fix(deps): update module github.com/stacklok/toolhive to v0.6.6

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/stacklok/toolhive	v0.3.11 -> v0.6.6

---

Release Notes

stacklok/toolhive (github.com/stacklok/toolhive)

v0.6.6

Compare Source

What's Changed

• Add environment variable support to header_injection auth by @​jhrozek in #​2574
• Update golang.org/x/exp/jsonrpc2 digest to e25ba8c by @​renovate[bot] in #​2577
• Update registry from toolhive-registry release v2025.11.14 by @​github-actions[bot] in #​2582
• Consolidate vmcp configuration examples by @​jhrozek in #​2581
• Remove service_account authentication strategy by @​jhrozek in #​2580
• allow to pass env vars to proxyrunner for debug level by @​yrobla in #​2553
• Fix the name mapping between the 2 formats by @​rdimitrov in #​2584
• Remove legacy upstream converter files by @​rdimitrov in #​2575
• Apply parameter defaults in composite tool workflows by @​JAORMX in #​2588
• Fix backend capability name translation in vmcp by @​JAORMX in #​2587
• Integrate composite tool workflows with vMCP request pipeline by @​JAORMX in #​2572
• Improve composite tool configuration ergonomics by @​JAORMX in #​2589
• adds creation of configmap for registry server config by @​ChrisJBurns in #​2558
• Add focused test coverage for YAML transform functions by @​JAORMX in #​2590
• Adds caching to make CI actions faster when downloading dependencies by @​ChrisJBurns in #​2583
• Advanced Workflow Features for vMCP Composition by @​tgrunnagle in #​2592
• Update registry from toolhive-registry release v2025.11.15 by @​github-actions[bot] in #​2595
• Update registry from toolhive-registry release v2025.11.16 by @​github-actions[bot] in #​2598
• Update registry from toolhive-registry release v2025.11.17 by @​github-actions[bot] in #​2599
• moves heavyweight mcpgroup e2e tests to integration tests by @​ChrisJBurns in #​2594
• Fix RFC 7591 scope serialization format by @​theJC in #​2597
• Update registry.access.redhat.com/ubi10/ubi-minimal Docker tag to v10.1-1763362715 by @​renovate[bot] in #​2600
• UpstreamRegistry type, converters and test code by @​dmartinol in #​2567
• Watch VirtualMCPCompositeToolDefinition changes by @​yrobla in #​2601
• Renamed ServerRegistry to UpstreamRegistry by @​dmartinol in #​2607
• Fix tool step type in vMCP CRD by @​JAORMX in #​2608
• Update module github.com/modelcontextprotocol/registry to v1.3.9 by @​renovate[bot] in #​2610
• fix: wait for initialize endpoint before updating client configs by @​therealnb in #​2504
• Docs for vMCP composite workflows by @​tgrunnagle in #​2593
• Update actions/checkout digest to 93cb6ef by @​renovate[bot] in #​2616
• Unified Workload Discovery for vmcp by @​amirejaz in #​2487
• Update toolhive images to v0.6.5 by @​renovate[bot] in #​2569
• claude likes modifying table columns, tells the skill not to do that by @​ChrisJBurns in #​2618
• Fix race detector failures in parallel workflow tests by @​JAORMX in #​2614
• Remove unimplemented StepTypeConditional by @​JAORMX in #​2612
• uses configMapRef instead of custom config map source by @​ChrisJBurns in #​2621
• removes redundant configmap mode e2e test by @​ChrisJBurns in #​2622
• Fix args handling for protocol builds by @​danbarr in #​2630
• Update registry from toolhive-registry release v2025.11.18 by @​github-actions[bot] in #​2628
• removes authz-configmap e2e test as its already covered in int tests by @​ChrisJBurns in #​2626
• Update anchore/sbom-action action to v0.20.10 by @​renovate[bot] in #​2629
• Update module github.com/modelcontextprotocol/registry to v1.3.10 by @​renovate[bot] in #​2633
• Add per-user caching to vMCP discovery manager by @​tgrunnagle in #​2620
• Send usage metrics from operator proxies with default anonymous ID by @​lujunsan in #​2635
• Add support for MCP Tasks (November 2025 spec) by @​JAORMX in #​2638
• Track discovered backends in VirtualMCPServer status by @​amirejaz in #​2639
• moves e2e ext auth test to int test by @​ChrisJBurns in #​2625
• ports inline oidc config auth-configmap e2e test to int test by @​ChrisJBurns in #​2644
• Delete VMCP_FUTURE_ENHANCEMENTS.md by @​JAORMX in #​2645
• makes int tests less verbose in logs by default by @​ChrisJBurns in #​2642
• Add Google Antigravity IDE client support by @​danbarr in #​2646
• renames int test suites to be more representitive by @​ChrisJBurns in #​2648
• moves authz-configmap-ref e2e test to integration test by @​ChrisJBurns in #​2647
• Add integration tests for vMCP server by @​jhrozek in #​2624
• Update registry from toolhive-registry release v2025.11.19 by @​github-actions[bot] in #​2653
• move virtualmcp tests to its own folder by @​yrobla in #​2656
• fix: ubi image build should support multi arch builds by @​TomerFi in #​2655
• Update anthropics/claude-code-action digest to 6902c22 by @​renovate[bot] in #​2632
• improves chainsaw single-tenancy test times by running in parallel by @​ChrisJBurns in #​2654
• refactor: registry package types by @​peppescg in #​2615
• removes the otel e2e test because we cover it in integration test by @​ChrisJBurns in #​2657

Full Changelog: stacklok/toolhive@v0.6.5...v0.6.6

v0.6.5

Compare Source

What's Changed

• Fix registry type transitions by @​rdimitrov in #​2578

Full Changelog: stacklok/toolhive@v0.6.4...v0.6.5

v0.6.4

Compare Source

What's Changed

• removes registry filtering from operator by @​ChrisJBurns in #​2566
• removes MCPRegistry datasources from Operator by @​ChrisJBurns in #​2568
• Inject env.Reader for testable token exchange auth by @​jhrozek in #​2571
• Add MCP elicitation support for vMCP composite workflows by @​JAORMX in #​2562
• Fix the way we identify the URL registry type by @​rdimitrov in #​2576

Full Changelog: stacklok/toolhive@v0.6.3...v0.6.4

v0.6.3

Compare Source

Headline Changes

• MCP well-known URI auth discovery
• Registry format converters and support for the Official MCP Registry
• OpenCode and Kiro client support
• Token exchange authentication strategy

What's Changed

• Implement anonymous usage metrics collection with opt-out mechanism by @​lujunsan in #​2449
• Update toolhive images to v0.6.2 by @​renovate[bot] in #​2533
• Add MCP well-known URI auth discovery per MCP Spec by @​theJC in #​2527
• Add registry format converters and support for the Official MCP Registry by @​rdimitrov in #​2469
• Update registry.access.redhat.com/ubi10/ubi-minimal Docker tag to v10.0-1762851739 by @​renovate[bot] in #​2538
• adds base from creation of the registry server config by @​ChrisJBurns in #​2534
• adds type setting for registry source by @​ChrisJBurns in #​2543
• Update module golang.org/x/net to v0.47.0 by @​renovate[bot] in #​2542
• adds function for creating a configmap from a registry server config by @​ChrisJBurns in #​2547
• Add OpenCode client support by @​prestist in #​2489
• Update module golang.org/x/mod to v0.30.0 by @​renovate[bot] in #​2541
• Update registry.access.redhat.com/ubi10/ubi-minimal Docker tag to v10.1-1762189639 by @​renovate[bot] in #​2546
• Update registry from toolhive-registry release v2025.11.12 by @​github-actions[bot] in #​2548
• Sort clients in the client setup command by @​danbarr in #​2551
• Update module github.com/modelcontextprotocol/registry to v1.3.8 by @​renovate[bot] in #​2549
• adds configmap creation for registry server config by @​ChrisJBurns in #​2544
• Add Kiro as a supported client by @​danbarr in #​2550
• Implement lazy per-session capability discovery by @​jhrozek in #​2539
• Add default port fallback to GetMcpPort() for HTTP-based transports by @​amirejaz in #​2555
• Update module k8s.io/apimachinery to v0.34.2 by @​renovate[bot] in #​2557
• Update kubernetes packages to v0.34.2 by @​renovate[bot] in #​2559
• Update registry.access.redhat.com/ubi10/ubi-minimal Docker tag to v10.1-1762952303 by @​renovate[bot] in #​2554
• Fix flaky TestGenerateUserAgent test using dependency injection by @​JAORMX in #​2561
• Consolidate Kubernetes client utilities into pkg/k8s by @​JAORMX in #​2560
• Add token exchange authentication strategy by @​jhrozek in #​2501
• Update registry from toolhive-registry release v2025.11.13 by @​github-actions[bot] in #​2563
• fix oidc and token exchange config for k8s by @​yrobla in #​2537

New Contributors

• @​theJC made their first contribution in #​2527
• @​prestist made their first contribution in #​2489

Full Changelog: stacklok/toolhive@v0.6.2...v0.6.3

v0.6.2

Compare Source

What's Changed

• Update goreleaser for cosign v3 by @​eleftherias in #​2532

Full Changelog: stacklok/toolhive@v0.6.1...v0.6.2

v0.6.1

Compare Source

What's Changed

• errors if no config file is found for proxyrunner by @​ChrisJBurns in #​2530
• Do not force to pass client id and secret for token exchange by @​yrobla in #​2531

Full Changelog: stacklok/toolhive@v0.6.0...v0.6.1

v0.6.0

Compare Source

Headline Changes

• Change default proxy mode from SSE to streamable-http when using the thv CLI
• Send resource indicator when authorizing to remote MCP server

What's Changed

• Unify authentication with Identity struct across ToolHive by @​JAORMX in #​2437
• Update registry from toolhive-registry release v2025.11.04 by @​github-actions[bot] in #​2441
• Update module github.com/cedar-policy/cedar-go to v1.2.9 by @​renovate[bot] in #​2442
• Update helm/kind-action digest to 92086f6 by @​renovate[bot] in #​2435
• Update module sigs.k8s.io/controller-runtime to v0.22.4 by @​renovate[bot] in #​2438
• Remove GetClaimsFromContext backward compatibility helper by @​JAORMX in #​2443
• vMCP: Implement composite tools workflow engine by @​JAORMX in #​2439
• Skip OAuth secret processing when empty by @​JAORMX in #​2445
• Add e2e tests for remote MCP servers by @​JAORMX in #​2444
• Fix vmcp capability name mapping when forwarding to backends by @​JAORMX in #​2457
• Fix vmcp tool schema double-nesting bug by @​JAORMX in #​2456
• Update registry from toolhive-registry release v2025.11.05 by @​github-actions[bot] in #​2461
• Update docker/metadata-action action to v5.9.0 by @​renovate[bot] in #​2455
• Move OAuth secret management into pkg/auth/oauth by @​JAORMX in #​2462
• Clear SSE pending message when message is sent to queue by @​eleftherias in #​2452
• Implement outgoing authentication strategies for vMCP by @​jhrozek in #​2451
• Move remote MCP authentication handler to pkg/auth/remote by @​JAORMX in #​2464
• Add CRD-based group storage for Kubernetes by @​amirejaz in #​2463
• Update helm/chart-testing-action action to v2.8.0 by @​renovate[bot] in #​2468
• Add host and port flags to vmcp serve command by @​JAORMX in #​2467
• Update registry from toolhive-registry release v2025.11.06 by @​github-actions[bot] in #​2474
• Update module github.com/docker/docker to v28.5.2+incompatible by @​renovate[bot] in #​2473
• Include vMCP in claude.md by @​jhrozek in #​2471
• Fix vMCP server graceful shutdown by @​jhrozek in #​2472
• Process EnvFileDir in file-based config mode by @​jhrozek in #​2470
• Refactor CA certificate config operations to match registry pattern by @​JAORMX in #​2476
• Add constants for auth strategy types by @​JAORMX in #​2477
• update cosign signing config to support cosign v3 by @​amirejaz in #​2246
• Support MCP servers with partial capabilities in vmcp by @​JAORMX in #​2416
• Refactor auth resolution logic to config struct by @​JAORMX in #​2478
• feat: Implement VirtualMCPServer Kubernetes controller by @​yrobla in #​2448
• Extract common validation helpers in config package by @​JAORMX in #​2481
• add missing coverage for controller: by @​yrobla in #​2482
• add status collector for vmcp by @​yrobla in #​2484
• Change default proxy mode from SSE to streamable-http by @​danbarr in #​2475
• Update module github.com/cedar-policy/cedar-go to v1.3.0 by @​renovate[bot] in #​2490
• ci: added latest-ubi tag to build process by @​TomerFi in #​2491
• Update registry from toolhive-registry release v2025.11.07 by @​github-actions[bot] in #​2492
• include missing auth confgured in status by @​yrobla in #​2493
• Add automatic authentication monitoring for remote workloads with unauthenticated state detection by @​amirejaz in #​2421
• add missing tests for vmcp controller by @​yrobla in #​2500
• Fix SSE proxy mode transport label mapping for stdio servers by @​danbarr in #​2506
• installs helm-docs and precommit for claude chart tasks by @​ChrisJBurns in #​2508
• adds claude helm chart bump skill and removes pre-commit by @​ChrisJBurns in #​2510
• installs golang to github runner for helm docs by @​ChrisJBurns in #​2511
• Update toolhive images to v0.5.2 by @​renovate[bot] in #​2335
• Add Flusher interface to audit and authz middlewares by @​danbarr in #​2512
• Update headless service log message to reference HTTP transport by @​ChrisJBurns in #​2514
• Update registry from toolhive-registry release v2025.11.08 by @​github-actions[bot] in #​2516
• Update golangci/golangci-lint-action action to v9 by @​renovate[bot] in #​2517
• Update module golang.org/x/oauth2 to v0.33.0 by @​renovate[bot] in #​2519
• Operator: Change default proxy mode from SSE to streamable-http by @​danbarr in #​2521
• Update module golang.org/x/sync to v0.18.0 by @​renovate[bot] in #​2520
• Update module golang.org/x/sys to v0.38.0 by @​renovate[bot] in #​2522
• Update registry from toolhive-registry release v2025.11.09 by @​github-actions[bot] in #​2523
• Update module github.com/olekukonko/tablewriter to v1.1.1 by @​renovate[bot] in #​2524
• Update registry from toolhive-registry release v2025.11.10 by @​github-actions[bot] in #​2525
• Support resource indicator in remote auth by @​eleftherias in #​2497
• Do not convert volume target path to Windows style, implement tilde expansion for Windows by @​dmjb in #​2488
• Regenerate mocks by @​dmjb in #​2529
• Update registry.access.redhat.com/ubi10/ubi-minimal Docker tag to v10.0-1762765041 by @​renovate[bot] in #​2528
• removes unused cli flags from proxyrunner by @​ChrisJBurns in #​2515

Full Changelog: stacklok/toolhive@v0.5.2...v0.6.0

v0.5.2

Compare Source

What's Changed

• fix: Cannot deploy MCPRegistry from git in OpenShift by @​dmartinol in #​2263
• Fix CI failure by @​dmartinol in #​2363
• Implement tool conflict resolution for Virtual MCP Server by @​JAORMX in #​2365
• lint issue by @​dmartinol in #​2374
• Remove e2e test by @​dmartinol in #​2381
• Skip auto-generated files from linter by @​JAORMX in #​2382
• Proposal to refactor the MCP Registry controller by @​dmartinol in #​2301
• Return tools_override in workload GET endpoint by @​ChrisJBurns in #​2386
• Fix CI linter issues by @​dmartinol in #​2387
• vMCP: Implement capability merging and routing integration by @​JAORMX in #​2376
• pins registry api image until refactor is complete by @​ChrisJBurns in #​2401
• Update anthropics/claude-code-action digest to 8a1c437 by @​renovate[bot] in #​2369
• Update module github.com/charmbracelet/lipgloss to v2 by @​renovate[bot] in #​2373
• Update registry from toolhive-registry release v2025.10.31 by @​github-actions[bot] in #​2405
• Design and implement the VirtualMCPServer CRD by @​yrobla in #​2371
• Handle partial flushes in tool config middleware by @​blkt in #​2404
• Fix race condition in operator git tests by @​JAORMX in #​2408
• add missing gaps in k8s virtualmcpserver crd by @​yrobla in #​2409
• Consolidate bearer token extraction into utility by @​jhrozek in #​2410
• Add HTTP header validation to prevent injection by @​jhrozek in #​2411
• vMCP: Implement CLI serve command and session management by @​JAORMX in #​2406
• vMCP: Use proxy-mode instead of transport by @​JAORMX in #​2413
• Fix flaky vMCP health endpoint tests by @​JAORMX in #​2415
• vMCP: Add comprehensive tests for cache and registry components by @​JAORMX in #​2407
• Add -hide all to test-coverage Taskfile target by @​JAORMX in #​2414
• Update ubi golang builder to 1.25.z via epel10 copr repo. by @​RoddieKieley in #​2418
• build: use golang base image for building binary for UBI by @​TomerFi in #​2420
• Handle partial flushes for application/json by @​blkt in #​2422
• fix: switch operator micro ubi variant to minimal variant for missing certs by @​TomerFi in #​2424
• build: bump go to 1.25.3 by @​TomerFi in #​2423
• Update registry from toolhive-registry release v2025.11.01 by @​github-actions[bot] in #​2425
• Update registry from toolhive-registry release v2025.11.02 by @​github-actions[bot] in #​2428
• Update module golang.org/x/net to v0.46.0 by @​renovate[bot] in #​2427
• Update module github.com/mark3labs/mcp-go to v0.43.0 by @​renovate[bot] in #​2431
• Update registry from toolhive-registry release v2025.11.03 by @​github-actions[bot] in #​2432
• Decouple transport from runtime by @​blkt in #​2430
• Fix group name validation by @​eleftherias in #​2402
• Implement core authentication infrastructure for vMCP by @​jhrozek in #​2393
• Update registry.access.redhat.com/ubi10/ubi-minimal Docker tag to v10.0-1758699349 by @​renovate[bot] in #​2426
• Don't try to install mockgen if it's already available by @​JAORMX in #​2434
• Update helm/kind-action action to v1.13.0 by @​renovate[bot] in #​2436
• Fix flacky tests by @​NastyaAR in #​2178
• vMCP: Kubernetes - VirtualMCPCompositeToolDefinition CRD by @​yrobla in #​2412

New Contributors

• @​NastyaAR made their first contribution in #​2178

Full Changelog: stacklok/toolhive@v0.5.1...v0.5.2

v0.5.1

Compare Source

What's Changed

• Bump operator to use toolhive v0.5.0 by @​JAORMX in #​2336
• Rename MCPServer CRD Port Attributes for Clarity by @​ChrisJBurns in #​1806
• adds new port attributes to crds by @​ChrisJBurns in #​2338
• Add Virtual MCP Server routing interfaces and domain model by @​JAORMX in #​2333
• changes examples to use new port names by @​ChrisJBurns in #​2341
• moves GetToolConfigForMCPServer into separate package for easier testing and reducing code in controllers layer by @​ChrisJBurns in #​2344
• Update registry from toolhive-registry release v2025.10.28 by @​github-actions[bot] in #​2345
• Update module github.com/onsi/ginkgo/v2 to v2.27.2 by @​renovate[bot] in #​2342
• Update anthropics/claude-code-action digest to f4d737a by @​renovate[bot] in #​2346
• clean more flags/args code from operator and removes redundant functions by @​ChrisJBurns in #​2343
• Update module golang.org/x/time to v0.14.0 by @​renovate[bot] in #​2348
• Add Virtual MCP Server proposal by @​JAORMX in #​2106
• Add Dockerfile UBI images for the Operator and ProxyRunner by @​TomerFi in #​2327
• Fix UBI aggregated tag by @​dmartinol in #​2361
• Update registry from toolhive-registry release v2025.10.29 by @​github-actions[bot] in #​2358
• add initial binary implementation for vmcp by @​yrobla in #​2340
• Implement capability discovery and querying for Virtual MCP Server by @​JAORMX in #​2354
• Fix server port when network mode is host by @​blkt in #​2353
• feat: add validation command for vmcp by @​yrobla in #​2364
• Refactor telemetry and audit configuration into dedicated runconfig package by @​ChrisJBurns in #​2356
• adds nil check for runconfig options and logs error in case of parsing SampleRate float by @​ChrisJBurns in #​2367
• Update registry from toolhive-registry release v2025.10.29 by @​github-actions[bot] in #​2368
• Run task lint-fix by @​JAORMX in #​2370
• Add govulncheck by @​rdimitrov in #​2372

Full Changelog: stacklok/toolhive@v0.5.0...v0.5.1

v0.5.0

Compare Source

What's Changed

• Update toolhive images to v0.4.2 by @​renovate[bot] in #​2176
• Increase MCPRemoteProxy readiness probe initial delay to 15 seconds by @​JAORMX in #​2313
• Add /health endpoint to all proxy types for Kubernetes health probes by @​JAORMX in #​2315
• Configure chart-testing to install all charts by @​JAORMX in #​2310
• Update anthropics/claude-code-action digest to f30f5ee by @​renovate[bot] in #​2307
• Update golang.org/x/exp/jsonrpc2 digest to a4bb9ff by @​renovate[bot] in #​2309
• Update anchore/sbom-action action to v0.20.9 by @​renovate[bot] in #​2303
• Add environment variable support for OIDC client secret by @​JAORMX in #​2325
• Fix MCPServer and MCPRemoteProxy operator spec change reconciliation by @​JAORMX in #​2320
• fix: prevent zombie supervisor processes on restart by @​therealnb in #​2306
• Add SecretKeyRef support to InlineOIDCConfig for enhanced secret management by @​JAORMX in #​2324
• Add GitHub.com OAuth authentication provider for token introspection by @​JAORMX in #​2322
• Update registry from toolhive-registry release v2025.10.25 by @​github-actions[bot] in #​2308
• adds new port values for MCPServer CRD by @​ChrisJBurns in #​2330
• Update registry from toolhive-registry release v2025.10.26 by @​github-actions[bot] in #​2331
• Update registry from toolhive-registry release v2025.10.27 by @​github-actions[bot] in #​2332
• Run task operator-manifests by @​JAORMX in #​2334

Full Changelog: stacklok/toolhive@v0.4.2...v0.5.0

v0.4.2

Compare Source

What's Changed

• Add insecure HTTP OIDC support for local development by @​JAORMX in #​2292
• Ignore operator tags when releasing thv CLI by @​eleftherias in #​2304
• Add MCPGroup CRD documentation to operator architecture by @​JAORMX in #​2302

Full Changelog: stacklok/toolhive@v0.4.1...v0.4.2

v0.4.1

Compare Source

🚀 Toolhive v0.4.1 is live!

This release focuses on improved networking flexibility, observability enhancements, and better resource efficiency in Kubernetes deployments.

Networking & Infrastructure
• Added --network option for more flexible network configurations
• Kubernetes agents can now be merged between local and project-specific setups for streamlined deployments

Observability & Telemetry
• Custom OpenTelemetry resource attributes are now supported for richer trace metadata
• Registry data source API added for better integration and data access

Developer Experience
• New /check-contribution command added to Claude integration for easier contribution validation
• Controller helpers extracted into dedicated package for cleaner codebase architecture
• MCPServer CRD size reduced by optimizing PodTemplateSpec handling

Documentation
• Clarified file naming conventions for proposal documents

Dependencies
• Updated ginkgo/v2 → v2.27.1
• Updated cedar-policy/cedar-go → v1.2.8
• Registry synced with toolhive-registry release v2025.10.23
• Toolhive images updated to v0.4.0

👋 Welcome to our newest contributors @​therealnb, @​tgrunnagle, @​dmartinol, @​ChrisJBurns, and @​blkt! 🥳

Change log

• Add a --network option by @​therealnb in #​1867
• Update toolhive images to v0.4.0 by @​JAORMX in #​2284
• Refactor: Extract common controller helpers to dedicated package by @​JAORMX in #​2283
• Add claude /check-contribution command by @​tgrunnagle in #​2290
• fea: Registry API Data Source by @​dmartinol in #​2189
• Update module github.com/onsi/ginkgo/v2 to v2.27.1 by @​renovate[bot] in #​2293
• Merge my local k8s agent with the project-specific one by @​jhrozek in #​2291
• Update module github.com/cedar-policy/cedar-go to v1.2.8 by @​renovate[bot] in #​2294
• Reduce MCPServer CRD size by using runtime.RawExtension for PodTemplateSpec by @​JAORMX in #​2015
• Update registry from toolhive-registry release v2025.10.23 by @​github-actions[bot] in #​2297
• Add Custom OpenTelemetry Resource Attributes Support by @​ChrisJBurns in #​2285
• Clarify file name format for docs/proposals by @​blkt in #​2298
• Fix proposal name. by @​blkt in #​2299

Full Changelog: stacklok/toolhive@v0.4.0...v0.4.1

v0.4.0

Compare Source

🚀 Toolhive v0.4.0 is live!

This release brings major enhancements to Kubernetes integration, MCP server capabilities, and developer tooling support!

Developer Experience
• Added support for Trae IDE and Continue.dev clients for more flexible development workflows
• New Claude Code skills and agents help automate documentation and PR tasks
• Improved developer guide with updated Go version references
• Export command now supports Kubernetes format for easier deployments

Architecture & Documentation
• Added comprehensive architecture documentation
• New MCP _meta field support improves request parsing capabilities
• Registry API has been fully externalized from the core project

MCP & Kubernetes
• Introduced MCPRemoteProxy CRD controller for seamless remote MCP server proxying
• MCPGroup now supported in Kubernetes environments for better organi

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 34 additional dependencies were updated
• The go directive was updated for compatibility reasons

Details:

Package	Change
go	1.25.2 -> 1.25.3
cloud.google.com/go/compute/metadata	v0.8.0 -> v0.8.2
cloud.google.com/go/storage	v1.56.1 -> v1.56.2
github.com/cedar-policy/cedar-go	v1.2.6 -> v1.3.0
github.com/docker/docker	v28.5.1+incompatible -> v28.5.2+incompatible
github.com/go-jose/go-jose/v4	v4.1.2 -> v4.1.3
github.com/goccy/go-json	v0.10.3 -> v0.10.5
github.com/grpc-ecosystem/grpc-gateway/v2	v2.27.2 -> v2.27.3
github.com/jedisct1/go-minisign	v0.0.0-20211028175153-1c139d1cc84b -> v0.0.0-20230811132847-661be99b8267
github.com/lestrrat-go/jwx/v3	v3.0.11 -> v3.0.12
github.com/letsencrypt/boulder	v0.0.0-20240620165639-de9c06129bec -> v0.0.0-20241021211548-844334e04aef
github.com/mark3labs/mcp-go	v0.41.1 -> v0.43.0
github.com/segmentio/asm	v1.2.0 -> v1.2.1
github.com/sirupsen/logrus	v1.9.3 -> v1.9.4-0.20230606125235-dd1b4c2e81af
go.mongodb.org/mongo-driver	v1.14.0 -> v1.17.4
go.opentelemetry.io/proto/otlp	v1.7.1 -> v1.8.0
golang.org/x/crypto	v0.42.0 -> v0.44.0
golang.org/x/exp/event	v0.0.0-20251002181428-27f1f14c8bb9 -> v0.0.0-20251023183803-a4bb9ffd2546
golang.org/x/exp/jsonrpc2	v0.0.0-20251009144603-d2f985daa21b -> v0.0.0-20251113190631-e25ba8c21ef6
golang.org/x/mod	v0.29.0 -> v0.30.0
golang.org/x/net	v0.44.0 -> v0.47.0
golang.org/x/oauth2	v0.32.0 -> v0.33.0
golang.org/x/sync	v0.17.0 -> v0.18.0
golang.org/x/sys	v0.37.0 -> v0.38.0
golang.org/x/term	v0.36.0 -> v0.37.0
golang.org/x/text	v0.29.0 -> v0.31.0
golang.org/x/time	v0.12.0 -> v0.14.0
google.golang.org/api	v0.248.0 -> v0.249.0
google.golang.org/genproto/googleapis/api	v0.0.0-20250826171959-ef028d996bc1 -> v0.0.0-20250929231259-57b25ae835d4
google.golang.org/genproto/googleapis/rpc	v0.0.0-20250826171959-ef028d996bc1 -> v0.0.0-20250929231259-57b25ae835d4
google.golang.org/grpc	v1.75.0 -> v1.76.0
google.golang.org/protobuf	v1.36.9 -> v1.36.10
k8s.io/api	v0.34.1 -> v0.34.2
k8s.io/apimachinery	v0.34.1 -> v0.34.2
k8s.io/client-go	v0.34.1 -> v0.34.2

[github-actions]

🔒 MCP Security Scan Results

✅ adb-mysql-mcp-server

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ agentql-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ arxiv-mcp-server

• Status: Passed
• Tools scanned: 4
• Result: No security issues detected

✅ astra-db-mcp

• Status: Passed
• Tools scanned: 16
• Result: No security issues detected

✅ aws-diagram

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ aws-documentation

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ blender-mcp

• Status: Passed
• Tools scanned: 17
• Result: No security issues detected

✅ brightdata-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ browserbase-mcp-server

• Status: Passed
• Tools scanned: 9
• Result: No security issues detected

✅ chroma-mcp

• Status: Passed
• Tools scanned: 13
• Result: No security issues detected

✅ chrome-devtools-mcp

• Status: Passed
• Tools scanned: 26
• Result: No security issues detected

✅ context7

• Status: Passed
• Tools scanned: 2
• Result: No security issues detected

✅ graphlit-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ heroku-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ ida-pro-mcp

• Status: Passed
• Tools scanned: 48
• Result: No security issues detected

✅ launchdarkly-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ magic-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-clickhouse

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-jetbrains

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-neo4j-aura-manager

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-neo4j-cypher

• Status: Passed
• Tools scanned: 3
• Result: No security issues detected

✅ mcp-neo4j-memory

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-server-box

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-server-circleci

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ mcp-server-neon

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ netbird

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ notion

• Status: Passed
• Tools scanned: 19
• Result: No security issues detected

✅ onchain-mcp

• Status: Passed
• Tools scanned: 10
• Result: No security issues detected

✅ phoenix-mcp

• Status: Passed
• Tools scanned: 19
• Result: No security issues detected

✅ playwright-mcp

• Status: Passed
• Tools scanned: 22
• Result: No security issues detected

✅ sentry-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ supabase-mcp-server

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

✅ tavily-mcp

• Status: Passed
• Tools scanned: 0
• Result: No security issues detected

---

Summary: Scanned 33 MCP server(s), all passed security checks. ✅