Enforce schema validation on the publish and edit API level (#598)

<!-- Provide a brief summary of your changes -->

## Motivation and Context
<!-- Why is this change needed? What problem does it solve? -->
The following PR:
* Enforces schema validation on the API level (requests without schema
or older schema will fail)
* Updates the unit tests and examples to match that

## How Has This Been Tested?
<!-- Have you tested this in a real application? Which scenarios were
tested? -->

## Breaking Changes
<!-- Will users need to update their code or configurations? -->
**Note this can be considered breaking if clients have not included it
before.**

## Types of changes
<!-- What types of changes does your code introduce? Put an `x` in all
the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing
functionality to change)
- [ ] Documentation update

## Checklist
<!-- Go over all the following points, and put an `x` in all the boxes
that apply. -->
- [ ] I have read the [MCP
Documentation](https://modelcontextprotocol.io)
- [ ] My code follows the repository's style guidelines
- [ ] New and existing tests pass locally
- [ ] I have added appropriate error handling
- [ ] I have added or updated documentation as needed

## Additional context
<!-- Add any other context, implementation notes, or design decisions
-->

---------

Signed-off-by: Radoslav Dimitrov <[email protected]>

Author: rdimitrov

cmd/publisher/commands/init.go

@@ -301,7 +301,7 @@ func createServerJSON(
 
 	// Create server structure
 	return apiv0.ServerJSON{
-		Schema:      "https://static.modelcontextprotocol.io/schemas/2025-09-29/server.schema.json",
+		Schema:      model.CurrentSchemaURL,
 		Name:        name,
 		Description: description,
 		Repository: model.Repository{

cmd/publisher/commands/publish.go

@@ -13,6 +13,7 @@ import (
 	"strings"
 
 	apiv0 "github.com/modelcontextprotocol/registry/pkg/api/v0"
+	"github.com/modelcontextprotocol/registry/pkg/model"
 )
 
 func PublishCommand(args []string) error {
@@ -39,8 +40,8 @@ func PublishCommand(args []string) error {
 
 	// Check for deprecated schema and recommend migration
 	// Allow empty schema (will use default) but reject old schemas
-	if serverJSON.Schema != "" && !strings.Contains(serverJSON.Schema, "2025-09-29") {
-		return fmt.Errorf(`deprecated schema detected :%s.
+	if serverJSON.Schema != "" && !strings.Contains(serverJSON.Schema, model.CurrentSchemaVersion) {
+		return fmt.Errorf(`deprecated schema detected: %s.
 
 Migrate to the current schema format for new servers.
 

docs/reference/server-json/generic-server-json.md

@@ -106,6 +106,7 @@ Suppose your MCP server application requires a `mcp start` CLI arguments to star
 
 ```json
 {
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-09-29/server.schema.json",
   "name": "io.github.joelverhagen/knapcode-samplemcpserver",
   "description": "Sample NuGet MCP server for a random number and random weather",
   "version": "0.4.0-beta",
@@ -250,6 +251,7 @@ This will essentially instruct the MCP client to execute `dnx Knapcode.SampleMcp
 
 ```json
 {
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-09-29/server.schema.json",
   "name": "io.modelcontextprotocol.anonymous/mcp-fs",
   "description": "Cloud-hosted MCP filesystem server",
   "repository": {
@@ -283,6 +285,7 @@ This will essentially instruct the MCP client to execute `dnx Knapcode.SampleMcp
 
 ```json
 {
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-09-29/server.schema.json",
   "name": "io.github.example/weather-mcp",
   "description": "Python MCP server for weather data access",
   "repository": {
@@ -337,6 +340,7 @@ The `dnx` tool ships with the .NET 10 SDK, starting with Preview 6.
 
 ```json
 {
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-09-29/server.schema.json",
   "name": "io.github.joelverhagen/knapcode-samplemcpserver",
   "description": "Sample NuGet MCP server for a random number and random weather",
   "repository": {
@@ -385,6 +389,7 @@ The `dnx` tool ships with the .NET 10 SDK, starting with Preview 6.
 
 ```json
 {
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-09-29/server.schema.json",
   "name": "io.github.example/database-manager",
   "description": "MCP server for database operations with support for multiple database types",
   "repository": {
@@ -580,6 +585,7 @@ The `dnx` tool ships with the .NET 10 SDK, starting with Preview 6.
 
 ```json
 {
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-09-29/server.schema.json",
   "name": "io.modelcontextprotocol/text-editor",
   "description": "MCP Bundle server for advanced text editing capabilities",
   "repository": {

internal/api/handlers/v0/edit_test.go

@@ -42,6 +42,7 @@ func TestEditServerEndpoint(t *testing.T) {
 	// Create test servers for different scenarios
 	testServers := map[string]*apiv0.ServerJSON{
 		"editable": {
+			Schema:      model.CurrentSchemaURL,
 			Name:        "io.github.testuser/editable-server",
 			Description: "Server that can be edited",
 			Version:     "1.0.0",
@@ -52,6 +53,7 @@ func TestEditServerEndpoint(t *testing.T) {
 			},
 		},
 		"other": {
+			Schema:      model.CurrentSchemaURL,
 			Name:        "io.github.otheruser/other-server",
 			Description: "Server owned by another user",
 			Version:     "1.0.0",
@@ -71,6 +73,7 @@ func TestEditServerEndpoint(t *testing.T) {
 
 	// Create a deleted server for undelete testing
 	deletedServer := &apiv0.ServerJSON{
+		Schema:      model.CurrentSchemaURL,
 		Name:        "io.github.testuser/deleted-server",
 		Description: "Server that was deleted",
 		Version:     "1.0.0",
@@ -89,6 +92,7 @@ func TestEditServerEndpoint(t *testing.T) {
 
 	// Create a server with build metadata for URL encoding test
 	buildMetadataServer := &apiv0.ServerJSON{
+		Schema:      model.CurrentSchemaURL,
 		Name:        "io.github.testuser/build-metadata-server",
 		Description: "Server with build metadata version",
 		Version:     "1.0.0+20130313144700",
@@ -125,6 +129,7 @@ func TestEditServerEndpoint(t *testing.T) {
 				},
 			},
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.testuser/editable-server",
 				Description: "Updated server description",
 				Version:     "1.0.0",
@@ -155,6 +160,7 @@ func TestEditServerEndpoint(t *testing.T) {
 				},
 			},
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.testuser/editable-server",
 				Description: "Server with status change",
 				Version:     "1.0.0",
@@ -182,6 +188,7 @@ func TestEditServerEndpoint(t *testing.T) {
 			version:    "1.0.0",
 			authHeader: "InvalidFormat token123",
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.testuser/editable-server",
 				Description: "Test server",
 				Version:     "1.0.0",
@@ -195,6 +202,7 @@ func TestEditServerEndpoint(t *testing.T) {
 			version:    "1.0.0",
 			authHeader: "Bearer invalid-token",
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.testuser/editable-server",
 				Description: "Test server",
 				Version:     "1.0.0",
@@ -214,6 +222,7 @@ func TestEditServerEndpoint(t *testing.T) {
 				},
 			},
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.testuser/editable-server",
 				Description: "Updated test server",
 				Version:     "1.0.0",
@@ -233,6 +242,7 @@ func TestEditServerEndpoint(t *testing.T) {
 				},
 			},
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.otheruser/other-server",
 				Description: "Updated test server",
 				Version:     "1.0.0",
@@ -252,6 +262,7 @@ func TestEditServerEndpoint(t *testing.T) {
 				},
 			},
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.testuser/non-existent",
 				Description: "Non-existent server",
 				Version:     "1.0.0",
@@ -271,6 +282,7 @@ func TestEditServerEndpoint(t *testing.T) {
 				},
 			},
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.testuser/renamed-server", // Different name
 				Description: "Trying to rename server",
 				Version:     "1.0.0",
@@ -290,6 +302,7 @@ func TestEditServerEndpoint(t *testing.T) {
 				},
 			},
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.testuser/editable-server",
 				Description: "Version mismatch test",
 				Version:     "2.0.0", // Different version from URL
@@ -309,6 +322,7 @@ func TestEditServerEndpoint(t *testing.T) {
 				},
 			},
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.testuser/deleted-server",
 				Description: "Trying to undelete server",
 				Version:     "1.0.0",
@@ -329,6 +343,7 @@ func TestEditServerEndpoint(t *testing.T) {
 				},
 			},
 			requestBody: apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        "io.github.testuser/build-metadata-server",
 				Description: "Updated server with build metadata",
 				Version:     "1.0.0+20130313144700",
@@ -432,6 +447,7 @@ func TestEditServerEndpointEdgeCases(t *testing.T) {
 
