OCI: Add building OCI images cratedb-mcp and cratedb-mcpo

[amotl]

About

Start providing OCI images per ghcr.io/crate/cratedb-mcp and ghcr.io/crate/cratedb-mcpo.

References

• Documentation: Using npx/uvx is discouraged, better use containers? #27
• Provide OCI image(s) #45

Backlog

• Detailed documentation about environment variables, see also Documentation: Remote MCP support #40

[coderabbitai]

"""

Walkthrough

This update introduces OCI-compliant Docker images and associated CI/CD automation for the project. It adds Docker build configurations, GitHub Actions workflows for building, testing, and publishing images, documentation updates for new container usage, and supporting scripts and ignore files. No changes to public code interfaces are made.

Changes

File(s)	Change Summary
.dockerignore	Added to selectively include/exclude files for Docker build context.
.github/workflows/release-oci-standard.yml .github/workflows/release-oci-mcpo.yml	Added GitHub Actions workflows for automated building, testing, and publishing of OCI and MCPO container images.
CHANGES.md	Updated changelog with entries for OCI standard and MCPO image builds.
README.md	Added documentation for using OCI Standard and MCPO images, with usage examples and new links.
pyproject.toml	Added setuptools configuration to disable namespace package detection.
release/oci/Dockerfile release/oci/selftest.sh release/oci/test.yml	Introduced multi-stage Dockerfile for standard and MCPO container builds; added self-test script and test config.

Sequence Diagram(s)

sequenceDiagram
    participant Developer
    participant GitHub Actions
    participant Docker Buildx
    participant GHCR

    Developer->>GitHub Actions: Push/PR/Tag/Schedule triggers workflow
    GitHub Actions->>Docker Buildx: Build and test OCI/MCPO images
    Docker Buildx->>GHCR: Push multi-arch images (amd64, arm64)
    GitHub Actions->>GitHub Actions: Run self-tests (selftest.sh)
    GitHub Actions->>Developer: Publish build/test results and image tags

Loading

Estimated code review effort

3 (30–60 minutes)

Suggested reviewers

• kneth
• bmunkholm
• surister

Poem

🐇
Containers now hop with glee,
OCI images built for all to see.
Workflows spin and Docker hums,
Testing scripts ensure it runs.
From README lines to changelog’s song,
Our build and ship are ever strong!
🐳✨
"""

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch oci

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

‼️ IMPORTANT
Auto-reply has been disabled for this repository in the CodeRabbit settings. The CodeRabbit bot will not respond to your replies unless it is explicitly tagged.

• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (4)

release/oci/Dockerfile (2)

12-14: Clean up APT artifacts to keep the build layer slim

apt-get update/install leaves ~20-30 MB of package lists. Add the usual cleanup to reduce image size:

-RUN apt-get update
-RUN apt-get --yes install --no-install-recommends --no-install-suggests git
+RUN set -e \
+ && apt-get update \
+ && apt-get --yes install --no-install-recommends --no-install-suggests git \
+ && rm -rf /var/lib/apt/lists/*

---

57-58: Robust wheel install

$(ls /tmp/*.whl) fails if the glob matches >1 file or none. Prefer a glob directly:

-    && uv pip install --upgrade "$(ls /tmp/*.whl)"
+    && uv pip install --upgrade /tmp/*.whl

.github/workflows/release-oci-mcpo.yml (2)

1-3: Update comment to reflect mcpo image

The header still references cratedb-mcp, but this workflow builds cratedb-mcpo. Avoid future confusion by aligning the comment.

---

129-136: Step name misleading

Build and push image (standard) actually targets mcpo. Rename to keep the logs self-explanatory:

-      - name: Build and push image (standard)
+      - name: Build and push image (mcpo)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 32326c0 and d5e0be2.

📒 Files selected for processing (7)

• .github/workflows/release-oci-mcpo.yml (1 hunks)
• .github/workflows/release-oci-standard.yml (1 hunks)
• CHANGES.md (1 hunks)
• README.md (3 hunks)
• release/oci/Dockerfile (1 hunks)
• release/oci/selftest.sh (1 hunks)
• release/oci/test.yml (1 hunks)

✅ Files skipped from review due to trivial changes (2)

• release/oci/selftest.sh
• release/oci/test.yml

🚧 Files skipped from review as they are similar to previous changes (3)

• CHANGES.md
• README.md
• .github/workflows/release-oci-standard.yml

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: amotl
PR: crate/cratedb-mcp#17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#0
File: :0-0
Timestamp: 2025-05-17T14:55:23.400Z
Learning: In the cratedb-mcp repository, the `backlog.md` document is intended as a functional planning document that doesn't need to adhere to strict formatting standards. Avoid pointing out formatting or layout shortcomings in this file during reviews.

.github/workflows/release-oci-mcpo.yml (2)

Learnt from: amotl
PR: crate/cratedb-mcp#17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#0
File: :0-0
Timestamp: 2025-05-17T14:55:23.400Z
Learning: In the cratedb-mcp repository, the `backlog.md` document is intended as a functional planning document that doesn't need to adhere to strict formatting standards. Avoid pointing out formatting or layout shortcomings in this file during reviews.

release/oci/Dockerfile (2)

Learnt from: amotl
PR: crate/cratedb-mcp#17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#24
File: pyproject.toml:76-76
Timestamp: 2025-05-17T16:02:09.342Z
Learning: For the cratedb-mcp project, FastMCP pre-2.0 releases provide the same API surface needed by the application, so a lower bound on the FastMCP dependency is not necessary.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: oci
• GitHub Check: oci

🔇 Additional comments (1)

release/oci/Dockerfile (1)

60-60: Ensure selftest.sh is executable

The copied mode can be lost depending on host FS. Add a chmod step:

RUN chmod +x /usr/local/bin/selftest.sh

[amotl]

That's close to how others are doing it, but still needs validation (user testing).
https://github.com/stripe/agent-toolkit/tree/main/modelcontextprotocol#usage-with-claude-desktop

[amotl]

The documentation sections about using the OCI images have been improved significantly with 81a357f, but still the procedure hasn't been exercised using this very configuration snippet.

[amotl]

mcpo support for Open WebUI also has not been validated yet.

[amotl]

The documentation sections about using the OCI images have been improved significantly with 81a357f.

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

README.md (1)

55-56: Broken self-reference: #install anchor no longer exists

The section header was renamed to “Install package”, so the intra-doc link now points to nowhere. Update the fragment identifier to keep the link functional.

-The [installation docs](#install) section includes guidelines on how to
+The [installation docs](#install-package) section includes guidelines on how to

🧹 Nitpick comments (2)

README.md (2)

231-235: Spelling & style nit

Minor typo (“THere”) and a missing comma.

-THere is a standard OCI image and an MCPO image suitable for Open WebUI.
+There is a standard OCI image, and an MCPO image suitable for Open WebUI.

---

157-180: --network=host only works on Linux Docker – add a note or fall-back

The quick-start snippet hard-codes --network=host, which silently fails on Docker Desktop (macOS/Windows) and on root-less Podman. Consider:

1. Adding a short remark that this flag requires Linux-native Docker, or
2. Switching to an explicit user-created bridge network (as you do later with docker network create demo).

Either avoids first-time user frustration on non-Linux hosts.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d5e0be2 and 81a357f.

📒 Files selected for processing (9)

• .dockerignore (1 hunks)
• .github/workflows/release-oci-mcpo.yml (1 hunks)
• .github/workflows/release-oci-standard.yml (1 hunks)
• CHANGES.md (1 hunks)
• README.md (8 hunks)
• pyproject.toml (1 hunks)
• release/oci/Dockerfile (1 hunks)
• release/oci/selftest.sh (1 hunks)
• release/oci/test.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (8)

• CHANGES.md
• release/oci/selftest.sh
• pyproject.toml
• .dockerignore
• release/oci/test.yml
• release/oci/Dockerfile
• .github/workflows/release-oci-mcpo.yml
• .github/workflows/release-oci-standard.yml

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: amotl
PR: crate/cratedb-mcp#17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#0
File: :0-0
Timestamp: 2025-05-17T14:55:23.400Z
Learning: In the cratedb-mcp repository, the `backlog.md` document is intended as a functional planning document that doesn't need to adhere to strict formatting standards. Avoid pointing out formatting or layout shortcomings in this file during reviews.

README.md (3)

Learnt from: amotl
PR: crate/cratedb-mcp#17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#0
File: :0-0
Timestamp: 2025-05-17T14:55:23.400Z
Learning: In the cratedb-mcp repository, the `backlog.md` document is intended as a functional planning document that doesn't need to adhere to strict formatting standards. Avoid pointing out formatting or layout shortcomings in this file during reviews.

Learnt from: amotl
PR: crate/cratedb-mcp#24
File: pyproject.toml:76-76
Timestamp: 2025-05-17T16:02:09.342Z
Learning: For the cratedb-mcp project, FastMCP pre-2.0 releases provide the same API surface needed by the application, so a lower bound on the FastMCP dependency is not necessary.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: oci
• GitHub Check: oci

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (5)

README.md (5)

157-180: Clarify env propagation & host-network portability in Docker example

1. --env=CRATEDB_CLUSTER_URL relies on the variable being present in the caller’s environment. That is fine, but the common idiom is -e CRATEDB_CLUSTER_URL (short flag) to keep parity with the docker run docs and avoid confusion.

2. --network=host does not work on Docker Desktop for macOS / Windows and can break root-less Podman. Consider documenting that this flag is Linux-only or switching to an explicit user-defined bridge (like you did further down with docker network create demo).

3. The JSON snippet duplicates the variable inside the "env" block and forwards it via --env. Forwarding once is sufficient.

Suggested diff:

-        "--network=host",
-        "--env=CRATEDB_CLUSTER_URL",
+        "--network=host",              # Linux only – bridge/podman users: drop this
+        "-e", "CRATEDB_CLUSTER_URL",

Make sure the example still works on non-Linux Docker and Podman before publishing.

---

231-245: Typo & style nits in “Install OCI” block

• THere ⇒ There
• OCI images for Docker or Podman are available on GHCR per … → reads awkwardly. Consider “OCI images are published on GHCR:” for brevity.

-THere is a standard OCI image, and an MCPO image suitable for Open WebUI.
+There is a standard OCI image and an MCPO image suitable for Open WebUI.

---

325-350: Verify CrateDB image reference & env forwarding

1. The official image on Docker Hub is usually crate/crate:latest, not just crate:latest. Please double-check to avoid a pull error.

2. You forward four env vars with --env=<name> but omit values. Docker passes the current shell values, which is fine, yet most tutorials prefer the -e NAME=$NAME style for clarity.

3. Minor: you publish 8000 while also binding the container to CRATEDB_MCP_HOST=0.0.0.0; publishing is redundant when --network=demo isolates the bridge – although harmless.

Please confirm the image name and that the snippet works on a clean host.

---

352-358: Container name/image mismatch

Running MCPO with --name=cratedb-mcp while using the cratedb-mcpo image is confusing when both containers may co-exist. Rename the container or drop --name.

-docker run --rm --name=cratedb-mcp --network=demo \
+docker run --rm --name=cratedb-mcpo --network=demo \

---

359-381: GHA services block – health check missing

GitHub Actions may start the job before CrateDB is ready. Add a simple options: >- --health-cmd='curl -f http://localhost:4200/' --health-interval=5s --health-retries=20 (and similar for MCP) to avoid flaky CI.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 81a357f and 7914c94.

📒 Files selected for processing (1)

• README.md (8 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: amotl
PR: crate/cratedb-mcp#17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#0
File: :0-0
Timestamp: 2025-05-17T14:55:23.400Z
Learning: In the cratedb-mcp repository, the `backlog.md` document is intended as a functional planning document that doesn't need to adhere to strict formatting standards. Avoid pointing out formatting or layout shortcomings in this file during reviews.

README.md (3)

Learnt from: amotl
PR: crate/cratedb-mcp#17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#0
File: :0-0
Timestamp: 2025-05-17T14:55:23.400Z
Learning: In the cratedb-mcp repository, the `backlog.md` document is intended as a functional planning document that doesn't need to adhere to strict formatting standards. Avoid pointing out formatting or layout shortcomings in this file during reviews.

Learnt from: amotl
PR: crate/cratedb-mcp#24
File: pyproject.toml:76-76
Timestamp: 2025-05-17T16:02:09.342Z
Learning: For the cratedb-mcp project, FastMCP pre-2.0 releases provide the same API surface needed by the application, so a lower bound on the FastMCP dependency is not necessary.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: oci
• GitHub Check: oci

🔇 Additional comments (1)

README.md (1)

271-289: Transport section looks good

Clear, concise, and covers both CLI flags and env vars – nice work.

[surister]

Haven't build it locally but I assume they are fine, thanks!

[kneth]

I have only minor comments

[kneth]

Do we need this if we produce an image when merging to main?

