feat: add regex validation to server name in API types

- Add pattern validation (^[^/]+/[^/]+$) to ensure exactly one slash
- Update tests to expect HTTP 422 for validation errors (correct status)
- Remove unnecessary error handling complexity in publish handler
- This makes the validation visible in API documentation

Following @domdomegg's suggestion to align API specs with implementation.

Co-Authored-By: Adam Jones <[email protected]>

Author: ossamalafhel

internal/api/handlers/v0/edit_test.go

@@ -236,8 +236,8 @@ func TestEditServerEndpoint(t *testing.T) {
 				Version: "1.0.0",
 			},
 			serverID:       testServerID,
-			expectedStatus: http.StatusBadRequest,
-			expectedError:  "Bad Request",
+			expectedStatus: http.StatusUnprocessableEntity,
+			expectedError:  "pattern",
 		},
 		{
 			name: "cannot undelete server",

internal/api/handlers/v0/publish.go

@@ -56,7 +56,7 @@ func RegisterPublishEndpoint(api huma.API, registry service.RegistryService, cfg
 		// Publish the server with extensions
 		publishedServer, err := registry.Publish(input.Body)
 		if err != nil {
-			return nil, huma.Error400BadRequest("Failed to publish server", err)
+			return nil, huma.Error422UnprocessableEntity("Failed to publish server", err)
 		}
 
 		// Return the published server in flattened format

internal/api/handlers/v0/publish_registry_validation_test.go

@@ -80,7 +80,7 @@ func TestPublishRegistryValidation(t *testing.T) {
 		rr := httptest.NewRecorder()
 		mux.ServeHTTP(rr, req)
 
-		assert.Equal(t, http.StatusBadRequest, rr.Code)
+		assert.Equal(t, http.StatusUnprocessableEntity, rr.Code)
 		assert.Contains(t, rr.Body.String(), "registry validation failed")
 	})
 
@@ -180,7 +180,7 @@ func TestPublishRegistryValidation(t *testing.T) {
 		rr := httptest.NewRecorder()
 		mux.ServeHTTP(rr, req)
 
-		assert.Equal(t, http.StatusBadRequest, rr.Code)
+		assert.Equal(t, http.StatusUnprocessableEntity, rr.Code)
 		assert.Contains(t, rr.Body.String(), "registry validation failed for package 1")
 		assert.Contains(t, rr.Body.String(), "nonexistent-second-package-abc123")
 	})
@@ -231,7 +231,7 @@ func TestPublishRegistryValidation(t *testing.T) {
 		rr := httptest.NewRecorder()
 		mux.ServeHTTP(rr, req)
 
-		assert.Equal(t, http.StatusBadRequest, rr.Code)
+		assert.Equal(t, http.StatusUnprocessableEntity, rr.Code)
 		assert.Contains(t, rr.Body.String(), "registry validation failed for package 0")
 		assert.Contains(t, rr.Body.String(), "nonexistent-first-package-xyz789")
 	})

internal/api/handlers/v0/publish_test.go

@@ -80,7 +80,7 @@ func TestPublishEndpoint(t *testing.T) {
 		{
 			name: "successful publish with no auth (AuthMethodNone)",
 			requestBody: apiv0.ServerJSON{
-				Name:        "example/test-server",
+				Name:        "com.example/test-server",
 				Description: "A test server without auth",
 				Repository: model.Repository{
 					URL:    "https://github.com/example/test-server",
@@ -92,7 +92,7 @@ func TestPublishEndpoint(t *testing.T) {
 			tokenClaims: &auth.JWTClaims{
 				AuthMethod: auth.MethodNone,
 				Permissions: []auth.Permission{
-					{Action: auth.PermissionActionPublish, ResourcePattern: "example/*"},
+					{Action: auth.PermissionActionPublish, ResourcePattern: "*"},
 				},
 			},
 			setupRegistryService: func(_ service.RegistryService) {
@@ -127,7 +127,7 @@ func TestPublishEndpoint(t *testing.T) {
 		{
 			name: "invalid token",
 			requestBody: apiv0.ServerJSON{
-				Name:        "test-server",
+				Name:        "com.example/test-server",
 				Description: "A test server",
 				Version: "1.0.0",
 			},
@@ -165,7 +165,7 @@ func TestPublishEndpoint(t *testing.T) {
 		{
 			name: "registry service error",
 			requestBody: apiv0.ServerJSON{
-				Name:        "example/test-server",
+				Name:        "com.example/test-server",
 				Description: "A test server",
 				Version: "1.0.0",
 				Repository: model.Repository{
@@ -183,7 +183,7 @@ func TestPublishEndpoint(t *testing.T) {
 			setupRegistryService: func(registry service.RegistryService) {
 				// Pre-publish the same server to cause duplicate version error
 				existingServer := apiv0.ServerJSON{
-					Name:        "example/test-server",
+					Name:        "com.example/test-server",
 					Description: "Existing test server",
 					Version: "1.0.0",
 					Repository: model.Repository{
@@ -194,7 +194,7 @@ func TestPublishEndpoint(t *testing.T) {
 				}
 				_, _ = registry.Publish(existingServer)
 			},
-			expectedStatus: http.StatusBadRequest,
+			expectedStatus: http.StatusUnprocessableEntity,
 			expectedError:  "invalid version: cannot publish duplicate version",
 		},
 		{
@@ -243,8 +243,8 @@ func TestPublishEndpoint(t *testing.T) {
 				},
 			},
 			setupRegistryService: func(_ service.RegistryService) {},
-			expectedStatus:       http.StatusBadRequest,
-			expectedError:        "server name cannot contain multiple slashes",
+			expectedStatus:       http.StatusUnprocessableEntity,
+			expectedError:        "expected string to match pattern",
 		},
 		{
 			name: "invalid server name - multiple slashes (three slashes)",
@@ -260,8 +260,8 @@ func TestPublishEndpoint(t *testing.T) {
 				},
 			},
 			setupRegistryService: func(_ service.RegistryService) {},
-			expectedStatus:       http.StatusBadRequest,
-			expectedError:        "server name cannot contain multiple slashes",
+			expectedStatus:       http.StatusUnprocessableEntity,
+			expectedError:        "expected string to match pattern",
 		},
 		{
 			name: "invalid server name - consecutive slashes",
@@ -277,8 +277,8 @@ func TestPublishEndpoint(t *testing.T) {
 				},
 			},
 			setupRegistryService: func(_ service.RegistryService) {},
-			expectedStatus:       http.StatusBadRequest,
-			expectedError:        "server name cannot contain multiple slashes",
+			expectedStatus:       http.StatusUnprocessableEntity,
+			expectedError:        "expected string to match pattern",
 		},
 		{
 			name: "invalid server name - URL-like path",
@@ -294,8 +294,8 @@ func TestPublishEndpoint(t *testing.T) {
 				},
 			},
 			setupRegistryService: func(_ service.RegistryService) {},
-			expectedStatus:       http.StatusBadRequest,
-			expectedError:        "server name cannot contain multiple slashes",
+			expectedStatus:       http.StatusUnprocessableEntity,
+			expectedError:        "expected string to match pattern",
 		},
 		{
 			name: "invalid server name - many slashes",
@@ -311,8 +311,8 @@ func TestPublishEndpoint(t *testing.T) {
 				},
 			},
 			setupRegistryService: func(_ service.RegistryService) {},
-			expectedStatus:       http.StatusBadRequest,
-			expectedError:        "server name cannot contain multiple slashes",
+			expectedStatus:       http.StatusUnprocessableEntity,
+			expectedError:        "expected string to match pattern",
 		},
 		{
 			name: "invalid server name - with packages and remotes",
@@ -349,8 +349,8 @@ func TestPublishEndpoint(t *testing.T) {
 				},
 			},
 			setupRegistryService: func(_ service.RegistryService) {},
-			expectedStatus:       http.StatusBadRequest,
-			expectedError:        "server name cannot contain multiple slashes",
+			expectedStatus:       http.StatusUnprocessableEntity,
+			expectedError:        "expected string to match pattern",
 		},
 	}
 
@@ -433,25 +433,25 @@ func TestPublishEndpoint_MultipleSlashesEdgeCases(t *testing.T) {
 		{
 			name:           "invalid - trailing slash after valid name",
 			serverName:     "com.example/server/",
-			expectedStatus: http.StatusBadRequest,
+			expectedStatus: http.StatusUnprocessableEntity,
 			description:    "Trailing slash creates multiple slashes",
 		},
 		{
 			name:           "invalid - leading and middle slash",
 			serverName:     "/com.example/server",
-			expectedStatus: http.StatusBadRequest,
+			expectedStatus: http.StatusUnprocessableEntity,
 			description:    "Leading slash with middle slash",
 		},
 		{
 			name:           "invalid - file system style path",
 			serverName:     "usr/local/bin/server",
-			expectedStatus: http.StatusBadRequest,
+			expectedStatus: http.StatusUnprocessableEntity,
 			description:    "File system style paths should be rejected",
 		},
 		{
 			name:           "invalid - version-like suffix",
 			serverName:     "com.example/server/v1.0.0",
-			expectedStatus: http.StatusBadRequest,
+			expectedStatus: http.StatusUnprocessableEntity,
 			description:    "Version suffixes with slash should be rejected",
 		},
 	}
@@ -502,9 +502,10 @@ func TestPublishEndpoint_MultipleSlashesEdgeCases(t *testing.T) {
 			assert.Equal(t, tc.expectedStatus, rr.Code, 
 				"%s: expected status %d, got %d", tc.description, tc.expectedStatus, rr.Code)
 
-			if tc.expectedStatus == http.StatusBadRequest {
-				assert.Contains(t, rr.Body.String(), "server name cannot contain multiple slashes",
-					"%s: should contain specific error message", tc.description)
+			if tc.expectedStatus == http.StatusUnprocessableEntity {
+				// Huma returns a generic pattern validation error
+				assert.Contains(t, rr.Body.String(), "pattern",
+					"%s: should contain pattern validation error", tc.description)
 			}
 		})
 	}

pkg/api/v0/types.go

@@ -29,7 +29,7 @@ type ServerMeta struct {
 // ServerJSON represents complete server information as defined in the MCP spec, with extension support
 type ServerJSON struct {
 	Schema        string              `json:"$schema,omitempty"`
-	Name          string              `json:"name" minLength:"1" maxLength:"200"`
+	Name          string              `json:"name" minLength:"1" maxLength:"200" pattern:"^[a-zA-Z0-9.-]+/[a-zA-Z0-9._-]+$" doc:"Server name in format 'reverse-dns-namespace/name' (e.g., 'com.example/server')"`
 	Description   string              `json:"description" minLength:"1" maxLength:"100"`
 	Status        model.Status        `json:"status,omitempty" minLength:"1"`
 	Repository    model.Repository    `json:"repository,omitempty"`