BareMCP

baremcp
.github
workflows

ci.yml•2.66 kB

name: CI on: push: branches: [main] pull_request: branches: [main] jobs: lint-and-typecheck: name: Lint & Typecheck runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: latest - name: Install dependencies run: bun install --frozen-lockfile - name: Type check run: bun run typecheck - name: Lint run: bun run lint test: name: Test runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: latest - name: Install dependencies run: bun install --frozen-lockfile - name: Run tests run: bun test build: name: Build (${{ matrix.os }}) runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] steps: - uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: latest - name: Install dependencies run: bun install --frozen-lockfile - name: Build run: bun run build - name: Verify CLI version flag run: bun dist/index.js --version shell: bash - name: Verify CLI help flag run: bun dist/index.js --help shell: bash security: name: Security Audit runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Setup Bun uses: oven-sh/setup-bun@v2 with: bun-version: latest - name: Install dependencies run: bun install --frozen-lockfile - name: Check for vulnerabilities run: bun pm audit || true # Don't fail on advisory warnings - name: Verify no secrets in code run: | # Check for common secret patterns (exclude validation code in index.ts) # Look for actual secret assignments, not validation patterns if grep -rE "sk_(test|live)_[a-zA-Z0-9]{20,}" --include="*.ts" --include="*.js" src/; then echo "::error::Potential hardcoded API keys found in source code" exit 1 fi # Check for hardcoded API key assignments (but not validation patterns) if grep -rE "api[_-]?[Kk]ey\s*[:=]\s*['\"][a-zA-Z0-9_-]{20,}['\"]" --include="*.ts" --include="*.js" src/; then echo "::error::Potential hardcoded API keys found in source code" exit 1 fi echo "No hardcoded secrets detected"

Loading blob content...

Latest Blog Posts

How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash
What is Streamable HTTP in MCP?
By punkpeye on January 2, 2026.
Streamable HTTP
What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/barecommerce-core/baremcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

ci.yml•2.66 kB