Skip to content

MCP Trust Score#1

Open
Matvey-Kuk wants to merge 3 commits intoVeriTeknik:mainfrom
Matvey-Kuk:add-mcp-badge
Open

MCP Trust Score#1
Matvey-Kuk wants to merge 3 commits intoVeriTeknik:mainfrom
Matvey-Kuk:add-mcp-badge

Conversation

@Matvey-Kuk
Copy link

@Matvey-Kuk Matvey-Kuk commented Aug 20, 2025
edited by sourcery-ai bot
Loading

Hi!

This PR adds the "Trust Score" badge from our new Open Source MCP catalog.

Our catalog evaluates MCP servers based on technical quality—like protocol feature implementation and dependency health—rather than vanity metrics like GitHub stars.

The scoring process is fully transparent and reproducible:

The badge is designed to be respectful to the structure of your readme, example: Trust Score

Projects like Grafana MCP (https://github.com/grafana/mcp-grafana) are already participating.

We believe that transparent and truly open source MCP catalog should help the community to identify great MCP servers like yours 😊

We'd appreciate your support by merging this PR!

Summary by Sourcery

Add a transparent Trust Score badge to the project README and commit a pnpm lockfile to ensure consistent dependency installs.

New Features:

  • Add Trust Score badge from the Open Source MCP catalog to README

Enhancements:

  • Add pnpm-lock.yaml to pin project dependencies

Documentation:

  • Include Trust Score badge in README documentation

@sourcery-ai
Copy link

sourcery-ai bot commented Aug 20, 2025
edited
Loading

Reviewer's Guide

This PR integrates the new Trust Score badge into the project’s README to surface transparent quality metrics, while also regenerating the dependency lockfile and introducing a set of duplicated documentation and configuration artifacts (suffixed with “2”) likely stemming from an automated file generation process.

Flow diagram for Trust Score badge rendering and navigation

flowchart TD
    A[User opens README.md]
    B[Trust Score badge loads from MCP Catalog API]
    C[User clicks badge]
    D[User navigates to MCP Catalog project page]

    A --> B
    B --> C
    C --> D
Loading

File-Level Changes

Change Details Files
Trust Score badge added to README templates
  • Inserted markdown snippet for Trust Score badge
  • Linked badge to the catalog quality endpoint
 README.md
README 2.md
Dependency lockfile regenerated
  • Added a complete pnpm-lock 2.yaml file
  • Captured full dependency graph for reproducible installs
 pnpm-lock 2.yaml
Bulk addition of duplicate docs and config artifacts
  • Duplicated key documentation files with “2” suffix
  • Included new testing and deployment configs (Vitest, Jest, Docker, Smithery)
 CHANGELOG 2.md
RELEASE_NOTES_v1.4.0 2.md
RELEASE_NOTES_v1.0.0 2.md
MIGRATION_GUIDE_v1.0.0 2.md
REFACTORING-SUMMARY 2.md
SECURITY 2.md
IMPLEMENTATION-SUMMARY 2.md
SMITHERY_COMPATIBILITY 2.md
vitest.config 2.ts
docker-compose 2.yml
smithery 2.yaml
jest.config 2.js
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot requested changes Aug 20, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes - here's some feedback:

Blocking issues:

  • Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource. (link)

General comments:

  • This PR includes hundreds of unrelated files (lockfile, docs, changelogs) that obscure the small badge change—please trim the diff to only the README badge insertion.
  • The badge URL uses uppercase “VeriTeknik” which may not match your catalog slug; ensure the casing matches the actual identifier (usually all lowercase) to avoid broken links.
Prompt for AI Agents 
Please address the comments from this code review:
## Overall Comments
- This PR includes hundreds of unrelated files (lockfile, docs, changelogs) that obscure the small badge change—please trim the diff to only the README badge insertion.
- The badge URL uses uppercase “VeriTeknik” which may not match your catalog slug; ensure the casing matches the actual identifier (usually all lowercase) to avoid broken links.

## Security Issues

### Issue 1
<location> `README 2.md:330` </location>

<issue_to_address>
**security (curl-auth-header):** Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

*Source: gitleaks*
</issue_to_address>
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

README 2.md Outdated
Comment on lines +330 to +331
curl -X POST http://localhost:12006/mcp \
-H "Authorization: Bearer YOUR_API_KEY" \
Copy link

@sourcery-ai sourcery-ai bot Aug 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

security (curl-auth-header): Discovered a potential authorization token provided in a curl command header, which could compromise the curl accessed resource.

Source: gitleaks

@ckaraca
Copy link

ckaraca commented Aug 20, 2025

Hey @Matvey-Kuk

Congrats on your seed round. Hope you succeed.
You replicated the files. Please remove the bulk addition of the duplicated files, and I will add the badge.

Best,
Cem

Matvey-Kuk and others added 2 commits August 21, 2025 18:30
@Matvey-Kuk
Remove accidentally committed duplicate files
5e08a57 
Cleaned up files with ' 2' suffix that were accidentally added
@Matvey-Kuk
Update README.md
5d3aeff
@Matvey-Kuk
Copy link
Author

Matvey-Kuk commented Aug 21, 2025

@ckaraca thank you, and apologies! Fixed the PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Matvey-Kuk @ckaraca