Skip to content

Add MCP Observatory CI#189

Open
KryptosAI wants to merge 1 commit into
BrowserMCP:mainfrom
KryptosAI:codex/add-mcp-observatory-ci
Open

Add MCP Observatory CI#189
KryptosAI wants to merge 1 commit into
BrowserMCP:mainfrom
KryptosAI:codex/add-mcp-observatory-ci

Conversation

@KryptosAI

Copy link
Copy Markdown

Add MCP Observatory CI

This adds a small MCP Observatory workflow for this MCP server.

Why it helps:

  • verifies the MCP server starts and exposes its tool surface correctly
  • catches schema drift and common security issues before release
  • keeps the check local-first; no MCP Observatory account is required
  • gives maintainers a PR-visible compatibility/security report

I validated the command locally with MCP Observatory before opening this PR:

npx @kryptosai/mcp-observatory test --security npx -y @browsermcp/mcp

Result: passed, with 12 tools discovered.

If this is too strict for the repo initially, the workflow can be adjusted while keeping the report visible.

@KryptosAI

Copy link
Copy Markdown
Author

Small update: MCP Observatory v0.27.0 is now published with optional SARIF output and GitHub Code Scanning support.

This PR can remain a read-only advisory compatibility/security check, and if maintainers later want GitHub Security-tab findings, the workflow can opt into setup-ci --sarif with security-events: write.

Docs: https://github.com/KryptosAI/mcp-observatory/blob/main/docs/github-code-scanning-for-mcp.md

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant