Improve error handling, timeout and remove unused constants

Signed-off-by: Radoslav Dimitrov <[email protected]>

Author: rdimitrov

internal/validators/registries/oci.go

@@ -7,6 +7,7 @@ import (
 	"log"
 	"net/http"
 	"strings"
+	"time"
 
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
@@ -75,23 +76,37 @@ func ValidateOCI(ctx context.Context, pkg model.Package, serverName string) erro
 		return fmt.Errorf("%w: %s", ErrUnsupportedRegistry, registry)
 	}
 
+	// Add explicit timeout to prevent hanging on slow registries
+	// Use a new context with timeout to avoid modifying the caller's context
+	timeoutCtx, cancel := context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+
 	// Fetch the image using anonymous authentication (public images only)
 	// The go-containerregistry library handles:
 	// - OCI auth discovery via WWW-Authenticate headers
 	// - Token negotiation for different registries
 	// - Rate limiting and retries
 	// - Multi-arch manifest resolution
-	img, err := remote.Image(ref, remote.WithAuth(authn.Anonymous), remote.WithContext(ctx))
+	img, err := remote.Image(ref, remote.WithAuth(authn.Anonymous), remote.WithContext(timeoutCtx))
 	if err != nil {
-		// Check if this is a rate limiting error
+		// Check if this is a timeout error
+		if errors.Is(err, context.DeadlineExceeded) {
+			return fmt.Errorf("OCI image validation timed out after 30 seconds for '%s'. The registry may be slow or unreachable", pkg.Identifier)
+		}
+
+		// Check for specific HTTP status codes
 		var transportErr *transport.Error
 		if errors.As(err, &transportErr) {
-			if transportErr.StatusCode == http.StatusTooManyRequests {
+			switch transportErr.StatusCode {
+			case http.StatusTooManyRequests:
+				// Rate limited - skip validation to avoid blocking publishers
+				// This is intentional: we prioritize UX over strict validation during high traffic
 				log.Printf("Skipping OCI validation for %s due to rate limiting", pkg.Identifier)
 				return nil
-			}
-			if transportErr.StatusCode == http.StatusNotFound || transportErr.StatusCode == http.StatusUnauthorized {
-				return fmt.Errorf("OCI image '%s' not found or not accessible (status: %d)", pkg.Identifier, transportErr.StatusCode)
+			case http.StatusNotFound:
+				return fmt.Errorf("OCI image '%s' does not exist in the registry", pkg.Identifier)
+			case http.StatusUnauthorized, http.StatusForbidden:
+				return fmt.Errorf("OCI image '%s' is private or requires authentication. Only public images are supported", pkg.Identifier)
 			}
 		}
 		return fmt.Errorf("failed to fetch OCI image: %w", err)

internal/validators/validators_test.go

@@ -1628,10 +1628,10 @@ func TestValidate_RegistryTypesAndUrls(t *testing.T) {
 		// Invalid registry types (should fail)
 		{"invalid_maven", "io.github.domdomegg/airtable-mcp-server", "maven", model.RegistryURLNPM, "airtable-mcp-server", "1.7.2", "", true},
 		{"invalid_cargo", "io.github.domdomegg/time-mcp-pypi", "cargo", model.RegistryURLPyPI, "time-mcp-pypi", "1.0.1", "", true},
-		{"invalid_gem", "io.github.domdomegg/airtable-mcp-server", "gem", model.RegistryURLDocker, "domdomegg/airtable-mcp-server", "1.7.2", "", true},
+		{"invalid_gem", "io.github.domdomegg/airtable-mcp-server", "gem", "", "domdomegg/airtable-mcp-server", "1.7.2", "", true},
 		{"invalid_unknown", "io.github.domdomegg/time-mcp-server", "unknown", model.RegistryURLNuGet, "TimeMcpServer", "1.0.2", "", true},
 		{"invalid_blank", "io.github.domdomegg/time-mcp-server", "", model.RegistryURLNuGet, "TimeMcpServer", "1.0.2", "", true},
-		{"invalid_docker", "io.github.domdomegg/airtable-mcp-server", "docker", model.RegistryURLDocker, "domdomegg/airtable-mcp-server", "1.7.2", "", true},                                                                      // should be oci
+		{"invalid_docker", "io.github.domdomegg/airtable-mcp-server", "docker", "", "domdomegg/airtable-mcp-server", "1.7.2", "", true},                                                                                           // should be oci
 		{"invalid_github", "io.github.domdomegg/airtable-mcp-server", "github", model.RegistryURLGitHub, "https://github.com/domdomegg/airtable-mcp-server/releases/download/v1.7.2/airtable-mcp-server.mcpb", "1.7.2", "", true}, // should be mcpb
 
 		{"invalid_mix_1", "io.github.domdomegg/time-mcp-server", model.RegistryTypeNuGet, model.RegistryURLNPM, "TimeMcpServer", "1.0.2", "", true},

pkg/model/constants.go

@@ -13,8 +13,6 @@ const (
 const (
 	RegistryURLNPM    = "https://registry.npmjs.org"
 	RegistryURLPyPI   = "https://pypi.org"
-	RegistryURLDocker = "https://docker.io"
-	RegistryURLGHCR   = "https://ghcr.io"
 	RegistryURLNuGet  = "https://api.nuget.org"
 	RegistryURLGitHub = "https://github.com"
 	RegistryURLGitLab = "https://gitlab.com"