CI/CD Integration

The MCP server supports explicit credential injection for CI/CD environments, enabling AI-powered workflows in GitHub Actions and other automation pipelines.

Use Cases

Automated bug fixing: Linear issue → Claude Code → PR
Feature implementation: Spec-driven development triggered by issue labels
Test generation: AI writes tests referencing requirements
Requirements validation: Style checking in CI pipelines

The `--auth-from-env` Flag

By default, the MCP server discovers credentials from project-settings.json in your local .requirements/ directory. For CI/CD environments, use the --auth-from-env flag to read credentials from environment variables instead:


node packages/cli/dist/mcp/index.js --auth-from-env

When this flag is present, the MCP server reads:

Environment Variable	Purpose
`DOTREQ_PROJECT_ID`	Your project slug
`DOTREQ_PROJECT_SECRET`	Your project secret

If either variable is missing, the server returns a clear error message.

Important: Without the --auth-from-env flag, these environment variables are ignored. This explicit opt-in prevents accidental credential conflicts between local development and CI environments.

GitHub Actions Configuration

Step 1: Add Secrets

Add these secrets to your GitHub repository:

DOTREQ_PROJECT_ID — Your project slug
DOTREQ_PROJECT_SECRET — Your project secret

Get these from your project’s project-settings.json or by running dotrequirements link.

Step 2: Build CLI and Generate MCP Config

In your workflow, build the CLI and generate the MCP config at runtime:


- name: Setup pnpm
  uses: pnpm/action-setup@v4
  with:
    version: 9
 
- name: Setup Node.js
  uses: actions/setup-node@v4
  with:
    node-version: '20'
    cache: 'pnpm'
 
- name: Build CLI and create MCP config
  env:
    DOTREQ_PROJECT_ID: ${{ secrets.DOTREQ_PROJECT_ID }}
    DOTREQ_PROJECT_SECRET: ${{ secrets.DOTREQ_PROJECT_SECRET }}
  run: |
    pnpm install --frozen-lockfile
    pnpm --filter "./packages/cli" build
 
    # Generate MCP config with credentials
    cat > /tmp/mcp-config.json << EOF
    {
      "mcpServers": {
        "dotrequirements": {
          "command": "node",
          "args": ["${{ github.workspace }}/packages/cli/dist/mcp/index.js", "--auth-from-env"],
          "env": {
            "DOTREQ_PROJECT_ID": "${DOTREQ_PROJECT_ID}",
            "DOTREQ_PROJECT_SECRET": "${DOTREQ_PROJECT_SECRET}"
          }
        }
      }
    }
    EOF

Step 3: Use with Claude Code Action

Pass the MCP config to the Claude Code action:


- uses: anthropics/claude-code-action@v1
  with:
    claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
    prompt_file: /tmp/claude-prompt.txt
    claude_args: "--mcp-config /tmp/mcp-config.json --allowedTools Read,Write,Edit,Bash,Glob,Grep,WebFetch,WebSearch,mcp__dotrequirements__*"

The mcp__dotrequirements__* pattern allows Claude to use all dotrequirements MCP tools.

Available Tools in CI/CD

All MCP tools work in CI/CD when credentials are provided:

Always Available (No Auth Required)

list_all_requirements — Get summary of all requirements
get_requirement — Get requirement tree with coverage info
search_requirements — Search by text or regex
validate_requirements — Check file syntax offline
create_requirement_document — Get Markdown template

Require Authentication

style_check — AI-powered style feedback
review_test — Semantic test validation
push_requirements — Push changes to cloud
get_requirement_coverage — Coverage data for requirement
get_project_coverage_summary — Project-wide coverage stats

Example: Linear Integration

This example workflow triggers when a claude-feature label is added to a Linear issue:


name: Claude Linear
 
on:
  repository_dispatch:
    types: [claude-fix, claude-feature]
 
jobs:
  claude-linear:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
 
      - name: Setup pnpm
        uses: pnpm/action-setup@v4
        with:
          version: 9
 
      - name: Build CLI and create MCP config
        env:
          DOTREQ_PROJECT_ID: ${{ secrets.DOTREQ_PROJECT_ID }}
          DOTREQ_PROJECT_SECRET: ${{ secrets.DOTREQ_PROJECT_SECRET }}
        run: |
          pnpm install --frozen-lockfile
          pnpm --filter "./packages/cli" build
 
          cat > /tmp/mcp-config.json << EOF
          {
            "mcpServers": {
              "dotrequirements": {
                "command": "node",
                "args": ["${{ github.workspace }}/packages/cli/dist/mcp/index.js", "--auth-from-env"],
                "env": {
                  "DOTREQ_PROJECT_ID": "${DOTREQ_PROJECT_ID}",
                  "DOTREQ_PROJECT_SECRET": "${DOTREQ_PROJECT_SECRET}"
                }
              }
            }
          }
          EOF
 
      - uses: anthropics/claude-code-action@v1
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
          prompt: |
            Implement this feature using the spec-driven workflow:
            1. Compose requirements using MCP tools
            2. Validate with style_check
            3. Implement the feature
            4. Write tests referencing requirements
            5. Create a PR
          claude_args: "--mcp-config /tmp/mcp-config.json"

Security Considerations

Explicit opt-in: The --auth-from-env flag must be explicitly passed; environment variables are not automatically read
Secret isolation: Generate MCP config at runtime to inject secrets without committing them
Scoped secrets: Consider creating CI-specific project secrets with labels (e.g., “GitHub Actions”) that can be rotated independently