From 15fa72a200f8df6fca3b3f2bec64d5488f21ba06 Mon Sep 17 00:00:00 2001 From: thuggeelya Date: Wed, 4 Mar 2026 18:49:54 +0100 Subject: [PATCH 1/5] Add MCP Shield security scan --- .github/workflows/mcp-shield.yml | 16 ++++++++++++++++ README.md | 1 + 2 files changed, 17 insertions(+) create mode 100644 .github/workflows/mcp-shield.yml diff --git a/.github/workflows/mcp-shield.yml b/.github/workflows/mcp-shield.yml new file mode 100644 index 0000000..3c950fd --- /dev/null +++ b/.github/workflows/mcp-shield.yml @@ -0,0 +1,16 @@ +name: MCP Shield + +on: + push: + branches: [main] + pull_request: + branches: [main] + +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: thuggeelya/mcp-shield-action@v1 + with: + server: 'npx -y @kimsungwhee/apple-docs-mcp' diff --git a/README.md b/README.md index 2aa946b..9bcaece 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ [![npm version](https://badge.fury.io/js/@kimsungwhee%2Fapple-docs-mcp.svg)](https://badge.fury.io/js/@kimsungwhee%2Fapple-docs-mcp) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) +[![MCP Shield](https://img.shields.io/badge/MCP_Shield-B_(75)-yellowgreen)](https://github.com/thuggeelya/mcp-shield) Apple Developer Documentation MCP Server - Access Apple's official developer docs, frameworks, APIs, SwiftUI, UIKit, and WWDC videos through Model Context Protocol. Search iOS, macOS, watchOS, tvOS, and visionOS documentation with AI-powered natural language queries. Get instant access to Swift/Objective-C code examples, API references, and technical guides directly in Claude, Cursor, or any MCP-compatible AI assistant. From b723e6c9bbaf3714906e97fe35209f9fecd2c9c3 Mon Sep 17 00:00:00 2001 From: thuggeelya Date: Wed, 4 Mar 2026 18:58:21 +0100 Subject: [PATCH 2/5] Use local build instead of published npm package --- .github/workflows/mcp-shield.yml | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/.github/workflows/mcp-shield.yml b/.github/workflows/mcp-shield.yml index 3c950fd..06d0f65 100644 --- a/.github/workflows/mcp-shield.yml +++ b/.github/workflows/mcp-shield.yml @@ -11,6 +11,11 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + - run: npm ci + - run: npm run build - uses: thuggeelya/mcp-shield-action@v1 with: - server: 'npx -y @kimsungwhee/apple-docs-mcp' + server: 'node dist/index.js' From c13b81d5a7277280ecb74e3b2e2660b188600864 Mon Sep 17 00:00:00 2001 From: thuggeelya Date: Wed, 4 Mar 2026 19:07:50 +0100 Subject: [PATCH 3/5] Fix: use pnpm and pin action to SHA --- .github/workflows/mcp-shield.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/.github/workflows/mcp-shield.yml b/.github/workflows/mcp-shield.yml index 06d0f65..0ee521c 100644 --- a/.github/workflows/mcp-shield.yml +++ b/.github/workflows/mcp-shield.yml @@ -11,11 +11,15 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + - uses: pnpm/action-setup@v3 + with: + version: 9 - uses: actions/setup-node@v4 with: node-version: 20 - - run: npm ci - - run: npm run build - - uses: thuggeelya/mcp-shield-action@v1 + cache: 'pnpm' + - run: pnpm install --frozen-lockfile + - run: pnpm run build + - uses: thuggeelya/mcp-shield-action@23b14aa85fca81748712a935bf4b38271870093c # v1 with: server: 'node dist/index.js' From 72ce34b2b65c8c7a9443064c8e4114582b405549 Mon Sep 17 00:00:00 2001 From: Ilya <47352855+thuggeelya@users.noreply.github.com> Date: Thu, 5 Mar 2026 03:16:45 +0300 Subject: [PATCH 4/5] update mcp-shield-action to latest v1 (adds SARIF + CWE) --- .github/workflows/mcp-shield.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/mcp-shield.yml b/.github/workflows/mcp-shield.yml index 0ee521c..bc0b41b 100644 --- a/.github/workflows/mcp-shield.yml +++ b/.github/workflows/mcp-shield.yml @@ -20,6 +20,6 @@ jobs: cache: 'pnpm' - run: pnpm install --frozen-lockfile - run: pnpm run build - - uses: thuggeelya/mcp-shield-action@23b14aa85fca81748712a935bf4b38271870093c # v1 + - uses: thuggeelya/mcp-shield-action@644c14893e14c6b79aee14a5335ac3f9b12b08a4 # v1 with: server: 'node dist/index.js' From 14393a69313d2e3c6da05d30ad65a7cfd7a26c19 Mon Sep 17 00:00:00 2001 From: thuggeelya Date: Thu, 5 Mar 2026 03:20:06 +0100 Subject: [PATCH 5/5] Update MCP Shield badge score to 78 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9bcaece..6e9d313 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ [![npm version](https://badge.fury.io/js/@kimsungwhee%2Fapple-docs-mcp.svg)](https://badge.fury.io/js/@kimsungwhee%2Fapple-docs-mcp) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT) -[![MCP Shield](https://img.shields.io/badge/MCP_Shield-B_(75)-yellowgreen)](https://github.com/thuggeelya/mcp-shield) +[![MCP Shield](https://img.shields.io/badge/MCP_Shield-B_(78)-yellowgreen)](https://github.com/thuggeelya/mcp-shield) Apple Developer Documentation MCP Server - Access Apple's official developer docs, frameworks, APIs, SwiftUI, UIKit, and WWDC videos through Model Context Protocol. Search iOS, macOS, watchOS, tvOS, and visionOS documentation with AI-powered natural language queries. Get instant access to Swift/Objective-C code examples, API references, and technical guides directly in Claude, Cursor, or any MCP-compatible AI assistant.