Building an MCP Server from Scratch — Day 5: Testing, Publishing & Ecosystem

Day 1 through 4 gave us a fully featured, production-hardened MCP server. Today we close the loop: tests, npm packages, CI/CD, and the broader MCP ecosystem.

1
Day 1: Setup & Tools
2
Day 2: Resources, Prompts & Advanced Tools
3
Day 3: SSE Transport & Docker
4
Day 4: Auth & Production Hardening
5
Day 5: Testing, Publishing & Ecosystem ← you are here

What We’re Building Today#

Layer	What
Unit tests	Test individual tools, auth, rate limiter
Integration tests	Test the MCP server over stdio + SSE
GitHub Actions	CI pipeline on push + PR
npm publishing	Package your MCP server for reuse
MCP directories	Register on smithery.ai, mcp.so, etc.
Ecosystem map	Clients, SDKs, servers worth knowing

Step 1: Install Test Dependencies#

1
cd github-issue-mcp
2
npm install --save-dev vitest @types/node
3
npm install --save-dev tsx    # For running TS tests directly

Create vitest.config.ts:

1
import { defineConfig } from "vitest/config";
2

3
export default defineConfig({
4
  test: {
5
    globals: true,
6
    environment: "node",
7
    include: ["src/**/*.test.ts"],
8
    coverage: {
9
      provider: "v8",
10
      include: ["src/**/*.ts"],
11
      exclude: ["src/**/*.test.ts", "src/**/*.d.ts"],
12
    },
13
  },
14
});

Update package.json:

1
{
2
  "scripts": {
3
    "build": "tsc",
4
    "test": "vitest run",
5
    "test:watch": "vitest",
6
    "test:coverage": "vitest run --coverage",
7
    "start": "node build/server.js"
8
  }
9
}

Step 2: Unit Tests#

Test Auth Service (`src/auth.test.ts`)#

1
import { describe, it, expect, beforeEach, vi } from "vitest";
2
import { AuthService } from "./auth";
3

4
describe("AuthService", () => {
5
  beforeEach(() => {
6
    vi.unstubAllEnvs();
7
  });
8

9
  it("should generate a dev key when no AUTH_KEYS set", () => {
10
    const auth = new AuthService();
11
    // In dev mode, a random 64-char hex key is generated
12
    // We can't predict it, but we can test the middleware
13
    const middleware = auth.middleware();
14
    const req = { headers: {}, apiKey: undefined } as any;
15
    const res = { status: vi.fn().mockReturnThis(), json: vi.fn() } as any;
16
    const next = vi.fn();
17

18
    middleware(req, res, next);
19

20
    expect(res.status).toHaveBeenCalledWith(401);
21
    expect(res.json).toHaveBeenCalledWith({ error: "Missing X-API-Key header" });
22
  });
23

24
  it("should accept valid keys from environment", () => {
25
    vi.stubEnv("AUTH_KEYS", "sk-mcp-1,sk-mcp-2");
26
    const auth = new AuthService();
27

28
    expect(auth.validate("sk-mcp-1")).toBe(true);
29
    expect(auth.validate("sk-mcp-2")).toBe(true);
30
    expect(auth.validate("sk-mcp-3")).toBe(false);
31
    expect(auth.validate("")).toBe(false);
32
    expect(auth.validate(undefined as any)).toBe(false);
33
  });
34

35
  it("should reject requests with wrong key via middleware", () => {
36
    vi.stubEnv("AUTH_KEYS", "sk-valid");
37
    const auth = new AuthService();
38
    const middleware = auth.middleware();
39
    const req = { headers: { "x-api-key": "sk-wrong" } } as any;
40
    const res = { status: vi.fn().mockReturnThis(), json: vi.fn() } as any;
41
    const next = vi.fn();
42

43
    middleware(req, res, next);
44

45
    expect(res.status).toHaveBeenCalledWith(403);
46
    expect(next).not.toHaveBeenCalled();
47
  });
48

49
  it("should pass valid keys through middleware", () => {
50
    vi.stubEnv("AUTH_KEYS", "sk-valid");
51
    const auth = new AuthService();
52
    const middleware = auth.middleware();
53
    const req = { headers: { "x-api-key": "sk-valid" } } as any;
54
    const res = { status: vi.fn().mockReturnThis(), json: vi.fn() } as any;
55
    const next = vi.fn();
56

57
    middleware(req, res, next);
58

59
    expect(res.status).not.toHaveBeenCalled();
60
    expect(next).toHaveBeenCalled();
61
    expect(req.apiKey).toBe("sk-valid");
62
  });
63
});

Test Rate Limiter (`src/rate-limit.test.ts`)#

1
import { describe, it, expect, beforeEach, vi } from "vitest";
2
import { RateLimiter } from "./rate-limit";
3

4
describe("RateLimiter", () => {
5
  let limiter: RateLimiter;
6

7
  beforeEach(() => {
8
    limiter = new RateLimiter(5, 1000); // 5 req/s for fast testing
9
  });
10

11
  it("should allow requests up to the limit", () => {
12
    for (let i = 0; i < 5; i++) {
13
      expect(limiter.check("key-1")).toBe(true);
14
    }
15
  });
16

17
  it("should block after exceeding the limit", () => {
18
    for (let i = 0; i < 5; i++) limiter.check("key-1");
19
    expect(limiter.check("key-1")).toBe(false);
20
  });
21

22
  it("should maintain separate buckets per key", () => {
23
    for (let i = 0; i < 5; i++) {
24
      limiter.check("key-a");
25
      limiter.check("key-b");
26
    }
27
    // Both should be at limit
28
    expect(limiter.check("key-a")).toBe(false);
29
    expect(limiter.check("key-b")).toBe(false);
30

31
    // Different key should still work
32
    expect(limiter.check("key-c")).toBe(true);
33
  });
34

35
  it("should reset after the window expires", async () => {
36
    limiter = new RateLimiter(5, 50); // 50ms window
37
    for (let i = 0; i < 5; i++) limiter.check("key-1");
38
    expect(limiter.check("key-1")).toBe(false);
39

40
    await new Promise((r) => setTimeout(r, 60));
41

42
    expect(limiter.check("key-1")).toBe(true);
43
  });
44

45
  it("should cleanup stale buckets", () => {
46
    limiter = new RateLimiter(5, 50);
47
    limiter.check("stale-key");
48
    limiter.check("active-key");
49

50
    // Wait for window to pass
51
    const cleanup = () => limiter.cleanup();
52
    vi.useFakeTimers();
53
    vi.advanceTimersByTime(100);
54
    cleanup();
55
    vi.useRealTimers();
56

57
    // After cleanup, stale-key bucket should be deleted
58
    // active-key also expired, but we just check it resets
59
    expect(limiter.check("stale-key")).toBe(true);
60
  });
61
});

Test CORS (`src/cors.test.ts`)#

1
import { describe, it, expect, vi } from "vitest";
2
import { corsMiddleware } from "./cors";
3

4
describe("corsMiddleware", () => {
5
  it("should allow any origin when wildcard is set", () => {
6
    const middleware = corsMiddleware(["*"]);
7
    const req = { headers: { origin: "https://evil.com" }, method: "GET" } as any;
8
    const res = { setHeader: vi.fn() } as any;
9
    const next = vi.fn();
10

11
    middleware(req, res, next);
12

13
    expect(res.setHeader).toHaveBeenCalledWith("Access-Control-Allow-Origin", "*");
14
    expect(next).toHaveBeenCalled();
15
  });
16

17
  it("should reject origins not in the allowlist", () => {
18
    const middleware = corsMiddleware(["https://myapp.com"]);
19
    const req = { headers: { origin: "https://evil.com" }, method: "GET" } as any;
20
    const res = { setHeader: vi.fn() } as any;
21
    const next = vi.fn();
22

23
    middleware(req, res, next);
24

25
    expect(res.setHeader).not.toHaveBeenCalledWith(
26
      "Access-Control-Allow-Origin", "https://evil.com"
27
    );
28
    expect(next).toHaveBeenCalled();
29
  });
30

31
  it("should handle OPTIONS preflight requests", () => {
32
    const middleware = corsMiddleware(["*"]);
33
    const req = { headers: { origin: "https://app.com" }, method: "OPTIONS" } as any;
34
    const res = {
35
      setHeader: vi.fn(),
36
      status: vi.fn().mockReturnThis(),
37
      end: vi.fn(),
38
    } as any;
39
    const next = vi.fn();
40

41
    middleware(req, res, next);
42

43
    expect(res.setHeader).toHaveBeenCalledWith("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
44
    expect(res.status).toHaveBeenCalledWith(204);
45
    expect(res.end).toHaveBeenCalled();
46
    expect(next).not.toHaveBeenCalled();
47
  });
48
});

Test Environment Config (`src/env.test.ts`)#

1
import { describe, it, expect, beforeEach, vi } from "vitest";
2
import { loadConfig } from "./env";
3

4
describe("loadConfig", () => {
5
  beforeEach(() => {
6
    vi.stubEnv("GITHUB_TOKEN", "ghp_test_token");
7
    vi.stubEnv("AUTH_KEYS", "sk-test");
8
    vi.stubEnv("NODE_ENV", "test");
9
    vi.stubEnv("PORT", "4000");
10
  });
11

12
  it("should read basic config from environment", () => {
13
    const config = loadConfig();
14
    expect(config.githubToken).toBe("ghp_test_token");
15
    expect(config.port).toBe(4000);
16
    expect(config.authKeys).toEqual(["sk-test"]);
17
    expect(config.nodeEnv).toBe("test");
18
  });
19

20
  it("should use defaults when optional vars are missing", () => {
21
    vi.unstubAllEnvs();
22
    vi.stubEnv("GITHUB_TOKEN", "ghp_test");
23
    vi.stubEnv("AUTH_KEYS", "sk-test");
24
    vi.stubEnv("NODE_ENV", "test");
25

26
    const config = loadConfig();
27
    expect(config.port).toBe(3001);
28
    expect(config.rateLimitMax).toBe(60);
29
    expect(config.rateLimitWindowMs).toBe(60000);
30
    expect(config.allowedOrigins).toEqual(["*"]);
31
  });
32

33
  it("should exit if GITHUB_TOKEN is missing", () => {
34
    vi.unstubAllEnvs();
35
    vi.stubEnv("AUTH_KEYS", "sk-test");
36

37
    expect(() => loadConfig()).toThrow();
38
  });
39

40
  it("should parse comma-separated allowed origins", () => {
41
    vi.stubEnv("ALLOWED_ORIGINS", "https://app.com,https://admin.app.com");
42

43
    const config = loadConfig();
44
    expect(config.allowedOrigins).toEqual(["https://app.com", "https://admin.app.com"]);
45
  });
46
});

Step 3: Integration Tests#

Integration tests run the actual MCP server and test it over stdio transport. We use child_process to spawn the server and send JSON-RPC messages.

Create `src/integration.test.ts`#

1
import { describe, it, expect, beforeAll, afterAll } from "vitest";
2
import { spawn, ChildProcess } from "child_process";
3
import path from "path";
4

5
const SERVER_SCRIPT = path.resolve(__dirname, "../build/index.js");
6

7
describe("MCP Server Integration (stdio)", () => {
8
  let server: ChildProcess;
9

10
  const sendMessage = (message: object): Promise<any> => {
11
    return new Promise((resolve, reject) => {
12
      const json = JSON.stringify(message) + "\n";
13
      let buffer = "";
14

15
      const onData = (data: Buffer) => {
16
        buffer += data.toString();
17
        // Try to parse a complete JSON-RPC response
18
        const lines = buffer.split("\n");
19
        for (const line of lines) {
20
          try {
21
            const parsed = JSON.parse(line);
22
            resolve(parsed);
23
            return;
24
          } catch {}
25
        }
26
      };
27

28
      server!.stdout!.on("data", onData);
29
      server!.stdin!.write(json, "utf-8");
30

31
      setTimeout(() => {
32
        server!.stdout!.removeListener("data", onData);
33
        reject(new Error("Timeout waiting for response"));
34
      }, 5000);
35
    });
36
  };
37

38
  beforeAll(() => {
39
    return new Promise((resolve) => {
40
      server = spawn("node", [SERVER_SCRIPT], {
41
        env: { ...process.env, GITHUB_TOKEN: "ghp_test" },
42
        stdio: ["pipe", "pipe", "inherit"],
43
      });
44
      // Wait for startup log
45
      server.stderr?.on("data", () => resolve());
46
      setTimeout(() => resolve(), 2000);
47
    });
48
  });
49

