Summary
The SDK lacks a way to validate .mcpb archives before installation. Consumers (NimbleBrain's upload endpoint, CLI tooling) need to verify that a bundle is structurally valid — correct ZIP format, valid manifest.json against McpbManifestSchema, and entry point file exists — without side effects.
Proposed
Export a validateMcpb(path) function from the SDK that:
- Extracts the archive to a temp directory (using existing
extractZip with bomb/traversal protection)
- Checks for
manifest.json
- Validates it against
McpbManifestSchema
- Verifies the declared
server.entry_point exists
- Cleans up the temp directory
- Returns
{ valid: true, manifest } or { valid: false, errors: string[] }
No persistent state changes. Temp dir is cleaned up in a finally block.
Motivation
NimbleBrain is adding an upload flow for custom .mcpb bundles (NimbleBrainInc/nimblebrain#169). The validation step needs to live in the SDK so all consumers share the same checks.
Summary
The SDK lacks a way to validate
.mcpbarchives before installation. Consumers (NimbleBrain's upload endpoint, CLI tooling) need to verify that a bundle is structurally valid — correct ZIP format, validmanifest.jsonagainstMcpbManifestSchema, and entry point file exists — without side effects.Proposed
Export a
validateMcpb(path)function from the SDK that:extractZipwith bomb/traversal protection)manifest.jsonMcpbManifestSchemaserver.entry_pointexists{ valid: true, manifest }or{ valid: false, errors: string[] }No persistent state changes. Temp dir is cleaned up in a
finallyblock.Motivation
NimbleBrain is adding an upload flow for custom
.mcpbbundles (NimbleBrainInc/nimblebrain#169). The validation step needs to live in the SDK so all consumers share the same checks.