[amotl]

It is not strictly required, but we can optionally have it to verify builds don't go south. Currently, the OCI building operations are "full-on", also building on each and every PR. This can be tuned down any time as we go.

In general, nightly builds have their role and value because people down the stream understand that everything is fresh inside, while builds on merges to main can age arbitrarily when development head hibernates or stops.

Of course, the "full-on" thing will not be needed for such a little project as we go, so it is common practice to tune down the volume of builds as soon as relevant details have settled well, i.e. when the project is out of its pre-alpha infancy.

[kneth]

Suggested change

	using this section might be handsome, as it includes all relevant configuration options
	using this section might be handy, as it includes all relevant configuration options

[amotl]

Thanks! Apparently, @coderabbitai did not flag this?

[kneth]

Humans are still required 😄

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

README.md (4)

231-234: Fix typo “THere” → “There”.

Minor spelling issue in the Install OCI section.

-THere is a standard OCI image and an MCPO image suitable for Open WebUI.
+There is a standard OCI image and an MCPO image suitable for Open WebUI.

---

165-171: Pin a concrete tag instead of latest for reproducibility.

Using :latest can lead to unexpected breaks when the image is updated.
Documenting a versioned tag (e.g. :v0.4.1) encourages deterministic setups.

-"ghcr.io/crate/cratedb-mcp:latest"
+"ghcr.io/crate/cratedb-mcp:v0.4.1"  # replace with the desired version

---

157-178: Consider adding --tty and explicit network in the Docker snippet.

1. Without --tty (-t) the MCP server’s interactive prompts (if any) won’t display nicely.
2. If the CrateDB instance runs in another container, documenting --network <name> avoids common “connection refused” reports.

Example:

-"args": [
-  "run",
-  "--rm",
-  "-i",
-  "-e", "CRATEDB_CLUSTER_URL",
-  "ghcr.io/crate/cratedb-mcp:latest"
+ "args": [
+   "run",
+   "--rm",
+   "-it",
+   "--network", "demo",
+   "-e", "CRATEDB_CLUSTER_URL",
+   "ghcr.io/crate/cratedb-mcp:latest"
 ]

---

257-261: Mask credentials in example URL or add a warning.

Exposing username:password in plaintext URLs may encourage insecure copy-pastes.
Either replace with a placeholder (<password>) for both user and pass or add a cautionary note.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 762a543 and b2d17f8.

📒 Files selected for processing (1)

• README.md (8 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: amotl
PR: crate/cratedb-mcp#17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#0
File: :0-0
Timestamp: 2025-05-17T14:55:23.400Z
Learning: In the cratedb-mcp repository, the `backlog.md` document is intended as a functional planning document that doesn't need to adhere to strict formatting standards. Avoid pointing out formatting or layout shortcomings in this file during reviews.

README.md (4)

Learnt from: amotl
PR: #17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#0
File: :0-0
Timestamp: 2025-05-17T14:55:23.400Z
Learning: In the cratedb-mcp repository, the backlog.md document is intended as a functional planning document that doesn't need to adhere to strict formatting standards. Avoid pointing out formatting or layout shortcomings in this file during reviews.

Learnt from: amotl
PR: #54
File: tests/test_cli.py:0-0
Timestamp: 2025-07-20T17:17:10.660Z
Learning: In the cratedb-mcp project, tests should avoid asserting against mcp.settings internal state as these assertions will break with later versions of FastMCP. Tests should focus on verifying that functions are called with correct parameters rather than checking internal implementation details.

Learnt from: amotl
PR: #24
File: pyproject.toml:76-76
Timestamp: 2025-05-17T16:02:09.342Z
Learning: For the cratedb-mcp project, FastMCP pre-2.0 releases provide the same API surface needed by the application, so a lower bound on the FastMCP dependency is not necessary.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: oci
• GitHub Check: oci

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

README.md (4)

157-179: Prefer version-pinned container images instead of :latest

Using :latest makes the build non-deterministic and can silently break users when the tag is updated. Pin the tag (or allow it to be overridden via an env var) so that examples remain reproducible.

-        "ghcr.io/crate/cratedb-mcp:latest"
+        "ghcr.io/crate/cratedb-mcp:${CRATEDB_MCP_VERSION:-vX.Y.Z}"

Same applies to the docker run examples further down.

---

257-260: Avoid plaintext credentials in public examples

Exposing user/password combos in shell history or CI logs is a frequent source of credential leakage. Consider showing the pattern with separate variables, a secrets manager, or a .env file instead.

Example:

export CRATEDB_USER=admin
export CRATEDB_PASS="$(op read --item cratedb-pass)"
export CRATEDB_CLUSTER_URL="https://${CRATEDB_USER}:${CRATEDB_PASS}@example.net:4200"

---

273-273: Minor: drop the curly-brace set notation inside inline code

Inside markdown code spans, just list the options comma-separated to avoid implying they must be written with braces.

-is `stdio`, you can select another one of `{"stdio", "http", "sse", "streamable-http"}`
+is `stdio`, you can select another one of `stdio`, `http`, `sse`, or `streamable-http`

---

329-355: Pin concrete image versions in the run examples

Both crate:latest and ghcr.io/crate/cratedb-mcp are mutable tags.
Recommend locking to explicit, compatible versions to ensure tutorials keep working.

-docker run --rm --name=cratedb --network=demo \
-  -p 4200:4200 -p 5432:5432 \
-  -e CRATE_HEAP_SIZE=2g \
-  crate:latest -Cdiscovery.type=single-node
+docker run --rm --name=cratedb --network=demo \
+  -p 4200:4200 -p 5432:5432 \
+  -e CRATE_HEAP_SIZE=2g \
+  crate:5.5.0 -Cdiscovery.type=single-node

and

-  ghcr.io/crate/cratedb-mcp
+  ghcr.io/crate/cratedb-mcp:vX.Y.Z

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9dde765 and 46f9767.

📒 Files selected for processing (9)

• .dockerignore (1 hunks)
• .github/workflows/release-oci-mcpo.yml (1 hunks)
• .github/workflows/release-oci-standard.yml (1 hunks)
• CHANGES.md (1 hunks)
• README.md (8 hunks)
• pyproject.toml (1 hunks)
• release/oci/Dockerfile (1 hunks)
• release/oci/selftest.sh (1 hunks)
• release/oci/test.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (8)

• CHANGES.md
• release/oci/test.yml
• release/oci/selftest.sh
• pyproject.toml
• .dockerignore
• release/oci/Dockerfile
• .github/workflows/release-oci-mcpo.yml
• .github/workflows/release-oci-standard.yml

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: amotl
PR: crate/cratedb-mcp#17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#0
File: :0-0
Timestamp: 2025-05-17T14:55:23.400Z
Learning: In the cratedb-mcp repository, the `backlog.md` document is intended as a functional planning document that doesn't need to adhere to strict formatting standards. Avoid pointing out formatting or layout shortcomings in this file during reviews.

README.md (4)

Learnt from: amotl
PR: #17
File: CHANGES.md:5-5
Timestamp: 2025-05-16T13:35:04.487Z
Learning: For the cratedb-mcp repository, version numbers and release dates in CHANGES.md are updated by a dedicated "Release vX.Y.Z" commit as part of the release process, not during documentation preparation PRs.

Learnt from: amotl
PR: crate/cratedb-mcp#0
File: :0-0
Timestamp: 2025-05-17T14:55:23.400Z
Learning: In the cratedb-mcp repository, the backlog.md document is intended as a functional planning document that doesn't need to adhere to strict formatting standards. Avoid pointing out formatting or layout shortcomings in this file during reviews.

Learnt from: amotl
PR: #54
File: tests/test_cli.py:0-0
Timestamp: 2025-07-20T17:17:10.660Z
Learning: In the cratedb-mcp project, tests should avoid asserting against mcp.settings internal state as these assertions will break with later versions of FastMCP. Tests should focus on verifying that functions are called with correct parameters rather than checking internal implementation details.

Learnt from: amotl
PR: #24
File: pyproject.toml:76-76
Timestamp: 2025-05-17T16:02:09.342Z
Learning: For the cratedb-mcp project, FastMCP pre-2.0 releases provide the same API surface needed by the application, so a lower bound on the FastMCP dependency is not necessary.

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: oci
• GitHub Check: oci

🔇 Additional comments (1)

README.md (1)

364-386: CI example: surface all required env vars explicitly

GitHub Actions treats undefined env keys as empty strings, which can be confusing. Add a comment or default value for secrets like CRATEDB_CLUSTER_URL to make the example copy-pastable without edits.

    env:
      CRATEDB_CLUSTER_URL: ${{ secrets.CRATEDB_CLUSTER_URL }}