50
  afterAll(() => {
51
    server?.kill();
52
  });
53

54
  it("should respond to initialize", async () => {
55
    const response = await sendMessage({
56
      jsonrpc: "2.0",
57
      id: 1,
58
      method: "initialize",
59
      params: {
60
        protocolVersion: "2024-11-05",
61
        capabilities: {},
62
        clientInfo: { name: "test-client", version: "1.0" },
63
      },
64
    });
65

66
    expect(response.jsonrpc).toBe("2.0");
67
    expect(response.id).toBe(1);
68
    expect(response.result).toBeDefined();
69
    expect(response.result.serverInfo.name).toBe("github-issue-manager");
70
    expect(response.result.serverInfo.version).toBe("1.0.2");
71
  });
72

73
  it("should list tools", async () => {
74
    // First send initialized notification
75
    await sendMessage({
76
      jsonrpc: "2.0",
77
      method: "notifications/initialized",
78
    });
79

80
    const response = await sendMessage({
81
      jsonrpc: "2.0",
82
      id: 2,
83
      method: "tools/list",
84
    });
85

86
    expect(response.result.tools.length).toBe(7);
87
    const toolNames = response.result.tools.map((t: any) => t.name);
88
    expect(toolNames).toContain("list_issues");
89
    expect(toolNames).toContain("get_issue");
90
    expect(toolNames).toContain("create_issue");
91
    expect(toolNames).toContain("update_issue");
92
    expect(toolNames).toContain("search_issues");
93
    expect(toolNames).toContain("list_issues_paginated");
94
    expect(toolNames).toContain("batch_label_issues");
95
  });
96

97
  it("should list resources", async () => {
98
    const response = await sendMessage({
99
      jsonrpc: "2.0",
100
      id: 3,
101
      method: "resources/list",
102
    });
103

104
    expect(response.result.resources).toBeDefined();
105
    // Resources use templates, so list may be empty or contain URI patterns
106
  });
107

108
  it("should list prompts", async () => {
109
    const response = await sendMessage({
110
      jsonrpc: "2.0",
111
      id: 4,
112
      method: "prompts/list",
113
    });
114

115
    expect(response.result.prompts.length).toBe(3);
116
    const promptNames = response.result.prompts.map((p: any) => p.name);
117
    expect(promptNames).toContain("triage-issue");
118
    expect(promptNames).toContain("weekly-summary");
119
    expect(promptNames).toContain("bug-report-template");
120
  });
121
});

Run all tests:#

1
npm test

1
✓ AuthService > should generate a dev key when no AUTH_KEYS set
2
✓ AuthService > should accept valid keys from environment
3
✓ AuthService > should reject requests with wrong key via middleware
4
✓ AuthService > should pass valid keys through middleware
5
✓ RateLimiter > should allow requests up to the limit
6
✓ RateLimiter > should block after exceeding the limit
7
✓ RateLimiter > should maintain separate buckets per key
8
✓ RateLimiter > should reset after the window expires
9
✓ RateLimiter > should cleanup stale buckets
10
✓ CORS > should allow any origin when wildcard is set
11
✓ CORS > should reject origins not in the allowlist
12
✓ CORS > should handle OPTIONS preflight requests
13
✓ env > should read basic config from environment
14
✓ env > should use defaults when optional vars are missing
15
✓ env > should exit if GITHUB_TOKEN is missing
16
✓ env > should parse comma-separated allowed origins
17
✓ Integration > should respond to initialize
18
✓ Integration > should list tools
19
✓ Integration > should list resources
20
✓ Integration > should list prompts

Step 4: GitHub Actions CI#

Create .github/workflows/ci.yml:

1
name: CI
2

3
on:
4
  push:
5
    branches: [main]
6
  pull_request:
7
    branches: [main]
8

9
jobs:
10
  test:
11
    runs-on: ubuntu-latest
12
    strategy:
13
      matrix:
14
        node-version: [18, 20, 22]
15

16
    steps:
17
      - uses: actions/checkout@v4
18
      - uses: actions/setup-node@v4
19
        with:
20
          node-version: ${{ matrix.node-version }}
21
          cache: "npm"
22

23
      - run: npm ci
24
      - run: npm run build
25
      - run: npm test
26
        env:
27
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
28

29
  docker:
30
    needs: test
31
    runs-on: ubuntu-latest
32
    if: github.ref == 'refs/heads/main'
33

34
    steps:
35
      - uses: actions/checkout@v4
36
      - run: docker build -t github-issue-mcp .
37
      - run: docker run --rm github-issue-mcp node build/server.js --version || true

Step 5: Publishing to npm#

Publishing your MCP server on npm makes it installable via npx and discoverable by IDEs.

