Build MCP Server từ Scratch — Day 5: Testing, Publishing & Ecosystem

Day 1 → 4 cho MCP server hoàn chỉnh, production-ready. Day 5: test, publish, và ecosystem.

Hôm nay làm gì?#

Layer	Nội dung
Unit tests	Auth, rate limiter, CORS, env validation
Integration tests	Test MCP server qua stdio + JSON-RPC
GitHub Actions	CI pipeline tự động
npm publish	Package server để ai cũng dùng được
MCP directories	Đăng ký lên smithery.ai, mcp.so
Ecosystem map	Clients, SDKs, servers đáng biết

Step 1: Cài Test Dependencies#

1
cd github-issue-mcp
2
npm install --save-dev vitest @types/node tsx

vitest.config.ts:

1
import { defineConfig } from "vitest/config";
2
export default defineConfig({
3
  test: {
4
    globals: true,
5
    environment: "node",
6
    include: ["src/**/*.test.ts"],
7
    coverage: { provider: "v8", include: ["src/**/*.ts"], exclude: ["src/**/*.test.ts"] },
8
  },
9
});

package.json scripts:

1
{
2
  "scripts": {
3
    "build": "tsc",
4
    "test": "vitest run",
5
    "test:watch": "vitest",
6
    "test:coverage": "vitest run --coverage",
7
    "start": "node build/server.js"
8
  }
9
}

Step 2: Unit Tests#

`src/auth.test.ts` — Test Auth Service#

1
import { describe, it, expect, beforeEach, vi } from "vitest";
2
import { AuthService } from "./auth";
3

4
describe("AuthService", () => {
5
  beforeEach(() => vi.unstubAllEnvs());
6

7
  it("dev mode — generate key, 401 if missing header", () => {
8
    const auth = new AuthService();
9
    const mw = auth.middleware();
10
    const req = { headers: {} } as any;
11
    const res = { status: vi.fn().mockReturnThis(), json: vi.fn() } as any;
12
    const next = vi.fn();
13
    mw(req, res, next);
14
    expect(res.status).toHaveBeenCalledWith(401);
15
  });
16

17
  it("accept valid keys from AUTH_KEYS", () => {
18
    vi.stubEnv("AUTH_KEYS", "sk-a,sk-b");
19
    const auth = new AuthService();
20
    expect(auth.validate("sk-a")).toBe(true);
21
    expect(auth.validate("sk-c")).toBe(false);
22
  });
23

24
  it("reject wrong key via middleware", () => {
25
    vi.stubEnv("AUTH_KEYS", "sk-valid");
26
    const auth = new AuthService();
27
    const req = { headers: { "x-api-key": "sk-wrong" } } as any;
28
    const res = { status: vi.fn().mockReturnThis(), json: vi.fn() } as any;
29
    const next = vi.fn();
30
    auth.middleware()(req, res, next);
31
    expect(res.status).toHaveBeenCalledWith(403);
32
  });
33

34
  it("pass valid key, set req.apiKey", () => {
35
    vi.stubEnv("AUTH_KEYS", "sk-valid");
36
    const auth = new AuthService();
37
    const req = { headers: { "x-api-key": "sk-valid" } } as any;
38
    const res = { status: vi.fn().mockReturnThis(), json: vi.fn() } as any;
39
    const next = vi.fn();
40
    auth.middleware()(req, res, next);
41
    expect(next).toHaveBeenCalled();
42
    expect(req.apiKey).toBe("sk-valid");
43
  });
44
});

`src/rate-limit.test.ts` — Test Rate Limiter#

1
import { describe, it, expect, beforeEach } from "vitest";
2
import { RateLimiter } from "./rate-limit";
3

4
describe("RateLimiter", () => {
5
  let rl: RateLimiter;
6
  beforeEach(() => { rl = new RateLimiter(5, 1000); });
7

8
  it("allow up to limit", () => {
9
    for (let i = 0; i < 5; i++) expect(rl.check("k1")).toBe(true);
10
  });
11

12
  it("block after limit", () => {
13
    for (let i = 0; i < 5; i++) rl.check("k1");
14
    expect(rl.check("k1")).toBe(false);
15
  });
16

17
  it("separate buckets per key", () => {
18
    for (let i = 0; i < 5; i++) { rl.check("a"); rl.check("b"); }
19
    expect(rl.check("a")).toBe(false);
20
    expect(rl.check("b")).toBe(false);
21
    expect(rl.check("c")).toBe(true); // fresh key
22
  });
23
});

