Skip to content

Issue 540: Configurable Well-Known URI Handler#770

Merged
crivetimihai merged 1 commit intomainfrom
540-well-known
Aug 17, 2025
Merged

Issue 540: Configurable Well-Known URI Handler#770
crivetimihai merged 1 commit intomainfrom
540-well-known

Conversation

@crivetimihai
Copy link
Copy Markdown
Member

@crivetimihai crivetimihai commented Aug 17, 2025
edited
Loading

PR: Implement Configurable Well-Known URI Handler

Summary

This PR implements a comprehensive well-known URI handler for MCP Gateway, providing RFC-compliant support for standard well-known URIs including robots.txt, security.txt, and custom well-known files. The implementation follows security-first principles with defaults appropriate for private API gateway deployments.

Closes: #540

🎯 Implementation Overview

Core Features

  • Flexible /.well-known/* endpoint handler supporting standard and custom URIs
  • robots.txt support with security-conscious defaults (blocks all crawlers by default)
  • security.txt support with RFC 9116 compliance and automatic validation
  • Custom well-known files via JSON configuration (ai.txt, dnt-policy.txt, etc.)
  • Admin monitoring endpoint for configuration visibility (/admin/well-known)
  • Configurable caching for performance optimization
  • Security-first defaults appropriate for private API deployments

📁 File Changes

🆕 New Files

mcpgateway/routers/well_known.py (New - 157 lines)

  • Purpose: FastAPI router handling all /.well-known/* endpoints
  • Key Components:
    • WELL_KNOWN_REGISTRY: Registry of known well-known URIs with metadata
    • validate_security_txt(): RFC 9116 compliance validation with auto-enhancement
    • get_well_known_file(): Main endpoint handler with security defaults
    • get_well_known_status(): Admin endpoint for configuration monitoring

Implementation Highlights:

# Security-first default robots.txt
if filename == "robots.txt":
    headers = {**common_headers, "X-Robots-Tag": "noindex, nofollow"}
    return PlainTextResponse(content=settings.well_known_robots_txt, ...)

# RFC 9116 compliant security.txt with validation
elif filename == "security.txt":
    content = validate_security_txt(settings.well_known_security_txt)
    # Auto-adds Expires header if missing, validates format

tests/unit/mcpgateway/test_well_known.py (New - 130 lines)

  • Purpose: Comprehensive test coverage for well-known URI functionality
  • Test Classes:
    • TestWellKnownEndpoints: Integration tests for HTTP endpoints
    • TestSecurityTxtValidation: Unit tests for RFC 9116 validation
    • TestWellKnownRegistry: Tests for well-known URI registry

Test Coverage:

  • Default robots.txt behavior
  • security.txt validation and auto-enhancement
  • Custom file serving via JSON configuration
  • 404 handling for unknown/unconfigured files
  • Path normalization and security
  • Admin endpoint authentication and responses

.env.example (New - 166 lines)

  • Purpose: Complete environment variable documentation and examples
  • Sections:
    • Well-known URI configuration with examples
    • Security considerations for different deployment types
    • Multi-environment configuration patterns

docs/docs/manage/well-known-uris.md (New - 250+ lines)

  • Purpose: Comprehensive user guide for well-known URI configuration
  • Content: Configuration examples, security considerations, deployment patterns, troubleshooting

docs/docs/architecture/adr/015-well-known-uri-handler.md (New - 250+ lines)

  • Purpose: Architecture Decision Record documenting design decisions
  • Content: Context, decision rationale, alternatives considered, consequences

🔧 Modified Files

mcpgateway/config.py (Modified)

Lines 401-427: Added well-known URI configuration section

# ===================================
# Well-Known URI Configuration  
# ===================================

well_known_enabled: bool = True
well_known_robots_txt: str = """User-agent: *
Disallow: /

# MCP Gateway is a private API gateway
# Public crawling is disabled by default"""

well_known_security_txt: str = ""
well_known_security_txt_enabled: bool = False
well_known_custom_files: str = "{}"
well_known_cache_max_age: int = 3600

Lines 466-492: Added configuration parsing methods

  • custom_well_known_files property: Parses JSON custom files safely
  • _auto_enable_security_txt() validator: Auto-enables security.txt when content provided

mcpgateway/main.py (Modified)

Line 66: Added well-known router import

from mcpgateway.routers.well_known import router as well_known_router

Line 3012: Integrated well-known router into FastAPI app

app.include_router(well_known_router)

docs/docs/manage/securing.md (Modified)

Lines 124-145: Added well-known URI security section

  • Security considerations for private vs public APIs
  • Configuration examples for different deployment scenarios
  • Security checklist items for well-known URI management

docs/docs/manage/index.md (Modified)

Line 18: Added well-known URIs to management documentation table

| [Well-Known URIs](well-known-uris.md) | Configure robots.txt, security.txt, and custom well-known files |

docs/docs/architecture/adr/index.md (Modified)

Line 18: Added ADR-015 to architecture decisions table

| 0015  | Configurable Well-Known URI Handler               | Accepted  | Security       | 2025-08-17  |

🔒 Security Implementation Details

Security-First Design Decisions

  1. Private API Defaults: robots.txt blocks all crawlers by default

    User-agent: *
Disallow: /
# MCP Gateway is a private API gateway

  2. RFC 9116 Compliance: security.txt validation ensures standards compliance

    • Auto-adds Expires header (6 months) if missing
    • Validates required fields
    • Adds generation timestamp comments

  3. Controlled Information Disclosure: Only serves explicitly configured content

    • No dynamic content generation
    • Helpful 404 messages for known but unconfigured files
    • Admin endpoint requires authentication

  4. Proper HTTP Headers:

    • X-Robots-Tag: noindex, nofollow for robots.txt
    • Cache-Control headers for performance
    • Appropriate Content-Type for each file type

Configuration Security

  • JSON Validation: Custom files parsed safely with error handling
  • Path Normalization: Prevents directory traversal attacks
  • Content Validation: security.txt format validation prevents malformed files
  • Authentication: Admin endpoints protected with JWT authentication

🧪 Testing Strategy

Test Coverage (11 tests, all passing)

  1. Endpoint Integration Tests:

    • Default robots.txt serving and headers
    • security.txt 404 when not configured
    • Unknown file 404 handling
    • Path normalization (handles // in paths)
    • Helpful error messages for known but unconfigured files

  2. Validation Unit Tests:

    • security.txt empty content handling
    • Automatic Expires header addition
    • Preservation of existing Expires headers
    • Comment preservation in security.txt

  3. Registry Tests:

    • Well-known URI registry completeness
    • Content-Type mappings
    • Standard file definitions

Quality Assurance

  • Code Coverage: 67% coverage for new well_known.py router
  • Linting: flake8, pylint (10.00/10), isort, black all pass
  • Integration: Full test suite passes (1954/1954 tests)
  • Standards Compliance: RFC 8615, RFC 9116, RFC 9309 compliant

🚀 Usage Examples

Quick Start (Private API - Default)

# Default configuration blocks all crawlers
curl https://api.example.com/.well-known/robots.txt
# Returns: User-agent: *\nDisallow: /

Security Contact Configuration

export WELL_KNOWN_SECURITY_TXT="Contact: mailto:security@example.com\nExpires: 2025-12-31T23:59:59Z"
curl https://api.example.com/.well-known/security.txt
# Returns: RFC 9116 compliant security.txt with auto-generated headers

Custom Policy Files

export WELL_KNOWN_CUSTOM_FILES='{"ai.txt": "AI Usage: Tool orchestration only"}'
curl https://api.example.com/.well-known/ai.txt
# Returns: AI Usage: Tool orchestration only

Configuration Monitoring

curl -H "Authorization: Bearer $TOKEN" https://api.example.com/admin/well-known
# Returns: JSON with enabled files, supported types, cache settings

🏗️ Architecture Decisions

Router-Based Design

  • Dedicated router: Clean separation of concerns
  • Single endpoint: /.well-known/{filename:path} handles all requests
  • Registry pattern: Centralized metadata for known well-known URIs
  • Dependency injection: Follows FastAPI patterns for authentication

Configuration-Driven Content

  • Environment variables: Standard configuration pattern
  • JSON custom files: Flexible format for additional well-known files
  • Auto-validation: security.txt automatically enhanced for RFC compliance
  • Property methods: Clean access to parsed configuration

Security Considerations

  • No authentication required: Well-known URIs are public by design (RFC 8615)
  • Content validation: Prevents serving malformed security.txt
  • Path normalization: Protects against directory traversal
  • Information control: Only serves explicitly configured content

🔍 Code Review Notes

Key Implementation Patterns

  1. Error Handling: Descriptive 404 messages for known but unconfigured files

    if filename in WELL_KNOWN_REGISTRY:
    raise HTTPException(
        status_code=404,
        detail=f"{filename} is not configured. "
               f"This is a {WELL_KNOWN_REGISTRY[filename]['description']} file."
    )

  2. Header Management: Consolidated header handling with PlainTextResponse

    common_headers = {"Cache-Control": f"public, max-age={settings.well_known_cache_max_age}"}
headers = {**common_headers, "X-Robots-Tag": "noindex, nofollow"}
return PlainTextResponse(content=content, headers=headers)

  3. Validation Pattern: RFC compliance with backward compatibility

    def validate_security_txt(content: str) -> Optional[str]:
    # Add Expires if missing, preserve existing content
    # Add header comments for clarity

Configuration Design

  1. Security-First Defaults:

    • robots.txt blocks all crawlers (appropriate for private API)
    • security.txt disabled unless explicitly configured
    • Well-known endpoints can be completely disabled

  2. Flexible Customization:

    • JSON format for custom files allows complex content
    • Configurable cache headers for performance tuning
    • Property methods provide clean access to parsed configuration

🐛 Edge Cases Handled

  • Empty/None content: security.txt validation handles empty strings gracefully
  • JSON parsing errors: Custom files parsing with error logging and fallback
  • Path normalization: Strips leading slashes to prevent path issues
  • Missing Expires: Auto-adds RFC-required Expires header to security.txt
  • Content validation: Ensures security.txt format compliance
  • Authentication errors: Proper error handling for admin endpoints

🔄 Migration/Backward Compatibility

  • Zero breaking changes: All new configuration with safe defaults
  • Optional feature: Well-known URIs can be disabled via WELL_KNOWN_ENABLED=false
  • Default behavior: Secure robots.txt enabled by default (appropriate for private APIs)
  • Graceful degradation: Missing configuration results in 404, not errors

📊 Performance Impact

  • Minimal overhead: Simple string serving with configurable caching
  • Cache headers: Reduces server load for frequently accessed files
  • No database queries: All content served from configuration
  • Efficient routing: Single endpoint handles all well-known requests

🔗 Standards Compliance

  • RFC 8615: Well-Known Uniform Resource Identifiers
  • RFC 9116: security.txt specification
  • RFC 9309: Robots Exclusion Protocol
  • IANA Registry: Follows well-known URI registry patterns

📝 Documentation Updates

  • ADR-015: Complete architecture decision record
  • Management Guide: New well-known-uris.md with comprehensive configuration guide
  • Security Documentation: Updated securing.md with well-known URI security considerations
  • Configuration Examples: Complete .env.example with all well-known settings
  • Index Updates: Added to management and ADR indexes

✅ Verification Checklist

  • Functionality: All endpoints working correctly
  • Standards: RFC 8615, RFC 9116, RFC 9309 compliant
  • Security: Security-first defaults, proper validation
  • Testing: 11 tests passing, full integration tests pass
  • Documentation: Comprehensive guides and ADR created
  • Code Quality: flake8, pylint (10.00/10), formatting clean
  • Configuration: Complete .env.example with examples
  • Integration: Router properly integrated into main FastAPI app
  • Error Handling: Proper 404s, helpful error messages
  • Performance: Configurable caching, minimal overhead

🚀 Ready for Review

This implementation provides a production-ready, standards-compliant well-known URI handler with security-first defaults and comprehensive configuration options. The feature is fully tested, documented, and ready for deployment.

Next Steps After Merge

  1. Update deployment documentation with well-known URI examples
  2. Consider adding Prometheus metrics for well-known endpoint usage
  3. Monitor production usage patterns for cache tuning opportunities

Closes #540

@crivetimihai
Well known
5891745 
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
@crivetimihai crivetimihai self-assigned this Aug 17, 2025
@crivetimihai crivetimihai marked this pull request as ready for review August 17, 2025 23:33
@crivetimihai crivetimihai merged commit a30aa41 into main Aug 17, 2025
37 checks passed
@crivetimihai crivetimihai deleted the 540-well-known branch August 17, 2025 23:33
rakdutta pushed a commit to rakdutta/mcp-context-forge that referenced this pull request Aug 19, 2025
@crivetimihai @rakdutta1
Well known (IBM#770)
67390a7 
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
madhav165 pushed a commit that referenced this pull request Aug 20, 2025
@crivetimihai @madhav165
Well known (#770)
fb13d0a 
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
crivetimihai added a commit that referenced this pull request Aug 20, 2025
@rakdutta @rakdutta1
@crivetimihai @imolloy @madhav165 @vinodmut @vk-playground @araujof @nmveeresh @shoummu1 @MohanLaksh @MohanLakshmaiah @shams858 @claude
Fix Tool Edit Screen: Field Mapping Consistency and Custom Tool Namin…
df217a1 
…g Implementation (#786)

* db.py update

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* doc test

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert alembic with main version

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* 138 view realtime logs in UI and export logs (CSV, JSON) (#747)

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI readme

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update logging flake8

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update logging flake8

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* test coverage

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* test coverage

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix download

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 749 reverse proxy (#750)

* Fix download

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* doctest improvements

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* (fix) Added missing prompts/get (#748)

Signed-off-by: Ian Molloy <molloyim@us.ibm.com>

* Adds RPC endpoints and updates RPC response and error handling (#746)

* Fix rpc endpoints
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Remove commented code
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* remove duplicate code in session registry

Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Linting fixes
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Fix tests
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

---------

Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* 753 fix tool invocation invalid method (#754)

* Fix tool invocation 'Invalid method' error with backward compatibility (#753)

- Add backward compatibility for direct tool invocation (pre-PR #746 format)
- Support both old format (method=tool_name) and new format (method=tools/call)
- Add comprehensive test coverage for RPC tool invocation scenarios
- Ensure graceful fallback to gateway forwarding when method is not a tool

The RPC endpoint now handles tool invocations in both formats:
1. New format: method='tools/call' with name and arguments in params
2. Old format: method='tool_name' with params as arguments (backward compat)

This maintains compatibility with existing clients while supporting the new
standardized RPC method structure introduced in PR #746.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix flake8 E722: Replace bare except with Exception

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: suppress bandit security warnings with appropriate nosec comments (#755)

- Added nosec B105 for ENV_TOKEN as it's an environment variable name, not a hardcoded secret
- Added nosec B110 for intentional exception swallowing in cleanup/error handling paths
- Both cases are legitimate uses where errors should be silently ignored to prevent cascading failures

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add agents file

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* pylint (#759)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Remove redundant title in readme. (#757)

Signed-off-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>

* Update documentation with fixed image tag

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 256 fuzz testing (#760)

* Implement comprehensive fuzz testing automation (#256)

- Add property-based testing with Hypothesis for JSON-RPC, JSONPath, and schema validation
- Add coverage-guided fuzzing with Atheris for deep code path exploration
- Add API endpoint fuzzing with Schemathesis for contract validation
- Add security-focused testing for vulnerability discovery (SQL injection, XSS, etc.)
- Add complete Makefile automation with fuzz-all, fuzz-quick, fuzz-extended targets
- Add optional [fuzz] dependency group in pyproject.toml for clean installation
- Add comprehensive reporting with JSON/Markdown outputs and executive summaries
- Add complete developer documentation with examples and troubleshooting guides
- Exclude fuzz tests from main test suite to prevent auth failures
- Found multiple real bugs in JSON-RPC validation during development

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 344 cors security headers (#761)

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS ADRs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix compose

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update helm chart

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Bulk Import Tools modal wiring #737 (#739)

* feat: Bulk Import Tools modal wiring and backend implementation

- Add modal UI in admin.html with bulk import button and dialog
- Implement modal open/close/ESC functionality in admin.js
- Add POST /admin/tools/import endpoint with rate limiting
- Support both JSON textarea and file upload inputs
- Validate JSON structure and enforce 200 tool limit
- Return detailed success/failure information per tool
- Include loading states and comprehensive error handling

Refs #737

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate admin_import_tools function and fix HTML formatting

- Remove duplicate admin_import_tools function definition
- Fix HTML placeholder attribute to use double quotes
- Add missing closing div tag
- Fix flake8 blank line issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Complete bulk import backend with file upload support and enhanced docs

- Add file upload support to admin_import_tools endpoint
- Fix response format to match frontend expectations
- Add UI usage documentation with modal instructions
- Update API docs to show all three input methods
- Enhance bulk import guide with UI and API examples

Backend improvements:
- Support tools_file form field for JSON file uploads
- Proper file content parsing with error handling
- Response includes imported/failed counts and details
- Frontend-compatible response format for UI display

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Bulk import

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove conflicting inline script and fix bulk import functionality

- Remove conflicting inline JavaScript that was preventing form submission
- Fix indentation in setupBulkImportModal function
- Ensure bulk import modal uses proper admin.js implementation
- Restore proper form submission handling for bulk import

This fixes the issue where bulk import appeared to do nothing.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Integrate bulk import setup with main initialization

- Add setupBulkImportModal() to main initialization sequence
- Remove duplicate DOMContentLoaded listener
- Ensure bulk import doesn't interfere with other tab functionality

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: JavaScript formatting issues in bulk import modal

- Fix multiline querySelector formatting
- Fix multiline Error constructor formatting
- Ensure prettier compliance for web linting

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* debug: Temporarily disable bulk import setup to test tabs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate setupFormValidation call and delay bulk import setup

- Remove duplicate setupFormValidation() call that could cause conflicts
- Use setTimeout to delay bulk import modal setup after other initialization
- Add better null safety to form element queries
- This should fix tab switching issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Restore proper initialization sequence for tab functionality

- Remove setTimeout delay for bulk import setup
- Keep bulk import setup in main initialization but with error handling
- Ensure tab navigation isn't affected by bulk import modal setup

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Correct HTML structure and restore tab navigation

- Move bulk import modal to correct location after tools panel
- Remove extra closing div that was breaking HTML structure
- Ensure proper page-level modal placement
- Restore tab navigation functionality for all tabs

This fixes the broken Global Resources, Prompts, Gateways, Roots, and Metrics tabs.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Add configurable bulk import settings

Configuration additions:
- MCPGATEWAY_BULK_IMPORT_MAX_TOOLS (default: 200)
- MCPGATEWAY_BULK_IMPORT_RATE_LIMIT (default: 10)

Implementation:
- config.py: Add new settings with defaults
- admin.py: Use configurable rate limit and batch size
- .env.example: Document all bulk import environment variables
- admin.html: Use dynamic max tools value in UI text
- CLAUDE.md: Document configuration options for developers
- docs: Update bulk import guide with configuration details

This makes bulk import fully configurable for different deployment scenarios.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* Implemented configuration export (#764)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 185 186 import export (#769)

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: local network address translation in discovery module (#767)

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* Well known (#770)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs with jsonrpc tutorial (#772)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 137 metadata timestamps (#776)

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Security headers CSP

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Display metadata for resources
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* eslint fix
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Madhav Kandukuri <madhav165@gmail.com>

* feat #262: MCP Langchain Agent (#781)

* feat: Add bulk import UI modal for tools

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

* feat: Add Langchain agent with OpenAI & A2A endpoints (refs #262)

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

* lint: prettier fix at ~L8090 (insert newline)

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

---------

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>
Co-authored-by: Vicky <vicky.kuo.contact@gmail.com>

* Cleanup pr

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Cleanup pr

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Issue 587/rest tool error (#778)

* added params extraction from url logic

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>

* added params extraction from url logic

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>

* Rebase and lint / test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* edit column header (#777)

Signed-off-by: Shoumi <shoumimukherjee@gmail.com>

* Test case update (#775)

* session_registry test case updates

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* test case update for routers/reverse_proxy

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* test case update to mcpgateway/reverse_proxy.py

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* Fix formatting issues from pre-commit hooks

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: add plugins cli, external plugin support, plugin template (#722)

* feat: add support for external plugins

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat(plugins): add external mcp server and associated test cases.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* fix(lint): fixed yamllint issues

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* fix(lint): fixed flake8 issue.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat: define plugins cli and implement bootstrap command

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: implement install and package CLI commands

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: remote avoid insecure shell=True in subprocess invocation

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add external plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: move copier config to repository root

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update copier template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: get default author from git config

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update copier settings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: copier config syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add external plugin template modules

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: template syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: template syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: make template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: fix template issue

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: toml template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugin mcp server initialization

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: init module for plugin framework

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add chuck runtime and container wrapping

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: makefile template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugins config path

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add .env.template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add tools and resources support

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: lint yaml

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: cleanups

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update manifest.in

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: linting

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugin config variable

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix(tests): fixed doctests for plugins.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* refactor: external plugin server and plugin external API

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs(plugins): removed subpackages from examples

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* docs: update plugin docs to use public framework API

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix(plugin): added resource payloads to base plugin.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat: udpate test templates

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update test templates

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update tempalte makefile

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add template for native plugin

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add readme for native template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: force boostrap to be a subcommnand

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests(plugin): added http streamable and error tests.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* tests: add tests for plugins CLI

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: deprecation warning

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: add CLI tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: update plugin cli

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests(plugins): added client hook tests for external plugins.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* chore: update template readmes

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: lint docstrings in cli

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint errors in docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint errors

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: add external plugin server tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: cleanup

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: add missing docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: add missing docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: fix cli dryrun test

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint issues

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: fix teardown of client http tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: skipping flaky tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: plugin lifecycle tools

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: add missing plugin lifecycle doc

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Teryl Taylor <terylt@ibm.com>
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Teryl Taylor <terylt@ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Experimental Oauth 2.0 support in gateway (#768)

* Oauth 2.1 design

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* oauth 2.0 design

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Support for oauth auth type in gateway

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Decrypt client secret

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* authorization code flow, token storage, tool fetching, tool calling with Oauth2.0

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* test fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* 256 fuzz testing (#760)

* Implement comprehensive fuzz testing automation (#256)

- Add property-based testing with Hypothesis for JSON-RPC, JSONPath, and schema validation
- Add coverage-guided fuzzing with Atheris for deep code path exploration
- Add API endpoint fuzzing with Schemathesis for contract validation
- Add security-focused testing for vulnerability discovery (SQL injection, XSS, etc.)
- Add complete Makefile automation with fuzz-all, fuzz-quick, fuzz-extended targets
- Add optional [fuzz] dependency group in pyproject.toml for clean installation
- Add comprehensive reporting with JSON/Markdown outputs and executive summaries
- Add complete developer documentation with examples and troubleshooting guides
- Exclude fuzz tests from main test suite to prevent auth failures
- Found multiple real bugs in JSON-RPC validation during development

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 344 cors security headers (#761)

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS ADRs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix compose

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update helm chart

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* feat: Bulk Import Tools modal wiring #737 (#739)

* feat: Bulk Import Tools modal wiring and backend implementation

- Add modal UI in admin.html with bulk import button and dialog
- Implement modal open/close/ESC functionality in admin.js
- Add POST /admin/tools/import endpoint with rate limiting
- Support both JSON textarea and file upload inputs
- Validate JSON structure and enforce 200 tool limit
- Return detailed success/failure information per tool
- Include loading states and comprehensive error handling

Refs #737

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate admin_import_tools function and fix HTML formatting

- Remove duplicate admin_import_tools function definition
- Fix HTML placeholder attribute to use double quotes
- Add missing closing div tag
- Fix flake8 blank line issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Complete bulk import backend with file upload support and enhanced docs

- Add file upload support to admin_import_tools endpoint
- Fix response format to match frontend expectations
- Add UI usage documentation with modal instructions
- Update API docs to show all three input methods
- Enhance bulk import guide with UI and API examples

Backend improvements:
- Support tools_file form field for JSON file uploads
- Proper file content parsing with error handling
- Response includes imported/failed counts and details
- Frontend-compatible response format for UI display

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Bulk import

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove conflicting inline script and fix bulk import functionality

- Remove conflicting inline JavaScript that was preventing form submission
- Fix indentation in setupBulkImportModal function
- Ensure bulk import modal uses proper admin.js implementation
- Restore proper form submission handling for bulk import

This fixes the issue where bulk import appeared to do nothing.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Integrate bulk import setup with main initialization

- Add setupBulkImportModal() to main initialization sequence
- Remove duplicate DOMContentLoaded listener
- Ensure bulk import doesn't interfere with other tab functionality

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: JavaScript formatting issues in bulk import modal

- Fix multiline querySelector formatting
- Fix multiline Error constructor formatting
- Ensure prettier compliance for web linting

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* debug: Temporarily disable bulk import setup to test tabs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate setupFormValidation call and delay bulk import setup

- Remove duplicate setupFormValidation() call that could cause conflicts
- Use setTimeout to delay bulk import modal setup after other initialization
- Add better null safety to form element queries
- This should fix tab switching issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Restore proper initialization sequence for tab functionality

- Remove setTimeout delay for bulk import setup
- Keep bulk import setup in main initialization but with error handling
- Ensure tab navigation isn't affected by bulk import modal setup

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Correct HTML structure and restore tab navigation

- Move bulk import modal to correct location after tools panel
- Remove extra closing div that was breaking HTML structure
- Ensure proper page-level modal placement
- Restore tab navigation functionality for all tabs

This fixes the broken Global Resources, Prompts, Gateways, Roots, and Metrics tabs.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Add configurable bulk import settings

Configuration additions:
- MCPGATEWAY_BULK_IMPORT_MAX_TOOLS (default: 200)
- MCPGATEWAY_BULK_IMPORT_RATE_LIMIT (default: 10)

Implementation:
- config.py: Add new settings with defaults
- admin.py: Use configurable rate limit and batch size
- .env.example: Document all bulk import environment variables
- admin.html: Use dynamic max tools value in UI text
- CLAUDE.md: Document configuration options for developers
- docs: Update bulk import guide with configuration details

This makes bulk import fully configurable for different deployment scenarios.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Implemented configuration export (#764)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* cleanup

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* cleanup

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* ruff fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fix flake8 errors

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fix eslint errors

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* aiohttp added in the main dependencies section of pyproject.toml

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix Alembic multiple heads issue

Create merge migration to resolve parallel migration chains:
- Main branch migrations (34492f99a0c4)
- OAuth branch migrations (add_oauth_tokens_table)

This resolves CI/CD test failures caused by Alembic not knowing
which migration head to follow during 'alembic upgrade head'.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix Alembic migration chain - remove merge migration hack

- Remove unnecessary merge migration file (813b45a70b53)
- Fix OAuth config migration to follow proper chain (f8c9d3e2a1b4 → 34492f99a0c4)
- OAuth tokens migration already correctly follows (add_oauth_tokens_table → f8c9d3e2a1b4)
- Now single migration head without parallel branches

This eliminates the 'Multiple heads are present' error in CI/CD tests
by ensuring migrations follow a linear chain instead of creating
parallel migration branches that need artificial merge migrations.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: VK <90204593+vk-playground@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

* Fix pre-commit hooks

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 744 annotations (#784)

* Fix annotations edit

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix annotations edit

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: plugins template (#783)

* feat: update context forge target in template's project dependencies

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: exclude jinja files from reformatting tabs

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugins cli defaults

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: revert formatted Makefile template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add optional packages

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: update plugin template docs

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: update template readme

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

---------

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* doc test

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* web lint

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake8 fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert with main

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert with main

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic change

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake8 fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* remove addtional line

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* Rebase and fix

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Ian Molloy <molloyim@us.ibm.com>
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>
Signed-off-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>
Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>
Signed-off-by: Shoumi <shoumimukherjee@gmail.com>
Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Signed-off-by: Teryl Taylor <terylt@ibm.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: RAKHI DUTTA <rakdutta@in.ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Ian Molloy <i.m.molloy@gmail.com>
Co-authored-by: Madhav Kandukuri <madhav165@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <vinodmut@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Co-authored-by: VK <90204593+vk-playground@users.noreply.github.com>
Co-authored-by: Frederico Araujo <araujof@users.noreply.github.com>
Co-authored-by: Madhav Kandukuri <madhav165@gmail.com>
Co-authored-by: Vicky <vicky.kuo.contact@gmail.com>
Co-authored-by: Veeresh K <42322782+nmveeresh@users.noreply.github.com>
Co-authored-by: Shoumi M <55126549+shoummu1@users.noreply.github.com>
Co-authored-by: Mohan Lakshmaiah <mohan.economist@gmail.com>
Co-authored-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Co-authored-by: Teryl Taylor <terylt@ibm.com>
Co-authored-by: Shamsul Arefin <shams@rijuk.com>
Co-authored-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: Claude <noreply@anthropic.com>
vk-playground pushed a commit to vk-playground/mcp-context-forge that referenced this pull request Sep 14, 2025
@crivetimihai
Well known (IBM#770)
c77435f 
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
vk-playground added a commit to vk-playground/mcp-context-forge that referenced this pull request Sep 14, 2025
@rakdutta @rakdutta1
@crivetimihai @imolloy @madhav165 @vinodmut @vk-playground @araujof @nmveeresh @shoummu1 @MohanLaksh @MohanLakshmaiah @shams858 @claude
Fix Tool Edit Screen: Field Mapping Consistency and Custom Tool Namin…
f12bbeb 
…g Implementation (IBM#786)

* db.py update

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* doc test

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert alembic with main version

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* 138 view realtime logs in UI and export logs (CSV, JSON) (IBM#747)

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI readme

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update logging flake8

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update logging flake8

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* test coverage

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* test coverage

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix download

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 749 reverse proxy (IBM#750)

* Fix download

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* doctest improvements

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* (fix) Added missing prompts/get (IBM#748)

Signed-off-by: Ian Molloy <molloyim@us.ibm.com>

* Adds RPC endpoints and updates RPC response and error handling (IBM#746)

* Fix rpc endpoints
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Remove commented code
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* remove duplicate code in session registry

Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Linting fixes
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Fix tests
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

---------

Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* 753 fix tool invocation invalid method (IBM#754)

* Fix tool invocation 'Invalid method' error with backward compatibility (IBM#753)

- Add backward compatibility for direct tool invocation (pre-PR IBM#746 format)
- Support both old format (method=tool_name) and new format (method=tools/call)
- Add comprehensive test coverage for RPC tool invocation scenarios
- Ensure graceful fallback to gateway forwarding when method is not a tool

The RPC endpoint now handles tool invocations in both formats:
1. New format: method='tools/call' with name and arguments in params
2. Old format: method='tool_name' with params as arguments (backward compat)

This maintains compatibility with existing clients while supporting the new
standardized RPC method structure introduced in PR IBM#746.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix flake8 E722: Replace bare except with Exception

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: suppress bandit security warnings with appropriate nosec comments (IBM#755)

- Added nosec B105 for ENV_TOKEN as it's an environment variable name, not a hardcoded secret
- Added nosec B110 for intentional exception swallowing in cleanup/error handling paths
- Both cases are legitimate uses where errors should be silently ignored to prevent cascading failures

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add agents file

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* pylint (IBM#759)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Remove redundant title in readme. (IBM#757)

Signed-off-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>

* Update documentation with fixed image tag

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 256 fuzz testing (IBM#760)

* Implement comprehensive fuzz testing automation (IBM#256)

- Add property-based testing with Hypothesis for JSON-RPC, JSONPath, and schema validation
- Add coverage-guided fuzzing with Atheris for deep code path exploration
- Add API endpoint fuzzing with Schemathesis for contract validation
- Add security-focused testing for vulnerability discovery (SQL injection, XSS, etc.)
- Add complete Makefile automation with fuzz-all, fuzz-quick, fuzz-extended targets
- Add optional [fuzz] dependency group in pyproject.toml for clean installation
- Add comprehensive reporting with JSON/Markdown outputs and executive summaries
- Add complete developer documentation with examples and troubleshooting guides
- Exclude fuzz tests from main test suite to prevent auth failures
- Found multiple real bugs in JSON-RPC validation during development

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 344 cors security headers (IBM#761)

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS ADRs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix compose

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update helm chart

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Bulk Import Tools modal wiring IBM#737 (IBM#739)

* feat: Bulk Import Tools modal wiring and backend implementation

- Add modal UI in admin.html with bulk import button and dialog
- Implement modal open/close/ESC functionality in admin.js
- Add POST /admin/tools/import endpoint with rate limiting
- Support both JSON textarea and file upload inputs
- Validate JSON structure and enforce 200 tool limit
- Return detailed success/failure information per tool
- Include loading states and comprehensive error handling

Refs IBM#737

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate admin_import_tools function and fix HTML formatting

- Remove duplicate admin_import_tools function definition
- Fix HTML placeholder attribute to use double quotes
- Add missing closing div tag
- Fix flake8 blank line issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Complete bulk import backend with file upload support and enhanced docs

- Add file upload support to admin_import_tools endpoint
- Fix response format to match frontend expectations
- Add UI usage documentation with modal instructions
- Update API docs to show all three input methods
- Enhance bulk import guide with UI and API examples

Backend improvements:
- Support tools_file form field for JSON file uploads
- Proper file content parsing with error handling
- Response includes imported/failed counts and details
- Frontend-compatible response format for UI display

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Bulk import

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove conflicting inline script and fix bulk import functionality

- Remove conflicting inline JavaScript that was preventing form submission
- Fix indentation in setupBulkImportModal function
- Ensure bulk import modal uses proper admin.js implementation
- Restore proper form submission handling for bulk import

This fixes the issue where bulk import appeared to do nothing.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Integrate bulk import setup with main initialization

- Add setupBulkImportModal() to main initialization sequence
- Remove duplicate DOMContentLoaded listener
- Ensure bulk import doesn't interfere with other tab functionality

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: JavaScript formatting issues in bulk import modal

- Fix multiline querySelector formatting
- Fix multiline Error constructor formatting
- Ensure prettier compliance for web linting

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* debug: Temporarily disable bulk import setup to test tabs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate setupFormValidation call and delay bulk import setup

- Remove duplicate setupFormValidation() call that could cause conflicts
- Use setTimeout to delay bulk import modal setup after other initialization
- Add better null safety to form element queries
- This should fix tab switching issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Restore proper initialization sequence for tab functionality

- Remove setTimeout delay for bulk import setup
- Keep bulk import setup in main initialization but with error handling
- Ensure tab navigation isn't affected by bulk import modal setup

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Correct HTML structure and restore tab navigation

- Move bulk import modal to correct location after tools panel
- Remove extra closing div that was breaking HTML structure
- Ensure proper page-level modal placement
- Restore tab navigation functionality for all tabs

This fixes the broken Global Resources, Prompts, Gateways, Roots, and Metrics tabs.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Add configurable bulk import settings

Configuration additions:
- MCPGATEWAY_BULK_IMPORT_MAX_TOOLS (default: 200)
- MCPGATEWAY_BULK_IMPORT_RATE_LIMIT (default: 10)

Implementation:
- config.py: Add new settings with defaults
- admin.py: Use configurable rate limit and batch size
- .env.example: Document all bulk import environment variables
- admin.html: Use dynamic max tools value in UI text
- CLAUDE.md: Document configuration options for developers
- docs: Update bulk import guide with configuration details

This makes bulk import fully configurable for different deployment scenarios.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* Implemented configuration export (IBM#764)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 185 186 import export (IBM#769)

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: local network address translation in discovery module (IBM#767)

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* Well known (IBM#770)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs with jsonrpc tutorial (IBM#772)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 137 metadata timestamps (IBM#776)

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Security headers CSP

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Display metadata for resources
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* eslint fix
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Madhav Kandukuri <madhav165@gmail.com>

* feat IBM#262: MCP Langchain Agent (IBM#781)

* feat: Add bulk import UI modal for tools

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

* feat: Add Langchain agent with OpenAI & A2A endpoints (refs IBM#262)

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

* lint: prettier fix at ~L8090 (insert newline)

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

---------

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>
Co-authored-by: Vicky <vicky.kuo.contact@gmail.com>

* Cleanup pr

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Cleanup pr

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Issue 587/rest tool error (IBM#778)

* added params extraction from url logic

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>

* added params extraction from url logic

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>

* Rebase and lint / test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* edit column header (IBM#777)

Signed-off-by: Shoumi <shoumimukherjee@gmail.com>

* Test case update (IBM#775)

* session_registry test case updates

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* test case update for routers/reverse_proxy

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* test case update to mcpgateway/reverse_proxy.py

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* Fix formatting issues from pre-commit hooks

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: add plugins cli, external plugin support, plugin template (IBM#722)

* feat: add support for external plugins

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat(plugins): add external mcp server and associated test cases.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* fix(lint): fixed yamllint issues

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* fix(lint): fixed flake8 issue.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat: define plugins cli and implement bootstrap command

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: implement install and package CLI commands

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: remote avoid insecure shell=True in subprocess invocation

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add external plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: move copier config to repository root

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update copier template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: get default author from git config

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update copier settings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: copier config syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add external plugin template modules

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: template syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: template syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: make template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: fix template issue

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: toml template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugin mcp server initialization

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: init module for plugin framework

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add chuck runtime and container wrapping

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: makefile template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugins config path

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add .env.template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add tools and resources support

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: lint yaml

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: cleanups

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update manifest.in

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: linting

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugin config variable

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix(tests): fixed doctests for plugins.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* refactor: external plugin server and plugin external API

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs(plugins): removed subpackages from examples

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* docs: update plugin docs to use public framework API

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix(plugin): added resource payloads to base plugin.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat: udpate test templates

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update test templates

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update tempalte makefile

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add template for native plugin

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add readme for native template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: force boostrap to be a subcommnand

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests(plugin): added http streamable and error tests.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* tests: add tests for plugins CLI

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: deprecation warning

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: add CLI tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: update plugin cli

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests(plugins): added client hook tests for external plugins.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* chore: update template readmes

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: lint docstrings in cli

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint errors in docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint errors

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: add external plugin server tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: cleanup

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: add missing docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: add missing docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: fix cli dryrun test

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint issues

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: fix teardown of client http tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: skipping flaky tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: plugin lifecycle tools

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: add missing plugin lifecycle doc

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Teryl Taylor <terylt@ibm.com>
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Teryl Taylor <terylt@ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Experimental Oauth 2.0 support in gateway (IBM#768)

* Oauth 2.1 design

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* oauth 2.0 design

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Support for oauth auth type in gateway

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Decrypt client secret

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* authorization code flow, token storage, tool fetching, tool calling with Oauth2.0

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* test fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* 256 fuzz testing (IBM#760)

* Implement comprehensive fuzz testing automation (IBM#256)

- Add property-based testing with Hypothesis for JSON-RPC, JSONPath, and schema validation
- Add coverage-guided fuzzing with Atheris for deep code path exploration
- Add API endpoint fuzzing with Schemathesis for contract validation
- Add security-focused testing for vulnerability discovery (SQL injection, XSS, etc.)
- Add complete Makefile automation with fuzz-all, fuzz-quick, fuzz-extended targets
- Add optional [fuzz] dependency group in pyproject.toml for clean installation
- Add comprehensive reporting with JSON/Markdown outputs and executive summaries
- Add complete developer documentation with examples and troubleshooting guides
- Exclude fuzz tests from main test suite to prevent auth failures
- Found multiple real bugs in JSON-RPC validation during development

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 344 cors security headers (IBM#761)

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS ADRs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix compose

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update helm chart

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* feat: Bulk Import Tools modal wiring IBM#737 (IBM#739)

* feat: Bulk Import Tools modal wiring and backend implementation

- Add modal UI in admin.html with bulk import button and dialog
- Implement modal open/close/ESC functionality in admin.js
- Add POST /admin/tools/import endpoint with rate limiting
- Support both JSON textarea and file upload inputs
- Validate JSON structure and enforce 200 tool limit
- Return detailed success/failure information per tool
- Include loading states and comprehensive error handling

Refs IBM#737

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate admin_import_tools function and fix HTML formatting

- Remove duplicate admin_import_tools function definition
- Fix HTML placeholder attribute to use double quotes
- Add missing closing div tag
- Fix flake8 blank line issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Complete bulk import backend with file upload support and enhanced docs

- Add file upload support to admin_import_tools endpoint
- Fix response format to match frontend expectations
- Add UI usage documentation with modal instructions
- Update API docs to show all three input methods
- Enhance bulk import guide with UI and API examples

Backend improvements:
- Support tools_file form field for JSON file uploads
- Proper file content parsing with error handling
- Response includes imported/failed counts and details
- Frontend-compatible response format for UI display

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Bulk import

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove conflicting inline script and fix bulk import functionality

- Remove conflicting inline JavaScript that was preventing form submission
- Fix indentation in setupBulkImportModal function
- Ensure bulk import modal uses proper admin.js implementation
- Restore proper form submission handling for bulk import

This fixes the issue where bulk import appeared to do nothing.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Integrate bulk import setup with main initialization

- Add setupBulkImportModal() to main initialization sequence
- Remove duplicate DOMContentLoaded listener
- Ensure bulk import doesn't interfere with other tab functionality

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: JavaScript formatting issues in bulk import modal

- Fix multiline querySelector formatting
- Fix multiline Error constructor formatting
- Ensure prettier compliance for web linting

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* debug: Temporarily disable bulk import setup to test tabs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate setupFormValidation call and delay bulk import setup

- Remove duplicate setupFormValidation() call that could cause conflicts
- Use setTimeout to delay bulk import modal setup after other initialization
- Add better null safety to form element queries
- This should fix tab switching issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Restore proper initialization sequence for tab functionality

- Remove setTimeout delay for bulk import setup
- Keep bulk import setup in main initialization but with error handling
- Ensure tab navigation isn't affected by bulk import modal setup

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Correct HTML structure and restore tab navigation

- Move bulk import modal to correct location after tools panel
- Remove extra closing div that was breaking HTML structure
- Ensure proper page-level modal placement
- Restore tab navigation functionality for all tabs

This fixes the broken Global Resources, Prompts, Gateways, Roots, and Metrics tabs.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Add configurable bulk import settings

Configuration additions:
- MCPGATEWAY_BULK_IMPORT_MAX_TOOLS (default: 200)
- MCPGATEWAY_BULK_IMPORT_RATE_LIMIT (default: 10)

Implementation:
- config.py: Add new settings with defaults
- admin.py: Use configurable rate limit and batch size
- .env.example: Document all bulk import environment variables
- admin.html: Use dynamic max tools value in UI text
- CLAUDE.md: Document configuration options for developers
- docs: Update bulk import guide with configuration details

This makes bulk import fully configurable for different deployment scenarios.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Implemented configuration export (IBM#764)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* cleanup

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* cleanup

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* ruff fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fix flake8 errors

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fix eslint errors

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* aiohttp added in the main dependencies section of pyproject.toml

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix Alembic multiple heads issue

Create merge migration to resolve parallel migration chains:
- Main branch migrations (34492f99a0c4)
- OAuth branch migrations (add_oauth_tokens_table)

This resolves CI/CD test failures caused by Alembic not knowing
which migration head to follow during 'alembic upgrade head'.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix Alembic migration chain - remove merge migration hack

- Remove unnecessary merge migration file (813b45a70b53)
- Fix OAuth config migration to follow proper chain (f8c9d3e2a1b4 → 34492f99a0c4)
- OAuth tokens migration already correctly follows (add_oauth_tokens_table → f8c9d3e2a1b4)
- Now single migration head without parallel branches

This eliminates the 'Multiple heads are present' error in CI/CD tests
by ensuring migrations follow a linear chain instead of creating
parallel migration branches that need artificial merge migrations.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: VK <90204593+vk-playground@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

* Fix pre-commit hooks

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 744 annotations (IBM#784)

* Fix annotations edit

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix annotations edit

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: plugins template (IBM#783)

* feat: update context forge target in template's project dependencies

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: exclude jinja files from reformatting tabs

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugins cli defaults

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: revert formatted Makefile template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add optional packages

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: update plugin template docs

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: update template readme

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

---------

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* doc test

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* web lint

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake8 fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert with main

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert with main

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic change

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake8 fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* remove addtional line

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* Rebase and fix

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Ian Molloy <molloyim@us.ibm.com>
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>
Signed-off-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>
Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>
Signed-off-by: Shoumi <shoumimukherjee@gmail.com>
Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Signed-off-by: Teryl Taylor <terylt@ibm.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: RAKHI DUTTA <rakdutta@in.ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Ian Molloy <i.m.molloy@gmail.com>
Co-authored-by: Madhav Kandukuri <madhav165@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <vinodmut@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Co-authored-by: VK <90204593+vk-playground@users.noreply.github.com>
Co-authored-by: Frederico Araujo <araujof@users.noreply.github.com>
Co-authored-by: Madhav Kandukuri <madhav165@gmail.com>
Co-authored-by: Vicky <vicky.kuo.contact@gmail.com>
Co-authored-by: Veeresh K <42322782+nmveeresh@users.noreply.github.com>
Co-authored-by: Shoumi M <55126549+shoummu1@users.noreply.github.com>
Co-authored-by: Mohan Lakshmaiah <mohan.economist@gmail.com>
Co-authored-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Co-authored-by: Teryl Taylor <terylt@ibm.com>
Co-authored-by: Shamsul Arefin <shams@rijuk.com>
Co-authored-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: Claude <noreply@anthropic.com>
vk-playground pushed a commit to vk-playground/mcp-context-forge that referenced this pull request Sep 14, 2025
@crivetimihai
Well known (IBM#770)
779becf 
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
vk-playground added a commit to vk-playground/mcp-context-forge that referenced this pull request Sep 14, 2025
@rakdutta @rakdutta1
@crivetimihai @imolloy @madhav165 @vinodmut @vk-playground @araujof @nmveeresh @shoummu1 @MohanLaksh @MohanLakshmaiah @shams858 @claude
Fix Tool Edit Screen: Field Mapping Consistency and Custom Tool Namin…
3a16ffe 
…g Implementation (IBM#786)

* db.py update

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* doc test

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert alembic with main version

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* 138 view realtime logs in UI and export logs (CSV, JSON) (IBM#747)

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI readme

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update logging flake8

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update logging flake8

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* test coverage

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* test coverage

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix download

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 749 reverse proxy (IBM#750)

* Fix download

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* doctest improvements

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* (fix) Added missing prompts/get (IBM#748)

Signed-off-by: Ian Molloy <molloyim@us.ibm.com>

* Adds RPC endpoints and updates RPC response and error handling (IBM#746)

* Fix rpc endpoints
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Remove commented code
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* remove duplicate code in session registry

Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Linting fixes
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Fix tests
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

---------

Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* 753 fix tool invocation invalid method (IBM#754)

* Fix tool invocation 'Invalid method' error with backward compatibility (IBM#753)

- Add backward compatibility for direct tool invocation (pre-PR IBM#746 format)
- Support both old format (method=tool_name) and new format (method=tools/call)
- Add comprehensive test coverage for RPC tool invocation scenarios
- Ensure graceful fallback to gateway forwarding when method is not a tool

The RPC endpoint now handles tool invocations in both formats:
1. New format: method='tools/call' with name and arguments in params
2. Old format: method='tool_name' with params as arguments (backward compat)

This maintains compatibility with existing clients while supporting the new
standardized RPC method structure introduced in PR IBM#746.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix flake8 E722: Replace bare except with Exception

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: suppress bandit security warnings with appropriate nosec comments (IBM#755)

- Added nosec B105 for ENV_TOKEN as it's an environment variable name, not a hardcoded secret
- Added nosec B110 for intentional exception swallowing in cleanup/error handling paths
- Both cases are legitimate uses where errors should be silently ignored to prevent cascading failures

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add agents file

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* pylint (IBM#759)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Remove redundant title in readme. (IBM#757)

Signed-off-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>

* Update documentation with fixed image tag

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 256 fuzz testing (IBM#760)

* Implement comprehensive fuzz testing automation (IBM#256)

- Add property-based testing with Hypothesis for JSON-RPC, JSONPath, and schema validation
- Add coverage-guided fuzzing with Atheris for deep code path exploration
- Add API endpoint fuzzing with Schemathesis for contract validation
- Add security-focused testing for vulnerability discovery (SQL injection, XSS, etc.)
- Add complete Makefile automation with fuzz-all, fuzz-quick, fuzz-extended targets
- Add optional [fuzz] dependency group in pyproject.toml for clean installation
- Add comprehensive reporting with JSON/Markdown outputs and executive summaries
- Add complete developer documentation with examples and troubleshooting guides
- Exclude fuzz tests from main test suite to prevent auth failures
- Found multiple real bugs in JSON-RPC validation during development

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 344 cors security headers (IBM#761)

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS ADRs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix compose

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update helm chart

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Bulk Import Tools modal wiring IBM#737 (IBM#739)

* feat: Bulk Import Tools modal wiring and backend implementation

- Add modal UI in admin.html with bulk import button and dialog
- Implement modal open/close/ESC functionality in admin.js
- Add POST /admin/tools/import endpoint with rate limiting
- Support both JSON textarea and file upload inputs
- Validate JSON structure and enforce 200 tool limit
- Return detailed success/failure information per tool
- Include loading states and comprehensive error handling

Refs IBM#737

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate admin_import_tools function and fix HTML formatting

- Remove duplicate admin_import_tools function definition
- Fix HTML placeholder attribute to use double quotes
- Add missing closing div tag
- Fix flake8 blank line issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Complete bulk import backend with file upload support and enhanced docs

- Add file upload support to admin_import_tools endpoint
- Fix response format to match frontend expectations
- Add UI usage documentation with modal instructions
- Update API docs to show all three input methods
- Enhance bulk import guide with UI and API examples

Backend improvements:
- Support tools_file form field for JSON file uploads
- Proper file content parsing with error handling
- Response includes imported/failed counts and details
- Frontend-compatible response format for UI display

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Bulk import

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove conflicting inline script and fix bulk import functionality

- Remove conflicting inline JavaScript that was preventing form submission
- Fix indentation in setupBulkImportModal function
- Ensure bulk import modal uses proper admin.js implementation
- Restore proper form submission handling for bulk import

This fixes the issue where bulk import appeared to do nothing.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Integrate bulk import setup with main initialization

- Add setupBulkImportModal() to main initialization sequence
- Remove duplicate DOMContentLoaded listener
- Ensure bulk import doesn't interfere with other tab functionality

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: JavaScript formatting issues in bulk import modal

- Fix multiline querySelector formatting
- Fix multiline Error constructor formatting
- Ensure prettier compliance for web linting

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* debug: Temporarily disable bulk import setup to test tabs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate setupFormValidation call and delay bulk import setup

- Remove duplicate setupFormValidation() call that could cause conflicts
- Use setTimeout to delay bulk import modal setup after other initialization
- Add better null safety to form element queries
- This should fix tab switching issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Restore proper initialization sequence for tab functionality

- Remove setTimeout delay for bulk import setup
- Keep bulk import setup in main initialization but with error handling
- Ensure tab navigation isn't affected by bulk import modal setup

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Correct HTML structure and restore tab navigation

- Move bulk import modal to correct location after tools panel
- Remove extra closing div that was breaking HTML structure
- Ensure proper page-level modal placement
- Restore tab navigation functionality for all tabs

This fixes the broken Global Resources, Prompts, Gateways, Roots, and Metrics tabs.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Add configurable bulk import settings

Configuration additions:
- MCPGATEWAY_BULK_IMPORT_MAX_TOOLS (default: 200)
- MCPGATEWAY_BULK_IMPORT_RATE_LIMIT (default: 10)

Implementation:
- config.py: Add new settings with defaults
- admin.py: Use configurable rate limit and batch size
- .env.example: Document all bulk import environment variables
- admin.html: Use dynamic max tools value in UI text
- CLAUDE.md: Document configuration options for developers
- docs: Update bulk import guide with configuration details

This makes bulk import fully configurable for different deployment scenarios.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* Implemented configuration export (IBM#764)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 185 186 import export (IBM#769)

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: local network address translation in discovery module (IBM#767)

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* Well known (IBM#770)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs with jsonrpc tutorial (IBM#772)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 137 metadata timestamps (IBM#776)

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Security headers CSP

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Display metadata for resources
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* eslint fix
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Madhav Kandukuri <madhav165@gmail.com>

* feat IBM#262: MCP Langchain Agent (IBM#781)

* feat: Add bulk import UI modal for tools

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

* feat: Add Langchain agent with OpenAI & A2A endpoints (refs IBM#262)

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

* lint: prettier fix at ~L8090 (insert newline)

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

---------

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>
Co-authored-by: Vicky <vicky.kuo.contact@gmail.com>

* Cleanup pr

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Cleanup pr

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Issue 587/rest tool error (IBM#778)

* added params extraction from url logic

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>

* added params extraction from url logic

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>

* Rebase and lint / test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* edit column header (IBM#777)

Signed-off-by: Shoumi <shoumimukherjee@gmail.com>

* Test case update (IBM#775)

* session_registry test case updates

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* test case update for routers/reverse_proxy

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* test case update to mcpgateway/reverse_proxy.py

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* Fix formatting issues from pre-commit hooks

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: add plugins cli, external plugin support, plugin template (IBM#722)

* feat: add support for external plugins

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat(plugins): add external mcp server and associated test cases.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* fix(lint): fixed yamllint issues

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* fix(lint): fixed flake8 issue.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat: define plugins cli and implement bootstrap command

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: implement install and package CLI commands

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: remote avoid insecure shell=True in subprocess invocation

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add external plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: move copier config to repository root

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update copier template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: get default author from git config

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update copier settings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: copier config syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add external plugin template modules

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: template syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: template syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: make template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: fix template issue

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: toml template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugin mcp server initialization

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: init module for plugin framework

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add chuck runtime and container wrapping

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: makefile template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugins config path

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add .env.template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add tools and resources support

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: lint yaml

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: cleanups

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update manifest.in

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: linting

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugin config variable

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix(tests): fixed doctests for plugins.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* refactor: external plugin server and plugin external API

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs(plugins): removed subpackages from examples

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* docs: update plugin docs to use public framework API

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix(plugin): added resource payloads to base plugin.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat: udpate test templates

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update test templates

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update tempalte makefile

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add template for native plugin

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add readme for native template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: force boostrap to be a subcommnand

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests(plugin): added http streamable and error tests.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* tests: add tests for plugins CLI

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: deprecation warning

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: add CLI tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: update plugin cli

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests(plugins): added client hook tests for external plugins.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* chore: update template readmes

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: lint docstrings in cli

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint errors in docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint errors

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: add external plugin server tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: cleanup

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: add missing docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: add missing docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: fix cli dryrun test

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint issues

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: fix teardown of client http tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: skipping flaky tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: plugin lifecycle tools

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: add missing plugin lifecycle doc

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Teryl Taylor <terylt@ibm.com>
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Teryl Taylor <terylt@ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Experimental Oauth 2.0 support in gateway (IBM#768)

* Oauth 2.1 design

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* oauth 2.0 design

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Support for oauth auth type in gateway

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Decrypt client secret

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* authorization code flow, token storage, tool fetching, tool calling with Oauth2.0

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* test fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* 256 fuzz testing (IBM#760)

* Implement comprehensive fuzz testing automation (IBM#256)

- Add property-based testing with Hypothesis for JSON-RPC, JSONPath, and schema validation
- Add coverage-guided fuzzing with Atheris for deep code path exploration
- Add API endpoint fuzzing with Schemathesis for contract validation
- Add security-focused testing for vulnerability discovery (SQL injection, XSS, etc.)
- Add complete Makefile automation with fuzz-all, fuzz-quick, fuzz-extended targets
- Add optional [fuzz] dependency group in pyproject.toml for clean installation
- Add comprehensive reporting with JSON/Markdown outputs and executive summaries
- Add complete developer documentation with examples and troubleshooting guides
- Exclude fuzz tests from main test suite to prevent auth failures
- Found multiple real bugs in JSON-RPC validation during development

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 344 cors security headers (IBM#761)

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS ADRs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix compose

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update helm chart

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* feat: Bulk Import Tools modal wiring IBM#737 (IBM#739)

* feat: Bulk Import Tools modal wiring and backend implementation

- Add modal UI in admin.html with bulk import button and dialog
- Implement modal open/close/ESC functionality in admin.js
- Add POST /admin/tools/import endpoint with rate limiting
- Support both JSON textarea and file upload inputs
- Validate JSON structure and enforce 200 tool limit
- Return detailed success/failure information per tool
- Include loading states and comprehensive error handling

Refs IBM#737

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate admin_import_tools function and fix HTML formatting

- Remove duplicate admin_import_tools function definition
- Fix HTML placeholder attribute to use double quotes
- Add missing closing div tag
- Fix flake8 blank line issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Complete bulk import backend with file upload support and enhanced docs

- Add file upload support to admin_import_tools endpoint
- Fix response format to match frontend expectations
- Add UI usage documentation with modal instructions
- Update API docs to show all three input methods
- Enhance bulk import guide with UI and API examples

Backend improvements:
- Support tools_file form field for JSON file uploads
- Proper file content parsing with error handling
- Response includes imported/failed counts and details
- Frontend-compatible response format for UI display

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Bulk import

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove conflicting inline script and fix bulk import functionality

- Remove conflicting inline JavaScript that was preventing form submission
- Fix indentation in setupBulkImportModal function
- Ensure bulk import modal uses proper admin.js implementation
- Restore proper form submission handling for bulk import

This fixes the issue where bulk import appeared to do nothing.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Integrate bulk import setup with main initialization

- Add setupBulkImportModal() to main initialization sequence
- Remove duplicate DOMContentLoaded listener
- Ensure bulk import doesn't interfere with other tab functionality

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: JavaScript formatting issues in bulk import modal

- Fix multiline querySelector formatting
- Fix multiline Error constructor formatting
- Ensure prettier compliance for web linting

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* debug: Temporarily disable bulk import setup to test tabs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate setupFormValidation call and delay bulk import setup

- Remove duplicate setupFormValidation() call that could cause conflicts
- Use setTimeout to delay bulk import modal setup after other initialization
- Add better null safety to form element queries
- This should fix tab switching issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Restore proper initialization sequence for tab functionality

- Remove setTimeout delay for bulk import setup
- Keep bulk import setup in main initialization but with error handling
- Ensure tab navigation isn't affected by bulk import modal setup

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Correct HTML structure and restore tab navigation

- Move bulk import modal to correct location after tools panel
- Remove extra closing div that was breaking HTML structure
- Ensure proper page-level modal placement
- Restore tab navigation functionality for all tabs

This fixes the broken Global Resources, Prompts, Gateways, Roots, and Metrics tabs.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Add configurable bulk import settings

Configuration additions:
- MCPGATEWAY_BULK_IMPORT_MAX_TOOLS (default: 200)
- MCPGATEWAY_BULK_IMPORT_RATE_LIMIT (default: 10)

Implementation:
- config.py: Add new settings with defaults
- admin.py: Use configurable rate limit and batch size
- .env.example: Document all bulk import environment variables
- admin.html: Use dynamic max tools value in UI text
- CLAUDE.md: Document configuration options for developers
- docs: Update bulk import guide with configuration details

This makes bulk import fully configurable for different deployment scenarios.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Implemented configuration export (IBM#764)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* cleanup

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* cleanup

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* ruff fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fix flake8 errors

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fix eslint errors

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* aiohttp added in the main dependencies section of pyproject.toml

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix Alembic multiple heads issue

Create merge migration to resolve parallel migration chains:
- Main branch migrations (34492f99a0c4)
- OAuth branch migrations (add_oauth_tokens_table)

This resolves CI/CD test failures caused by Alembic not knowing
which migration head to follow during 'alembic upgrade head'.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix Alembic migration chain - remove merge migration hack

