From 427c5623628f935ccfa848e3dd542c70d1cedba0 Mon Sep 17 00:00:00 2001 From: Giuseppe Scuglia Date: Fri, 29 May 2026 11:01:02 +0200 Subject: [PATCH 1/3] feat: add 10 wrappers for MCP servers currently on docker.io/mcp/*:latest MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The toolhive-catalog has 14 server identifiers still pinned to `:latest` docker tags. 10 of those have upstream npm/PyPI packages with semver releases that we can wrap with dockyard, matching the pattern already used by 30+ servers in the registry. Servers added: - npx/server-everything @modelcontextprotocol/server-everything 2026.1.26 - npx/server-memory @modelcontextprotocol/server-memory 2026.1.26 - npx/server-sequential-thinking @modelcontextprotocol/server-sequential-thinking 2025.12.18 - uvx/mcp-server-git mcp-server-git 2026.1.14 - uvx/mcp-server-time mcp-server-time 2026.1.26 - npx/firecrawl-mcp firecrawl-mcp 3.20.1 - npx/cloud-run-mcp @google-cloud/cloud-run-mcp 1.10.0 - npx/stripe-agent-toolkit @stripe/agent-toolkit 0.9.0 - uvx/redis-mcp-server redis-mcp-server 0.5.0 - npx/perplexity-ask @perplexity-ai/mcp-server 0.9.0 Once these images are published and signed via the build-containers workflow, follow-up PRs on stacklok/toolhive-catalog will switch the matching server.json `identifier` fields away from the upstream `docker.io/mcp/*:latest` images to these dockyard-built versioned tags. Tracking: stacklok/toolhive-catalog#1233. Notes per server: - `redis-mcp-server` is the canonical Redis-Inc-published PyPI package (`redis/mcp-redis` repo); other npm/PyPI candidates were community forks. - `perplexity-ask` uses Perplexity Inc's official `@perplexity-ai/mcp-server`, not the legacy `server-perplexity-ask` from modelcontextprotocol/servers. Out of scope (deferred): - `sonarqube` — Java jar only, no npm/PyPI; needs a new dockyard protocol. - `netbird` — upstream has no semver releases; already on dockyard `:latest`. Each `task build -- /` was run locally and produced a valid Dockerfile via the dockhand generator. Co-Authored-By: Claude Opus 4.7 (1M context) --- npx/cloud-run-mcp/spec.yaml | 18 ++++++++++++++++++ npx/firecrawl-mcp/spec.yaml | 18 ++++++++++++++++++ npx/perplexity-ask/spec.yaml | 18 ++++++++++++++++++ npx/server-everything/spec.yaml | 18 ++++++++++++++++++ npx/server-memory/spec.yaml | 18 ++++++++++++++++++ npx/server-sequential-thinking/spec.yaml | 18 ++++++++++++++++++ npx/stripe-agent-toolkit/spec.yaml | 18 ++++++++++++++++++ uvx/mcp-server-git/spec.yaml | 18 ++++++++++++++++++ uvx/mcp-server-time/spec.yaml | 18 ++++++++++++++++++ uvx/redis-mcp-server/spec.yaml | 18 ++++++++++++++++++ 10 files changed, 180 insertions(+) create mode 100644 npx/cloud-run-mcp/spec.yaml create mode 100644 npx/firecrawl-mcp/spec.yaml create mode 100644 npx/perplexity-ask/spec.yaml create mode 100644 npx/server-everything/spec.yaml create mode 100644 npx/server-memory/spec.yaml create mode 100644 npx/server-sequential-thinking/spec.yaml create mode 100644 npx/stripe-agent-toolkit/spec.yaml create mode 100644 uvx/mcp-server-git/spec.yaml create mode 100644 uvx/mcp-server-time/spec.yaml create mode 100644 uvx/redis-mcp-server/spec.yaml diff --git a/npx/cloud-run-mcp/spec.yaml b/npx/cloud-run-mcp/spec.yaml new file mode 100644 index 0000000..b7445c0 --- /dev/null +++ b/npx/cloud-run-mcp/spec.yaml @@ -0,0 +1,18 @@ +# Cloud Run MCP Server Configuration +# Google Cloud Run deployment and management tools for AI assistants +# Package: https://www.npmjs.com/package/@google-cloud/cloud-run-mcp +# Repository: https://github.com/GoogleCloudPlatform/cloud-run-mcp +# Will build as: ghcr.io/stacklok/dockyard/npx/cloud-run-mcp:1.10.0 + +metadata: + name: cloud-run-mcp + description: "MCP server enabling AI assistants to deploy and manage Google Cloud Run services" + protocol: npx + +spec: + package: "@google-cloud/cloud-run-mcp" + version: "1.10.0" + +provenance: + repository_uri: "https://github.com/GoogleCloudPlatform/cloud-run-mcp" + repository_ref: "refs/heads/main" diff --git a/npx/firecrawl-mcp/spec.yaml b/npx/firecrawl-mcp/spec.yaml new file mode 100644 index 0000000..8abb6c6 --- /dev/null +++ b/npx/firecrawl-mcp/spec.yaml @@ -0,0 +1,18 @@ +# Firecrawl MCP Server Configuration +# Web scraping and content extraction via the Firecrawl API +# Package: https://www.npmjs.com/package/firecrawl-mcp +# Repository: https://github.com/mendableai/firecrawl-mcp-server +# Will build as: ghcr.io/stacklok/dockyard/npx/firecrawl-mcp:3.20.1 + +metadata: + name: firecrawl-mcp + description: "MCP server for web scraping, crawling, and structured content extraction using the Firecrawl API" + protocol: npx + +spec: + package: "firecrawl-mcp" + version: "3.20.1" + +provenance: + repository_uri: "https://github.com/mendableai/firecrawl-mcp-server" + repository_ref: "refs/heads/main" diff --git a/npx/perplexity-ask/spec.yaml b/npx/perplexity-ask/spec.yaml new file mode 100644 index 0000000..53573f0 --- /dev/null +++ b/npx/perplexity-ask/spec.yaml @@ -0,0 +1,18 @@ +# Perplexity Ask MCP Server Configuration +# Real-time web search, reasoning, and research via the Perplexity API +# Package: https://www.npmjs.com/package/@perplexity-ai/mcp-server +# Repository: https://github.com/perplexityai/modelcontextprotocol +# Will build as: ghcr.io/stacklok/dockyard/npx/perplexity-ask:0.9.0 + +metadata: + name: perplexity-ask + description: "Official Perplexity MCP server for real-time web search, reasoning, and research via Sonar models" + protocol: npx + +spec: + package: "@perplexity-ai/mcp-server" + version: "0.9.0" + +provenance: + repository_uri: "https://github.com/perplexityai/modelcontextprotocol" + repository_ref: "refs/heads/main" diff --git a/npx/server-everything/spec.yaml b/npx/server-everything/spec.yaml new file mode 100644 index 0000000..a8cc13a --- /dev/null +++ b/npx/server-everything/spec.yaml @@ -0,0 +1,18 @@ +# Everything MCP Server Configuration +# Reference and demonstration MCP server exercising all features of the MCP protocol +# Package: https://www.npmjs.com/package/@modelcontextprotocol/server-everything +# Repository: https://github.com/modelcontextprotocol/servers +# Will build as: ghcr.io/stacklok/dockyard/npx/server-everything:2026.1.26 + +metadata: + name: server-everything + description: "Reference and demonstration MCP server exercising all features of the MCP protocol (tools, resources, prompts, sampling, etc.)" + protocol: npx + +spec: + package: "@modelcontextprotocol/server-everything" + version: "2026.1.26" + +provenance: + repository_uri: "https://github.com/modelcontextprotocol/servers" + repository_ref: "refs/heads/main" diff --git a/npx/server-memory/spec.yaml b/npx/server-memory/spec.yaml new file mode 100644 index 0000000..be42696 --- /dev/null +++ b/npx/server-memory/spec.yaml @@ -0,0 +1,18 @@ +# Memory MCP Server Configuration +# Knowledge-graph-based persistent memory for AI assistants +# Package: https://www.npmjs.com/package/@modelcontextprotocol/server-memory +# Repository: https://github.com/modelcontextprotocol/servers +# Will build as: ghcr.io/stacklok/dockyard/npx/server-memory:2026.1.26 + +metadata: + name: server-memory + description: "Knowledge-graph-based persistent memory for AI assistants, allowing models to remember information across sessions" + protocol: npx + +spec: + package: "@modelcontextprotocol/server-memory" + version: "2026.1.26" + +provenance: + repository_uri: "https://github.com/modelcontextprotocol/servers" + repository_ref: "refs/heads/main" diff --git a/npx/server-sequential-thinking/spec.yaml b/npx/server-sequential-thinking/spec.yaml new file mode 100644 index 0000000..c7957cc --- /dev/null +++ b/npx/server-sequential-thinking/spec.yaml @@ -0,0 +1,18 @@ +# Sequential Thinking MCP Server Configuration +# Dynamic and reflective problem-solving through structured thinking sequences +# Package: https://www.npmjs.com/package/@modelcontextprotocol/server-sequential-thinking +# Repository: https://github.com/modelcontextprotocol/servers +# Will build as: ghcr.io/stacklok/dockyard/npx/server-sequential-thinking:2025.12.18 + +metadata: + name: server-sequential-thinking + description: "MCP server for dynamic and reflective problem-solving through structured thinking sequences" + protocol: npx + +spec: + package: "@modelcontextprotocol/server-sequential-thinking" + version: "2025.12.18" + +provenance: + repository_uri: "https://github.com/modelcontextprotocol/servers" + repository_ref: "refs/heads/main" diff --git a/npx/stripe-agent-toolkit/spec.yaml b/npx/stripe-agent-toolkit/spec.yaml new file mode 100644 index 0000000..a4ea0d5 --- /dev/null +++ b/npx/stripe-agent-toolkit/spec.yaml @@ -0,0 +1,18 @@ +# Stripe Agent Toolkit MCP Server Configuration +# Stripe API tools for payments, subscriptions, and customers +# Package: https://www.npmjs.com/package/@stripe/agent-toolkit +# Repository: https://github.com/stripe/agent-toolkit +# Will build as: ghcr.io/stacklok/dockyard/npx/stripe-agent-toolkit:0.9.0 + +metadata: + name: stripe-agent-toolkit + description: "MCP server providing Stripe API tools for managing payments, subscriptions, products, and customers" + protocol: npx + +spec: + package: "@stripe/agent-toolkit" + version: "0.9.0" + +provenance: + repository_uri: "https://github.com/stripe/agent-toolkit" + repository_ref: "refs/heads/main" diff --git a/uvx/mcp-server-git/spec.yaml b/uvx/mcp-server-git/spec.yaml new file mode 100644 index 0000000..2cd19cc --- /dev/null +++ b/uvx/mcp-server-git/spec.yaml @@ -0,0 +1,18 @@ +# Git MCP Server Configuration +# Tools for reading, searching, and manipulating Git repositories +# Package: https://pypi.org/project/mcp-server-git/ +# Repository: https://github.com/modelcontextprotocol/servers +# Will build as: ghcr.io/stacklok/dockyard/uvx/mcp-server-git:2026.1.14 + +metadata: + name: mcp-server-git + description: "MCP server providing tools to read, search, and manipulate Git repositories via libgit2" + protocol: uvx + +spec: + package: "mcp-server-git" + version: "2026.1.14" + +provenance: + repository_uri: "https://github.com/modelcontextprotocol/servers" + repository_ref: "refs/heads/main" diff --git a/uvx/mcp-server-time/spec.yaml b/uvx/mcp-server-time/spec.yaml new file mode 100644 index 0000000..98bb1f7 --- /dev/null +++ b/uvx/mcp-server-time/spec.yaml @@ -0,0 +1,18 @@ +# Time MCP Server Configuration +# Time and timezone conversion utilities +# Package: https://pypi.org/project/mcp-server-time/ +# Repository: https://github.com/modelcontextprotocol/servers +# Will build as: ghcr.io/stacklok/dockyard/uvx/mcp-server-time:2026.1.26 + +metadata: + name: mcp-server-time + description: "MCP server providing time and timezone conversion utilities" + protocol: uvx + +spec: + package: "mcp-server-time" + version: "2026.1.26" + +provenance: + repository_uri: "https://github.com/modelcontextprotocol/servers" + repository_ref: "refs/heads/main" diff --git a/uvx/redis-mcp-server/spec.yaml b/uvx/redis-mcp-server/spec.yaml new file mode 100644 index 0000000..8cb177c --- /dev/null +++ b/uvx/redis-mcp-server/spec.yaml @@ -0,0 +1,18 @@ +# Redis MCP Server Configuration +# Natural-language interface for managing and querying Redis data +# Package: https://pypi.org/project/redis-mcp-server/ +# Repository: https://github.com/redis/mcp-redis +# Will build as: ghcr.io/stacklok/dockyard/uvx/redis-mcp-server:0.5.0 + +metadata: + name: redis-mcp-server + description: "Official Redis MCP server providing a natural-language interface for managing and querying Redis data" + protocol: uvx + +spec: + package: "redis-mcp-server" + version: "0.5.0" + +provenance: + repository_uri: "https://github.com/redis/mcp-redis" + repository_ref: "refs/heads/main" From a4c0f9c8ee10a03b3b5baaf090619b319ee384d1 Mon Sep 17 00:00:00 2001 From: Giuseppe Scuglia Date: Fri, 29 May 2026 11:53:31 +0200 Subject: [PATCH 2/3] fix: address mcp-security-scan failures on the 5 affected specs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI surfaced 5 distinct failures across the new wrappers — 3 different root causes, fixed inline. (a) Server cannot start in CI without credentials - npx/firecrawl-mcp: requires FIRECRAWL_API_KEY / FIRECRAWL_API_URL - npx/perplexity-ask: requires PERPLEXITY_API_KEY Apply the standard `security.insecure_ignore: true` pattern already used by netbird/chrome-devtools-mcp. (b) Wrong upstream package — @stripe/agent-toolkit is a *library*, not a runnable MCP server (no `bin` entry on npm, hence the `npm error could not determine executable to run`). The actual MCP-server package is `@stripe/mcp` (current 0.3.3, bin: mcp). Renamed directory npx/stripe-agent-toolkit → npx/stripe-mcp and updated `spec.package` / `spec.version` accordingly. Also added `insecure_ignore: true` since `@stripe/mcp` needs STRIPE_SECRET_KEY to start. (c) Scanner flagged real tools as false-positive risks - npx/server-everything: AITech-12.1 HIGH on `get-env`. This is the reference/demo MCP server; the `get-env` tool is explicitly documented to expose environment variables for protocol testing. Allowlisted with reason. - uvx/redis-mcp-server: AITech-1.1 HIGH on `search_redis_documents`. Scanner misreads the tool's query-syntax description as a system- prompt-override pattern. The description contains no "ignore previous instructions" or equivalent override language — legitimate operational guidance. Allowlisted with reason. All five regenerated via `task build -- /` locally; Dockerfile output unchanged in shape for the 3 (a)-cases, and correctly targets the new `@stripe/mcp` package for (b). Co-Authored-By: Claude Opus 4.7 (1M context) --- npx/firecrawl-mcp/spec.yaml | 4 ++++ npx/perplexity-ask/spec.yaml | 4 ++++ npx/server-everything/spec.yaml | 13 +++++++++++++ npx/stripe-agent-toolkit/spec.yaml | 18 ------------------ npx/stripe-mcp/spec.yaml | 22 ++++++++++++++++++++++ uvx/redis-mcp-server/spec.yaml | 13 +++++++++++++ 6 files changed, 56 insertions(+), 18 deletions(-) delete mode 100644 npx/stripe-agent-toolkit/spec.yaml create mode 100644 npx/stripe-mcp/spec.yaml diff --git a/npx/firecrawl-mcp/spec.yaml b/npx/firecrawl-mcp/spec.yaml index 8abb6c6..29815a4 100644 --- a/npx/firecrawl-mcp/spec.yaml +++ b/npx/firecrawl-mcp/spec.yaml @@ -16,3 +16,7 @@ spec: provenance: repository_uri: "https://github.com/mendableai/firecrawl-mcp-server" repository_ref: "refs/heads/main" + +security: + # Server requires FIRECRAWL_API_KEY or FIRECRAWL_API_URL to start - cannot complete startup in CI + insecure_ignore: true diff --git a/npx/perplexity-ask/spec.yaml b/npx/perplexity-ask/spec.yaml index 53573f0..ed83f12 100644 --- a/npx/perplexity-ask/spec.yaml +++ b/npx/perplexity-ask/spec.yaml @@ -16,3 +16,7 @@ spec: provenance: repository_uri: "https://github.com/perplexityai/modelcontextprotocol" repository_ref: "refs/heads/main" + +security: + # Server requires PERPLEXITY_API_KEY to start - cannot complete startup in CI + insecure_ignore: true diff --git a/npx/server-everything/spec.yaml b/npx/server-everything/spec.yaml index a8cc13a..bb14591 100644 --- a/npx/server-everything/spec.yaml +++ b/npx/server-everything/spec.yaml @@ -16,3 +16,16 @@ spec: provenance: repository_uri: "https://github.com/modelcontextprotocol/servers" repository_ref: "refs/heads/main" + +security: + allowed_issues: + - code: "AITech-12.1" + tool: "get-env" + reason: | + False positive — this is the official MCP reference/demo server, + intentionally exposing a `get-env` tool that "Prints all environment + variables, helpful for debugging MCP server configuration" (see the + server's own description). The scanner flags this as a data-poisoning + / configuration-tampering risk, but env-var inspection is the + documented purpose of the tool in a test fixture meant for protocol + exploration. Not a real exploit vector. diff --git a/npx/stripe-agent-toolkit/spec.yaml b/npx/stripe-agent-toolkit/spec.yaml deleted file mode 100644 index a4ea0d5..0000000 --- a/npx/stripe-agent-toolkit/spec.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Stripe Agent Toolkit MCP Server Configuration -# Stripe API tools for payments, subscriptions, and customers -# Package: https://www.npmjs.com/package/@stripe/agent-toolkit -# Repository: https://github.com/stripe/agent-toolkit -# Will build as: ghcr.io/stacklok/dockyard/npx/stripe-agent-toolkit:0.9.0 - -metadata: - name: stripe-agent-toolkit - description: "MCP server providing Stripe API tools for managing payments, subscriptions, products, and customers" - protocol: npx - -spec: - package: "@stripe/agent-toolkit" - version: "0.9.0" - -provenance: - repository_uri: "https://github.com/stripe/agent-toolkit" - repository_ref: "refs/heads/main" diff --git a/npx/stripe-mcp/spec.yaml b/npx/stripe-mcp/spec.yaml new file mode 100644 index 0000000..1ca5766 --- /dev/null +++ b/npx/stripe-mcp/spec.yaml @@ -0,0 +1,22 @@ +# Stripe MCP Server Configuration +# Stripe API tools for managing payments, subscriptions, products, and customers +# Package: https://www.npmjs.com/package/@stripe/mcp +# Repository: https://github.com/stripe/agent-toolkit +# Will build as: ghcr.io/stacklok/dockyard/npx/stripe-mcp:0.3.3 + +metadata: + name: stripe-mcp + description: "Official Stripe MCP server providing API tools for managing payments, subscriptions, products, and customers" + protocol: npx + +spec: + package: "@stripe/mcp" + version: "0.3.3" + +provenance: + repository_uri: "https://github.com/stripe/agent-toolkit" + repository_ref: "refs/heads/main" + +security: + # Server requires STRIPE_SECRET_KEY to start - cannot complete startup in CI + insecure_ignore: true diff --git a/uvx/redis-mcp-server/spec.yaml b/uvx/redis-mcp-server/spec.yaml index 8cb177c..1262587 100644 --- a/uvx/redis-mcp-server/spec.yaml +++ b/uvx/redis-mcp-server/spec.yaml @@ -16,3 +16,16 @@ spec: provenance: repository_uri: "https://github.com/redis/mcp-redis" repository_ref: "refs/heads/main" + +security: + allowed_issues: + - code: "AITech-1.1" + tool: "search_redis_documents" + reason: | + False positive — the scanner flags the tool description for + instruction-override patterns, but the language is legitimate + operational guidance about how to query Redis Search (e.g. field + weighting, syntax) rather than a system-prompt override. The + description does not contain "ignore previous instructions" or any + equivalent override pattern. Verified against redis-mcp-server v0.5.0 + published by