registry icon indicating copy to clipboard operation
registry copied to clipboard
Published 2 days ago verified publisher icon modelcontextprotocol

Create a maintainer onboarding document

Open tadasant opened this issue 3 months ago • 7 comments

We have a bunch of things that need to happen anytime we add a maintainer:

  • @modelcontextprotocol.io account
  • Permissions to access infra
  • GitHub permissions, Discord permissions
  • Maybe more

Would be good to document and track so it's not just in our heads.

tadasant avatar Sep 19 '25 14:09 tadasant

+1 to this. ^^.

mukteshkrmishra avatar Sep 19 '25 15:09 mukteshkrmishra

We should also cover the offboarding process so removing access is also consistent 👍

rdimitrov avatar Sep 19 '25 20:09 rdimitrov

I am new to MCP, and would love to work on this.

allenfeng8 avatar Sep 19 '25 21:09 allenfeng8

While it's more work initially, what might give us more transparency + audit logging + peer approval is provisioning access to a lot of this stuff automatically with infrastructure-as-code.

I think we'd want to do this as a separate MCP project, not specific to registry.

E.g. with Pulumi you can create and manage:

We could then have something where people update one YAML file, and then that reflects across all the systems + docs. And it's clear who was approved when, and why, and by who. Offboarding is equivalently simple, simply remove someone from the file.

Appreciate this is a bigger project, and perhaps the V1 of this issue is just documenting the current process, not improving it just yet!

domdomegg avatar Sep 20 '25 00:09 domdomegg

I've put together https://github.com/modelcontextprotocol/access for the above, that does GitHub + Google Workspace. Want to get some feedback on it before we actually roll it out to manage all the groups, so just created some test groups for now.

domdomegg avatar Sep 20 '25 02:09 domdomegg

+1 👍 We've been using terraform to achieve the same thing and I can agree it has been quite nice but also convenient 👍

rdimitrov avatar Sep 20 '25 09:09 rdimitrov

@domdomegg would you expect [email protected] to have access to the commands you added in https://github.com/modelcontextprotocol/registry/pull/514 at this point?

I get this when I try:

gcloud container clusters get-credentials mcp-registry-staging --zone us-central1-b --project mcp-registry-staging
Fetching cluster endpoint and auth data.
ERROR: (gcloud.container.clusters.get-credentials) ResponseError: code=403, message=Required "container.clusters.get" permission(s) for "projects/mcp-registry-staging/zones/us-central1-b/clusters/mcp-registry-staging". This command is authenticated as [email protected] which is the active account specified by the [core/account] property.

Not urgent, just flagging for this issue that we should incorporate this infra access for registry maintainers in the access control management. I think it can be done in the CLI via:

  # prod
  gcloud projects add-iam-policy-binding mcp-registry-prod \
      --member="[email protected]" \
      --role="roles/container.developer"

  # staging
  gcloud projects add-iam-policy-binding mcp-registry-staging \
      --member="[email protected]" \
      --role="roles/container.developer"

But of course would be better to encode into that modelcontextprotocol/access repo

tadasant avatar Sep 24 '25 14:09 tadasant