• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

stacklok / toolhive
47%

Build:
DEFAULT BRANCH: main
Repo Added 02 Sep 2025 07:32PM UTC
Files 298
Badge
Embed â–¾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

LAST BUILD ON BRANCH main
branch: main
CHANGE BRANCH
x
Reset
  • main
  • 2012-respect-x-forwarded
  • 2023-inbound-network-permissions
  • 2160-podman-mac
  • accessor-helper-package
  • add-claude-agents
  • add-ginkgolinter
  • add-grafana-cli-example
  • add-groups
  • add-insecure-http-oidc-support
  • add-k8s-export-format
  • add-mcp-meta-field-support
  • add-mcpgroup-proposal
  • add-netwok-isolation-examples
  • add-oidc-resolver
  • add-proxy-logs-endpoint
  • add-registry-groups-cli-support
  • add-stackers
  • adds-auth-runconfig
  • adds-codecov-exclusions
  • adds-global-config-otel
  • adds-missing-tests
  • adds-tests
  • alternative-workaround
  • api-proxy-port
  • auth-refactored
  • auto-add-remote-server-to-clients
  • bad_example
  • change-codecov
  • change-otel-metric-defaults
  • chore/change-renovate-commit-msg
  • chore/ci-task-ensure-docs-proposal-names-format
  • chore/e2e-labels-matrix
  • chore/move-testkit-under-test
  • chore/refactor-runconfig-builder-into-options
  • chore/refactor-runconfigbuilder-to-option
  • chore/rename-design-docs
  • chore/use-testkit-client
  • ci-tidy-names
  • ci/add-renovate-config-validation
  • claude-commands_2025-10-21
  • claude/issue-1452-20250827-1021
  • claude/issue-2119-20251008-1230
  • claude_skills
  • concurrent-restart-keyring-race-condition
  • configure-telemetry-namespace
  • consistent-workload-naming
  • corrects-errors
  • cosign_bundle_signing
  • coveralls
  • decouple-configmap-operator
  • default-callback-port
  • dependabot/github_actions/github/codeql-action-4
  • dependabot/go_modules/github.com/lestrrat-go/jwx/v3-3.0.11
  • dependabot/go_modules/github.com/olekukonko/tablewriter-1.1.0
  • dependabot/go_modules/sigs.k8s.io/controller-runtime-0.22.1
  • deprecated-fields
  • disable-selinux-labeling
  • docs-update-remote-auth
  • docs/arch
  • docs/operator-e2e-tests-and-task-improvements
  • docs/runconfig-proposal
  • docs/runtime-authoring-guide
  • docs/update-go-version
  • docs/update-middleware-documentation
  • domain-model-diagram
  • downgrade-go-1.24
  • drop-test-silent
  • enable-configmap
  • enforce-structured-logs-k8s
  • ensure-version-output
  • envtest_pin
  • exclude-mocks
  • export-detail-api-inconsistencies
  • external-auth-controller-impl
  • feat/add-continue-client
  • feat/add-e2e-tests-for-tool-override-1515
  • feat/add-proxy-mode-to-workload-api
  • feat/add-tool-middleware-config-to-cli
  • feat/add-tool-middleware-config-to-http-api
  • feat/improve-client-config-file-logic
  • feat/issue-1638-configmap
  • feat/issue-1638-state-storage
  • feat/k8s-configmap-runconfig-1638
  • feat/mcp-server-secrets-management
  • feat/operator-audit-config
  • feat/operator-authz-configmap
  • feat/private-package-registries-proposal
  • feat/restart-mcpserver-annotation-1880
  • feat/session-storage-http-streaming
  • feat/session-storage-interface-phase2
  • feat/session-storage-pluggable
  • feat/telemetry-tool-error-capture
  • feat/token-exchange-env-var
  • feat/update-mcp-parser-latest-spec
  • feature/add-mcpremoteproxy-crd
  • feature/docker-workload-tests
  • feature/increase-session-ttl
  • feature/mcpremoteproxy-implementation
  • feature/remove-info-logger
  • feature/telemetry-configmap-support
  • feature/toolconfig-crd
  • fix--registry-remote-server-running
  • fix-api-timeout-large-images
  • fix-atlassian-issuer-mismatch
  • fix-auditor-middleware-transport
  • fix-auth-flags-for-registry
  • fix-chainsaw-install_2025-10-21
  • fix-dashboard-uid
  • fix-double-pod
  • fix-duplicate-listing
  • fix-duplicate-operator-e2e-runs
  • fix-duplicate-workload
  • fix-flacky-tests
  • fix-goreleaser
  • fix-group-case-insensitive
  • fix-info-output
  • fix-inspector
  • fix-issuer
  • fix-linter-cyclomatic-complexity
  • fix-mkp-example
  • fix-oauth-issuer-discovery
  • fix-operator-datarace-logger
  • fix-releaser-warns
  • fix-remote-servers-tests
  • fix-renovate-kindest-node-patch-only
  • fix-runconfig-save-race-condition-on-workload-edit
  • fix-scopes-type
  • fix-serviceaccount-configmap-mode
  • fix-silent
  • fix-staticcheck-nil-pointer
  • fix-stdio-tests
  • fix-thvignore-tmpcopyup
  • fix-warns
  • fix/ci-security-scan-workflow
  • fix/egress-proxy-arm64-build
  • fix/env-var-nil-pointer-1469
  • fix/fix-authz-middleware-tools-list
  • fix/fix-authz-tools-list
  • fix/flaky-registry-api-image-test
  • fix/issue-1874-proxy-mode
  • fix/issue-1957-oidc-issuer-mismatch
  • fix/jsonschema-v6-upgrade
  • fix/log-middleware-names
  • fix/mcpserver-auth-audit-persistence
  • fix/mcpserver-crd-size-reduction
  • fix/mcpserver-remote-path
  • fix/operator-context-aware-logging
  • fix/otel-insecure-config
  • fix/proxyrunner-tools-override-middleware
  • fix/remove-pointer-to-interface-2169
  • fix/renovate-kindest-node-patch-only
  • fix/set-correct-content-length
  • fix_git_clone
  • fix_registy_api
  • fix_used_port
  • fixes-flaky-order-assertion
  • fixes-flaky-test
  • fixes-mocks
  • fixes-release
  • go-24-dev-guide
  • go-mod-tidy
  • google-oauth
  • goose
  • groups-registry-alt
  • groups-registry-proposal
  • helm-chart-contributing
  • ignore-coverage
  • implements-providers-strategies
  • improve-test-coverage-and-fix-label-validation
  • inherit-secret-codecov
  • int-tests
  • integration-tests-fix
  • issue-1638-add-configmap-flag
  • issue-1638-add-proxymode
  • issue-1638-configmap-add-audit
  • issue-1638-configmap-add-authn
  • issue-1638-configmap-add-authz
  • issue-1638-configmap-use
  • issue-1638-use-configmap
  • issue-1696-v1
  • issue-1700
  • issue-1717
  • issue-1871
  • issue-1873
  • issue-1873-v1
  • issue-1898
  • issue-1941
  • issue-1947
  • issue-2114
  • issue-2114-telemetry
  • issue-2117
  • issue-2166
  • issuer-mistmatch
  • jesseo.colima-runtime-support
  • k8s-groups_2025-10-15
  • k8s_and
  • k8s_registry
  • kill-patch-coverage
  • lock-file-cleanup
  • maintainers
  • mcp-optimizer-hide
  • merge-integration-tests
  • meta-mcp-in-registry
  • migrate-pid-files
  • migrate-pid-files-iii
  • migrate_oauth_config
  • missed-main-test
  • move-crds-to-crds-directory
  • move-workload-update-logic-into-manager
  • moves-configmap-retrieval
  • multiple-rm-arguments
  • multiple-rm-stop-arguments
  • network-isolation-e2e
  • optimize-e2e-workflow-binary-build
  • otel-custom-attributes
  • otel-defaults
  • otel-example
  • pid-in-state-file
  • pid-in-state-file-ii
  • pins-envtest
  • prm_discovery
  • prm_with_path
  • proposal-mcp-registry-upstream-support
  • proposal/deployment-architecture-k8s
  • proposal/operator-valkey-integration
  • proposal/remote-mcp-proxy
  • proposal/virtual-mcp-server
  • refactor-rbac-operator
  • refactor-status-collector
  • refactor-telemetry
  • refactor/docker-api-adapter-tests
