Merged main.

Signed-off-by: Roddie Kieley <[email protected]>

Author: RoddieKieley

.github/workflows/claude.yml

@@ -0,0 +1,48 @@
+name: Claude PR Assistant
+
+on:
+  issue_comment:
+    types: [created]
+  pull_request_review_comment:
+    types: [created]
+  issues:
+    types: [opened, assigned]
+  pull_request_review:
+    types: [submitted]
+
+jobs:
+  claude-code-action:
+    if: |
+      (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) ||
+      (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) ||
+      (github.event_name == 'issues' && contains(github.event.issue.body, '@claude'))
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: read
+      issues: read
+      id-token: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          fetch-depth: 1
+
+      - name: Run Claude PR Action
+        uses: anthropics/claude-code-action@beta
+        with:
+          anthropic_api_key: ${{ secrets.ANTHROPIC_API_KEY }}
+          # Or use OAuth token instead:
+          # claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
+          timeout_minutes: "20"
+          # mode: tag  # Default: responds to @claude mentions
+          # Optional: Restrict network access to specific domains only
+          # experimental_allowed_domains: |
+          #   .anthropic.com
+          #   .github.com
+          #   api.github.com
+          #   .githubusercontent.com
+          #   bun.sh
+          #   registry.npmjs.org
+          #   .blob.core.windows.net

.github/workflows/run-on-main.yml

@@ -19,12 +19,12 @@ jobs:
   e2e-tests:
     name: E2E Tests
     uses: ./.github/workflows/e2e-tests.yml
-  swagger:
-    name: Swagger
-    uses: ./.github/workflows/verify-swagger.yml
+  codegen:
+    name: Codegen
+    uses: ./.github/workflows/verify-gen.yml
   image-build-and-push:
     name: Build and Sign Image
-    needs: [ linting, tests, e2e-tests, swagger ]
+    needs: [ linting, tests, e2e-tests, codegen ]
     permissions:
       contents: write
       packages: write

.github/workflows/run-on-pr.yml

@@ -26,9 +26,9 @@ jobs:
   docs:
     name: Docs
     uses: ./.github/workflows/verify-docgen.yml
-  swagger:
-    name: Swagger
-    uses: ./.github/workflows/verify-swagger.yml
+  codegen:
+    name: Codegen
+    uses: ./.github/workflows/verify-gen.yml
   operator-ci:
     name: Operator CI
     permissions:

CLAUDE.md

@@ -193,5 +193,9 @@ Follow conventional commit format:
 
 ## Development Best Practices
 
-- **Linting**: 
+- **Linting**:
   - Prefer `lint-fix` to `lint` since `lint-fix` will fix problems automatically.
+- **Commit messages and PR titles**:
+  - Refer to the `CONTRIBUTING.md` file for guidelines on commit message format
+    conventions.
+  - Do not use "Conventional Commits", e.g. starting with `feat`, `fix`, `chore`, etc.

cmd/thv-operator/controllers/mcpserver_controller.go

@@ -22,6 +22,7 @@ import (
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/intstr"
+	"k8s.io/utils/ptr"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
@@ -556,6 +557,23 @@ func (r *MCPServerReconciler) deploymentForMCPServer(m *mcpv1alpha1.MCPServer) *
 		}
 	}
 
+	// Prepare ProxyRunner's pod and container security context
+	proxyRunnerPodSecurityContext := &corev1.PodSecurityContext{
+		RunAsNonRoot: ptr.To(true),
+		RunAsUser:    ptr.To(int64(1000)),
+		RunAsGroup:   ptr.To(int64(1000)),
+		FSGroup:      ptr.To(int64(1000)),
+	}
+
+	proxyRunnerContainerSecurityContext := &corev1.SecurityContext{
+		Privileged:               ptr.To(false),
+		RunAsNonRoot:             ptr.To(true),
+		RunAsUser:                ptr.To(int64(1000)),
+		RunAsGroup:               ptr.To(int64(1000)),
+		AllowPrivilegeEscalation: ptr.To(false),
+		ReadOnlyRootFilesystem:   ptr.To(true),
+	}
+
 	env = ensureRequiredEnvVars(env)
 
 	dep := &appsv1.Deployment{
@@ -612,8 +630,10 @@ func (r *MCPServerReconciler) deploymentForMCPServer(m *mcpv1alpha1.MCPServer) *
 							TimeoutSeconds:      3,
 							FailureThreshold:    3,
 						},
+						SecurityContext: proxyRunnerContainerSecurityContext,
 					}},
-					Volumes: volumes,
+					Volumes:         volumes,
+					SecurityContext: proxyRunnerPodSecurityContext,
 				},
 			},
 		},

cmd/thv-operator/controllers/mcpserver_pod_template_test.go

@@ -344,6 +344,53 @@ func TestDeploymentForMCPServerWithEnvVars(t *testing.T) {
 	assert.True(t, debugModeArgFound, "DEBUG_MODE should be passed as --env flag")
 }
 
+func TestProxyRunnerSecurityContext(t *testing.T) {
+	t.Parallel()
+
+	// Create a test MCPServer
+	mcpServer := &mcpv1alpha1.MCPServer{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "test-mcp-server-env",
+			Namespace: "default",
+		},
+		Spec: mcpv1alpha1.MCPServerSpec{
+			Image:     "test-image:latest",
+			Transport: "stdio",
+			Port:      8080,
+		},
+	}
+
+	// Register the scheme
+	s := scheme.Scheme
+	s.AddKnownTypes(mcpv1alpha1.GroupVersion, &mcpv1alpha1.MCPServer{})
+	s.AddKnownTypes(mcpv1alpha1.GroupVersion, &mcpv1alpha1.MCPServerList{})
+
+	// Create a reconciler with the scheme
+	r := &MCPServerReconciler{
+		Scheme: s,
+	}
+
+	// Generate the deployment
+	deployment := r.deploymentForMCPServer(mcpServer)
+	require.NotNil(t, deployment, "Deployment should not be nil")
+
+	// Check that the ProxyRunner's pod and container security context are set
+	proxyRunnerPodSecurityContext := deployment.Spec.Template.Spec.SecurityContext
+	require.NotNil(t, proxyRunnerPodSecurityContext, "ProxyRunner pod security context should not be nil")
+	assert.True(t, *proxyRunnerPodSecurityContext.RunAsNonRoot, "ProxyRunner pod RunAsNonRoot should be true")
+	assert.Equal(t, int64(1000), *proxyRunnerPodSecurityContext.RunAsUser, "ProxyRunner pod RunAsUser should be 1000")
+	assert.Equal(t, int64(1000), *proxyRunnerPodSecurityContext.RunAsGroup, "ProxyRunner pod RunAsGroup should be 1000")
+	assert.Equal(t, int64(1000), *proxyRunnerPodSecurityContext.FSGroup, "ProxyRunner pod FSGroup should be 1000")
+
+	proxyRunnerContainerSecurityContext := deployment.Spec.Template.Spec.Containers[0].SecurityContext
+	require.NotNil(t, proxyRunnerContainerSecurityContext, "ProxyRunner container security context should not be nil")
+	assert.False(t, *proxyRunnerContainerSecurityContext.Privileged, "ProxyRunner container Privileged should be false")
+	assert.True(t, *proxyRunnerContainerSecurityContext.RunAsNonRoot, "ProxyRunner container RunAsNonRoot should be true")
+	assert.Equal(t, int64(1000), *proxyRunnerContainerSecurityContext.RunAsUser, "ProxyRunner container RunAsUser should be 1000")
+	assert.Equal(t, int64(1000), *proxyRunnerContainerSecurityContext.RunAsGroup, "ProxyRunner container RunAsGroup should be 1000")
+	assert.False(t, *proxyRunnerContainerSecurityContext.AllowPrivilegeEscalation, "ProxyRunner container AllowPrivilegeEscalation should be false")
+}
+
 // Helper functions
 func boolPtr(b bool) *bool {
 	return &b

cmd/thv-proxyrunner/app/run.go

@@ -8,6 +8,7 @@ import (
 	"github.com/spf13/cobra"
 
 	"github.com/stacklok/toolhive/pkg/container"
+	"github.com/stacklok/toolhive/pkg/environment"
 	"github.com/stacklok/toolhive/pkg/logger"
 	"github.com/stacklok/toolhive/pkg/registry"
 	"github.com/stacklok/toolhive/pkg/runner"
@@ -237,6 +238,12 @@ func runCmdFunc(cmd *cobra.Command, args []string) error {
 
 	var imageMetadata *registry.ImageMetadata
 
+	// Parse environment variables from slice to map
+	envVarsMap, err := environment.ParseEnvironmentVariables(runEnv)
+	if err != nil {
+		return fmt.Errorf("failed to parse environment variables: %v", err)
+	}
+
 	// Initialize a new RunConfig with values from command-line flags
 	runConfig, err := runner.NewRunConfigBuilder().
 		WithRuntime(rt).
@@ -261,7 +268,7 @@ func runCmdFunc(cmd *cobra.Command, args []string) error {
 		WithTelemetryConfig(finalOtelEndpoint, runOtelEnablePrometheusMetricsPath, runOtelServiceName,
 			finalOtelSamplingRate, runOtelHeaders, runOtelInsecure, finalOtelEnvironmentVariables).
 		WithToolsFilter(runToolsFilter).
-		Build(ctx, imageMetadata, runEnv, envVarValidator)
+		Build(ctx, imageMetadata, envVarsMap, envVarValidator)
 	if err != nil {
 		return fmt.Errorf("failed to create RunConfig: %v", err)
 	}

cmd/thv/app/mcp_serve_helpers.go

@@ -66,11 +66,11 @@ func buildServerConfig(
 	builder = builder.WithTransportAndPorts(transport, 0, 0)
 
 	// Prepare environment variables
-	envVarsList := prepareEnvironmentVariables(imageMetadata, args.Env)
+	envVars := prepareEnvironmentVariables(imageMetadata, args.Env)
 
 	// Build the configuration
 	envVarValidator := &runner.DetachedEnvVarValidator{}
-	return builder.Build(ctx, imageMetadata, envVarsList, envVarValidator)
+	return builder.Build(ctx, imageMetadata, envVars, envVarValidator)
 }
 
 // configureTransport sets up transport configuration from metadata
@@ -88,7 +88,7 @@ func configureTransport(builder *runner.RunConfigBuilder, imageMetadata *registr
 }
 
 // prepareEnvironmentVariables merges default and user environment variables
-func prepareEnvironmentVariables(imageMetadata *registry.ImageMetadata, userEnv map[string]string) []string {
+func prepareEnvironmentVariables(imageMetadata *registry.ImageMetadata, userEnv map[string]string) map[string]string {
 	envVarsMap := make(map[string]string)
 
 	// Add default environment variables from metadata
@@ -105,13 +105,7 @@ func prepareEnvironmentVariables(imageMetadata *registry.ImageMetadata, userEnv
 		envVarsMap[k] = v
 	}
 
-	// Convert map to []string format
-	var envVarsList []string
-	for k, v := range envVarsMap {
-		envVarsList = append(envVarsList, fmt.Sprintf("%s=%s", k, v))
-	}
-
-	return envVarsList
+	return envVarsMap
 }
 
 // saveAndRunServer saves the configuration and runs the server

cmd/thv/app/proxy.go

@@ -171,9 +171,10 @@ func init() {
 	if err := proxyCmd.MarkFlagRequired("target-uri"); err != nil {
 		logger.Warnf("Warning: Failed to mark flag as required: %v", err)
 	}
-
-	// Attach the subcommand to the main proxy command
+	// Attach the subcommands to the main proxy command
 	proxyCmd.AddCommand(proxyTunnelCmd)
+	proxyCmd.AddCommand(proxyStdioCmd)
+
 }
 
 func proxyCmdFunc(cmd *cobra.Command, args []string) error {

cmd/thv/app/proxy_stdio.go

@@ -0,0 +1,53 @@
+package app
+
+import (
+	"fmt"
+	"os/signal"
+	"syscall"
+
+	"github.com/spf13/cobra"
+
+	"github.com/stacklok/toolhive/pkg/logger"
+	"github.com/stacklok/toolhive/pkg/transport"
+	"github.com/stacklok/toolhive/pkg/workloads"
+)
+
+var proxyStdioCmd = &cobra.Command{
+	Use:   "stdio WORKLOAD-NAME",
+	Short: "Create a stdio-based proxy for an MCP server",
+	Long: `Create a stdio-based proxy that connects stdin/stdout to a target MCP server.
+
+Example:
+  thv proxy stdio my-workload
+`,
+	Args: cobra.ExactArgs(1),
+	RunE: proxyStdioCmdFunc,
+}
+
+func proxyStdioCmdFunc(cmd *cobra.Command, args []string) error {
+	ctx, cancel := signal.NotifyContext(cmd.Context(), syscall.SIGINT, syscall.SIGTERM)
+	defer cancel()
+
+	workloadName := args[0]
+	workloadManager, err := workloads.NewManager(ctx)
+	if err != nil {
+		return fmt.Errorf("failed to create workload manager: %w", err)
+	}
+	stdioWorkload, err := workloadManager.GetWorkload(ctx, workloadName)
+	if err != nil {
+		return fmt.Errorf("failed to get workload %q: %w", workloadName, err)
+	}
+	logger.Infof("Starting stdio proxy for workload=%q", workloadName)
+
+	bridge, err := transport.NewStdioBridge(workloadName, stdioWorkload.URL, stdioWorkload.TransportType)
+	if err != nil {
+		return fmt.Errorf("failed to create stdio bridge: %w", err)
+	}
+	bridge.Start(ctx)
+
+	// Consume until interrupt
+	<-ctx.Done()
+	logger.Info("Shutting down bridge")
+	bridge.Shutdown()
+	return nil
+}