From ef4cefaa4081a4e3ff5863ff48f3e522197117b1 Mon Sep 17 00:00:00 2001
From: Sam Valladares <143034159+samvallad33@users.noreply.github.com>
Date: Fri, 26 Jun 2026 16:14:51 -0500
Subject: [PATCH] Add Dockerfile for MCP registry introspection (Glama) (#95)

Lets registries such as Glama start the server in an isolated sandbox and
run the standard MCP stdio introspection (tools/list, resources/list,
prompts/list) so the listing passes its checks and scores.

- node:20-slim (glibc) base, required because the npm postinstall downloads
  the prebuilt x86_64-unknown-linux-gnu binary (a -gnu binary will not run on
  musl/Alpine).
- Installs vestige-mcp-server@latest globally; postinstall fetches the binary.
- VESTIGE_DATA_DIR=/data keeps memory state inside the container.
- ENTRYPOINT vestige-mcp speaks MCP over stdio.

Verified locally: npm install + postinstall fetch the binary, the server boots,
runs its migrations, and answers initialize + tools/list over stdio.
---
 Dockerfile | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 Dockerfile

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..e93e93c
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,28 @@
+# Dockerfile for running the Vestige MCP server in an isolated sandbox.
+#
+# Used by registries such as Glama to start the server and run the standard
+# MCP stdio introspection exchange (tools/list, resources/list, prompts/list).
+# The server speaks MCP over stdio, which is exactly what these tools expect.
+#
+# Base must be glibc (Debian), not musl/Alpine: the npm postinstall downloads
+# the prebuilt x86_64-unknown-linux-gnu Rust binary from the GitHub release, and
+# a -gnu binary will not run on an Alpine/musl image.
+
+FROM node:20-slim
+
+# ca-certificates lets the postinstall fetch the release asset over HTTPS.
+RUN apt-get update \
+    && apt-get install -y --no-install-recommends ca-certificates \
+    && rm -rf /var/lib/apt/lists/*
+
+# Install the published package globally. Its postinstall downloads the matching
+# prebuilt vestige-mcp binary for linux/x64 from the GitHub release.
+RUN npm install -g vestige-mcp-server@latest
+
+# Keep all memory data inside the container under a writable path.
+ENV VESTIGE_DATA_DIR=/data
+RUN mkdir -p /data
+
+# Start the MCP server on stdio. The `vestige-mcp` bin execs the native binary
+# and inherits stdio, so the MCP client talks to it directly.
+ENTRYPOINT ["vestige-mcp"]