fix(step-7,step-8,step-final): tighten MCP match, atomic SHA verify, guard python3, clean sed .bak

- step-7: tighten all 'claude mcp list | grep' checks from loose substring
  ('github') to anchored prefix ('^github:') so user MCPs named 'github-mirror'
  or 'my-github-fork' don't produce false positives in the non-interactive
  autodetect, install_github idempotency guard, install_github verification,
  and check_registered self-test helper.
- step-7: always install /gitfix even when user skips the GitHub MCP prompt
  (empty selection at choose_tools) — /gitfix requires no credentials and is
  a canonical Step 7 deliverable. Non-interactive curl-pipe path also now
  installs /gitfix + runs self-test + summary before exit.
- step-7: guard the apt keyring install against a curl failure poisoning
  /usr/share/keyrings/ with an empty file — download to mktemp, verify
  non-empty, then 'sudo install -m 0644' into place.
- step-7: hard-check python3 presence before the token-injection heredoc.
  Without python3 the MCP server registers but with no GITHUB_PERSONAL_ACCESS_TOKEN
  — surface that as a soft_fail with a manual-fix pointer instead of silently
  shipping a broken MCP entry. Also change '[saved]' -> '[captured]' after
  the token read since the token is only in memory at that point.
- step-8: stage the skill download to a mktemp temp file and verify SHA-256
  BEFORE moving it to $SKILL_FILE. Previously a tampered/corrupted file was
  written directly to the skill path and only flagged post-hoc — Claude
  would have loaded the bad skill until re-install. Now: download -> verify
  non-empty -> verify sha256 against pinned digest -> verify keyword ->
  atomic mv. Tampered content never lands on disk.
- step-final: clean up the '.bak' file that sed -i.bak leaves behind when
  removing the stale 'alias ctg=' line from $SHELL_RC, so we don't litter
  ~/.zshrc.bak in every user's home directory.

All four step scripts pass bash -n and shellcheck (default severity).

Author: fidgetcoding

step-7/step-7-install.sh

@@ -102,7 +102,22 @@ install_gh() {
         brew install gh || { soft_fail "GitHub CLI installation failed"; return; }
     else
         if command -v apt-get &>/dev/null; then
-            curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo dd of=/usr/share/keyrings/githubcli-archive-keyring.gpg 2>/dev/null
+            # Download keyring to a temp file first so a curl failure can't
+            # poison /usr/share/keyrings with an empty/truncated file.
+            local keyring_tmp
+            keyring_tmp="$(mktemp)" || { soft_fail "Could not create temp file"; return; }
+            if ! curl -fsSL https://cli.github.com/packages/githubcli-archive-keyring.gpg -o "$keyring_tmp"; then
+                rm -f "$keyring_tmp"
+                soft_fail "Failed to download GitHub CLI keyring"
+                return
+            fi
+            if ! [ -s "$keyring_tmp" ]; then
+                rm -f "$keyring_tmp"
+                soft_fail "Downloaded GitHub CLI keyring is empty"
+                return
+            fi
+            sudo install -m 0644 "$keyring_tmp" /usr/share/keyrings/githubcli-archive-keyring.gpg
+            rm -f "$keyring_tmp"
             echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
             if sudo apt-get update -qq && sudo apt-get install -y -qq gh; then
                 :
@@ -133,8 +148,10 @@ choose_tools() {
         info "Non-interactive mode detected (running via curl pipe)"
         CHOICES=""
 
-        # Auto-detect already-installed tools
-        if claude mcp list 2>/dev/null | grep -q "github" 2>/dev/null; then
+        # Auto-detect already-installed tools.
+        # Anchor to start-of-line + literal name + ":" so we don't match
+        # user-defined MCP servers like "my-github-fork" or "github-mirror".
+        if claude mcp list 2>/dev/null | grep -qE '^github:' 2>/dev/null; then
             CHOICES="$CHOICES 1"
             INSTALLED_GITHUB=true
         fi
@@ -143,12 +160,16 @@ choose_tools() {
             info "Found already-installed tools — verifying configuration"
             return
         else
+            # No GitHub MCP yet and we can't prompt — still install /gitfix (no creds needed).
             echo ""
-            echo -e "${YELLOW}  Step 7 requires interactive input for API credentials.${NC}"
-            echo -e "${YELLOW}  Run it directly in your terminal:${NC}"
+            echo -e "${YELLOW}  Step 7 requires interactive input to set up the GitHub MCP.${NC}"
+            echo -e "${YELLOW}  Run it directly in your terminal to finish:${NC}"
             echo ""
             echo "    bash <(curl -fsSL https://raw.githubusercontent.com/lorecraft-io/cli-maxxing/main/step-7/step-7-install.sh)"
             echo ""
+            info "Continuing with non-interactive /gitfix install..."
+            install_gitfix
+            run_self_test
             print_summary
             exit 0
         fi
@@ -167,9 +188,10 @@ choose_tools() {
     echo ""
 
