Skip to content

feat: namespace parsing validation #218

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 41 commits into
base: remote-verification
Choose a base branch
from
Open

feat: namespace parsing validation #218

wants to merge 41 commits into from
+1,074 −10

Conversation

aphansal123
Copy link
Collaborator

@aphansal123 aphansal123 commented Aug 1, 2025
edited
Loading

Closes #22238

Namespace Parsing Validation and Server Status Management

This PR implements namespace parsing validation for domain-scoped server names and adds server status lifecycle management functionality to the MCP Metaregistry.

Motivation and Context

The MCP Metaregistry needs to support domain-scoped namespaces (e.g., com.github/my-server) to prevent namespace squatting and provide better organization. This change introduces:

  1. Namespace Validation: Implements parsing and validation for domain-scoped namespaces using reverse domain notation
  2. Server Status Management: Adds lifecycle status tracking (active/deprecated) to help users identify maintained vs. unmaintained servers
  3. Reserved Namespace Protection: Prevents use of reserved domains like localhost, example, test, etc.
  4. Domain Authentication Preparation: Lays groundwork for domain ownership verification system

How Has This Been Tested?

  • Added comprehensive unit tests for namespace parsing and validation (internal/namespace/namespace_test.go)
  • Added integration tests for publish handler namespace validation (internal/api/handlers/v0/publish_namespace_test.go)
  • Tested various namespace formats:
    • Valid domain-scoped: com.github/my-server, org.apache.commons/utility
    • Invalid formats: forward notation, missing components, reserved domains
    • Legacy compatibility: existing io.github.* patterns still work
  • Updated JSON schema validation with status field
  • Updated publisher tool to support status parameter

Breaking Changes

Non-breaking changes:

  • Existing server names continue to work (backward compatibility maintained)
  • New status field is optional and defaults to "active"
  • Legacy namespace formats are still accepted during transition period

Future breaking change preparation:

  • Strict domain-scoped validation will be enforced in future versions
  • Domain verification system will be required for custom domains

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Documentation update

Checklist

  • I have read the MCP Documentation
  • My code follows the repository's style guidelines
  • New and existing tests pass locally
  • I have added appropriate error handling
  • I have added or updated documentation as needed

Additional context

Key Implementation Details

  • Namespace Package: New internal/namespace package handles all domain-scoped namespace parsing and validation
  • Status Field: Added ServerStatus enum with active and deprecated values across models, schemas, and examples
  • Authentication Logic: Updated publish handler to use domain-based authentication selection (currently defaults to GitHub auth for all custom domains pending domain verification implementation)
  • Reserved Domains: Comprehensive list of reserved namespaces prevents misuse of common test/example domains

Future Work

  • Domain ownership verification system (DNS TXT records and HTTP-01 challenges as documented in server-name-verification.md)
  • Stricter enforcement of domain-scoped format requirements
  • Integration with domain verification for authentication

Files Changed

  • New namespace parsing and validation system
  • Updated server models with status field
  • Enhanced publish handler with namespace validation
  • Updated JSON schemas and OpenAPI specs
  • Enhanced publisher CLI tool

