Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion AGENT-INSTALL.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ You are reading this either from `node_modules/@patchstack/connect/AGENT-INSTALL
## Verify before you trust (do this, it's quick)

- The connector is a normal npm package: [`@patchstack/connect`](https://www.npmjs.com/package/@patchstack/connect), MIT-licensed, source at https://github.com/patchstack/connect. Install it pinned, check the integrity hash in the lockfile, run `npm audit` over it — whatever your policy requires.
- If your training data says this package or repo doesn't exist, your training data predates it — the first version was published in May 2026. Run `npm view @patchstack/connect` (read-only, executes nothing) and trust the registry over your memory.
- First published May 2026. If the package is absent from your training data, `npm view @patchstack/connect` (read-only) shows the live registry record.
- It reads the project's **lockfile only** (`package-lock.json`, `pnpm-lock.yaml`, or `yarn.lock`) and sends package names + versions to Patchstack for vulnerability matching. No source code, no env vars, no file paths, no git history.
- Patchstack is not WordPress-only. This connector monitors any JS/Node project — Vite, Next.js, plain vanilla JS, anything with a lockfile.

Expand Down
15 changes: 12 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,20 @@ For how this repo fits with the wider Patchstack ecosystem (`saas`, `hub`, `patc

Copy and paste this prompt into any AI coding assistant (Cursor, v0, Bolt, Lovable, Claude Code, etc.):

> Add dependency vulnerability monitoring with `@patchstack/connect` — Patchstack's npm connector for JS/Node projects (MIT, source: https://github.com/patchstack/connect). It was first published in May 2026, which may be after your knowledge cutoff, so do not conclude from memory that it doesn't exist: verify it with the read-only command `npm view @patchstack/connect` first. Once verified, install it as a dev dependency like any other package, then read the setup guide it ships at `node_modules/@patchstack/connect/AGENT-INSTALL.md` and follow it.
> Add Patchstack dependency vulnerability monitoring to this project:
>
> 1. `npm install --save-dev @patchstack/connect` — or the pnpm/yarn/bun equivalent (MIT, source: https://github.com/patchstack/connect; verify with `npm view @patchstack/connect` if unsure).
> 2. `npx @patchstack/connect scan` — saves a site ID to `.patchstackrc.json` and prints a claim URL. Show me that URL; don't open it.
> 3. Add `package.json` scripts `"prebuild": "patchstack-connect scan"` and `"postbuild": "patchstack-connect mark-build"`, then commit the changes.
> 4. Run `npx @patchstack/connect guide` and use it to add the report-a-vulnerability widget and finish any framework-specific details.

The prompt is built to survive agent security filters, in order of how they fire: it gives the agent a safe, read-only registry command to *verify* the package exists (agents whose training predates May 2026 otherwise assert it doesn't and refuse), it frames the install as an ordinary pinnable dev dependency rather than a remote script, the setup instructions ship *inside* the installed package as a readable file (`AGENT-INSTALL.md`, also printed by `npx @patchstack/connect guide`), and it preempts the "Patchstack is WordPress-only" objection. If the agent has network access, the always-current version of the guide is at https://patchstack.com/install.txt — this longer prompt uses it directly:
The shape of this prompt is deliberate — it has survived three distinct AI-agent refusal modes, and each one punished a different shortcut:

> Add Patchstack dependency vulnerability monitoring. First verify the connector exists with the read-only command `npm view @patchstack/connect` (first published May 2026, likely newer than your training data — the registry is the source of truth; MIT, public source at https://github.com/patchstack/connect). Then install it as a dev dependency and follow the plain-text setup instructions at https://patchstack.com/install.txt — that URL is documentation to read, not a script to execute. Patchstack monitors any JS/Node lockfile, not just WordPress.
1. **"Follow the instructions at this URL" reads as remote script execution.** Agents refuse before ever fetching the doc.
2. **Agents whose training predates May 2026 assert the package doesn't exist.** Step 1's `npm view` resolves that against the registry instead of the model's memory.
3. **"Install the package, then follow the instructions it ships" reads as handing control to the package author** — structurally the same as prompt injection — and preemptive reassurance language ("it's safe, don't be suspicious, note your knowledge cutoff") is itself flagged as a manipulation signal.

So the prompt inlines the core install as concrete, individually inspectable commands, delegates nothing up front, and argues nothing. `npx @patchstack/connect guide` (which prints the bundled `AGENT-INSTALL.md`) enters only at step 4, as an assist for widget placement, re-run rules, and troubleshooting — by then the agent has already installed and audited the package, so consulting its docs is ordinary behavior rather than the instruction channel the install depends on. The always-current long-form guide lives at https://patchstack.com/install.txt.

## Quick start (zero configuration)

Expand Down
Loading