  • refactor/extract-common-controller-helpers
  • refactor/phase1-extract-common-helpers
  • refactor/use-defaultAuthzKey-constant
  • registry-docs
  • registry-groups-updated
  • registry_apisource
  • registry_cm
  • registry_crds
  • registry_filter
  • registry_fix_sync
  • registry_githandler
  • registry_no_serverCount
  • registry_promote
  • registry_sync
  • registry_tests
  • reinstate-stale-config-fix
  • remote-mcp-server-restart-fix
  • remote-server-apis
  • remote-server-proxy-url-in-list
  • remote-workload-spurious-warning
  • remove-flag-driven-oidc
  • remove-old-status-methods
  • remove-registry-api
  • remove-secret-provider-depdendency
  • removes-binary
  • removes-flag-driven-config-more
  • removes-flag-driven-config-patch
  • removes-not-allowed-item
  • renovate/actions-download-artifact-digest
  • renovate/actions-setup-go-6.x
  • renovate/actions-setup-python-6.x
  • renovate/add-kindest-node-patch-updates
  • renovate/alpine-3.x
  • renovate/anchore-sbom-action-0.x
  • renovate/anthropics-claude-code-action-digest
  • renovate/docker-login-action-3.x
  • renovate/dockerfile-template-base-images
  • renovate/github-codeql-action-4.x
  • renovate/github.com-cedar-policy-cedar-go-1.x
  • renovate/github.com-charmbracelet-bubbletea-1.x
  • renovate/github.com-docker-docker-28.x
  • renovate/github.com-go-git-go-git-v5-5.x
  • renovate/github.com-gofrs-flock-0.x
  • renovate/github.com-lestrrat-go-jwx-v3-3.x
  • renovate/github.com-mark3labs-mcp-go-0.x
  • renovate/github.com-olekukonko-tablewriter-1.x
  • renovate/github.com-onsi-ginkgo-v2-2.x
  • renovate/github.com-prometheus-client_golang-1.x
  • renovate/github.com-santhosh-tekuri-jsonschema-v5-6.x
  • renovate/github.com-sigstore-sigstore-go-1.x
  • renovate/github.com-sigstore-sigstore-go-digest
  • renovate/github.com-spf13-pflag-1.x
  • renovate/github.com-spf13-viper-1.x
  • renovate/golang.org-x-exp-jsonrpc2-digest
  • renovate/golang.org-x-mod-0.x
  • renovate/golang.org-x-oauth2-0.x
  • renovate/golang.org-x-sync-0.x
  • renovate/golang.org-x-sys-0.x
  • renovate/golang.org-x-term-0.x
  • renovate/helm-kind-action-digest
  • renovate/k8s.io-utils-digest
  • renovate/kindest-node-1.x
  • renovate/kubernetes-go
  • renovate/major-github-artifact-actions
  • renovate/python-3.x
  • renovate/sigs.k8s.io-controller-runtime-0.x
  • renovate/sigstore-cosign-installer-3.x
  • renovate/sigstore-cosign-installer-4.x
  • research-67
  • revert-accidental-merge
  • revert_py3.14
  • reverts-cosign-installer-bump
  • reverts-mocks
  • rm-dependabot
  • spec-generation
  • state-management-bug
  • stop-reading-pid-files-tests
  • support-colima
  • task-test-fail-only
  • telemetry-providers
  • telemetry-refactor
  • test/add-testkit
  • test/docker-high-roi
  • test/token-exchange-integration
  • tests/docker-runtime-query-coverage
  • thv-proxy-swap
  • thv-registry-api
  • thv-registry-api-file
  • thv-registry-deploy-from-controller
  • thv-registry-enforce
  • thv-te-cli
  • thv-te-iface
  • thv-te-mware
  • thv-te-proposal
  • tracing-operatpr
  • trae-ide-client
  • transport-mock
  • typo
  • update-claude-code-action
  • update-docs-workflow
  • update-inspector
  • update-k8s-examples
  • update-k8s-test-versions
  • update-maintainers
  • update-task-helm-deployment
  • update-upstream-registry-schema
  • upgrade-go
  • use-new-update-url
  • use-status-file-for-pids
  • use_thv_client_secret
  • vault-annotations
  • work-around-stale-config
  • workload-manager-tests
  • wrong-place

