From 5b1b763c12163d04c5ec154779f4d5d9167b0fc8 Mon Sep 17 00:00:00 2001 From: Radoslav Dimitrov Date: Tue, 12 May 2026 23:24:18 +0300 Subject: [PATCH] fix(validators/oci): fail closed on upstream rate limiting ValidateOCI previously returned nil when the anonymous manifest fetch came back HTTP 429, skipping the io.modelcontextprotocol.server.name label-match that is the only cross-system ownership proof we apply to OCI packages. Under upstream rate-limiting that branch let a publish proceed without any ownership attestation against the named image. Surface the 429 as a retryable error instead, matching the fail-closed behavior of the npm/PyPI/NuGet/MCPB validators on non-success upstream responses. Co-Authored-By: Claude Opus 4.7 (1M context) --- internal/validators/registries/oci.go | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/internal/validators/registries/oci.go b/internal/validators/registries/oci.go index d4ab56c8..f3032677 100644 --- a/internal/validators/registries/oci.go +++ b/internal/validators/registries/oci.go @@ -4,7 +4,6 @@ import ( "context" "errors" "fmt" - "log" "net/http" "strings" "time" @@ -106,10 +105,13 @@ func ValidateOCI(ctx context.Context, pkg model.Package, serverName string) erro if errors.As(err, &transportErr) { switch transportErr.StatusCode { case http.StatusTooManyRequests: - // Rate limited - skip validation to avoid blocking publishers - // This is intentional: we prioritize UX over strict validation during high traffic - log.Printf("Skipping OCI validation for %s due to rate limiting", pkg.Identifier) - return nil + // Fail closed: a 429 means we could not verify the + // `io.modelcontextprotocol.server.name` label on the image, which is + // the only ownership proof we apply to OCI packages. Returning nil + // here would let a publisher bind their server record to an arbitrary + // public image they do not control, which is the bug this branch + // used to have. Surface the rate-limit as a retryable error instead. + return fmt.Errorf("OCI registry is currently rate-limiting validations for '%s'; please retry shortly", pkg.Identifier) case http.StatusNotFound: return fmt.Errorf("OCI image '%s' does not exist in the registry", pkg.Identifier) case http.StatusUnauthorized, http.StatusForbidden: