aegis-mcp-server 0.1.10 → 0.1.12

package/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2025 Cleburn
+Copyright (c) 2025 MCP Contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md

@@ -1,95 +1,141 @@
-# aegis-mcp-server
+# MCP Registry
 
-**MCP enforcement layer for the [Aegis](https://github.com/cleburn/aegis-spec) agent governance specification.**
+The MCP registry provides MCP clients with a list of MCP servers, like an app store for MCP servers.
 
-The spec writes the law. The CLI generates the law. This enforces the law.
+[**📤 Publish my MCP server**](docs/guides/publishing/publish-server.md) | [**⚡️ Live API docs**](https://registry.modelcontextprotocol.io/docs) | [**👀 Ecosystem vision**](docs/explanations/ecosystem-vision.md) | 📖 **[Full documentation](./docs)**
 
-## What It Does
+## Development Status
 
-`aegis-mcp-server` is an MCP server that validates every agent action against your `.agentpolicy/` files **before** it happens. Path permissions, content scanning, role boundaries, quality gates — all enforced at runtime with zero token overhead to the agent.
+**2025-09-08 update**: The registry has launched in preview 🎉 ([announcement blog post](https://blog.modelcontextprotocol.io/posts/2025-09-08-mcp-registry-preview/)). While the system is now more stable, this is still a preview release and breaking changes or data resets may occur. A general availability (GA) release will follow later. We'd love your feedback in [GitHub discussions](https://github.com/modelcontextprotocol/registry/discussions/new?category=ideas) or in the [#registry-dev Discord](https://discord.com/channels/1358869848138059966/1369487942862504016) ([joining details here](https://modelcontextprotocol.io/community/communication)).
 
-The agent never loads your governance files. The MCP server reads them into its own process memory and validates silently. The agent calls governed tools (`aegis_write_file`, `aegis_read_file`, etc.) and gets back either a success or a blocked response with the specific reason.
+Current key maintainers:
+- **Adam Jones** (Anthropic) [@domdomegg](https://github.com/domdomegg)  
+- **Tadas Antanavicius** (PulseMCP) [@tadasant](https://github.com/tadasant)
+- **Toby Padilla** (GitHub) [@toby](https://github.com/toby)
 
-## Quick Start
+## Contributing
 
-```bash
-npm install -g aegis-mcp-server
+We use multiple channels for collaboration - see [modelcontextprotocol.io/community/communication](https://modelcontextprotocol.io/community/communication).
 
-# Or use npx
-npx aegis-mcp-server --project . --role default
-```
+Often (but not always) ideas flow through this pipeline:
+
+- **[Discord](https://modelcontextprotocol.io/community/communication)** - Real-time community discussions
+- **[Discussions](https://github.com/modelcontextprotocol/registry/discussions)** - Propose and discuss product/technical requirements
+- **[Issues](https://github.com/modelcontextprotocol/registry/issues)** - Track well-scoped technical work  
+- **[Pull Requests](https://github.com/modelcontextprotocol/registry/pulls)** - Contribute work towards issues
+
+### Quick start:
+
+#### Pre-requisites
+
+- **Docker**
+- **Go 1.24.x** 
+- **golangci-lint v2.4.0**
+
+#### Running the server
 
-### Claude Code Configuration
-
-```json
-{
-  "mcpServers": {
-    "aegis": {
-      "command": "npx",
-      "args": ["aegis-mcp-server", "--project", ".", "--role", "default"]
-    }
-  }
-}
+```bash
+# Start full development environment
+make dev-compose
 ```
 
-For role-specific enforcement:
-
-```json
-{
-  "mcpServers": {
-    "aegis": {
-      "command": "npx",
-      "args": ["aegis-mcp-server", "--project", ".", "--role", "backend"]
-    }
-  }
-}
+This starts the registry at [`localhost:8080`](http://localhost:8080) with PostgreSQL and seed data. The database uses ephemeral storage and is reset each time you restart the containers, ensuring a clean state for development and testing.
+
+The setup can be configured with environment variables in [docker-compose.yml](./docker-compose.yml) - see [.env.example](./.env.example) for a reference.
+
+<details>
+<summary>Alternative: Running a pre-built Docker image</summary>
+
+Pre-built Docker images are automatically published to GitHub Container Registry:
+
+```bash
+# Run latest stable release
+docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:latest
+
+# Run latest from main branch (continuous deployment)
+docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:main
+
+# Run specific release version
+docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:v1.0.0
+
+# Run development build from main branch
+docker run -p 8080:8080 ghcr.io/modelcontextprotocol/registry:main-20250906-abc123d
 ```
 
-## Tools
+**Available tags:** 
+- **Releases**: `latest`, `v1.0.0`, `v1.1.0`, etc.
+- **Continuous**: `main` (latest main branch build)
+- **Development**: `main-<date>-<sha>` (specific commit builds)
 
-| Tool | What it does | Token cost |
-|------|-------------|------------|
-| `aegis_check_permissions` | Pre-check if an operation is allowed | Tiny — just the verdict |
-| `aegis_write_file` | Write with path + content validation | Same as a normal write |
-| `aegis_read_file` | Read with path validation | Same as a normal read |
-| `aegis_delete_file` | Delete with path validation | Tiny — just the verdict |
-| `aegis_execute` | Execute a command in project root | Command output only |
-| `aegis_complete_task` | Run quality gates before marking done | Gate results only |
-| `aegis_policy_summary` | Minimal role + permissions summary | ~200 tokens |
+</details>
 
-## Zero Token Overhead
+#### Publishing a server
 
-Traditional approach: load governance files into the agent's context window. Token cost scales with policy complexity.
+To publish a server, we've built a simple CLI. You can use it with:
 
-Aegis MCP approach: the server loads policy into its own process memory. The agent calls tools and gets structured results. A project with 200 lines of governance has the same token cost as one with 20 lines. The complexity is absorbed by the server, not the agent.
+```bash
+# Build the latest CLI
+make publisher
 
-## Enforcement
+# Use it!
+./bin/mcp-publisher --help
+```
+
+See [the publisher guide](./docs/guides/publishing/publish-server.md) for more details.
 
-- **Governance boundaries** — `writable`, `read_only`, `forbidden` path lists from governance.json
-- **Role scoping** — agents confined to their role's writable and readable paths
-- **Sensitive pattern detection** — content scanned against governance-defined patterns
-- **Cross-domain boundaries** — imports validated against shared interface rules (when configured)
-- **Quality gate validation** — `pre_commit` flags mapped to `build_commands` and executed
-- **Override logging** — violations logged to append-only `overrides.jsonl`
-- **Immutable policies** — designated rules that cannot be overridden, even with human confirmation
+#### Other commands
+
+```bash
+# Run lint, unit tests and integration tests
+make check
+```
+
+There are also a few more helpful commands for development. Run `make help` to learn more, or look in [Makefile](./Makefile).
+
+<!--
+For Claude and other AI tools: Always prefer make targets over custom commands where possible.
+-->
 
 ## Architecture
 
+### Project Structure
+
 ```
-Agent ──→ aegis-mcp-server ──→ File System
-              │
-              ├── Loads .agentpolicy/ into process memory (once)
-              ├── Watches for policy changes (auto-reload)
-              ├── Validates every tool call against policy
-              └── Returns success or blocked with reason
+├── cmd/                     # Application entry points
+│   └── publisher/           # Server publishing tool
+├── data/                    # Seed data
+├── deploy/                  # Deployment configuration (Pulumi)
+├── docs/                    # Documentation
+├── internal/                # Private application code
+│   ├── api/                 # HTTP handlers and routing
+│   ├── auth/                # Authentication (GitHub OAuth, JWT, namespace blocking)
+│   ├── config/              # Configuration management
+│   ├── database/            # Data persistence (PostgreSQL)
+│   ├── service/             # Business logic
+│   ├── telemetry/           # Metrics and monitoring
+│   └── validators/          # Input validation
+├── pkg/                     # Public packages
+│   ├── api/                 # API types and structures
+│   │   └── v0/              # Version 0 API types
+│   └── model/               # Data models for server.json
+├── scripts/                 # Development and testing scripts
+├── tests/                   # Integration tests
+└── tools/                   # CLI tools and utilities
+    └── validate-*.sh        # Schema validation tools
 ```
 
-Three artifacts, one governance framework:
+### Authentication
+
+Publishing supports multiple authentication methods:
+- **GitHub OAuth** - For publishing by logging into GitHub
+- **GitHub OIDC** - For publishing from GitHub Actions
+- **DNS verification** - For proving ownership of a domain and its subdomains
+- **HTTP verification** - For proving ownership of a domain
 
-- [**aegis-spec**](https://github.com/cleburn/aegis-spec) — Writes the law
-- [**aegis-cli**](https://github.com/cleburn/aegis-cli) — Generates the law
-- **aegis-mcp-server** — Enforces the law
+The registry validates namespace ownership when publishing. E.g. to publish...:
+- `io.github.domdomegg/my-cool-mcp` you must login to GitHub as `domdomegg`, or be in a GitHub Action on domdomegg's repos
+- `me.adamjones/my-cool-mcp` you must prove ownership of `adamjones.me` via DNS or HTTP challenge
 
-## License
+## More documentation
 
-MIT
+See the [documentation](./docs) for more details if your question has not been answered here!

package/assets/icon.svg

@@ -0,0 +1,54 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512" width="512" height="512">
+  <defs>
+    <linearGradient id="shieldGrad" x1="0%" y1="0%" x2="0%" y2="100%">
+      <stop offset="0%" stop-color="#79c0ff"/>
+      <stop offset="35%" stop-color="#58a6ff"/>
+      <stop offset="100%" stop-color="#1f6feb"/>
+    </linearGradient>
+    <clipPath id="roundedBg">
+      <rect width="512" height="512" rx="80"/>
+    </clipPath>
+  </defs>
+
+  <!-- Rounded rectangle background -->
+  <rect width="512" height="512" rx="80" fill="#0d1117"/>
+
+  <!-- Outer shield (blue filled) -->
+  <path d="
+    M 256 56
+    L 120 116
+    L 120 248
+    C 120 348 178 432 256 472
+    C 334 432 392 348 392 248
+    L 392 116
+    Z
+  " fill="url(#shieldGrad)"/>
+
+  <!-- Inner shield cutout (dark) -->
+  <path d="
+    M 256 96
+    L 152 142
+    L 152 248
+    C 152 332 200 404 256 438
+    C 312 404 360 332 360 248
+    L 360 142
+    Z
+  " fill="#0d1117" opacity="0.87"/>
+
+  <!-- Policy line 1 (top, faintest) -->
+  <line x1="196" y1="212" x2="316" y2="212" 
+        stroke="#58a6ff" stroke-width="9" stroke-linecap="round" opacity="0.45"/>
+
+  <!-- Policy line 2 (middle) -->
+  <line x1="196" y1="252" x2="316" y2="252" 
+        stroke="#58a6ff" stroke-width="9" stroke-linecap="round" opacity="0.7"/>
+
+  <!-- Policy line 3 (shorter, full) -->
+  <line x1="196" y1="292" x2="288" y2="292" 
+        stroke="#58a6ff" stroke-width="9" stroke-linecap="round" opacity="1.0"/>
+
+  <!-- Checkmark -->
+  <polyline points="270,332 290,352 330,304" 
+            fill="none" stroke="#58a6ff" stroke-width="10" 
+            stroke-linecap="round" stroke-linejoin="round"/>
+</svg>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "aegis-mcp-server",
-  "version": "0.1.10",
+  "version": "0.1.12",
   "description": "MCP enforcement layer for the Aegis agent governance specification",
   "type": "module",
   "bin": {
@@ -38,5 +38,6 @@
   },
   "engines": {
     "node": ">=18.0.0"
-  }
+  },
+  "mcpName": "io.github.cleburn/aegis-mcp"
 }

package/server.json

@@ -0,0 +1,28 @@
+{
+  "$schema": "https://static.modelcontextprotocol.io/schemas/2025-09-16/server.schema.json",
+  "name": "io.github.cleburn/aegis-mcp",
+  "description": "Runtime governance enforcement for AI agents. Zero token overhead.",
+  "repository": {
+    "url": "https://github.com/cleburn/aegis-mcp",
+    "source": "github"
+  },
+  "version": "0.1.11",
+  "packages": [
+    {
+      "registryType": "npm",
+      "registryBaseUrl": "https://registry.npmjs.org",
+      "identifier": "aegis-mcp-server",
+      "version": "0.1.11",
+      "transport": {
+        "type": "stdio"
+      }
+    }
+  ],
+  "icons": [
+    {
+      "src": "https://raw.githubusercontent.com/cleburn/aegis-mcp/main/assets/icon.png",
+      "type": "image/png",
+      "size": 128
+    }
+  ]
+}