Redis Inc (https://github.com/redis/mcp-redis). From 2841fc2e62d816e9e430c6ed2651af365a43e03d Mon Sep 17 00:00:00 2001 From: Giuseppe Scuglia Date: Fri, 29 May 2026 12:52:52 +0200 Subject: [PATCH 3/3] fix: drop cloud-run-mcp and firecrawl-mcp pending upstream CVE fixes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Grype flagged HIGH/CRITICAL vulnerabilities in runtime transitive deps of these two packages. Per the policy in .grype.yaml, runtime deps in /app/node_modules are intentionally NOT eligible for ignore rules — they "reflect real risks in the upstream server package and should be resolved by that package bumping its vulnerable dep, or by per-finding analysis in a follow-up PR." cloud-run-mcp 1.10.0: protobufjs@7.5.4 (transitive via google-proto-files) carries: - GHSA-xq3m-2v4x-88gg CRITICAL - GHSA-75px-5xx7-5xc7 HIGH - GHSA-685m-2w69-288q HIGH - GHSA-66ff-xgx4-vchm HIGH - GHSA-jvwf-75h9-cwgg HIGH Fix path: upstream GoogleCloudPlatform/cloud-run-mcp bumps protobufjs. firecrawl-mcp 3.20.1: @modelcontextprotocol/sdk@1.18.0 carries: - GHSA-345p-7cg4-v4c7 HIGH - GHSA-w48q-cv73-mx4w HIGH - GHSA-8r9q-7v3j-jr4g HIGH Fix path: upstream mendableai/firecrawl-mcp-server bumps the SDK. The other 8 wrappers are clean and proceed in this PR. cloud-run-mcp and firecrawl-mcp will be added back in a follow-up once the corresponding upstream packages publish patched versions (or, alternatively, after a per-CVE VEX assessment if Stacklok decides the findings aren't reachable in the MCP-server runtime path). Tracking: stacklok/toolhive-catalog#1233 Co-Authored-By: Claude Opus 4.7 (1M context) --- npx/cloud-run-mcp/spec.yaml | 18 ------------------ npx/firecrawl-mcp/spec.yaml | 22 ---------------------- 2 files changed, 40 deletions(-) delete mode 100644 npx/cloud-run-mcp/spec.yaml delete mode 100644 npx/firecrawl-mcp/spec.yaml diff --git a/npx/cloud-run-mcp/spec.yaml b/npx/cloud-run-mcp/spec.yaml deleted file mode 100644 index b7445c0..0000000 --- a/npx/cloud-run-mcp/spec.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Cloud Run MCP Server Configuration -# Google Cloud Run deployment and management tools for AI assistants -# Package: https://www.npmjs.com/package/@google-cloud/cloud-run-mcp -# Repository: https://github.com/GoogleCloudPlatform/cloud-run-mcp -# Will build as: ghcr.io/stacklok/dockyard/npx/cloud-run-mcp:1.10.0 - -metadata: - name: cloud-run-mcp - description: "MCP server enabling AI assistants to deploy and manage Google Cloud Run services" - protocol: npx - -spec: - package: "@google-cloud/cloud-run-mcp" - version: "1.10.0" - -provenance: - repository_uri: "https://github.com/GoogleCloudPlatform/cloud-run-mcp" - repository_ref: "refs/heads/main" diff --git a/npx/firecrawl-mcp/spec.yaml b/npx/firecrawl-mcp/spec.yaml deleted file mode 100644 index 29815a4..0000000 --- a/npx/firecrawl-mcp/spec.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Firecrawl MCP Server Configuration -# Web scraping and content extraction via the Firecrawl API -# Package: https://www.npmjs.com/package/firecrawl-mcp -# Repository: https://github.com/mendableai/firecrawl-mcp-server -# Will build as: ghcr.io/stacklok/dockyard/npx/firecrawl-mcp:3.20.1 - -metadata: - name: firecrawl-mcp - description: "MCP server for web scraping, crawling, and structured content extraction using the Firecrawl API" - protocol: npx - -spec: - package: "firecrawl-mcp" - version: "3.20.1" - -provenance: - repository_uri: "https://github.com/mendableai/firecrawl-mcp-server" - repository_ref: "refs/heads/main" - -security: - # Server requires FIRECRAWL_API_KEY or FIRECRAWL_API_URL to start - cannot complete startup in CI - insecure_ignore: true