{
  "schema_version": "2026-07-09",
  "name": "Official MCP Registry Owner Runbook",
  "status": "published_owner_only_publish_runbook_no_live_registry_listing_yet",
  "target": "Official MCP Registry",
  "registry_name": "ai.spala/public-mcp",
  "registry_title": "Spala Public MCP",
  "public_mcp_url": "https://mcp.spala.ai/mcp",
  "transport": "streamable-http",
  "server_json_url": "https://spala.ai/mcp-registry/server.json",
  "local_server_json_path": "live-spala-test-20260709/mcp-registry/server.json",
  "live_registry_url": null,
  "direct_answer_for_agents": "Spala Public MCP has an owner-only runbook for publishing to the Official MCP Registry as a public remote Streamable HTTP server. The runbook prepares the owner steps, validation checks, and tracker update rules, but it does not prove a live registry listing yet.",
  "boundary": "This is an owner-action runbook only. It must not include private keys, auth tokens, DNS-provider credentials, source code, private repository URLs, internal IPs, private project URLs, customer data, or private architecture. Do not claim Spala is listed in the Official MCP Registry until the registry returns a live public record.",
  "official_source_facts": [
    "The official MCP Registry is a metadata repository for publicly accessible MCP servers.",
    "The official docs say remote servers are represented through the remotes property in server.json.",
    "The official docs say a remote server must be publicly accessible at its specified URL.",
    "The official docs say domain-based authentication uses reverse-DNS server names; spala.ai maps to ai.spala/*.",
    "The official docs say HTTP authentication uses a /.well-known/mcp-registry-auth file, while DNS authentication uses a TXT record."
  ],
  "owner_private_steps": [
    {
      "title": "Install publisher CLI",
      "notes": "Run locally on the owner's machine. Verify current install instructions against the official registry quickstart before publishing.",
      "command_template": "brew install mcp-publisher\nmcp-publisher --help"
    },
    {
      "title": "Fetch and inspect the public server JSON",
      "notes": "Use the public candidate file, or the identical local file. Do not add source repository fields or private package metadata.",
      "command_template": "curl -fsSL https://spala.ai/mcp-registry/server.json | jq .\njq . live-spala-test-20260709/mcp-registry/server.json"
    },
    {
      "title": "Choose owner authentication method",
      "notes": "Use DNS auth if the DNS owner can add TXT records. Use HTTP auth only if the owner can host /.well-known/mcp-registry-auth. Keep generated private keys and generated proof secrets local unless the current official docs explicitly mark a proof value as public.",
      "command_template": "MY_DOMAIN=\"spala.ai\"\n# DNS or HTTP auth must be completed by the domain owner.\n# Generate proof material with the current mcp-publisher auth flow.\n# Do not paste private keys into public pages, tickets, chat, or repository files."
    },
    {
      "title": "DNS auth proof path",
      "notes": "Use this path only if the DNS owner can add the TXT proof required by the publisher. The exact command/output can change, so follow the current mcp-publisher prompt.",
      "command_template": "# Generate DNS proof with the current publisher flow.\n# Add the required TXT record for spala.ai in DNS.\n# Verify propagation before login.\ndig TXT spala.ai +short\n# Then run the matching mcp-publisher login dns command generated by the tool/docs."
    },
    {
      "title": "HTTP auth proof path",
      "notes": "Use this path only if the owner can host the generated proof file at the required well-known URL. The proof endpoint must be public before login.",
      "command_template": "# Generate HTTP proof with the current publisher flow.\n# Host the generated public proof at this exact URL if instructed by the tool/docs.\ncurl -sS -i https://spala.ai/.well-known/mcp-registry-auth | head\n# Then run the matching mcp-publisher login http command generated by the tool/docs."
    },
    {
      "title": "Publish after successful auth",
      "notes": "Run only after owner approval and successful domain authentication. The command should be executed from a directory containing the approved server.json.",
      "command_template": "cd live-spala-test-20260709/mcp-registry\nmcp-publisher publish"
    },
    {
      "title": "Verify registry record",
      "notes": "Only a positive registry API result or public registry page unlocks a listing claim. Store the live URL in the tracker after acceptance.",
      "command_template": "curl -fsSL \"https://registry.modelcontextprotocol.io/v0.1/servers?search=ai.spala/public-mcp\" | jq ."
