Enforce supporting ghcr, dokcerhub and gar

Signed-off-by: Radoslav Dimitrov <[email protected]>

Author: rdimitrov

docs/guides/publishing/publish-server.md

@@ -313,7 +313,10 @@ LABEL io.modelcontextprotocol.server.name="io.github.username/server-name"
 
 The identifier format is `registry/namespace/repository:tag` (e.g., `docker.io/user/app:1.0.0` or `ghcr.io/user/app:1.0.0`). The version can also be specified as a digest.
 
-The official MCP registry supports any public OCI-compliant registry including Docker Hub, GitHub Container Registry (GHCR), Quay.io, Google Container Registry (GCR), Amazon ECR Public, GitLab Container Registry, and more.
+The official MCP registry supports:
+- Docker Hub (`docker.io`)
+- GitHub Container Registry (`ghcr.io`)
+- Google Artifact Registry (any `*.pkg.dev` domain)
 
 </details>
 

docs/reference/server-json/official-registry-requirements.md

@@ -38,14 +38,10 @@ Only trusted public registries are supported. Private registries and alternative
 - **NPM**: `https://registry.npmjs.org` only
 - **PyPI**: `https://pypi.org` only
 - **NuGet**: `https://api.nuget.org` only
-- **Docker/OCI**: Any public OCI-compliant registry including:
+- **Docker/OCI**:
   - Docker Hub (`docker.io`)
   - GitHub Container Registry (`ghcr.io`)
-  - Quay.io (`quay.io`)
-  - Google Container Registry (`gcr.io`, `*.pkg.dev`)
-  - Amazon ECR Public (`public.ecr.aws`)
-  - GitLab Container Registry (`registry.gitlab.com`)
-  - Any other OCI Distribution Spec compliant registry
+  - Google Artifact Registry (`*.pkg.dev`)
 - **MCPB**: `https://github.com` releases and `https://gitlab.com` releases only
 
 ## `_meta` Namespace Restrictions

internal/validators/registries/oci.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"strings"
 
 	"github.com/google/go-containerregistry/pkg/authn"
 	"github.com/google/go-containerregistry/pkg/name"
@@ -16,26 +17,35 @@ import (
 
 var (
 	ErrMissingIdentifierForOCI = errors.New("package identifier is required for OCI packages")
+	ErrUnsupportedRegistry     = errors.New("unsupported OCI registry")
 )
 
 // ErrRateLimited is returned when a registry rate limits our requests
 var ErrRateLimited = errors.New("rate limited by registry")
 
+// allowedOCIRegistries defines the list of supported OCI registries.
+// This can be expanded in the future to support additional public registries.
+var allowedOCIRegistries = map[string]bool{
+	// Docker Hub (and its various endpoints)
+	"docker.io":            true,
+	"registry-1.docker.io": true, // Docker Hub API endpoint
+	"index.docker.io":      true, // Docker Hub index
+	// GitHub Container Registry
+	"ghcr.io": true,
+	// Google Artifact Registry (*.pkg.dev pattern handled in isAllowedRegistry)
+}
+
 // ValidateOCI validates that an OCI image contains the correct MCP server name annotation.
 // Supports canonical OCI references including:
 //   - registry/namespace/image:tag
 //   - registry/namespace/image@sha256:digest
 //   - registry/namespace/image:tag@sha256:digest
 //   - namespace/image:tag (defaults to docker.io)
 //
-// This validator now supports ANY public OCI-compliant registry including:
+// Supported registries:
 //   - Docker Hub (docker.io)
 //   - GitHub Container Registry (ghcr.io)
-//   - Quay.io (quay.io)
-//   - Google Container Registry (gcr.io, artifacts.dev)
-//   - Amazon ECR Public (public.ecr.aws)
-//   - GitLab Container Registry (registry.gitlab.com)
-//   - Any other OCI Distribution Spec compliant registry
+//   - Google Artifact Registry (*.pkg.dev)
 func ValidateOCI(ctx context.Context, pkg model.Package, serverName string) error {
 	if pkg.Identifier == "" {
 		return ErrMissingIdentifierForOCI
@@ -59,6 +69,12 @@ func ValidateOCI(ctx context.Context, pkg model.Package, serverName string) erro
 		return fmt.Errorf("invalid OCI reference: %w", err)
 	}
 
+	// Validate that the registry is in the allowlist
+	registry := ref.Context().RegistryStr()
+	if !isAllowedRegistry(registry) {
+		return fmt.Errorf("%w: %s", ErrUnsupportedRegistry, registry)
+	}
+
 	// Fetch the image using anonymous authentication (public images only)
 	// The go-containerregistry library handles:
 	// - OCI auth discovery via WWW-Authenticate headers
@@ -103,3 +119,20 @@ func ValidateOCI(ctx context.Context, pkg model.Package, serverName string) erro
 
 	return nil
 }
+
+// isAllowedRegistry checks if the given registry is in the allowlist.
+// It handles registry aliases and wildcard patterns (e.g., *.pkg.dev for Artifact Registry).
+func isAllowedRegistry(registry string) bool {
+	// Direct match
+	if allowedOCIRegistries[registry] {
+		return true
+	}
+
+	// Check for wildcard patterns
+	// Google Artifact Registry: *.pkg.dev (e.g., us-docker.pkg.dev, europe-west1-docker.pkg.dev)
+	if strings.HasSuffix(registry, ".pkg.dev") {
+		return true
+	}
+
+	return false
+}

internal/validators/registries/oci_test.go

@@ -9,105 +9,109 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-func TestValidateOCI_RealPackages(t *testing.T) {
+func TestValidateOCI_RegistryAllowlist(t *testing.T) {
 	ctx := context.Background()
 
 	tests := []struct {
-		name         string
-		identifier   string
-		serverName   string
-		expectError  bool
-		errorMessage string
-		skip         bool
-		skipReason   string
+		name        string
+		identifier  string
+		expectError bool
+		errorMsg    string
 	}{
+		// Allowed registries - these should NOT fail with "unsupported registry"
+		{
+			name:       "Docker Hub should be allowed",
+			identifier: "docker.io/test/image:latest",
+			// Will fail on image not found, but registry should be accepted
+			expectError: true,
+		},
+		{
+			name:       "Docker Hub without explicit registry should default and be allowed",
+			identifier: "test/image:latest",
+			// Will fail on image not found, but registry should be accepted
+			expectError: true,
+		},
+		{
+			name:       "GHCR should be allowed",
+			identifier: "ghcr.io/test/image:latest",
+			// Will fail on image fetch, but registry should be accepted
+			expectError: true,
+		},
+		{
+			name:       "Artifact Registry us-central1 should be allowed",
+			identifier: "us-central1-docker.pkg.dev/project/repo/image:latest",
+			// Will fail on image fetch, but registry should be accepted
+			expectError: true,
+		},
+		{
+			name:       "Artifact Registry europe-west1 should be allowed",
+			identifier: "europe-west1-docker.pkg.dev/project/repo/image:latest",
+			// Will fail on image fetch, but registry should be accepted
+			expectError: true,
+		},
+		{
+			name:       "Artifact Registry multi-region us should be allowed",
+			identifier: "us-docker.pkg.dev/project/repo/image:latest",
+			// Will fail on image fetch, but registry should be accepted
+			expectError: true,
+		},
+
+		// Disallowed registries
 		{
-			name:         "empty package identifier should fail",
-			identifier:   "",
-			serverName:   "com.example/test",
-			expectError:  true,
-			errorMessage: "package identifier is required for OCI packages",
-		},
-		{
-			name:        "real image with correct MCP annotation should pass (Docker Hub)",
-			identifier:  "docker.io/domdomegg/airtable-mcp-server:1.7.2",
-			serverName:  "io.github.domdomegg/airtable-mcp-server",
-			expectError: false,
-			skip:        true,
-			skipReason:  "Skipping to avoid hitting DockerHub rate limits in CI",
-		},
-		{
-			name:        "GHCR image with correct MCP annotation should pass",
-			identifier:  "ghcr.io/nkapila6/mcp-local-rag:latest",
-			serverName:  "io.github.nkapila6/mcp-local-rag",
-			expectError: false,
-			skip:        true,
-			skipReason:  "Skipping to avoid network dependencies in CI",
-		},
-		{
-			name:         "image without MCP annotation should fail",
-			identifier:   "docker.io/library/nginx:latest",
-			serverName:   "com.example/test",
-			expectError:  true,
-			errorMessage: "missing required annotation",
-			skip:         true,
-			skipReason:   "Skipping to avoid hitting DockerHub rate limits in CI",
-		},
-		{
-			name:         "non-existent image should fail",
-			identifier:   "docker.io/nonexistent/doesnotexist:v99.99.99",
-			serverName:   "com.example/test",
-			expectError:  true,
-			errorMessage: "not found",
-			skip:         true,
-			skipReason:   "Skipping to avoid network dependencies in CI",
-		},
-		{
-			name:         "Quay.io registry should be supported",
-			identifier:   "quay.io/test/image:v1.0.0",
-			serverName:   "com.example/test",
-			expectError:  true, // Will fail because image doesn't exist, but registry should be accepted
-			errorMessage: "not found",
-			skip:         true,
-			skipReason:   "Skipping to avoid network dependencies in CI",
-		},
-		{
-			name:         "GCR registry should be supported",
-			identifier:   "gcr.io/test/image:v1.0.0",
-			serverName:   "com.example/test",
-			expectError:  true, // Will fail because image doesn't exist, but registry should be accepted
-			errorMessage: "not found",
-			skip:         true,
-			skipReason:   "Skipping to avoid network dependencies in CI",
-		},
-		{
-			name:         "GitLab registry should be supported",
-			identifier:   "registry.gitlab.com/test/image:v1.0.0",
-			serverName:   "com.example/test",
-			expectError:  true, // Will fail because image doesn't exist, but registry should be accepted
-			errorMessage: "not found",
-			skip:         true,
-			skipReason:   "Skipping to avoid network dependencies in CI",
+			name:        "GCR should be rejected",
+			identifier:  "gcr.io/test/image:latest",
+			expectError: true,
+			errorMsg:    "unsupported OCI registry",
+		},
+		{
+			name:        "Quay.io should be rejected",
+			identifier:  "quay.io/test/image:latest",
+			expectError: true,
+			errorMsg:    "unsupported OCI registry",
+		},
+		{
+			name:        "ECR Public should be rejected",
+			identifier:  "public.ecr.aws/test/image:latest",
+			expectError: true,
+			errorMsg:    "unsupported OCI registry",
+		},
+		{
+			name:        "GitLab registry should be rejected",
+			identifier:  "registry.gitlab.com/test/image:latest",
+			expectError: true,
+			errorMsg:    "unsupported OCI registry",
+		},
+		{
+			name:        "Custom registry should be rejected",
+			identifier:  "custom-registry.com/test/image:latest",
+			expectError: true,
+			errorMsg:    "unsupported OCI registry",
+		},
+		{
+			name:        "Harbor registry should be rejected",
+			identifier:  "harbor.example.com/test/image:latest",
+			expectError: true,
+			errorMsg:    "unsupported OCI registry",
 		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if tt.skip {
-				t.Skip(tt.skipReason)
-			}
-
 			pkg := model.Package{
 				RegistryType: model.RegistryTypeOCI,
 				Identifier:   tt.identifier,
 			}
 