- Remove unnecessary merge migration file (813b45a70b53)
- Fix OAuth config migration to follow proper chain (f8c9d3e2a1b4 → 34492f99a0c4)
- OAuth tokens migration already correctly follows (add_oauth_tokens_table → f8c9d3e2a1b4)
- Now single migration head without parallel branches

This eliminates the 'Multiple heads are present' error in CI/CD tests
by ensuring migrations follow a linear chain instead of creating
parallel migration branches that need artificial merge migrations.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: VK <90204593+vk-playground@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

* Fix pre-commit hooks

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 744 annotations (IBM#784)

* Fix annotations edit

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix annotations edit

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: plugins template (IBM#783)

* feat: update context forge target in template's project dependencies

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: exclude jinja files from reformatting tabs

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugins cli defaults

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: revert formatted Makefile template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add optional packages

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: update plugin template docs

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: update template readme

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

---------

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* doc test

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* web lint

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake8 fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert with main

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert with main

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic change

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake8 fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* remove addtional line

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* Rebase and fix

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Ian Molloy <molloyim@us.ibm.com>
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>
Signed-off-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>
Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>
Signed-off-by: Shoumi <shoumimukherjee@gmail.com>
Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Signed-off-by: Teryl Taylor <terylt@ibm.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: RAKHI DUTTA <rakdutta@in.ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Ian Molloy <i.m.molloy@gmail.com>
Co-authored-by: Madhav Kandukuri <madhav165@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <vinodmut@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Co-authored-by: VK <90204593+vk-playground@users.noreply.github.com>
Co-authored-by: Frederico Araujo <araujof@users.noreply.github.com>
Co-authored-by: Madhav Kandukuri <madhav165@gmail.com>
Co-authored-by: Vicky <vicky.kuo.contact@gmail.com>
Co-authored-by: Veeresh K <42322782+nmveeresh@users.noreply.github.com>
Co-authored-by: Shoumi M <55126549+shoummu1@users.noreply.github.com>
Co-authored-by: Mohan Lakshmaiah <mohan.economist@gmail.com>
Co-authored-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Co-authored-by: Teryl Taylor <terylt@ibm.com>
Co-authored-by: Shamsul Arefin <shams@rijuk.com>
Co-authored-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: Claude <noreply@anthropic.com>
vk-playground pushed a commit to vk-playground/mcp-context-forge that referenced this pull request Sep 16, 2025
@crivetimihai
Well known (IBM#770)
47943f7 
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
vk-playground added a commit to vk-playground/mcp-context-forge that referenced this pull request Sep 16, 2025
@rakdutta @rakdutta1
@crivetimihai @imolloy @madhav165 @vinodmut @vk-playground @araujof @nmveeresh @shoummu1 @MohanLaksh @MohanLakshmaiah @shams858 @claude
Fix Tool Edit Screen: Field Mapping Consistency and Custom Tool Namin…
9aa978c 
…g Implementation (IBM#786)

* db.py update

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* doc test

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert alembic with main version

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* 138 view realtime logs in UI and export logs (CSV, JSON) (IBM#747)

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add logging UI readme

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update logging flake8

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update logging flake8

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* test coverage

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* test coverage

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix download

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 749 reverse proxy (IBM#750)

* Fix download

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Reverse proxy

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* doctest improvements

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* (fix) Added missing prompts/get (IBM#748)

Signed-off-by: Ian Molloy <molloyim@us.ibm.com>

* Adds RPC endpoints and updates RPC response and error handling (IBM#746)

* Fix rpc endpoints
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Remove commented code
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* remove duplicate code in session registry

Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Linting fixes
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* Fix tests
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

---------

Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* 753 fix tool invocation invalid method (IBM#754)

* Fix tool invocation 'Invalid method' error with backward compatibility (IBM#753)

- Add backward compatibility for direct tool invocation (pre-PR IBM#746 format)
- Support both old format (method=tool_name) and new format (method=tools/call)
- Add comprehensive test coverage for RPC tool invocation scenarios
- Ensure graceful fallback to gateway forwarding when method is not a tool

The RPC endpoint now handles tool invocations in both formats:
1. New format: method='tools/call' with name and arguments in params
2. Old format: method='tool_name' with params as arguments (backward compat)

This maintains compatibility with existing clients while supporting the new
standardized RPC method structure introduced in PR IBM#746.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix flake8 E722: Replace bare except with Exception

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: suppress bandit security warnings with appropriate nosec comments (IBM#755)

- Added nosec B105 for ENV_TOKEN as it's an environment variable name, not a hardcoded secret
- Added nosec B110 for intentional exception swallowing in cleanup/error handling paths
- Both cases are legitimate uses where errors should be silently ignored to prevent cascading failures

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Add agents file

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* pylint (IBM#759)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Remove redundant title in readme. (IBM#757)

Signed-off-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>

* Update documentation with fixed image tag

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 256 fuzz testing (IBM#760)

* Implement comprehensive fuzz testing automation (IBM#256)

- Add property-based testing with Hypothesis for JSON-RPC, JSONPath, and schema validation
- Add coverage-guided fuzzing with Atheris for deep code path exploration
- Add API endpoint fuzzing with Schemathesis for contract validation
- Add security-focused testing for vulnerability discovery (SQL injection, XSS, etc.)
- Add complete Makefile automation with fuzz-all, fuzz-quick, fuzz-extended targets
- Add optional [fuzz] dependency group in pyproject.toml for clean installation
- Add comprehensive reporting with JSON/Markdown outputs and executive summaries
- Add complete developer documentation with examples and troubleshooting guides
- Exclude fuzz tests from main test suite to prevent auth failures
- Found multiple real bugs in JSON-RPC validation during development

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 344 cors security headers (IBM#761)

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS ADRs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix compose

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update helm chart

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Bulk Import Tools modal wiring IBM#737 (IBM#739)

* feat: Bulk Import Tools modal wiring and backend implementation

- Add modal UI in admin.html with bulk import button and dialog
- Implement modal open/close/ESC functionality in admin.js
- Add POST /admin/tools/import endpoint with rate limiting
- Support both JSON textarea and file upload inputs
- Validate JSON structure and enforce 200 tool limit
- Return detailed success/failure information per tool
- Include loading states and comprehensive error handling

Refs IBM#737

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate admin_import_tools function and fix HTML formatting

- Remove duplicate admin_import_tools function definition
- Fix HTML placeholder attribute to use double quotes
- Add missing closing div tag
- Fix flake8 blank line issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Complete bulk import backend with file upload support and enhanced docs

- Add file upload support to admin_import_tools endpoint
- Fix response format to match frontend expectations
- Add UI usage documentation with modal instructions
- Update API docs to show all three input methods
- Enhance bulk import guide with UI and API examples

Backend improvements:
- Support tools_file form field for JSON file uploads
- Proper file content parsing with error handling
- Response includes imported/failed counts and details
- Frontend-compatible response format for UI display

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Bulk import

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove conflicting inline script and fix bulk import functionality

- Remove conflicting inline JavaScript that was preventing form submission
- Fix indentation in setupBulkImportModal function
- Ensure bulk import modal uses proper admin.js implementation
- Restore proper form submission handling for bulk import

This fixes the issue where bulk import appeared to do nothing.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Integrate bulk import setup with main initialization

- Add setupBulkImportModal() to main initialization sequence
- Remove duplicate DOMContentLoaded listener
- Ensure bulk import doesn't interfere with other tab functionality

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: JavaScript formatting issues in bulk import modal

- Fix multiline querySelector formatting
- Fix multiline Error constructor formatting
- Ensure prettier compliance for web linting

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* debug: Temporarily disable bulk import setup to test tabs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate setupFormValidation call and delay bulk import setup

- Remove duplicate setupFormValidation() call that could cause conflicts
- Use setTimeout to delay bulk import modal setup after other initialization
- Add better null safety to form element queries
- This should fix tab switching issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Restore proper initialization sequence for tab functionality

- Remove setTimeout delay for bulk import setup
- Keep bulk import setup in main initialization but with error handling
- Ensure tab navigation isn't affected by bulk import modal setup

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Correct HTML structure and restore tab navigation

- Move bulk import modal to correct location after tools panel
- Remove extra closing div that was breaking HTML structure
- Ensure proper page-level modal placement
- Restore tab navigation functionality for all tabs

This fixes the broken Global Resources, Prompts, Gateways, Roots, and Metrics tabs.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Add configurable bulk import settings

Configuration additions:
- MCPGATEWAY_BULK_IMPORT_MAX_TOOLS (default: 200)
- MCPGATEWAY_BULK_IMPORT_RATE_LIMIT (default: 10)

Implementation:
- config.py: Add new settings with defaults
- admin.py: Use configurable rate limit and batch size
- .env.example: Document all bulk import environment variables
- admin.html: Use dynamic max tools value in UI text
- CLAUDE.md: Document configuration options for developers
- docs: Update bulk import guide with configuration details

This makes bulk import fully configurable for different deployment scenarios.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* Implemented configuration export (IBM#764)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 185 186 import export (IBM#769)

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Import export testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: local network address translation in discovery module (IBM#767)

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* Well known (IBM#770)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs with jsonrpc tutorial (IBM#772)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 137 metadata timestamps (IBM#776)

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Metadata / creation dates

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Security headers CSP

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Display metadata for resources
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

* eslint fix
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Madhav Kandukuri <madhav165@gmail.com>

* feat IBM#262: MCP Langchain Agent (IBM#781)

* feat: Add bulk import UI modal for tools

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

* feat: Add Langchain agent with OpenAI & A2A endpoints (refs IBM#262)

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

* lint: prettier fix at ~L8090 (insert newline)

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>

---------

Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>
Co-authored-by: Vicky <vicky.kuo.contact@gmail.com>

* Cleanup pr

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Cleanup pr

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Issue 587/rest tool error (IBM#778)

* added params extraction from url logic

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>

* added params extraction from url logic

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>

* Rebase and lint / test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* edit column header (IBM#777)

Signed-off-by: Shoumi <shoumimukherjee@gmail.com>

* Test case update (IBM#775)

* session_registry test case updates

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* test case update for routers/reverse_proxy

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* test case update to mcpgateway/reverse_proxy.py

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>

* Fix formatting issues from pre-commit hooks

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: add plugins cli, external plugin support, plugin template (IBM#722)

* feat: add support for external plugins

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat(plugins): add external mcp server and associated test cases.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* fix(lint): fixed yamllint issues

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* fix(lint): fixed flake8 issue.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat: define plugins cli and implement bootstrap command

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: implement install and package CLI commands

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: remote avoid insecure shell=True in subprocess invocation

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add external plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: move copier config to repository root

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update copier template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: get default author from git config

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update copier settings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: copier config syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add external plugin template modules

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: template syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: template syntax

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: make template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: fix template issue

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: toml template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugin mcp server initialization

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: init module for plugin framework

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add chuck runtime and container wrapping

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: makefile template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugins config path

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add .env.template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add tools and resources support

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: lint yaml

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: cleanups

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update manifest.in

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: linting

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugin config variable

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix(tests): fixed doctests for plugins.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* refactor: external plugin server and plugin external API

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs(plugins): removed subpackages from examples

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* docs: update plugin docs to use public framework API

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix(plugin): added resource payloads to base plugin.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* feat: udpate test templates

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update test templates

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update plugin template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: update tempalte makefile

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add template for native plugin

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add readme for native template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: force boostrap to be a subcommnand

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests(plugin): added http streamable and error tests.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* tests: add tests for plugins CLI

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: deprecation warning

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: add CLI tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: update plugin cli

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests(plugins): added client hook tests for external plugins.

Signed-off-by: Teryl Taylor <terylt@ibm.com>

* chore: update template readmes

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: lint docstrings in cli

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint errors in docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint errors

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: add external plugin server tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: cleanup

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: add missing docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: add missing docstrings

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: fix cli dryrun test

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* chore: fix lint issues

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: fix teardown of client http tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* tests: skipping flaky tests

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: plugin lifecycle tools

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: add missing plugin lifecycle doc

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Teryl Taylor <terylt@ibm.com>
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Teryl Taylor <terylt@ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Experimental Oauth 2.0 support in gateway (IBM#768)

* Oauth 2.1 design

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* oauth 2.0 design

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Support for oauth auth type in gateway

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Decrypt client secret

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* authorization code flow, token storage, tool fetching, tool calling with Oauth2.0

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* test fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* 256 fuzz testing (IBM#760)

* Implement comprehensive fuzz testing automation (IBM#256)

- Add property-based testing with Hypothesis for JSON-RPC, JSONPath, and schema validation
- Add coverage-guided fuzzing with Atheris for deep code path exploration
- Add API endpoint fuzzing with Schemathesis for contract validation
- Add security-focused testing for vulnerability discovery (SQL injection, XSS, etc.)
- Add complete Makefile automation with fuzz-all, fuzz-quick, fuzz-extended targets
- Add optional [fuzz] dependency group in pyproject.toml for clean installation
- Add comprehensive reporting with JSON/Markdown outputs and executive summaries
- Add complete developer documentation with examples and troubleshooting guides
- Exclude fuzz tests from main test suite to prevent auth failures
- Found multiple real bugs in JSON-RPC validation during development

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update fuzz testing

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 344 cors security headers (IBM#761)

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS ADRs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix compose

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update helm chart

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update CORS docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update test

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* feat: Bulk Import Tools modal wiring IBM#737 (IBM#739)

* feat: Bulk Import Tools modal wiring and backend implementation

- Add modal UI in admin.html with bulk import button and dialog
- Implement modal open/close/ESC functionality in admin.js
- Add POST /admin/tools/import endpoint with rate limiting
- Support both JSON textarea and file upload inputs
- Validate JSON structure and enforce 200 tool limit
- Return detailed success/failure information per tool
- Include loading states and comprehensive error handling

Refs IBM#737

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate admin_import_tools function and fix HTML formatting

- Remove duplicate admin_import_tools function definition
- Fix HTML placeholder attribute to use double quotes
- Add missing closing div tag
- Fix flake8 blank line issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Complete bulk import backend with file upload support and enhanced docs

- Add file upload support to admin_import_tools endpoint
- Fix response format to match frontend expectations
- Add UI usage documentation with modal instructions
- Update API docs to show all three input methods
- Enhance bulk import guide with UI and API examples

Backend improvements:
- Support tools_file form field for JSON file uploads
- Proper file content parsing with error handling
- Response includes imported/failed counts and details
- Frontend-compatible response format for UI display

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Bulk import

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove conflicting inline script and fix bulk import functionality

- Remove conflicting inline JavaScript that was preventing form submission
- Fix indentation in setupBulkImportModal function
- Ensure bulk import modal uses proper admin.js implementation
- Restore proper form submission handling for bulk import

This fixes the issue where bulk import appeared to do nothing.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Integrate bulk import setup with main initialization

- Add setupBulkImportModal() to main initialization sequence
- Remove duplicate DOMContentLoaded listener
- Ensure bulk import doesn't interfere with other tab functionality

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: JavaScript formatting issues in bulk import modal

- Fix multiline querySelector formatting
- Fix multiline Error constructor formatting
- Ensure prettier compliance for web linting

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* debug: Temporarily disable bulk import setup to test tabs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Remove duplicate setupFormValidation call and delay bulk import setup

- Remove duplicate setupFormValidation() call that could cause conflicts
- Use setTimeout to delay bulk import modal setup after other initialization
- Add better null safety to form element queries
- This should fix tab switching issues

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Restore proper initialization sequence for tab functionality

- Remove setTimeout delay for bulk import setup
- Keep bulk import setup in main initialization but with error handling
- Ensure tab navigation isn't affected by bulk import modal setup

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: Correct HTML structure and restore tab navigation

- Move bulk import modal to correct location after tools panel
- Remove extra closing div that was breaking HTML structure
- Ensure proper page-level modal placement
- Restore tab navigation functionality for all tabs

This fixes the broken Global Resources, Prompts, Gateways, Roots, and Metrics tabs.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* feat: Add configurable bulk import settings

Configuration additions:
- MCPGATEWAY_BULK_IMPORT_MAX_TOOLS (default: 200)
- MCPGATEWAY_BULK_IMPORT_RATE_LIMIT (default: 10)

Implementation:
- config.py: Add new settings with defaults
- admin.py: Use configurable rate limit and batch size
- .env.example: Document all bulk import environment variables
- admin.html: Use dynamic max tools value in UI text
- CLAUDE.md: Document configuration options for developers
- docs: Update bulk import guide with configuration details

This makes bulk import fully configurable for different deployment scenarios.

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Update docs

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Implemented configuration export (IBM#764)

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* cleanup

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* cleanup

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* ruff fixes

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fix flake8 errors

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* fix eslint errors

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* aiohttp added in the main dependencies section of pyproject.toml

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix Alembic multiple heads issue

Create merge migration to resolve parallel migration chains:
- Main branch migrations (34492f99a0c4)
- OAuth branch migrations (add_oauth_tokens_table)

This resolves CI/CD test failures caused by Alembic not knowing
which migration head to follow during 'alembic upgrade head'.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix Alembic migration chain - remove merge migration hack

- Remove unnecessary merge migration file (813b45a70b53)
- Fix OAuth config migration to follow proper chain (f8c9d3e2a1b4 → 34492f99a0c4)
- OAuth tokens migration already correctly follows (add_oauth_tokens_table → f8c9d3e2a1b4)
- Now single migration head without parallel branches

This eliminates the 'Multiple heads are present' error in CI/CD tests
by ensuring migrations follow a linear chain instead of creating
parallel migration branches that need artificial merge migrations.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Review, rebase and lint

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: VK <90204593+vk-playground@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

* Fix pre-commit hooks

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* 744 annotations (IBM#784)

* Fix annotations edit

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* Fix annotations edit

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

* fix: plugins template (IBM#783)

* feat: update context forge target in template's project dependencies

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: exclude jinja files from reformatting tabs

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: plugins cli defaults

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* fix: revert formatted Makefile template

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* feat: add optional packages

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: update plugin template docs

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* docs: update template readme

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

---------

Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* doc test

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* edit-tool

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* web lint

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake8 fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* pytest fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert with main

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* revert with main

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic change

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* flake8 fix

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* remove addtional line

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* alembic

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>

* Rebase and fix

Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>

---------

Signed-off-by: RAKHI DUTTA <rakdutta@in.ibm.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Ian Molloy <molloyim@us.ibm.com>
Signed-off-by: Madhav Kandukuri <madhav165@gmail.com>
Signed-off-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Signed-off-by: Frederico Araujo <frederico.araujo@ibm.com>
Signed-off-by: Vicky <vicky.kuo.contact@gmail.com>
Signed-off-by: Veeresh K <veeruveeresh1522@gmail.com>
Signed-off-by: Shoumi <shoumimukherjee@gmail.com>
Signed-off-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Signed-off-by: Teryl Taylor <terylt@ibm.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: RAKHI DUTTA <rakdutta@in.ibm.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Ian Molloy <i.m.molloy@gmail.com>
Co-authored-by: Madhav Kandukuri <madhav165@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <vinodmut@users.noreply.github.com>
Co-authored-by: Vinod Muthusamy <770084+vinodmut@users.noreply.github.com>
Co-authored-by: VK <90204593+vk-playground@users.noreply.github.com>
Co-authored-by: Frederico Araujo <araujof@users.noreply.github.com>
Co-authored-by: Madhav Kandukuri <madhav165@gmail.com>
Co-authored-by: Vicky <vicky.kuo.contact@gmail.com>
Co-authored-by: Veeresh K <42322782+nmveeresh@users.noreply.github.com>
Co-authored-by: Shoumi M <55126549+shoummu1@users.noreply.github.com>
Co-authored-by: Mohan Lakshmaiah <mohan.economist@gmail.com>
Co-authored-by: Mohan Lakshmaiah <mohalaks@in.ibm.com>
Co-authored-by: Teryl Taylor <terylt@ibm.com>
Co-authored-by: Shamsul Arefin <shams@rijuk.com>
Co-authored-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kevalmahajan kevalmahajan Awaiting requested review from kevalmahajan kevalmahajan is a code owner

@madhav165 madhav165 Awaiting requested review from madhav165 madhav165 is a code owner

Assignees

@crivetimihai crivetimihai

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[FEATURE][SECURITY]: Configurable well-known URI handler

1 participant

@crivetimihai