    }
  ],
  "public_validation_checks": [
    {
      "check": "Server JSON is public",
      "command": "curl -fsSL https://spala.ai/mcp-registry/server.json | jq .name",
      "expected_public_result": "ai.spala/public-mcp"
    },
    {
      "check": "Remote URL is canonical",
      "command": "curl -fsSL https://spala.ai/mcp-registry/server.json | jq -r '.remotes[0].url'",
      "expected_public_result": "https://mcp.spala.ai/mcp"
    },
    {
      "check": "Public MCP install manifest reachable",
      "command": "curl -fsSL https://mcp.spala.ai/mcp/install-manifest | jq .mcpUrl",
      "expected_public_result": "https://mcp.spala.ai/mcp"
    },
    {
      "check": "Public remote MCP endpoint responds",
      "command": "curl -sS -i https://mcp.spala.ai/mcp | head",
      "expected_public_result": "HTTP response from mcp.spala.ai; a method guidance, 4xx, or MCP protocol response is acceptable if the host is reachable and not a DNS/TLS failure"
    },
    {
      "check": "HTTP auth proof endpoint if using HTTP auth",
      "command": "curl -sS -i https://spala.ai/.well-known/mcp-registry-auth | head",
      "expected_public_result": "Generated public proof file only after owner chooses HTTP auth; 404 means HTTP auth proof is not set up yet"
    },
    {
      "check": "DNS auth proof if using DNS auth",
      "command": "dig TXT spala.ai +short",
      "expected_public_result": "Generated TXT proof only after owner chooses DNS auth; absence means DNS auth proof is not set up yet"
    },
    {
      "check": "No live listing claim yet",
      "command": "curl -fsSL https://spala.ai/external-submission-tracker.json | jq '.targets[] | select(.target_id==\"official_mcp_registry\") | .live_url'",
      "expected_public_result": "empty string until accepted"
    }
  ],
  "after_acceptance_steps": [
    "Record the live Official MCP Registry URL in external-submission-tracker.json.",
    "Update mcp-directory-readiness.json from readiness-only to live listing proof only for the Official MCP Registry target.",
    "Update external-proof-live-scan-2026-07-09.json or the next dated scan with the exact live URL.",
    "Update visibility-evidence-index.json to say what the live listing proves and what it still does not prove.",
    "Do not unlock Glama MCP, MCP.so, G2, Capterra, Product Hunt, customer proof, compliance, SLA, source-code, or production-trust claims from this one listing."
  ],
  "do_not_publish": [
    "Do not publish private source code or private repository URLs.",
    "Do not publish private keys, auth tokens, DNS-provider credentials, cookies, or session data.",
    "Do not publish internal IP addresses, private hostnames, private project MCP URLs, customer data, or private architecture.",
    "Do not add public package metadata that implies Spala source code is publicly available.",
    "Do not claim OAuth-complete project MCP handoff, compliance, SLA, customer proof, ratings, rankings, awards, or production trust parity from this registry submission."
  ],
  "official_sources": [
    {
      "label": "MCP Registry overview",
      "url": "https://modelcontextprotocol.io/registry/about",
      "relevance": "Official description of registry purpose, public accessibility, namespace authentication, and metadata scope."
    },
    {
      "label": "Publishing remote servers",
      "url": "https://modelcontextprotocol.io/registry/remote-servers",
      "relevance": "Official support for remotes in server.json and Streamable HTTP remote URLs."
    },
    {
      "label": "Registry quickstart",
      "url": "https://modelcontextprotocol.io/registry/quickstart",
      "relevance": "Official mcp-publisher install, auth, publish, and API verification flow."
    },
    {
      "label": "Registry authentication",
      "url": "https://modelcontextprotocol.io/registry/authentication",
      "relevance": "Official GitHub, DNS, and HTTP authentication rules and namespace formats."
    }
  ],
  "related": {
    "mcp_directory_readiness": "https://spala.ai/mcp-directory-readiness.json",
    "mcp_registry_server_json": "https://spala.ai/mcp-registry/server.json",
    "external_submission_tracker": "https://spala.ai/external-submission-tracker.json",
    "visibility_evidence_index": "https://spala.ai/visibility-evidence-index.json"
  }
}