-			err := registries.ValidateOCI(ctx, pkg, tt.serverName)
+			err := registries.ValidateOCI(ctx, pkg, "com.example/test")
 
 			if tt.expectError {
 				assert.Error(t, err)
-				if tt.errorMessage != "" {
-					assert.Contains(t, err.Error(), tt.errorMessage)
+				if tt.errorMsg != "" {
+					// Should contain the specific error message
+					assert.Contains(t, err.Error(), tt.errorMsg)
+				} else {
+					// For allowed registries, should NOT be "unsupported registry" error
+					assert.NotContains(t, err.Error(), "unsupported OCI registry")
 				}
 			} else {
 				assert.NoError(t, err)
@@ -116,39 +120,6 @@ func TestValidateOCI_RealPackages(t *testing.T) {
 	}
 }
 
-func TestValidateOCI_AllRegistriesSupported(t *testing.T) {
-	ctx := context.Background()
-
-	// Test that various registry formats are accepted (they will fail on fetch, not on validation)
-	testRegistries := []string{
-		"docker.io/test/image:latest",
-		"ghcr.io/test/image:latest",
-		"quay.io/test/image:latest",
-		"gcr.io/test/image:latest",
-		"public.ecr.aws/test/image:latest",
-		"registry.gitlab.com/test/image:latest",
-		"custom-registry.com/test/image:latest",
-	}
-
-	for _, registry := range testRegistries {
-		t.Run(registry, func(t *testing.T) {
-			pkg := model.Package{
-				RegistryType: model.RegistryTypeOCI,
-				Identifier:   registry,
-			}
-
-			err := registries.ValidateOCI(ctx, pkg, "com.example/test")
-
-			// Should NOT fail with "unsupported registry" error
-			// Will fail with "not found" or similar, but that means the registry was accepted
-			if err != nil {
-				assert.NotContains(t, err.Error(), "unsupported registry")
-				assert.NotContains(t, err.Error(), "registry type and base URL do not match")
-			}
-		})
-	}
-}
-
 func TestValidateOCI_RejectsOldFormat(t *testing.T) {
 	ctx := context.Background()
 
@@ -184,29 +155,14 @@ func TestValidateOCI_RejectsOldFormat(t *testing.T) {
 			},
 			errorMessage: "OCI packages must not have 'fileSha256' field",
 		},
-		{
-			name: "OCI package with canonical format should pass format validation",
-			pkg: model.Package{
-				RegistryType: model.RegistryTypeOCI,
-				Identifier:   "docker.io/test/image:latest",
-			},
-			errorMessage: "", // Should pass old format check (will fail later due to image not existing)
-		},
 	}
 
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			err := registries.ValidateOCI(ctx, tt.pkg, "com.example/test")
 
-			if tt.errorMessage != "" {
-				assert.Error(t, err)
-				assert.Contains(t, err.Error(), tt.errorMessage)
-			} else if err != nil {
-				// Should not fail with old format error (may fail with other errors like image not found)
-				assert.NotContains(t, err.Error(), "must not have 'registryBaseUrl'")
-				assert.NotContains(t, err.Error(), "must not have 'version'")
-				assert.NotContains(t, err.Error(), "must not have 'fileSha256'")
-			}
+			assert.Error(t, err)
+			assert.Contains(t, err.Error(), tt.errorMessage)
 		})
 	}
 }
@@ -241,3 +197,16 @@ func TestValidateOCI_InvalidReferences(t *testing.T) {
 		})
 	}
 }
+
+func TestValidateOCI_EmptyIdentifier(t *testing.T) {
+	ctx := context.Background()
+
+	pkg := model.Package{
+		RegistryType: model.RegistryTypeOCI,
+		Identifier:   "",
+	}
+
+	err := registries.ValidateOCI(ctx, pkg, "com.example/test")
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "package identifier is required")
+}