stacklok / toolhive / 25168703213
65%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 709
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 64.302% (+0.02%) from 64.281%
25168703213

push

github

web-flow 
Support CIMD as preferred OAuth client registration for thv run (#5085)

* Support CIMD as preferred OAuth client registration for thv run

When a remote authorization server advertises
client_id_metadata_document_supported in its discovery document,
thv run now presents https://toolhive.dev/oauth/client-metadata.json
as its client_id instead of performing a DCR round-trip. Falls back
to DCR gracefully if the AS rejects the CIMD client_id.

The CIMD check runs inside PerformOAuthFlow before the DCR gate so
it works regardless of which issuer discovery path was taken
(configured issuer, realm-derived, or resource metadata).

Includes hack/mock-cimd-server for local E2E testing.

Closes #4826

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* Fix lint issues and resolve pkg/oauth → pkg/oauthproto rename

- Move cimd.go and cimd_test.go to pkg/oauthproto, update package declaration
- Update imports from pkg/oauth to pkg/oauthproto in handler.go and handler_test.go
- Fix CodeQL SSRF alert in mock-cimd-server: validate redirect_uri is localhost
  before making outbound request; use io.Discard to drain response body
- Fix revive lint: unused parameter, redefined builtin min
- Fix errcheck lint: handle resp.Body.Close error

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* Clean up: remove manual test artifacts, extend E2E mock server

- Remove hack/mock-cimd-server: was added for a manual test session but
  has no E2E test coverage and does not belong in the final PR
- Remove toolhive-client-metadata.json: the authoritative copy is in the
  infra repo (stacklok/infra#4549) where it gets deployed to
  https://toolhive.dev/oauth/client-metadata.json via CloudFront
- Add client_id_metadata_document_supported: true to test/e2e/oidc_mock.go
  discovery document so the existing E2E mock server is CIMD-capable for
  future integration tests

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* A... (continued)

34 of 74 new or added lines in 5 files covered. (45.95%)

5 existing lines in 3 files now uncovered.

61205 of 95184 relevant lines covered (64.3%)

59.89 hits per line

Uncovered Changes

Lines Coverage File
34
37.39
 -0.2% pkg/auth/remote/handler.go
6
90.43
 -2.98% pkg/auth/oauth/oidc.go

Coverage Regressions

Lines Coverage File
2
66.67
 -8.33% pkg/process/kill_unix.go
2
82.29
 -0.21% pkg/vmcp/composer/workflow_engine.go
1
37.39
 -0.2% pkg/auth/remote/handler.go
Jobs
ID Job ID Ran Files Coverage
1 25168703213.1 709
64.3
 GitHub Action Run
Source Files on build 25168703213