v0.30.0

🚀 Toolhive v0.30.0 is live!

This release expands the Virtual MCP server with rate limiting, header passthrough, and high-availability building blocks, introduces a new backend-agnostic authorization CRD, and hardens every MCP proxy against request-body and slow-client denial-of-service vectors — alongside the continuing vMCP core-extraction refactor.

⚠️ Breaking Changes

• AuthorizerFactory Go interface gains a required ConfigKey() method — out-of-tree Go code that implements its own authorizer backend must add the method to compile. Kubernetes, CRD, and CLI users are not affected. (migration guide)

Migration guide: AuthorizerFactory.ConfigKey()

Who is affected: Only downstream Go developers who import ToolHive as a module and implement the pkg/authz/authorizers.AuthorizerFactory interface themselves (a private fork or closed-source authorizer backend). All in-tree backends (Cedar → "cedar", HTTP PDP → "pdp") and test mocks are migrated in this release. The JSON config envelope ({"version","type","<configKey>": ...}) is unchanged, so Kubernetes/operator, CRD, and thv CLI users are unaffected.

The interface gained a new required method ConfigKey() string, and Register() now panics at startup if a factory returns a reserved key ("", "version", or "type").

Before

type MyFactory struct{}

func (*MyFactory) ValidateConfig(rawConfig json.RawMessage) error { /* ... */ }
func (*MyFactory) CreateAuthorizer(rawConfig json.RawMessage, serverName string) (authorizers.Authorizer, error) { /* ... */ }

func init() {
    authorizers.Register("mybackend", &MyFactory{})
}

After

type MyFactory struct{}

// New: required by AuthorizerFactory in v0.30.0.
// Must be non-empty and not "version" or "type".
func (*MyFactory) ConfigKey() string { return "mybackend" }

func (*MyFactory) ValidateConfig(rawConfig json.RawMessage) error { /* unchanged */ }
func (*MyFactory) CreateAuthorizer(rawConfig json.RawMessage, serverName string) (authorizers.Authorizer, error) { /* unchanged */ }

func init() {
    authorizers.Register("mybackend", &MyFactory{}) // now panics if ConfigKey() is reserved
}

Migration steps

1. Add a ConfigKey() string method to each out-of-tree AuthorizerFactory implementation, returning the non-empty JSON key under which your backend's config is nested.
2. Ensure the returned key is not "", "version", or "type", and does not collide with in-tree keys ("cedar", "pdp").
3. Recompile. No changes to ValidateConfig/CreateAuthorizer and no wire-format/JSON changes are required.

PR: #4777

🆕 New Features

• Rate limiting can now be configured on a VirtualMCPServer via spec.config.rateLimiting (shared and per-user token buckets, backed by Redis session storage). (#5276)
• New backend-agnostic MCPAuthzConfig CRD decouples authorization config from workloads and lets any registered authorizer backend (Cedar, HTTP PDP) be referenced via authzConfigRef on MCPServer, MCPRemoteProxy, and VirtualMCPServer. (#4777)
• VirtualMCPServer gains spec.passthroughHeaders, an allowlist of incoming header names that vMCP forwards unchanged to every backend it calls — enabling backends that authenticate per-user from a header (e.g. x-mcp-api-key) to be used through vMCP. (#5466)
• MCPRemoteProxy gains spec.replicas and spec.sessionStorage for high availability, mirroring MCPServer and VirtualMCPServer: run multiple replicas behind a load balancer with Redis-backed shared session state. (#5237)
• The obo external-auth type on MCPExternalAuthConfig now exposes a real configuration schema (tenantId, authority, clientId, clientSecretRef, audience, scopes, subjectTokenProviderName, cacheSkew) for the Microsoft Entra On-Behalf-Of flow; the type remains inert in upstream builds (reports Valid=False / EnterpriseRequired). (#5494)
• New disableUpstreamTokenInjection flag on the embedded auth server authenticates MCP clients via OAuth while forwarding an unauthenticated request to the backend — useful for proxying public MCP servers with client-side auth. (#4168)
• thv llm setup, thv llm token, and thv llm proxy start gain a --skip-browser flag that prints the OIDC authorization URL instead of opening a browser, for headless/SSH/CI environments. (#5533)

🐛 Bug Fixes

• Inbound request bodies on the MCP proxies (streamable, httpsse, transparent) and the vMCP server are now capped at 8MB and rejected with 413 Request Entity Too Large before buffering, closing an unbounded-buffering memory-exhaustion vector (embedded OAuth endpoints are capped at 64KB). Behavior change: clients sending a single message larger than 8MB — e.g. large inline base64 content — will now be rejected; the limit is not yet configurable. (#5492)
• A 30-second request read timeout is now applied to the proxy servers, the management API server, and thv mcp serve, preventing slow or stalled uploads from holding connections open indefinitely. Behavior change: request reads taking longer than 30s are terminated; long-lived SSE/streaming responses are unaffected, and the timeout is not yet configurable. (#5501)
• The transparent proxy no longer forwards X-Forwarded-Host to remote upstreams, fixing cross-host redirect loops where upstreams echoed the proxy hostname; X-Forwarded-For and X-Forwarded-Proto are still sent. (#4168)

🧹 Misc

• Carry RateLimitMiddleware through the vMCP buildServeConfig path so the field is not dropped during the Serve migration (fixes a broken main). (#5500)
• Apply the compound (kind, name) listMapKey to MCPOIDCConfigStatus and MCPExternalAuthConfigStatus referencingWorkloads so cross-kind name reuse stays distinct under merge-patch (data-safe schema change). (#5508)
• Migrate the MCPOIDCConfig and MCPExternalAuthConfig controllers to MutateAndPatchStatus/MutateAndPatchSpec to avoid clobbering foreign-owned status conditions. (#5509)
• Route the vMCP Serve path through the core for capability advertising and call routing, replacing the discovery-into-context middleware. (#5491)
• Label the audit backend at the call site on the Serve path to eliminate per-request capability re-aggregation. (#5512)
• Add vMCP core/server config derivation helpers, consolidating transport defaulting to a single edge resolver. (#5513)
• Add a generic RunConfig seam (AdditionalMiddlewareConfigs) for handler-supplied middleware configs. (#5495)
• Add Serve-path test coverage for authz/annotation omission and for the AS runner, status reporter, optimizer, and health-monitor lifecycles. (#5482, #5506)
• Add an integration test for the MCPOIDCConfig → oidcConfigRef → runconfig path. (#5536)
• Add reference docs and a kind-cluster upgrade-guide walkthrough for the storage-version migrator. (#5451)
• Add a /retest comment workflow (with trusted-user gating and app-owner support) to re-run failed GitHub Actions. (#5510, #5515)
• Fix the Generate Release Notes workflow to trigger via workflow_run instead of the unsupported release event. (#5490)
• Pre-pull the time server image in the proxy E2E job to stop intermittent flakes. (#5534)

📦 Dependencies

Module	Version
container / docker libraries	v0.21.6
aws-sdk-go-v2 monorepo	v1.32.25
github.com/pressly/goose/v3	v3.27.1
github.com/lestrrat-go/httprc/v3	v3.0.6
golang.org/x/exp/jsonrpc2	c48552f (digest)
anthropics/claude-code-action	d5726de (digest)

Full commit log

What's Changed

• Trigger release notes via workflow_run not release event by @reyortiz3 in #5490
• Cover Serve-path authz and annotation-enrichment omission by @tgrunnagle in #5482
• Add storage-version migration docs + upgrade-guide walkthrough by @ChrisJBurns in #5451
• Configure rate limits on VirtualMCPServer PR B 1 by @Sanskarzz in #5276
• Carry RateLimitMiddleware through vMCP buildServeConfig by @ChrisJBurns in #5500
• Add MCPAuthzConfig CRD for backend-agnostic authorization by @JAORMX in #4777
• Add request timeouts to MCP proxy servers by @ChrisJBurns in #5501
• Enforce request body size limits on proxies and vMC...

v0.29.3

🚀 Toolhive v0.29.3 is live!

A small maintenance release that makes ToolHive's unauthenticated proxy default visible — surfacing it in logs and docs in response to GHSA-hfrv-94x5-85p2 — alongside internal release-tooling automation. No breaking changes and no behavioral changes to existing deployments.

🐛 Bug Fixes

• An MCPServer, MCPRemoteProxy, standalone CLI, or vMCP running without OIDCConfigRef (or any other auth source) now emits a Warn-level log stating that every request is forwarded under a synthetic local-user identity with no credential check, and the README/CRD docs are corrected to describe identity enforcement as conditional on configuring an authentication source — the unauthenticated default itself is unchanged (#5488)

🧹 Misc

• Release notes generation and the Slack release announcement are now automated in CI when a release is published, keeping a maintainer in the loop via review-then-publish (#5487)

📦 Dependencies

Module	Version
github.com/stacklok/toolhive-catalog	v0.20260610.0

Full commit log

What's Changed

• Update module github.com/stacklok/toolhive-catalog to v0.20260610.0 by @renovate[bot] in #5485
• Automate release notes generation and Slack announce by @reyortiz3 in #5487
• Surface unauthenticated proxy default in logs and docs by @ChrisJBurns in #5488
• Release v0.29.3 by @toolhive-release-app[bot] in #5489

Full Changelog: v0.29.2...v0.29.3

🔗 Full changelog: v0.29.2...v0.29.3

What's Changed

• Update module github.com/stacklok/toolhive-catalog to v0.20260610.0 by @renovate[bot] in #5485
• Automate release notes generation and Slack announce by @reyortiz3 in #5487
• Surface unauthenticated proxy default in logs and docs by @ChrisJBurns in #5488
• Release v0.29.3 by @toolhive-release-app[bot] in #5489

Full Changelog: v0.29.2...v0.29.3

v0.29.2

🚀 Toolhive v0.29.2 is live!

A hardening-focused patch release: two security fixes, an operator-chart regression safety net via helm-unittest, an OTLP header delivery fix, an OAuth public-client TTL fix, continued vMCP New/Serve refactor scaffolding, and the deprecation of the MCPRegistry CRD.

🔄 Deprecations

• MCPRegistry CRD deprecated in favour of the toolhive-registry-server Helm chart — the CRD remains fully functional but now emits a kubectl deprecation warning and an operator Warning event; it will be removed in a future release (#5470)

🐛 Bug Fixes

• OAuth/OIDC discovery endpoints (RFC 9728 protected-resource metadata, RFC 8414 authorization-server metadata, OIDC discovery, JWKS) now work for stdio-backed MCP servers with an embedded auth server, instead of returning 404 (#5479)
• Long-lived public OAuth clients registered via Dynamic Client Registration are no longer evicted after 30 days of active use — their TTL now refreshes on each successful token exchange, preventing spurious invalid_client failures (#5469)
• OTLP exporter headers supplied via OTEL_EXPORTER_OTLP_HEADERS are no longer silently dropped on the POST /api/v1/workloads path, so collectors requiring an auth header now receive telemetry ([#5474]#5474))
• Overriding operator.serviceAccount.name in the operator Helm chart no longer breaks the deployment — every reference now routes through the same serviceAccountName helper (#5476)
• Prevented a path-traversal weakness in LocalStore.getFilePath so state-store file operations can no longer escape the base directory (#5464, Fixes [#4736]#4736))
• Added baseline X-Content-Type-Options: nosniff and Cross-Origin-Resource-Policy: same-origin security headers to every thv REST API response (#5458)

🧹 Misc

• vMCP refactor (epic #5419): introduced a stateless, identity-explicit core VMCP constructor (#5457), added the Serve transport skeleton and ServerConfig (#5467), wired the Cedar admission seam into the core so list and call enforce one shared decision (#5459), moved the SDK hooks and two-phase session creation under Serve (#5471), and domain-typed the elicitation seam (#5456) — all additive, with server.New behavior unchanged
• Added helm-unittest regression coverage for the operator and operator-crds charts: CRD install/keep toggles (#5468), a default-install baseline ([#5473]#5473)), value-driven scenario suites ([#5475]#5475)), and security-posture/naming suites (#5477)
• Documented the Redis Cluster slot invariant and filtered stray un-prefixed members in the auth-server token storage (#5210)

📦 Dependencies

Module	Version
github.com/stacklok/toolhive-core	v0.0.24
golang.org/x/exp/jsonrpc2	055de63
github/codeql-action	8aad20d
anthropics/claude-code-action	fbda2eb

What's Changed

• Domain-type the ElicitationRequester seam by @tgrunnagle in #5456
• fix(api): add X-Content-Type-Options and Cross-Origin-Resource-Policy headers by @amirejaz in #5458
• Update golang.org/x/exp/jsonrpc2 digest to 055de63 by @renovate[bot] in #5463
• Update github/codeql-action digest to 8aad20d by @renovate[bot] in #5462
• Update anthropics/claude-code-action digest to fbda2eb by @renovate[bot] in #5460
• Implement stateless core VMCP constructor by @tgrunnagle in #5457
• Add helm-unittest suite for operator-crds toggles by @ChrisJBurns in #5468
• Wire Cedar admission seam into vMCP core by @tgrunnagle in #5459
• Add vMCP Serve skeleton and ServerConfig by @tgrunnagle in #5467
• Add helm-unittest baseline for operator chart by @ChrisJBurns in #5473
• Deprecate MCPRegistry CRD with runtime warning by @ChrisJBurns in #5470
• Add scenario helm-unittest suites for operator chart by @ChrisJBurns in #5475
• Send OTLP export headers delivered via EnvVars by @reyortiz3 in #5474
• Fix operator ServiceAccount name consistency by @ChrisJBurns in #5476
• Add operator chart helm-unittest suites for posture and naming by @ChrisJBurns in #5477
• Update module github.com/stacklok/toolhive-core to v0.0.23 by @renovate[bot] in #5317
• Renew public client TTL on successful token exchange by @mani-muon in #5469
• Update module github.com/stacklok/toolhive-core to v0.0.24 by @reyortiz3 in #5480
• Prevent path traversal in LocalStore.getFilePath by @immanuwell in #5464
• Move SDK hooks and two-phase session creation under Serve by @tgrunnagle in #5471
• Wire RFC 9728 discovery into HTTP and stdio transports by @jhrozek in #5479
• Address Redis Cluster mode review follow-ups for #5153 by @reyortiz3 in #5210
• Remove yrobla from CODEOWNERS by @ChrisJBurns in #5486
• Release v0.29.2 by @toolhive-release-app[bot] in #5484

🔗 Full changelog: v0.29.1...v0.29.2

New Contributors

• @mani-muon made their first contribution in #5469

v0.29.1

What's Changed

• Bump CI actions off deprecated Node.js 20 by @rdimitrov in #5421
• Add missing active contributors to CODEOWNERS by @amirejaz in #5423
• Add lazy mode to thv llm setup by @ChrisJBurns in #5427
• Clarify lazy-mode deferred-login message by @ChrisJBurns in #5429
• Bump testcontainers-go to v0.42.0 to drop docker/docker by @rdimitrov in #5449
• Thread VirtualMCPServer name into Cedar authz middleware by @jhrozek in #5448
• Define VMCP core interface and Config contract by @tgrunnagle in #5450
• Pin BackendID through the advertising filter (tests) by @tgrunnagle in #5452
• Release v0.29.1 by @toolhive-release-app[bot] in #5453

