Bump mcp/registry to v1.3.7 (#331)

rdimitrov · web-flow · commit 6734a4b07d60 · 2025-10-30T13:01:12.000+02:00
* Bump mcp/registry to v1.3.7

Signed-off-by: Radoslav Dimitrov &lt;radoslav@stacklok.com&gt;

* Fix linting errors

Signed-off-by: Radoslav Dimitrov &lt;radoslav@stacklok.com&gt;

---------

Signed-off-by: Radoslav Dimitrov &lt;radoslav@stacklok.com&gt;
diff --git a/go.mod b/go.mod
@@ -4,7 +4,7 @@ go 1.24.6
 
 require (
 	github.com/google/go-cmp v0.7.0
-	github.com/modelcontextprotocol/registry v1.3.5
+	github.com/modelcontextprotocol/registry v1.3.7
 	github.com/spf13/cobra v1.10.1
 	github.com/stacklok/toolhive v0.3.7
 	github.com/stretchr/testify v1.11.1
@@ -166,7 +166,7 @@ require (
 	golang.org/x/crypto v0.42.0 // indirect
 	golang.org/x/exp v0.0.0-20250620022241-b7579e27df2b // indirect
 	golang.org/x/mod v0.29.0 // indirect
-	golang.org/x/net v0.43.0 // indirect
+	golang.org/x/net v0.44.0 // indirect
 	golang.org/x/oauth2 v0.31.0 // indirect
 	golang.org/x/sync v0.17.0 // indirect
 	golang.org/x/sys v0.36.0 // indirect
diff --git a/go.sum b/go.sum
@@ -342,8 +342,8 @@ cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4
 cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w=
 cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24=
 cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI=
-cloud.google.com/go/kms v1.22.0 h1:dBRIj7+GDeeEvatJeTB19oYZNV0aj6wEqSIT/7gLqtk=
-cloud.google.com/go/kms v1.22.0/go.mod h1:U7mf8Sva5jpOb4bxYZdtw/9zsbIjrklYwPcvMk34AL8=
+cloud.google.com/go/kms v1.23.0 h1:WaqAZsUptyHwOo9II8rFC1Kd2I+yvNsNP2IJ14H2sUw=
+cloud.google.com/go/kms v1.23.0/go.mod h1:rZ5kK0I7Kn9W4erhYVoIRPtpizjunlrfU4fUkumUp8g=
 cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic=
 cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI=
 cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE=
@@ -629,10 +629,10 @@ github.com/1password/onepassword-sdk-go v0.3.1 h1:dz0LrYuIh/HrZ7rxr8NMymikNLBIXh
 github.com/1password/onepassword-sdk-go v0.3.1/go.mod h1:kssODrGGqHtniqPR91ZPoCMEo79mKulKat7RaD1bunk=
 github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d h1:zjqpY4C7H15HjRPEenkS4SAn3Jy2eRRjkjZbGR30TOg=
 github.com/AdamKorcz/go-fuzz-headers-1 v0.0.0-20230919221257-8b5d3ce2d11d/go.mod h1:XNqJ7hv2kY++g8XEHREpi+JqZo3+0l+CH2egBVN4yqM=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2 h1:Hr5FTipp7SL07o2FvoVOX9HRiRH3CR3Mj8pxqCcdD5A=
-github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2/go.mod h1:QyVsSSN64v5TGltphKLQ2sQxe4OBQg0J1eKRcVBnfgE=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0 h1:MhRfI58HblXzCtWEZCO0feHs8LweePB3s90r7WaR1KU=
-github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.11.0/go.mod h1:okZ+ZURbArNdlJ+ptXoyHNuOETzOl1Oww19rm8I2WLA=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1 h1:5YTBM8QDVIBN3sxBil89WfdAAqDZbyJTgh688DSxX5w=
+github.com/Azure/azure-sdk-for-go/sdk/azcore v1.19.1/go.mod h1:YD5h/ldMsG0XiIw7PdyNhLxaM317eFh5yNLccNfGdyw=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.12.0 h1:wL5IEG5zb7BVv1Kv0Xm92orq+5hB5Nipn3B5tn4Rqfk=
+github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.12.0/go.mod h1:J7MUC/wtRpfGVbQ5sIItY5/FuVWmvzlY21WAOfQnq/I=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2 h1:9iefClla7iYpfYWdzPCRDozdmndjTm8DXdpCzPajMgA=
 github.com/Azure/azure-sdk-for-go/sdk/internal v1.11.2/go.mod h1:XtLgD3ZD34DAaVIIAyG3objl5DynM3CQ/vMcbBNJZGI=
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.4.0 h1:E4MgwLBGeVB5f2MdcIVD3ELVAWpr+WD6MUe1i+tM/PA=
@@ -641,8 +641,8 @@ github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0 h1:nCYfg
 github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.2.0/go.mod h1:ucUjca2JtSZboY8IoUqyQyuuXvwbMBVwFOm0vdQPNhA=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg=
 github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2 h1:oygO0locgZJe7PpYPXT5A29ZkwJaPqcva7BVeemZOZs=
-github.com/AzureAD/microsoft-authentication-library-for-go v1.4.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0 h1:XkkQbfMyuH2jTSjQjSoihryI8GINRcs4xp8lNawg0FI=
+github.com/AzureAD/microsoft-authentication-library-for-go v1.5.0/go.mod h1:HKpQxkWaGLJ+D/5H8QRpyQXA1eKjxkFlOMwck5+33Jk=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
 github.com/GoogleCloudPlatform/grpc-gcp-go/grpcgcp v1.5.3 h1:2afWGsMzkIcN8Qm4mgPJKZWyroE5QBszMiDMYEBrnfw=
@@ -1131,8 +1131,8 @@ github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7z
 github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko=
 github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ=
 github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc=
-github.com/modelcontextprotocol/registry v1.3.5 h1:M1ZTKPkxVICKlFBYio01/CkHbpjMcaGjLFF5M5QgZxc=
-github.com/modelcontextprotocol/registry v1.3.5/go.mod h1:68KOBW2R5FX53BTrid2OFvPoCKEEYZk6z8LUa2ahLM0=
+github.com/modelcontextprotocol/registry v1.3.7 h1:FR8vcBPBE0nRAz0P5lNGkiZmdtokZIyTry3Lx7J0nhE=
+github.com/modelcontextprotocol/registry v1.3.7/go.mod h1:v2pC//yAoG3PPlkvXPrBI+CQd/5sar+MYCxWioL/NDk=
 github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
 github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
@@ -1493,8 +1493,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
 golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE=
-golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg=
+golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I=
+golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
diff --git a/pkg/registry/converters/converters_test.go b/pkg/registry/converters/converters_test.go
@@ -20,7 +20,7 @@ func createTestServerJSON() *upstream.ServerJSON {
 		Name:        "io.github.stacklok/test-server",
 		Description: "Test MCP server",
 		Version:     "1.0.0",
-		Repository: model.Repository{
+		Repository: &model.Repository{
 			URL:    "https://github.com/test/repo",
 			Source: "github",
 		},
@@ -459,7 +459,7 @@ func TestServerJSONToRemoteServerMetadata_Success(t *testing.T) {
 	serverJSON := &upstream.ServerJSON{
 		Name:        "io.github.stacklok/test-remote",
 		Description: "Test remote server",
-		Repository: model.Repository{
+		Repository: &model.Repository{
 			URL: "https://github.com/test/remote",
 		},
 		Remotes: []model.Transport{
@@ -882,7 +882,7 @@ func TestRealWorld_GitHubServer(t *testing.T) {
 		Name:        "io.github.github/github-mcp-server",
 		Description: "Connect AI assistants to GitHub - manage repos, issues, PRs, and workflows through natural language.",
 		Version:     "0.19.1",
-		Repository: model.Repository{
+		Repository: &model.Repository{
 			URL:    "https://github.com/github/github-mcp-server",
 			Source: "github",
 		},
diff --git a/pkg/registry/converters/toolhive_to_upstream.go b/pkg/registry/converters/toolhive_to_upstream.go
@@ -37,23 +37,12 @@ func ImageMetadataToServerJSON(name string, imageMetadata *registry.ImageMetadat
 		Version:     "1.0.0", // TODO: Extract from image tag or metadata
 	}
 
-	// Set repository
+	// Set repository if available
 	if imageMetadata.RepositoryURL != "" {
-		serverJSON.Repository = model.Repository{
+		serverJSON.Repository = &model.Repository{
 			URL:    imageMetadata.RepositoryURL,
 			Source: "github", // Assume GitHub
 		}
-	} else {
-		// Use toolhive-registry as fallback when no repository URL is available.
-		// This is necessary for schema validation - the upstream Repository field is a struct
-		// (not a pointer), so it can't be omitted with omitempty and would serialize as
-		// empty strings {"url": "", "source": ""}, which fails URI format validation.
-		// Using the toolhive-registry URL is reasonable since it's where these servers
-		// are registered and documented.
-		serverJSON.Repository = model.Repository{
-			URL:    "https://github.com/stacklok/toolhive-registry",
-			Source: "github",
-		}
 	}
 
 	// Create package
@@ -86,23 +75,12 @@ func RemoteServerMetadataToServerJSON(name string, remoteMetadata *registry.Remo
 		Version:     "1.0.0", // TODO: Version management
 	}
 
-	// Set repository
+	// Set repository if available
 	if remoteMetadata.RepositoryURL != "" {
-		serverJSON.Repository = model.Repository{
+		serverJSON.Repository = &model.Repository{
 			URL:    remoteMetadata.RepositoryURL,
 			Source: "github", // Assume GitHub
 		}
-	} else {
-		// Use toolhive-registry as fallback when no repository URL is available.
-		// This is necessary for schema validation - the upstream Repository field is a struct
-		// (not a pointer), so it can't be omitted with omitempty and would serialize as
-		// empty strings {"url": "", "source": ""}, which fails URI format validation.
-		// Using the toolhive-registry URL is reasonable since it's where these servers
-		// are registered and documented.
-		serverJSON.Repository = model.Repository{
-			URL:    "https://github.com/stacklok/toolhive-registry",
-			Source: "github",
-		}
 	}
 
 	// Create remote
diff --git a/pkg/registry/converters/upstream_to_toolhive.go b/pkg/registry/converters/upstream_to_toolhive.go
@@ -21,8 +21,46 @@ func ServerJSONToImageMetadata(serverJSON *upstream.ServerJSON) (*registry.Image
 		return nil, fmt.Errorf("serverJSON cannot be nil")
 	}
 
+	pkg, err := extractSingleOCIPackage(serverJSON)
+	if err != nil {
+		return nil, err
+	}
+
+	imageMetadata := &registry.ImageMetadata{
+		BaseServerMetadata: registry.BaseServerMetadata{
+			Name:        serverJSON.Title,
+			Description: serverJSON.Description,
+			Transport:   pkg.Transport.Type,
+		},
+		Image: pkg.Identifier, // OCI packages store full image ref in Identifier
+	}
+
+	// Set repository URL
+	if serverJSON.Repository != nil && serverJSON.Repository.URL != "" {
+		imageMetadata.RepositoryURL = serverJSON.Repository.URL
+	}
+
+	// Convert environment variables
+	imageMetadata.EnvVars = convertEnvironmentVariables(pkg.EnvironmentVariables)
+
+	// Extract target port from transport URL if present
+	imageMetadata.TargetPort = extractTargetPort(pkg.Transport.URL, serverJSON.Name)
+
+	// Convert PackageArguments to simple Args (priority: structured arguments first)
+	if len(pkg.PackageArguments) > 0 {
+		imageMetadata.Args = flattenPackageArguments(pkg.PackageArguments)
+	}
+
+	// Extract publisher-provided extensions (including Args fallback)
+	extractImageExtensions(serverJSON, imageMetadata)
+
+	return imageMetadata, nil
+}
+
+// extractSingleOCIPackage validates and extracts the single OCI package from ServerJSON
+func extractSingleOCIPackage(serverJSON *upstream.ServerJSON) (model.Package, error) {
 	if len(serverJSON.Packages) == 0 {
-		return nil, fmt.Errorf("server '%s' has no packages (not a container-based server)", serverJSON.Name)
+		return model.Package{}, fmt.Errorf("server '%s' has no packages (not a container-based server)", serverJSON.Name)
 	}
 
 	// Filter for OCI packages only
@@ -36,70 +74,60 @@ func ServerJSONToImageMetadata(serverJSON *upstream.ServerJSON) (*registry.Image
 	}
 
 	if len(ociPackages) == 0 {
-		return nil, fmt.Errorf("server '%s' has no OCI packages (found: %v)", serverJSON.Name, packageTypes)
+		return model.Package{}, fmt.Errorf("server '%s' has no OCI packages (found: %v)", serverJSON.Name, packageTypes)
 	}
 
 	if len(ociPackages) > 1 {
-		return nil, fmt.Errorf("server '%s' has %d OCI packages, expected exactly 1", serverJSON.Name, len(ociPackages))
+		return model.Package{}, fmt.Errorf("server '%s' has %d OCI packages, expected exactly 1", serverJSON.Name, len(ociPackages))
 	}
 
-	pkg := ociPackages[0]
+	return ociPackages[0], nil
+}
 
-	imageMetadata := &registry.ImageMetadata{
-		BaseServerMetadata: registry.BaseServerMetadata{
-			Name:        serverJSON.Title,
-			Description: serverJSON.Description,
-			Transport:   pkg.Transport.Type,
-		},
-		Image: pkg.Identifier, // OCI packages store full image ref in Identifier
+// convertEnvironmentVariables converts model.KeyValueInput to registry.EnvVar
+func convertEnvironmentVariables(envVars []model.KeyValueInput) []*registry.EnvVar {
+	if len(envVars) == 0 {
+		return nil
 	}
 
-	// Set repository URL
-	if serverJSON.Repository.URL != "" {
-		imageMetadata.RepositoryURL = serverJSON.Repository.URL
+	result := make([]*registry.EnvVar, 0, len(envVars))
+	for _, envVar := range envVars {
+		result = append(result, &registry.EnvVar{
+			Name:        envVar.Name,
+			Description: envVar.Description,
+			Required:    envVar.IsRequired,
+			Secret:      envVar.IsSecret,
+			Default:     envVar.Default,
+		})
 	}
+	return result
+}
 
-	// Convert environment variables
-	if len(pkg.EnvironmentVariables) > 0 {
-		imageMetadata.EnvVars = make([]*registry.EnvVar, 0, len(pkg.EnvironmentVariables))
-		for _, envVar := range pkg.EnvironmentVariables {
-			imageMetadata.EnvVars = append(imageMetadata.EnvVars, &registry.EnvVar{
-				Name:        envVar.Name,
-				Description: envVar.Description,
-				Required:    envVar.IsRequired,
-				Secret:      envVar.IsSecret,
-				Default:     envVar.Default,
-			})
-		}
+// extractTargetPort extracts the port number from a transport URL
+func extractTargetPort(transportURL, serverName string) int {
+	if transportURL == "" {
+		return 0
 	}
 
-	// Extract target port from transport URL if present
-	if pkg.Transport.URL != "" {
-		// Parse URL like "http://localhost:8080"
-		parsedURL, err := url.Parse(pkg.Transport.URL)
-		if err != nil {
-			// Log parse error to aid debugging but don't fail conversion
-			fmt.Printf("⚠️  Failed to parse transport URL '%s' for server '%s': %v\n",
-				pkg.Transport.URL, serverJSON.Name, err)
-		} else if parsedURL.Port() != "" {
-			if port, err := strconv.Atoi(parsedURL.Port()); err == nil {
-				imageMetadata.TargetPort = port
-			} else {
-				fmt.Printf("⚠️  Failed to parse port from URL '%s' for server '%s': %v\n",
-					pkg.Transport.URL, serverJSON.Name, err)
-			}
-		}
+	parsedURL, err := url.Parse(transportURL)
+	if err != nil {
+		fmt.Printf("⚠️  Failed to parse transport URL '%s' for server '%s': %v\n",
+			transportURL, serverName, err)
+		return 0
 	}
 
-	// Convert PackageArguments to simple Args (priority: structured arguments first)
-	if len(pkg.PackageArguments) > 0 {
-		imageMetadata.Args = flattenPackageArguments(pkg.PackageArguments)
+	if parsedURL.Port() == "" {
+		return 0
 	}
 
-	// Extract publisher-provided extensions (including Args fallback)
-	extractImageExtensions(serverJSON, imageMetadata)
+	port, err := strconv.Atoi(parsedURL.Port())
+	if err != nil {
+		fmt.Printf("⚠️  Failed to parse port from URL '%s' for server '%s': %v\n",
+			transportURL, serverName, err)
+		return 0
+	}
 
-	return imageMetadata, nil
+	return port
 }
 
 // ServerJSONToRemoteServerMetadata converts an upstream ServerJSON (with remotes) to toolhive RemoteServerMetadata
@@ -125,7 +153,7 @@ func ServerJSONToRemoteServerMetadata(serverJSON *upstream.ServerJSON) (*registr
 	}
 
 	// Set repository URL
-	if serverJSON.Repository.URL != "" {
+	if serverJSON.Repository != nil && serverJSON.Repository.URL != "" {
 		remoteMetadata.RepositoryURL = serverJSON.Repository.URL
 	}
 
diff --git a/pkg/registry/official.go b/pkg/registry/official.go
@@ -223,7 +223,7 @@ func (or *OfficialRegistry) transformEntry(name string, entry *types.RegistryEnt
 }
 
 // createRepository creates repository information from entry
-func (*OfficialRegistry) createRepository(entry *types.RegistryEntry) model.Repository {
+func (*OfficialRegistry) createRepository(entry *types.RegistryEntry) *model.Repository {
 	var repositoryURL string
 
 	if entry.IsImage() && entry.ImageMetadata.RepositoryURL != "" {
@@ -232,20 +232,12 @@ func (*OfficialRegistry) createRepository(entry *types.RegistryEntry) model.Repo
 		repositoryURL = entry.RemoteServerMetadata.RepositoryURL
 	}
 
-	// If no repository URL is available, use toolhive-registry as fallback.
-	// This is necessary for schema validation - the upstream Repository field is a struct
-	// (not a pointer), so it can't be omitted with omitempty and would serialize as
-	// empty strings {"url": "", "source": ""}, which fails URI format validation.
-	// Using the toolhive-registry URL is reasonable since it's where these servers
-	// are registered and documented.
+	// If no repository URL is available, return nil (will be omitted with omitempty)
 	if repositoryURL == "" {
-		return model.Repository{
-			URL:    "https://github.com/stacklok/toolhive-registry",
-			Source: "github",
-		}
+		return nil
 	}
 
-	return model.Repository{
+	return &model.Repository{
 		URL:    repositoryURL,
 		Source: "github", // Assume GitHub for now
 	}
