Skip to content

Make the agent install prompt refusal-resistant: verify-first, steps inlined#41

Merged
ejntaylor merged 1 commit into
mainfrom
verify-first-install-prompt
Jul 13, 2026
Merged

Make the agent install prompt refusal-resistant: verify-first, steps inlined#41
ejntaylor merged 1 commit into
mainfrom
verify-first-install-prompt

Conversation

@ejntaylor

@ejntaylor ejntaylor commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

Summary

Iterates on the AI-agent install prompt after field-testing three distinct refusal modes:

  1. Remote-doc delegation ("follow https://patchstack.com/install.txt") reads as remote script execution — agents refuse before fetching (fixed in Ship an agent-facing install guide inside the npm package #38).
  2. Knowledge-cutoff hallucination — agents whose training predates May 2026 assert @patchstack/connect doesn't exist; the prompt now includes a read-only npm view @patchstack/connect check so the registry, not model memory, settles existence.
  3. In-package delegation + persuasion detection — "install the package, then follow the instructions it ships" is structurally prompt-injection-shaped, and reassurance language ("published after your cutoff, don't conclude it doesn't exist") is itself flagged as a manipulation signal.

The README prompt is now five numbered, individually inspectable commands — no delegation, no trust arguments. The bundled AGENT-INSTALL.md / npx @patchstack/connect guide stays as reference material (framework-specific widget placement, re-run rules, troubleshooting) rather than the instruction channel the install depends on, and its knowledge-cutoff note is rephrased to be purely factual.

🤖 Generated with Claude Code

@patchstack/connect was first published in May 2026, after most AI
coding agents' training cutoffs, so they assert the package doesn't
exist and refuse the install. Lead the prompts and the bundled guide
with a read-only `npm view @patchstack/connect` check so agents verify
against the registry instead of trusting stale memory.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@coderbuds

coderbuds Bot commented Jul 13, 2026

Copy link
Copy Markdown

Clear, focused addition of a verify-first step to the install prompts.

🎯 Quality: 98% Elite · 📦 Size: Tiny

📈 This month: Your 217th PR — above team average · Averaging Excellent

See how your team is trending →

@ejntaylor ejntaylor merged commit e0733bd into main Jul 13, 2026
4 checks passed
@ejntaylor ejntaylor deleted the verify-first-install-prompt branch July 13, 2026 16:33
@ejntaylor ejntaylor changed the title Add a verify-first step to the agent install prompts Make the agent install prompt refusal-resistant: verify-first, steps inlined Jul 13, 2026
devlob added a commit that referenced this pull request Jul 13, 2026
…lineage

Two 0.3.x protect lineages had diverged. main (0.3.3, #36-#41) advanced the
scaffold-engine + local-manifest/--manifest approach; this branch vendored the
node-waf engine into the package (@patchstack/connect/protect) and added the
TanStack server-function guard. This takes the vendored lineage as canonical:

- scaffolds only guard.ts + rules.json (the WAF engine ships in the package)
- protect wires BOTH request middleware (browser tunnel) AND function middleware
  (TanStack server functions); per-piece idempotent so upgrades reconcile cleanly
- drops the scaffolded engine.js/manifest.js templates and the --manifest flag
  (the vendored engine handles package-conditional rules via the API/rules)

Preserves all of main's non-protect advances: in-package install guide,
mark-build build-stack descriptor, tag-driven release workflow, guide command,
verify-first install prompt. Typecheck clean; 126 tests pass.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant