stacklok / toolhive / 26472499695 / 1
66%
main: 66%

DEFAULT BRANCH: main
Ran
Files 738
Run time 28s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 65.914% (+0.02%) from 65.894%
26472499695.1

push

github

web-flow 
Wire CIMD config through embedded AS and enable storage decorator (#5348)

* Wire CIMD config through embedded AS and enable storage decorator

Phase 2 PR 3 — config threading and server wiring.

Config chain: RunConfig.CIMD → Config.CIMD* → AuthorizationServerParams
→ AuthorizationServerConfig → discovery handler.

Changes:
- config.go: add CIMDRunConfig struct and CIMD* fields to Config;
  defaults (256 entries, 5 min fallback TTL) applied in applyDefaults();
  validation (cacheMaxSize >= 1 when enabled) in Validate()
- runner/embeddedauthserver.go: add resolveCIMDConfig helper to unpack
  nullable *CIMDRunConfig; populate Config.CIMD* from RunConfig.CIMD
- server/provider.go: add CIMDEnabled to AuthorizationServerParams and
  AuthorizationServerConfig; wire through NewAuthorizationServerConfig
- server_impl.go: wrap storage with CIMDStorageDecorator when enabled
  (after legacy migration, before createProvider — decorator must be in
  place before fosite holds a reference to the storage instance);
  pass CIMDEnabled to AuthorizationServerParams
- server/handlers/discovery.go: set ClientIDMetadataDocumentSupported
  in buildOAuthMetadata() — both OAuth AS and OIDC discovery endpoints
  advertise CIMD support when enabled

CIMD is opt-in (disabled by default) to avoid introducing outbound
HTTPS fetching in existing deployments without explicit operator action.

Relates to #4825

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>

* Address PR review feedback on CIMD wiring and add missing tests

- Fix CacheFallbackTTL comment to say it is a fixed TTL (not fallback);
  matches the fix already applied in PR #5343
- Add TODO(cimd) comment above CIMDRunConfig noting the CRD exposure gap
- Add discovery handler tests: CIMDEnabled=true advertises the flag,
  CIMDEnabled=false omits it, for both AS metadata and OIDC endpoints
- Add config defaults tests: CIMDEnabled=true fills in cache size/TTL
  defaults; CIMDEnabled=false leaves zero f... (continued)

65395 of 99212 relevant lines covered (65.91%)

60.59 hits per line

Source Files on job 26472499695.1