Fix provenance info

JAORMX · JAORMX · commit d85514b4b111 · 2025-08-18T14:55:59.000+03:00
Signed-off-by: Juan Antonio Osorio &lt;ozz@stacklok.com&gt;
diff --git a/registry/adb-mysql-mcp-server/spec.yaml b/registry/adb-mysql-mcp-server/spec.yaml
@@ -72,9 +72,8 @@ permissions:
 
 # Provenance for supply chain security (Dockyard build)
 provenance:
-  sigstore_url: tuf-repo-cdn.sigstore.dev
+  cert_issuer: https://token.actions.githubusercontent.com
   repository_uri: https://github.com/stacklok/dockyard
-  repository_ref: refs/heads/main
-  signer_identity: /.github/workflows/build-containers.yml
   runner_environment: github-hosted
-  cert_issuer: https://token.actions.githubusercontent.com
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/agentql-mcp/spec.yaml b/registry/agentql-mcp/spec.yaml
@@ -57,9 +57,8 @@ permissions:
 
 # Provenance for supply chain security (Dockyard build)
 provenance:
-  sigstore_url: tuf-repo-cdn.sigstore.dev
+  cert_issuer: https://token.actions.githubusercontent.com
   repository_uri: https://github.com/stacklok/dockyard
-  repository_ref: refs/heads/main
-  signer_identity: /.github/workflows/build-containers.yml
   runner_environment: github-hosted
-  cert_issuer: https://token.actions.githubusercontent.com
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/arxiv-mcp-server/spec.yaml b/registry/arxiv-mcp-server/spec.yaml
@@ -43,3 +43,11 @@ env_vars:
 args:
     - --storage-path
     - /arxiv-papers
+
+# Provenance for supply chain security (Dockyard build)
+provenance:
+ cert_issuer: https://token.actions.githubusercontent.com
+ repository_uri: https://github.com/stacklok/dockyard
+ runner_environment: github-hosted
+ signer_identity: /.github/workflows/build-containers.yml
+ sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/astra-db-mcp/spec.yaml b/registry/astra-db-mcp/spec.yaml
@@ -78,9 +78,8 @@ permissions:
 
 # Provenance for supply chain security (Dockyard build)
 provenance:
-  sigstore_url: tuf-repo-cdn.sigstore.dev
+  cert_issuer: https://token.actions.githubusercontent.com
   repository_uri: https://github.com/stacklok/dockyard
-  repository_ref: refs/heads/main
-  signer_identity: /.github/workflows/build-containers.yml
   runner_environment: github-hosted
-  cert_issuer: https://token.actions.githubusercontent.com
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/aws-diagram-mcp-server/spec.yaml b/registry/aws-diagram-mcp-server/spec.yaml
@@ -36,13 +36,10 @@ tags:
     - diagrams
     - architecture
     - visualization
-dockertags: []
+# Provenance for supply chain security (Dockyard build)
 provenance:
-    sigstoreurl: tuf-repo-cdn.sigstore.dev
-    repositoryuri: https://github.com/stacklok/dockyard
-    repositoryref: refs/heads/main
-    signeridentity: /.github/workflows/build-containers.yml
-    runnerenvironment: github-hosted
-    certissuer: https://token.actions.githubusercontent.com
-    attestation: null
-custommetadata: {}
+    cert_issuer: https://token.actions.githubusercontent.com
+    repository_uri: https://github.com/stacklok/dockyard
+    runner_environment: github-hosted
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/aws-documentation-mcp-server/spec.yaml b/registry/aws-documentation-mcp-server/spec.yaml
@@ -30,13 +30,10 @@ tags:
     - documentation
     - cloud
     - reference
-dockertags: []
+# Provenance for supply chain security (Dockyard build)
 provenance:
-    sigstoreurl: tuf-repo-cdn.sigstore.dev
-    repositoryuri: https://github.com/stacklok/dockyard
-    repositoryref: refs/heads/main
-    signeridentity: /.github/workflows/build-containers.yml
-    runnerenvironment: github-hosted
-    certissuer: https://token.actions.githubusercontent.com
-    attestation: null
-custommetadata: {}
+    cert_issuer: https://token.actions.githubusercontent.com
+    repository_uri: https://github.com/stacklok/dockyard
+    runner_environment: github-hosted
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/brightdata-mcp/spec.yaml b/registry/brightdata-mcp/spec.yaml
@@ -109,3 +109,11 @@ env_vars:
       description: Enable pro mode to access all tools including browser automation and web data extraction
       required: false
       default: "false"
+
+# Provenance for supply chain security (Dockyard build)
+provenance:
+  cert_issuer: https://token.actions.githubusercontent.com
+  repository_uri: https://github.com/stacklok/dockyard
+  runner_environment: github-hosted
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/browserbase-mcp-server/spec.yaml b/registry/browserbase-mcp-server/spec.yaml
@@ -62,13 +62,10 @@ tags:
     - web-scraping
     - testing
     - stagehand
-dockertags: []
+# Provenance for supply chain security (Dockyard build)
 provenance:
-    sigstoreurl: tuf-repo-cdn.sigstore.dev
-    repositoryuri: https://github.com/stacklok/dockyard
-    repositoryref: refs/heads/main
-    signeridentity: /.github/workflows/build-containers.yml
-    runnerenvironment: github-hosted
-    certissuer: https://token.actions.githubusercontent.com
-    attestation: null
-custommetadata: {}
+    cert_issuer: https://token.actions.githubusercontent.com
+    repository_uri: https://github.com/stacklok/dockyard
+    runner_environment: github-hosted
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/browserbase/spec.yaml b/registry/browserbase/spec.yaml
@@ -55,9 +55,8 @@ env_vars:
       required: true
       secret: true
 provenance:
-    sigstore_url: tuf-repo-cdn.sigstore.dev
+    cert_issuer: https://token.actions.githubusercontent.com
     repository_uri: https://github.com/stacklok/dockyard
-    repository_ref: ""
-    signer_identity: /.github/workflows/build-containers.yml
     runner_environment: github-hosted
-    cert_issuer: https://token.actions.githubusercontent.com
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/chroma-mcp/spec.yaml b/registry/chroma-mcp/spec.yaml
@@ -67,9 +67,8 @@ permissions:
 
 # Provenance for supply chain security (Dockyard build)
 provenance:
-  sigstore_url: tuf-repo-cdn.sigstore.dev
+  cert_issuer: https://token.actions.githubusercontent.com
   repository_uri: https://github.com/stacklok/dockyard
-  repository_ref: refs/heads/main
-  signer_identity: /.github/workflows/build-containers.yml
   runner_environment: github-hosted
-  cert_issuer: https://token.actions.githubusercontent.com
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/context7/spec.yaml b/registry/context7/spec.yaml
@@ -28,9 +28,8 @@ permissions:
             allow_port:
                 - 443
 provenance:
-    sigstore_url: tuf-repo-cdn.sigstore.dev
+    cert_issuer: https://token.actions.githubusercontent.com
     repository_uri: https://github.com/stacklok/dockyard
-    repository_ref: ""
-    signer_identity: /.github/workflows/build-containers.yml
     runner_environment: github-hosted
-    cert_issuer: https://token.actions.githubusercontent.com
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/fetch/spec.yaml b/registry/fetch/spec.yaml
@@ -35,9 +35,8 @@ permissions:
             allow_port:
                 - 443
 provenance:
-    sigstore_url: tuf-repo-cdn.sigstore.dev
+    cert_issuer: https://token.actions.githubusercontent.com
     repository_uri: https://github.com/StacklokLabs/gofetch
-    repository_ref: ""
-    signer_identity: /.github/workflows/release.yml
     runner_environment: github-hosted
-    cert_issuer: https://token.actions.githubusercontent.com
+    signer_identity: /.github/workflows/release.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/github/spec.yaml b/registry/github/spec.yaml
@@ -122,9 +122,8 @@ env_vars:
       description: GitHub Enterprise Server hostname (optional)
       required: false
 provenance:
-    sigstore_url: tuf-repo-cdn.sigstore.dev
+    cert_issuer: https://token.actions.githubusercontent.com
     repository_uri: https://github.com/github/github-mcp-server
-    repository_ref: ""
-    signer_identity: /.github/workflows/docker-publish.yml
     runner_environment: github-hosted
-    cert_issuer: https://token.actions.githubusercontent.com
+    signer_identity: /.github/workflows/docker-publish.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/graphlit-mcp-server/spec.yaml b/registry/graphlit-mcp-server/spec.yaml
@@ -155,13 +155,10 @@ tags:
     - search
     - ingestion
     - data-connectors
-dockertags: []
+# Provenance for supply chain security (Dockyard build)
 provenance:
-    sigstoreurl: tuf-repo-cdn.sigstore.dev
-    repositoryuri: https://github.com/stacklok/dockyard
-    repositoryref: refs/heads/main
-    signeridentity: /.github/workflows/build-containers.yml
-    runnerenvironment: github-hosted