Full Changelog: v0.29.0...v0.29.1

v0.29.0

What's Changed

• Admit obo in MCPExternalAuthConfig CRD enum by @tgrunnagle in #5361
• Consolidate authserver DCR types onto pkg/oauthproto by @tgrunnagle in #5372
• Add CIMD storage decorator for embedded AS by @amirejaz in #5343
• Address post-approval review feedback on VirtualMCPServer authz by @blkt in #5368
• Clear all cached registry tokens on logout by @rdimitrov in #5382
• Wire CIMD config through embedded AS and enable storage decorator by @amirejaz in #5348
• Refresh docs/arch/ to match current codebase by @JAORMX in #5388
• Freeze MCPServer generation per pod via downward API by @ChrisJBurns in #5364
• Add StorageVersionMigrator controller (opt-in, default off) by @ChrisJBurns in #5362
• Fixed VirtualMCPCompositeToolDefinition printer columns output by @Sanskarzz in #5380
• Delete .claude/skills/pr-review directory by @ChrisJBurns in #5392
• Update github/codeql-action digest to 7211b7c by @renovate[bot] in #5375
• Update module github.com/stacklok/toolhive-catalog to v0.20260529.0 by @renovate[bot] in #5342
• Update anthropics/claude-code-action digest to 787c5a0 by @renovate[bot] in #5374
• Opt 12 v1beta1 CRDs into storage-version migration + CI guard by @ChrisJBurns in #5391
• chore: add needs-triage caller workflow by @dussab in #5398
• Update module github.com/stacklok/toolhive-catalog to v0.20260529.0 by @renovate[bot] in #5396
• Add 'thv mcp call' for invoking MCP server tools by @JAORMX in #5389
• Update aws-sdk-go-v2 monorepo by @renovate[bot] in #5406
• Update golang.org/x/exp/jsonrpc2 digest to c761662 by @renovate[bot] in #5404
• Update go.starlark.net digest to ec58d4b by @renovate[bot] in #5376
• Deprecate Roo Code client integration by @danbarr in #5415
• Fall back to request-token claims for opaque upstream tokens by @cjohnhanson in #5147
• Persist config backward-compat migrations to load path by @danbarr in #5416
• Isolate skills client discovery in default-client test by @danbarr in #5417
• dcr: support RFC 8414 §3.1 path-insertion in discovery-URL → issuer derivation by @juzerpatanwala in #5395
• Add workload upgrade detection package by @JAORMX in #5407
• Bind vMCP sessions to OIDC identity, not raw token bytes by @jhrozek in #5378
• Add upgrade-check REST endpoints for workloads by @JAORMX in #5408
• Add thv upgrade check and list --check-upgrades by @JAORMX in #5409
• Add Applier for upgrading workloads in place by @JAORMX in #5410
• Surface StorageVersionMigrator behind chart feature flag (opt-in) by @ChrisJBurns in #5418
• Validate CIMD scope, grant_types and response_types against AS policy by @amirejaz in #5385
• Add upgrade apply for the CLI and API by @JAORMX in #5411
• Add e2e coverage and lifecycle docs for upgrades by @JAORMX in #5412
• Update goreleaser/goreleaser-action digest to 5daf1e9 by @renovate[bot] in #5405
• Expose CIMD config in MCPExternalAuthConfig CRD by @amirejaz in #5384
• Update module github.com/stacklok/toolhive-catalog to v0.20260603.0 by @renovate[bot] in #5413
• Migrate container client to moby/moby modules by @rdimitrov in #5420
• Ignore go1.26.4 stdlib vulns in govulncheck until toolchain bump by @rdimitrov in #5425
• Release v0.29.0 by @toolhive-release-app[bot] in #5424

New Contributors

• @cjohnhanson made their first contribution in #5147
• @juzerpatanwala made their first contribution in #5395

Full Changelog: v0.28.3...v0.29.0

v0.28.3

What's Changed

• Resolve authz ConfigMap for VirtualMCPServer by @blkt in #5290
• Upgrade golang.org/x/crypto to v0.52.0 by @amirejaz in #5366
• Enable Renovate vulnerability alerts to trigger immediately by @amirejaz in #5367
• Restore ServerBuilder.WithMiddleware and WithRoute by @reyortiz3 in #5369
• Mirror MCPExternalAuthConfig Valid=False onto consumer CR conditions by @tgrunnagle in #5354
• Release v0.28.3 by @toolhive-release-app[bot] in #5370

