feat: implement DNS namespace validation and remote URL uniqueness checks (#306)

## Summary

- Add reverse-DNS namespace format validation for server names
(namespace/name)
- Validate remote URLs match the DNS namespace derived from hostname  
- Prevent duplicate remote URLs across different servers
- Support localhost/development URLs without namespace restrictions
- Add comprehensive test coverage for validation logic
- Update database layer to support remote_url filtering

Fixes #180 by ensuring proper namespace governance and preventing URL
conflicts.

---------

Co-authored-by: Claude <[email protected]>

Author: domdomegg

docs/server-json/examples.md

@@ -186,7 +186,7 @@ This will essentially instruct the MCP client to execute `dnx Knapcode.SampleMcp
 ```json
 {
   "server": {
-    "name": "com.example/mcp-fs",
+    "name": "io.modelcontextprotocol.anonymous/mcp-fs",
     "description": "Cloud-hosted MCP filesystem server",
     "repository": {
       "url": "https://github.com/example/remote-fs",
@@ -199,7 +199,7 @@ This will essentially instruct the MCP client to execute `dnx Knapcode.SampleMcp
     "remotes": [
       {
         "transport_type": "sse",
-        "url": "http://mcp-fs.example.com/sse"
+        "url": "http://mcp-fs.anonymous.modelcontextprotocol.io/sse"
       }
     ]
   },
@@ -418,7 +418,7 @@ The `dnx` tool ships with the .NET 10 SDK, starting with Preview 6.
 ```json
 {
   "server": {
-    "name": "com.example/hybrid-mcp",
+    "name": "io.modelcontextprotocol.anonymous/hybrid-mcp",
     "description": "MCP server available as both local package and remote service",
     "repository": {
       "url": "https://github.com/example/hybrid-mcp",
@@ -448,7 +448,7 @@ The `dnx` tool ships with the .NET 10 SDK, starting with Preview 6.
     "remotes": [
       {
         "transport_type": "sse",
-        "url": "https://mcp.example.com/sse",
+        "url": "https://mcp.anonymous.modelcontextprotocol.io/sse",
         "headers": [
           {
             "name": "X-API-Key",
@@ -466,7 +466,7 @@ The `dnx` tool ships with the .NET 10 SDK, starting with Preview 6.
       },
       {
         "transport_type": "streamable",
-        "url": "https://mcp.example.com/http"
+        "url": "https://mcp.anonymous.modelcontextprotocol.io/http"
       }
     ]
   },

internal/api/handlers/v0/publish.go

@@ -71,7 +71,7 @@ func RegisterPublishEndpoint(api huma.API, registry service.RegistryService, cfg
 		// Publish the server with extensions
 		publishedServer, err := registry.Publish(publishRequest)
 		if err != nil {
-			return nil, huma.Error500InternalServerError("Failed to publish server", err)
+			return nil, huma.Error400BadRequest("Failed to publish server", err)
 		}
 
 		// Return the published server in extension wrapper format

internal/api/handlers/v0/publish_integration_test.go

@@ -99,10 +99,10 @@ func TestPublishIntegration(t *testing.T) {
 		assert.Equal(t, publishReq.Server.VersionDetail.Version, response.Server.VersionDetail.Version)
 	})
 
-	t.Run("successful publish without auth (no prefix)", func(t *testing.T) {
+	t.Run("successful publish with none auth (no prefix)", func(t *testing.T) {
 		publishReq := model.PublishRequest{
 			Server: model.ServerDetail{
-				Name:        "test-mcp-server-no-auth",
+				Name:        "com.example/test-mcp-server-no-auth",
 				Description: "A test MCP server without authentication",
 				Repository: model.Repository{
 					URL:    "https://example.com/test-mcp-server",

internal/api/handlers/v0/publish_test.go

@@ -203,9 +203,9 @@ func TestPublishEndpoint(t *testing.T) {
 				},
 			},
 			setupMocks: func(registry *MockRegistryService) {
-				registry.On("Publish", mock.AnythingOfType("model.PublishRequest")).Return(nil, errors.New("database error"))
+				registry.On("Publish", mock.AnythingOfType("model.PublishRequest")).Return(nil, errors.New("cannot publish duplicate version"))
 			},
-			expectedStatus: http.StatusInternalServerError,
+			expectedStatus: http.StatusBadRequest,
 			expectedError:  "Failed to publish server",
 		},
 	}

