Open
Description
The following issue is about:
- Having a wizard (or something else that is interactive) that helps users configure trusted MCP servers
- The trusting part will be covered via sigstore signatures and checking if the provenance information is right
A rough example of the user experience flow can be something like:
- User wants to add a new mcp server (a container)
- ToolHive looks for its signature, if not found prompts the user to confirm they are about to use an unsigned MCP
- Otherwise read the provenance information and continue to prompt the user if the provenance metadata reflects that of the MCP server they indeed want to use, i.e. repo of origin, identity, etc.
- We store that information (perhaps in the registry.json for now)
- From there on, use this metadata to ensure the image that we try to run comes from the same place. If not, fail and warn the user