stacklok / toolhive / 23510630018

coverage: 64.178% (-0.2%) from 64.365%
23510630018

push

github

web-flow 
Enable multi-upstream for MCPServer, MCPRemoteProxy, and proxy runner (#4322)

* Add explicit-name validation and proxy runner multi-upstream guard

Move multi-upstream restrictions from the authserver library to consumer
layers. The library now accepts multi-upstream configs but enforces name
semantics: single-upstream defaults empty names to "default", while
multi-upstream requires explicit non-"default" names with distinct error
messages for empty vs reserved names.

Validate upstream names against a DNS-label regex (no leading/trailing
hyphens, lowercase alphanumeric only) to prevent delimiter injection in
storage keys. Add test coverage for invalid name formats (uppercase,
underscores, leading/trailing hyphens).

Remove the GetUpstream() convenience method (no callers remain after
Phase 2). Add a cardinality guard in the proxy runner's Run() that
rejects len(Upstreams) > 1 with an actionable error pointing to
VirtualMCPServer.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Move multi-upstream restriction from CRD to controller layers

Remove the len > 1 guard from MCPExternalAuthConfig.validateEmbeddedAuthServer()
so the CRD accepts multi-upstream configs. Add multi-upstream rejection to
MCPServer and MCPRemoteProxy controllers in handleExternalAuthConfig(), setting
a ConditionFalse status with reason MultiUpstreamNotSupported and an actionable
error directing users to VirtualMCPServer.

Add duplicate upstream name validation in the CRD webhook so conflicts
are caught at admission time rather than Pod startup. Tighten the Name
field pattern to disallow trailing hyphens and add MaxLength=63 for
RFC 1123 compliance.

VirtualMCPServer remains unrestricted as the intended multi-upstream consumer.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Enable multi-upstream for MCPServer, MCPRemoteProxy, and proxy runner

The embedded auth server has supported sequential multi-upstream chains
since the Phase ... (continued)

124 of 163 new or added lines in 7 files covered. (76.07%)

339 existing lines in 12 files now uncovered.

51009 of 79481 relevant lines covered (64.18%)

149.95 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

79.79
/pkg/transport/proxy/httpsse/http_proxy.go


Source Not Available