Revert mintlify and netsuite-suitecloud changes

The validate-plugins check requires a plugin manifest at the pinned SHA even for strict:false entries. Neither repo has one at any SHA, so a SHA bump fails CI. Leave them at the existing pin until either the upstream adds a manifest or the validator learns to honor strict:false.
Fix broken plugin source configs and bump their SHAs
2026-05-19 04:32:41 +00:00 · 2026-05-18 19:18:49 +00:00 · 2026-05-18 19:13:39 +00:00 · 2026-05-18 19:53:59 +01:00
2 changed files with 16 additions and 10 deletions
--- a/.claude-plugin/marketplace.json
+++ b/.claude-plugin/marketplace.json
@@ -18,7 +18,7 @@
        "source": "git-subdir",
        "url": "https://github.com/42Crunch-AI/claude-plugins.git",
        "path": "plugins/api-security-testing",
-        "ref": "v1.0.1",
+        "ref": "v1.5.5",
        "sha": "faf5305385de8afed9468904e8639be737aff39e"
      },
      "homepage": "https://42crunch.com"
@@ -1049,8 +1049,8 @@
      "source": {
        "source": "github",
        "repo": "jfrog/claude-plugin",
-        "commit": "761921eaa12b845beba1688d699a2d45091dfe83",
-        "sha": "d80db066e219aab8190f3dc4a463b71a3a180250"
+        "commit": "259c8e718266c16e99b4f30ae9b1ed0f9f00d98d",
+        "sha": "259c8e718266c16e99b4f30ae9b1ed0f9f00d98d"
      },
      "homepage": "https://jfrog.com"
    },
@@ -1654,7 +1654,8 @@
      "source": {
        "source": "url",
        "url": "https://github.com/RevenueCat/rc-claude-code-plugin.git",
-        "sha": "af7cb77996aee4e7e3c109c5afec81f716139032"
+        "path": "revenuecat",
+        "sha": "407e4651ff74dbaf47c457948ab540e620403c2a"
      },
      "homepage": "https://www.revenuecat.com"
    },
@@ -1675,7 +1676,8 @@
      "source": {
        "source": "url",
        "url": "https://github.com/RevenueCat/rc-claude-code-plugin.git",
-        "sha": "af7cb77996aee4e7e3c109c5afec81f716139032"
+        "path": "revenuecat",
+        "sha": "407e4651ff74dbaf47c457948ab540e620403c2a"
      },
      "homepage": "https://www.revenuecat.com"
    },
@@ -2007,7 +2009,8 @@
      "source": {
        "source": "url",
        "url": "https://github.com/sumup/sumup-skills.git",
-        "sha": "0fd0a911ecaffd7187fe35e914d8ead6de584ffd"
+        "path": "providers/claude/plugin",
+        "sha": "a4b5a9789e10e27fb375b68279bb0916074b8dd4"
      },
      "homepage": "https://www.sumup.com/"
    },
@@ -2247,7 +2250,8 @@
      "source": {
        "source": "url",
        "url": "https://github.com/zilliztech/zilliz-plugin.git",
-        "sha": "17cf04e6a3c272320b707d429484e4c00b3bec0b"
+        "path": "plugins/zilliz",
+        "sha": "e960396da0bd0b1cb219fa97e3bcbb425ee1abbd"
      },
      "homepage": "https://docs.zilliz.com"
    },
--- a/.github/workflows/bump-plugin-shas.yml
+++ b/.github/workflows/bump-plugin-shas.yml
@@ -1,8 +1,10 @@
 name: Bump Plugin SHAs

-# Weekly sweep: for each external entry whose upstream HEAD has moved past
+# Nightly sweep: for each external entry whose upstream HEAD has moved past
 # its pinned SHA, validate at the new SHA with `claude plugin validate`
-# inline, then open one PR with all passing bumps.
+# inline, then open one PR with all passing bumps. Each run force-resets the
+# bump/plugin-shas branch, so a previous night's unmerged PR is replaced (and
+# its review state discarded) — review and merge same-day to avoid churn.
 #
 # Bot-free — uses the default GITHUB_TOKEN. PRs opened with GITHUB_TOKEN don't
 # trigger on:pull_request workflows, so the policy scan (`Scan Plugins`, a
@@ -14,7 +16,7 @@ name: Bump Plugin SHAs

 on:
  schedule:
-    - cron: '23 7 * * 1'  # Monday 07:23 UTC
+    - cron: '23 7 * * *'  # Daily 07:23 UTC
  workflow_dispatch:
    inputs:
      max_bumps: