You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update RFC 0004: address review feedback and add enhancements
Changes from reviewer feedback (TomeHirata, mprahl, thkim-us):
- Add server_version and server_alias as direct params on
search_mcp_access_bindings for common binding lookups
- Add transport_types field to MCPServerVersion (read-only, extracted
from server_json at creation time)
- Add description fallback from server_json (API resolves like status)
- Change icon to icons on MCPServer (list of sized variants matching
upstream server.json icon schema)
- Add environment variables and tools display paragraphs to UI section
- Add transport_type filter for access binding search
- Update server.json schema reference from 2025-09-29 to 2025-12-11
- tools.name and transport_types filters work at server-level
(matching against resolved latest version)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Jon Burdo <jon@jonburdo.com>
Copy file name to clipboardExpand all lines: rfcs/0004-mcp-registry/0004-mcp-registry.md
+29-14Lines changed: 29 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -214,7 +214,7 @@ Journey 1 and the additional Phase 1 flows below are fully in scope for Phase 1.
214
214
215
215
## MCP registry spec alignment
216
216
217
-
This design aligns with the [upstream MCP registry specification](https://registry.modelcontextprotocol.io/docs) where possible. The spec references in this RFC are based on registry repo [v1.6.0](https://github.com/modelcontextprotocol/registry/releases/tag/v1.6.0) (2026-04-15) and the [server.json schema draft (2025-09-29)](https://json-schema.app/view/%23?url=https%3A%2F%2Fstatic.modelcontextprotocol.io%2Fschemas%2F2025-09-29%2Fserver.schema.json).
217
+
This design aligns with the [upstream MCP registry specification](https://registry.modelcontextprotocol.io/docs) where possible. The spec references in this RFC are based on registry repo [v1.6.0](https://github.com/modelcontextprotocol/registry/releases/tag/v1.6.0) (2026-04-15) and the [server.json schema draft (2025-12-11)](https://json-schema.app/view/%23?url=https%3A%2F%2Fstatic.modelcontextprotocol.io%2Fschemas%2F2025-12-11%2Fserver.schema.json).
218
218
219
219
**What we adopt directly:**
220
220
- The `server.json` (ServerJSON) payload format as the canonical MCP server definition
@@ -271,8 +271,8 @@ from enum import StrEnum
271
271
classMCPServer:
272
272
name: str# extracted from server_json; reverse-DNS format (e.g., "io.github.user/server"); PK within workspace
273
273
display_name: str|None=None# mutable human-readable label; falls back to server_json["title"], then name
274
-
description: str|None=None
275
-
icon: str|None=None# mutable; URL or data URI for UI rendering
274
+
description: str|None=None# mutable; API falls back to server_json["description"] from the resolved latest version
275
+
icons: list[dict]|None=None# mutable; sized icon variants following the upstream server.json icon schema (src, sizes, mimeType, theme)
276
276
workspace: str|None=None# resolved via resolve_entity_workspace_name()
277
277
status: MCPStatus |None=None# read-only; derived from the resolved latest version's status
**Name identity**: `name` is extracted from `server_json["name"]` and follows the upstream spec's reverse-DNS format (e.g., `io.github.user/brave-search`). This format prevents name collisions by construction — the namespace portion identifies the publisher. The `name` is immutable and serves as the primary key within a workspace. For display purposes, `display_name` is a mutable user-supplied label on `MCPServer`. UIs resolve display names as: `display_name` (if set) → `server_json["title"]` (if present) → `name`.
288
+
**Name identity**: `name` is extracted from `server_json["name"]` and follows the upstream spec's reverse-DNS format (e.g., `io.github.user/brave-search`). This format prevents name collisions by construction — the namespace portion identifies the publisher. The `name` is immutable and serves as the primary key within a workspace. For display purposes, `display_name` is a mutable user-supplied label on `MCPServer`. The API resolves display names as: `display_name` (if set) → `server_json["title"]` (if present) → `name`.
289
+
290
+
**Description resolution**: `MCPServer.description` is a mutable MLflow-managed field. The API resolves descriptions as: `MCPServer.description` (if set) → `server_json["description"]` from the resolved latest version (if present) → empty. This follows the same pattern as `status`, which is derived from the resolved latest version and populated in the response.
289
291
290
292
**Audit field population**: `created_by` and `last_updated_by` are populated from the authenticated MLflow user when authentication is enabled. In unauthenticated installs, these fields remain empty.
source: str|None=None# provenance URI (e.g., git repository URL)
@@ -337,6 +340,8 @@ class MCPServerVersion:
337
340
338
341
**Tools metadata**: The `tools` field on `MCPServerVersion` stores the declared tools this MCP server version can provide. Each tool is represented as an `MCPTool` dataclass matching the [MCP Tool schema](https://modelcontextprotocol.io/specification/2025-11-25/server/tools) — name, title, description, input/output schemas, annotations, icons, and execution hints. The upstream `server.json` schema does not include a tools field; this is an MLflow extension for discovery and governance. `tools` is mutable so it can be populated after initial registration — for example, when a platform engineer registers an external server by URL and later populates tools after observing what the endpoint exposes. `MCPServerVersion` is the source of truth for tools; `MCPAccessBinding` responses project tools read-only from the resolved version for search convenience. Tool filtering is a future gateway concern.
339
342
343
+
**Transport types**: The `transport_types` field is a read-only list extracted from `server_json` at creation time — the union of `packages[].transport.type` and `remotes[].type` (e.g., `["stdio", "streamable-http"]`). This enables filtering versions by transport capability without querying inside the JSON payload.
344
+
340
345
Retaining older versions enables:
341
346
342
347
-**Trace provenance**: show exactly which `server_json` was in effect when a trace ran
@@ -538,7 +543,7 @@ Six tables, created via a single Alembic migration. All tables are workspace-sco
@@ -988,7 +997,9 @@ The `filter_string` parameter supports expressions following existing MLflow fil
988
997
-`status = 'active'`
989
998
-`status IN ('active', 'deprecated')`
990
999
-`has_access_bindings = true` (server-level only; return only governed servers that currently have at least one approved direct-access binding and in the future, gateway acces bindings)
991
-
-`tools.name = 'web_search'` (version-level; return versions that declare a tool with the given name)
1000
+
-`tools.name = 'web_search'` (server-level and version-level; at server-level, matches against the resolved latest version)
1001
+
-`transport_types = 'stdio'` (server-level and version-level; at server-level, matches against the resolved latest version)
1002
+
-`transport_type = 'streamable-http'` (binding-level; filter access bindings by transport type)
992
1003
-`tags.team = 'platform'`
993
1004
994
1005
`search_mcp_servers()` is the catalog-discovery API across governed MCP servers and always returns attached access binding summaries on each `MCPServer` result. `search_mcp_access_bindings()` lists approved direct-access bindings across the workspace, and `search_mcp_access_bindings(server_name=...)` narrows that same API to a specific governed server. The `has_access_bindings = true` filter is available for callers that only want directly usable MCP servers.
The `server_json` field in `CreateMCPServerVersionRequest` uses a typed Pydantic model (`ServerJSONPayload`) mirroring the upstream [server.json schema](https://static.modelcontextprotocol.io/schemas/2025-09-29/server.schema.json), with `extra="allow"` for forward compatibility. FastAPI validates the payload automatically at request time — no separate validation step needed.
1156
+
The `server_json` field in `CreateMCPServerVersionRequest` uses a typed Pydantic model (`ServerJSONPayload`) mirroring the upstream [server.json schema](https://static.modelcontextprotocol.io/schemas/2025-12-11/server.schema.json), with `extra="allow"` for forward compatibility. FastAPI validates the payload automatically at request time — no separate validation step needed.
1144
1157
1145
1158
**Required fields:**
1146
1159
-`name` (string) — extracted as the server identifier
@@ -1179,6 +1192,8 @@ The detail view shows the server's metadata, versions list, aliases, direct acce
1179
1192
1180
1193
**Tools display and filtering**: The version detail page displays the declared tools for that version — tool name, description, and input schema. In the registry listing, users can filter servers by tool name (e.g., `tools.name = 'web_search'`) to discover servers that provide a specific capability. This supports the tool catalog use case: platform engineers and end users can search across governed servers to find which ones offer the tools they need.
1181
1194
1195
+
**Environment variables**: The version detail page can also surface the `packages[].environmentVariables[]` from `server_json`, including `isRequired` and `isSecret` flags. This helps users understand what configuration a server needs before they can use it.
1196
+
1182
1197
As a possible future UI integration, the registry detail view could expose a `Deploy` action that publishes a governed MCP server to MLflow MCP Gateway by creating or updating a gateway-owned deployment record against the same underlying version and alias model, so users experience registry and gateway as one workflow rather than two separate products.
0 commit comments