From b8f90dbd46476694c56bd9c733d3564aaf2d8503 Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 28 Nov 2025 23:04:53 +0000 Subject: [PATCH 1/2] docs: add production database connection guide Add instructions for maintainers to connect to the production PostgreSQL database, including Cloud Shell (recommended) and local machine methods, plus read-only session configuration for safety. --- docs/administration/admin-operations.md | 38 +++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/docs/administration/admin-operations.md b/docs/administration/admin-operations.md index c6a946b7..8979d8aa 100644 --- a/docs/administration/admin-operations.md +++ b/docs/administration/admin-operations.md @@ -8,6 +8,7 @@ This is a brief guide for admins and moderators managing content on the registry - If you are a maintainer and would like an account, ask in the Discord - `gcloud` CLI installed and configured - `curl` and `jq` installed +- `kubectl` installed with `gke-gcloud-auth-plugin` (for database access) ## Authentication @@ -16,6 +17,43 @@ This is a brief guide for admins and moderators managing content on the registry ./tools/admin/auth.sh ``` +## Connecting to the Production Database + +For debugging or data analysis, you can connect directly to the production PostgreSQL database. Use caution and prefer read-only access. + +### Prerequisites + +Install the GKE auth plugin if you haven't already: + +```bash +gcloud components install gke-gcloud-auth-plugin +``` + +### Connect + +```bash +# Get cluster credentials +gcloud container clusters get-credentials mcp-registry-prod --zone us-central1-b --project mcp-registry-prod + +# Get the database password +kubectl get secret registry-pg-app -o jsonpath='{.data.password}' | base64 -d + +# Port-forward and connect (enter the password from above) +kubectl port-forward svc/registry-pg-rw 15432:5432 & +sleep 2 +psql -h localhost -p 15432 -U app -d app +``` + +### Read-Only Access + +To prevent accidental writes, set your session to read-only after connecting: + +```sql +SET default_transaction_read_only = on; +``` + +Any write attempts will fail with an error until you disconnect. + ## Edit a Specific Server Version Use this when you need to modify details of a specific version (e.g., fix description, update status, modify packages). From 5394bf3bd1fbfa49507be14ba93a954e4af03e6c Mon Sep 17 00:00:00 2001 From: tadasant <3900899+tadasant@users.noreply.github.com> Date: Wed, 3 Dec 2025 08:39:49 -0800 Subject: [PATCH 2/2] Move database connection section to bottom of doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per review feedback, move the production database connection guide to the end of the document to encourage using the other API-based endpoints as the primary approach, with direct database access as a last resort. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- docs/administration/admin-operations.md | 76 ++++++++++++------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/docs/administration/admin-operations.md b/docs/administration/admin-operations.md index 8979d8aa..6b3a04d5 100644 --- a/docs/administration/admin-operations.md +++ b/docs/administration/admin-operations.md @@ -17,43 +17,6 @@ This is a brief guide for admins and moderators managing content on the registry ./tools/admin/auth.sh ``` -## Connecting to the Production Database - -For debugging or data analysis, you can connect directly to the production PostgreSQL database. Use caution and prefer read-only access. - -### Prerequisites - -Install the GKE auth plugin if you haven't already: - -```bash -gcloud components install gke-gcloud-auth-plugin -``` - -### Connect - -```bash -# Get cluster credentials -gcloud container clusters get-credentials mcp-registry-prod --zone us-central1-b --project mcp-registry-prod - -# Get the database password -kubectl get secret registry-pg-app -o jsonpath='{.data.password}' | base64 -d - -# Port-forward and connect (enter the password from above) -kubectl port-forward svc/registry-pg-rw 15432:5432 & -sleep 2 -psql -h localhost -p 15432 -U app -d app -``` - -### Read-Only Access - -To prevent accidental writes, set your session to read-only after connecting: - -```sql -SET default_transaction_read_only = on; -``` - -Any write attempts will fail with an error until you disconnect. - ## Edit a Specific Server Version Use this when you need to modify details of a specific version (e.g., fix description, update status, modify packages). @@ -176,9 +139,46 @@ curl -s "https://registry.modelcontextprotocol.io/v0/servers/${ENCODED_SERVER_NA done ``` +## Connecting to the Production Database + +For debugging or data analysis, you can connect directly to the production PostgreSQL database. Use caution and prefer read-only access. + +### Prerequisites + +Install the GKE auth plugin if you haven't already: + +```bash +gcloud components install gke-gcloud-auth-plugin +``` + +### Connect + +```bash +# Get cluster credentials +gcloud container clusters get-credentials mcp-registry-prod --zone us-central1-b --project mcp-registry-prod + +# Get the database password +kubectl get secret registry-pg-app -o jsonpath='{.data.password}' | base64 -d + +# Port-forward and connect (enter the password from above) +kubectl port-forward svc/registry-pg-rw 15432:5432 & +sleep 2 +psql -h localhost -p 15432 -U app -d app +``` + +### Read-Only Access + +To prevent accidental writes, set your session to read-only after connecting: + +```sql +SET default_transaction_read_only = on; +``` + +Any write attempts will fail with an error until you disconnect. + ## Notes - **Version-specific changes**: Only affect that particular version -- **Server-wide changes**: Must be applied to each version individually +- **Server-wide changes**: Must be applied to each version individually - **Content scrubbing**: Use the version-specific edit workflow to scrub sensitive content - **Server name**: Cannot be changed in any version (it's the immutable identifier)