oras-project
diff --git a/‎go.mod‎
Lines changed: 5 additions & 5 deletions b/‎go.mod‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎go.sum‎
Lines changed: 6 additions & 0 deletions b/‎go.sum‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎internal/remote/client.go‎
Lines changed: 66 additions & 0 deletions b/‎internal/remote/client.go‎
Lines changed: 66 additions & 0 deletions
diff --git a/‎internal/remote/client_test.go‎
Lines changed: 163 additions & 0 deletions b/‎internal/remote/client_test.go‎
Lines changed: 163 additions & 0 deletions
diff --git a/‎internal/remote/registry.go‎
Lines changed: 31 additions & 0 deletions b/‎internal/remote/registry.go‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎internal/remote/registry_test.go‎
Lines changed: 64 additions & 0 deletions b/‎internal/remote/registry_test.go‎
Lines changed: 64 additions & 0 deletions
@@ -3,17 +3,17 @@ module github.com/oras-project/oras-mcp
 go 1.25.0
 
 require (
-	github.com/modelcontextprotocol/go-sdk v0.6.0
+	github.com/modelcontextprotocol/go-sdk v0.7.0
+	github.com/opencontainers/go-digest v1.0.0
+	github.com/opencontainers/image-spec v1.1.1
 	github.com/spf13/cobra v1.10.1
 	oras.land/oras-go/v2 v2.6.0
 )
 
 require (
-	github.com/google/jsonschema-go v0.2.3 // indirect
+	github.com/google/jsonschema-go v0.3.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.1 // indirect
 	github.com/spf13/pflag v1.0.10 // indirect
 	github.com/yosida95/uritemplate/v3 v3.0.2 // indirect
-	golang.org/x/sync v0.14.0 // indirect
+	golang.org/x/sync v0.17.0 // indirect
 )
@@ -3,10 +3,14 @@ github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
 github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU=
 github.com/google/jsonschema-go v0.2.3 h1:dkP3B96OtZKKFvdrUSaDkL+YDx8Uw9uC4Y+eukpCnmM=
 github.com/google/jsonschema-go v0.2.3/go.mod h1:r5quNTdLOYEz95Ru18zA0ydNbBuYoo9tgaYcxEYhJVE=
+github.com/google/jsonschema-go v0.3.0 h1:6AH2TxVNtk3IlvkkhjrtbUc4S8AvO0Xii0DxIygDg+Q=
+github.com/google/jsonschema-go v0.3.0/go.mod h1:r5quNTdLOYEz95Ru18zA0ydNbBuYoo9tgaYcxEYhJVE=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
 github.com/modelcontextprotocol/go-sdk v0.6.0 h1:cmtMYfRAUtEtCiuorOWPj7ygcypfuB2FgFEDBqZqgy4=
 github.com/modelcontextprotocol/go-sdk v0.6.0/go.mod h1:djQKZ74bEV+UMAmyG/L0coVhV0HM3fpVtGuUPls0znc=
+github.com/modelcontextprotocol/go-sdk v0.7.0 h1:XEQfn3bDx2cAdSUKty3tYEMll5dtRgBUDX88Q65fai0=
+github.com/modelcontextprotocol/go-sdk v0.7.0/go.mod h1:nYtYQroQ2KQiM0/SbyEPUWQ6xs4B95gJjEalc9AQyOs=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -21,6 +25,8 @@ github.com/yosida95/uritemplate/v3 v3.0.2 h1:Ed3Oyj9yrmi9087+NczuL5BwkIc4wvTb5zI
 github.com/yosida95/uritemplate/v3 v3.0.2/go.mod h1:ILOh0sOhIJR3+L/8afwt/kE++YT040gmv5BQTMR2HP4=
 golang.org/x/sync v0.14.0 h1:woo0S4Yywslg6hp4eUFjTVOyKt0RookbpAHG4c1HmhQ=
 golang.org/x/sync v0.14.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
+golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
+golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
 golang.org/x/tools v0.34.0 h1:qIpSLOxeCYGg9TrcJokLBG4KFA6d795g0xkBkiESGlo=
 golang.org/x/tools v0.34.0/go.mod h1:pAP9OwEaY1CAW3HOmg3hLZC5Z0CCmzjAF2UQMSqNARg=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 
@@ -0,0 +1,66 @@
+/*
+Copyright The ORAS Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package remote
+
+import (
+	"net"
+	"net/http"
+
+	"github.com/oras-project/oras-mcp/internal/version"
+	"oras.land/oras-go/v2/registry/remote/auth"
+	"oras.land/oras-go/v2/registry/remote/credentials"
+	"oras.land/oras-go/v2/registry/remote/retry"
+)
+
+// DefaultClient is the default oras-mcp auth client shared by all repositories.
+// This is intended for performance optimization to reduce repeated
+// authentication and token exchange requests for the MCP server in the stdio
+// mode.
+var DefaultClient *auth.Client
+
+func init() {
+	var err error
+	DefaultClient, err = authClient()
+	if err != nil {
+		panic(err)
+	}
+}
+
+// isPlainHttp determines whether to use plain HTTP for the given registry.
+func isPlainHttp(registry string) bool {
+	host, _, _ := net.SplitHostPort(registry)
+	return host == "localhost" || registry == "localhost"
+}
+
+// authClient assembles an oras-mcp auth client.
+func authClient() (*auth.Client, error) {
+	client := &auth.Client{
+		Client: &http.Client{
+			// http.RoundTripper with a retry using the DefaultPolicy
+			// see: https://pkg.go.dev/oras.land/oras-go/v2/registry/remote/retry#Policy
+			Transport: retry.NewTransport(http.DefaultTransport),
+		},
+		Cache: auth.NewCache(),
+	}
+	client.SetUserAgent("oras-mcp/" + version.GetVersion())
+
+	store, err := credentials.NewStoreFromDocker(credentials.StoreOptions{})
+	if err != nil {
+		return nil, err
+	}
+	client.Credential = credentials.Credential(store)
+	return client, nil
+}
@@ -0,0 +1,163 @@
+/*
+Copyright The ORAS Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package remote
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/oras-project/oras-mcp/internal/version"
+	"oras.land/oras-go/v2/registry/remote/auth"
+)
+
+// TestIsPlainHttp tests the isPlainHttp function.
+func TestIsPlainHttp(t *testing.T) {
+	tests := []struct {
+		name     string
+		registry string
+		want     bool
+	}{
+		{
+			name:     "localhost",
+			registry: "localhost",
+			want:     true,
+		},
+		{
+			name:     "localhost with port",
+			registry: "localhost:5000",
+			want:     true,
+		},
+		{
+			name:     "non-localhost registry",
+			registry: "example.com",
+			want:     false,
+		},
+		{
+			name:     "non-localhost registry with port",
+			registry: "example.com:5000",
+			want:     false,
+		},
+		{
+			name:     "IP with port",
+			registry: "192.168.1.1:5000",
+			want:     false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got := isPlainHttp(tt.registry)
+			if got != tt.want {
+				t.Errorf("isPlainHttp() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+// TestAuthClient tests the authClient function.
+func TestAuthClient(t *testing.T) {
+	// Save the original version values to restore after test.
+	originalVersion := version.Version
+	originalBuildMetadata := version.BuildMetadata
+	defer func() {
+		version.Version = originalVersion
+		version.BuildMetadata = originalBuildMetadata
+	}()
+
+	// Set test values.
+	version.Version = "1.0.0"
+	version.BuildMetadata = "test"
+
+	// Test creating the auth client.
+	client, err := authClient()
+	if err != nil {
+		t.Fatalf("authClient() error = %v", err)
+	}
+
+	// Check client properties.
+	if client == nil {
+		t.Fatal("authClient() returned nil client")
+	}
+
+	// Check if UserAgent is set correctly.
+	expectedUserAgent := "oras-mcp/1.0.0+test"
+	userAgentSet := false
+
+	// Since we can't directly access the client's user-agent, let's make a test request.
