Remove enforceServers and image validation from MCPRegistry

[ChrisJBurns]

Summary

The enforceServers feature has been broken since PR #2568 removed data sources from the operator. The {name}-registry-storage ConfigMap that image validation reads from is never created — the StorageManager that populated it was deleted. As a result, enforceServers: true silently does nothing. This PR removes the entire feature rather than attempting to fix it.

Fixes #4717

Medium level

• Removed EnforceServers field from MCPRegistrySpec and the GetStorageName() helper
• Deleted the entire image validation subsystem (image_validation.go, its tests, and the ImageValidator interface)
• Stripped image validation wiring from MCPServer and EmbeddingServer controllers
• Removed ConditionImageValidated and related status condition constants
• Cleaned up main.go (removed imageValidation variable and unused enableRegistry parameter)
• Removed getConfigMapName dead code from registryapi
• Deleted the enforcing example and updated all documentation
• Regenerated CRD manifests and CRD API docs

Low level

File	Change
cmd/thv-operator/api/v1alpha1/mcpregistry_types.go	Remove EnforceServers field and GetStorageName()
cmd/thv-operator/api/v1alpha1/mcpserver_types.go	Remove ConditionImageValidated and ConditionReasonImageValidation* constants
cmd/thv-operator/api/v1alpha1/embeddingserver_types.go	Update comment
cmd/thv-operator/controllers/mcpserver_controller.go	Remove image validation block, helper, unused import
cmd/thv-operator/controllers/embeddingserver_controller.go	Remove ImageValidation field, validateImage method, call site
cmd/thv-operator/controllers/embeddingserver_controller_test.go	Remove TestValidateImage and ImageValidation fields
cmd/thv-operator/controllers/mcpserver_test_helpers_test.go	Remove ImageValidation field
cmd/thv-operator/main.go	Remove imageValidation, enableRegistry param, validation import
cmd/thv-operator/pkg/validation/image_validation.go	Deleted
cmd/thv-operator/pkg/validation/image_validation_test.go	Deleted
cmd/thv-operator/pkg/validation/cedar_validation.go	Add package comment
cmd/thv-operator/pkg/registryapi/manager.go	Remove getConfigMapName
cmd/thv-operator/pkg/registryapi/types_test.go	Remove storage name tests
cmd/thv-operator/test-integration/embedding-server/suite_test.go	Remove ImageValidation field and import
deploy/charts/operator-crds/*/toolhive.stacklok.dev_mcpregistries.yaml	Regenerated
examples/operator/mcp-registries/mcpregistry-enforcing.yaml	Deleted
cmd/thv-operator/REGISTRY.md	Remove image validation section and stale references
docs/arch/06-registry-system.md	Update storage section, remove stale ConfigMap references
docs/operator/crd-api.md	Regenerated

Type of change

• Refactoring (no behavior change)

Test plan

• Linting (task lint-fix) — 0 issues
• Unit tests — all operator packages pass
• Build (go build ./cmd/thv-operator/...) — passes

Does this introduce a user-facing change?

The enforceServers field is removed from the MCPRegistry CRD. This is a no-op in practice — the feature has been silently broken since #2568, so no existing deployment depends on it.

Special notes for reviewers

The regenerated docs/operator/crd-api.md adds ~470 lines of type documentation unrelated to enforceServers. This is expected behavior from crd-ref-docs — it picked up types that were previously missing from the generated output. The diff is noisy but mechanical.

Large PR Justification

• removing a bunch of code, is easier to do in a single PR

Generated with Claude Code

[github-actions]

Large PR Detected

This PR exceeds 1000 lines of changes and requires justification before it can be reviewed.

How to unblock this PR:

Add a section to your PR description with the following format:

## Large PR Justification

[Explain why this PR must be large, such as:]
- Generated code that cannot be split
- Large refactoring that must be atomic
- Multiple related changes that would break if separated
- Migration or data transformation

Alternative:

Consider splitting this PR into smaller, focused changes (< 1000 lines each) for easier review and reduced risk.

See our Contributing Guidelines for more details.

---

This review will be automatically dismissed once you add the justification section.

[codecov]

Codecov Report

❌ Patch coverage is 0% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.93%. Comparing base (691f73a) to head (8e09ddd).
⚠️ Report is 5 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/thv-operator/main.go	0.00%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4776      +/-   ##
==========================================
+ Coverage   68.90%   68.93%   +0.03%     
==========================================
  Files         518      517       -1     
  Lines       54921    54741     -180     
==========================================
- Hits        37843    37736     -107     
+ Misses      14172    14099      -73     
  Partials     2906     2906              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[claude]

---

Additional findings (outside current diff — PR may have been updated during review):

• 🟣 docs/arch/06-registry-system.md:655-664 — This PR correctly removes the stale storage_manager.go reference from docs/arch/06-registry-system.md, but the companion file docs/arch/09-operator-architecture.md (not touched by this PR) still contains at least two references to the deleted file cmd/thv-operator/pkg/sources/storage_manager.go (lines 556 and 566). Since this PR explicitly addressed the same type of stale reference in a neighboring doc, it would be good to clean up 09-operator-architecture.md in the same pass.

  Extended reasoning...

  What the bug is and how it manifests

  docs/arch/09-operator-architecture.md contains multiple references to cmd/thv-operator/pkg/sources/storage_manager.go, a file that was deleted in PR #2568. Specifically, verifiers found at least four stale references in that file: a diagram reference around line 531, a bold link around line 556, a section header 'Storage Manager' around line 562, and an implementation reference around line 566. The file does not exist anywhere in the repository.

  The specific code path that triggers it

  This PR correctly removed the storage section from docs/arch/06-registry-system.md, which previously contained 'Implementation: cmd/thv-operator/pkg/sources/storage_manager.go'. The same cleanup was not applied to docs/arch/09-operator-architecture.md, which references the same deleted path.

  Why existing code does not prevent it

  There is no automated check that validates documentation references against actual file paths in the repository. The stale references survived PR #2568 (which deleted the file) and continued to survive until now because neither that PR nor this one updated 09-operator-architecture.md.

  What the impact would be

  Readers following the architecture documentation will find references to a file that does not exist, which is misleading and undermines the accuracy of the documentation. This is especially confusing given that 06-registry-system.md was explicitly cleaned up in this PR.

  How to fix it

  Remove or update the references to cmd/thv-operator/pkg/sources/storage_manager.go in docs/arch/09-operator-architecture.md, replacing the 'Storage Manager' section and diagram node with accurate descriptions of how storage is now handled (i.e., the registry server fetches and stores data at runtime, as described in the updated 06-registry-system.md).

  Step-by-step proof

  1. PR #2568 deleted cmd/thv-operator/pkg/sources/storage_manager.go.
  2. Neither PR #2568 nor any subsequent PR updated docs/arch/09-operator-architecture.md.
  3. This PR updates docs/arch/06-registry-system.md to remove 'Implementation: cmd/thv-operator/pkg/sources/storage_manager.go' (visible in the diff).
  4. docs/arch/09-operator-architecture.md still contains references to the same deleted file path at multiple lines (confirmed by verifiers via Glob search showing the file does not exist on disk).
  5. A reader consulting the operator architecture doc after this PR would still find broken references that contradict the now-accurate registry system doc.

Large PR justification has been provided. Thank you!

[github-actions]

✅ Large PR justification has been provided. The size review has been dismissed and this PR can now proceed with normal review.