stacklok / toolhive / 18881205437
51%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 301
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 47.446% (-0.008%) from 47.454%
18881205437

push

github

web-flow 
Add Virtual MCP Server proposal (#2106)

* Add Virtual MCP Server proposal

This proposal introduces a Virtual MCP Server that aggregates multiple
MCP servers from a ToolHive group into a single unified interface.

Key features:
- Leverages existing ToolHive groups for backend management
- Uses existing ToolsFilter and ToolOverride constructs
- Supports per-backend authentication strategies
- Enables composite tools for cross-service workflows
- Maintains full MCP protocol compatibility

The Virtual MCP Server will simplify client integration by providing a
single connection point while handling the complexity of multiple backend
authentication requirements and tool namespace management.

Signed-off-by: Juan Antonio Osorio <ozz@stacklok.com>

* Clarify Virtual MCP authentication boundaries and token flow

This commit addresses feedback about the two authentication boundaries
in the Virtual MCP proposal and clarifies that exchanged tokens are
meant for backend APIs, not for authenticating to backend MCP servers.

Key changes:

- Updated "Two Authentication Boundaries" section to explicitly state
  that outgoing authentication is for "Backend APIs" with tokens that
  backend MCP servers use directly to call upstream APIs

- Enhanced architecture diagram to show the complete token flow:
  Client → Virtual MCP → Backend MCP Server → External API, making it
  clear that APIs validate tokens, not MCP servers

- Revised security model to emphasize API-level authentication and
  added property explaining MCP server simplicity (focus on business
  logic, not auth)

- Updated sequence diagram to include External API as separate
  participant with explicit note that backend MCP does NOT validate
  tokens

- Added concrete Google Docs MCP server example demonstrating the full
  authentication flow with tokens scoped for Google Workspace API

- Updated configuration comments to clarify that token audiences are
  for backend APIs (e.g., "github-api" for GitHub's RE... (continued)

18987 of 40018 relevant lines covered (47.45%)

15.56 hits per line

Uncovered Existing Lines

Lines Coverage File
3
72.39
 -1.12% pkg/ignore/processor.go
Jobs
ID Job ID Ran Files Coverage
1 18881205437.1 301
47.45
 GitHub Action Run
Source Files on build 18881205437