Bump to 1.0.0-preview.6

.github/workflows/verify-commit-signatures.yml

@@ -0,0 +1,55 @@
+name: Verify Commit Signatures
+
+on:
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+
+jobs:
+  verify-signatures:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Verify commit signatures
+        shell: sh
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          FAILED=0
+          REPO="${{ github.repository }}"
+
+          for COMMIT in $(gh pr view "${{ github.event.pull_request.number }}" --repo "$REPO" --json commits --jq '.commits[].oid'); do
+            VERIFIED=$(gh api "repos/$REPO/commits/$COMMIT" --jq '.commit.verification.verified')
+            REASON=$(gh api "repos/$REPO/commits/$COMMIT" --jq '.commit.verification.reason')
+            COMMITTER=$(gh api "repos/$REPO/commits/$COMMIT" --jq '.commit.committer.email')
+            MESSAGE=$(gh api "repos/$REPO/commits/$COMMIT" --jq '.commit.message' | head -1)
+            SHORT=$(echo "$COMMIT" | cut -c1-7)
+
+            echo "---"
+            echo "Commit: $SHORT $MESSAGE"
+            echo "  Committer: $COMMITTER"
+            echo "  Verified:  $VERIFIED"
+            echo "  Reason:    $REASON"
+
+            if [ "$VERIFIED" != "true" ]; then
+              echo "  FAIL: Commit is not verified (reason: $REASON)"
+              FAILED=1
+            else
+              echo "  OK"
+            fi
+          done
+
+          echo ""
+          if [ "$FAILED" -eq 1 ]; then
+            echo "VERIFICATION FAILED: One or more commits are not verified."
+            echo "All commits must be GPG-signed and verified by GitHub."
+            exit 1
+          else
+            echo "All commits verified."
+          fi

CHANGELOG.md

@@ -7,6 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.0.0-preview.6] - 2026-03-27
+
+### Changed
+
+- Strict schema validation (`.strict()`) on all input objects for better small-model compatibility (#20)
+- Example added to tool description (#20)
+- Content and structuredContent derived from a single canonical result (#13)
+
+### Fixed
+
+- ANSI escape codes not stripped from structuredContent output (#12)
+
+### Security
+
+- picomatch CVE-2026-33671 (ReDoS) and CVE-2026-33672 (method injection) resolved via pnpm override
+
 ## [1.0.0-preview.5] - 2026-03-24
 
 ### Added
@@ -48,6 +64,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Built-in validation rules blocking destructive operations including rm, sed -i, git reset, force push, xargs, and sudo
 - Pluggable rule system for custom validation
 
+[1.0.0-preview.6]: https://github.com/shellicar/mcp-exec/releases/tag/1.0.0-preview.6
 [1.0.0-preview.5]: https://github.com/shellicar/mcp-exec/releases/tag/1.0.0-preview.5
 [1.0.0-preview.4]: https://github.com/shellicar/mcp-exec/releases/tag/1.0.0-preview.4
 [1.0.0-preview.3]: https://github.com/shellicar/mcp-exec/releases/tag/1.0.0-preview.3

packages/mcp-exec/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@shellicar/mcp-exec",
   "private": false,
-  "version": "1.0.0-preview.5",
+  "version": "1.0.0-preview.6",
   "type": "module",
   "license": "MIT",
   "author": "Stephen Hellicar",