• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

stacklok / toolhive-studio / 29506253221
71%
main: 71%

Build:
Build:
LAST BUILD BRANCH: v0.38.0
DEFAULT BRANCH: main
Ran 16 Jul 2026 02:27PM UTC
Jobs 1
Files 525
Run time 2min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

16 Jul 2026 02:19PM UTC coverage: 71.204% (+0.03%) from 71.179%
29506253221

push

github

web-flow
fix: make network isolation mode explicit instead of inferred (#2469)

* fix: make network isolation mode explicit instead of inferred

Studio always sent `network_isolation: false`, silently overriding the
backend's new default of isolating new workloads. A prior attempt (#2332)
derived `insecure_allow_all` from whether the allow-list arrays were empty,
but reviewers flagged that as ambiguous — it couldn't distinguish "isolate
with no restrictions" from "isolate and block everything".

Replaces the boolean toggle with an explicit `networkAccess` mode (none /
host / proxy) and an explicit `allowedDestinations` (anywhere / selected)
field that drives `insecure_allow_all` directly, consolidates the duplicated
tab-content components into one, and wires up the previously-unused
`permission_profile.network.mode: "host"` backend field.

Closes #2326

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>

* fix: wire up allow_docker_gateway and fix network-access defaults

Wires the new backend `allow_docker_gateway` field (not yet released
upstream; openapi.json patched against the unreleased backend PR) through
to the "Allow host machine access" checkbox in both the local-server and
registry-server payload builders.

Also fixes three gaps found in review:

- Registry install now reads the entry's actual declared
  `insecure_allow_all`/`network.mode` instead of inferring destinations
  from allow-list array length, so entries like `fetch` (declaring
  `insecure_allow_all: true`) and entries recommending host networking
  are honored, and an entry that explicitly declares an empty allow-list
  defaults to restricted rather than silently allowing everything.
- The edit round-trip derived `allowedDestinations` from a strict
  `=== false` check, which misread an omitted (rather than explicit
  `false`) `insecure_allow_all` as unrestricted, risking silently
  widening a restricted server's egress on save.
- Allowed-host validation now accepts IPv4 addresses, m... (continued)

5402 of 8126 branches covered (66.48%)

45 of 45 new or added lines in 5 files covered. (100.0%)

7841 of 11012 relevant lines covered (71.2%)

140.77 hits per line

Jobs
ID Job ID Ran Files Coverage
1 29506253221.1 16 Jul 2026 02:27PM UTC 525
71.2
GitHub Action Run
Source Files on build 29506253221
  • Tree
  • List 525
  • Changed 6
  • Source Changed 6
  • Coverage Changed 6
Coverage ∆ File Lines Relevant Covered Missed Hits/Line Branch Hits Branch Misses
  • Back to Repo
  • Github Actions Build #29506253221
  • 968182d7 on github
  • Prev Build on main (#29397276393)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc