From 4f5088ba62516d7b644f3913d3afa65de31432dd Mon Sep 17 00:00:00 2001
From: Jeffrey Aven <javen@stackql.io>
Date: Sun, 21 Jun 2026 07:11:43 +1000
Subject: [PATCH] Add LICENSE, README, and privacy_policies to bundles
 (Anthropic review)

Anthropic MCP Directory review (Bryan Thompson) asked for three additions
before listing:
1. privacy_policies declared in the manifest -> https://stackql.io/privacy
2. MIT LICENSE text shipped at the bundle root (matches declared license)
3. a bundle README covering cloud-provider credentials/--auth, the
   ${HOME}/.stackql data/config root, and the available tools

manifest/BUNDLE_README.md is the bundle-root readme; package.sh now copies it
and LICENSE into every bundle. mcpb validate accepts privacy_policies.

NOTE: https://stackql.io/privacy must be created and must resolve before
re-publishing/re-submitting - it currently 404s.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
---
 LICENSE                         | 21 +++++++++
 manifest/BUNDLE_README.md       | 75 +++++++++++++++++++++++++++++++++
 manifest/manifest.template.json |  1 +
 scripts/package.sh              |  4 ++
 4 files changed, 101 insertions(+)
 create mode 100644 LICENSE
 create mode 100644 manifest/BUNDLE_README.md

diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..81436d1
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 StackQL Studios
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
\ No newline at end of file
diff --git a/manifest/BUNDLE_README.md b/manifest/BUNDLE_README.md
new file mode 100644
index 0000000..c8cebaa
--- /dev/null
+++ b/manifest/BUNDLE_README.md
@@ -0,0 +1,75 @@
+# StackQL MCP Server
+
+SQL-native query and provisioning engine for cloud and SaaS infrastructure,
+served over the Model Context Protocol. StackQL exposes 40+ cloud and SaaS
+providers (AWS, Azure, Google, GitHub, Databricks, and more) as SQL, so an MCP
+client can discover providers, explore schemas, and run live queries and
+provisioning operations.
+
+This bundle contains the signed `stackql` binary launched as
+`stackql mcp --mcp.server.type=stdio`. No separate StackQL installation is
+required.
+
+## Cloud provider credentials and configuration
+
+Provider credentials are supplied through StackQL's `--auth` flag (JSON). By
+default this bundle runs with no credentials, which is sufficient for providers
+that expose public data without auth (for example the `github` provider in
+`null_auth` mode). To query a provider that requires credentials, configure
+`--auth` - for example, AWS with environment-backed keys and GitHub in no-auth
+mode:
+
+```json
+{
+  "aws": {
+    "type": "aws_signing_v4",
+    "credentialsenvvar": "AWS_SECRET_ACCESS_KEY",
+    "keyID": "AWS_ACCESS_KEY_ID"
+  },
+  "github": { "type": "null_auth" }
+}
+```
+
+Credentials are read locally (from environment variables or files you nominate)
+and used only to sign requests to the relevant provider's API. They are never
+transmitted anywhere else. See https://stackql.io/docs for the full provider
+auth catalogue.
+
+## Data and configuration root
+
+StackQL stores its provider registry cache and working data under an
+application root ("approot"). This bundle sets it to `${HOME}/.stackql`. Pulled
+provider definitions and cache files are written there. The audit sink is
+disabled by default in this bundle; query data is not written to disk unless you
+enable it.
+
+## Available tools
+
+- `server_info` - identity and runtime of the connected server
+- `list_providers` - list available providers
+- `pull_provider` - install a provider into the local registry
+- `list_registry` - list providers available in the StackQL registry
+- `list_services` - list services within a provider
+- `list_resources` - list resources within a service
+- `list_methods` - list methods for a resource
+- `describe_resource` - describe a resource's fields
+- `describe_method` - describe a method's parameters
+- `validate_select_query` - validate a SELECT query without running it
+- `run_select_query` - run a SELECT query against a provider
+- `run_mutation_query` - run an INSERT/UPDATE/DELETE (provisioning) query
+- `run_lifecycle_operation` - run a resource lifecycle operation
+
+Tool availability depends on the server mode (`read_only`, `safe`,
+`delete_safe`, `full_access`); the default is read-oriented and safe for agents.
+
+## Privacy
+
+See https://stackql.io/privacy for how cloud credentials and query data are
+handled.
+
+## Links
+
+- Documentation: https://stackql.io/docs
+- Source: https://github.com/stackql/stackql
+- Official MCP Registry: `io.github.stackql/stackql-mcp`
+- License: MIT (see LICENSE in this bundle)
diff --git a/manifest/manifest.template.json b/manifest/manifest.template.json
index 4a77198..ae66755 100644
--- a/manifest/manifest.template.json
+++ b/manifest/manifest.template.json
@@ -11,6 +11,7 @@
   "homepage": "https://stackql.io",
   "documentation": "https://stackql.io/docs",
   "license": "MIT",
+  "privacy_policies": ["https://stackql.io/privacy"],
   "icon": "icon.png",
   "server": {
     "type": "binary",
diff --git a/scripts/package.sh b/scripts/package.sh
index 233b390..f6154bc 100755
--- a/scripts/package.sh
+++ b/scripts/package.sh
@@ -113,6 +113,10 @@ pack_bundle() {
   cp "$src" "$stage/server/$binname"
   chmod +x "$stage/server/$binname" 2>/dev/null || true
   cp "$ROOT_DIR/assets/icon.png" "$stage/icon.png"
+  # LICENSE text (matches the manifest's declared MIT license) and a bundle
+  # README - both required for the Anthropic MCP Directory listing.
+  cp "$ROOT_DIR/LICENSE" "$stage/LICENSE"
+  cp "$ROOT_DIR/manifest/BUNDLE_README.md" "$stage/README.md"
   sed -e "s/__BINARY_NAME__/${binname}/g" -e "s/__VERSION__/${VERSION}/g" \
       "$TEMPLATE" > "$stage/manifest.json"
   out="$DIST_DIR/stackql-mcp-${label}.mcpb"