25213578349

Committed 01 May 2026 12:02PM UTC coverage: 64.357% (+0.06%) from 64.302%

Build # 25213578349

Build Type

push

github

Committed by

web-flow

Commit Message

Add follow-up CIMD E2E and unit tests (#5130)

* Support CIMD as preferred OAuth client registration for thv run

When a remote authorization server advertises
client_id_metadata_document_supported in its discovery document,
thv run now presents https://toolhive.dev/oauth/client-metadata.json
as its client_id instead of performing a DCR round-trip. Falls back
to DCR gracefully if the AS rejects the CIMD client_id.

The CIMD check runs inside PerformOAuthFlow before the DCR gate so
it works regardless of which issuer discovery path was taken
(configured issuer, realm-derived, or resource metadata).

Includes hack/mock-cimd-server for local E2E testing.

Closes #4826

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* Fix lint issues and resolve pkg/oauth → pkg/oauthproto rename

- Move cimd.go and cimd_test.go to pkg/oauthproto, update package declaration
- Update imports from pkg/oauth to pkg/oauthproto in handler.go and handler_test.go
- Fix CodeQL SSRF alert in mock-cimd-server: validate redirect_uri is localhost
  before making outbound request; use io.Discard to drain response body
- Fix revive lint: unused parameter, redefined builtin min
- Fix errcheck lint: handle resp.Body.Close error

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* Clean up: remove manual test artifacts, extend E2E mock server

- Remove hack/mock-cimd-server: was added for a manual test session but
  has no E2E test coverage and does not belong in the final PR
- Remove toolhive-client-metadata.json: the authoritative copy is in the
  infra repo (stacklok/infra#4549) where it gets deployed to
  https://toolhive.dev/oauth/client-metadata.json via CloudFront
- Add client_id_metadata_document_supported: true to test/e2e/oidc_mock.go
  discovery document so the existing E2E mock server is CIMD-capable for
  future integration tests

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* Address jhrozek review comm... (continued)

Coverage Stats

61362 of 95347 relevant lines covered (64.36%)

58.7 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

79.38

/pkg/transport/proxy/httpsse/http_proxy.go

stacklok / toolhive / 25213578349

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source Not Available

Source File
Press 'n' to go to next uncovered line, 'b' for previous