OpenAPI spec for official registry API #3
Conversation
|
@sridharavinash I made a few changes I think are improvements: df3ef54 - add a 1669e45 - rename 52cf2c1 - simplify the notion of Repository. Original PR was from back when we were planning to tightly couple source code to our MCP server concept, but the DNS-based naming approach as superseded that. 50d22a9 - renamed e9ad735 - removed license field; unnecessary denormalized data. |
tadasant
changed the title
| schema: | ||
| type: string | ||
| format: uuid | ||
| - name: version |
There was a problem hiding this comment.
I reviewed the current Go implementation and noticed that a UUID is generated every time an MCP server is published, ensuring that each version of an MCP server has a unique ID.
However, it seems that the id here is associated only with the MCP server itself, rather than with the server + version, which is causing some confusion for me.
And I think the current specification is more reasonable for a clear semantic understanding.
There was a problem hiding this comment.
The implementation is very much a work in progress, so it's probably just a bug, but cc @sridharavinash to confirm
|
May I know if the server definition supports a required |
There was no current plan to include a |
Is the "publisher": {
"name": "modelcontextprotocol",
"displayName": "Model Context Protocol",
"verified": true
}I think the registry is the right one to resolve this information and leaving this to clients could cause falsy information. It is important for a user to know the publisher/owner of an MCP server. Hence it would be great if this can be included in the initial version. |
|
Thanks for all the feedback so far @alexhancock @connor4312 @sandy081 @luoxiner @annaji-msft I am thinking we have covered a good amount of breadth to start, and at this point there need to be some more detailed discussions about specific points, and it's feeling unwieldy to try to handle in a single monster PR here. How would you all feel if we merged this OpenAPI spec and then spun up separate PR's/Issues to drill down on the open questions we've identified? Specifically:
Besides these above open points, I've addressed feedback on the other comments. If you all think it's a good idea to merge this and start to separate out the discussions, I'll start an Issue for each of these, and if someone is eager to finalize they can open a PR without being blocked on me. Does that work? cc @toby @digitarald |
|
Thanks @tadasant -- this is brilliant work btw. I was going to ask how to contribute, so I definitely +1 on getting this merged. |
I considered this in my initial draft of how a registry manifest would work. I thought of templating args, environment variables, and headers ('inputs') with Mustache-like syntax: "docker": {
"configuration": {
"required": ["github-token"],
"github-token": {
"type": "string",
"description": "GitHub Personal Access Token",
"secret": true
}
},
"name": "ghcr.io/github/github-mcp-server",
"args": ["-e", "GITHUB_TOKEN"],
"env": { "GITHUB_TOKEN": "{{github-token}}" }
}In my initial draft I stated that inputs that reference an optional configuration that's missing would be omitted. (Is this is enough? I'm not sure.) Then there are the usual niggles with templating, like how we handle escaping and so on. Configuration being a JSON schema object gives some more power but opens up to nested objects and arrays and I'm not sure how/if those should be handled (or if we'd spec it such that only primitives are allowed.) It also doesn't map cleanly onto repeated arguments unless we get deep into the weeds of templating. Overall I liked the explicit version more. It kept the world better-bounded and gave clear answers to the above unknowns. Sandeep linked roughly where we ended up on our version of the spec. I think docker mounts overall may need formal specification. Many clients, like VS Code, will have the notion of the "workspace folder" which is probably what the user wants to mount by default into their container. And additionally thinking of a world where we specify the arguments for the server and not the runtime (i.e. not npx/uvx/docker), perhaps the config for the filesystem server just looks like ... where the default_mount_point corresponds to the default of the positional argument which should be good enough hint for users to know what to do (or even for clients to correlate them automatically.) This also can let us guarentee as a client that we won't have unintended side-effects for the host and can basically run Docker containers without requiring super explicit "are you sure you want to run this untrusted command from the internet on your computer" confirmations. Versus a template, we control the docker command that's executed and the mounts that it's given, so we can ensure it doesn't just try and mounnt ~/.ssh/id_rsa and do bad stuff. |
|
Follow-ups:
If anyone wants to self-assign and drive any of this forward, please feel free. Unless I assign myself to an issue, I'm not actively working on it yet. |
| ], | ||
| "positional_arguments": [ | ||
| { | ||
| "position": 0, |
There was a problem hiding this comment.
Explicitly specifying the position as a key in the JSON seems like an anti-pattern given that the parent object (an array) is inherently ordered by nature.
What are your thoughts about this? Any chance I could open this up as a follow-up issue if you think it is pertinent?
There was a problem hiding this comment.
You may be interested in looking at this PR: #33
There was a problem hiding this comment.
I did take a look and I think #33 may be simplifying the commands a little too much. However, I can move that discussion there instead.
This is a rough first pass at what the API shape should look like. Not meant to be final, we may not even merge this particular PR; just meant to give readers a sense of what we're going for to spark feedback conversations.