feat(registry): add remove path for user-added custom registries (#592)

Custom registry sources added via `registry add-source` could not be
removed through any supported surface — the only recourse was hand-editing
config.db and restarting the daemon. Add the inverse remove operation:

- DELETE /api/v1/registries/{id} — removes a custom/unverified source,
  refusing built-ins via the same registry_shadows_builtin guard and
  returning registry_not_found (404) for unknown ids. Persisted
  copy-on-write like add-source.
- `mcpproxy registry remove <id>` CLI (aliases: rm, remove-source),
  daemon-required, with remove-specific error guidance.
- cliclient.RemoveRegistrySource wrapping the DELETE endpoint.
- Shared server-side derivation (removeRegistrySourceFromConfig) so CLI
  and REST produce identical persisted config.

Docs (registries.md, rest-api.md) and OpenAPI spec updated in the same PR.
The Web UI affordance is tracked as a separate frontend follow-up.

Related #MCP-1057

Author: Dumbris

cmd/mcpproxy/registry_cmd.go

@@ -65,10 +65,88 @@ registries directly.`,
 	}
 
 	cmd.PersistentFlags().StringVarP(&registryConfigPath, "config", "c", "", "Path to MCP configuration file")
-	cmd.AddCommand(newRegistryListCmd(), newRegistrySearchCmd(), newRegistryAddCmd(), newRegistryAddSourceCmd())
+	cmd.AddCommand(newRegistryListCmd(), newRegistrySearchCmd(), newRegistryAddCmd(), newRegistryAddSourceCmd(), newRegistryRemoveCmd())
 	return cmd
 }
 
+func newRegistryRemoveCmd() *cobra.Command {
+	cmd := &cobra.Command{
+		Use:     "remove <id>",
+		Aliases: []string{"remove-source", "rm"},
+		Short:   "Remove a user-added custom registry source",
+		Long: `Remove a custom MCP registry source you previously added with
+'registry add-source'. Use 'registry list' to see the ids.
+
+Only custom/unverified registries can be removed — the shipped built-in
+registries (official, reference, docker-mcp-catalog, pulse, smithery) cannot be
+removed. Removing a source does not touch any upstream servers you already added
+from it.`,
+		Args: cobra.ExactArgs(1),
+		RunE: func(_ *cobra.Command, args []string) error {
+			registryID := args[0]
+
+			cfg, err := loadRegistryConfig()
+			if err != nil {
+				return outputError(clioutput.NewStructuredError(clioutput.ErrCodeConfigNotFound, err.Error()).
+					WithRecoveryCommand("mcpproxy doctor"), clioutput.ErrCodeConfigNotFound)
+			}
+
+			// remove MUST go through the daemon: the registry list lives on the
+			// runtime config snapshot and is updated copy-on-write via UpdateConfig.
+			if !shouldUseUpstreamDaemon(cfg.DataDir) {
+				return outputError(clioutput.NewStructuredError(clioutput.ErrCodeConnectionFailed,
+					"removing a registry source requires a running mcpproxy daemon").
+					WithGuidance("Start the daemon, then retry").
+					WithRecoveryCommand("mcpproxy serve"), clioutput.ErrCodeConnectionFailed)
+			}
+
+			ctx, cancel := registryContext()
+			defer cancel()
+
+			client := cliclient.NewClient(socket.DetectSocketPath(cfg.DataDir), nil)
+			reg, err := client.RemoveRegistrySource(ctx, registryID)
+			if err != nil {
+				return registryRemoveErrorOutput(err)
+			}
+
+			outputFormat := ResolveOutputFormat()
+			if outputFormat == "json" || outputFormat == "yaml" {
+				formatter, _ := GetOutputFormatter()
+				out, _ := formatter.Format(reg)
+				fmt.Println(out)
+				return nil
+			}
+
+			fmt.Printf("✅ Removed registry source '%s'\n", reg.ID)
+			return nil
+		},
+	}
+	return cmd
+}
+
+// registryRemoveErrorOutput maps a *cliclient.RegistryAddError from a remove op
+// to a structured CLI error with remove-specific guidance (MCP-1057).
+func registryRemoveErrorOutput(err error) error {
+	var addErr *cliclient.RegistryAddError
+	if !errors.As(err, &addErr) {
+		return outputError(clioutput.NewStructuredError(clioutput.ErrCodeOperationFailed, err.Error()), clioutput.ErrCodeOperationFailed)
+	}
+
+	switch addErr.Code {
+	case "registry_not_found":
+		return outputError(clioutput.NewStructuredError(clioutput.ErrCodeServerNotFound, addErr.Message).
+			WithGuidance("Check the ids with 'mcpproxy registry list' — only custom/unverified registries can be removed"), clioutput.ErrCodeServerNotFound)
+	case "registry_shadows_builtin":
+		return outputError(clioutput.NewStructuredError(clioutput.ErrCodeInvalidInput, addErr.Message).
+			WithGuidance("Built-in registries cannot be removed"), clioutput.ErrCodeInvalidInput)
+	case "registries_locked":
+		return outputError(clioutput.NewStructuredError(clioutput.ErrCodeOperationFailed, addErr.Message).
+			WithGuidance("Registry changes are disabled by policy (registries_locked)"), clioutput.ErrCodeOperationFailed)
+	default:
+		return outputError(clioutput.NewStructuredError(clioutput.ErrCodeOperationFailed, addErr.Message), clioutput.ErrCodeOperationFailed)
+	}
+}
+
 func newRegistryAddSourceCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "add-source <https-url>",

docs/api/rest-api.md

@@ -545,6 +545,21 @@ for the full feature guide (CLI, REST, MCP).
 
 List configured registries.
 
+#### POST /api/v1/registries
+
+Add a user-supplied custom registry source. JSON body:
+`{ "url": "https://…", "protocol": "…", "id": "…", "name": "…" }` (only `url`
+required). The source is always tagged `custom/unverified`. Errors share a stable
+code: `invalid_registry_url` (400), `registries_locked` (403),
+`registry_shadows_builtin` / `duplicate_registry` (409).
+
+#### DELETE /api/v1/registries/{id}
+
+Remove a user-added custom registry source. Returns `data.registry` echoing the
+removed entry. Built-in registries are refused with `registry_shadows_builtin`
+(409); an unknown id returns `registry_not_found` (404); a `registries_locked`
+policy returns 403.
+
 #### GET /api/v1/registries/{id}/servers
 
 Search a registry's servers (`?search=`, `?tag=`, `?limit=`).

docs/registries.md

@@ -85,12 +85,36 @@ Errors share a stable code across surfaces: `invalid_registry_url` (400),
 `registries_locked` (403), `registry_shadows_builtin` / `duplicate_registry` (409).
 The Web UI maps each code to an actionable message.
 
+### Removing a registry source
+
+`mcpproxy registry remove <id>` deletes a custom registry you added earlier. Only
+`custom/unverified` registries can be removed — the shipped built-in defaults are
+refused via the same shadow guard as add-source. Removing a source does not touch
+any upstream servers you already added from it.
+
+```bash
+mcpproxy registry list             # find the id
+mcpproxy registry remove acme      # delete the custom source (aliases: rm, remove-source)
+```
+
+Like add-source, this requires a running daemon — the change is applied
+copy-on-write on the runtime config snapshot and persisted to `mcp_config.json`.
+
+Equivalent surfaces:
+
+- **REST:** `DELETE /api/v1/registries/{id}` → `{ "registry": { … } }` echoing the removed entry.
+- **CLI:** `mcpproxy registry remove <id>`.
+
+Errors share a stable code across surfaces: `registry_not_found` (404),
+`registry_shadows_builtin` (409, built-in cannot be removed),
+`registries_locked` (403).
+
 ### Enterprise: `registries_locked` (stub)
 
 Setting `"registries_locked": true` in `mcp_config.json` disables runtime registry
-additions (`registry add-source` and the REST/MCP add-source surface return
-`registries_locked`). Built-in defaults are unaffected. This is a forward-looking
-stub for enterprise policy pinning.
+changes (`registry add-source` / `registry remove` and the REST add-source and
+remove surfaces return `registries_locked`). Built-in defaults are unaffected.
+This is a forward-looking stub for enterprise policy pinning.
 
 ## Official v0.1 protocol
 

internal/cliclient/client.go

@@ -1915,3 +1915,50 @@ func (c *Client) AddRegistrySource(ctx context.Context, sourceURL, protocol, id,
 	}
 	return &apiResp.Data.Registry, nil
 }
+
+// RemoveRegistrySource removes a user-added custom registry source via the daemon
+// (MCP-1057). DELETE /api/v1/registries/{id} → data.registry. On failure it
+// returns a *RegistryAddError carrying the stable cross-surface code
+// (registry_not_found, registry_shadows_builtin, registries_locked).
+func (c *Client) RemoveRegistrySource(ctx context.Context, id string) (*contracts.RegistrySummary, error) {
+	u := c.baseURL + "/api/v1/registries/" + url.PathEscape(id)
+	req, err := http.NewRequestWithContext(ctx, http.MethodDelete, u, http.NoBody)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create request: %w", err)
+	}
+	c.prepareRequest(ctx, req)
+
+	resp, err := c.httpClient.Do(req)
+	if err != nil {
+		return nil, fmt.Errorf("failed to call remove-registry-source API: %w", err)
+	}
+	defer resp.Body.Close()
+
+	respBytes, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read response: %w", err)
+	}
+
+	var apiResp struct {
+		Success   bool                                `json:"success"`
+		Data      *contracts.RemoveRegistrySourceData `json:"data"`
+		Error     string                              `json:"error"`
+		Code      string                              `json:"code"`
+		RequestID string                              `json:"request_id"`
+	}
+	if err := json.Unmarshal(respBytes, &apiResp); err != nil {
+		return nil, fmt.Errorf("failed to parse response (status %d): %s", resp.StatusCode, string(respBytes))
+	}
+
+	if !apiResp.Success || resp.StatusCode != http.StatusOK {
+		msg := apiResp.Error
+		if msg == "" {
+			msg = fmt.Sprintf("API returned status %d", resp.StatusCode)
+		}
+		return nil, &RegistryAddError{Code: apiResp.Code, Message: msg, RequestID: apiResp.RequestID}
+	}
+	if apiResp.Data == nil {
+		return nil, fmt.Errorf("daemon returned success with no registry data")
+	}
+	return &apiResp.Data.Registry, nil
+}

internal/contracts/types.go

@@ -1007,6 +1007,12 @@ type AddRegistrySourceData struct {
 	Registry RegistrySummary `json:"registry"`
 }
 
+// RemoveRegistrySourceData is the success `data` payload for remove-source
+// (MCP-1057, DELETE /api/v1/registries/{id}). It echoes the removed registry.
+type RemoveRegistrySourceData struct {
+	Registry RegistrySummary `json:"registry"`
+}
+
 // SuccessResponse is the standard success response wrapper for API endpoints.
 type SuccessResponse struct {
 	Success bool        `json:"success"`

internal/httpapi/code_exec_test.go

@@ -100,6 +100,9 @@ func (m *mockController) AddServerFromRegistryRef(_ context.Context, _, _, _ str
 func (m *mockController) AddRegistrySourceRef(_, _, _, _ string) (*config.RegistryEntry, *contracts.RegistryAddError, error) {
 	return nil, nil, nil
 }
+func (m *mockController) RemoveRegistrySourceRef(_ string) (*config.RegistryEntry, *contracts.RegistryAddError, error) {
+	return nil, nil, nil
+}
 func (m *mockController) GetManagementService() interface{}                       { return nil }
 func (m *mockController) GetRuntime() interface{}                                 { return nil }
 func (m *mockController) GetSessions(limit, offset int) (interface{}, int, error) { return nil, 0, nil }

internal/httpapi/contracts_test.go

@@ -318,6 +318,9 @@ func (m *MockServerController) AddServerFromRegistryRef(_ context.Context, _, _,
 func (m *MockServerController) AddRegistrySourceRef(_, _, _, _ string) (*config.RegistryEntry, *contracts.RegistryAddError, error) {
 	return nil, nil, nil
 }
+func (m *MockServerController) RemoveRegistrySourceRef(_ string) (*config.RegistryEntry, *contracts.RegistryAddError, error) {
+	return nil, nil, nil
+}
 
 // Version and updates
 func (m *MockServerController) GetVersionInfo() *updatecheck.VersionInfo {

internal/httpapi/registry_resilience_test.go

@@ -2,10 +2,12 @@ package httpapi
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
 	"net/http/httptest"
 	"testing"
 
+	"github.com/smart-mcp-proxy/mcpproxy-go/internal/config"
 	"github.com/smart-mcp-proxy/mcpproxy-go/internal/contracts"
 	"github.com/smart-mcp-proxy/mcpproxy-go/internal/registries"
 	"go.uber.org/zap/zaptest"
@@ -199,3 +201,72 @@ func TestListRegistries_SurfacesProvenanceAndTrusted(t *testing.T) {
 		t.Error("no-provenance-reg trusted: want false, got true")
 	}
 }
+
+// removeController simulates the server-side remove-source op: it removes the
+// custom "acme" registry, refuses the built-in "official", and reports
+// registry_not_found for anything else (MCP-1057).
+type removeController struct {
+	*MockServerController
+}
+
+func (c *removeController) RemoveRegistrySourceRef(id string) (*config.RegistryEntry, *contracts.RegistryAddError, error) {
+	switch id {
+	case "acme":
+		return &config.RegistryEntry{
+			ID:         "acme",
+			Name:       "Acme",
+			URL:        "https://acme.example/",
+			Provenance: config.RegistryProvenanceCustom,
+		}, nil, nil
+	case "official":
+		rerr := &contracts.RegistryAddError{Code: "registry_shadows_builtin", Message: `"official" is a built-in registry and cannot be removed`}
+		return nil, rerr, errors.New(rerr.Message)
+	default:
+		rerr := &contracts.RegistryAddError{Code: "registry_not_found", Message: "no custom registry with id " + id}
+		return nil, rerr, errors.New(rerr.Message)
+	}
+}
+
+// MCP-1057: DELETE removes a custom registry and echoes it with trusted=false.
+func TestRemoveRegistrySource_RemovesCustom(t *testing.T) {
+	srv := NewServer(&removeController{&MockServerController{}}, zaptest.NewLogger(t).Sugar(), nil)
+	req := httptest.NewRequest(http.MethodDelete, "/api/v1/registries/acme", http.NoBody)
+	w := httptest.NewRecorder()
+	srv.ServeHTTP(w, req)
+
+	if w.Code != http.StatusOK {
+		t.Fatalf("want 200, got %d (body=%s)", w.Code, w.Body.String())
+	}
+	var resp contracts.RemoveRegistrySourceData
+	decodeData(t, w, &resp)
+	if resp.Registry.ID != "acme" {
+		t.Errorf("expected removed id=acme, got %q", resp.Registry.ID)
+	}
+	if resp.Registry.Trusted {
+		t.Error("a custom registry must report trusted=false")
+	}
+}
+
+// MCP-1057: removing a built-in is refused with 409 registry_shadows_builtin.
+func TestRemoveRegistrySource_RefusesBuiltin(t *testing.T) {
+	srv := NewServer(&removeController{&MockServerController{}}, zaptest.NewLogger(t).Sugar(), nil)
+	req := httptest.NewRequest(http.MethodDelete, "/api/v1/registries/official", http.NoBody)
+	w := httptest.NewRecorder()
+	srv.ServeHTTP(w, req)
+
+	if w.Code != http.StatusConflict {
+		t.Fatalf("want 409, got %d (body=%s)", w.Code, w.Body.String())
+	}
+}
+
+// MCP-1057: removing an unknown registry yields 404 registry_not_found.
+func TestRemoveRegistrySource_NotFound(t *testing.T) {
+	srv := NewServer(&removeController{&MockServerController{}}, zaptest.NewLogger(t).Sugar(), nil)
+	req := httptest.NewRequest(http.MethodDelete, "/api/v1/registries/ghost", http.NoBody)
+	w := httptest.NewRecorder()
+	srv.ServeHTTP(w, req)
+
+	if w.Code != http.StatusNotFound {
+		t.Fatalf("want 404, got %d (body=%s)", w.Code, w.Body.String())
+	}
+}

internal/httpapi/security_test.go

@@ -300,6 +300,9 @@ func (m *baseController) AddServerFromRegistryRef(_ context.Context, _, _, _ str
 func (m *baseController) AddRegistrySourceRef(_, _, _, _ string) (*config.RegistryEntry, *contracts.RegistryAddError, error) {
 	return nil, nil, nil
 }
+func (m *baseController) RemoveRegistrySourceRef(_ string) (*config.RegistryEntry, *contracts.RegistryAddError, error) {
+	return nil, nil, nil
+}
 func (m *baseController) CallTool(ctx context.Context, toolName string, args map[string]interface{}) (interface{}, error) {
 	return nil, nil
 }