fix(validators): adopt boundary-anchored mcp-name match in PyPI and NuGet (behavior change)#1331
Draft
rdimitrov wants to merge 1 commit into
Draft
fix(validators): adopt boundary-anchored mcp-name match in PyPI and NuGet (behavior change)#1331rdimitrov wants to merge 1 commit into
rdimitrov wants to merge 1 commit into
Conversation
…uGet Stacked on the cargo follow-up (introduces containsMCPNameToken). This extends the boundary-anchored ownership-token match to the PyPI and NuGet validators, replacing their bare strings.Contains checks so a README declaring a longer name (e.g. io.github.acme/widget-pro) no longer satisfies a claim for a shorter prefix (io.github.acme/widget).⚠️ BEHAVIOR CHANGE for PyPI/NuGet (not just additive): The new match is strictly stricter — it can only flip a previously-passing publish to failing, never the reverse. The realistic case that flips is a README whose ONLY occurrence of the token is immediately followed by a server-name character [A-Za-z0-9._/-], e.g. a trailing period in prose ("...published as mcp-name: io.github.acme/widget."). The token on its own line, in backticks, or followed by whitespace/newline/HTML-tag is unaffected. Re-validation runs only at publish time (CreateServer); edits/status updates do not re-check ownership and there is no background re-validation, so already- stored servers are not affected — but an existing PyPI/NuGet publisher pushing a NEW VERSION with the token in the glued form would fail where it previously passed. Given the v0.1 API freeze, this should land deliberately and not be promoted to prod without sign-off. Live positive tests (time-mcp-pypi, TimeMcpServer) still pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Stacked on #1330 (base =
followup/cargo-hardening), so the diff here is just the PyPI/NuGet change. Opened as a draft because it's a deliberate behavior change that needs a maintainer decision — not a merge-when-green.What
Adopt the boundary-anchored
containsMCPNameTokenhelper (introduced in #1330) in the PyPI and NuGet validators, replacing their barestrings.Containsownership-token checks. This closes prefix confusion: a README declaring a longer name (e.g.io.github.acme/widget-pro) no longer satisfies an ownership claim for a shorter prefix (io.github.acme/widget).The new match is strictly stricter — it can only flip a previously-passing publish to failing, never the reverse. The realistic case that flips: a README whose only occurrence of the token is immediately followed by a server-name character
[A-Za-z0-9._/-]— most plausibly a trailing period in prose:Token on its own line, in backticks, or followed by whitespace/newline/HTML-tag is unaffected (the documented/common form).
Blast radius (verified): ownership validation runs only at publish (
CreateServer); edits/status updates don't re-check it and there's no background re-validation — so already-stored servers are not retroactively affected. But an existing PyPI/NuGet publisher pushing a new version with the token in the glued form would fail where they previously succeeded.Given the v0.1 API freeze, this warrants a conscious call (and arguably a changelog note) rather than riding in silently. Live positive tests (
time-mcp-pypi,TimeMcpServer) still pass.Why separate
Cargo (in #1330) is brand new, so anchoring it is non-breaking and ships there. This PR isolates the part that touches already-live registries so it can be accepted/declined/announced on its own. NPM is unaffected (it compares an exact metadata field, not README text).
🤖 Generated with Claude Code