-    certissuer: https://token.actions.githubusercontent.com
-    attestation: null
-custommetadata: {}
+    cert_issuer: https://token.actions.githubusercontent.com
+    repository_uri: https://github.com/stacklok/dockyard
+    runner_environment: github-hosted
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/graphlit/spec.yaml b/registry/graphlit/spec.yaml
@@ -129,9 +129,8 @@ env_vars:
       required: false
       secret: true
 provenance:
-    sigstore_url: tuf-repo-cdn.sigstore.dev
+    cert_issuer: https://token.actions.githubusercontent.com
     repository_uri: https://github.com/stacklok/dockyard
-    repository_ref: ""
-    signer_identity: /.github/workflows/build-containers.yml
     runner_environment: github-hosted
-    cert_issuer: https://token.actions.githubusercontent.com
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/heroku-mcp-server/spec.yaml b/registry/heroku-mcp-server/spec.yaml
@@ -80,13 +80,10 @@ tags:
     - deployment
     - cloud
     - devops
-dockertags: []
+# Provenance for supply chain security (Dockyard build)
 provenance:
-    sigstoreurl: tuf-repo-cdn.sigstore.dev
-    repositoryuri: https://github.com/stacklok/dockyard
-    repositoryref: refs/heads/main
-    signeridentity: /.github/workflows/build-containers.yml
-    runnerenvironment: github-hosted
-    certissuer: https://token.actions.githubusercontent.com
-    attestation: null
-custommetadata: {}
+    cert_issuer: https://token.actions.githubusercontent.com
+    repository_uri: https://github.com/stacklok/dockyard
+    runner_environment: github-hosted
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/heroku/spec.yaml b/registry/heroku/spec.yaml
@@ -72,9 +72,8 @@ env_vars:
       required: false
       default: "15000"
 provenance:
-    sigstore_url: tuf-repo-cdn.sigstore.dev
+    cert_issuer: https://token.actions.githubusercontent.com
     repository_uri: https://github.com/stacklok/dockyard
-    repository_ref: ""
-    signer_identity: /.github/workflows/build-containers.yml
     runner_environment: github-hosted
-    cert_issuer: https://token.actions.githubusercontent.com
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/ida-pro-mcp/spec.yaml b/registry/ida-pro-mcp/spec.yaml
@@ -63,3 +63,11 @@ permissions:
     network:
         outbound:
             insecure_allow_all: true
+
+# Provenance for supply chain security (Dockyard build)
+provenance:
+  cert_issuer: https://token.actions.githubusercontent.com
+  repository_uri: https://github.com/stacklok/dockyard
+  runner_environment: github-hosted
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/k8s/spec.yaml b/registry/k8s/spec.yaml
@@ -40,9 +40,8 @@ env_vars:
       description: Path to the kubeconfig file for Kubernetes API authentication (mounted into the container with --volume)
       required: false
 provenance:
-    sigstore_url: tuf-repo-cdn.sigstore.dev
+    cert_issuer: https://token.actions.githubusercontent.com
     repository_uri: https://github.com/StacklokLabs/mkp
-    repository_ref: ""
-    signer_identity: /.github/workflows/release.yml
     runner_environment: github-hosted
-    cert_issuer: https://token.actions.githubusercontent.com
+    signer_identity: /.github/workflows/release.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/magic-mcp/spec.yaml b/registry/magic-mcp/spec.yaml
@@ -41,3 +41,11 @@ env_vars:
       description: 21st.dev Magic API key for component generation
       required: true
       secret: true
+
+# Provenance for supply chain security (Dockyard build)
+provenance:
+  cert_issuer: https://token.actions.githubusercontent.com
+  repository_uri: https://github.com/stacklok/dockyard
+  runner_environment: github-hosted
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/mcp-clickhouse/spec.yaml b/registry/mcp-clickhouse/spec.yaml
@@ -65,9 +65,8 @@ env_vars:
       required: false
       default: ':memory:'
 provenance:
-    sigstore_url: tuf-repo-cdn.sigstore.dev
+    cert_issuer: https://token.actions.githubusercontent.com
     repository_uri: https://github.com/stacklok/dockyard
-    repository_ref: ""
-    signer_identity: /.github/workflows/build-containers.yml
     runner_environment: github-hosted
-    cert_issuer: https://token.actions.githubusercontent.com