 	for _, server := range testServers {
 		_, err := registryService.CreateServer(context.Background(), &apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        server.name,
 			Description: "Test server for editing",
 			Version:     server.version,
@@ -441,6 +457,7 @@ func TestEditServerEndpointEdgeCases(t *testing.T) {
 		// Set specific status if not active
 		if server.status != model.StatusActive {
 			_, err = registryService.UpdateServer(context.Background(), server.name, server.version, &apiv0.ServerJSON{
+				Schema:      model.CurrentSchemaURL,
 				Name:        server.name,
 				Description: "Test server for editing",
 				Version:     server.version,
@@ -498,6 +515,7 @@ func TestEditServerEndpointEdgeCases(t *testing.T) {
 		for _, tt := range tests {
 			t.Run(tt.name, func(t *testing.T) {
 				requestBody := apiv0.ServerJSON{
+					Schema:      model.CurrentSchemaURL,
 					Name:        tt.serverName,
 					Description: "Status transition test",
 					Version:     tt.version,
@@ -546,13 +564,15 @@ func TestEditServerEndpointEdgeCases(t *testing.T) {
 		// Create server with special characters
 		specialServerName := "io.dots.and-dashes/server_with_underscores"
 		_, err := registryService.CreateServer(context.Background(), &apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        specialServerName,
 			Description: "Server with special characters",
 			Version:     "1.0.0",
 		})
 		require.NoError(t, err)
 
 		requestBody := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        specialServerName,
 			Description: "Updated server with special chars",
 			Version:     "1.0.0",
@@ -593,6 +613,7 @@ func TestEditServerEndpointEdgeCases(t *testing.T) {
 	t.Run("version-specific editing", func(t *testing.T) {
 		// Test editing a specific version of a multi-version server
 		requestBody := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        "com.example/multi-version-server",
 			Description: "Updated v1.0.0 specifically",
 			Version:     "1.0.0",

internal/api/handlers/v0/publish_integration_test.go

@@ -57,6 +57,7 @@ func TestPublishIntegration(t *testing.T) {
 
 	t.Run("successful publish with GitHub auth", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        "io.github.testuser/test-mcp-server",
 			Description: "A test MCP server for integration testing",
 			Repository: model.Repository{
@@ -101,6 +102,7 @@ func TestPublishIntegration(t *testing.T) {
 
 	t.Run("successful publish with none auth (no prefix)", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        "com.example/test-mcp-server-no-auth",
 			Description: "A test MCP server without authentication",
 			Repository: model.Repository{
@@ -143,7 +145,8 @@ func TestPublishIntegration(t *testing.T) {
 
 	t.Run("publish fails with missing authorization header", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
-			Name: "test-server",
+			Schema: model.CurrentSchemaURL,
+			Name:   "test-server",
 		}
 
 		body, err := json.Marshal(publishReq)
@@ -162,6 +165,7 @@ func TestPublishIntegration(t *testing.T) {
 
 	t.Run("publish fails with invalid token", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        "io.github.domdomegg/test-server",
 			Description: "Test server",
 			Version:     "1.0.0",
@@ -183,6 +187,7 @@ func TestPublishIntegration(t *testing.T) {
 
 	t.Run("publish fails when permission denied", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        "io.github.other/test-server",
 			Description: "A test server",
 			Version:     "1.0.0",
@@ -219,6 +224,7 @@ func TestPublishIntegration(t *testing.T) {
 
 	t.Run("publish succeeds with MCPB package", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        "io.github.domdomegg/airtable-mcp-server",
 			Description: "A test server with MCPB package",
 			Version:     "1.7.2",

internal/api/handlers/v0/publish_registry_validation_test.go

@@ -45,6 +45,7 @@ func TestPublishRegistryValidation(t *testing.T) {
 
 	t.Run("publish fails with npm registry validation error", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        "com.example/test-server-with-npm",
 			Description: "A test server with invalid npm package reference",
 			Version:     "1.0.0",
@@ -86,6 +87,7 @@ func TestPublishRegistryValidation(t *testing.T) {
 
 	t.Run("publish succeeds with MCPB package (registry validation enabled)", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        "com.example/test-server-mcpb-validation",
 			Description: "A test server with MCPB package and registry validation enabled",
 			Version:     "0.0.36",
@@ -136,6 +138,7 @@ func TestPublishRegistryValidation(t *testing.T) {
 
 	t.Run("publish fails when second package fails npm validation", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        "com.example/test-server-multiple-packages",
 			Description: "A test server with multiple packages where second fails",
 			Version:     "1.0.0",
@@ -187,6 +190,7 @@ func TestPublishRegistryValidation(t *testing.T) {
 
 	t.Run("publish fails when first package fails validation", func(t *testing.T) {
 		publishReq := apiv0.ServerJSON{
+			Schema:      model.CurrentSchemaURL,
 			Name:        "com.example/test-server-first-package-fails",
 			Description: "A test server where first package fails",
 			Version:     "1.0.0",