Follow-up to #813 (fixed in PR #810). The fix for #813 makes MCP_REGISTRY_URL honoured by all apm mcp discovery commands, but the supply-chain-security panel review identified two hardening items that should ship as a separate, security-focused change.

S1 - Validate MCP_REGISTRY_URL at construction

SimpleRegistryClient.__init__ (src/apm_cli/registry/client.py:19-21) currently accepts whatever string the env var contains. A misconfigured value (mcp.internal.example.com without scheme, file:///etc/hosts, blank string) silently flows into request URLs.

Proposal:

• Parse the override with urlparse; reject missing scheme/netloc with a clear error.
• Reject http:// by default; require an explicit MCP_REGISTRY_ALLOW_HTTP=1 opt-in for plaintext intranet registries.
• Emit an actionable error message naming the offending value and the env var.

S2 - Fail-closed on registry network errors when overridden

In RegistryIntegration.validate_servers_exist (and equivalent install pre-flights), today a network failure against a custom MCP_REGISTRY_URL falls back through error paths that may degrade to "could not reach registry, skipping validation". For default registry: acceptable. For an explicitly overridden registry: should fail-closed -- the user opted into a specific endpoint and we must not silently bypass validation.

Proposal: when MCP_REGISTRY_URL is set, registry network errors during install pre-flights are fatal (current behaviour for the default URL stays as-is or is tightened separately).

Why a separate issue

• These are behaviour changes, not bug fixes. S1 rejects URL shapes that work today; S2 changes degraded-mode semantics.
• Both warrant CEO ratification on the breaking-change angle (intranet http:// registries, fail-closed install behaviour).
• PR feat(install): add --mcp flag for declaratively adding MCP servers to apm.yml #810 ships the regression fix only; this issue tracks the hardening.

Related

• Bug: bug: apm mcp search/list/show ignore MCP_REGISTRY_URL env var #813
• Initial fix PR: feat(install): add --mcp flag for declaratively adding MCP servers to apm.yml #810

Acceptance criteria

• SimpleRegistryClient.__init__ validates URL shape; rejects schemeless and (by default) http:// overrides.
• MCP_REGISTRY_ALLOW_HTTP=1 documented as the explicit opt-in.
• Registry network errors during install pre-flights are fatal when MCP_REGISTRY_URL is set.
• Tests cover all three: invalid URL rejection, http opt-in, and fail-closed install.
• CHANGELOG entry under ### Changed (these are intentional behaviour changes).