stacklok / toolhive / 27301142389

67%

Build Type

push

github

Committed by web-flow

Commit Message

Surface unauthenticated proxy default in logs and docs (#5488)

* Surface unauthenticated proxy default in logs and docs

When an MCPServer or MCPRemoteProxy is deployed without OIDCConfigRef
(or any other auth source), the proxy falls back to LocalUserMiddleware
and forwards every request under a synthetic local-user identity with no
credential check. This unauthenticated fallback is intentional, but it
was silent: the only signal was a debug log, and the README claimed
unconditional "identity enforcement per request" (GHSA-hfrv-94x5-85p2).

Make the state visible without changing the default behavior:
- Raise the no-auth fallback log in GetAuthenticationMiddleware from
  Debug to Warn, naming the consequence and how to enable auth.
- Document the unauthenticated default on the OIDCConfigRef field of
  both MCPServer and MCPRemoteProxy; regenerate the CRD API reference.
- Reword the README so identity enforcement is stated as conditional on
  configuring an authentication source.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Correct crdref-gen working directory in operator rule

The rule said to run `task crdref-gen` from `cmd/thv-operator/`, but the
task resolves its config path relative to the repo root and fails from
that directory. Document the correct invocation.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* Regenerate operator CRD manifests

Propagate the OIDCConfigRef security note into the generated CRD YAML
descriptions for MCPServer and MCPRemoteProxy.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

Coverage Stats

3 of 3 new or added lines in 1 file covered. (100.0%)

10 existing lines in 3 files now uncovered.

67519 of 101636 relevant lines covered (66.43%)

61.5 hits per line