Prepare `package.json`#

1
{
2
  "name": "github-issue-mcp",
3
  "version": "1.0.2",
4
  "description": "MCP server for GitHub issue management — list, create, update, search, batch label",
5
  "type": "module",
6
  "main": "build/server.js",
7
  "bin": {
8
    "github-issue-mcp": "./build/server.js"
9
  },
10
  "files": ["build/", "README.md"],
11
  "keywords": ["mcp", "github", "issues", "model-context-protocol", "ai", "agents"],
12
  "license": "MIT",
13
  "repository": {
14
    "type": "git",
15
    "url": "https://github.com/your-username/github-issue-mcp.git"
16
  },
17
  "engines": {
18
    "node": ">=18"
19
  }
20
}

Publish:#

1
npm login
2
npm publish --access public

Usage after publishing:#

1
{
2
  "mcpServers": {
3
    "github-issue-manager": {
4
      "command": "npx",
5
      "args": ["-y", "github-issue-mcp"],
6
      "env": {
7
        "GITHUB_TOKEN": "ghp_...",
8
        "AUTH_KEYS": "sk-mcp-dev"
9
      }
10
    }
11
  }
12
}

Step 6: Register on MCP Directories#

Once published, register your server on community directories so others can discover and use it.

Directory	URL	How
Smithery	https://smithery.ai	Add via form, provide npm name + env vars
MCP.so	https://mcp.so	Submit GitHub URL
MCPServers	https://mcp-servers.com	Submit via Discord
PulseMCP	https://pulsemcp.com	Manual listing request
OpenTools	https://opentools.ai/mcp	npm package auto-detected

What to include in the listing:#

1
# GitHub Issue Manager MCP Server
2

3
Manage GitHub issues through AI agents. Supports listing, creating, updating,
4
searching, and batch-labeling issues with full pagination and comments.
5

6
## Tools (7)
7
- list_issues, get_issue, create_issue, update_issue
8
- search_issues, list_issues_paginated, batch_label_issues
9

10
## Resources (3)
11
- issue://{owner}/{repo}/{number} — issue detail
12
- issue://{owner}/{repo}/{number}/comments — comment thread
13
- issue://{owner}/{repo}/open — open issues overview
14

15
## Prompts (3)
16
- triage-issue — structured issue analysis
17
- weekly-summary — standardized weekly report
18
- bug-report-template — reproducible bug filing
19

20
## Installation
21
```json
22
{
23
  "mcpServers": {
24
    "github-issue-manager": {
25
      "command": "npx",
26
      "args": ["-y", "github-issue-mcp"],
27
      "env": { "GITHUB_TOKEN": "..." }
28
    }
29
  }
30
}

Environment#

Variable	Required	Default	Description
GITHUB_TOKEN	✅	—	GitHub personal access token
AUTH_KEYS	prod	auto	Comma-separated API keys
PORT	—	3001	HTTP server port
NODE_ENV	—	development	production enables auth enforcement

1
---
2

3
## Step 7: The MCP Ecosystem Map
4

5
Knowing what else exists helps you place your server in the ecosystem.
6

7
### Clients that support MCP
8

9
| Client | Type | Notes |
10
|--------|------|-------|
11
| **Claude Desktop** | Desktop | MCP-native, best UX |
12
| **Claude Code** | CLI | Stdio transport, great for dev |
13
| **VS Code** (Cline, Continue) | IDE | MCP tools as code actions |
14
| **IntelliJ** (Continue) | IDE | Via continue.dev plugin |
15
| **OpenAI Agents SDK** | SDK | Supports MCP tool discovery |
16
| **Custom clients** | Any | Use MCP SDK or raw JSON-RPC |
17

18
### SDKs for building MCP servers
19

20
| SDK | Language | Notes |
21
|-----|----------|-------|
22
| `@modelcontextprotocol/sdk` | TypeScript | Official, best maintained |
23
| `mcp-python-sdk` | Python | Official, fewer features |
24
| `mcp-go-sdk` | Go | Community, lightweight |
25
| `mcp-rs-sdk` | Rust | Community, async-native |
26

27
### Essential MCP servers to try
28

29
| Server | What it does |
30
|--------|-------------|
31
| **GitHub** (official) | Full repo management |
32
| **Playwright** | Browser automation |
33
| **PostgreSQL** | Database queries |
34
| **Filesystem** | File read/write operations |
35
| **Fetch** | HTTP requests |
36
| **Brave Search** | Web search |
37
| **Sequential Thinking** | Structured reasoning |
38
| **Deskpro** | Customer support |
39

40
### Hosting options
41

42
| How | Pros | Cons |
43
|-----|------|------|
44
| `npx` (stdio) | Zero setup, works everywhere | Local only |
45
| Docker (SSE) | Portable, network-accessible | Need Docker |
46
| Fly.io | Global edge, free tier | Vendor lock |
47
| Railway | Simple deploy, env management | Compute cost |
48
| Your own VPS | Full control | Maintenance |
49

50
---
51

52
## Step 8: Checklist Before Going to Production
53

54
```markdown
55
## Production Readiness Checklist
56

57
### Security
58
- [ ] GITHUB_TOKEN has minimal scopes (only issues:read + issues:write)
59
- [ ] AUTH_KEYS configured (not using dev auto-gen)
60
- [ ] Rate limiting enabled (prevent abuse)
61
- [ ] CORS restricted to known origins (not "*")
62
- [ ] Running with read-only filesystem (Docker)
63
- [ ] Non-root user in container
64

65
### Reliability
66
- [ ] Graceful shutdown handles SIGTERM
67
- [ ] Health check endpoint configured
68
- [ ] Rate limit cleanup runs periodically
69
- [ ] All env vars validated on startup
70

71
### Monitoring
72
- [ ] Logs captured (stdout/stderr to logging service)
73
- [ ] Health endpoint monitored (every 30s)
74
- [ ] Active connection count tracked
75
- [ ] Rate limit hits logged for abuse detection
76

77
### Operations
78
- [ ] CI passes (unit + integration tests)
79
- [ ] Docker image built and scanned
80
- [ ] Version bumped (semver)
81
- [ ] README updated with env vars + usage

Series Summary#

Day	Topic	Content
1	Setup & Architecture	Project structure, MCP SDK, 5 tools, StdioServerTransport, MCP Inspector
2	Resources, Prompts & Advanced Tools	3 resources, 3 prompts, pagination, batch labeling, deep dive explanations
3	SSE Transport & Docker	Express.js SSE server, session management, multi-client, Docker multi-stage build
4	Auth & Production Hardening	API key auth, rate limiting, CORS, env validation, graceful shutdown
5	Testing, Publishing & Ecosystem	Vitest unit/integration tests, GitHub Actions CI, npm publishing, MCP directories

What you built:#

1
📁 github-issue-mcp
2
├── 📄 Server (Tools + Resources + Prompts)
3
│   ├── 7 tools for GitHub issue management
4
│   ├── 3 read-only resources as markdown
5
│   └── 3 reusable prompt templates
6
├── 🔒 Production hardening
7
│   ├── API key authentication
8
│   ├── Rate limiting (sliding window)
9
│   ├── CORS (origin whitelist)
10
│   └── Graceful shutdown
11
├── 🐳 Docker deployment
12
│   ├── Multi-stage build (119MB → 89MB)
13
│   ├── Non-root user
14
│   └── Read-only filesystem
15
├── ✅ Testing
16
│   ├── Unit tests (auth, rate limiter, CORS, env)
17
│   ├── Integration tests (stdio transport)
18
│   └── CI pipeline on push + PR
19
└── 📦 Publishing
20
    ├── npm package
21
    ├── MCP directory listings
22
    └── Production readiness checklist

Where to go next:#

Build your own tools: Add tools for your specific domain (Jira, Slack, Notion, databases)
Multi-server setup: Run multiple MCP servers and let your agent use them all
Agent-to-agent: Explore ACP (Agent Communication Protocol) for multi-agent workflows
Observability: Add Langfuse/LangSmith tracing to track agent decisions

Series: Building an MCP Server from Scratch. Day 5: Testing with Vitest, GitHub Actions CI, npm publishing, MCP ecosystem directories, and a production readiness checklist. Complete series now available.