feat(registries): Web UI add-registry affordance + provenance surfacing + one-time third-party warning (MCP-867) (#575)

Frontend slice of MCP-856 / MCP-866. Surfaces the user-added-registries
backend in the Repositories page:

- Add Registry affordance (modal): https URL + optional protocol (defaults
  to modelcontextprotocol/registry) + optional name; POSTs /api/v1/registries
  via the new api.addRegistrySource(), mapping the stable error codes
  (invalid_registry_url / registries_locked / registry_shadows_builtin /
  duplicate_registry) to actionable messages.
- Provenance surfacing: each registry is flagged "Official · trusted" or
  "Third-party · unverified" from its provenance/trusted fields; custom
  sources carry an always-quarantined note.
- One-time third-party warning gating the first custom add; the
  acknowledgement is remembered in localStorage.

Tests: api.addRegistrySource client contract + Repositories warning-gating,
ack persistence, provenance badges, and error mapping. Docs updated in
docs/registries.md.

Co-authored-by: Paperclip <noreply@paperclip.ing>

Author: Dumbris

docs/registries.md

@@ -67,9 +67,14 @@ Equivalent surfaces:
 
 - **REST:** `POST /api/v1/registries` with `{ "url": "https://…", "protocol": "…", "id": "…", "name": "…" }`.
 - **CLI:** `mcpproxy registry add-source <https-url>`.
+- **Web UI:** the **Repositories** page has an **Add Registry** button (URL + optional
+  protocol/name). Each registry in the selector is flagged **Official · trusted** or
+  **Third-party · unverified** from its `provenance`, and the first custom add shows a
+  one-time third-party-registry warning (the acknowledgement is remembered locally).
 
 Errors share a stable code across surfaces: `invalid_registry_url` (400),
 `registries_locked` (403), `registry_shadows_builtin` / `duplicate_registry` (409).
+The Web UI maps each code to an actionable message.
 
 ### Enterprise: `registries_locked` (stub)
 

frontend/src/services/api.ts

@@ -1,4 +1,4 @@
-import type { APIResponse, Server, Tool, ToolApproval, SearchResult, StatusUpdate, SecretRef, MigrationAnalysis, ConfigSecretsResponse, GetToolCallsResponse, GetToolCallDetailResponse, GetServerToolCallsResponse, GetConfigResponse, ValidateConfigResponse, ConfigApplyResult, ServerTokenMetrics, GetRegistriesResponse, SearchRegistryServersResponse, GetSessionsResponse, GetSessionDetailResponse, InfoResponse, ActivityListResponse, ActivityDetailResponse, ActivitySummaryResponse, ImportResponse, AgentTokenInfo, CreateAgentTokenRequest, CreateAgentTokenResponse, RoutingInfo, ConnectStatusResponse, ConnectResult, OnboardingStateResponse, OnboardingMarkRequest, DiagnosticFixResponse, GlobalToolsResponse, UsageAggregateResponse, UsageWindow, UsageSort, UsageStatus } from '@/types'
+import type { APIResponse, Server, Tool, ToolApproval, SearchResult, StatusUpdate, SecretRef, MigrationAnalysis, ConfigSecretsResponse, GetToolCallsResponse, GetToolCallDetailResponse, GetServerToolCallsResponse, GetConfigResponse, ValidateConfigResponse, ConfigApplyResult, ServerTokenMetrics, GetRegistriesResponse, SearchRegistryServersResponse, RegistrySummary, GetSessionsResponse, GetSessionDetailResponse, InfoResponse, ActivityListResponse, ActivityDetailResponse, ActivitySummaryResponse, ImportResponse, AgentTokenInfo, CreateAgentTokenRequest, CreateAgentTokenResponse, RoutingInfo, ConnectStatusResponse, ConnectResult, OnboardingStateResponse, OnboardingMarkRequest, DiagnosticFixResponse, GlobalToolsResponse, UsageAggregateResponse, UsageWindow, UsageSort, UsageStatus } from '@/types'
 
 // Event types for API service
 export interface APIAuthEvent {
@@ -33,6 +33,17 @@ export interface AddFromRegistryResult {
   missingInputs?: string[]
 }
 
+// MCP-866 / MCP-867: result of adding a *registry source* (POST /registries).
+// Carries the stable error `code` (invalid_registry_url | registries_locked |
+// registry_shadows_builtin | duplicate_registry) so the UI can render an
+// actionable message instead of a generic string.
+export interface AddRegistrySourceResult {
+  success: boolean
+  registry?: RegistrySummary
+  error?: string
+  code?: string
+}
+
 class APIService {
   private baseUrl = ''
   private apiKey = ''
@@ -667,6 +678,58 @@ class APIService {
     return this.request<SearchRegistryServersResponse>(url)
   }
 
+  // MCP-866 / MCP-867: add a user-supplied registry source. The server always
+  // tags an added source custom/unverified (provenance is NOT part of the
+  // request), so every server later discovered through it lands quarantined and
+  // can never skip quarantine. We mirror the structured-error pattern of
+  // addServerFromRegistry so the UI can branch on the stable `code`
+  // (invalid_registry_url | registries_locked | registry_shadows_builtin |
+  // duplicate_registry).
+  async addRegistrySource(
+    url: string,
+    opts?: { protocol?: string; id?: string; name?: string }
+  ): Promise<AddRegistrySourceResult> {
+    const body: Record<string, unknown> = { url }
+    if (opts?.protocol) body.protocol = opts.protocol
+    if (opts?.id) body.id = opts.id
+    if (opts?.name) body.name = opts.name
+
+    const headers: Record<string, string> = { 'Content-Type': 'application/json' }
+    if (this.apiKey) headers['X-API-Key'] = this.apiKey
+
+    try {
+      const response = await fetch(`${this.baseUrl}/api/v1/registries`, {
+        method: 'POST',
+        headers,
+        body: JSON.stringify(body)
+      })
+
+      const payload: any = await response.json().catch(() => ({}))
+
+      if (!response.ok) {
+        if (response.status === 401 || response.status === 403) {
+          // registries_locked is a 403 but is a policy decision, not an auth
+          // failure — only emit the auth-error path for a missing/invalid key.
+          if (payload?.code !== 'registries_locked') {
+            this.emitAuthError(payload?.error || `HTTP ${response.status}`, response.status)
+          }
+        }
+        return {
+          success: false,
+          error: payload?.error || `HTTP ${response.status}: ${response.statusText}`,
+          code: payload?.code
+        }
+      }
+
+      return { success: true, registry: payload?.data?.registry }
+    } catch (error) {
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : 'Unknown error'
+      }
+    }
+  }
+
   // Spec 070 (CN-001): add a server to upstream by *reference* — the server
   // re-derives and validates the config from the registry entry. The client no
   // longer splits install_cmd / chooses protocol (that client-side parsing was

frontend/src/types/api.ts

@@ -562,6 +562,28 @@ export interface Registry {
   tags?: string[]
   protocol?: string
   count?: number | string
+  // MCP-866: trust tag — "official/trusted" for built-in defaults,
+  // "custom/unverified" for user-added sources. Derived server-side from
+  // membership in the default set, never from self-assertion in config.
+  provenance?: string
+  // Convenience boolean mirror of provenance === "official/trusted".
+  trusted?: boolean
+}
+
+// MCP-866 trust-tag constants (mirror config.RegistryProvenance*).
+export const REGISTRY_PROVENANCE_OFFICIAL = 'official/trusted'
+export const REGISTRY_PROVENANCE_CUSTOM = 'custom/unverified'
+
+// RegistrySummary is the slim projection returned by POST /api/v1/registries
+// (add-source). Mirrors contracts.RegistrySummary.
+export interface RegistrySummary {
+  id: string
+  name: string
+  url?: string
+  servers_url?: string
+  protocol?: string
+  provenance?: string
+  trusted?: boolean
 }
 
 export interface NPMPackageInfo {