ci: skip lefthook on spec-sync bot push

[felixweinberger]

Skip lefthook's pre-push hooks when the spec-sync bot pushes its branch.

Motivation and Context

pnpm install installs lefthook git hooks on the runner, so the bot's git push runs typecheck:all/lint:all/build:all. When upstream schema.ts drifts in a way that requires SDK changes, typecheck fails and no PR is created — the drift is silently dropped instead of surfaced. This happened in run 23971433340. The PR's own CI is the right place for those checks.

How Has This Been Tested?

Workflow-only change; verified the diff. The next scheduled/dispatched run will exercise it.

Breaking Changes

None.

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation update

Checklist

• I have read the MCP Documentation
• My code follows the repository's style guidelines
• New and existing tests pass locally
• I have added appropriate error handling
• I have added or updated documentation as needed

Additional context

Belt-and-suspenders: sets LEFTHOOK=0 and passes --no-verify so this stays robust if the hook manager changes.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 04a7331

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[pkg-pr-new]

Open in StackBlitz

@modelcontextprotocol/client

npm i https://pkg.pr.new/@modelcontextprotocol/client@1866

@modelcontextprotocol/server

npm i https://pkg.pr.new/@modelcontextprotocol/server@1866

@modelcontextprotocol/express

npm i https://pkg.pr.new/@modelcontextprotocol/express@1866

@modelcontextprotocol/fastify

npm i https://pkg.pr.new/@modelcontextprotocol/fastify@1866

@modelcontextprotocol/hono

npm i https://pkg.pr.new/@modelcontextprotocol/hono@1866

@modelcontextprotocol/node

npm i https://pkg.pr.new/@modelcontextprotocol/node@1866

commit: 04a7331

[claude]

LGTM — simple, targeted fix that correctly surfaces spec drift as a PR instead of silently dropping it.

Extended reasoning...

Overview

Single-file CI workflow change adding LEFTHOOK=0 env var and --no-verify flag to the git push in the spec-sync bot job. Two complementary mechanisms (env var + git flag) are belt-and-suspenders to skip lefthook hooks during the automated push.

Security Risks

No security concerns. The change only affects a CI workflow that pushes to a dedicated update-spec-types branch and opens a PR — no direct production impact, no auth or secrets changes.

Level of Scrutiny

Low. This is a mechanical CI fix for a clearly documented failure mode. The approach is idiomatic (LEFTHOOK=0 is the documented way to disable lefthook; --no-verify is the standard git flag) and the fix is narrowly scoped to the one step that was failing.

Other Factors

No bugs found, no outstanding reviewer comments, minimal blast radius. The PR description includes a link to the failed run demonstrating the root cause.

[bhosmer-ant]

Verified the safety net is intact: ruleset on main requires build/test status checks + approval, so a spec-sync PR with broken typecheck cannot merge. lefthook.yml pre-push is exactly typecheck/lint/build as the comment says. The rationale holds — better a visible red-CI PR than a silently-failed bot push hiding spec drift.

nit: LEFTHOOK=0 and --no-verify are redundant (either alone works); harmless to keep both.

Review by Claude, checked by Basil.