Full Changelog: v0.28.2...v0.28.3

v0.28.2

What's Changed

• Honor --allow-private-ip on thv registry login --registry by @reyortiz3 in #5353
• Remove unreachable functions identified by deadcode analysis by @ChrisJBurns in #5355
• Fix DCR failure for authorization servers with non-root issuer paths by @amirejaz in #5357
• Wire OBO dispatch arms and reconciler branch by @tgrunnagle in #5345
• Release v0.28.2 by @toolhive-release-app[bot] in #5363

Full Changelog: v0.28.1...v0.28.2

v0.28.1

What's Changed

• Use shared toolhive-core redis client for session storage by @reyortiz3 in #5324
• Bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 by @dependabot[bot] in #5330
• fix(operator): inject THV_SESSION_REDIS_PASSWORD for MCPServer by @dallinstevens in #5286
• fix: validate k8s export volume format by @immanuwell in #5319
• Update dependency kyverno/chainsaw to v0.2.15 by @renovate[bot] in #5297
• Update kyverno/action-install-chainsaw action to v0.2.15 by @renovate[bot] in #5298
• Update module github.com/pelletier/go-toml/v2 to v2.3.1 by @renovate[bot] in #5311
• Use events.k8s.io in registry-api Role by @rdimitrov in #5340
• Preserve fresh per-request identity in vMCP backend transports by @tgrunnagle in #5335
• Factor thv-operator main into app.Run; add proxyrunner Run helper by @tgrunnagle in #5332
• Add CIMD document fetch/validate and extend SSRF protections by @amirejaz in #5320
• Add default OBO handler hooks and vMCP/proxy converter stubs by @tgrunnagle in #5338
• Inject spawn seam in RunWorkloadDetached to stop orphan test processes by @tgrunnagle in #5346
• Release v0.28.1 by @toolhive-release-app[bot] in #5352

New Contributors

• @immanuwell made their first contribution in #5319

Full Changelog: v0.28.0...v0.28.1

v0.28.0

What's Changed

• Update module github.com/modelcontextprotocol/registry to v1.7.7 [SECURITY] by @renovate[bot] in #5230
• Add TOOLHIVE_SKIP_UPDATE_CHECK env var to disable update checks by @lujunsan in #5264
• Add RFC 7523 JWT Bearer grant package by @jhrozek in #5262
• Extract DCR resolver into pkg/auth/dcr by @tgrunnagle in #5198
• Wire identityFromToken into the OAuth2 upstream provider by @jhrozek in #5222
• Add API endpoint to refresh the registry cache by @rdimitrov in #5268
• Retry OAuth token refresh on infrastructure 4xx by @gkatz2 in #5170
• docs: remove stale chart version bump guidance from check-contribution skill by @wucm667 in #5211
• Configure rate limits on VirtualMCPServer PR A by @Sanskarzz in #5079
• Migrate CLI OAuth flow to pkg/auth/dcr resolver by @tgrunnagle in #5250
• Drop legacy registry schema from release artifacts by @rdimitrov in #5273
• Watch authz ConfigMaps from VirtualMCPServer by @blkt in #5271
• Split api-workloads E2E suite into parallel entries by @jhrozek in #5275
• Update module github.com/stacklok/toolhive-catalog to v0.20260513.0 by @renovate[bot] in #5274
• Add identityFromToken to MCPExternalAuthConfig CRD by @jhrozek in #5269
• Reset RunWorkload retry counter after stable run by @gkatz2 in #5172
• Drop per-component CRD and controller gating from operator install by @ChrisJBurns in #5281
• Fix wrapper name in api-compat workflow comments by @ChrisJBurns in #5282
• Pin helm-crd-wrapper to v0.0.1 by @ChrisJBurns in #5283
• Fix operator RBAC for event recording by @pl4nty in #5243
• Add GitHub Copilot CLI as a supported MCP client by @danbarr in #5287
• Wire identityFromToken through authserver config and runtime by @jhrozek in #5285
• References printcolumn shows raw JSON instead of useful summary by @Sanskarzz in #5267
• Fix audit events logged as INFO+2 instead of AUDIT by @kimjune01 in #5256
• Update github/codeql-action digest to 9e0d7b8 by @renovate[bot] in #5295
• Update module github.com/cedar-policy/cedar-go to v1.6.1 by @renovate[bot] in #5307
• Update golang.org/x/exp/jsonrpc2 digest to 74f9aab by @renovate[bot] in #5296
• Update module github.com/google/cel-go to v0.28.1 by @renovate[bot] in #5309
• Deep-copy shared fixtures in mapMCPServerToWebhookConfig subtests by @jhrozek in #5310
• Add --session-ttl flag and fix three session timeout bugs by @JAORMX in #5117
• Update module github.com/charmbracelet/x/ansi to v0.11.7 by @renovate[bot] in #5308
• Deflake transientRefresher singleflight test by @jhrozek in #5312
• Move HeaderForward helpers to pkg/vmcp/headerforward by @lorr1 in #5302
• Update anthropics/claude-code-action digest to 51ea8ea by @renovate[bot] in #5294
• Update module github.com/stacklok/toolhive-catalog to v0.20260518.0 by @renovate[bot] in #5313
• Bump toolhive-core on release day via Renovate by @reyortiz3 in #5315
• Drop empty PULLS column from registry list and search output by @danbarr in #5314
• fix(operator): add startup probe to proxyrunner deployment by @gabrielcosi in #5300
• Bump toolhive-core to v0.0.20 by @reyortiz3 in #5316
• Wire HeaderForward into vMCP per-session HTTP client by @lorr1 in #5301
• Bump toolhive-core to v0.0.21 and use shared redis client by @reyortiz3 in #5318
• Release v0.28.0 by @toolhive-release-app[bot] in #5322

New Contributors

• @pl4nty made their first contribution in #5243
• @kimjune01 made their first contribution in #5256
• @gabrielcosi made their first contribution in #5300

Full Changelog: v0.27.2...v0.28.0

v0.27.2

What's Changed

• Update github/codeql-action digest to 68bde55 by @renovate[bot] in #5236
• Update anthropics/claude-code-action digest to 476e359 by @renovate[bot] in #5235
• Forward MCPServerEntry headerForward to vMCP outbound requests by @ChrisJBurns in #5239
• Tolerate spec-violating list methods on backend init by @tgrunnagle in #5232
• Bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0 by @dependabot[bot] in #5234
• Use corev1.PullPolicy instead of string for EmbeddingServer ImagePullPolicy by @Sanskarzz in #5240
• Namespace operator.* Helm helpers to prevent umbrella chart collisions by @wucm667 in #5245
• Recognize mcp-go authorization-required sentinels as auth by @lorr1 in #5225
• Delegate tokenexchange HTTP plumbing to pkg/oauthproto by @jhrozek in #5226
• Bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 by @dependabot[bot] in #5249
• Move tokenexchange under pkg/oauthproto by @jhrozek in #5251
• Apply OTEL config to workloads created via API by @reyortiz3 in #5254
• Fall back across Docker sockets on connect failure by @samuv in #5246
• fix(registry): surface legacy registry format as a structured API error by @peppescg in #5260
• Allow operators to inject baseline scopes into DCR registrations by @jhrozek in #5233
• Collapse registry provider error ladder into a helper by @rdimitrov in #5261
• Update module github.com/stacklok/toolhive-catalog to v0.20260511.0 by @renovate[bot] in #5227
• Update goreleaser/goreleaser-action digest to 1a80836 by @renovate[bot] in #5054
• Release v0.27.2 by @toolhive-release-app[bot] in #5263

Full Changelog: v0.27.1...v0.27.2