08-tooling

printing press install

2026-05-07·tooling-install·! medium
toolingprinting-pressagent-clisecurity-review-pass-with-mitigationsmcp-adjacent

Printing Press Install — v4.0.3 (2026-05-07)

Decision summary

Founder greenlit install on 2026-05-07 after a security review returned PASS-with-mitigations. Maintainer identity (Matt Van Horn, June co-founder, ex-Lyft origins) and distribution model (no curl|sh, no postinstall scripts, signed Go releases with checksums.txt) cleared the SOP bar. Real risks live in downstream usage, not in the binary itself.

Cross-link: [[~/rdco-vault/02-sops/2026-05-02-mcp-plugin-skill-install-security-review-sop.md]] — the review framework applied here.

Install record

Field Value
Tool Printing Press CLI
Version v4.0.3
Source SHA 2c538be186fe828bc80dbc6a7126a6ebb9320825
Release https://github.com/mvanhorn/cli-printing-press/releases/tag/v4.0.3
Installed via Pre-built darwin_arm64 release tarball (NOT go install @latest, NOT npx ... starter-pack)
Tarball SHA-256 03ff0aefb23c0c3b02649af02e6cb87f30d85cc813b2a0fbe3a78adb3d43ed76 (verified against checksums.txt before extract)
Binary SHA-256 f7eb2b895a9cd04c53e907d02c57b8bc443c461fe3f06cfd6c22c4b932741da4
Binary path ~/.local/bin/printing-press (already on PATH)
Code signature adhoc, linker-signed (no Developer ID; expected for Go releases)
Smoke test printing-press --versionprinting-press 4.0.3
Release docs ~/printing-press/docs/ (README, CHANGELOG, LICENSE archived)

Mitigations applied at install

  1. Pinned to a specific version, not @latest. Used pre-built v4.0.3 tarball. Disables silent upgrade.
  2. Did NOT run starter-pack install. No community CLIs were pulled. Library starts empty.
  3. Did NOT use go install path. Go toolchain is not installed on this machine. Pre-built release binary path was chosen for verifiable integrity (SHA-256 against published checksums.txt).
  4. Did NOT use npx -y @mvanhorn/printing-press — that npm package shims out to a Go binary and would have implicitly required Go anyway, plus would have used @latest semantics from npm.
  5. Verified SHA-256 BEFORE extract. Downloaded tarball + checksums.txt to a tmp dir, ran shasum -a 256 -c, only extracted after OK.
  6. Inspected binary signature (codesign -dvv). Adhoc-signed Go binary, no Developer ID — matches expectations for unstapled Go releases. No Apple notarization, but provenance is established via the SHA chain.
  7. Cleaned up tmp dir after install. No tarball or scratch files left on disk.

Mitigations to enforce on every future use

These are the operational guardrails. Each of these is a hard rule until proven otherwise:

What Press is good for (RDCO-fit cases)

What Press is NOT for (don't reach for it here)

Sub-agent security review (full text reference)

Verdict: PASS-WITH-MITIGATIONS. Source trust strong (Matt Van Horn / mvanhorn, June co-founder, deep OSS history). Repo health good (256 stars, MIT, 44 releases, active cadence). Distribution clean (no curl|sh, no preinstall/postinstall, npm package is a thin shim, Go releases use sumdb). Real risks: SQLite mirror is plaintext at rest, generated-CLI credential storage path is undocumented, community CLI catalog has only mechanical PR gates. All three are managed by the install + use mitigations above.

Open questions worth watching:

Related

Changelog