stacklok / toolhive / 26472499695
66%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 738
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 65.914% (+0.02%) from 65.894%
26472499695

push

github

web-flow 
Wire CIMD config through embedded AS and enable storage decorator (#5348)

* Wire CIMD config through embedded AS and enable storage decorator

Phase 2 PR 3 — config threading and server wiring.

Config chain: RunConfig.CIMD → Config.CIMD* → AuthorizationServerParams
→ AuthorizationServerConfig → discovery handler.

Changes:
- config.go: add CIMDRunConfig struct and CIMD* fields to Config;
  defaults (256 entries, 5 min fallback TTL) applied in applyDefaults();
  validation (cacheMaxSize >= 1 when enabled) in Validate()
- runner/embeddedauthserver.go: add resolveCIMDConfig helper to unpack
  nullable *CIMDRunConfig; populate Config.CIMD* from RunConfig.CIMD
- server/provider.go: add CIMDEnabled to AuthorizationServerParams and
  AuthorizationServerConfig; wire through NewAuthorizationServerConfig
- server_impl.go: wrap storage with CIMDStorageDecorator when enabled
  (after legacy migration, before createProvider — decorator must be in
  place before fosite holds a reference to the storage instance);
  pass CIMDEnabled to AuthorizationServerParams
- server/handlers/discovery.go: set ClientIDMetadataDocumentSupported
  in buildOAuthMetadata() — both OAuth AS and OIDC discovery endpoints
  advertise CIMD support when enabled

CIMD is opt-in (disabled by default) to avoid introducing outbound
HTTPS fetching in existing deployments without explicit operator action.

Relates to #4825

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* Address PR review feedback on CIMD wiring and add missing tests

- Fix CacheFallbackTTL comment to say it is a fixed TTL (not fallback);
  matches the fix already applied in PR #5343
- Add TODO(cimd) comment above CIMDRunConfig noting the CRD exposure gap
- Add discovery handler tests: CIMDEnabled=true advertises the flag,
  CIMDEnabled=false omits it, for both AS metadata and OIDC endpoints
- Add config defaults tests: CIMDEnabled=true fills in cache size/TTL
  defaults; CIMDEnabled=false leaves zero f... (continued)

73 of 81 new or added lines in 7 files covered. (90.12%)

5 existing lines in 2 files now uncovered.

65395 of 99212 relevant lines covered (65.91%)

60.59 hits per line

Uncovered Changes

Lines Coverage File
4
88.41
 -0.39% pkg/authserver/runner/embeddedauthserver.go
2
86.1
 -0.72% pkg/authserver/server_impl.go
2
81.82
 -18.18% pkg/oauthproto/cimd.go

Coverage Regressions

Lines Coverage File
3
78.17
 -0.76% pkg/transport/proxy/httpsse/http_proxy.go
2
96.46
 0.0% pkg/authserver/storage/memory.go
Jobs
ID Job ID Ran Files Coverage
1 26472499695.1 738
65.91
 GitHub Action Run
Source Files on build 26472499695