internal/database/database.go

@@ -13,7 +13,7 @@ var (
 	ErrAlreadyExists     = errors.New("record already exists")
 	ErrInvalidInput      = errors.New("invalid input")
 	ErrDatabase          = errors.New("database error")
-	ErrInvalidVersion    = errors.New("invalid version: cannot publish older version after newer version")
+	ErrInvalidVersion    = errors.New("invalid version: cannot publish duplicate version")
 	ErrMaxServersReached = errors.New("maximum number of versions for this server reached (10000): please reach out at https://github.com/modelcontextprotocol/registry to explain your use case")
 )
 

internal/database/memory.go

@@ -42,7 +42,7 @@ func NewMemoryDB(e map[string]*model.ServerDetail) *MemoryDB {
 }
 
 
-// List retrieves ServerRecord entries with optional filtering and pagination
+//nolint:cyclop // Complexity from filtering logic is acceptable for memory implementation
 func (db *MemoryDB) List(
 	ctx context.Context,
 	filter map[string]any,
@@ -89,6 +89,18 @@ func (db *MemoryDB) List(
 				if string(entry.ServerJSON.Status) != value.(string) {
 					include = false
 				}
+			case "remote_url":
+				found := false
+				remoteURL := value.(string)
+				for _, remote := range entry.ServerJSON.Remotes {
+					if remote.URL == remoteURL {
+						found = true
+						break
+					}
+				}
+				if !found {
+					include = false
+				}
 			}
 		}
 

internal/database/postgres.go

@@ -76,6 +76,10 @@ func (db *PostgreSQL) List(
 			whereClause += fmt.Sprintf(" AND s.status = $%d", argIndex)
 			args = append(args, v)
 			argIndex++
+		case "remote_url":
+			whereClause += fmt.Sprintf(" AND EXISTS (SELECT 1 FROM jsonb_array_elements(CASE WHEN jsonb_typeof(s.remotes) = 'array' THEN s.remotes ELSE '[]'::jsonb END) AS remote WHERE remote->>'url' = $%d)", argIndex)
+			args = append(args, v)
+			argIndex++
 		}
 	}
 

internal/model/model.go

@@ -3,6 +3,9 @@ package model
 import (
 	"encoding/json"
 	"fmt"
+	"net/url"
+	"slices"
+	"strings"
 	"time"
 )
 
@@ -32,15 +35,13 @@ const (
 	ServerStatusDeprecated ServerStatus = "deprecated"
 )
 
-
 // Repository represents a source code repository as defined in the spec
 type Repository struct {
 	URL    string `json:"url" bson:"url"`
 	Source string `json:"source" bson:"source"`
 	ID     string `json:"id,omitempty" bson:"id,omitempty"`
 }
 
-
 // create an enum for Format
 type Format string
 
@@ -108,8 +109,7 @@ type VersionDetail struct {
 	Version string `json:"version" bson:"version"`
 }
 
-
-// ServerDetail represents complete server information as defined in the MCP spec (pure, no registry metadata)  
+// ServerDetail represents complete server information as defined in the MCP spec (pure, no registry metadata)
 type ServerDetail struct {
 	Name          string        `json:"name" bson:"name"`
 	Description   string        `json:"description" bson:"description"`
@@ -131,8 +131,8 @@ type RegistryMetadata struct {
 
 // ServerRecord represents the complete storage model that separates server.json from registry metadata
 type ServerRecord struct {
-	ServerJSON          ServerDetail           `json:"server" bson:"server"`                     // Pure MCP server.json
-	RegistryMetadata    RegistryMetadata       `json:"registry_metadata" bson:"registry_metadata"`    // Registry-generated data
+	ServerJSON          ServerDetail           `json:"server" bson:"server"`                             // Pure MCP server.json
+	RegistryMetadata    RegistryMetadata       `json:"registry_metadata" bson:"registry_metadata"`       // Registry-generated data
 	PublisherExtensions map[string]interface{} `json:"publisher_extensions" bson:"publisher_extensions"` // x-publisher extensions
 }
 
@@ -244,22 +244,114 @@ func ParseServerName(serverDetail ServerDetail) (string, error) {
 	if name == "" {
 		return "", fmt.Errorf("server name is required and must be a string")
 	}
+
+	// Validate format: dns-namespace/name
+	if !strings.Contains(name, "/") {
+		return "", fmt.Errorf("server name must be in format 'dns-namespace/name' (e.g., 'com.example.api/server')")
+	}
+
+	parts := strings.SplitN(name, "/", 2)
+	if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
+		return "", fmt.Errorf("server name must be in format 'dns-namespace/name' with non-empty namespace and name parts")
+	}
+
 	return name, nil
 }
 
+// ValidateRemoteNamespaceMatch validates that remote URLs match the reverse-DNS namespace
+func ValidateRemoteNamespaceMatch(serverDetail ServerDetail) error {
+	namespace := serverDetail.Name
+
+	for _, remote := range serverDetail.Remotes {
+		if err := validateRemoteURLMatchesNamespace(remote.URL, namespace); err != nil {
+			return fmt.Errorf("remote URL %s does not match namespace %s: %w", remote.URL, namespace, err)
+		}
+	}
+
+	return nil
+}
+
+// validateRemoteURLMatchesNamespace checks if a remote URL's hostname matches the publisher domain from the namespace
+func validateRemoteURLMatchesNamespace(remoteURL, namespace string) error {
+	// Parse the URL to extract the hostname
+	parsedURL, err := url.Parse(remoteURL)
+	if err != nil {
+		return fmt.Errorf("invalid URL format: %w", err)
+	}
+
+	hostname := parsedURL.Hostname()
+	if hostname == "" {
+		return fmt.Errorf("URL must have a valid hostname")
+	}
+
+	// Skip validation for localhost and local development URLs
+	if hostname == "localhost" || strings.HasSuffix(hostname, ".localhost") || hostname == "127.0.0.1" {
+		return nil
+	}
+
+	// Extract publisher domain from reverse-DNS namespace
+	publisherDomain := extractPublisherDomainFromNamespace(namespace)
+	if publisherDomain == "" {
+		return fmt.Errorf("invalid namespace format: cannot extract domain from %s", namespace)
+	}
+
+	// Check if the remote URL hostname matches the publisher domain or is a subdomain
+	if !isValidHostForDomain(hostname, publisherDomain) {
+		return fmt.Errorf("remote URL host %s does not match publisher domain %s", hostname, publisherDomain)
+	}
+
+	return nil
+}
+
+// extractPublisherDomainFromNamespace converts reverse-DNS namespace to normal domain format
+// e.g., "com.example" -> "example.com"
+func extractPublisherDomainFromNamespace(namespace string) string {
+	// Extract the namespace part before the first slash
+	namespacePart := namespace
+	if slashIdx := strings.Index(namespace, "/"); slashIdx != -1 {
+		namespacePart = namespace[:slashIdx]
+	}
+
+	// Split into parts and reverse them to get normal domain format
+	parts := strings.Split(namespacePart, ".")
+	if len(parts) < 2 {
+		return ""
+	}
+
+	// Reverse the parts to convert from reverse-DNS to normal domain
+	slices.Reverse(parts)
+
+	return strings.Join(parts, ".")
+}
+
+// isValidHostForDomain checks if a hostname is the domain or a subdomain of the publisher domain
+func isValidHostForDomain(hostname, publisherDomain string) bool {
+	// Exact match
+	if hostname == publisherDomain {
+		return true
+	}
+
+	// Subdomain match - hostname should end with "." + publisherDomain
+	if strings.HasSuffix(hostname, "."+publisherDomain) {
+		return true
+	}
+
+	return false
+}
+
 // ToServerResponse converts a ServerRecord to API response format
 func (sr *ServerRecord) ToServerResponse() ServerResponse {
 	response := ServerResponse{
 		Server: sr.ServerJSON,
 	}
-	
+
 	// Add registry metadata extension
 	response.XIOModelContextProtocolRegistry = sr.RegistryMetadata.CreateRegistryExtensions()["x-io.modelcontextprotocol.registry"]
-	
+
 	// Add publisher extensions directly
 	if len(sr.PublisherExtensions) > 0 {
 		response.XPublisher = sr.PublisherExtensions
 	}
-	
+
 	return response
 }