diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6d929c1..67ace89 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,6 +8,10 @@ jobs:
   release:
     name: Release
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
+      id-token: write # required for mcp-publisher GitHub OIDC login
     steps:
       - name: Checkout
         uses: actions/checkout@v4
@@ -39,4 +43,21 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
\ No newline at end of file
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      # Publishes packages/server/server.json to the official MCP Registry
+      # (registry.modelcontextprotocol.io) using GitHub Actions OIDC — no stored
+      # secrets. Runs under the same condition as the npm publish above so the
+      # registry version tracks the npm release. Requires a one-time manual
+      # namespace seed by a maintainer: `mcp-publisher login github && mcp-publisher publish`.
+      - name: Publish to MCP Registry
+        if: steps.changesets.outputs.hasChangesets == 'false'
+        working-directory: packages/server
+        env:
+          # Pinned for reproducible, reviewable releases — bump deliberately.
+          MCP_PUBLISHER_VERSION: v1.7.9
+        run: |
+          set -euo pipefail
+          curl -fsSL "https://github.com/modelcontextprotocol/registry/releases/download/${MCP_PUBLISHER_VERSION}/mcp-publisher_linux_amd64.tar.gz" | tar -xz -f - mcp-publisher
+          ./mcp-publisher login github-oidc
+          ./mcp-publisher publish
\ No newline at end of file