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		if r.Header.Get("User-Agent") == expectedUserAgent {
+			userAgentSet = true
+		}
+		w.WriteHeader(http.StatusOK)
+	}))
+	defer ts.Close()
+
+	req, err := http.NewRequest(http.MethodGet, ts.URL, nil)
+	if err != nil {
+		t.Fatalf("failed to create request: %v", err)
+	}
+	_, err = client.Do(req)
+	if err != nil {
+		t.Fatalf("Failed to make test request: %v", err)
+	}
+
+	if !userAgentSet {
+		t.Errorf("Expected User-Agent header to be set to %s", expectedUserAgent)
+	}
+
+	// Check if cache is initialized.
+	if client.Cache == nil {
+		t.Error("Expected Cache to be initialized")
+	}
+
+	// Check if credential store is set.
+	if client.Credential == nil {
+		t.Error("Expected Credential function to be set")
+	}
+}
+
+// TestDefaultClient checks that the DefaultClient is properly initialized.
+func TestDefaultClient(t *testing.T) {
+	if DefaultClient == nil {
+		t.Fatal("DefaultClient should not be nil")
+	}
+
+	// Check that it's an auth.Client.
+	if _, ok := interface{}(DefaultClient).(*auth.Client); !ok {
+		t.Errorf("DefaultClient is not of type *auth.Client")
+	}
+
+	// Test basic functionality of the client.
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.WriteHeader(http.StatusOK)
+	}))
+	defer ts.Close()
+
+	req, err := http.NewRequest(http.MethodGet, ts.URL, nil)
+	if err != nil {
+		t.Fatalf("failed to create request: %v", err)
+	}
+	resp, err := DefaultClient.Do(req)
+	if err != nil {
+		t.Fatalf("Failed to use DefaultClient: %v", err)
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		t.Errorf("Expected status code %d, got %d", http.StatusOK, resp.StatusCode)
+	}
+}
@@ -0,0 +1,31 @@
+/*
+Copyright The ORAS Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package remote
+
+import "oras.land/oras-go/v2/registry/remote"
+
+// NewRegistry assembles an oras-mcp remote registry client.
+func NewRegistry(name string) (*remote.Registry, error) {
+	reg, err := remote.NewRegistry(name)
+	if err != nil {
+		return nil, err
+	}
+
+	reg.Client = DefaultClient
+	reg.PlainHTTP = isPlainHttp(name)
+
+	return reg, nil
+}
@@ -0,0 +1,64 @@
+/*
+Copyright The ORAS Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package remote
+
+import "testing"
+
+func TestNewRegistry(t *testing.T) {
+	tests := []struct {
+		name          string
+		registry      string
+		wantPlainHTTP bool
+	}{
+		{
+			name:          "localhost uses plain HTTP",
+			registry:      "localhost:5000",
+			wantPlainHTTP: true,
+		},
+		{
+			name:          "remote host uses HTTPS",
+			registry:      "example.com",
+			wantPlainHTTP: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			reg, err := NewRegistry(tt.registry)
+			if err != nil {
+				t.Fatalf("NewRegistry() error = %v", err)
+			}
+			if reg == nil {
+				t.Fatal("NewRegistry() returned nil registry")
+			}
+			if got := reg.PlainHTTP; got != tt.wantPlainHTTP {
+				t.Errorf("PlainHTTP = %v, want %v", got, tt.wantPlainHTTP)
+			}
+			if reg.Client != DefaultClient {
+				t.Errorf("Client = %v, want DefaultClient", reg.Client)
+			}
+			if reg.Reference.Registry != tt.registry {
+				t.Errorf("Registry = %q, want %q", reg.Reference.Registry, tt.registry)
+			}
+		})
+	}
+}
+
+func TestNewRegistryInvalid(t *testing.T) {
+	if _, err := NewRegistry("https://example.com"); err == nil {
+		t.Fatal("expected error for registry with scheme, got nil")
+	}
+}