Chạy test:#

1
npm test

1
✓ AuthService > dev mode — generate key, 401 if missing header
2
✓ AuthService > accept valid keys from AUTH_KEYS
3
✓ AuthService > reject wrong key via middleware
4
✓ AuthService > pass valid key, set req.apiKey
5
✓ RateLimiter > allow up to limit
6
✓ RateLimiter > block after limit
7
✓ RateLimiter > separate buckets per key
8
✓ CORS > ...
9
✓ env > ...
10
✓ Integration > respond to initialize
11
✓ Integration > list tools (7)
12
✓ Integration > list prompts (3)

Step 3: GitHub Actions CI#

.github/workflows/ci.yml:

1
name: CI
2
on:
3
  push: { branches: [main] }
4
  pull_request: { branches: [main] }
5

6
jobs:
7
  test:
8
    runs-on: ubuntu-latest
9
    strategy:
10
      matrix:
11
        node-version: [18, 20, 22]
12
    steps:
13
      - uses: actions/checkout@v4
14
      - uses: actions/setup-node@v4
15
        with:
16
          node-version: ${{ matrix.node-version }}
17
          cache: "npm"
18
      - run: npm ci
19
      - run: npm run build
20
      - run: npm test
21
        env:
22
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
23

24
  docker:
25
    needs: test
26
    runs-on: ubuntu-latest
27
    if: github.ref == 'refs/heads/main'
28
    steps:
29
      - uses: actions/checkout@v4
30
      - run: docker build -t github-issue-mcp .

Step 4: Publish lên npm#

Chuẩn bị `package.json`:#

1
{
2
  "name": "github-issue-mcp",
3
  "version": "1.0.2",
4
  "description": "MCP server for GitHub issue management",
5
  "type": "module",
6
  "bin": { "github-issue-mcp": "./build/server.js" },
7
  "files": ["build/", "README.md"],
8
  "keywords": ["mcp", "github", "issues", "model-context-protocol", "ai"],
9
  "license": "MIT"
10
}

Publish:#

1
npm login
2
npm publish --access public

Dùng với Claude Desktop:#

1
{
2
  "mcpServers": {
3
    "github-issue-manager": {
4
      "command": "npx",
5
      "args": ["-y", "github-issue-mcp"],
6
      "env": { "GITHUB_TOKEN": "ghp_...", "AUTH_KEYS": "sk-mcp-dev" }
7
    }
8
  }
9
}

Step 5: Đăng ký trên MCP Directories#

Directory	URL	Cách đăng ký
Smithery	smithery.ai	Form, cung cấp npm name + env vars
MCP.so	mcp.so	Submit GitHub URL
PulseMCP	pulsemcp.com	Manual request
OpenTools	opentools.ai/mcp	Tự detect từ npm

Step 6: Ecosystem Map#

Clients hỗ trợ MCP#

Client	Type	Notes
Claude Desktop	Desktop	MCP-native
Claude Code	CLI	Stdio transport
VS Code (Cline, Continue)	IDE	Code actions
OpenAI Agents SDK	SDK	Tool discovery

SDKs#

SDK	Language	Notes
`@modelcontextprotocol/sdk`	TS	Official
`mcp-python-sdk`	Python	Official
`mcp-go-sdk`	Go	Community

Hosting#

Cách	Pros
`npx` (stdio)	Không cần setup
Docker (SSE)	Portable
Fly.io / Railway	Global, managed

Step 7: Production Readiness Checklist#

1
- [ ] GITHUB_TOKEN minimal scopes
2
- [ ] AUTH_KEYS configured
3
- [ ] Rate limiting enabled
4
- [ ] CORS restricted
5
- [ ] Read-only filesystem (Docker)
6
- [ ] Non-root user in container
7
- [ ] Graceful shutdown
8
- [ ] Health check endpoint
9
- [ ] CI passes
10
- [ ] README updated

Series Summary#

Day	Chủ đề	Nội dung
1	Setup & Architecture	5 tools, StdioServerTransport, Inspector
2	Resources, Prompts & Advanced Tools	3 resources, 3 prompts, pagination, batch
3	SSE Transport & Docker	Express.js, session management, multi-stage build
4	Auth & Production Hardening	API key, rate limit, CORS, graceful shutdown
5	Testing, Publishing & Ecosystem	Vitest, CI, npm, MCP directories

Những gì đã build:#

1
📁 github-issue-mcp v1.0.2
2
├── 🛠 7 tools · 📄 3 resources · 💬 3 prompts
3
├── 🔒 API key auth + rate limiting + CORS
4
├── 🐳 Docker (multi-stage, non-root, read-only)
5
├── ✅ 10+ unit tests + integration tests
6
└── 📦 npm package + MCP directories

Series: Building an MCP Server from Scratch. Hoàn thành 5 ngày từ zero → production-ready MCP server.