Skip to content

Add MCP Observatory CI check#11

Open
KryptosAI wants to merge 1 commit into
kazuph:mainfrom
KryptosAI:codex/mcp-observatory-ci
Open

Add MCP Observatory CI check#11
KryptosAI wants to merge 1 commit into
kazuph:mainfrom
KryptosAI:codex/mcp-observatory-ci

Conversation

@KryptosAI

Copy link
Copy Markdown

This adds a lightweight MCP Observatory check for the taskmanager MCP server.\n\nWhy it helps:\n\n- verifies MCP tools still respond correctly\n- catches schema drift and common security footguns before release\n- posts a readable PR report for maintainers\n- gives users a compatibility signal when evaluating MCP servers\n\nI validated the target locally with:\n\nbash\nnpx @kryptosai/mcp-observatory@latest test --target mcp-observatory.target.json --security --deep\n\n\nResult: passed, with 10 tools detected from npx -y @kazuph/mcp-taskmanager@latest.\n\nIt runs in GitHub Actions and does not require an MCP Observatory account. If the check is too strict for this repo, the workflow can be adjusted while keeping the report visible.

@KryptosAI

Copy link
Copy Markdown
Author

Small update: MCP Observatory v0.27.0 is now published with optional SARIF output and GitHub Code Scanning support.

This PR can remain a read-only advisory compatibility/security check. If maintainers later want MCP findings in GitHub Code Scanning, the workflow can opt into setup-ci --sarif with security-events: write.

Docs: https://github.com/KryptosAI/mcp-observatory/blob/main/docs/github-code-scanning-for-mcp.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant