diff --git a/LICENSE b/LICENSE index 81436d1..53a89b0 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ MIT License -Copyright (c) 2022 StackQL Studios +Copyright (c) 2022-2026 StackQL Studios Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/listings.md b/listings.md index 7dc7d69..732adc1 100644 --- a/listings.md +++ b/listings.md @@ -23,31 +23,28 @@ are not listed here. | Venue | Type | How to list | Status | Date | Listing URL | Follow up | Last Updated | |---|---|---|---|---|---|---|---| | Official MCP Registry | Canonical metadata registry | `mcp-publisher` CLI + `server.json` | ✅ Published | 2026-06-12 | [modelcontextprotocol.io/search](https://registry.modelcontextprotocol.io/v0/servers?search=stackql)
[modelcontextprotocol.io/direct](https://registry.modelcontextprotocol.io/v0/servers?search=io.github.stackql/stackql-mcp) | v0.10.500.2 now advertises all 7 package types (mcpb x4, oci, npm, pypi) | 2026-06-15 | +| GitHub MCP Registry | GitHub discovery surface | Auto-ingest from official registry (not yet shipped) | 🟡 Blocked upstream | 2026-06-16 | [github-mcp](https://github.com/mcp?search=stackql) | Prerequisite DONE (we're in the official registry). github.com/mcp is currently a CURATED directory; the auto-ingest from the official registry is announced but NOT built yet (GitHub blog, future tense). Not a package-type or config issue on our end - confirmed still empty 06-16 after adding npm/oci/pypi. Waiting on GitHub to ship the bridge; meanwhile maximise curation signals on stackql/stackql (MCP topics + README section) and check for a direct inclusion path | 2026-06-16 | +| VS Code MCP Gallery | IDE client gallery (@mcp in Extensions view) | Ingests from GitHub MCP Registry | 🟡 Blocked upstream | 2026-06-16 | [docs](https://code.visualstudio.com/docs/agent-customization/mcp-servers) | Downstream of GitHub MCP Registry - the `@mcp` gallery pulls from it, so this follows automatically once that row lands. No separate submission. Manual `.vscode/mcp.json` with npx works today regardless of gallery listing | 2026-06-16 | +| Anthropic Connectors / Desktop Extensions Directory | Vendor directory (Claude) | Review form, Anthropic-vetted | 🟡 Pending Review | 2026-06-13 | | Follow up on submission review ([Google Form](https://docs.google.com/forms/u/0/d/e/1FAIpQLScHtjkiCNjpqnWtFLIQStChXlvVcvX8NPXkMfjtYPDPymgang/viewform?usp=form_confirm)) | 2026-06-13 | +| Docker MCP Catalog | Curated infra catalogue | PR to docker/mcp-registry | 🟡 In Progress (upstream PR pending) | 2026-06-15 | | server.yaml prepared in the stackql/mcp-registry fork (community-image, points at public stackql/stackql-mcp); pending PR to docker/mcp-registry upstream + their review | 2026-06-15 | | npm | Package registry | `npm publish` | ✅ Published | 2026-06-15 | [@stackql/mcp-server](https://www.npmjs.com/package/@stackql/mcp-server) | npx launcher | 2026-06-15 | | PyPI | Package registry | `twine upload` | ✅ Published | 2026-06-15 | [stackql-mcp-server](https://pypi.org/project/stackql-mcp-server/) | uvx/pip launcher | 2026-06-15 | | Docker Hub | Container registry | `docker buildx --push` | ✅ Published | 2026-06-15 | [stackql/stackql-mcp](https://hub.docker.com/r/stackql/stackql-mcp) | multi-arch amd64+arm64 | 2026-06-15 | | GitHub Actions Marketplace | CI marketplace (setup-stackql-mcp action) | Public repo + release + marketplace listing | ✅ Published | 2026-06-15 | [setup-stackql-mcp-server](https://github.com/marketplace/actions/setup-stackql-mcp-server) | Verified publisher; own repo stackql/setup-stackql-mcp | 2026-06-15 | | mcpmarket.com | Aggregator | Submit on site | ✅ Published | 2026-06-13 | [mcpmarket](https://mcpmarket.com/server/stackql) | | 2026-06-13 | -| mcpservers.org | Awesome-list site | Ingests the awesome list | ✅ Published | 2026-06-13 | [mcpservers.org](https://mcpservers.org/servers/stackql-mcp-server) | | 2026-06-13 | -| PulseMCP | Discovery, registry backer | Ingests official registry | ✅ Published | 2026-06-15 | [pulsemcp](https://www.pulsemcp.com/servers?q=stackql) | Confirmed live (Official badge) | 2026-06-15 | -| GitHub MCP Registry | GitHub discovery surface | Auto-ingest from official registry (not yet shipped) | 🟡 Blocked upstream | 2026-06-16 | [github-mcp](https://github.com/mcp?search=stackql) | Prerequisite DONE (we're in the official registry). github.com/mcp is currently a CURATED directory; the auto-ingest from the official registry is announced but NOT built yet (GitHub blog, future tense). Not a package-type or config issue on our end - confirmed still empty 06-16 after adding npm/oci/pypi. Waiting on GitHub to ship the bridge; meanwhile maximise curation signals on stackql/stackql (MCP topics + README section) and check for a direct inclusion path | 2026-06-16 | -| Anthropic Connectors / Desktop Extensions Directory | Vendor directory (Claude) | Review form, Anthropic-vetted | 🟡 Pending Review | 2026-06-13 | | Follow up on submission review ([Google Form](https://docs.google.com/forms/u/0/d/e/1FAIpQLScHtjkiCNjpqnWtFLIQStChXlvVcvX8NPXkMfjtYPDPymgang/viewform?usp=form_confirm)) | 2026-06-13 | | mcp.so | Largest aggregator | Self-submit on site | 🟡 Published (config update propagating) | 2026-06-13 | [mcp.so](https://mcp.so/server/stackql/stackql) | Server Config edited to npx form 06-15; verify public page reflects + List Tools/Playground work | 2026-06-15 | -| Cursor Directory | IDE client directory | Submit to Cursor directory | 🟡 Pending Verification | 2026-06-13 | https://cursor.directory/plugins/stackql-mcp-server | Submit for verification | 2026-06-13 | -| Glama.ai MCP | Searchable marketplace | Auto-indexes GitHub; claim/submit | 🟡 Pending Review | 2026-06-13 | | Follow up on submission review | 2026-06-13 | -| Smithery.ai | Registry + hosting + analytics | `smithery mcp publish` | ⊘ N/A | 2026-06-15 | | Doesn't fit our shape: `mcp publish` caps bundles at 25 MB (ours ~37 MB, embeds the binary) and the only other path is a hosted HTTP URL we don't have. Revisit only with a hosted endpoint or a thin npx-wrapper bundle | 2026-06-15 | -| Docker MCP Catalog | Curated infra catalogue | PR to docker/mcp-registry | 🟡 In Progress (upstream PR pending) | 2026-06-15 | | server.yaml prepared in the stackql/mcp-registry fork (community-image, points at public stackql/stackql-mcp); pending PR to docker/mcp-registry upstream + their review | 2026-06-15 | -| mpak | Binary-native registry, trust scoring | `mcpb-pack` action / publish | ☐ Not Submitted | | | Publish signed package | 2026-06-13 | -| VS Code MCP Gallery | IDE client gallery (@mcp in Extensions view) | Ingests from GitHub MCP Registry | 🟡 Blocked upstream | 2026-06-16 | [docs](https://code.visualstudio.com/docs/agent-customization/mcp-servers) | Downstream of GitHub MCP Registry - the `@mcp` gallery pulls from it, so this follows automatically once that row lands. No separate submission. Manual `.vscode/mcp.json` with npx works today regardless of gallery listing | 2026-06-16 | -| Cline MCP Marketplace | In-client marketplace | GitHub PR to marketplace repo | ☐ Not Submitted | | | Submit marketplace PR | 2026-06-13 | +| mcpservers.org | Awesome-list site | Ingests the awesome list | ✅ Published | 2026-06-13 | [mcpservers.org](https://mcpservers.org/servers/stackql-mcp-server) | | 2026-06-13 | +| PulseMCP | Discovery, registry backer | Ingests official registry | ✅ Published | 2026-06-15 | [pulsemcp](https://www.pulsemcp.com/servers/stackql) | Confirmed live (Official badge) | 2026-06-15 | +| Glama.ai MCP | Searchable marketplace | Auto-indexes GitHub; claim/submit | ✅ Published | 2026-06-13 | [glama.ai](https://glama.ai/mcp/servers/stackql/stackql) | Follow up on submission review | 2026-06-13 | +| Cursor Directory | IDE client directory | Submit to Cursor directory | ✅ Published | 2026-06-13 | https://cursor.directory/plugins/stackql-mcp-server | Submit for verification | 2026-06-13 | | mcp.directory | Aggregator | Submit on site (auto-pull npm/PyPI) | 🟡 Submitted | 2026-06-15 | | Submitted 06-15, 24h review + email on publish; confirm live ~06-16 | 2026-06-15 | -| awesome-mcp-servers | Curated GitHub list | GitHub PR/issue | 🟡 Pending Review | 2026-06-13 | https://github.com/punkpeye/awesome-mcp-servers/pull/7417 | Submit to Glama and update PR #7417 | 2026-06-13 | +| awesome-mcp-servers | Curated GitHub list | GitHub PR/issue | 🟡 Pending Review | 2026-06-16 | https://github.com/punkpeye/awesome-mcp-servers/pull/8138 | Await feedback | 2026-06-13 | +| Goose Extensions (Block) | In-client extension directory | PR/submit to goose extensions site | 🟡 Submitted | 2026-06-16 | https://goose-docs.ai/extensions/detail?id=stackql | Submitted PR https://github.com/aaif-goose/goose/pull/9816 | 2026-06-16 | +| Cline MCP Marketplace | In-client marketplace | GitHub Issue to marketplace repo | 🟡 Submitted | | | https://github.com/cline/mcp-marketplace/issues/1803 | 2026-06-13 | +| mpak | Binary-native registry, trust scoring | `mcpb-pack` action / publish | ☐ Not Submitted | | | Publish signed package | 2026-06-13 | | MCP Index | Aggregator | Submit on site | ☐ Not Submitted | | | Submit listing | 2026-06-13 | -| Goose Extensions (Block) | In-client extension directory | PR/submit to goose extensions site | ☐ Not Submitted | | | Verify current submission path; CLI-command extension fits the binary/npx vectors | 2026-06-13 | | Zed Extensions | IDE extension registry (context servers) | PR to zed-industries/extensions | ☐ Not Submitted | | | Wrap as a Zed context-server extension (npx wrapper) | 2026-06-13 | | Warp MCP Catalog | Terminal client MCP directory | Submit to Warp's MCP catalog | ☐ Not Submitted | | | Verify current submission path | 2026-06-13 | -| Roo Code MCP Marketplace | In-client marketplace | Submit to Roo marketplace repo | ☐ Not Submitted | | | Verify current submission path | 2026-06-13 | -| GitHub Actions Marketplace | CI marketplace (setup-stackql-mcp action) | Public repo + release + marketplace listing | 🚧 Blocked | | | Action built in this repo under action/; needs extraction to a public repo to list | 2026-06-13 | --- diff --git a/manifest/BUNDLE_README.md b/manifest/BUNDLE_README.md index c8cebaa..9c53184 100644 --- a/manifest/BUNDLE_README.md +++ b/manifest/BUNDLE_README.md @@ -1,8 +1,8 @@ # StackQL MCP Server SQL-native query and provisioning engine for cloud and SaaS infrastructure, -served over the Model Context Protocol. StackQL exposes 40+ cloud and SaaS -providers (AWS, Azure, Google, GitHub, Databricks, and more) as SQL, so an MCP +served over the Model Context Protocol. StackQL exposes cloud and SaaS +providers (AWS, Azure, Google, GitHub, Databricks, ...) as SQL, so an MCP client can discover providers, explore schemas, and run live queries and provisioning operations. diff --git a/npm/README.md b/npm/README.md index aa50bf9..28baf31 100644 --- a/npm/README.md +++ b/npm/README.md @@ -2,7 +2,7 @@ npx-able launcher for the [StackQL](https://stackql.io) MCP server - a SQL-native query and provisioning engine for cloud and SaaS infrastructure -(AWS, Azure, Google, GitHub, Databricks, and 40+ other providers), served over +(AWS, Azure, Google, GitHub, Databricks, and other providers), served over the Model Context Protocol. On first run, the launcher downloads the signed `stackql` binary for your diff --git a/npm/bin/stackql-mcp.js b/npm/bin/stackql-mcp.js index a6ae97e..9004623 100644 --- a/npm/bin/stackql-mcp.js +++ b/npm/bin/stackql-mcp.js @@ -36,8 +36,15 @@ function platformKey() { return null; } +// Distinct per-vector UA so the download proxy can attribute traffic to the +// npm wrapper (vs the PyPI one) and the version that fetched. +const USER_AGENT = `stackql-mcp-server-npm/${manifest.version}`; + async function download(url) { - const res = await fetch(url, { redirect: "follow" }); + const res = await fetch(url, { + redirect: "follow", + headers: { "User-Agent": USER_AGENT }, + }); if (!res.ok) { throw new Error(`download failed: HTTP ${res.status} for ${url}`); } diff --git a/pypi/README.md b/pypi/README.md index 85613bc..9f71dbe 100644 --- a/pypi/README.md +++ b/pypi/README.md @@ -4,7 +4,7 @@ mcp-name: io.github.stackql/stackql-mcp uvx/pip-able launcher for the [StackQL](https://stackql.io) MCP server - a SQL-native query and provisioning engine for cloud and SaaS infrastructure -(AWS, Azure, Google, GitHub, Databricks, and 40+ other providers), served over +(AWS, Azure, Google, GitHub, Databricks, and other providers), served over the Model Context Protocol. On first run, the launcher downloads the signed `stackql` binary for your diff --git a/pypi/src/stackql_mcp_server/__init__.py b/pypi/src/stackql_mcp_server/__init__.py index 7688baa..f1513f6 100644 --- a/pypi/src/stackql_mcp_server/__init__.py +++ b/pypi/src/stackql_mcp_server/__init__.py @@ -56,8 +56,11 @@ def _load_manifest() -> dict: return json.loads(files(__package__).joinpath("platforms.json").read_text()) -def _download(url: str) -> bytes: - req = urllib.request.Request(url, headers={"User-Agent": "stackql-mcp-server"}) +def _download(url: str, version: str) -> bytes: + # Distinct per-vector UA so the download proxy can attribute traffic to the + # PyPI wrapper (vs the npm one) and the version that fetched. + user_agent = f"stackql-mcp-server-py/{version}" + req = urllib.request.Request(url, headers={"User-Agent": user_agent}) with urllib.request.urlopen(req) as resp: # follows redirects return resp.read() @@ -98,7 +101,7 @@ def _ensure_binary() -> str: else: url = f"{manifest['baseUrl']}/{info['bundle']}" _log(f"downloading {info['bundle']} (first run only) ...") - bundle = _download(url) + bundle = _download(url, manifest["version"]) digest = hashlib.sha256(bundle).hexdigest() if digest != info["sha256"]: _log(f"sha256 mismatch for {info['bundle']}") diff --git a/release.yaml b/release.yaml index 2070b0b..252a301 100644 --- a/release.yaml +++ b/release.yaml @@ -6,4 +6,4 @@ # - CI (tag push): pushing a tag that exactly matches this value publishes the # bundles to the matching stackql/stackql release. A tag that does not match # fails fast in the verify-tag job. -stackql_release: v0.10.500 +stackql_release: v0.10.542 diff --git a/scripts/render-npm-manifest.sh b/scripts/render-npm-manifest.sh index 62a5cc4..9e95968 100755 --- a/scripts/render-npm-manifest.sh +++ b/scripts/render-npm-manifest.sh @@ -15,7 +15,13 @@ set -euo pipefail ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" NPM_DIR="${NPM_DIR:-$ROOT_DIR/npm}" -RELEASE_BASE="https://github.com/stackql/stackql/releases/download" +# Canonical source for the .sha256 pins - always the GitHub release, the source +# of truth. Overridable for testing but normally left alone. +RELEASE_BASE="${RELEASE_BASE:-https://github.com/stackql/stackql/releases/download}" +# Front door the wrapper downloads the .mcpb bytes from at runtime. Proxies to +# the same release assets, so the sha256 pins (fetched from RELEASE_BASE) still +# hold. This is the baseUrl written into platforms.json. +DOWNLOAD_BASE="${DOWNLOAD_BASE:-https://releases.stackql.io/stackql}" VERSION="${VERSION:-}" while [ $# -gt 0 ]; do @@ -28,12 +34,13 @@ while [ $# -gt 0 ]; do done [ -n "$VERSION" ] || { echo "error: --version required (or VERSION=X.Y.Z)" >&2; exit 2; } -base_url="$RELEASE_BASE/v$VERSION" +sha_base="$RELEASE_BASE/v$VERSION" # canonical GitHub release - for the pins +base_url="$DOWNLOAD_BASE/v$VERSION" # proxy front door - written to platforms.json fetch_sha() { # args: target-label -> prints the hex digest from the published .sha256 local target="$1" line - line="$(curl -fsSL "$base_url/stackql-mcp-$target.mcpb.sha256")" || { + line="$(curl -fsSL "$sha_base/stackql-mcp-$target.mcpb.sha256")" || { echo "error: could not fetch sha256 for $target - are the v$VERSION .mcpb assets published?" >&2 exit 1 } diff --git a/scripts/render-pypi-manifest.sh b/scripts/render-pypi-manifest.sh index 9877c0e..a88cb4f 100755 --- a/scripts/render-pypi-manifest.sh +++ b/scripts/render-pypi-manifest.sh @@ -14,7 +14,13 @@ set -euo pipefail ROOT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)" PYPI_DIR="${PYPI_DIR:-$ROOT_DIR/pypi}" -RELEASE_BASE="https://github.com/stackql/stackql/releases/download" +# Canonical source for the .sha256 pins - always the GitHub release, the source +# of truth. Overridable for testing but normally left alone. +RELEASE_BASE="${RELEASE_BASE:-https://github.com/stackql/stackql/releases/download}" +# Front door the wrapper downloads the .mcpb bytes from at runtime. Proxies to +# the same release assets, so the sha256 pins (fetched from RELEASE_BASE) still +# hold. This is the baseUrl written into platforms.json. +DOWNLOAD_BASE="${DOWNLOAD_BASE:-https://releases.stackql.io/stackql}" VERSION="${VERSION:-}" while [ $# -gt 0 ]; do @@ -27,11 +33,12 @@ while [ $# -gt 0 ]; do done [ -n "$VERSION" ] || { echo "error: --version required (or VERSION=X.Y.Z)" >&2; exit 2; } -base_url="$RELEASE_BASE/v$VERSION" +sha_base="$RELEASE_BASE/v$VERSION" # canonical GitHub release - for the pins +base_url="$DOWNLOAD_BASE/v$VERSION" # proxy front door - written to platforms.json fetch_sha() { local target="$1" line - line="$(curl -fsSL "$base_url/stackql-mcp-$target.mcpb.sha256")" || { + line="$(curl -fsSL "$sha_base/stackql-mcp-$target.mcpb.sha256")" || { echo "error: could not fetch sha256 for $target - are the v$VERSION .mcpb assets published?" >&2 exit 1 }