Skip to content

Add MCP Registry publishing support#17

Merged
davegomez merged 4 commits intomainfrom
feature/mcp-registry-publishing
Feb 1, 2026
Merged

Add MCP Registry publishing support#17
davegomez merged 4 commits intomainfrom
feature/mcp-registry-publishing

Conversation

@davegomez
Copy link
Owner

@davegomez davegomez commented Feb 1, 2026
edited
Loading

The package wasn't discoverable through the MCP Registry. This adds everything needed for automated publishing: server.json metadata with environment variable declarations, mcpName in package.json for registry verification, and OIDC-authenticated publish steps in the release workflow.

The release script (scripts/release.mjs) replaces the direct changelogen call to keep server.json version in sync with
package.json on every release. It forwards CLI args to changelogen so pnpm release -- --major still works. The CI workflow also patches server.json from the git tag as a fallback.

@davegomez
feat: add server.json for MCP Registry publishing
b6e9c60 
Declares server metadata, npm package reference, transport type, and
required environment variables for the MCP Registry.
@davegomez
feat(pkg): add mcpName for MCP Registry verification
caf7805 
Registry uses this field to verify the npm package matches its
published server metadata.
@davegomez davegomez force-pushed the feature/mcp-registry-publishing branch from b3e98af to 12fecb4 Compare February 1, 2026 19:28
@greptile-apps
Copy link

greptile-apps bot commented Feb 1, 2026

Greptile Overview

Greptile Summary

Adds MCP Registry publishing support with automated version syncing between package.json and server.json. The new scripts/release.mjs orchestrates releases by running changelogen, patching server.json versions, and pushing tags. The CI workflow includes fallback version syncing and OIDC-authenticated publishing to both npm and MCP Registry.

  • Added mcpName field to package.json for registry verification
  • Created server.json with server metadata and environment variable declarations
  • Replaced direct changelogen call with Node script that syncs versions across both config files
  • Extended CI workflow to download mcp-publisher and publish to MCP Registry after npm
  • Release script forwards CLI args to changelogen (e.g., --major, --minor)

Issues found:

  • Curl piped to tar without intermediate verification poses security risk
  • Missing validation for packages[0] in release script could cause crash on malformed server.json

Confidence Score: 3/5

  • Safe to merge with minor security improvements recommended
  • The PR correctly implements MCP Registry publishing with proper OIDC authentication and version syncing. However, the curl pipe pattern in the CI workflow poses a minor security risk, and the release script lacks validation for the server.json structure. Both issues are unlikely to cause problems in practice but should be addressed for production robustness.
  • Review .github/workflows/release.yml for curl security pattern and scripts/release.mjs for error handling

greptile-apps[bot]
greptile-apps bot reviewed Feb 1, 2026
View reviewed changes
Copy link

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

2 files reviewed, 3 comments

Edit Code Review Agent Settings | Greptile

@davegomez davegomez force-pushed the feature/mcp-registry-publishing branch from 69c4f06 to e48fd2b Compare February 1, 2026 19:32
@davegomez
ci: publish to MCP Registry after npm release
3e64cb4 
Adds mcp-publisher install and OIDC-authenticated publish steps.
Includes a sed step to sync server.json version from the git tag
as a fallback if the file version drifts.
@davegomez
build: orchestrate release with version-syncing script
eacefc8 
Replaces direct changelogen invocation with a Node script that bumps
package.json, patches server.json to match, then commits, tags, and
pushes. Forwards CLI args to changelogen (e.g. --major, --patch).
@davegomez davegomez force-pushed the feature/mcp-registry-publishing branch from 416e28f to eacefc8 Compare February 1, 2026 19:34
@davegomez davegomez merged commit 167779e into main Feb 1, 2026
1 check passed
@davegomez davegomez deleted the feature/mcp-registry-publishing branch February 1, 2026 19:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@davegomez