     if [ -z "$CHOICES" ]; then
-        warn "No tools selected. Nothing to install."
-        print_summary
-        exit 0
+        # GitHub MCP is optional, but /gitfix is always installed in Step 7.
+        # Return instead of exiting so main() can still install /gitfix.
+        warn "No GitHub MCP selected — continuing to install /gitfix."
+        return
     fi
 }
 
@@ -179,7 +201,7 @@ choose_tools() {
 install_github() {
     info "Installing GitHub MCP server..."
 
-    if claude mcp list 2>/dev/null | grep -q "github"; then
+    if claude mcp list 2>/dev/null | grep -qE '^github:'; then
         success "GitHub MCP already installed"
         INSTALLED_GITHUB=true
         return
@@ -202,7 +224,7 @@ install_github() {
     echo ""
 
     read -rsp "  GitHub Personal Access Token (ghp_...): " GITHUB_TOKEN
-    echo " [saved]"
+    echo " [captured]"
     echo ""
 
     if [ -z "$GITHUB_TOKEN" ]; then
@@ -224,6 +246,11 @@ install_github() {
     # Inject the token directly into the config entry (claude mcp add --scope user
     # does not support -e flags in all CLI versions, so we patch the env block).
     # Token is passed via env var (not argv) to avoid leaking it in `ps` output.
+    if ! command -v python3 &>/dev/null; then
+        soft_fail "python3 not found — cannot inject token into MCP config. Install python3 and re-run Step 7, or add GITHUB_PERSONAL_ACCESS_TOKEN to ~/.claude.json manually."
+        unset GITHUB_TOKEN GITHUB_TOKEN_VALUE
+        return
+    fi
     GITHUB_TOKEN_VALUE="$GITHUB_TOKEN" python3 - <<'PYEOF'
 import json, os
 
@@ -245,7 +272,7 @@ else:
     print("WARNING: github entry not found in MCP config — token not injected.")
 PYEOF
 
-    if claude mcp list 2>/dev/null | grep -q "github"; then
+    if claude mcp list 2>/dev/null | grep -qE '^github:'; then
         success "GitHub MCP installed"
         INSTALLED_GITHUB=true
     else
@@ -307,8 +334,10 @@ run_self_test() {
 
     check_registered() {
         local label="$1"
-        local needle="$2"
-        if claude mcp list 2>/dev/null | grep -q "$needle"; then
+        local name="$2"
+        # Anchor to start-of-line + literal name + ":" so we don't match
+        # user-defined MCP servers whose names contain the target as a substring.
+        if claude mcp list 2>/dev/null | grep -qE "^${name}:"; then
             success "TEST: $label MCP registered"
             TEST_PASS=$((TEST_PASS + 1))
         else

step-8/step-8-install.sh

@@ -158,54 +158,79 @@ install_skill() {
     fi
 
     info "Downloading /safetycheck skill..."
-    if curl -fsSL "$SKILL_URL" -o "$SKILL_FILE" 2>/dev/null; then
-        success "Skill downloaded to $SKILL_FILE"
+
+    # Stage the download in a temp file so we can verify SHA-256 BEFORE the
+    # file lands at the skill path. Without this, a bad file could be written
+    # to disk and then only flagged on the next line — the tampered skill
+    # would still be visible to Claude until the user re-runs Step 8.
+    SKILL_TMP="$(mktemp "${TMPDIR:-/tmp}/safetycheck-skill.XXXXXX")" || {
+        soft_fail "Could not create temp file for skill download"
+        return
+    }
+
+    SOURCE=""
+    if curl -fsSL "$SKILL_URL" -o "$SKILL_TMP" 2>/dev/null && [ -s "$SKILL_TMP" ]; then
+        SOURCE="download"
     else
         warn "Download failed — attempting fallback install..."
         # Fallback: if the download fails (e.g., repo not yet public),
         # check if the script was run from the CLI-MAXXING repo itself
         SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
         LOCAL_SKILL="$SCRIPT_DIR/safetycheck-skill/SKILL.md"
 
