stacklok / toolhive / 19059275764
51%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 337
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 47.744% (-0.002%) from 47.746%
19059275764

push

github

web-flow 
Unify authentication with Identity struct across ToolHive (#2437)

* Unify authentication with Identity struct across ToolHive

Consolidate the vMCP Identity infrastructure into pkg/auth to eliminate
code duplication and simplify authentication flow throughout ToolHive.

Changes:
- Move Identity struct from pkg/vmcp/auth to pkg/auth as the canonical
  type for representing authenticated principals
- Update all authentication middleware (OIDC, local, anonymous) to
  directly create and inject Identity into context
- Remove duplicate IdentityMiddleware from vMCP (now redundant)
- Update authz and audit packages to use IdentityFromContext
- Add backward-compatible GetClaimsFromContext helper
- Delete duplicate implementations: identity.go, context.go, and
  associated test files from pkg/vmcp/auth

This reduces code by ~655 lines while maintaining full functionality
and test coverage. All middleware now outputs Identity directly,
eliminating the need for a separate Claims → Identity conversion layer.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Address PR feedback: Fix token exchange integration and add test coverage

This commit addresses all feedback from PR #2437 review:

Critical fixes:
- Fix token exchange middleware to use Identity from context instead of
  directly accessing ClaimsContextKey, preventing silent token exchange
  failures in production (pkg/auth/tokenexchange/middleware.go)
- Update all token exchange tests to use WithIdentity pattern to match
  production auth flow (pkg/auth/tokenexchange/middleware_test.go)

Code quality improvements:
- Add nil safety check in GetClaimsFromContext to guard against edge
  case where nil Identity pointer is explicitly stored in context
  (pkg/auth/context.go)
- Add WWW-Authenticate header for claims-to-identity conversion errors
  for RFC 6750 compliance (pkg/auth/token.go)

Test coverage:
- Restore test coverage from deleted pkg/v... (continued)

125 of 131 new or added lines in 9 files covered. (95.42%)

21265 of 44540 relevant lines covered (47.74%)

37.8 hits per line

New Missed Lines in Diff

Lines Coverage File
1
61.29
 -1.21% pkg/vmcp/auth/incoming_factory.go
5
80.47
 -0.62% pkg/auth/token.go
Jobs
ID Job ID Ran Files Coverage
1 19059275764.1 337
47.74
 GitHub Action Run
Source Files on build 19059275764