stacklok · JAORMX · May 29, 2026 · May 29, 2026 · May 29, 2026 · May 29, 2026
diff --git a/npx/perplexity-ask/spec.yaml b/npx/perplexity-ask/spec.yaml
@@ -0,0 +1,22 @@
+# Perplexity Ask MCP Server Configuration
+# Real-time web search, reasoning, and research via the Perplexity API
+# Package: https://www.npmjs.com/package/@perplexity-ai/mcp-server
+# Repository: https://github.com/perplexityai/modelcontextprotocol
+# Will build as: ghcr.io/stacklok/dockyard/npx/perplexity-ask:0.9.0
+
+metadata:
+  name: perplexity-ask
+  description: "Official Perplexity MCP server for real-time web search, reasoning, and research via Sonar models"
+  protocol: npx
+
+spec:
+  package: "@perplexity-ai/mcp-server"
+  version: "0.9.0"
+
+provenance:
+  repository_uri: "https://github.com/perplexityai/modelcontextprotocol"
+  repository_ref: "refs/heads/main"
+
+security:
+  # Server requires PERPLEXITY_API_KEY to start - cannot complete startup in CI
+  insecure_ignore: true
diff --git a/npx/server-everything/spec.yaml b/npx/server-everything/spec.yaml
@@ -0,0 +1,31 @@
+# Everything MCP Server Configuration
+# Reference and demonstration MCP server exercising all features of the MCP protocol
+# Package: https://www.npmjs.com/package/@modelcontextprotocol/server-everything
+# Repository: https://github.com/modelcontextprotocol/servers
+# Will build as: ghcr.io/stacklok/dockyard/npx/server-everything:2026.1.26
+
+metadata:
+  name: server-everything
+  description: "Reference and demonstration MCP server exercising all features of the MCP protocol (tools, resources, prompts, sampling, etc.)"
+  protocol: npx
+
+spec:
+  package: "@modelcontextprotocol/server-everything"
+  version: "2026.1.26"
+
+provenance:
+  repository_uri: "https://github.com/modelcontextprotocol/servers"
+  repository_ref: "refs/heads/main"
+
+security:
+  allowed_issues:
+    - code: "AITech-12.1"
+      tool: "get-env"
+      reason: |
+        False positive — this is the official MCP reference/demo server,
+        intentionally exposing a `get-env` tool that "Prints all environment
+        variables, helpful for debugging MCP server configuration" (see the
+        server's own description). The scanner flags this as a data-poisoning
+        / configuration-tampering risk, but env-var inspection is the
+        documented purpose of the tool in a test fixture meant for protocol
+        exploration. Not a real exploit vector.
diff --git a/npx/server-memory/spec.yaml b/npx/server-memory/spec.yaml
@@ -0,0 +1,18 @@
+# Memory MCP Server Configuration
+# Knowledge-graph-based persistent memory for AI assistants
+# Package: https://www.npmjs.com/package/@modelcontextprotocol/server-memory
+# Repository: https://github.com/modelcontextprotocol/servers
+# Will build as: ghcr.io/stacklok/dockyard/npx/server-memory:2026.1.26
+
+metadata:
+  name: server-memory
+  description: "Knowledge-graph-based persistent memory for AI assistants, allowing models to remember information across sessions"
+  protocol: npx
+
+spec:
+  package: "@modelcontextprotocol/server-memory"
+  version: "2026.1.26"
+
+provenance:
+  repository_uri: "https://github.com/modelcontextprotocol/servers"
+  repository_ref: "refs/heads/main"
diff --git a/npx/server-sequential-thinking/spec.yaml b/npx/server-sequential-thinking/spec.yaml
@@ -0,0 +1,18 @@
+# Sequential Thinking MCP Server Configuration
+# Dynamic and reflective problem-solving through structured thinking sequences
+# Package: https://www.npmjs.com/package/@modelcontextprotocol/server-sequential-thinking
+# Repository: https://github.com/modelcontextprotocol/servers
+# Will build as: ghcr.io/stacklok/dockyard/npx/server-sequential-thinking:2025.12.18
+
+metadata:
+  name: server-sequential-thinking
+  description: "MCP server for dynamic and reflective problem-solving through structured thinking sequences"
+  protocol: npx
+
+spec:
+  package: "@modelcontextprotocol/server-sequential-thinking"
+  version: "2025.12.18"
+
+provenance:
+  repository_uri: "https://github.com/modelcontextprotocol/servers"
+  repository_ref: "refs/heads/main"
diff --git a/npx/stripe-mcp/spec.yaml b/npx/stripe-mcp/spec.yaml
@@ -0,0 +1,22 @@
+# Stripe MCP Server Configuration
+# Stripe API tools for managing payments, subscriptions, products, and customers
+# Package: https://www.npmjs.com/package/@stripe/mcp
+# Repository: https://github.com/stripe/agent-toolkit
+# Will build as: ghcr.io/stacklok/dockyard/npx/stripe-mcp:0.3.3
+
+metadata:
+  name: stripe-mcp
+  description: "Official Stripe MCP server providing API tools for managing payments, subscriptions, products, and customers"
+  protocol: npx
+
+spec:
+  package: "@stripe/mcp"
+  version: "0.3.3"
+
+provenance:
+  repository_uri: "https://github.com/stripe/agent-toolkit"
+  repository_ref: "refs/heads/main"
+
+security:
+  # Server requires STRIPE_SECRET_KEY to start - cannot complete startup in CI
+  insecure_ignore: true
diff --git a/uvx/mcp-server-git/spec.yaml b/uvx/mcp-server-git/spec.yaml
@@ -0,0 +1,18 @@
+# Git MCP Server Configuration
+# Tools for reading, searching, and manipulating Git repositories
+# Package: https://pypi.org/project/mcp-server-git/
+# Repository: https://github.com/modelcontextprotocol/servers
+# Will build as: ghcr.io/stacklok/dockyard/uvx/mcp-server-git:2026.1.14
+
+metadata:
+  name: mcp-server-git
+  description: "MCP server providing tools to read, search, and manipulate Git repositories via libgit2"
+  protocol: uvx
+
+spec:
+  package: "mcp-server-git"
+  version: "2026.1.14"
+
+provenance:
+  repository_uri: "https://github.com/modelcontextprotocol/servers"
+  repository_ref: "refs/heads/main"
diff --git a/uvx/mcp-server-time/spec.yaml b/uvx/mcp-server-time/spec.yaml
@@ -0,0 +1,18 @@
+# Time MCP Server Configuration
+# Time and timezone conversion utilities
+# Package: https://pypi.org/project/mcp-server-time/
+# Repository: https://github.com/modelcontextprotocol/servers
+# Will build as: ghcr.io/stacklok/dockyard/uvx/mcp-server-time:2026.1.26
+
+metadata:
+  name: mcp-server-time
+  description: "MCP server providing time and timezone conversion utilities"
+  protocol: uvx
+
+spec:
+  package: "mcp-server-time"
+  version: "2026.1.26"
+
+provenance:
+  repository_uri: "https://github.com/modelcontextprotocol/servers"
+  repository_ref: "refs/heads/main"
diff --git a/uvx/redis-mcp-server/spec.yaml b/uvx/redis-mcp-server/spec.yaml
@@ -0,0 +1,31 @@
+# Redis MCP Server Configuration
+# Natural-language interface for managing and querying Redis data
+# Package: https://pypi.org/project/redis-mcp-server/
+# Repository: https://github.com/redis/mcp-redis
+# Will build as: ghcr.io/stacklok/dockyard/uvx/redis-mcp-server:0.5.0
+
+metadata:
+  name: redis-mcp-server
+  description: "Official Redis MCP server providing a natural-language interface for managing and querying Redis data"
+  protocol: uvx
+
+spec:
+  package: "redis-mcp-server"
+  version: "0.5.0"
+
+provenance:
+  repository_uri: "https://github.com/redis/mcp-redis"
+  repository_ref: "refs/heads/main"
+
+security:
+  allowed_issues:
+    - code: "AITech-1.1"
+      tool: "search_redis_documents"
+      reason: |
+        False positive — the scanner flags the tool description for
+        instruction-override patterns, but the language is legitimate
+        operational guidance about how to query Redis Search (e.g. field
+        weighting, syntax) rather than a system-prompt override. The
+        description does not contain "ignore previous instructions" or any
+        equivalent override pattern. Verified against redis-mcp-server v0.5.0
+        published by Redis Inc (https://github.com/redis/mcp-redis).