22 Oct 2025 10:46PM UTC coverage: 47.102% (+0.1%) from 46.977%
18731984782

push

github

web-flow
Reduce MCPServer CRD size by using runtime.RawExtension for PodTemplateSpec (#2015)

* Reduce MCPServer CRD size by using runtime.RawExtension for PodTemplateSpec

The MCPServer CRD was too large (~9500 lines) to apply without server-side
apply due to the embedded PodTemplateSpec taking up ~8500 lines. This was
causing issues as reported in GitHub issue #2013.

Changed the PodTemplateSpec field from a strongly-typed corev1.PodTemplateSpec
to runtime.RawExtension, which stores the raw JSON without schema validation
at the CRD level. This reduces the CRD size from ~9500 lines to 651 lines
(93% reduction).

The solution maintains full backwards compatibility - users can still use
the same YAML structure. Validation now happens at runtime in the operator,
with proper error handling via Kubernetes events and status conditions to
notify users when invalid PodTemplateSpec data is provided.

Key changes:
- Modified MCPServer type to use runtime.RawExtension for PodTemplateSpec
- Updated PodTemplateSpecBuilder to unmarshal and validate at runtime
- Added event recording and status conditions for validation errors
- Added comprehensive tests for invalid PodTemplateSpec scenarios
- Fixed race conditions in parallel tests

Fixes #2013

* Bump operator-crds chart version to 0.0.40

The CRD has been modified (MCPServer.spec.podTemplateSpec changed to
runtime.RawExtension), so the chart version needs to be bumped per
CI requirements.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* Address PR feedback from code review

Fixes based on Copilot and reviewer feedback:
- Fix DeepCopy call to use pointer: (&userTemplate).DeepCopy()
- Remove duplicate test assertions in pod template tests
- Remove redundant PodTemplateSpec check in deploymentNeedsUpdate
- Remove ~200 lines of dead code (non-ConfigMap mode paths)
- Remove 5 unused functions (getProxyHost, generateOIDCArgs, etc.)
- Improve isEmpty() to check a... (continued)

141 of 168 new or added lines in 5 files covered. (83.93%)

1 existing line in 1 file now uncovered.

18673 of 39644 relevant lines covered (47.1%)

15.63 hits per line

Relevant lines Covered
Build:
Build:
39644 RELEVANT LINES 18673 COVERED LINES
15.63 HITS PER LINE
Source Files on main
  • Tree
  • List 297
  • Changed 6
  • Source Changed 6
  • Coverage Changed 5
Coverage ∆ File Lines Relevant Covered Missed Hits/Line

Recent builds

Builds Branch Commit Type Ran Committer Via Coverage
18731984782 main Reduce MCPServer CRD size by using runtime.RawExtension for PodTemplateSpec (#2015) * Reduce MCPServer CRD size by using runtime.RawExtension for PodTemplateSpec The MCPServer CRD was too large (~9500 lines) to apply without server-side apply du... push 22 Oct 2025 10:51PM UTC web-flow github
47.1
18727876402 main Update module github.com/cedar-policy/cedar-go to v1.2.8 (#2294) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> push 22 Oct 2025 07:47PM UTC web-flow github
46.98
18727711347 main Merge my local k8s agent with the project-specific one (#2291) push 22 Oct 2025 07:39PM UTC web-flow github
46.99
18724202863 main Update module github.com/onsi/ginkgo/v2 to v2.27.1 (#2293) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> push 22 Oct 2025 05:20PM UTC web-flow github
46.98
18724037656 main fea: Registry API Data Source (#2189) * impl draft Signed-off-by: Daniele Martinoli <dmartino@redhat.com> * Registry API Source Handler Signed-off-by: Daniele Martinoli <dmartino@redhat.com> * increase test coverage Signed-off-by: Daniele Ma... push 22 Oct 2025 05:13PM UTC web-flow github
46.98
18723528552 main Add claude /check-contribution command (#2290) Adds a claude command to verify the practices described in deploy/charts/operator/CONTRIBUTING.md are followed. Example run result: # Contribution Practices Check Report All practices from deploy/c... push 22 Oct 2025 04:54PM UTC web-flow github
46.57
18715236732 main Refactor: Extract common controller helpers to dedicated package (#2283) Extract common helpers to dedicated package Move ~900 lines of shared helper code from controllers/common_helpers.go and controllers/config_helpers.go into a new dedicated ... push 22 Oct 2025 11:57AM UTC web-flow github
46.59
18714390838 main Update toolhive images to v0.4.0 (#2284) Update toolhive container images to v0.4.0 Updates the operator and proxyrunner container images from v0.3.8 to v0.4.0, the latest release. This includes MCPGroup support, MCPRemoteProxy CRD, and various ... push 22 Oct 2025 11:21AM UTC web-flow github
47.78
18714029782 main Add a --network option (#1867) * Add a --network option Signed-off-by: nigel brown <nigel@stacklok.com> * Fix test: verify actual target port instead of hardcoded value The test was failing because FindOrUsePort(9000) may return a different po... push 22 Oct 2025 11:07AM UTC web-flow github
47.75
18713110720 main Hide the internal MCP optimizer group (#2282) Fix #2273 push 22 Oct 2025 10:27AM UTC web-flow github
47.8
See All Builds (1546)
  • Repo on GitHub
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2025 Coveralls, Inc