Skip to content

docs: add best practices for server and client implementors#36

Draft
tadasant wants to merge 11 commits into
mainfrom
docs/best-practices
Draft

docs: add best practices for server and client implementors#36
tadasant wants to merge 11 commits into
mainfrom
docs/best-practices

Conversation

@tadasant

@tadasant tadasant commented Jun 26, 2026

Copy link
Copy Markdown
Member

What

Adds docs/best-practices.md — advisory guidance for the two sides of the Server Card ecosystem — and links it from the README. Docs-only; no schema or code changes.

Server Implementors

Recommends serving a Server Card for any remote MCP server, framed as the server's connection entry point (advertises transport endpoints, protocol versions, and a hint at incoming requirements like auth, before initialization). Notes the card is valuable on its own even without a catalog (a client that already knows your URL can point at it directly), that it's advisory and MUST NOT be treated as authoritative for access control, that non-remote servers belong in the MCP Registry's server.json instead, that internal-but-remote servers should still serve a card, and that you should also list it in an AI Catalog entry on the domain people associate with your service. Links the pending auth-scenarios (#13) and tool-metadata (#30) discussions.

Client Implementors

Frames in-session discovery as a spectrum of integration points rather than prescribing one approach — explicitly "do what fits your client." All examples are grounded in Goose, Block's open-source MCP agent (whose extensions are themselves MCP servers), and verified against the live docs:

  • Watch outbound traffic at the egress boundary — the comprehensive end: if a client already mediates network access (Goose's seatbelt sandbox forces all outbound traffic through a local proxy that checks each destination against blocked.txt), discovery can ride the same seam — probe new destination domains in the background and cache domain → catalog.
  • Probe on a deliberate fetch — a PreToolUse lifecycle hook matched to a web-fetch tool reads the target URL and probes that host.
  • Probe the domains a project already points at — URLs in .goosehints / AGENTS.md / a recipe, probed once per session via SessionStart / UserPromptSubmit.
  • Offer a hit as a one-click extension install — an AI Catalog entry maps onto Goose's existing goose://extension?...&type=streamable_http deep link (or a config.yaml block); installs mid-turn, making clear which domain.
  • Gate the install behind the permission model the user already knows — reuse Goose's permission modes / always-allow / ask-before / never-allow.
  • Keep probing cheap, and let enterprises scope it — async, cache misses, honor Cache-Control, allow enterprise disable / allowlist / gateway escalation.

Why

The repo had no implementor-facing guidance on when/why to serve a card or how a client should discover and offer servers. This collects recommendations on top of the normative mechanics in the README, discovery.md, and the AI Catalog spec.

Scope notes

  • This PR standardizes on the AI Catalog (/.well-known/ai-catalog.json) as the discovery document, per maintainer direction to focus on AI Catalog and not the MCP Catalog. discovery.md still documents the older MCP Catalog; reconciling it is intentionally out of scope (tracked separately by Remove the MCP Catalog #26). The intro is scoped so the two docs don't actively contradict.

Verification

  • npm run check passes (schema.json in sync with schema.ts; tsc compiles) — green in CI
  • npm run validate passes (examples validate against schema.json) — green in CI
  • npm run format:check / prettier passes on the new and edited Markdown — green in CI
  • All internal anchors resolve (discovery.md#relationship-to-ai-catalog, #consistency-with-runtime-behavior, README.md#relationship-to-the-mcp-registry, intra-file #keep-probing-cheap-and-let-enterprises-scope-it)
  • All Goose specifics (egress proxy + blocked.txt, lifecycle hooks, extension deep-link format, permission modes) verified against live goose-docs.ai
  • No MCP-Catalog / well-known/mcp references introduced (grep-clean)
  • Fresh-eyes review performed; feedback addressed
  • No changes outside docs/ and README.md

tadasant and others added 2 commits June 26, 2026 21:40
Add docs/best-practices.md with two sections — one for server
implementors (serve and fully populate a Server Card; link it from
an AI catalog entry at your primary/internal domain) and one for
client implementors (detect catalogs on touched domains, surface
install opportunities, install mid-turn with tool-like permissions,
and let enterprises configure the flow). Link it from the README
overview and References.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Address fresh-eyes review: discovery.md distinguishes the present-day
"MCP Catalog" from the broader, forward-looking "AI Catalog". Lead with
"MCP Catalog" where the concrete current mechanism is meant, keeping the
AI Catalog reference for the cross-protocol form.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@tadasant tadasant marked this pull request as draft June 26, 2026 21:45
tadasant and others added 9 commits June 26, 2026 21:49
Per maintainer feedback, distinguish the two purposes: a Server Card is
the connection entry point (how to connect, plus incoming requirements
like auth) and is useful on its own when a client already knows the URL,
whereas a catalog distributes discovery points so clients can find that
URL. Link the pending auth-scenarios (#13) and tool-metadata (#30)
backlog issues where the card's incoming requirements are being expanded.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Address re-review: the card "advertises" connection requirements as a
hint and is read before connecting, so cross-link discovery.md's
"MUST NOT treat as authoritative for access control" caveat to avoid
implying the card is a security source of truth. Also trim a redundant
connect-vs-find sentence in the catalog bullet.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The "notice the domains you touch" guidance was too vague. Reframe it
around the real trigger — any moment a domain enters the session — and
enumerate concrete hook points: a pre-tool-invocation hook on native
fetch/browse tooling (e.g. a PreToolUse-style hook on WebFetch), URLs
surfaced by already-connected MCP servers (tool results, resource
links), domains revealed structurally during OAuth/connection, and
user/project signals. Add a "keep probing cheap and respectful" note
covering negative caching, Cache-Control, and the privacy reason to let
enterprises scope it.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Per re-review: CORS is a MUST on discovery endpoints but caching is only
a SHOULD, so phrase it "CORS headers (and usually cache headers)" and
note the probe works even from a browser client.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Per maintainer direction, this PR no longer mentions the MCP Catalog.
Frame catalog discovery solely around the AI Catalog: link Server Cards
from an AI Catalog entry (/.well-known/ai-catalog.json), probe domains
for an AI Catalog with an MCP entry, and reference discovery.md's
"Relationship to AI Catalog" section. discovery.md itself is left
unchanged (its MCP Catalog content is out of scope for this docs PR).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Rework the client probing guidance from a generic "probe every domain
that surfaces" list into a few intentional integration points grounded
in Goose (Block's OSS MCP agent), per maintainer feedback that scanning
every message for domains is heavy-handed. New subsections:

- Probe on a deliberate fetch (PreToolUse hook matched to the Computer
  Controller web_scrape tool)
- Probe domains a project already points at (.goosehints / AGENTS.md /
  recipes via a SessionStart/UserPromptSubmit hook)
- Offer a hit as a one-click extension install (goose:// deep link /
  config.yaml — a Goose extension is itself an MCP server)
- Gate the install behind Goose's existing permission modes
- Keep probing cheap, and let enterprises scope it (caching, privacy,
  gateway escalation)

All Goose specifics verified against the live docs at goose-docs.ai.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Address re-review:
- The intro implied discovery.md normatively defines the catalog probing
  path; scope that pointer to Server Cards and point the catalog format
  at the AI Catalog spec, so it does not over-promise (discovery.md does
  not normatively define the AI Catalog flow). No MCP Catalog mention.
- Soften the web_scrape reference ("`web_scrape` in current builds")
  since Goose's public extension docs do not enumerate tool names.
- Use "never allow" to match Goose's per-tool permission label.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…spectrum

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant