[strategos] chore: Add local build protection against NPM/NPX cache overrides

WHY:
- NPM and NPX can cache packages and override local builds
- User needs to ensure local fix remains active until PR is merged
- Multiple layers of protection needed for reliability

EXPECTED:
- Local build always used (never overridden by NPM/NPX cache)
- Easy verification that fix is active
- Convenient rebuild workflow
- Clear documentation of setup

CHANGES:
- Added .npmrc: Prevents automatic NPM updates (save-exact, prefer-offline)
- Added verify-local-build.sh: Verification script to confirm fix is active
- Updated package.json: Added verify, rebuild, postinstall scripts
- Added LOCAL_BUILD_SETUP.md: Complete documentation of local build setup

PROTECTION LAYERS:
1. Direct node execution (no NPX) - Primary defense
2. NPM config (.npmrc) - Prevents auto-updates
3. Verification script - Confirms fix is active
4. Package.json scripts - Easy maintenance

USAGE:
- npm run verify: Check local build is active
- npm run rebuild: Rebuild and verify
- npm run watch: Watch for changes

Refs: User request to guard against NPM/NPX cache updates

Author: ketema

src/sequentialthinking/.npmrc

@@ -0,0 +1,15 @@
+# Prevent NPM from auto-updating dependencies
+# This ensures the local build remains stable until PR is merged
+
+# Disable automatic package updates
+save-exact=true
+
+# Prevent npm from modifying package-lock.json
+package-lock=false
+
+# Use local cache only (don't fetch from registry)
+prefer-offline=true
+
+# Prevent automatic dependency updates
+save-prefix=""
+

src/sequentialthinking/LOCAL_BUILD_SETUP.md

@@ -0,0 +1,214 @@
+# Local Build Setup - Sequential Thinking MCP Server
+
+This document explains how to ensure your local build with the schema fix is always used until the PR is merged.
+
+## Quick Start
+
+```bash
+# Verify local build is active
+npm run verify
+
+# Rebuild after making changes
+npm run rebuild
+```
+
+## Problem
+
+NPM and NPX can cache packages, potentially overriding your local build with the upstream version that doesn't have the fix.
+
+## Solution: Multi-Layer Protection
+
+### Layer 1: Direct Node Execution (Primary)
+
+Both Augment and VS Code configs use **direct node execution** with absolute paths, bypassing NPX entirely:
+
+```json
+{
+  "sequentialthinking": {
+    "command": "node",
+    "args": [
+      "/Users/ketema/projects/ametek_chess/submodules/mcp-servers/src/sequentialthinking/dist/index.js"
+    ]
+  }
+}
+```
+
+**Why this works:**
+- ✅ No NPX involved - can't be overridden by cache
+- ✅ Absolute path - always points to your local build
+- ✅ Direct execution - fastest startup
+
+### Layer 2: NPM Configuration (.npmrc)
+
+The `.npmrc` file prevents automatic updates:
+
+```ini
+# Prevent NPM from auto-updating dependencies
+save-exact=true
+package-lock=false
+prefer-offline=true
+save-prefix=""
+```
+
+**Why this works:**
+- ✅ `save-exact=true` - No automatic version updates
+- ✅ `prefer-offline=true` - Uses local cache, doesn't fetch from registry
+- ✅ `package-lock=false` - Prevents lock file modifications
+
+### Layer 3: Verification Script
+
+Run `npm run verify` to confirm your local build is active:
+
+```bash
+npm run verify
+```
+
+**Checks performed:**
+- ✅ dist/index.js exists
+- ✅ Schema fix (oneOf) present in built file
+- ✅ Input sanitization (sanitizeNumericParam) present
+- ✅ Augment config using local build
+- ✅ VS Code config using local build
+- ✅ No global package installed
+
+### Layer 4: Package.json Scripts
+
+Convenient scripts for common tasks:
+
+```bash
+# Build TypeScript to JavaScript
+npm run build
+
+# Build and verify
+npm run rebuild
+
+# Watch for changes and rebuild
+npm run watch
+
+# Verify local build is active
+npm run verify
+```
+
+## How to Maintain Local Build
+
+### After Making Code Changes
+
+```bash
+cd submodules/mcp-servers/src/sequentialthinking
+npm run rebuild
+```
+
+This will:
+1. Compile TypeScript to JavaScript
+2. Make dist/index.js executable
+3. Verify the fix is present in the built file
+
+### After Pulling from Git
+
+```bash
+cd submodules/mcp-servers/src/sequentialthinking
+npm run rebuild
+```
+
+### After Restarting VS Code or Augment
+
+No action needed! The configs use absolute paths, so they'll always use your local build.
+
+### Verifying the Server is Running
+
+```bash
+ps aux | grep sequential | grep -v grep
+```
+
+**Expected output:**
+```
+ketema    65806  ... node /Users/ketema/projects/ametek_chess/submodules/mcp-servers/src/sequentialthinking/dist/index.js
+```
+
+**Key indicator:** Should show `node` followed by the absolute path to your local `dist/index.js`.
+
+**Bad output (if you see this, something is wrong):**
+```
+ketema    65806  ... npx @modelcontextprotocol/server-sequential-thinking
+```
+
+## Troubleshooting
+
+### Problem: "Invalid thoughtNumber: must be a number" error returns
+
+**Diagnosis:**
+```bash
+npm run verify
+```
+
+**If verification fails:**
+```bash
+npm run rebuild
+```
+
+**If still failing:**
+1. Check Augment config (Settings Panel) - should use absolute path
+2. Check VS Code config (.vscode/settings.json) - should use absolute path
+3. Restart VS Code extension host
+4. Check running process: `ps aux | grep sequential`
+
+### Problem: NPX cache interfering
+
+**Solution:** Don't use NPX! The configs use `node` directly.
+
+**If you accidentally installed globally:**
+```bash
+npm uninstall -g @modelcontextprotocol/server-sequential-thinking
+```
+
+### Problem: Changes not taking effect
+
+**Checklist:**
+1. ✅ Run `npm run rebuild`
+2. ✅ Restart MCP server (restart VS Code extension host or Augment)
+3. ✅ Verify with `npm run verify`
+4. ✅ Check running process: `ps aux | grep sequential`
+
+## File Structure
+
+```
+submodules/mcp-servers/src/sequentialthinking/
+├── .npmrc                      # NPM configuration (prevents auto-updates)
+├── package.json                # Package definition with scripts
+├── verify-local-build.sh       # Verification script
+├── LOCAL_BUILD_SETUP.md        # This file
+├── SCHEMA_FIX_EXPLANATION.md   # Technical explanation of the fix
+├── index.ts                    # Source code (TypeScript)
+└── dist/
+    └── index.js                # Built code (JavaScript) - THIS IS WHAT RUNS
+```
+
+## Key Principles
+
+1. **Never use NPX** - Always use `node` with absolute path
+2. **Verify after changes** - Run `npm run verify` to confirm
+3. **Rebuild when needed** - Run `npm run rebuild` after code changes
+4. **Check running process** - Use `ps aux | grep sequential` to verify
+
+## When Can You Stop Using Local Build?
+
+Once PR #2812 is merged and released:
+
+1. Check NPM for new version: `npm view @modelcontextprotocol/server-sequential-thinking version`
+2. If version > 0.6.2, the fix is released
+3. Update configs to use NPX: `npx @modelcontextprotocol/server-sequential-thinking`
+4. Remove local build from configs
+
+Until then, **always use the local build!**
+
+## Summary
+
+Your local build is protected by:
+- ✅ Direct node execution (no NPX)
+- ✅ Absolute paths (no ambiguity)
+- ✅ NPM config (no auto-updates)
+- ✅ Verification script (confirm it's working)
+- ✅ Convenient scripts (easy maintenance)
+
+**You're safe from NPM/NPX cache issues!** 🎉
+

src/sequentialthinking/QUICK_REFERENCE.md

@@ -0,0 +1,88 @@
+# Quick Reference - Sequential Thinking Local Build
+
+## Daily Commands
+
+```bash
+# Verify local build is active
+npm run verify
+
+# Rebuild after code changes
+npm run rebuild
+
+# Watch for changes (auto-rebuild)
+npm run watch
+```
+
+## Verification Checklist
+
+✅ **Local build exists**: dist/index.js present  
+✅ **Schema fix present**: oneOf in built file  
+✅ **Sanitization present**: sanitizeNumericParam in built file  
+✅ **Config correct**: Using absolute path to dist/index.js  
+✅ **No global package**: Not installed globally  
+✅ **Server running**: `node .../dist/index.js` (not npx)
+
+## Quick Checks
+
+```bash
+# Check running server
+ps aux | grep sequential | grep -v grep
+# Should show: node /Users/ketema/.../dist/index.js
+
+# Check build date
+stat -f "%Sm" -t "%Y-%m-%d %H:%M:%S" dist/index.js
+
+# Check for fix in built file
+grep -c "oneOf" dist/index.js  # Should be > 0
+grep -c "sanitizeNumericParam" dist/index.js  # Should be > 0
+```
+
+## Troubleshooting
+
+| Problem | Solution |
+|---------|----------|
+| Error returns | `npm run rebuild` |
+| Changes not working | `npm run rebuild` + restart extension |
+| NPX interfering | Don't use NPX! Config uses `node` directly |
+| Global package installed | `npm uninstall -g @modelcontextprotocol/server-sequential-thinking` |
+
+## Protection Status
+
+🛡️ **Layer 1**: Direct node execution (no NPX)  
+🛡️ **Layer 2**: NPM config (.npmrc) prevents auto-updates  
+🛡️ **Layer 3**: Verification script confirms fix  
+🛡️ **Layer 4**: Package scripts for easy maintenance
+
+## When to Rebuild
+
+- ✅ After editing index.ts
+- ✅ After pulling from git
+- ✅ After npm install
+- ❌ NOT needed after restarting VS Code/Augment
+
+## Config Locations
+
+- **Augment**: Settings Panel → MCP Servers
+- **VS Code**: `.vscode/settings.json`
+- **Both should use**: `node` + absolute path to `dist/index.js`
+
+## Success Indicators
+
+✅ `npm run verify` passes all checks  
+✅ `ps aux | grep sequential` shows local path  
+✅ No "Invalid thoughtNumber" errors  
+✅ Tool accepts both `thoughtNumber: 1` and `thoughtNumber: "1"`
+
+## Emergency Reset
+
+```bash
+cd submodules/mcp-servers/src/sequentialthinking
+npm run rebuild
+# Restart VS Code extension host or Augment
+npm run verify
+```
+
+---
+
+**Remember**: Your local build is protected! NPM/NPX cache can't override it. 🎉
+

src/sequentialthinking/package.json

@@ -16,7 +16,10 @@
   "scripts": {
     "build": "tsc && shx chmod +x dist/*.js",
     "prepare": "npm run build",
-    "watch": "tsc --watch"
+    "watch": "tsc --watch",
+    "verify": "bash verify-local-build.sh",
+    "rebuild": "npm run build && npm run verify",
+    "postinstall": "echo '⚠️  Local build detected. Run npm run rebuild to ensure your fixes are active.'"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "0.5.0",