OCI Registry MCP Server

OCI Registry MCP Server

Expose OCI registry data to LLM-powered applications via the Model Context Protocol.

View on GitHub
11
Stars
3
Forks
11
Watchers
5
Issues
Implements a Model Context Protocol (MCP) server that enables language model applications to query OCI registries. Provides tools for retrieving image information, listing repository tags, and accessing manifests and configs. Features secure authentication support and seamless integration with ToolHive for containerized deployment. Empowers AI-driven systems to interact programmatically with container registries.

Key Features

Implements SSE-based MCP server
Provides get_image_info, list_tags, get_image_manifest, and get_image_config tools
Returns digest, architecture, layers, creation date, and more for images
Lists tags in OCI repositories
Fetches manifests and image configurations
Supports bearer token, username/password, and Docker config authentication
Integrates with ToolHive for containerized deployment and management
Allows secure querying of private and public OCI registries
Compatible with MCP clients and automation workflows
Enables LLM and context-driven AI tools to access registry data

Use Cases

LLM-driven analysis of container images and metadata
Automated security and vulnerability scanning tools
Supply chain provenance checks for container images
Cataloging container images in DevOps workflows
Fetching repository tag lists for CI/CD systems
Integrating registry data into chat agents and AI assistants
Sourcing image manifests for compliance and auditing
Authenticating registry access in automated environments
Configuration management of container images
Container image inventory and lifecycle management

README

OCI Registry MCP Server

Trust Score An MCP (Model Context Protocol) server that provides tools for querying OCI registries and image references.

Overview

This project implements an SSE-based MCP server that allows LLM-powered applications to interact with OCI registries. It provides tools for retrieving information about container images, listing tags, and more.

Features

  • Get information about OCI images
  • List tags for repositories
  • Get image manifests
  • Get image configs

MCP Tools

The server provides the following MCP tools:

get_image_info

Get information about an OCI image.

Input:

  • image_ref: The image reference (e.g., docker.io/library/alpine:latest)

Output:

  • Image information including digest, size, architecture, OS, creation date, and number of layers

list_tags

List tags for a repository.

Input:

  • repository: The repository name (e.g., docker.io/library/alpine)

Output:

  • List of tags for the repository

get_image_manifest

Get the manifest for an OCI image.

Input:

  • image_ref: The image reference (e.g., docker.io/library/alpine:latest)

Output:

  • The image manifest

get_image_config

Get the config for an OCI image.

Input:

  • image_ref: The image reference (e.g., docker.io/library/alpine:latest)

Output:

  • The image config

Usage

Running with ToolHive (Recommended)

The easiest way to run the OCI Registry MCP server is using ToolHive, which provides secure, containerized deployment of MCP servers:

bash
# Install ToolHive (if not already installed)
# See: https://docs.stacklok.com/toolhive/guides-cli/install

# Register a supported client so ToolHive can auto-configure your environment
thv client setup
# Run the OCI Registry MCP server (packaged as 'oci-registry' in ToolHive)
thv run oci-registry

# List running servers
thv list

# Get detailed information about the server
thv registry info oci-registry

The server will be available to your MCP-compatible clients and can query OCI registries for image information.

Authentication with ToolHive

If you need to access private registries, you can provide authentication credentials using ToolHive's secret management:

bash
# For bearer token authentication
thv secret set oci-token
# Enter your bearer token when prompted

thv run --secret oci-token,target=OCI_TOKEN oci-registry

# For username/password authentication
thv secret set oci-username
thv secret set oci-password
# Enter your credentials when prompted

thv run --secret oci-username,target=OCI_USERNAME --secret oci-password,target=OCI_PASSWORD oci-registry

Development

Prerequisites

  • Go 1.21 or later
  • Access to OCI registries

Authentication

The server supports the following authentication methods for accessing private OCI registries (in order of priority):

  1. HTTP Authorization Header (Highest Priority): Include a bearer token in the HTTP request's Authorization header:

    • Authorization: Bearer <your-token>
    • This method takes precedence over all other authentication methods
    • When present, environment variables and Docker config are ignored

  2. Bearer Token Environment Variable: Set the following environment variable:

    • OCI_TOKEN: Bearer token for registry authentication

  3. Username and Password: Set the following environment variables:

    • OCI_USERNAME: Username for registry authentication
    • OCI_PASSWORD: Password for registry authentication

  4. Docker Config (Lowest Priority): If no other authentication is provided, the server will use the default Docker keychain, which reads credentials from ~/.docker/config.json.

Examples:

bash
# HTTP Authorization header (for per-request authentication)
# This is handled automatically by the MCP client when making requests
# Example: curl -H "Authorization: Bearer mytoken" http://localhost:8080/...

