stacklok / toolhive / 19098918115 / 1
51%
main: 51%

DEFAULT BRANCH: main
Ran
Files 346
Run time 10s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 48.307% (+0.07%) from 48.235%
19098918115.1

push

github

web-flow 
Implement outgoing authentication strategies for vMCP (#2451)

* Reorganize incoming auth factory into subfolder to prevent an import cycle

Move incoming authentication factory from pkg/vmcp/auth/ to
pkg/vmcp/auth/factory/ subfolder to improve code organization.
This separates factory code from core authentication types and
middleware.

* Refactor outgoing auth to separate registry from strategy

Rename OutgoingAuthenticator to OutgoingAuthRegistry to better reflect
its responsibility as a strategy registry rather than an authenticator.

The interface now focuses solely on strategy management (registration
and retrieval), while authentication is performed directly by Strategy
implementations.

This separation improves performance by eliminating indirection in the
hot path (per-request authentication) and clarifies the single
responsibility of each component: the registry manages strategies,
strategies perform authentication.

* Add factory package to resolve auth import cycle

Introduces pkg/vmcp/auth/factory to break the circular dependency
between pkg/vmcp/auth and pkg/vmcp/auth/strategies.

The import cycle occurred because:
- auth package needed to import strategies to instantiate them
- strategies package imported auth for Identity and context helpers

The factory package sits at the composition layer and can import both
auth (for interfaces) and strategies (for implementations) without
creating cycles.

* Integrate authentication registry into HTTP backend client

Refactors HTTPBackendClient to accept an OutgoingAuthRegistry and
apply authentication strategies to all backend requests via a new
authRoundTripper middleware.

Authentication is now resolved and validated once at client creation
time rather than per-request, improving performance and enabling
early error detection for misconfigurations.

The authRoundTripper clones requests to preserve immutability before
applying authentication, ensuring thread-safety and preventing
unintended side... (continued)

21929 of 45395 relevant lines covered (48.31%)

37.28 hits per line

Source Files on job 19098918115.1