Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 7 commits
- 46 files changed
- 5 contributors
Commits on Mar 30, 2026
-
Add scoped and user secret providers with system key isolation (#4229)
* Add scoped and user secret providers with system key isolation Introduces ScopedProvider and UserProvider wrappers that isolate system-managed secrets (registry tokens, workload auth, enterprise login) from user-managed secrets using a reserved __thv_<scope>_ key prefix. Also adds BulkDeleteSecrets to the Provider interface so Cleanup operations on both wrappers are handled atomically in a single write on EncryptedManager, consistent with how other lifecycle operations work across read-only providers (no-op) and writable providers. Part of #4192. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Fix paralleltest linter errors in scoped_test.go Add t.Parallel() inside all t.Run closures and move ctx into each subtest to satisfy the paralleltest and tparallel linters. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Update copyright year to 2026 in modified files Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Add missing tests for BulkDeleteSecrets and Cleanup methods Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Address review feedback on scoped secret providers - Add SecretScope typed string for scope constants (ScopeRegistry, ScopeWorkloads, ScopeAuth) so callers get compile-time safety - Rename inner → provider in ScopedProvider and UserProvider structs - Replace package-level scopedKey() with getScopedKey()/getScopePrefix() methods on ScopedProvider for better encapsulation - Rename BulkDeleteSecrets → DeleteSecrets across all providers, tests, and mocks to better reflect the operation semantics - Include operation name (get/set/delete) in ErrReservedKeyName error messages for clearer diagnostics - Split TestEncryptedManager_BulkDeleteSecrets into four focused parallel tests (deletesSpecifiedKeys, persistsToDisk, emptyListIsNoop, nonExistentKeysNoError) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * Address review feedback: scope invariants, DeleteSecrets semantics, tests - Add invariant doc comment to SecretScope explaining non-empty and no-underscore constraints with rationale - Add TestSecretScopeInvariants validating all declared scope constants - Clarify UserProvider.DeleteSecrets doc with all-or-nothing semantics - Add mixed-input test case for UserProvider.DeleteSecrets confirming inner provider is not called when any key in the list is reserved Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> --------- Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
-
Respect global config for OTel tracing and metrics enabled (#4326)
* Respect global config for OTel tracing/metrics thv config otel set-tracing-enabled false was silently ignored by thv run because getTelemetryFromFlags had no fallback for these two fields, and buildRunConfig bypassed the fallback entirely for the proxy runner config. Users could not globally disable telemetry without passing CLI flags on every invocation. Fixes #4323 Signed-off-by: Greg Katz <gkatz@indeed.com> * Add test for disabled-signals telemetry path Cover the createTelemetryConfig early-return when both tracing and metrics are disabled with the endpoint still configured. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Greg Katz <gkatz@indeed.com> * Address review feedback on OTel config PR Fix unset guard to check nil only, not nil-or-false, so users can unset an explicit false value. Return a struct from getTelemetryFromFlags instead of 8 positional values. Default tracing/metrics to false when telemetry config is nil to avoid fragile fallback to runFlags. Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Greg Katz <gkatz@indeed.com> --------- Signed-off-by: Greg Katz <gkatz@indeed.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Muhammad Amir Ejaz <amir@stacklok.com>
3 people authoredMar 30, 2026 -
Preserve scopes in token refresh request (#4428)
RFC 6749 section 6 says servers MUST preserve scopes when the scope parameter is omitted from a refresh request, but not all servers comply. Explicitly including scope during refresh is always spec-safe and protects users from silent scope loss on non-compliant servers. Fixes #4427 Signed-off-by: Greg Katz <gkatz@indeed.com> Co-authored-by: Claude <noreply@anthropic.com>
-
Return JSON-RPC errors for expired sessions (#4426)
* Return JSON-RPC errors for expired sessions ToolHive's proxies returned plain-text HTTP errors for expired or unknown sessions. MCP clients like Claude Code rely on receiving HTTP 404 with a JSON-RPC error body containing code -32001 to trigger automatic session recovery. The plain-text responses bypassed this detection, leaving connections broken until the user manually restarted their client. Fixes #4425 Co-Authored-By: Claude <noreply@anthropic.com> Signed-off-by: Greg Katz <gkatz@indeed.com> * Restore doc comment on MessageSessionNotFound The revive linter requires exported constants to have doc comments. The blank line between the two constants in the const block means they need individual comments. Signed-off-by: Greg Katz <gkatz@indeed.com> --------- Signed-off-by: Greg Katz <gkatz@indeed.com> Co-authored-by: Claude <noreply@anthropic.com>
-
Treat PID 0 as dead in supervisor liveness check (#4431)
Treat PID 0 as dead in isSupervisorProcessAlive During transport restart, ResetWorkloadPID sets process_id to 0 in the status file. isSupervisorProcessAlive only checked for an error from GetWorkloadPID, so (0, nil) was treated as a live supervisor. This caused thv restart to silently no-op during the transient window where PID is 0. Fixes #4429 Signed-off-by: Greg Katz <gkatz@indeed.com> Co-authored-by: Claude <noreply@anthropic.com> Co-authored-by: Muhammad Amir Ejaz <amir@stacklok.com>
3 people authoredMar 30, 2026 -
Add CRD type and converter for upstream_inject strategy (#4391)
Add CRD type and converter for upstream_inject strategy (#4146) Bridge the Kubernetes operator API to the vMCP runtime config for the upstream_inject outgoing auth strategy. This is Phase 4 of RFC-0054. CRD changes: add ExternalAuthTypeUpstreamInject constant, UpstreamInjectSpec struct, CEL validation rules, and SubjectProviderName on TokenExchangeConfig. Converter changes: add UpstreamInjectConverter, wire SubjectProviderName in TokenExchangeConverter, and register in the converter registry. Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
-
* Update VERSION for release Release-Triggered-By: amirejaz * Update Chart.yaml for release Release-Triggered-By: amirejaz * Update Chart.yaml for release Release-Triggered-By: amirejaz * Update Chart.yaml for release Release-Triggered-By: amirejaz * Update Chart.yaml for release Release-Triggered-By: amirejaz * Update values.yaml for release Release-Triggered-By: amirejaz * Update values.yaml for release Release-Triggered-By: amirejaz * Update values.yaml for release Release-Triggered-By: amirejaz * Update VERSION for release Release-Triggered-By: amirejaz * Update Chart.yaml for release Release-Triggered-By: amirejaz * Update README.md for release Release-Triggered-By: amirejaz * Update Chart.yaml for release Release-Triggered-By: amirejaz * Update README.md for release Release-Triggered-By: amirejaz * Update values.yaml for release Release-Triggered-By: amirejaz
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff v0.14.0...v0.14.1