aphansal123 and others added 30 commits July 29, 2025 15:27
@aphansal123
feat: implement 128-bit cryptographically secure token generation for…
72a1967 
… domain verification
@aphansal123
Merge branch 'main' into feature/domain-verification-token-generation
ffbed48
@aphansal123
Fix package references and eliminate duplicate string literals in tok…
f375640 
…en_test.go
@aphansal123 @Copilot
Update internal/verification/README.md
f7a85fa 
Co-authored-by: Copilot <[email protected]>
@aphansal123 @Copilot
Update internal/verification/token_test.go
36579a1 
Co-authored-by: Copilot <[email protected]>
@aphansal123
Capitalize MaxDNSRecordLength variable name for consistency
382925e
@aphansal123
Add comprehensive DNS TXT record RFC compliance validation tests
a9afe32
@aphansal123
Fix gci linter error by removing trailing whitespace
bc4d621
@aphansal123
Implement DNS TXT record verification for domain ownership validation
60ac929
@aphansal123
Implement DNS record verification for domain ownership validation
1202ae0
@aphansal123
Fix golangci-lint issues: improve error handling, formatting, and tes…
a19b6b5 
…t package structure
@aphansal123 @Copilot
Update server-name-verification.md
d8dba84 
Co-authored-by: Copilot <[email protected]>
@aphansal123
fix: prevent timer leaks in DNS verification retry logic
2e4dc96
@aphansal123
fix: correct spelling from 'cancelled' to 'canceled' in comment
2be9c9c
@aphansal123 @Copilot
Update internal/verification/dns.go
bf1c847 
Co-authored-by: Copilot <[email protected]>
@aphansal123
fix: correct retry attempt counter in DNS verification logging
b36f6af
@aphansal123
fix: use mock DNS resolver in tests instead of real DNS queries
21ef581
@aphansal123
fix: replace real DNS queries with mock resolver in timeout test
1d0316d
@aphansal123
fix: convert DNS tests to mocks and optimize error handling for perfo…
f2e1fde 
…rmance
@aphansal123 @Copilot
User time.NewTimer and explicitly stop
80b36bf 
Co-authored-by: Copilot <[email protected]>
@aphansal123 @Copilot
Add maximum iteration limit to prevent infinite loops
147fc46 
Co-authored-by: Copilot <[email protected]>
@aphansal123
fix: correct syntax error in DNS mock delay simulation
36262ff
@aphansal123
test: improve DNS record format test and remove unused import
0ebca38
@aphansal123
Remove ValidateTokenFormat and TokenInfo per PR feedback
efc077a
@aphansal123
Merge branch 'feature/domain-verification-token-generation' into feat…
ea7857d 
…ure/dns-record-verification
@aphansal123 @trent-j
Update internal/verification/README.md
d378b27 
Co-authored-by: Trent Jones <[email protected]>
@aphansal123
make DNS record prefix configurable in DNSVerification
adacb2c 
Config
@aphansal123
Merge branch 'feature/domain-verification-token-generation' into feat…
3322f15 
…ure/dns-record-verification
@aphansal123
Merge remote-tracking branch 'origin/remote-verification' into featur…
3b1c54a 
…e/dns-record-verification
@aphansal123
docs: fix README syntax errors and add RecordPrefix documentation
455ec12
@aphansal123 aphansal123 requested a review from Copilot August 1, 2025 21:33
Copilot

This comment was marked as outdated.

Sign in to view

@aphansal123 aphansal123 changed the base branch from main to feature/dns-record-verification August 1, 2025 22:09
@aphansal123 aphansal123 requested a review from Copilot August 1, 2025 22:10
Copilot

This comment was marked as resolved.

Sign in to view

@aphansal123 aphansal123 changed the title Feature/namespace parsing validation feat: namespace parsing validation Aug 3, 2025
@aphansal123 aphansal123 changed the base branch from feature/dns-record-verification to main August 3, 2025 22:38
@aphansal123 aphansal123 changed the base branch from main to feature/dns-record-verification August 3, 2025 22:38
Base automatically changed from feature/dns-record-verification to remote-verification August 3, 2025 22:40
@aphansal123 aphansal123 marked this pull request as ready for review August 4, 2025 21:28
@aphansal123 aphansal123 requested a review from Copilot August 5, 2025 16:09
Copilot

This comment was marked as outdated.

Sign in to view

@aphansal123 aphansal123 requested a review from Copilot August 5, 2025 17:17
Copilot
Copilot AI reviewed Aug 5, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements namespace parsing validation for domain-scoped server names (e.g., com.github/my-server) and adds server status lifecycle management (active/deprecated) to the MCP Metaregistry.

  • Introduces comprehensive namespace validation with support for reverse domain notation and reserved namespace protection
  • Adds server status field across all models, schemas, and examples to track lifecycle state
  • Updates tooling to support the new status parameter in publisher CLI and validation utilities

Reviewed Changes

Copilot reviewed 13 out of 14 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
internal/namespace/namespace.go New package implementing domain-scoped namespace parsing, validation, and reserved domain checking
internal/namespace/namespace_test.go Comprehensive test suite for namespace parsing and validation functionality
internal/model/model.go Adds ServerStatus enum and status field to Server model
internal/api/handlers/v0/publish.go Updates publish handler with namespace validation and domain-based authentication logic
internal/api/handlers/v0/publish_namespace_test.go Integration tests for namespace validation in publish handler
tools/publisher/main.go Enhances publisher CLI tool with status parameter validation and support
tools/publisher/server.json Updates template with new status field
tools/validate-examples/main.go Updates expected example count and import alias
tools/validate-schemas/main.go Updates import alias for consistency
docs/server-registry-api/openapi.yaml Adds status field to OpenAPI schema definition
docs/server-registry-api/examples.md Updates all examples with status field
docs/server-json/schema.json Adds status field to JSON schema
docs/server-json/examples.md Updates examples and adds deprecated server example

tools/validate-examples/main.go
@@ -14,15 +14,15 @@ import (
"regexp"
"strings"

"github.com/santhosh-tekuri/jsonschema/v5"
jsonschema "github.com/santhosh-tekuri/jsonschema/v5"
Copy link
Preview

Copilot AI Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The import alias jsonschema is redundant since the package name is already jsonschema. Consider using a more specific alias like schema or remove the alias entirely to use the default package name.

