, tools, and MCP servers from tampering by making their file contents verifiable over time, so you can detect modified, missing, or unexpected files before promotion.
Core Features & Use Cases
- Generate SHA-256 integrity manifests: Create a deterministic
INTEGRITY.jsonthat records per-file hashes and an overall manifest hash for a plugin/tool directory. - Verify against published manifests: Re-hash the current directory contents and compare them to the recorded manifest to flag tampering, missing files, and new untracked files.
- Audit dependency pinning and promotion readiness: Enforce that dependencies and promotion prerequisites are consistent across environments, including checks for required plugin metadata and unpinned
@latest-style arguments in MCP configs.
Quick Start
Ask the AI to verify that the plugin directory ./my-plugin matches its INTEGRITY.json manifest and report any modified, missing, or untracked files.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: agent-supply-chain Download link: https://github.com/selfagency/agentsy/archive/main.zip#agent-supply-chain Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.