feat: implement user-based daily publish rate limiting (#21)

- Rate limit by authenticated user (authMethodSubject) instead of namespace
- Admin bypass via hasGlobalPermissions parameter from auth handler
- Atomic database operations with separate publish_attempts table
- Integrated rate limiting directly into registry service
- Support for rate limit exemptions with wildcard patterns
- Comprehensive test coverage including concurrent request handling

Configuration:
- MCP_REGISTRY_RATE_LIMIT_ENABLED: Enable/disable rate limiting (default: true)
- MCP_REGISTRY_RATE_LIMIT_PER_DAY: Daily publish limit per user (default: 10)
- MCP_REGISTRY_RATE_LIMIT_EXEMPTIONS: Comma-separated exempt users/patterns

Database changes:
- New table: publish_attempts tracking auth_method_subject instead of namespace
- Atomic check-and-increment operation prevents race conditions

Testing:
- All existing tests updated for new method signatures
- New tests for concurrent requests, exemptions, and user-specific limits

Author: Nitish Agarwal

.env.example

@@ -39,3 +39,15 @@ MCP_REGISTRY_OIDC_EXTRA_CLAIMS=[{"hd":"modelcontextprotocol.io"}]
 # Grant admin permissions to OIDC-authenticated users
 MCP_REGISTRY_OIDC_EDIT_PERMISSIONS=*
 MCP_REGISTRY_OIDC_PUBLISH_PERMISSIONS=*
+
+# Rate Limiting Configuration
+# Enable/disable rate limiting for publish operations
+MCP_REGISTRY_RATE_LIMIT_ENABLED=true
+
+# Maximum number of servers a user can publish per day
+MCP_REGISTRY_RATE_LIMIT_PER_DAY=10
+
+# Comma-separated list of authenticated users (auth subjects) exempt from rate limiting
+# Supports wildcards: anthropic/* to exempt all users under anthropic domain
+# Examples: modelcontextprotocol, anthropic/*, specific-username
+MCP_REGISTRY_RATE_LIMIT_EXEMPTIONS=

docs/guides/administration/admin-operations.md

@@ -44,3 +44,27 @@ export SERVER_ID="<server-uuid>"
 ```
 
 This soft deletes the server. If you need to delete the content of a server (usually only where legally necessary), use the edit workflow above to scrub it all.
+
+## Rate Limiting Configuration
+
+The registry enforces daily publish rate limits to prevent abuse:
+
+### Environment Variables
+
+- `MCP_REGISTRY_RATE_LIMIT_ENABLED`: Enable/disable rate limiting (default: true)
+- `MCP_REGISTRY_RATE_LIMIT_PER_DAY`: Maximum publishes per user per day (default: 10)
+- `MCP_REGISTRY_RATE_LIMIT_EXEMPTIONS`: Comma-separated list of exempt users or patterns
+
+### Exemption Patterns
+
+Exemptions support wildcard patterns:
+- Exact match: `anthropic` (exempts user "anthropic")
+- Wildcard: `anthropic/*` (exempts "anthropic", "anthropic.claude", etc.)
+- Multiple exemptions: `anthropic/*,modelcontextprotocol,github/*`
+
+### Notes
+
+- Rate limits are per authenticated user (not per namespace)
+- Users with global admin permissions automatically bypass rate limits
+- Limits reset on a rolling 24-hour window
+- The counter is stored in the `publish_attempts` database table

docs/guides/publishing/publish-server.md

@@ -414,6 +414,9 @@ With authentication complete, publish your server:
 mcp-publisher publish
 ```
 
+> [!NOTE]
+> **Rate Limits**: The registry enforces a limit of 10 publishes per user per day to prevent abuse. If you exceed this limit, you'll receive an error message with your current count. If you need a higher limit for legitimate use cases, please [open an issue](https://github.com/modelcontextprotocol/registry/issues).
+
 You'll see output like:
 ```
 ✓ Successfully published

docs/reference/faq.md

@@ -90,6 +90,18 @@ Yes, extensions under the `x-publisher` property are preserved when publishing t
 
 At time of last update, this was open for discussion in [#104](https://github.com/modelcontextprotocol/registry/issues/104).
 
+### What are the rate limits for publishing?
+
+The registry enforces daily rate limits to prevent abuse:
+
+- **Default limit**: 10 publishes per authenticated user per day (rolling 24-hour window)
+- **Who is affected**: All users except those with global admin permissions
+- **What counts**: Each successful publish counts toward your daily limit
+- **Exemptions**: Specific users or organizations can be exempted from rate limiting
+- **Error message**: If you exceed the limit, you'll receive an error with your current count
+
+If you need a higher limit for legitimate use cases, please open an issue at https://github.com/modelcontextprotocol/registry/issues
+
 ### Can I publish a private server?
 
 Private servers are those that are only accessible to a narrow set of users. For example, servers published on a private network (like `mcp.acme-corp.internal`) or on private package registries (e.g. `npx -y @acme/mcp --registry https://artifactory.acme-corp.internal/npm`).
@@ -118,9 +130,15 @@ The MVP delegates security scanning to:
 - Namespace authentication requirements
 - Character limits and regex validation on free-form fields
 - Manual takedown of spam or malicious servers
+- Daily publish rate limiting per authenticated user (10 publishes per day by default)
+
+The rate limiting system:
+- Limits are per authenticated user (not per namespace)
+- Default limit is 10 publishes per 24-hour period
+- Administrators with global permissions bypass rate limits
+- Specific users or patterns can be exempted from rate limiting
 
 In future we might explore:
-- Stricter rate limiting (e.g., 10 new servers per user per day)
 - Potential AI-based spam detection
 - Community reporting and admin blacklisting capabilities
 

internal/api/handlers/v0/edit_test.go

@@ -36,7 +36,7 @@ func TestEditServerEndpoint(t *testing.T) {
 		},
 		Version: "1.0.0",
 	}
-	published, err := registryService.Publish(testServer)
+	published, err := registryService.Publish(testServer, "testuser", false)
 	assert.NoError(t, err)
 	assert.NotNil(t, published)
 	assert.NotNil(t, published.Meta)
@@ -56,7 +56,7 @@ func TestEditServerEndpoint(t *testing.T) {
 		},
 		Version: "1.0.0",
 	}
-	otherPublished, err := registryService.Publish(otherServer)
+	otherPublished, err := registryService.Publish(otherServer, "testuser", false)
 	assert.NoError(t, err)
 	assert.NotNil(t, otherPublished)
 	assert.NotNil(t, otherPublished.Meta)
@@ -76,7 +76,7 @@ func TestEditServerEndpoint(t *testing.T) {
 		},
 		Version: "1.0.0",
 	}
-	deletedPublished, err := registryService.Publish(deletedServer)
+	deletedPublished, err := registryService.Publish(deletedServer, "testuser", false)
 	assert.NoError(t, err)
 	assert.NotNil(t, deletedPublished)
 	assert.NotNil(t, deletedPublished.Meta)

internal/api/handlers/v0/publish.go

@@ -53,8 +53,17 @@ func RegisterPublishEndpoint(api huma.API, registry service.RegistryService, cfg
 			return nil, huma.Error403Forbidden(buildPermissionErrorMessage(input.Body.Name, claims.Permissions))
 		}
 
+		// Check if user has global permissions (admin)
+		hasGlobalPermissions := false
+		for _, perm := range claims.Permissions {
+			if perm.ResourcePattern == "*" {
+				hasGlobalPermissions = true
+				break
+			}
+		}
+
 		// Publish the server with extensions
-		publishedServer, err := registry.Publish(input.Body)
+		publishedServer, err := registry.Publish(input.Body, claims.AuthMethodSubject, hasGlobalPermissions)
 		if err != nil {
 			return nil, huma.Error400BadRequest("Failed to publish server", err)
 		}

internal/api/handlers/v0/publish_test.go

@@ -192,7 +192,7 @@ func TestPublishEndpoint(t *testing.T) {
 						ID:     "example/test-server-existing",
 					},
 				}
-				_, _ = registry.Publish(existingServer)
+				_, _ = registry.Publish(existingServer, "testuser", false)
 			},
 			expectedStatus: http.StatusBadRequest,
 			expectedError:  "invalid version: cannot publish duplicate version",

internal/api/handlers/v0/servers_test.go

@@ -52,8 +52,8 @@ func TestServersListEndpoint(t *testing.T) {
 					},
 					Version: "2.0.0",
 				}
-				_, _ = registry.Publish(server1)
-				_, _ = registry.Publish(server2)
+				_, _ = registry.Publish(server1, "testuser", false)
+				_, _ = registry.Publish(server2, "testuser", false)
 			},
 			expectedStatus: http.StatusOK,
 		},
@@ -71,7 +71,7 @@ func TestServersListEndpoint(t *testing.T) {
 					},
 					Version: "1.5.0",
 				}
-				_, _ = registry.Publish(server)
+				_, _ = registry.Publish(server, "testuser", false)
 			},
 			expectedStatus: http.StatusOK,
 		},
@@ -141,8 +141,8 @@ func TestServersListEndpoint(t *testing.T) {
 					},
 					Version: "1.0.0",
 				}
-				_, _ = registry.Publish(server1)
-				_, _ = registry.Publish(server2)
+				_, _ = registry.Publish(server1, "testuser", false)
+				_, _ = registry.Publish(server2, "testuser", false)
 			},
 			expectedStatus: http.StatusOK,
 		},
@@ -160,7 +160,7 @@ func TestServersListEndpoint(t *testing.T) {
 					},
 					Version: "1.0.0",
 				}
-				_, _ = registry.Publish(server)
+				_, _ = registry.Publish(server, "testuser", false)
 			},
 			expectedStatus: http.StatusOK,
 		},
@@ -188,8 +188,8 @@ func TestServersListEndpoint(t *testing.T) {
 					},
 					Version: "2.0.0",
 				}
-				_, _ = registry.Publish(server1)
-				_, _ = registry.Publish(server2) // This will be marked as latest
+				_, _ = registry.Publish(server1, "testuser", false)
+				_, _ = registry.Publish(server2, "testuser", false) // This will be marked as latest
 			},
 			expectedStatus: http.StatusOK,
 		},
@@ -217,8 +217,8 @@ func TestServersListEndpoint(t *testing.T) {
 					},
 					Version: "1.0.0",
 				}
-				_, _ = registry.Publish(server1)
-				_, _ = registry.Publish(server2)
+				_, _ = registry.Publish(server1, "testuser", false)
+				_, _ = registry.Publish(server2, "testuser", false)
 			},
 			expectedStatus: http.StatusOK,
 		},
@@ -274,10 +274,10 @@ func TestServersListEndpoint(t *testing.T) {
 					},
 					Version: "3.0.0",
 				}
-				_, _ = registry.Publish(server1v1)
-				_, _ = registry.Publish(server1v2)
-				_, _ = registry.Publish(server2)
-				_, _ = registry.Publish(server3)
+				_, _ = registry.Publish(server1v1, "testuser", false)
+				_, _ = registry.Publish(server1v2, "testuser", false)
+				_, _ = registry.Publish(server2, "testuser", false)
+				_, _ = registry.Publish(server3, "testuser", false)
 			},
 			expectedStatus: http.StatusOK,
 		},
@@ -384,7 +384,7 @@ func TestServersDetailEndpoint(t *testing.T) {
 		Name:        "com.example/test-server",
 		Description: "A test server",
 		Version:     "1.0.0",
-	})
+	}, "testuser", false)
 	assert.NoError(t, err)
 
 	testCases := []struct {
@@ -472,7 +472,7 @@ func TestServersEndpointsIntegration(t *testing.T) {
 		Version: "1.0.0",
 	}
 
-	published, err := registryService.Publish(testServer)
+	published, err := registryService.Publish(testServer, "testuser", false)
 	assert.NoError(t, err)
 	assert.NotNil(t, published)
 

internal/api/handlers/v0/telemetry_test.go

@@ -31,7 +31,7 @@ func TestPrometheusHandler(t *testing.T) {
 			ID:     "example/test-server",
 		},
 		Version: "2.0.0",
-	})
+	}, "testuser", false)
 	assert.NoError(t, err)
 
 	cfg := config.NewConfig()

internal/config/config.go

@@ -33,6 +33,11 @@ type Config struct {
 	OIDCExtraClaims  string `env:"OIDC_EXTRA_CLAIMS" envDefault:""`
 	OIDCEditPerms    string `env:"OIDC_EDIT_PERMISSIONS" envDefault:""`
 	OIDCPublishPerms string `env:"OIDC_PUBLISH_PERMISSIONS" envDefault:""`
+	
+	// Rate Limiting Configuration
+	RateLimitEnabled    bool   `env:"RATE_LIMIT_ENABLED" envDefault:"true"`
+	RateLimitPerDay     int    `env:"RATE_LIMIT_PER_DAY" envDefault:"10"`
+	RateLimitExemptions string `env:"RATE_LIMIT_EXEMPTIONS" envDefault:""` // comma-separated
 }
 
 // NewConfig creates a new configuration with default values