Update stacklok/toolhive to v0.33.0#1005
Conversation
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Claude finished @renovate[bot]'s task in 5m 16s —— View job Upstream release docs — ToolHive v0.33.0Done. Committed source-verified edits for the two doc-relevant PRs in this release.
What changed
Skipped / notes
|
Cover new v0.33.0 features: - Add "Cross-application access (XAA)" section to the vMCP authentication guide, marked experimental, covering the two-step ID-JAG exchange added in stacklok/toolhive#5691. - Note in the rate limiting guide that per-tool vMCP buckets now key on the resolved backend tool name when the optimizer is enabled (stacklok/toolhive#5522). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
|
Claude finished @renovate[bot]'s task in 5m 23s —— View job Editorial review — ToolHive v0.33.0 docsEditorial pass complete. Pushed
Fixes applied
Deliberately skipped
|
Clarify two spots in the new XAA outgoing-auth prose: - "credentials are stored in Kubernetes Secrets" implied the whole IdP/target-AS config was Secret-backed. Only the client secrets are; URLs and client IDs live in the CR spec. - YAML comment on targetAudience called it the "target resource AS", which collides with the sibling targetResource field (RFC 8707 resource indicator). Rewrite as "URL of the target authorization server". Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
jerm-dro
left a comment
There was a problem hiding this comment.
Optimizer / Rate Limit changes LGTM
Switch the reference example to the validated source: discovered pattern, clarify subjectProviderName and idpClientId recommendations, and fix HTTPS enforcement and ID-JAG audience wording.
jhrozek
left a comment
There was a problem hiding this comment.
lgtm with the XAA fixups
This PR contains the following updates:
v0.32.0→v0.33.0After this PR opens,
.github/workflows/upstream-release-docs.ymladds source-verified content edits for the new release. Forstacklok/toolhive, the same workflow also syncs reference assets (CLI help, Swagger) and regenerates the CRD MDX pages.Release Notes
stacklok/toolhive (stacklok/toolhive)
v0.33.0Compare Source
What's Changed
529d8e8by @renovate[bot] in #5520Full Changelog: stacklok/toolhive@v0.32.0...v0.33.0
Configuration
📅 Schedule: (in timezone America/New_York)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Never, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
Docs update for
toolhivev0.33.0At a glance
stacklok/toolhivev0.32.0→v0.33.0Summary of changes
docs/toolhive/guides-vmcp/authentication.mdx, marked experimental, covering the ID-JAG two-step exchange (stacklok/toolhive#5691).docs/toolhive/guides-k8s/rate-limiting.mdxto note that per-tool vMCP rate limits key on the resolved backend tool name when the optimizer is enabled (stacklok/toolhive#5522).Run cost
How this PR was built
Two Claude Opus sessions run per release: a generation pass
(
upstream-release-docsskill, 6 phases) followed by a fresh-context editorial pass (
docs-review). Prettier/ESLintauto-fixes are applied after.
Auto-synced paths — do not hand-edit these in review:
static/api-specs/docs/toolhive/reference/cli/(toolhive only)docs/toolhive/reference/crds/If a "Gaps needing human context" section is present above,
each entry includes a paste-ready Helper prompt for local
Claude a reviewer can use to resolve the gap.