Update stacklok/toolhive to v0.32.0#993
Conversation
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Claude finished @renovate[bot]'s task in 13m 55s —— View job Updated docs for toolhive v0.32.0Pushed commit e2f7489 covering the user-facing v0.32.0 changes. Verified against upstream source at
Skipped (not OSS-user-facing):
|
Cover the new --allowed-origins flag, XAA outgoing-auth strategy, OpenAI-compatible embedding provider, EmbeddedAuthServer insecureAllowHTTP, and MCPRemoteProxy OIDC CA bundle behavior.
|
Claude finished @renovate[bot]'s task in 3m 48s —— View job Editorial review for toolhive v0.32.0 docs
SummaryReviewed the six docs changed in e2f7489: Fixes appliedTwo spaced-hyphen separators in prose — the project style guide reserves spaced hyphens for list-style contexts (e.g. "Related information" entries) and asks for commas or rephrasing elsewhere:
Both run through prettier/eslint clean. Observations not acted on
Pushed as commit b4768ba to |
|
@claude the new "OIDC CA bundle is mounted into the proxy pod" admonition feels like we're documenting a bugfix like it's a feature; isn't this expected behavior and thus unnecessary? |
|
Claude finished @danbarr's task in 1m 17s —— View job Removed the OIDC CA bundle admonition
You're right, and I've removed it (commit 458425e). The reasoning: upstream #5630 is a bugfix - before it, setting The actionable guidance already lives one block up in the Production security warning:
So the only genuinely new surface was the I held off on |
The admonition described expected behavior of caBundleRef (now fixed upstream in a bugfix), reading like a new feature. The actionable guidance to set caBundleRef already lives in the Production security warning, so the callout was redundant. Co-authored-by: Dan Barr <danbarr@users.noreply.github.com>
Merge redundant non-loopback explanations into one paragraph and fix an ambiguous loopback-address parenthetical. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Updates this docs website’s ToolHive upstream pin to v0.32.0 and syncs the corresponding source-verified documentation edits plus regenerated reference assets (OpenAPI + CRD schemas + CLI reference).
Changes:
- Document new security behavior and flags around browser
Originvalidation (--allowed-origins) in the CLI run/proxy flow. - Document new vMCP optimizer option to use an OpenAI-compatible
/embeddingsbackend (embeddingProvider/embeddingModel) and update related tutorial/guide references. - Refresh synced reference assets for v0.32.0 (OpenAPI spec, CRD JSON schemas, CLI reference).
Reviewed changes
Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| static/api-specs/toolhive-crds/virtualmcpservers.schema.json | CRD schema updates for vMCP auth/optimizer fields (incl. OpenAI embedding provider + XAA-related runtime config). |
| static/api-specs/toolhive-crds/mcpexternalauthconfigs.schema.json | CRD schema refresh for external auth config resources (embedded auth server additions). |
| static/api-specs/toolhive-api.yaml | OpenAPI spec refresh (adds allowed_origins, insecure_allow_http). |
| docs/toolhive/tutorials/mcp-optimizer.mdx | Tutorial updated to point readers to the OpenAI-compatible embedding alternative. |
| docs/toolhive/reference/cli/thv_run.md | Auto-synced CLI reference includes --allowed-origins. |
| docs/toolhive/reference/cli/thv_proxy.md | Auto-synced CLI reference includes --allowed-origins. |
| docs/toolhive/guides-vmcp/optimizer.mdx | Adds OpenAI-compatible embedding service configuration guidance. |
| docs/toolhive/guides-vmcp/local-cli.mdx | Tier 3 description updated to mention the OpenAI-compatible provider option. |
| docs/toolhive/guides-vmcp/authentication.mdx | Adds XAA section and documents insecureAllowHTTP behavior for embedded auth server. |
| docs/toolhive/guides-cli/run-mcp-servers.mdx | Adds “Restrict browser Origin headers” section documenting new behavior and --allowed-origins. |
| .github/upstream-projects.yaml | Bumps ToolHive upstream version pin to v0.32.0. |
tgrunnagle
left a comment
There was a problem hiding this comment.
insecureAllowHTTP and xaa bits LGTM
XAA isn't wired into the Kubernetes operator: the converter discards spec.config.outgoingAuth, and MCPExternalAuthConfig's type enum doesn't include xaa, so the CRD example in authentication.mdx can't work today. Remove it rather than document a feature that silently falls back to unauthenticated. Also scope the "EmbeddingServer is always required" admonition in optimizer.mdx to the default tei provider; it doesn't apply when embeddingService is set directly, e.g. via the OpenAI-compatible provider added in this release. Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
This PR contains the following updates:
v0.31.0→v0.32.0After this PR opens,
.github/workflows/upstream-release-docs.ymladds source-verified content edits for the new release. Forstacklok/toolhive, the same workflow also syncs reference assets (CLI help, Swagger) and regenerates the CRD MDX pages.Release Notes
stacklok/toolhive (stacklok/toolhive)
v0.32.0Compare Source
🚀 Toolhive v0.32.0 is live!
This release advances vMCP cross-application authentication — adding the XAA (Cross-Application Access) outgoing-auth strategy, the OBO strategy seam, and upstream ID-token propagation — alongside meaningful security hardening (Origin/DNS-rebind protection and a credential-passthrough fix) and a batch of operator and proxy robustness fixes.
Originheader (MCP 2025-11-25 DNS-rebind protection) and removed the insecureAccess-Control-Allow-Origin: *from the legacy SSE transport. Default local (loopback) usage is unaffected; only browser clients on a non-http://localhostorigin need action via the new--allowed-originsflag (migration guide) (#4908).server.Newsignature changed —pkg/vmcp/server.Newdropped itsdiscovery.Managerparameter (7 → 6 args) and thepkg/vmcp/discoverypackage was removed. CLI, operator, and API behavior are unchanged; only out-of-tree code importing the vMCP library must update its call (migration guide) (#5627).Migration guide: Origin validation & SSE CORS hardening
Who is affected: Only browser-based MCP clients that make cross-origin requests to ToolHive's SSE transport from an origin that is not
http://localhost:<port>/http://127.0.0.1:<port>(for example, a web app served over HTTPS or from a custom hostname). Non-browser clients (IDEs, CLIs, MCP SDK clients) do not send anOriginheader and are unaffected. Loopback binds (the default127.0.0.1) auto-derive a matching local allowlist, so default local usage continues to work. Non-loopback binds without--allowed-originsare not enforced — a warning is logged instead.Before
# Relied on the implicit Access-Control-Allow-Origin: * wildcard thv run --transport sse some/mcp-serverAfter
Migration steps
--allowed-origins=<scheme>://<host>:<port>onthv run/thv proxy. The flag is repeatable for multiple origins; matching is exact on scheme + host + port.PR: #4908
Migration guide: vMCP
server.Newsignature changeWho is affected: Only out-of-tree Go code that imports
github.com/stacklok/toolhive/pkg/vmcp/serverand callsserver.Newdirectly (e.g. vMCP library embedders). All in-tree callers were updated in the same PR. There is no impact for CLI, operator, or API consumers.Before
After
Migration steps
discovery.Managerargument from yourserver.Newcall (and delete thediscovery.NewManager(...)construction).Config.Aggregatoris set — the core now rejects a nil aggregator.Config.AuthzMiddleware, also setConfig.Authz; the combination withoutAuthznow returnsErrInvalidConfiginstead of silently allowing all requests.PR: #5627
🆕 New Features
OBOfield onBackendAuthStrategyplus strategy registration and override hook (#5624).embeddingProvider/embeddingModelconfig fields (defaults to TEI, so existing configs are unchanged) (#5633).insecureAllowHTTPtoEmbeddedAuthServerConfigso VirtualMCPServer deployers can explicitly allow anhttp://issuer for in-cluster hosts, with admission-time validation instead of a proxyrunner crash (#5671).NOTES.txtwith verification commands, a minimal MCPServer example, and documentation links (#5656).🐛 Bug Fixes
WWW-Authenticate(RFC 6750) when an upstream provider token is expired and cannot be refreshed, letting clients re-authenticate instead of receiving an opaque error (#5651).customheader strategy no longer forwards the client's ToolHive JWT inAuthorizationto the backend; the upstream IdP token is still delivered in the configured custom header (#5661).MCPRemoteProxynow mounts and validates the referenced OIDC CA bundle ConfigMap, fixing silent TLS failures and surfacing aCABundleRefValidatedstatus condition (#5630).deploymentNeedsUpdatenow mirrors the Redis password env var (#5639).X-Forwarded-Prototo the upstream scheme, fixing infinite redirect loops whenMCPRemoteProxyruns behind a TLS-terminating load balancer (#5646).*Identitystored in the request context is now treated as absent, restoring vMCP fallback identity injection and preventing nil-deref panics (#5653).PodTemplateSpecstrategic merge patch, so fields likeruntimeClassName,topologySpreadConstraints, andhostNetworkare no longer silently dropped (#5641).RestoreSessionno longer fabricates a partial identity, and session restore now threads the authenticated request context, fixing cross-pod Redis failover with upstream-auth strategies (#5650).DetachedEnvVarValidatorno longer rejects optional secret env vars left blank, fixing spurious "missing required secret" errors when installing registry servers via ToolHive Studio (#5689).🧹 Misc
pkg/plugins/pluginsvcpackages, validation, and storage migration (no user-facing surface yet) (#5676).MCPToolConfigwatch (#5629).--allow-docker-gatewaydeny/allow behavior (#5644).good-first-issueandgood-tenth-issuedescriptions (#5634).📦 Dependencies
github.com/stacklok/toolhive-cataloganthropics/claude-code-actiona92e7c7)actions/create-github-app-tokenalpine(Docker tag)👋 Welcome to our newest contributors: @syf2211 and @claude[bot] 🎉
Full commit log
What's Changed
New Contributors
Full Changelog: stacklok/toolhive@v0.31.0...v0.32.0
🔗 Full changelog: stacklok/toolhive@v0.31.0...v0.32.0
Configuration
📅 Schedule: (in timezone America/New_York)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
Docs update for
toolhivev0.32.0At a glance
stacklok/toolhivev0.31.0→v0.32.0Summary of changes
docs/toolhive/guides-cli/run-mcp-servers.mdxcovering the new--allowed-originsflag, loopback auto-defaults, non-loopback warnings, and the SSE CORS wildcard removal.docs/toolhive/guides-vmcp/optimizer.mdxdocumenting the newembeddingProvider/embeddingModelfields and theOPENAI_API_KEYenv-var pattern, plus a default-backend disclaimer on the existing TEI EmbeddingServer section.docs/toolhive/guides-vmcp/local-cli.mdxto note the new OpenAI-compatible provider option.docs/toolhive/guides-vmcp/authentication.mdxdescribing the new XAA outgoing-auth strategy (ID-JAG two-step exchange), and aninsecureAllowHTTPparagraph for the embedded auth server.docs/toolhive/guides-k8s/remote-mcp-proxy.mdxcovering the new ConfigMap mount andCABundleRefValidatedcondition.docs/toolhive/tutorials/mcp-optimizer.mdxto cross-link the OpenAI-compatible embedding alternative.Run cost
How this PR was built
Two Claude Opus sessions run per release: a generation pass
(
upstream-release-docsskill, 6 phases) followed by a fresh-context editorial pass (
docs-review). Prettier/ESLintauto-fixes are applied after.
Auto-synced paths — do not hand-edit these in review:
static/api-specs/docs/toolhive/reference/cli/(toolhive only)docs/toolhive/reference/crds/If a "Gaps needing human context" section is present above,
each entry includes a paste-ready Helper prompt for local
Claude a reviewer can use to resolve the gap.