Canary

A test fixture for validating Mindstone's release pipeline rather than a production integration. Ships a single ping tool with no authentication requirements. Part of a 35-connector monorepo that publishes to the @mindstone npm scope with strict supply-chain hardening: SHA-pinned GitHub Actions, seven-day npm release cool-down periods, and separated build and publish jobs where only the publish step touches credentials. The pipeline itself is more interesting than the server. If you're shipping your own MCP tooling and need a reference for provenance attestation, OIDC trusted publishing, or workflow script-injection defenses, the monorepo source offers a working blueprint.