Suggested change
jsonschema "github.com/santhosh-tekuri/jsonschema/v5"
"github.com/santhosh-tekuri/jsonschema/v5"

Copilot uses AI. Check for mistakes.

tools/validate-schemas/main.go
@@ -13,7 +13,7 @@ import (
"path/filepath"
"strings"

"github.com/santhosh-tekuri/jsonschema/v5"
jsonschema "github.com/santhosh-tekuri/jsonschema/v5"
Copy link
Preview

Copilot AI Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[nitpick] The import alias jsonschema is redundant since the package name is already jsonschema. Consider using a more specific alias like schema or remove the alias entirely to use the default package name.

Suggested change
jsonschema "github.com/santhosh-tekuri/jsonschema/v5"
"github.com/santhosh-tekuri/jsonschema/v5"

Copilot uses AI. Check for mistakes.

internal/namespace/namespace.go
// as the domain might be newly registered or not yet propagated
// This is just a basic sanity check for obvious invalid domains
}

Copy link
Preview

Copilot AI Aug 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DNS lookups can be slow and may block execution. Consider removing this network call during validation or making it optional/async, especially since the comment indicates it's a soft validation that doesn't affect the result.

Suggested change

Copilot uses AI. Check for mistakes.

domdomegg
domdomegg reviewed Aug 8, 2025
View reviewed changes
internal/api/handlers/v0/publish.go Outdated
http.Error(w, "Invalid namespace: "+err.Error(), http.StatusBadRequest)
return
}
// For legacy formats, we'll allow them to pass through for now
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I am a bit confused by the "legacy format" here - what is this for?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From a skim to me here, it seems like it's referring to "legacy" as Legacy io.github format, but I agree that's odd; it's not legacy, we intend to support it indefinitely (and in fact have a mechanism to potentially extend it to also support e.g. com.gitlab.{user} etc. So I'd call it something more like Psuedo-domain io.github format or Borrowed domain

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense that this isn't a legacy format, @claude Please fix the comment here to reflect that this is a pseudo-domain io.github format/borrowed domain.

@aphansal123
Copy link
Collaborator Author

@claude Can you please fix the comment on line 65 in publish.go to reflect that this is a pseudo-domain io.github format/borrowed domain?

@claude Claude
Copy link
Contributor

claude bot commented Aug 8, 2025
edited
Loading

Claude finished @aphansal123's task —— View job

I'll help you fix the comment on line 65 in publish.go to properly reflect that this is a pseudo-domain io.github format rather than a legacy format.

Todo List

  • Read the current publish.go file to understand the context around line 65
  • Update the comment to reflect pseudo-domain/borrowed domain format
  • Commit and push the change
Progress Details

Completed!

I've successfully updated the comment on lines 65-66 in internal/api/handlers/v0/publish.go:

Before:

// For legacy formats, we'll allow them to pass through for now
// This provides backward compatibility while encouraging new domain-scoped formats

After:

// For pseudo-domain io.github format/borrowed domain, we'll allow them to pass through
// This provides support for the borrowed io.github domain while encouraging new domain-scoped formats

The comment now accurately reflects that io.github is a pseudo-domain/borrowed domain format that's intended to be supported indefinitely, rather than a legacy format that might be deprecated in the future.

Changes committed and pushed to the feature/namespace-parsing-validation branch.

@claude @aphansal123
fix: update comment to reflect pseudo-domain io.github format
a96a31a 
The comment on line 65-66 in publish.go has been updated to clarify
that io.github is a pseudo-domain/borrowed domain format rather than
a legacy format, as it's intended to be supported indefinitely.

Co-authored-by: Ameya Phansalkar <[email protected]>
@aphansal123 aphansal123 requested a review from tadasant August 8, 2025 15:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@domdomegg domdomegg domdomegg left review comments

Copilot code review Copilot Copilot left review comments

@thomas-sickert thomas-sickert Awaiting requested review from thomas-sickert

@trent-j trent-j Awaiting requested review from trent-j

@tadasant tadasant Awaiting requested review from tadasant

Assignees

@aphansal123 aphansal123

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aphansal123 @tadasant @domdomegg