GitHub Action
Fail the build when a repo references an untrusted MCP server or a fixture your policies should deny.
axiorank/verify-action is a shift-left gate for the AI agent supply chain.
On every pull request it does two things against your live AxioRank workspace:
- Preflights MCP servers: scans the repo for MCP config files
(
mcp.json,claude_desktop_config.json,.cursor/mcp.json,axiorank.json), extracts every remote server URL, and verifies each through card verification: signature check, key-domain anchoring, and supply-chain risk scoring. - Simulates tool-call fixtures against your live policy set, so a policy regression (or a fixture your policies should deny) fails the build before it ships.
Findings appear as PR annotations on the file that referenced the server or fixture.
Setup
name: AxioRank Verify
on: [pull_request]
jobs:
verify:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: axiorank/verify-action@v1
with:
api-key: ${{ secrets.AXIORANK_API_KEY }}
fixtures-dir: .axiorank/fixtures
fail-on: denyCreate a scoped API key under Settings → API Keys with cards:verify
(server preflights) and policies:read (fixture simulation), and store it as
a repository secret.
Fixtures
Each JSON file in fixtures-dir is one tool call to simulate:
{
"tool": "aws.s3.delete_bucket",
"arguments": { "bucket": "prod-backups" },
"environment": "production"
}Metering
Simulation runs against your live policy set but persists nothing and does not consume metered events. Card verification calls are governed events and are metered like any other.
Inputs
| Input | Default | Notes |
|---|---|---|
api-key | required | Use a repository secret. |
base-url | https://app.axiorank.com | The API origin. |
config-globs | the common MCP config paths | Newline-separated globs. |
fixtures-dir | empty (skip) | Directory of tool-call fixtures. |
fail-on | deny | deny-or-review also fails on card verdicts of review. |
Next steps
- Policies: what the simulation evaluates.
- Protocol adapters: what card verification inspects.