Feature/install vectors#11
Merged
Merged
Conversation
Two new distribution channels alongside the .mcpb bundles, both gated by the same smoke test (now supporting --docker <image> and --cmd '<command>' modes in addition to bundle mode): OCI (docker.io/stackql/stackql-mcp): - oci/Dockerfile: debian-slim, non-root, binary from the release zips staged by 'make oci-stage' (COPY --chmod=0755 - host-independent), io.modelcontextprotocol.server.name label for registry validation, CMD with the cwd-safe approot/audit args - make oci (local amd64 build) / make oci-push (multi-arch push) - build.yml: build + in-container smoke at PR time - publish.yml: multi-arch push, soft-skipped without DOCKERHUB_* secrets npm (@stackql/mcp-server): - npx-able launcher: downloads the platform's published .mcpb on first run, verifies sha256 against pins baked into the package, caches under ~/.stackql/mcp-server-bin/, spawns with cwd-safe args; extra args pass through; diagnostics on stderr only - scripts/render-npm-manifest.sh: pins from PUBLISHED .sha256 files (post-publish step, same ordering rule as server-json) - make npm-manifest / make npm-pack; npm publish stays manual (2FA) - build.yml: wrapper smoke via STACKQL_MCP_BUNDLE override (published pins do not exist at PR time for a new version) - publish.yml: renders real pins post-upload, attaches tarball artifact registry/server.template.json gains oci and npm package entries (schema validated against the live registry). mcpName in package.json and the image label satisfy the registry's namespace ownership checks. Verified locally: docker build + smoke (amd64 container, full MCP exercise), npm wrapper end-to-end against published 0.10.500 assets (download, sha verify, extract, cache, spawn, full MCP exercise, cache reuse on second run), npm pack contents (4 files, 3.4kB). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Same launcher pattern as the npm wrapper, in stdlib-only Python (zero dependencies): downloads the platform's published .mcpb on first run, verifies sha256 against pins baked into the package, caches under ~/.stackql/mcp-server-bin/ (shared with the npm wrapper), execs the binary with the cwd-safe args (os.execv on posix, subprocess on Windows). Console scripts: stackql-mcp and stackql-mcp-server (the latter so 'uvx stackql-mcp-server' resolves directly). - pypi/: hatchling pyproject, package module, README with the 'mcp-name: io.github.stackql/stackql-mcp' marker the MCP Registry requires for pypi namespace validation - scripts/render-pypi-manifest.sh + make pypi-manifest / pypi-build (same post-publish ordering rule as npm; twine upload stays manual for 2FA) - build.yml: pypi-wrapper smoke job (venv install, STACKQL_MCP_BUNDLE override); publish.yml: pypi-dist artifact job - registry template: pypi package entry (schema-validated) - docs: install.md section 5 (uvx/pip), README/CLAUDE.md/npm README Verified locally: full smoke via the installed console script against published 0.10.500 assets (download, sha verify, extract, spawn, full MCP exercise), sdist+wheel build, wheel contains platforms.json + entry points + mcp-name marker in METADATA. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Composite action: installs the signed stackql binary (sha256-verified against the release .sha256, or from a local bundle via bundle-path for CI/testing), defaults to read_only server mode, and emits: - binary-path output + PATH entry - mcp-config output (mcpServers JSON) that plugs directly into anthropics/claude-code-action's mcp_config input - STACKQL_MCP_BIN env (the npm/pypi wrappers detect it and skip their own download) build.yml gains an action-test job that installs via the action from a locally built bundle and smokes the server using the action's own emitted config. Lives under action/ for development; GitHub Marketplace listing requires extraction to a public repo with action.yml at the root (planned: stackql/setup-stackql-mcp). Verified locally on Windows: download + sha verify against published pin, extraction, JSON-escaped paths in mcp-config, and a full MCP smoke driven by the emitted config in read_only mode. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.