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/mcp-jetbrains/spec.yaml b/registry/mcp-jetbrains/spec.yaml
@@ -39,3 +39,11 @@ env_vars:
       description: Enable logging for debugging
       required: false
       default: "false"
+
+# Provenance for supply chain security (Dockyard build)
+provenance:
+  cert_issuer: https://token.actions.githubusercontent.com
+  repository_uri: https://github.com/stacklok/dockyard
+  runner_environment: github-hosted
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/mcp-neo4j-aura-manager/spec.yaml b/registry/mcp-neo4j-aura-manager/spec.yaml
@@ -52,3 +52,11 @@ env_vars:
       description: Neo4j Aura tenant ID
       required: false
       secret: true
+
+# Provenance for supply chain security (Dockyard build)
+provenance:
+  cert_issuer: https://token.actions.githubusercontent.com
+  repository_uri: https://github.com/stacklok/dockyard
+  runner_environment: github-hosted
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/mcp-neo4j-cypher/spec.yaml b/registry/mcp-neo4j-cypher/spec.yaml
@@ -56,3 +56,11 @@ env_vars:
       description: Neo4j database name
       required: false
       default: neo4j
+
+# Provenance for supply chain security (Dockyard build)
+provenance:
+  cert_issuer: https://token.actions.githubusercontent.com
+  repository_uri: https://github.com/stacklok/dockyard
+  runner_environment: github-hosted
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/mcp-neo4j-memory/spec.yaml b/registry/mcp-neo4j-memory/spec.yaml
@@ -52,3 +52,11 @@ env_vars:
       description: Neo4j database password
       required: false
       secret: true
+
+# Provenance for supply chain security (Dockyard build)
+provenance:
+  cert_issuer: https://token.actions.githubusercontent.com
+  repository_uri: https://github.com/stacklok/dockyard
+  runner_environment: github-hosted
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/mcp-server-box/spec.yaml b/registry/mcp-server-box/spec.yaml
@@ -70,9 +70,8 @@ env_vars:
       required: true
       secret: true
 provenance:
-    sigstore_url: tuf-repo-cdn.sigstore.dev
+    cert_issuer: https://token.actions.githubusercontent.com
     repository_uri: https://github.com/stacklok/dockyard
-    repository_ref: ""
-    signer_identity: /.github/workflows/build-containers.yml
     runner_environment: github-hosted
-    cert_issuer: https://token.actions.githubusercontent.com
+    signer_identity: /.github/workflows/build-containers.yml
+    sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/mcp-server-circleci/spec.yaml b/registry/mcp-server-circleci/spec.yaml
@@ -91,9 +91,8 @@ permissions:
 
 # Provenance information for supply chain security
 provenance:
-  sigstore_url: tuf-repo-cdn.sigstore.dev
+  cert_issuer: https://token.actions.githubusercontent.com
   repository_uri: https://github.com/stacklok/dockyard
-  repository_ref: refs/heads/main
-  signer_identity: /.github/workflows/build-containers.yml
   runner_environment: github-hosted
-  cert_issuer: https://token.actions.githubusercontent.com
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/mcp-server-neon/spec.yaml b/registry/mcp-server-neon/spec.yaml
@@ -60,3 +60,11 @@ env_vars:
       description: API key for Neon database service
       required: true
       secret: true
+
+# Provenance for supply chain security (Dockyard build)
+provenance:
+  cert_issuer: https://token.actions.githubusercontent.com
+  repository_uri: https://github.com/stacklok/dockyard
+  runner_environment: github-hosted
+  signer_identity: /.github/workflows/build-containers.yml
+  sigstore_url: tuf-repo-cdn.sigstore.dev
diff --git a/registry/oci-registry/spec.yaml b/registry/oci-registry/spec.yaml
diff --git a/registry/onchain-mcp/spec.yaml b/registry/onchain-mcp/spec.yaml
diff --git a/registry/osv/spec.yaml b/registry/osv/spec.yaml
diff --git a/registry/phoenix/spec.yaml b/registry/phoenix/spec.yaml
diff --git a/registry/plotting/spec.yaml b/registry/plotting/spec.yaml
diff --git a/registry/sentry-mcp-server/spec.yaml b/registry/sentry-mcp-server/spec.yaml
diff --git a/registry/sentry/spec.yaml b/registry/sentry/spec.yaml
diff --git a/registry/supabase-mcp-server/spec.yaml b/registry/supabase-mcp-server/spec.yaml
diff --git a/registry/supabase/spec.yaml b/registry/supabase/spec.yaml
diff --git a/registry/tavily-mcp/spec.yaml b/registry/tavily-mcp/spec.yaml
