Labsco
StacklokLabs logo

ocireg

โ˜… 12

from StacklokLabs

An SSE-based MCP server that allows LLM-powered applications to interact with OCI registries. It provides tools for retrieving information about container images, listing tags, and more.

๐Ÿ”ฅ๐Ÿ”ฅ๐Ÿ”ฅโœ“ VerifiedAccount requiredNeeds API keys

OCI Registry MCP Server

Trust Score An MCP (Model Context Protocol) server that provides tools for querying OCI registries and image references.

Overview

This project implements an SSE-based MCP server that allows LLM-powered applications to interact with OCI registries. It provides tools for retrieving information about container images, listing tags, and more.

Features

  • Get information about OCI images
  • List tags for repositories
  • Get image manifests
  • Get image configs

MCP Tools

The server provides the following MCP tools:

get_image_info

Get information about an OCI image.

Input:

  • image_ref: The image reference (e.g., docker.io/library/alpine:latest)

Output:

  • Image information including digest, size, architecture, OS, creation date, and number of layers

list_tags

List tags for a repository.

Input:

  • repository: The repository name (e.g., docker.io/library/alpine)

Output:

  • List of tags for the repository

get_image_manifest

Get the manifest for an OCI image.

Input:

  • image_ref: The image reference (e.g., docker.io/library/alpine:latest)

Output:

  • The image manifest

get_image_config

Get the config for an OCI image.

Input:

  • image_ref: The image reference (e.g., docker.io/library/alpine:latest)

Output:

  • The image config

Development

Prerequisites

  • Go 1.21 or later
  • Access to OCI registries

Authentication

The server supports the following authentication methods for accessing private OCI registries (in order of priority):

  1. HTTP Authorization Header (Highest Priority): Include a bearer token in the HTTP request's Authorization header:

    • Authorization: Bearer <your-token>
    • This method takes precedence over all other authentication methods
    • When present, environment variables and Docker config are ignored
  2. Bearer Token Environment Variable: Set the following environment variable:

    • OCI_TOKEN: Bearer token for registry authentication
  3. Username and Password: Set the following environment variables:

    • OCI_USERNAME: Username for registry authentication
    • OCI_PASSWORD: Password for registry authentication
  4. Docker Config (Lowest Priority): If no other authentication is provided, the server will use the default Docker keychain, which reads credentials from ~/.docker/config.json.

Examples:

# HTTP Authorization header (for per-request authentication)
# This is handled automatically by the MCP client when making requests
# Example: curl -H "Authorization: Bearer mytoken" http://localhost:8080/...

# Bearer token authentication via environment variable
export OCI_TOKEN=mytoken

# Username/password authentication via environment variables
export OCI_USERNAME=myuser
export OCI_PASSWORD=mypassword

Port Configuration

The server can be configured to listen on a specific port using either:

  1. Environment Variable:

    • MCP_PORT: The port number to listen on (must be between 0 and 65535)
    • If not set or invalid, defaults to port 8080
  2. Command-line Flag:

    • -port: Overrides the environment variable setting (must be between 0 and 65535)
    • If invalid port provided it defaults to port 8080
    • Example: ./ocireg-mcp -port 9090

Testing

go test ./...

Linting

golangci-lint run