Release and Supply-Chain Security¶
This document defines the security posture expected for KiCad MCP Pro releases, package publishing, and distribution artifacts.
Goals¶
- Releases are built from the canonical
oaslananka/kicad-mcprepository. - Publishing happens through GitHub Actions, not from a maintainer workstation.
- Long-lived package-manager tokens are avoided where trusted publishing or OIDC is available.
- Release artifacts are reproducible enough to verify names, versions, checksums, SBOMs, and provenance.
- Public claims are evidence-backed: if a capability is heuristic, partial, or environment-dependent, the release notes and docs say so.
Protected release path¶
The normal release path is documented in ../release-process.md. The required posture is:
- Work lands through pull requests to
main. - Required CI, security, CodeQL, docs, and metadata checks pass.
- Release-please derives versions from Conventional Commits and opens the release pull request.
- Publishing workflows run only from canonical release events or guarded manual dispatches.
- Protected environments gate publishing jobs.
- Publish jobs produce or verify release evidence before publishing.
- Post-publish verification confirms the package-index artifact matches the locally generated digest where supported.
Artifact classes¶
| Artifact | Workflow | Expected evidence |
|---|---|---|
Python package kicad-mcp-pro |
.github/workflows/publish-python.yml |
wheel/sdist, SHA256 checksums, SBOM, GitHub attestation, PyPI/TestPyPI verification |
npm wrapper kicad-mcp-pro |
.github/workflows/publish-npm.yml |
npm tarball, SHA256 checksums, SBOM, provenance, post-publish digest verification |
| Protocol schemas npm package | .github/workflows/publish-protocol-schemas.yml |
npm tarball, SHA256 checksums, SBOM, provenance, post-publish digest verification |
| Docker image | .github/workflows/publish-mcp-container.yml |
multi-arch image, labels, SBOM/provenance from buildx, Trivy scan, GHCR digest |
| Tauri GUI installers | .github/workflows/gui-release.yml |
platform installer bundles attached to the matching GUI release |
| MCP Registry manifest | .github/workflows/publish-mcp-registry.yml |
manifest validation, package availability verification, registry publish step |
Required controls¶
- Workflow default permissions are
contents: readunless a job needs narrower elevated permissions. - Jobs that publish, deploy, attest, or mutate release assets declare job-scoped permissions.
- Publish jobs are guarded by repository owner, event type, tag prefix, and environment checks.
- Third-party Actions are pinned to full commit SHAs.
- Checkout credentials are not persisted unless a workflow explicitly needs to push.
- Shell steps pass GitHub expressions through
env:before use in scripts. - Dependency audit, secret scanning, static analysis, and workflow-security checks are part of the local and CI gates.
Maintainer checklist¶
Before approving a release environment:
- [ ] The release tag prefix matches the artifact class.
- [ ] CI and security workflows passed on the release commit.
- [ ] Version metadata is synchronized across
pyproject.toml, package manifests,server.json, and generated docs. - [ ] The release notes do not overclaim EDA accuracy, sign-off authority, or KiCad coverage.
- [ ] Generated artifacts do not include credentials, private project paths, private board data, or customer files.
- [ ] SBOM, checksum, and attestation steps completed or the exception is documented in the release notes.
- [ ] Post-publish verification completed for PyPI/npm artifacts where supported.
Incident response¶
If release integrity is in doubt:
- Stop the affected publish workflow and revoke any exposed token.
- Mark affected GitHub Releases, package versions, container tags, or registry entries as compromised or yanked where supported.
- Open a private GitHub Security Advisory.
- Cut a patched release through the protected pipeline.
- Publish a user-facing advisory with affected versions, mitigations, and verification steps.
See also release-signing.md for artifact-signing and verification policy.