Improve editor experience for server.json using schema (#441)

joelverhagen · web-flow · commit f32ecf0fe8fb · 2025-09-11T18:29:25.000-07:00
## Motivation and Context Currently there are a couple shortcomings I found in the server.schema.json: - It uses `https://json-schema.org/draft/2020-12/schema` which is unfortunately [not supported by VS Code](microsoft/vscode#165219) - The Package schema does not require properties that are required by the service This means that need to round trip with the publish endpoint (perhaps spinning CI builds) to get the server.json right. It would be great if we could shift left and get indications in VS Code easier. I propose we downgrade the schema to `http://json-schema.org/draft-07/schema#`. The only difference for us is the name of `$def` pointers. I looked that [SchemaStore](https://github.com/SchemaStore/schemastore) and it looks like `draft-07` is by far the most popular. I believe the concession of using an older schema is worth it to get VS Code editor hints. Schema version | Count in SchemaStore -- | -- `http://json-schema.org/draft-04/schema#` | 292 `http://json-schema.org/draft-07/schema#` | 1972 `https://json-schema.org/draft/2019-09/schema` | 4 `https://json-schema.org/draft/2020-12/schema` | 4  ## Open questions - [ ] Should package `transport` actually be required? Or should `stdio` be assumed? - [ ] Should package `registry_base_url` be required? All of the examples have it it's not required by the publish endpoint. ## How Has This Been Tested?  I have tried the new schema inside VS Code and I get helpful warning. For example, these are the warnings for the old schema. <img width="1561" height="919" alt="image" src="https://github.com/user-attachments/assets/474170b8-acf8-4dca-a3d9-66c68c0d1902" /> I have run these: `go run .\tools\validate-examples\main.go` `go run .\tools\validate-schemas\main.go ` ## Breaking Changes I don't think these are breaking changes. I am expressing what the publish endpoint enforces at runtime. ## Types of changes  - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [x] Documentation update ## Checklist  - [ ] I have read the [MCP Documentation](https://modelcontextprotocol.io) - [ ] My code follows the repository's style guidelines - [ ] New and existing tests pass locally - [ ] I have added appropriate error handling - [x] I have added or updated documentation as needed ## Additional context
diff --git a/docs/reference/server-json/server.schema.json b/docs/reference/server-json/server.schema.json
@@ -1,9 +1,9 @@
 {
-  "$schema": "https://json-schema.org/draft/2020-12/schema",
+  "$schema": "http://json-schema.org/draft-07/schema#",
   "$id": "https://static.modelcontextprotocol.io/schemas/2025-07-09/server.schema.json",
   "title": "MCP Server Detail",
-  "$ref": "#/$defs/ServerDetail",
-  "$defs": {
+  "$ref": "#/definitions/ServerDetail",
+  "definitions": {
     "Repository": {
       "type": "object",
       "description": "Repository metadata for the MCP server source code. Enables users and security experts to inspect the code, improving transparency.",
@@ -65,7 +65,7 @@
           "description": "Server lifecycle status. 'deprecated' indicates the server is no longer recommended for new usage. 'deleted' indicates the server should never be installed and existing installations should be uninstalled - this is rare, and usually indicates malware or a legal takedown."
         },
         "repository": {
-          "$ref": "#/$defs/Repository",
+          "$ref": "#/definitions/Repository",
           "description": "Optional repository metadata for the MCP server source code. Recommended for transparency and security inspection."
         },
         "version": {
@@ -84,6 +84,13 @@
     },
     "Package": {
       "type": "object",
+      "additionalProperties": false,
+      "required": [
+        "registry_type",
+        "identifier",
+        "version",
+        "transport"
+      ],
       "properties": {
         "registry_type": {
           "type": "string",
@@ -104,6 +111,9 @@
         "version": {
           "type": "string",
           "description": "Package version",
+          "not": {
+            "const": "latest"
+          },
           "example": "1.0.2",
           "minLength": 1,
           "remarks": "Must be a specific version. Version ranges are rejected (e.g., '^1.2.3', '~1.2.3', '>=1.2.3', '1.x', '1.*')."
@@ -127,13 +137,13 @@
         "transport": {
           "anyOf": [
             {
-              "$ref": "#/$defs/StdioTransport"
+              "$ref": "#/definitions/StdioTransport"
             },
             {
-              "$ref": "#/$defs/StreamableHttpTransport"
+              "$ref": "#/definitions/StreamableHttpTransport"
             },
             {
-              "$ref": "#/$defs/SseTransport"
+              "$ref": "#/definitions/SseTransport"
             }
           ],
           "description": "Transport protocol configuration for the package"
@@ -142,21 +152,21 @@
           "type": "array",
           "description": "A list of arguments to be passed to the package's runtime command (such as docker or npx). The `runtime_hint` field should be provided when `runtime_arguments` are present.",
           "items": {
-            "$ref": "#/$defs/Argument"
+            "$ref": "#/definitions/Argument"
           }
         },
         "package_arguments": {
           "type": "array",
           "description": "A list of arguments to be passed to the package's binary.",
           "items": {
-            "$ref": "#/$defs/Argument"
+            "$ref": "#/definitions/Argument"
           }
         },
         "environment_variables": {
           "type": "array",
           "description": "A mapping of environment variables to be set when running the package.",
           "items": {
-            "$ref": "#/$defs/KeyValueInput"
+            "$ref": "#/definitions/KeyValueInput"
           }
         }
       }
@@ -209,7 +219,7 @@
     "InputWithVariables": {
       "allOf": [
         {
-          "$ref": "#/$defs/Input"
+          "$ref": "#/definitions/Input"
         },
         {
           "type": "object",
@@ -218,7 +228,7 @@
               "type": "object",
               "description": "A map of variable names to their values. Keys in the input `value` that are wrapped in `{curly_braces}` will be replaced with the corresponding variable values.",
               "additionalProperties": {
-                "$ref": "#/$defs/Input"
+                "$ref": "#/definitions/Input"
               }
             }
           }
@@ -229,7 +239,7 @@
       "description": "A positional input is a value inserted verbatim into the command line.",
       "allOf": [
         {
-          "$ref": "#/$defs/InputWithVariables"
+          "$ref": "#/definitions/InputWithVariables"
         },
         {
           "type": "object",
@@ -274,7 +284,7 @@
       "description": "A command-line `--flag={value}`.",
       "allOf": [
         {
-          "$ref": "#/$defs/InputWithVariables"
+          "$ref": "#/definitions/InputWithVariables"
         },
         {
           "type": "object",
@@ -307,7 +317,7 @@
     "KeyValueInput": {
       "allOf": [
         {
-          "$ref": "#/$defs/InputWithVariables"
+          "$ref": "#/definitions/InputWithVariables"
         },
         {
           "type": "object",
@@ -328,10 +338,10 @@
       "description": "Warning: Arguments construct command-line parameters that may contain user-provided input. This creates potential command injection risks if clients execute commands in a shell environment. For example, a malicious argument value like ';rm -rf ~/Development' could execute dangerous commands. Clients should prefer non-shell execution methods (e.g., posix_spawn) when possible to eliminate injection risks entirely. Where not possible, clients should obtain consent from users or agents to run the resolved command before execution.",
       "anyOf": [
         {
-          "$ref": "#/$defs/PositionalArgument"
+          "$ref": "#/definitions/PositionalArgument"
         },
         {
-          "$ref": "#/$defs/NamedArgument"
+          "$ref": "#/definitions/NamedArgument"
         }
       ]
     },
@@ -375,7 +385,7 @@
           "type": "array",
           "description": "HTTP headers to include",
           "items": {
-            "$ref": "#/$defs/KeyValueInput"
+            "$ref": "#/definitions/KeyValueInput"
           }
         }
       }
@@ -405,7 +415,7 @@
           "type": "array",
           "description": "HTTP headers to include",
           "items": {
-            "$ref": "#/$defs/KeyValueInput"
+            "$ref": "#/definitions/KeyValueInput"
           }
         }
       }
@@ -414,7 +424,7 @@
       "description": "Schema for a static representation of an MCP server. Used in various contexts related to discovery, installation, and configuration.",
       "allOf": [
         {
-          "$ref": "#/$defs/Server"
+          "$ref": "#/definitions/Server"
         },
         {
           "type": "object",
@@ -428,18 +438,18 @@
             "packages": {
               "type": "array",
               "items": {
-                "$ref": "#/$defs/Package"
+                "$ref": "#/definitions/Package"
               }
             },
             "remotes": {
               "type": "array",
               "items": {
                 "anyOf": [
                   {
-                    "$ref": "#/$defs/StreamableHttpTransport"
+                    "$ref": "#/definitions/StreamableHttpTransport"
                   },
                   {
-                    "$ref": "#/$defs/SseTransport"
+                    "$ref": "#/definitions/SseTransport"
                   }
                 ]
               }
diff --git a/tools/validate-examples/main.go b/tools/validate-examples/main.go
@@ -160,7 +160,7 @@ func extractExamples(path string) ([]example, error) {
 
 	// Regex to match JSON code blocks in markdown
 	// Captures everything between ```json and ```
-	re := regexp.MustCompile("(?s)```json\n(.*?)\n```")
+	re := regexp.MustCompile("(?s)```json\r?\n(.*?)\r?\n```")
 	matches := re.FindAllStringSubmatchIndex(content, -1)
 
 	var examples []example

Original file line number	Diff line number	Diff line change
`@@ -1,9 +1,9 @@`
`1`	`1`	`{`
`2`		`- "$schema": "https://json-schema.org/draft/2020-12/schema",`
	`2`	`+ "$schema": "http://json-schema.org/draft-07/schema#",`
`3`	`3`	`"$id": "https://static.modelcontextprotocol.io/schemas/2025-07-09/server.schema.json",`
`4`	`4`	`"title": "MCP Server Detail",`
`5`		`- "$ref": "#/$defs/ServerDetail",`
`6`		`- "$defs": {`
	`5`	`+ "$ref": "#/definitions/ServerDetail",`
	`6`	`+ "definitions": {`
`7`	`7`	`"Repository": {`
`8`	`8`	`"type": "object",`
`9`	`9`	`"description": "Repository metadata for the MCP server source code. Enables users and security experts to inspect the code, improving transparency.",`
`@@ -65,7 +65,7 @@`
`65`	`65`	`"description": "Server lifecycle status. 'deprecated' indicates the server is no longer recommended for new usage. 'deleted' indicates the server should never be installed and existing installations should be uninstalled - this is rare, and usually indicates malware or a legal takedown."`
`66`	`66`	`},`
`67`	`67`	`"repository": {`
`68`		`- "$ref": "#/$defs/Repository",`
	`68`	`+ "$ref": "#/definitions/Repository",`
`69`	`69`	`"description": "Optional repository metadata for the MCP server source code. Recommended for transparency and security inspection."`
`70`	`70`	`},`
`71`	`71`	`"version": {`
`@@ -84,6 +84,13 @@`
`84`	`84`	`},`
`85`	`85`	`"Package": {`
`86`	`86`	`"type": "object",`
	`87`	`+ "additionalProperties": false,`
	`88`	`+ "required": [`
	`89`	`+ "registry_type",`
	`90`	`+ "identifier",`
	`91`	`+ "version",`
	`92`	`+ "transport"`
	`93`	`+ ],`
`87`	`94`	`"properties": {`
`88`	`95`	`"registry_type": {`
`89`	`96`	`"type": "string",`
`@@ -104,6 +111,9 @@`
`104`	`111`	`"version": {`
`105`	`112`	`"type": "string",`
`106`	`113`	`"description": "Package version",`
	`114`	`+ "not": {`
	`115`	`+ "const": "latest"`
	`116`	`+ },`
`107`	`117`	`"example": "1.0.2",`
`108`	`118`	`"minLength": 1,`
`109`	`119`	`"remarks": "Must be a specific version. Version ranges are rejected (e.g., '^1.2.3', '~1.2.3', '>=1.2.3', '1.x', '1.*')."`
`@@ -127,13 +137,13 @@`
`127`	`137`	`"transport": {`
`128`	`138`	`"anyOf": [`
`129`	`139`	`{`
`130`		`- "$ref": "#/$defs/StdioTransport"`
	`140`	`+ "$ref": "#/definitions/StdioTransport"`
`131`	`141`	`},`
`132`	`142`	`{`
`133`		`- "$ref": "#/$defs/StreamableHttpTransport"`
	`143`	`+ "$ref": "#/definitions/StreamableHttpTransport"`
`134`	`144`	`},`
`135`	`145`	`{`
`136`		`- "$ref": "#/$defs/SseTransport"`
	`146`	`+ "$ref": "#/definitions/SseTransport"`
`137`	`147`	`}`
`138`	`148`	`],`
`139`	`149`	`"description": "Transport protocol configuration for the package"`
`@@ -142,21 +152,21 @@`
`142`	`152`	`"type": "array",`
`143`	`153`	"description": "A list of arguments to be passed to the package's runtime command (such as docker or npx). The `runtime_hint` field should be provided when `runtime_arguments` are present.",
`144`	`154`	`"items": {`
`145`		`- "$ref": "#/$defs/Argument"`
	`155`	`+ "$ref": "#/definitions/Argument"`
`146`	`156`	`}`
`147`	`157`	`},`
`148`	`158`	`"package_arguments": {`
`149`	`159`	`"type": "array",`
`150`	`160`	`"description": "A list of arguments to be passed to the package's binary.",`
`151`	`161`	`"items": {`
`152`		`- "$ref": "#/$defs/Argument"`
	`162`	`+ "$ref": "#/definitions/Argument"`
`153`	`163`	`}`
`154`	`164`	`},`
`155`	`165`	`"environment_variables": {`
`156`	`166`	`"type": "array",`
`157`	`167`	`"description": "A mapping of environment variables to be set when running the package.",`
`158`	`168`	`"items": {`
`159`		`- "$ref": "#/$defs/KeyValueInput"`
	`169`	`+ "$ref": "#/definitions/KeyValueInput"`
`160`	`170`	`}`
`161`	`171`	`}`
`162`	`172`	`}`
`@@ -209,7 +219,7 @@`
`209`	`219`	`"InputWithVariables": {`
`210`	`220`	`"allOf": [`
`211`	`221`	`{`
`212`		`- "$ref": "#/$defs/Input"`
	`222`	`+ "$ref": "#/definitions/Input"`
`213`	`223`	`},`
`214`	`224`	`{`
`215`	`225`	`"type": "object",`
`@@ -218,7 +228,7 @@`
`218`	`228`	`"type": "object",`
`219`	`229`	"description": "A map of variable names to their values. Keys in the input `value` that are wrapped in `{curly_braces}` will be replaced with the corresponding variable values.",
`220`	`230`	`"additionalProperties": {`
`221`		`- "$ref": "#/$defs/Input"`
	`231`	`+ "$ref": "#/definitions/Input"`
`222`	`232`	`}`
`223`	`233`	`}`
`224`	`234`	`}`
`@@ -229,7 +239,7 @@`
`229`	`239`	`"description": "A positional input is a value inserted verbatim into the command line.",`
`230`	`240`	`"allOf": [`
`231`	`241`	`{`
`232`		`- "$ref": "#/$defs/InputWithVariables"`
	`242`	`+ "$ref": "#/definitions/InputWithVariables"`
`233`	`243`	`},`
`234`	`244`	`{`
`235`	`245`	`"type": "object",`
`@@ -274,7 +284,7 @@`
`274`	`284`	"description": "A command-line `--flag={value}`.",
`275`	`285`	`"allOf": [`
`276`	`286`	`{`
`277`		`- "$ref": "#/$defs/InputWithVariables"`
	`287`	`+ "$ref": "#/definitions/InputWithVariables"`
`278`	`288`	`},`
`279`	`289`	`{`
`280`	`290`	`"type": "object",`
`@@ -307,7 +317,7 @@`
`307`	`317`	`"KeyValueInput": {`
`308`	`318`	`"allOf": [`
`309`	`319`	`{`
`310`		`- "$ref": "#/$defs/InputWithVariables"`
	`320`	`+ "$ref": "#/definitions/InputWithVariables"`
`311`	`321`	`},`
`312`	`322`	`{`
`313`	`323`	`"type": "object",`
`@@ -328,10 +338,10 @@`
`328`	`338`	"description": "Warning: Arguments construct command-line parameters that may contain user-provided input. This creates potential command injection risks if clients execute commands in a shell environment. For example, a malicious argument value like ';rm -rf ~/Development' could execute dangerous commands. Clients should prefer non-shell execution methods (e.g., posix_spawn) when possible to eliminate injection risks entirely. Where not possible, clients should obtain consent from users or agents to run the resolved command before execution.",
`329`	`339`	`"anyOf": [`
`330`	`340`	`{`
`331`		`- "$ref": "#/$defs/PositionalArgument"`
	`341`	`+ "$ref": "#/definitions/PositionalArgument"`
`332`	`342`	`},`
`333`	`343`	`{`
`334`		`- "$ref": "#/$defs/NamedArgument"`
	`344`	`+ "$ref": "#/definitions/NamedArgument"`
`335`	`345`	`}`
`336`	`346`	`]`
`337`	`347`	`},`
`@@ -375,7 +385,7 @@`
`375`	`385`	`"type": "array",`
`376`	`386`	`"description": "HTTP headers to include",`
`377`	`387`	`"items": {`
`378`		`- "$ref": "#/$defs/KeyValueInput"`
	`388`	`+ "$ref": "#/definitions/KeyValueInput"`
`379`	`389`	`}`
`380`	`390`	`}`
`381`	`391`	`}`
`@@ -405,7 +415,7 @@`
`405`	`415`	`"type": "array",`
`406`	`416`	`"description": "HTTP headers to include",`
`407`	`417`	`"items": {`
`408`		`- "$ref": "#/$defs/KeyValueInput"`
	`418`	`+ "$ref": "#/definitions/KeyValueInput"`
`409`	`419`	`}`
`410`	`420`	`}`
`411`	`421`	`}`
`@@ -414,7 +424,7 @@`
`414`	`424`	`"description": "Schema for a static representation of an MCP server. Used in various contexts related to discovery, installation, and configuration.",`
`415`	`425`	`"allOf": [`
`416`	`426`	`{`
`417`		`- "$ref": "#/$defs/Server"`
	`427`	`+ "$ref": "#/definitions/Server"`
`418`	`428`	`},`
`419`	`429`	`{`
`420`	`430`	`"type": "object",`
`@@ -428,18 +438,18 @@`
`428`	`438`	`"packages": {`
`429`	`439`	`"type": "array",`
`430`	`440`	`"items": {`
`431`		`- "$ref": "#/$defs/Package"`
	`441`	`+ "$ref": "#/definitions/Package"`
`432`	`442`	`}`
`433`	`443`	`},`
`434`	`444`	`"remotes": {`
`435`	`445`	`"type": "array",`
`436`	`446`	`"items": {`
`437`	`447`	`"anyOf": [`
`438`	`448`	`{`
`439`		`- "$ref": "#/$defs/StreamableHttpTransport"`
	`449`	`+ "$ref": "#/definitions/StreamableHttpTransport"`
`440`	`450`	`},`
`441`	`451`	`{`
`442`		`- "$ref": "#/$defs/SseTransport"`
	`452`	`+ "$ref": "#/definitions/SseTransport"`
`443`	`453`	`}`
`444`	`454`	`]`
`445`	`455`	`}`