# Bearer token authentication via environment variable
export OCI_TOKEN=mytoken

# Username/password authentication via environment variables
export OCI_USERNAME=myuser
export OCI_PASSWORD=mypassword

Port Configuration

The server can be configured to listen on a specific port using either:

  1. Environment Variable:

    • MCP_PORT: The port number to listen on (must be between 0 and 65535)
    • If not set or invalid, defaults to port 8080

  2. Command-line Flag:

    • -port: Overrides the environment variable setting (must be between 0 and 65535)
    • If invalid port provided it defaults to port 8080
    • Example: ./ocireg-mcp -port 9090

Testing

bash
go test ./...

Linting

bash
golangci-lint run

Contributing

We welcome contributions to this MCP server! If you'd like to contribute, please review the CONTRIBUTING guide for details on how to get started.

If you run into a bug or have a feature request, please open an issue in the repository or join us in the #mcp-servers channel on our community Discord server.

License

This project is licensed under the Apache v2 License - see the LICENSE file for details.

Star History

Star History Chart

Repository Owner

StacklokLabs
StacklokLabs

Organization

Repository Details

Language Go
Default Branch main
Size 117 KB
Contributors 10
License Apache License 2.0
MCP Verified Nov 11, 2025

Programming Languages

Go
100%

Tags

devops

Join Our Newsletter

Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.

We respect your privacy. Unsubscribe at any time.

Related MCPs

Discover similar Model Context Protocol servers

  • Docker Hub MCP Server

    Docker Hub MCP Server

    Expose Docker Hub APIs to LLMs via the Model Context Protocol.

    The Docker Hub MCP Server implements the Model Context Protocol (MCP) to make Docker Hub APIs accessible to large language models, enabling AI-powered discovery and management of container images and repositories. It provides an interface for LLMs to access real-time Docker Hub data, recommend images, and streamline developer workflows. The server supports both public and private repositories through configurable authentication, and can be integrated with AI assistants like Gordon and clients such as Claude Desktop.

    • 83
    • MCP
    • docker/hub-mcp
  • OSV MCP Server

    OSV MCP Server

    SSE-based MCP server for querying the OSV vulnerability database

    OSV MCP Server implements a Model Context Protocol (MCP) server that provides secure, programmatic access to the Open Source Vulnerabilities (OSV) database. It supports real-time streaming communication using SSE or streamable HTTP and allows querying of vulnerabilities for single or multiple packages, versions, or commits. The server is designed for integration with LLM-powered applications and supports configuration through environment variables and containerized deployments via ToolHive.

    • 25
    • MCP
    • StacklokLabs/osv-mcp
  • Portainer MCP

    Portainer MCP

    Connect AI assistants securely to Portainer environments using the Model Context Protocol.

    Portainer MCP is an implementation of the Model Context Protocol (MCP) designed for seamless integration between AI assistants and Portainer-managed container environments. It enables management of Portainer resources and allows execution of Docker and Kubernetes commands through AI interfaces in a secure, standardized manner. The tool provides direct protocol-based access to environment data, facilitating automation and operational insights for container infrastructures.

    • 81
    • MCP
    • portainer/portainer-mcp
  • FHIR MCP Server

    FHIR MCP Server

    A Model Context Protocol server for seamless interaction with FHIR resources and AI tools.

    FHIR MCP Server implements a full Model Context Protocol server, enabling large language model agents to perform comprehensive CRUD operations on FHIR-compliant healthcare data. It offers standardized integration with various clinical data sources, natural-language query capabilities, and supports secure authentication via OAuth2. The server includes semantic search, AI-powered document processing, terminology resolution, Docker deployment, and is optimized for use with MCP-compatible clients like Claude Desktop.

    • 34
    • MCP
    • the-momentum/fhir-mcp-server
  • MCP Nutanix

    MCP Nutanix

    An MCP server enabling LLM access to Nutanix Prism Central APIs.

    MCP Nutanix is an experimental Model Context Protocol (MCP) server that allows large language models to interact with Nutanix Prism Central APIs. It facilitates listing and accessing resources such as VMs, clusters, and hosts via standardized MCP client-server integration, using the Prism Go Client for backend communication. The implementation supports both interactive and static credential methods, making it compatible with various MCP clients including Claude and Cursor.

    • 11
    • MCP
    • thunderboltsid/mcp-nutanix
  • OpsLevel MCP Server

    OpsLevel MCP Server

    Read-only MCP server for integrating OpsLevel data with AI tools.

    OpsLevel MCP Server implements the Model Context Protocol to provide AI tools with a secure way to access and interact with OpsLevel account data. It supports read-only operations for a wide range of OpsLevel resources such as actions, campaigns, checks, components, documentation, domains, and more. The tool is compatible with popular environments including Claude Desktop and VS Code, enabling easy integration via configuration and API tokens. Installation options include Homebrew, Docker, and standalone binaries.

    • 8
    • MCP
    • OpsLevel/opslevel-mcp
    • View all Alternatives

    Didn't find tool you were looking for?

    Be as detailed as possible for better results