Sync 332 upstream commits from IBM/mcp-context-forge#2
Merged
CrazyDubya merged 333 commits intomainfrom Nov 15, 2025
Merged
Conversation
…BM#1010) * fix: Support Kubernetes versions with vendor suffixes in Helm chart Fixes IBM#931 by changing kubeVersion constraint from '>=1.21.0' to '>=1.21.0-0'. This allows Helm to properly handle vendor-specific version suffixes like '1.31.10-eks-931bdca' from AWS EKS and other Kubernetes distributions. The '-0' suffix tells Helm's semantic versioning parser to accept any version >= 1.21.0 including those with pre-release/build metadata suffixes. Signed-off-by: Diego Riosalido <driosalido@gmail.com> * chore: Bump chart version to 0.7.0 --------- Signed-off-by: Diego Riosalido <driosalido@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* added token scoping middleware to streamable http middleware Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * improved raising response for errors Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * updated test cases Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * minor change Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * added docstring Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> --------- Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com>
Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com>
…ation (IBM#1017) * fix: jwt audience verfication should be independent from token expiration Signed-off-by: Philip Miglinci <pmig@glasskube.com> * Rebase Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Philip Miglinci <pmig@glasskube.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
* rebase: rebased with main, fixing merge conflicts Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: plugin cleanup to support multiple external plugins. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix(lint): fixed linting issues Signed-off-by: Teryl Taylor <terylt@ibm.com> * feat(error): update error handling with enforce_ignore_error Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix(plugins): updated documentation and addressed PR comments. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix(lint): fixed linting issue Signed-off-by: Teryl Taylor <terylt@ibm.com> * feat(plugins): added initial http header hooks. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix(comments): update docstrings to fix linting. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: linting issue. Signed-off-by: Teryl Taylor <terylt@ibm.com> * feat: added hooks to the plugin manager for http pre/post header requests. Signed-off-by: Teryl Taylor <terylt@ibm.com> * feat: added tool metadata and headers to tool payloads. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: fixed model to support passing tool metadata. Signed-off-by: Teryl Taylor <terylt@ibm.com> * feat: added example header plugin for tools. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: refactored ToolMetaData, GatewayMetadata, removed http hooks, fixed test cases Signed-off-by: Teryl Taylor <terylt@ibm.com> * adding handlers for pluginerror and pluginviolationerror Signed-off-by: Shriti Priya <shritip@ibm.com> * fix for headers pydantic error in tool, plugin violation error handler Signed-off-by: Shriti Priya <shritip@ibm.com> * Error handling changes with test cases modification Signed-off-by: Shriti Priya <shritip@ibm.com> * fixing flake8 issues Signed-off-by: Shriti Priya <shritip@ibm.com> * refactored error handling in prompt and resource services, added unit tests for meta data, fixed existing tests. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: made original_name optional Signed-off-by: Teryl Taylor <terylt@ibm.com> * tests(tools): added test to check both gateway and tool metadata Signed-off-by: Teryl Taylor <terylt@ibm.com> * tests(headers): added tool header tests Signed-off-by: Teryl Taylor <terylt@ibm.com> * tests(tool_post_invoke): tests cases for tool post invoke metadata. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix(tool): check whether tools payload headers are None Signed-off-by: Teryl Taylor <terylt@ibm.com> * docs(plugins): added some documentation on the headers and meta data. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: updated error response values Signed-off-by: Teryl Taylor <terylt@ibm.com> * Rebase Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Teryl Taylor <terylt@ibm.com> Signed-off-by: Shriti Priya <shritip@ibm.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Teryl Taylor <terylt@ibm.com> Co-authored-by: Shriti Priya <shritip@ibm.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Add Dynamic Client Registration Tutorial Signed-off-by: Philip Miglinci <pmig@glasskube.com> * docs: clarify swimlane chart, remove docker compose service name Signed-off-by: Philip Miglinci <pmig@glasskube.com> * docs: extend README, update ToC Signed-off-by: Philip Miglinci <pmig@glasskube.com> * docs: add a docs sectino about dcr Signed-off-by: Philip Miglinci <pmig@glasskube.com> * Update docs for build Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Philip Miglinci <pmig@glasskube.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Jakob Steiner <jakob.steiner@glasskube.eu> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Adding config validation and startup checks Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com> * added config validation and security checks Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com> * testcases are fixed Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com> * correct pylint warnings Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com> * Rebase and change defaults to not exit app Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: rakdutta <rakhibiswas@yahoo.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
…m backend (IBM#1027) * Plugin first version Signed-off-by: popagruia <adrian.popa@ro.ibm.com> * Fixed logging Signed-off-by: popagruia <adrian.popa@ro.ibm.com> * fix: improve vault plugin implementation - Fixed linting issues (removed unused import, fixed whitespace) - Added missing __init__.py file for proper Python package structure - Fixed typos in documentation (system_tag_prefix, vault_handling) - Added vault plugin registration to plugins/config.yaml - Improved plugin description clarity * fix: improve vault plugin error handling and robustness - Added proper error handling for missing/invalid vault header - Fixed incorrect docstring (was copied from PII filter) - Added proper database session cleanup with try/finally - Added validation for oauth_config token_url field - Improved logging for debugging --------- Signed-off-by: popagruia <adrian.popa@ro.ibm.com> Co-authored-by: popagruia <adrian.popa@ro.ibm.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
* add support for application/x-www-form-urlencoded content type Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com> * url_encoded test cases update Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com> * fixing doctest Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com> * docs: add FORGE_CONTENT_TYPE environment variable to README - Document new env variable in Basic configuration section - Add usage note for URL-encoded form data support - Closes IBM#978 * rebase Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mohan Lakshmaiah <mohalaks@in.ibm.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
…nfiguration (IBM#1038) - Add global imagePullSecrets support across all deployments (mcpgateway, postgres, redis, pgadmin, redis-commander, mcp-fast-time-server, and migration job) - Fix template syntax in _helpers.tpl for fullnameOverride (add missing dash) - Add TLS configuration support to ingress with schema validation - Improve pgAdmin probe configuration with longer timeouts and delays for better stability - Update values.yaml with TLS configuration options and cert-manager annotations This enables deployment in environments requiring private registry authentication and adds support for HTTPS/TLS termination at the ingress level. Co-authored-by: Naveed, Muhammad Shahrukh [JJCUS] <mnaveed4@its.jnj.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* MCP Servers and Plugins Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Formatting Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update Readme Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update plugin Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update plugins Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update chmod Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update headers Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update headers Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
…#1023 (token refresh) (IBM#1084) * Fix oauth token multitenancy Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix oauth token multitenancy Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix oauth token multitenancy Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix oauth token multitenancy Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix oauth token multitenancy Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update alembic migration - fix 0.7.0 upgrade Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Closes IBM#1023 - implement token refresh Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Closes IBM#1023 - implement token refresh Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Documentation updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Documentation updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Test tokens Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * llms-mcp-server-python Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update MCP Servers Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update MCP Servers Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update MCP Servers Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update MCP Servers Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update MCP Servers Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update MCP Servers Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update MCP Servers Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* add form-urlencoded support for OAuth2 gateway testing Signed-off-by: Shoumi <shoumimukherjee@gmail.com> * fix flake8 Signed-off-by: Shoumi <shoumimukherjee@gmail.com> * fix formatting Signed-off-by: Shoumi <shoumimukherjee@gmail.com> * chore: apply formatting fixes from pre-commit hooks Apply black and trailing-whitespace fixes after rebase. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Shoumi <shoumimukherjee@gmail.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
…n, and Logic Cleanup (IBM#1385) * add Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * added owner Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * a2a agent tabular Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * list a2a Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * test Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * filter tag Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * description Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * fix: update A2A agents empty state colspan to match table columns The A2A agents table now has 12 columns (ID, Name, Description, Endpoint, Tags, Type, Status, Reachability, Owner, Team, Visibility, Actions), but the empty state message was still using colspan=7. This updates it to colspan=12 for proper table formatting. Also removes trailing whitespace from button element. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: rakdutta <rakhibiswas@yahoo.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
* Removes redundant base64 Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Replace PBKDF2HMAC with Argon2Id encryption Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Use Argon2id for key generation in fernet encryption Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Add docstring Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Make sso_service use fernet_encryption utl Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * wip migration script Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Fix import in alembic script Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Linting fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Move encryption from util to service Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Add missing docstrings Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * flake8 fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Handle str inputs for encryption_secret Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Update alembic down revision number Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Fix bandit --------- Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
* Initial version Signed-off-by: popagruia <adrian.popa@ro.ibm.com> * Fixed dependency of plugins enable Signed-off-by: popagruia <adrian.popa@ro.ibm.com> * Changed schema/defaults Signed-off-by: popagruia <adrian.popa@ro.ibm.com> * Fixed plugin path Signed-off-by: popagruia <adrian.popa@ro.ibm.com> * bring files from main Signed-off-by: popagruia <adrian.popa@ro.ibm.com> * Fixed rebase Signed-off-by: popagruia <adrian.popa@ro.ibm.com> * Remove uwanted default value Signed-off-by: popagruia <adrian.popa@ro.ibm.com> * fix: improve plugin config chart implementation - Add newline at end of configmap-gateway-plugin.yaml - Improve schema descriptions for pluginConfig - Restore ingress annotations field (as empty object) - Fix volumeMounts indentation in deployment - Ensure backward compatibility with existing deployments Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: popagruia <adrian.popa@ro.ibm.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: popagruia <adrian.popa@ro.ibm.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
* feat: add mcp error code to validation and plugin errors. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: documentation error. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: use JSONRPCError. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: updated doctest. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: json mcp error codes and added test cases. Signed-off-by: Teryl Taylor <terylt@ibm.com> --------- Signed-off-by: Teryl Taylor <terylt@ibm.com> Co-authored-by: Teryl Taylor <terylt@ibm.com>
Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com>
* Observability update * Observability update * Observability update * Observability update * Observability update * Observability update * Observability update * Observability update * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability updates Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Observability alembic fixes Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* refactor: refactor plugins to make them extensible. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: pylint issues Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * chore: uv lock Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * refactor: created a common directory for classes used across packages. Signed-off-by: Teryl Taylor <terylt@ibm.com> * feat: added agent hooks. Signed-off-by: Teryl Taylor <terylt@ibm.com> * refactor: plugins to support 3 hook patterns Signed-off-by: Teryl Taylor <terylt@ibm.com> * chore: fix lint issues Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * feat: add comparison function to deal with PluginCondition Signed-off-by: Teryl Taylor <terylt@ibm.com> * chore: removed unrecognized mypy option Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * fix: static type check issues Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * fix: updated schemas imports. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: doctests Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * fix: remaining doctests Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * fix: lint issues Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * chore: fix pylint issues Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * fix: pylint issues Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * fix: common validator tests Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * chore: fix flake8 issues Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * fix: correct imports for plugin framework hooks - Fix import path from mcpgateway.plugins.mcp.entities to correct location - Use ToolHookType from mcpgateway.plugins.framework.hooks.tools - Import HttpHeaderPayload from mcpgateway.plugins.framework.hooks.http - Update HookType references to ToolHookType * Fixes Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Teryl Taylor <terylt@ibm.com> Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Teryl Taylor <terylt@ibm.com> Co-authored-by: Frederico Araujo <frederico.araujo@ibm.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
* testing changes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Add JS for file validation Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * JS cleanup Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * linting fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Working till adding gateway Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Use ca cert for tool calls Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Fix health checks Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Use ca_cert in update_gateway Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Flake8 fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Linting fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Update doctest Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Add Ed25519 signing code Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Add validator for public key Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Add cert validation Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Allow multiple uploads Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * linting fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * bandit fix Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Fix some tests Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Fix test Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Fix tests Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Linting fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Fix fstring Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * eslint fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * lint-web fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Add alembic migration Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Make signing certs optional Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Update README Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Minor change to README Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Update sso_provider field validator Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Update charts Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * flake8 fix Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * flake8 fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Use Containerfile.lite in docker compose Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * checking compose upgrade for pg 18 Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Include pg_hba.conf step in upgrade Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * lint fix Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Mention about Postgres upgrade in Changelog Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Minor fix to commented alembic upgrade Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Add documentation on self signed certs Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * fix: resolve rebase conflicts and update plugin API calls - Fix imports: mcpgateway.models -> mcpgateway.common.models - Add missing ToolHookType import - Update plugin manager API: tool_pre_invoke -> invoke_hook with ToolHookType - Update plugin manager API: tool_post_invoke -> invoke_hook with ToolHookType - Update HttpHeaderPayload: headers -> root parameter - Create alembic merge migration for CA cert and observability heads - Apply pre-commit formatting fixes (trailing whitespace, tabs, encoding pragma) Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Rebase Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Coverage Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
* Adding Knative docs and files Signed-off-by: Arthur De Magalhaes <arthurdm@ca.ibm.com> * Formatting Signed-off-by: Arthur De Magalhaes <arthurdm@ca.ibm.com> * Formatting Signed-off-by: Arthur De Magalhaes <arthurdm@ca.ibm.com> --------- Signed-off-by: Arthur De Magalhaes <arthurdm@ca.ibm.com>
* prompt pagination Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * prompts pagination Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * resources Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * resources pagination Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * prompt pagination Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * initresourceselect Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * lint error fix Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * docstring Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * pylint Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * fix duplicate table heading Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * dom Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * select all Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * lint flake8 Signed-off-by: rakdutta <rakhibiswas@yahoo.com> --------- Signed-off-by: rakdutta <rakhibiswas@yahoo.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* feat: add http hooks. Signed-off-by: Teryl Taylor <terylt@ibm.com> * feat: add permissions hook for rbac. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: http payload object intialization and pylint issues Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> * docs: updated docs with new hooks and examples. Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: linting and test case issues Signed-off-by: Teryl Taylor <terylt@ibm.com> * fix: correct mock patching in HTTP auth integration test The test was trying to patch get_plugin_manager in the wrong location. Fixed to only patch mcpgateway.auth.get_plugin_manager where it's actually used. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix: move uuid import to top level and remove unnecessary else - Move uuid import from function scope to module scope - Remove unnecessary else after return in permission check logic Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix: add missing newline at end of file Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * fix: use keyword argument for HttpHeaderPayload in example plugins Change HttpHeaderPayload(headers) to HttpHeaderPayload(root=headers) to match production code pattern and satisfy pylint-pydantic. Fixes E1121 too-many-function-args errors in: - plugins/examples/custom_auth_example/custom_auth.py (2 places) - plugins/examples/simple_token_auth/simple_token_auth.py (2 places) Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Teryl Taylor <terylt@ibm.com> Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Teryl Taylor <terylt@ibm.com> Co-authored-by: Frederico Araujo <frederico.araujo@ibm.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
…ctionality, and manual refresh controls. Uses dropdown-based bulk import interface rather than modal (IBM#1393) * Enhanced with statistics display, failed tools list with copy functionality, and manual refresh controls. Uses dropdown-based bulk import interface rather than modal Signed-off-by: NAYANAR <nayana.r5@ibm.com> * changing text name Signed-off-by: NAYANAR <nayana.r5@ibm.com> * fix: correct typo in bulk import dropdown heading Changed "📊 validate Import" to "📊 Import Results" for clarity. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: NAYANAR <nayana.r5@ibm.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: NAYANAR <nayana.r5@ibm.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
* Update dependencies Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Bump version to 0.9.0 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Bump version to 0.9.0 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Fix select all in add server Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Add pagination in edit server Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * lint-web fixes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>
* fix: resolve Helm chart configuration validation errors This commit fixes three configuration validation issues in the Helm chart introduced in PR IBM#1400: 1. OBSERVABILITY_EXCLUDE_PATHS: Changed from comma-separated string to JSON array format to match Pydantic List[str] type expectations - Before: "/health,/healthz,/ready,/metrics,/static/.*" - After: '["\/health", "\/healthz", "\/ready", "\/metrics", "\/static\/.*"]' - Error fixed: json.decoder.JSONDecodeError and pydantic_settings.SettingsError 2. PLUGINS_CLI_MARKUP_MODE: Set default value to "rich" instead of empty string to satisfy Pydantic Literal type validation - Before: "" - After: "rich" - Valid options: "markdown", "rich", "disabled", or None - Error fixed: pydantic_core._pydantic_core.ValidationError 3. fast-time-server version: Updated to latest stable release - Before: "0.9.0" - After: "0.8.0" These changes prevent validation errors during application startup when deploying via Helm. Signed-off-by: ppippi <wjdqlsdlsp@naver.com> Signed-off-by: ppippi-dev <wjdqlsdlsp@naver.com> * 0.9.0 tag Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: ppippi <wjdqlsdlsp@naver.com> Signed-off-by: ppippi-dev <wjdqlsdlsp@naver.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
…Response (IBM#1412) * streamblehttp output_schema Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * primitive_types Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * primitive Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * mcp-structure Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * output_schema Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * flake Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * test Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * ruff Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * remove logging Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * invoke_hook Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * plugging response Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * plugging Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * refactor: improve structured content handling and code quality - Change verbose info logging to debug level for tool responses to reduce production log noise while maintaining debug capability - Remove redundant isinstance check in plugin response handling - Add comprehensive docstring explaining structured content return types and MCP SDK behavior in call_tool function - Add test case for structured content validation with tuple returns - Improve code maintainability and documentation clarity These changes enhance code quality without altering functionality, improving pylint score from 9.64 to 9.77. Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: rakdutta <rakhibiswas@yahoo.com> Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: ramcysiddique <ramcy.siddique@ibm.com>
* Minor change to notes Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * add minio Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * remove my-values Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Backup to minio and restore from there Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Almost there Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Removed redundant job Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Update postgres version in docker compose Signed-off-by: Madhav Kandukuri <madhav165@gmail.com> * Move file to docs Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>
…ditions (IBM#1424) * imporved duplicated gateway check Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * error message changes Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * check gateway uniqueness while updating too Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * linting Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * code linting Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * added alembic migration script for removal of url uniquess constraint Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * lints Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * updated doctest Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * updated test cases Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * removed ununsed import Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * updated docstring Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> --------- Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com>
* Utils test case update Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com> * Utils and catalog test case updates Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com> * Test case update for utils Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com> --------- Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com> Co-authored-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
…r STREAMABLEHTTP transport (IBM#1425) * debug Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * redirect -steamblehttp Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * remove addtional line Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * test Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * validate gateway Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * ruff Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * add doctring and doctest in observability.py Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * ruff Signed-off-by: rakdutta <rakhibiswas@yahoo.com> * flake8 Signed-off-by: rakdutta <rakhibiswas@yahoo.com> --------- Signed-off-by: rakdutta <rakhibiswas@yahoo.com>
* Single auth use option Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * one time authentication checkbox added Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * configure edit form with one time checkbox Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * update gateway configuration changes for onetimeauth Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * save auth_type for one time auth Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * skip health checks for one time auth gateways Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * linting Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * added docs for one time auth usage with passthrough headers Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * added ard document Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> * minor doc update Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com> --------- Signed-off-by: Keval Mahajan <mahajankeval23@gmail.com>
Merged 332 commits from upstream with significant changes: - Enhanced plugin architecture and OPA policy enforcement - Multi-tenancy and RBAC improvements - OAuth2 and JWT security enhancements - Multiple new MCP servers and features - UI improvements and bug fixes Conflicts resolved by accepting upstream changes for core application files. Documentation enhancements from fork preserved where non-conflicting.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
Comment on lines
186
to
191
| async def shutdown(self) -> None: | ||
| """Shutdown all plugins.""" | ||
| for plugin_ref in self._plugins.values(): | ||
| # Must cleanup the plugins in reverse of creating them to handle asyncio cleanup issues. | ||
| # https://github.com/microsoft/semantic-kernel/issues/12627 | ||
| for plugin_ref in reversed(self._plugins.values()): | ||
| try: |
There was a problem hiding this comment.
Reverse plugin shutdown incorrectly uses dict_values
The new shutdown logic now does for plugin_ref in reversed(self._plugins.values()), but dict_values does not implement __reversed__ and raises TypeError: 'dict_values' object is not reversible. Any call to PluginInstanceRegistry.shutdown() will therefore fail before executing plugin cleanup or clearing internal registries. Wrap the values in a list before reversing (or iterate over a list copy) so shutdown completes without exceptions.
Useful? React with 👍 / 👎.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Major upstream sync bringing in extensive changes:
Security & Auth:
Plugin Architecture:
Features:
Infrastructure:
Conflicts resolved by accepting upstream changes for core application files. Documentation enhancements preserved where compatible.