stacklok / toolhive / 26814807150 / 1
66%
main: 66%

DEFAULT BRANCH: main
Ran
Files 745
Run time 25s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 65.939% (-0.02%) from 65.957%
26814807150.1

push

github

web-flow 
Bind vMCP sessions to OIDC identity, not raw token bytes (#5378)

* Add pkg/vmcp/session/binding leaf package

The vMCP session-binding format needs to be parsed and produced in two
places: pkg/vmcp/session/types (from ShouldAllowAnonymous) and
pkg/vmcp/session/internal/security (from BindSession / validateCaller).
A private helper in each would drift over time, so this commit
introduces a single-owner leaf package.

Format encodes a bound identity as iss + "\x00" + sub, rejecting empty
halves and stray NULs. Parse mirrors Format strictly — including
rejecting trailing NULs in the sub half so values that did not pass
through Format (e.g. direct writes to Redis) fail loudly. A literal
"unauthenticated" sentinel covers sessions created without an
authenticated identity.

No callers wired yet — those land in the next commits.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

* Add MetadataKeyIdentityBinding key and tighten ShouldAllowAnonymous

The hijack-prevention decorator needs a stable per-identity key in
session metadata. Add MetadataKeyIdentityBinding alongside the existing
token-hash keys (the legacy keys stay temporarily so already-running
sessions can be invalidated cleanly during the migration; final removal
happens in the operator-side follow-up).

ShouldAllowAnonymous treated every empty-token identity as anonymous,
which lumped LocalUserMiddleware identities into the same equivalence
class even when they carried distinct (iss, sub) claims — letting one
local user reuse another's session ID. Tighten the rule so any identity
with a valid (iss, sub) pair from Claims goes through the bound path,
even when Token is empty. Pull iss and sub from Identity.Claims rather
than Identity.Subject so the introspection path and the JWT path
canonicalize against the same source.

Fail-closed on non-string iss/sub claims: a misbehaving validator that
stores a numeric or array value is treated as bound (not anonymous),
with a WARN logged so the misbeh... (continued)

65930 of 99987 relevant lines covered (65.94%)

63.82 hits per line

Source Files on job 26814807150.1