-        if [ -f "$LOCAL_SKILL" ]; then
-            cp "$LOCAL_SKILL" "$SKILL_FILE"
-            success "Skill installed from local copy"
+        if [ -f "$LOCAL_SKILL" ] && [ -s "$LOCAL_SKILL" ]; then
+            cp "$LOCAL_SKILL" "$SKILL_TMP"
+            SOURCE="local"
         else
+            rm -f "$SKILL_TMP"
             soft_fail "Could not download or find the skill file"
             return
         fi
     fi
 
-    # Verify the file is non-empty
-    if [ ! -s "$SKILL_FILE" ]; then
-        soft_fail "Skill file downloaded but is empty — try again later"
-        rm -f "$SKILL_FILE"
+    # Verify the staged file is non-empty before SHA check
+    if [ ! -s "$SKILL_TMP" ]; then
+        rm -f "$SKILL_TMP"
+        soft_fail "Skill file is empty — try again later"
         return
     fi
 
-    # Verify SHA-256 integrity — protects against corrupted download or tampered content
+    # Verify SHA-256 integrity BEFORE moving into place — protects against
+    # corrupted download, MITM, or tampered upstream content.
+    ACTUAL_SHA=""
     if command -v shasum &>/dev/null; then
-        ACTUAL_SHA=$(shasum -a 256 "$SKILL_FILE" | cut -d' ' -f1)
-        if [ "$ACTUAL_SHA" = "$SKILL_SHA256" ]; then
-            success "Skill file integrity verified (sha256 match)"
-        else
-            soft_fail "Skill file sha256 mismatch — file may be corrupt or tampered. Expected: ${SKILL_SHA256:0:16}..."
-        fi
+        ACTUAL_SHA=$(shasum -a 256 "$SKILL_TMP" | cut -d' ' -f1)
     elif command -v sha256sum &>/dev/null; then
-        ACTUAL_SHA=$(sha256sum "$SKILL_FILE" | cut -d' ' -f1)
+        ACTUAL_SHA=$(sha256sum "$SKILL_TMP" | cut -d' ' -f1)
+    fi
+
+    if [ -n "$ACTUAL_SHA" ]; then
         if [ "$ACTUAL_SHA" = "$SKILL_SHA256" ]; then
             success "Skill file integrity verified (sha256 match)"
         else
-            soft_fail "Skill file sha256 mismatch — file may be corrupt or tampered. Expected: ${SKILL_SHA256:0:16}..."
+            rm -f "$SKILL_TMP"
+            soft_fail "Skill file sha256 mismatch — refusing to install. Expected: ${SKILL_SHA256:0:16}..., got: ${ACTUAL_SHA:0:16}..."
+            return
         fi
+    else
+        warn "Neither shasum nor sha256sum found — installing without integrity check"
     fi
 
-    # Verify the file contains expected content
-    if grep -q "safetycheck" "$SKILL_FILE" 2>/dev/null; then
-        success "Skill file content verified"
+    # Verify expected content keyword
+    if ! grep -q "safetycheck" "$SKILL_TMP" 2>/dev/null; then
+        rm -f "$SKILL_TMP"
+        soft_fail "Skill file does not contain expected content — refusing to install"
+        return
+    fi
+
+    # Atomic move into place — skill at $SKILL_FILE only after every check passes.
+    mv "$SKILL_TMP" "$SKILL_FILE"
+    if [ "$SOURCE" = "download" ]; then
+        success "Skill downloaded to $SKILL_FILE"
     else
-        soft_fail "Skill file does not contain expected content — may be corrupt"
+        success "Skill installed from local copy"
     fi
+    success "Skill file content verified"
 
     echo ""
 }

step-final/step-final-install.sh

@@ -348,7 +348,11 @@ fi
 # --- ctg script (token-guarded — not an alias) ---
 # Migrate: remove stale alias if step-1 hasn't cleaned it up yet
 if grep -q 'alias ctg=' "$SHELL_RC" 2>/dev/null; then
+    # sed -i.bak works on both BSD (macOS) and GNU sed. The .bak file is
+    # only needed as a safety net during the edit — clean it up afterward
+    # so we don't leave ~/.zshrc.bak lying around.
     sed -i.bak '/alias ctg=/d' "$SHELL_RC"
+    rm -f "${SHELL_RC}.bak"
     warn "HEALTH: removed stale ctg alias from $SHELL_RC — replaced by ~/.local/bin/ctg"
 fi
 if [ -x "$HOME/.local/bin/ctg" ]; then