feat(validators): add cargo registry validator

Closes #1055.

Verification mirrors the PyPI validator: substring-match
`mcp-name: <serverName>` against the package's rendered README.
The publisher adds a single line to their README before publishing.

Two-call retrieval pattern:

1. `GET /api/v1/crates/{name}/{version}/readme` returns 200 with a
   JSON pointer `{"url": "https://static.crates.io/readmes/.../...html"}`
   — crates.io hands us the URL rather than emitting a 302.
2. Follow the pointer to the rendered HTML.

The two-call pattern stays on the documented public crates.io API
surface. The CDN URL layout is observed-stable, but treating it as
the entry point would mean depending on an undocumented path. With
two calls, crates.io controls where the README lives.

Missing crates and missing versions surface as 403 from the CDN
(S3's default for missing keys), not 404. The validator treats any
non-200 as "not found" and surfaces the actual status code in the
error message.

Tests are integration-only (matching the npm/pypi pattern). 16
sub-cases across input validation, registry-baseURL rejection
(four variants), ownership against real crates (serde, tokio,
rand), and server-name format variations.

The positive-path case is gated on `rust-faf-mcp` v0.2.3+ being
published with `mcp-name: io.github.Wolfe-Jam/rust-faf-mcp` in
its README — the commented-out test in `cargo_test.go` will
uncomment to become the live anchor once that publish happens.

Refs #1055

Author: Wolfe-Jam

internal/validators/package.go

@@ -23,6 +23,8 @@ func ValidatePackage(ctx context.Context, pkg model.Package, serverName string)
 		return registries.ValidateOCI(ctx, pkg, serverName)
 	case model.RegistryTypeMCPB:
 		return registries.ValidateMCPB(ctx, pkg, serverName)
+	case model.RegistryTypeCargo:
+		return registries.ValidateCargo(ctx, pkg, serverName)
 	default:
 		return fmt.Errorf("unsupported registry type: %s", pkg.RegistryType)
 	}

internal/validators/registries/cargo.go

@@ -0,0 +1,142 @@
+package registries
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net/http"
+	"net/url"
+	"strings"
+	"time"
+
+	"github.com/modelcontextprotocol/registry/pkg/model"
+)
+
+var (
+	ErrMissingIdentifierForCargo = errors.New("package identifier is required for Cargo packages")
+	ErrMissingVersionForCargo    = errors.New("package version is required for Cargo packages")
+)
+
+// CargoReadmeMetaResponse is the structure returned by the crates.io readme metadata endpoint.
+//
+// crates.io's /api/v1/crates/{name}/{version}/readme endpoint returns 200 OK with a JSON
+// body containing a `url` field that points to the rendered README on the static CDN —
+// rather than emitting a 302 redirect. Validators must follow the pointer to retrieve
+// the actual README content.
+type CargoReadmeMetaResponse struct {
+	URL string `json:"url"`
+}
+
+// ValidateCargo validates that a Cargo (crates.io) package contains the correct MCP server name.
+//
+// Verification mechanism: the `mcp-name: <server-name>` token is searched for in the package's
+// rendered README. This mirrors the PyPI validator's README-token approach (see ValidatePyPI),
+// requiring no Cargo.toml parsing on the registry side. Crate authors add a single line
+// `mcp-name: io.github.OWNER/REPO` to their README before publishing.
+//
+// Two-call retrieval pattern:
+//  1. GET https://crates.io/api/v1/crates/{name}/{version}/readme
+//     → 200 OK with JSON: {"url": "https://static.crates.io/readmes/.../...html"}
+//  2. GET <url from step 1>
+//     → 200 OK with rendered README HTML, or 403 if the crate/version is missing
+//
+// The two-call pattern stays on the documented crates.io API surface rather than relying
+// on the CDN URL layout being stable.
+func ValidateCargo(ctx context.Context, pkg model.Package, serverName string) error {
+	// Set default registry base URL if empty
+	if pkg.RegistryBaseURL == "" {
+		pkg.RegistryBaseURL = model.RegistryURLCrates
+	}
+
+	if pkg.Identifier == "" {
+		return ErrMissingIdentifierForCargo
+	}
+
+	if pkg.Version == "" {
+		return ErrMissingVersionForCargo
+	}
+
+	// Validate that MCPB-specific fields are not present
+	if pkg.FileSHA256 != "" {
+		return fmt.Errorf("Cargo packages must not have 'fileSha256' field - this is only for MCPB packages")
+	}
+
+	// Validate that the registry base URL matches crates.io exactly
+	if pkg.RegistryBaseURL != model.RegistryURLCrates {
+		return fmt.Errorf("registry type and base URL do not match: '%s' is not valid for registry type '%s'. Expected: %s",
+			pkg.RegistryBaseURL, model.RegistryTypeCargo, model.RegistryURLCrates)
+	}
+
+	client := &http.Client{Timeout: 10 * time.Second}
+	// crates.io's crawler policy expects a non-generic User-Agent identifying the source.
+	userAgent := "MCP-Registry-Validator/1.0 (https://registry.modelcontextprotocol.io)"
+
+	// Step 1: fetch the README pointer from the documented API endpoint.
+	metaURL := fmt.Sprintf("%s/api/v1/crates/%s/%s/readme",
+		pkg.RegistryBaseURL,
+		url.PathEscape(pkg.Identifier),
+		url.PathEscape(pkg.Version))
+
+	metaReq, err := http.NewRequestWithContext(ctx, http.MethodGet, metaURL, nil)
+	if err != nil {
+		return fmt.Errorf("failed to create crates.io metadata request: %w", err)
+	}
+	metaReq.Header.Set("User-Agent", userAgent)
+	metaReq.Header.Set("Accept", "application/json")
+
+	metaResp, err := client.Do(metaReq)
+	if err != nil {
+		return fmt.Errorf("failed to fetch package metadata from crates.io: %w", err)
+	}
+	defer metaResp.Body.Close()
+
+	if metaResp.StatusCode != http.StatusOK {
+		return fmt.Errorf("Cargo package '%s' metadata fetch failed (status: %d)", pkg.Identifier, metaResp.StatusCode)
+	}
+
+	var meta CargoReadmeMetaResponse
+	if err := json.NewDecoder(metaResp.Body).Decode(&meta); err != nil {
+		return fmt.Errorf("failed to parse crates.io readme metadata: %w", err)
+	}
+	if meta.URL == "" {
+		return fmt.Errorf("Cargo package '%s' metadata response missing 'url' field", pkg.Identifier)
+	}
+
+	// Step 2: fetch the rendered README from the URL the API gave us.
+	readmeReq, err := http.NewRequestWithContext(ctx, http.MethodGet, meta.URL, nil)
+	if err != nil {
+		return fmt.Errorf("failed to create crates.io readme request: %w", err)
+	}
+	readmeReq.Header.Set("User-Agent", userAgent)
+	readmeReq.Header.Set("Accept", "text/html")
+
+	readmeResp, err := client.Do(readmeReq)
+	if err != nil {
+		return fmt.Errorf("failed to fetch rendered README from crates.io: %w", err)
+	}
+	defer readmeResp.Body.Close()
+
+	// Missing crates and missing versions surface as 403 (S3 default for missing keys),
+	// not 404. Treat any non-200 as "not found" — matches the shape of the npm/PyPI
+	// validators and surfaces the actual status code for debugging.
+	if readmeResp.StatusCode != http.StatusOK {
+		return fmt.Errorf("Cargo package '%s' version '%s' not found on crates.io (status: %d)", pkg.Identifier, pkg.Version, readmeResp.StatusCode)
+	}
+
+	body, err := io.ReadAll(readmeResp.Body)
+	if err != nil {
+		return fmt.Errorf("failed to read rendered README: %w", err)
+	}
+
+	// Search for the mcp-name: <server-name> token. The token contains no characters
+	// that get HTML-escaped during README rendering (no <, >, &, ", '), so a direct
+	// substring match against the rendered HTML is reliable.
+	mcpNamePattern := "mcp-name: " + serverName
+	if strings.Contains(string(body), mcpNamePattern) {
+		return nil
+	}
+
+	return fmt.Errorf("Cargo package '%s' ownership validation failed. The server name '%s' must appear as 'mcp-name: %s' in the package README", pkg.Identifier, serverName, serverName)
+}

internal/validators/registries/cargo_test.go

@@ -0,0 +1,188 @@
+package registries_test
+
+import (
+	"context"
+	"testing"
+
+	"github.com/modelcontextprotocol/registry/internal/validators/registries"
+	"github.com/modelcontextprotocol/registry/pkg/model"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestValidateCargo_RealPackages(t *testing.T) {
+	ctx := context.Background()
+
+	tests := []struct {
+		name         string
+		packageName  string
+		version      string
+		serverName   string
+		expectError  bool
+		errorMessage string
+	}{
+		{
+			name:         "empty package identifier should fail",
+			packageName:  "",
+			version:      "0.1.0",
+			serverName:   "io.github.example/test",
+			expectError:  true,
+			errorMessage: "package identifier is required for Cargo packages",
+		},
+		{
+			name:         "empty package version should fail",
+			packageName:  "rust-faf-mcp",
+			version:      "",
+			serverName:   "io.github.example/test",
+			expectError:  true,
+			errorMessage: "package version is required for Cargo packages",
+		},
+		{
+			name:         "non-existent crate should fail",
+			packageName:  generateRandomPackageName(),
+			version:      "0.1.0",
+			serverName:   "io.github.example/test",
+			expectError:  true,
+			errorMessage: "not found",
+		},
+		{
+			name:         "non-existent version of real crate should fail",
+			packageName:  "serde",
+			version:      "99.99.99-not-real",
+			serverName:   "io.github.example/test",
+			expectError:  true,
+			errorMessage: "not found",
+		},
+		{
+			name:         "real crate without mcp-name token should fail",
+			packageName:  "serde", // most-downloaded crate; no MCP server claim
+			version:      "1.0.219",
+			serverName:   "io.github.example/test",
+			expectError:  true,
+			errorMessage: "ownership validation failed",
+		},
+		{
+			name:         "real crate with mismatched mcp-name should fail",
+			packageName:  "tokio",
+			version:      "1.40.0",
+			serverName:   "io.github.example/completely-different-name",
+			expectError:  true,
+			errorMessage: "ownership validation failed",
+		},
+		{
+			name:         "additional real crate without mcp-name (rand)",
+			packageName:  "rand",
+			version:      "0.9.0",
+			serverName:   "io.github.example/test",
+			expectError:  true,
+			errorMessage: "ownership validation failed",
+		},
+		// TODO: enable once rust-faf-mcp v0.2.3+ ships with the line
+		//   mcp-name: io.github.Wolfe-Jam/rust-faf-mcp
+		// in its README. Until then, the positive-path test has no real-world
+		// target — cargo isn't yet a supported registry type.
+		// {
+		// 	name:        "real crate with mcp-name in README should pass",
+		// 	packageName: "rust-faf-mcp",
+		// 	version:     "0.2.3",
+		// 	serverName:  "io.github.Wolfe-Jam/rust-faf-mcp",
+		// 	expectError: false,
+		// },
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			pkg := model.Package{
+				RegistryType: model.RegistryTypeCargo,
+				Identifier:   tt.packageName,
+				Version:      tt.version,
+			}
+
+			err := registries.ValidateCargo(ctx, pkg, tt.serverName)
+
+			if tt.expectError {
+				assert.Error(t, err)
+				assert.Contains(t, err.Error(), tt.errorMessage)
+			} else {
+				assert.NoError(t, err)
+			}
+		})
+	}
+}
+
+func TestValidateCargo_RegistryBaseURLMismatch(t *testing.T) {
+	ctx := context.Background()
+
+	tests := []struct {
+		name    string
+		baseURL string
+	}{
+		{name: "different host", baseURL: "https://example.com"},
+		{name: "trailing slash", baseURL: "https://crates.io/"},
+		{name: "http (not https)", baseURL: "http://crates.io"},
+		{name: "subdomain", baseURL: "https://www.crates.io"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			pkg := model.Package{
+				RegistryType:    model.RegistryTypeCargo,
+				RegistryBaseURL: tt.baseURL,
+				Identifier:      "rust-faf-mcp",
+				Version:         "0.2.2",
+			}
+
+			err := registries.ValidateCargo(ctx, pkg, "io.github.Wolfe-Jam/rust-faf-mcp")
+			assert.Error(t, err)
+			assert.Contains(t, err.Error(), "registry type and base URL do not match")
+		})
+	}
+}
+
+func TestValidateCargo_RejectsMCPBOnlyFields(t *testing.T) {
+	ctx := context.Background()
+
+	pkg := model.Package{
+		RegistryType: model.RegistryTypeCargo,
+		Identifier:   "rust-faf-mcp",
+		Version:      "0.2.2",
+		FileSHA256:   "0000000000000000000000000000000000000000000000000000000000000000",
+	}
+
+	err := registries.ValidateCargo(ctx, pkg, "io.github.Wolfe-Jam/rust-faf-mcp")
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "Cargo packages must not have 'fileSha256' field")
+}
+
+// Server names follow io.github.OWNER/REPO and may contain dots, slashes,
+// hyphens, underscores, and digits. None of these get HTML-escaped during
+// README rendering, so substring match against the rendered HTML is reliable.
+// These tests exercise format variations against a real crate that doesn't
+// declare any mcp-name (serde) — every case fails ownership, but we verify
+// the failure error preserves the exact server name unchanged.
+func TestValidateCargo_ServerNameFormats(t *testing.T) {
+	ctx := context.Background()
+
+	tests := []struct {
+		name       string
+		serverName string
+	}{
+		{name: "canonical io.github format", serverName: "io.github.Wolfe-Jam/rust-faf-mcp"},
+		{name: "multiple hyphens", serverName: "io.github.example/multi-hyphen-test-name"},
+		{name: "underscore", serverName: "io.github.example/snake_case_name"},
+		{name: "numeric suffix", serverName: "io.github.example/server-v2"},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			pkg := model.Package{
+				RegistryType: model.RegistryTypeCargo,
+				Identifier:   "serde",
+				Version:      "1.0.219",
+			}
+
+			err := registries.ValidateCargo(ctx, pkg, tt.serverName)
+			assert.Error(t, err)
+			assert.Contains(t, err.Error(), tt.serverName)
+		})
+	}
+}