security(deps): carve MCP SDK / zod out of Renovate patch auto-merge

[IgorShevchik]

Context

Surfaced during the multi-angle review of #192 (security pass, H-3).

renovate.json auto-merges patch / pin / digest updates for npm packages. For the docker-compose infra images this was explicitly disabled in #192 (nginx-proxy / acme-companion / watchtower require review). For npm there is no carve-out, so a patch bump of a runtime-critical, behaviour-sensitive package — @modelcontextprotocol/sdk, zod, @fastify/static — would merge with no human in the loop.

A patch release of one of these can still carry a behavioural change (a tightened zod coercion, an MCP SDK wire-format fix) that the unit suite might not fully cover, and it ships straight to main.

Proposal

Add a packageRules entry that holds these for review even on patch:

{
  "matchPackageNames": ["zod"],
  "matchPackagePrefixes": ["@modelcontextprotocol/", "@nuxtjs/mcp-toolkit"],
  "automerge": false
}

Open question: scope. Options —

1. Just the MCP wire stack + zod (narrow, recommended).
2. All dependencies (not devDependencies) — broader, more review load.

Alternatively, require the integration suite (not just unit) to pass before any npm auto-merge.

Acceptance

• Patch bumps of the MCP SDK / toolkit / zod open a PR that waits for review
• Other dev-dependency patches keep auto-merging (no extra review load where it isn't warranted)

Refs

• Follow-up from ci(deploy): drop SSH deploy, pin infra image digests, sync docs #192 review
• Mirrors the infra-image "never auto-merge" rule added in ci(deploy): drop SSH deploy, pin infra image digests, sync docs #192