Install locally, connect your MCP client, and gate API quality in CI. Free tier works without a license.
curl -fsSL https://apithreshold.ai/install.sh | sh
Pin a release: APITHRESHOLD_VERSION=0.1.0 curl -fsSL https://apithreshold.ai/install.sh | sh
Linux / CI: use Docker — docker pull ghcr.io/apithreshold/apithreshold:latest
Set OPENAI_API_KEY (default) or configure Anthropic in MCP env:
APITHRESHOLD_LLM_PROVIDER=anthropicANTHROPIC_API_KEY=...Add to ~/.cursor/mcp.json — use the absolute path printed by install.sh:
{
"mcpServers": {
"apithreshold": {
"command": "/Users/you/.local/bin/apithreshold",
"args": ["serve"],
"env": {
"OPENAI_API_KEY": "sk-your-key-here"
}
}
}
}
Restart Cursor after changing MCP config.
Same pattern: command = absolute path to apithreshold, args = ["serve"], provider keys in env. Add via Claude Code MCP settings or project .mcp.json.
No license key is required to start. Free tier (omit APITHRESHOLD_LICENSE): up to 5 enrolled endpoints, Learning + Warning gate modes, quality scoring.
Starter / Pro (after purchase): you receive a license JWT. Add it to MCP env (steps 3–4) or CI/Docker -e. Same JWT works locally and in CI. Verification is offline — no call to apithreshold.ai at runtime.
Example — add to your MCP env block:
"env": {
"OPENAI_API_KEY": "sk-your-key-here",
"APITHRESHOLD_LICENSE": "eyJ..."
}
Plans and limits: apithreshold.ai/#pricing. To upgrade: [email protected].
Run the quality gate in CI with the Docker image — same enrolled endpoints and modes as local. Working example: apithreshold/apithreshold-action-demo. Save as .github/workflows/apithreshold.yml:
name: API quality
on:
pull_request:
push:
branches: [main]
env:
APITHRESHOLD_IMAGE: ghcr.io/apithreshold/apithreshold:0.1.0
jobs:
gate:
runs-on: ubuntu-latest
timeout-minutes: 30
permissions:
contents: read
steps:
- uses: actions/checkout@v4
- name: Pull APIThreshold image
run: docker pull "$APITHRESHOLD_IMAGE"
- name: API quality gate
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
run: |
PROJECT_ID="${GITHUB_REPOSITORY//\//-}"
MODE=warning
# Starter+ only — uncomment when APITHRESHOLD_LICENSE is in repo secrets:
# if [ "${{ github.ref }}" = "refs/heads/main" ]; then MODE=enforcing; fi
docker run --rm \
--entrypoint apithreshold \
-e OPENAI_API_KEY \
-e APITHRESHOLD_LICENSE \
-e APITHRESHOLD_PERSIST_SCOPE=false \
-e APITHRESHOLD_PREFLIGHT_THRESHOLD=0 \
-e APITHRESHOLD_TOOL_TIMEOUT=1200 \
-v "${{ github.workspace }}:/work" -w /work \
"$APITHRESHOLD_IMAGE" \
gate openapi.yaml \
--mode "$MODE" \
--project-id "$PROJECT_ID" \
--no-persist-scope
env:
OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
APITHRESHOLD_LICENSE: ${{ secrets.APITHRESHOLD_LICENSE }}
What this template does:
warning mode — reports quality gaps, does not fail the job when score is low.main: same as PRs on Free tier (warning). With Starter+ and the change below, main can use enforcing and block merges when score is below threshold.Setup checklist (first time):
.github/workflows/apithreshold.yml and commit.OPENAI_API_KEY with your provider key (required).gate openapi.yaml to the path of your OpenAPI file (e.g. api/openapi.yaml).warning — low scores may show as BLOCKED in logs but the job stays green).APITHRESHOLD_LICENSE, then uncomment the main → enforcing line in the workflow so pushes to main can fail CI when quality is below bar.GitHub secrets:
OPENAI_API_KEY — required (default provider). For Anthropic instead, add -e APITHRESHOLD_LLM_PROVIDER=anthropic -e ANTHROPIC_API_KEY to the docker run line and set the ANTHROPIC_API_KEY secret the same way as above.APITHRESHOLD_LICENSE — optional on Free tier (up to 5 enrolled endpoints; warning / learning only). Required before enabling enforcing on main (Starter+). See pricing.Before first run (repo layout):
--project-id as owner-repo (no slashes in gate state paths)..apithreshold/scope.yaml if the spec is large (generate locally with apithreshold scope init). APITHRESHOLD_PREFLIGHT_THRESHOLD=0 skips the interactive scope guard in CI; a committed scope file is better for production.APITHRESHOLD_IMAGE to a release tag; use latest only for experiments.ghcr.io/apithreshold/apithreshold is a public package — docker pull works without login in CI (including fork PR workflows that only run the pull step).Starter+ — enforcing on main: after APITHRESHOLD_LICENSE is in secrets, replace the mode block with:
PROJECT_ID="${GITHUB_REPOSITORY//\//-}"
MODE=warning
if [ "${{ github.ref }}" = "refs/heads/main" ]; then
MODE=enforcing
fi
Notes: gate runs the full pipeline (assess → generate → score → evaluate) and calls your LLM provider on every run — expect several minutes and API cost per run. Each job starts with fresh gate state; use explicit --mode as above. Optional: add -e CI=true to the docker run line for plain-text logs in the Actions UI.
Not covered on this page (see the action-demo repo for a working workflow and README notes on cache and progressive modes): progressive gate with Actions cache (learning → warning → enforcing over time), monorepos / --scope-path, multi-spec scope files, GitLab CI, checkpoint resume for very large specs, and wiring the job as a required status check in branch protection. For GitLab, monorepo, or enterprise progressive-gate setups, email [email protected].
docker run --rm -p 8090:8090 \ -e OPENAI_API_KEY=sk-your-key \ ghcr.io/apithreshold/apithreshold:latest
For teams that want a long-running HTTP MCP server (not the usual CI path above). Listens on http://localhost:8090/mcp.
Questions: [email protected]