Official SDKs, GitHub Actions templates, a verified publisher program, and one-click hosting — everything you need to go from local prototype to production-grade MCP server in hours.
What's in the kit
Official SDKs
Type-safe Node.js and Python clients for catalog queries, team config, and audit log export.
GitHub Actions
Three Action templates: sync config, audit-scan PRs, and publish releases. Template YAMLs available now.
Verified Publisher badge
Human security review + badge in the catalog. Verified servers surface first in enterprise filtered views.
Sentinel CLI
Local-first action firewall. Wrap any MCP server, enforce policy rules, log locally. Free core.
Catalog MCP Server
Search the catalog and check verification status directly from Claude, Cursor, or any MCP client — no browser tab required.
Managed hosting
One-click hosted endpoints from $9/mo. No containers, no restarts, no config drift.
Revenue share
List paid MCP servers and earn a revenue share on every subscription. Payouts via Stripe.
Official SDKs
Query the catalog, manage team configs, and export audit logs programmatically — with full TypeScript types and Pydantic models.
Early access: The SDK packages are in active development. The API surface shown below is final — packages will be published to npm/PyPI on launch. Join the waitlist via the docs page to be notified and get early access credentials.
npm install @curatedmcp/sdk # early access — join waitlist belowimport { CuratedMCP } from '@curatedmcp/sdk';
const client = new CuratedMCP({ apiKey: process.env.CURATEDMCP_API_KEY });
// List approved servers for your team
const servers = await client.catalog.list({ filter: 'read-only' });
// Get your Team Config URL config
const config = await client.team.getConfig({ teamId: 'acme' });
// Export audit logs
const logs = await client.audit.export({ from: '2026-01-01', format: 'csv' });pip install curatedmcp # early access — join waitlist belowfrom curatedmcp import CuratedMCP
client = CuratedMCP(api_key=os.environ["CURATEDMCP_API_KEY"])
# List approved servers for your team
servers = client.catalog.list(filter="read-only")
# Get your Team Config URL config
config = client.team.get_config(team_id="acme")
# Export audit logs
logs = client.audit.export(from_date="2026-01-01", format="csv")GitHub Actions templates
Copy-paste YAML into your .github/workflows/ directory. Add your API key as a GitHub secret and you're live.
Early access: Actions 1 (sync config) uses the live Team Config URL — copy-paste ready today. Actions 2 and 3 (audit scan, publish) depend on GitHub Actions packages currently in active development alongside the SDK. The YAML templates shown are the final form.
Sync your team's approved MCP config on every push. Ensures all developer machines use the latest org-approved servers.
curatedmcp-sync.ymlname: Sync MCP Config
on:
push:
branches: [main]
schedule:
- cron: '0 6 * * *' # daily refresh
jobs:
sync-mcp:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Fetch approved MCP config
run: |
curl -sf -H "Authorization: Bearer ${{ secrets.CURATEDMCP_API_KEY }}" \
https://curatedmcp.com/api/teams/${{ vars.CURATEDMCP_TEAM_ID }}/config \
-o .mcp-config.json
- name: Verify JSON is valid
run: python3 -c "import json,sys; json.load(open('.mcp-config.json'))"
- name: Commit updated config
uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: "chore: update approved MCP config"
file_pattern: .mcp-config.jsonAutomatically scan pull requests for new MCP server additions and flag unapproved servers before they merge.
curatedmcp-audit.ymlname: MCP Audit Scan
on:
pull_request:
paths:
- '**/*.json'
- '.mcp-config.json'
- 'claude.json'
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run MCP audit scan
uses: curatedmcp/audit-action@v1
with:
api-key: ${{ secrets.CURATEDMCP_API_KEY }}
team-id: ${{ vars.CURATEDMCP_TEAM_ID }}
fail-on: unapproved,high-risk
- name: Comment results on PR
if: always()
uses: curatedmcp/pr-comment-action@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}Automate submission and update of your MCP server listing on CuratedMCP when you push a new release tag.
curatedmcp-publish.ymlname: Publish to CuratedMCP
on:
push:
tags:
- 'v*'
jobs:
publish:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Publish / update MCP listing
uses: curatedmcp/publish-action@v1
with:
api-key: ${{ secrets.CURATEDMCP_API_KEY }}
manifest: ./mcp.json # your server manifest
changelog: ${{ github.event.head_commit.message }}
- name: Request security review
if: ${{ inputs.request-review == 'true' }}
uses: curatedmcp/review-action@v1
with:
api-key: ${{ secrets.CURATEDMCP_API_KEY }}Required secret: CURATEDMCP_API_KEY — generate in your CuratedMCP dashboard under Settings → API Keys. Optionally set CURATEDMCP_TEAM_ID as a repository variable for team-scoped actions.
Verified publisher program
Verified servers pass a human security review and display a Verified badge. Enterprise teams filter by Verified by default — so this directly drives installs.
Submit via the form below or use the Publish GitHub Action. Provide a public repo, config example, and your mcp.json manifest.
A CuratedMCP engineer reads your source code within 48 hours, checking for secrets exposure, injection vulnerabilities, and MCP spec compliance.
Approved servers display a Verified badge in the catalog and are eligible for the "Read-Only" filter — increasing enterprise discoverability significantly.
Major version bumps trigger a re-review automatically (via the Publish Action or webhook). Badge stays active between patch releases.
{
"name": "my-mcp-server",
"version": "1.0.0",
"description": "One-line description of what your server does",
"category": "productivity",
"risk": "read-only",
"repository": "https://github.com/yourorg/your-mcp-server",
"config": {
"command": "npx",
"args": ["-y", "my-mcp-server"],
"env": {
"API_KEY": { "required": true, "description": "Your service API key" }
}
},
"tools": [
{ "name": "get_data", "description": "Retrieve data from the service" }
]
}Quick start
Drop the manifest file in your repo root using the template above. This is what the reviewer reads.
Go to /docs and submit your server link. A human engineer reviews within 48 hours.
Once approved, your server is live in the catalog. Verified badge appears automatically.