Skip to content

Update docs for new package registry contributions #362

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
domdomegg merged 2 commits into from
Sep 5, 2025
Merged

Update docs for new package registry contributions #362

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
772e2f4
Update docs for new package registry contributions
claude[bot] Sep 5, 2025
df82690
Tidy up docs a little
domdomegg Sep 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 19 additions & 6 deletions docs/new_package_registry.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ The MCP Registry project is a **metaregistry**, meaning that it hosts metadata f

For local MCP servers, the MCP Registry has pointers in the `packages` node of the [`server.json`](server-json/README.md) schema that refer to packages in supported package managers.

The list of supported package managers for hosting MCP servers is defined by the `properties.packages[N].properties.registry_name` string enum in the [`server.json` schema](server-json/server.schema.json). For example, this could be "npm" (for npmjs.com packages) or "pypi" (for PyPI packages).
The list of supported package managers for hosting MCP servers is defined by the `properties.packages[N].properties.registry_type` string enum in the [`server.json` schema](server-json/server.schema.json). For example, this could be "npm" (for npmjs.com packages) or "pypi" (for PyPI packages).

For remote MCP servers, the package registry is not relevant. The MCP client consumes the server via a URL instead of by downloading and running a package. In other words, this document only applies to local MCP servers.

Expand All @@ -21,19 +21,32 @@ The package registry must meet the following requirements:
- For example, the MCP client can map the `server.json` metadata to an `npx` CLI execution, with args and environment variables populated via user input.
1. The package registry supports anonymous package downloads. This allows the MCP client software to use the metadata found in the MCP registry to discover, download, and execute package-based local MCP servers with minimal user intervention.
- `npx` by default connects to the public npmjs.com registry, allowing simple consumption of public npm packages.
1. The package registry should support a validation mechanism to verify ownership of the server name. This prevents misattribution and ensures that only the actual package owner can reference their packages in server registrations. For example:
- npm requires an `mcpName` field in `package.json` that matches the server name being registered
- PyPI requires a `mcp-name:` line in the package README/description
- Each registry type must implement a validation mechanism accessible via public API

## Steps

These steps are currently very brief because the MCP Registry service is not yet deployed to production. These steps may evolve as additional validations or details are discovered and mandated.
These steps may evolve as additional validations or details are discovered and mandated.

1. [Create a feature request issue](https://github.com/modelcontextprotocol/registry/issues/new?template=feature_request.md) on the MCP Registry repository to begin the discussion about adding the package registry.
- Example for NuGet: https://github.com/modelcontextprotocol/registry/issues/126
1. Open a PR with the following changes:
- Update the [`server.json` schema](server-json/server.schema.json)
- Add your package registry name to the `registry_name` enum value array.
- Add your package registry name to the `registry_type` example array.
- Add your package registry base url to the `registry_base_url` example array.
- Add the single-shot CLI command name to the `runtime_hint` example value array.
- Update the [`openapi.yaml`](openapi.yaml)
- Add your package registry name to the `registry_name` enum value array.
- Update the [`openapi.yaml`](server-registry-api/openapi.yaml)
- Add your package registry name to the `registry_type` enum value array.
- Add your package registry base url to the `registry_base_url` enum value array.
- Add the single-shot CLI command name to the `runtime_hint` example value array.
- This duplicates the previous step and will be improved with [issue #159](https://github.com/modelcontextprotocol/registry/issues/159).
- Add a sample, minimal `server.json` to the [`server.json` examples](server-json/examples.md).
- Implement a registry validator:
- Create a new validator file: `internal/validators/registries/yourregistry.go`, following the pattern of existing validators. Examples:
- **npm**: Checks for an `mcpName` field in `package.json` that matches the server name
- **PyPI**: Searches for `mcp-name: server-name` format in the package README content
- **NuGet**: Looks for `mcp-name: server-name` format in the package README file
- **Docker/OCI**: Validates a Docker image label `io.modelcontextprotocol.server.name` in the image manifest
- Add corresponding unit tests: `internal/validators/registries/yourregistry_test.go`
- Register your validator in `internal/validators/validators.go`
Loading