modelcontextprotocol · aphansal123 · Jul 29, 2025 · Jul 29, 2025 · Jul 29, 2025 · Jul 29, 2025
diff --git a/internal/api/handlers/v0/publish.go b/internal/api/handlers/v0/publish.go
@@ -11,6 +11,7 @@ import (
 	"github.com/modelcontextprotocol/registry/internal/auth"
 	"github.com/modelcontextprotocol/registry/internal/database"
 	"github.com/modelcontextprotocol/registry/internal/model"
+	"github.com/modelcontextprotocol/registry/internal/namespace"
 	"github.com/modelcontextprotocol/registry/internal/service"
 	"golang.org/x/net/html"
 )
@@ -54,6 +55,17 @@ func PublishHandler(registry service.RegistryService, authService auth.Service)
 			return
 		}
 
+		// Validate namespace format if it follows domain-scoped convention
+		if err := namespace.ValidateNamespace(serverDetail.Name); err != nil {
+			// If the namespace doesn't follow domain-scoped format, check if it's a legacy format
+			if !errors.Is(err, namespace.ErrInvalidNamespace) {
+				http.Error(w, "Invalid namespace: "+err.Error(), http.StatusBadRequest)
+				return
+			}
+			// For legacy formats, we'll allow them to pass through for now
+			// This provides backward compatibility while encouraging new domain-scoped formats
-			// This provides backward compatibility while encouraging new domain-scoped formats
+			if errors.Is(err, namespace.ErrInvalidNamespace) {
+				// Explicitly check for legacy format
+				if !isLegacyNamespaceFormat(serverDetail.Name) {
+					http.Error(w, "Invalid namespace: "+serverDetail.Name+" is not a valid legacy format", http.StatusBadRequest)
+					return
+				}
+				// For legacy formats, we'll allow them to pass through for now
+				// This provides backward compatibility while encouraging new domain-scoped formats
+			} else {
+				http.Error(w, "Invalid namespace: "+err.Error(), http.StatusBadRequest)
+				return
+			}
-			// This provides backward compatibility while encouraging new domain-scoped formats
+			if errors.Is(err, namespace.ErrInvalidNamespace) {
+				// Explicitly check for legacy format
+				if !isLegacyNamespaceFormat(serverDetail.Name) {
+					http.Error(w, "Invalid namespace: "+serverDetail.Name+" is not a valid legacy format", http.StatusBadRequest)
+					return
+				}
+				// For legacy formats, we'll allow them to pass through for now
+				// This provides backward compatibility while encouraging new domain-scoped formats
+			} else {
+				http.Error(w, "Invalid namespace: "+err.Error(), http.StatusBadRequest)
+				return
+			}
+		}
+
 		// Version is required
 		if serverDetail.VersionDetail.Version == "" {
 			http.Error(w, "Version is required", http.StatusBadRequest)
@@ -73,15 +85,31 @@ func PublishHandler(registry service.RegistryService, authService auth.Service)
 			token = authHeader[7:]
 		}
 
-		// Determine authentication method based on server name prefix
+		// Determine authentication method based on server name format
 		var authMethod model.AuthMethod
-		switch {
-		case strings.HasPrefix(serverDetail.Name, "io.github"):
-			authMethod = model.AuthMethodGitHub
-		// Additional cases can be added here for other prefixes
-		default:
-			// Keep the default auth method as AuthMethodNone
-			authMethod = model.AuthMethodNone
+
+		// Check if the namespace is domain-scoped and extract domain for auth
+		if parsed, err := namespace.ParseNamespace(serverDetail.Name); err == nil {
+			// For domain-scoped namespaces, determine auth method based on domain
+			switch parsed.Domain {
+			case "github.com":
+				authMethod = model.AuthMethodGitHub
+			// Additional domain-specific auth methods can be added here
+			default:
+				// For other domains, require GitHub auth for now
+				// NOTE: Domain verification system needs to be implemented
+				authMethod = model.AuthMethodGitHub
+			}
+		} else {
+			// Legacy namespace format - use existing logic
+			switch {
+			case strings.HasPrefix(serverDetail.Name, "io.github"):
+				authMethod = model.AuthMethodGitHub
+			// Additional cases can be added here for other prefixes
+			default:
+				// Keep the default auth method as AuthMethodNone
+				authMethod = model.AuthMethodNone
+			}
 		}
 
 		serverName := html.EscapeString(serverDetail.Name)

diff --git a/internal/api/handlers/v0/publish_namespace_test.go b/internal/api/handlers/v0/publish_namespace_test.go
@@ -0,0 +1,126 @@
+//nolint:testpackage // Internal package testing allows access to private functions
+package v0
+
+import (
+	"testing"
+
+	"github.com/modelcontextprotocol/registry/internal/namespace"
+)
+
+// TestNamespaceValidationIntegration tests that the namespace validation
+// functionality is working correctly for various namespace formats
+func TestNamespaceValidationIntegration(t *testing.T) {
+	tests := []struct {
+		name        string
+		serverName  string
+		shouldPass  bool
+		description string
+	}{
+		{
+			name:        "valid domain-scoped namespace",
+			serverName:  "com.github/my-server",
+			shouldPass:  true,
+			description: "Standard domain-scoped namespace should be valid",
+		},
+		{
+			name:        "valid subdomain namespace",
+			serverName:  "com.github.api/tool",
+			shouldPass:  true,
+			description: "Subdomain-scoped namespace should be valid",
+		},
+		{
+			name:        "valid apache commons namespace",
+			serverName:  "org.apache.commons/utility",
+			shouldPass:  true,
+			description: "Apache commons style namespace should be valid",
+		},
+		{
+			name:        "valid kubernetes namespace",
+			serverName:  "io.kubernetes/plugin",
+			shouldPass:  true,
+			description: "Kubernetes.io style namespace should be valid",
+		},
+		{
+			name:        "reserved namespace - localhost",
+			serverName:  "com.localhost/server",
+			shouldPass:  false,
+			description: "Reserved localhost namespace should be rejected",
+		},
+		{
+			name:        "reserved namespace - example",
+			serverName:  "com.example/server",
+			shouldPass:  false,
+			description: "Reserved example namespace should be rejected",
+		},
+		{
+			name:        "legacy format - io.github prefix",
+			serverName:  "io.github.username/my-server",
+			shouldPass:  true, // This is valid reverse domain notation
+			description: "Legacy io.github format should be valid as reverse domain notation",
+		},
+		{
+			name:        "invalid format - forward domain notation",
+			serverName:  "github.com/my-server",
+			shouldPass:  false,
+			description: "Forward domain notation should be rejected",
+		},
+		{
+			name:        "invalid format - simple name",
+			serverName:  "my-server",
+			shouldPass:  false,
+			description: "Simple server name should not match domain-scoped pattern",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			err := namespace.ValidateNamespace(tt.serverName)
+
+			if tt.shouldPass {
+				if err != nil {
+					t.Errorf("Expected namespace '%s' to be valid, but got error: %v", tt.serverName, err)
+				}
+			} else {
+				if err == nil {
+					t.Errorf("Expected namespace '%s' to be invalid, but validation passed", tt.serverName)
+				}
+			}
+		})
+	}
+}
+
+// TestDomainExtractionIntegration tests the domain extraction functionality
+func TestDomainExtractionIntegration(t *testing.T) {
+	// Test valid extractions
+	validTests := []struct {
+		namespace string
+		domain    string
+	}{
+		{"com.github/my-server", "github.com"},
+		{"com.github.api/tool", "api.github.com"},
+		{"org.apache.commons/utility", "commons.apache.org"},
+		{"io.kubernetes/plugin", "kubernetes.io"},
+	}
+
+	for _, test := range validTests {
+		t.Run("extract_"+test.domain, func(t *testing.T) {
+			domain, err := namespace.ParseDomainFromNamespace(test.namespace)
+			if err != nil {
+				t.Errorf("Unexpected error: %v", err)
+			} else if domain != test.domain {
+				t.Errorf("Expected '%s', got '%s'", test.domain, domain)
+			}
+		})
+	}
+
+	// Test invalid extractions
+	invalidTests := []string{"invalid-format", "github.com/server", "simple"}
+	for _, test := range invalidTests {
+		t.Run("invalid_"+test, func(t *testing.T) {
+			_, err := namespace.ParseDomainFromNamespace(test)
+			if err == nil {
+				t.Errorf("Expected error for '%s'", test)
+			}
+		})
+	}
+}