You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat: Experimental Oauth 2.0 support in gateway (#768)
* Oauth 2.1 design
Signed-off-by: Shamsul Arefin <[email protected]>
* oauth 2.0 design
Signed-off-by: Shamsul Arefin <[email protected]>
* Support for oauth auth type in gateway
Signed-off-by: Shamsul Arefin <[email protected]>
* Decrypt client secret
Signed-off-by: Shamsul Arefin <[email protected]>
* authorization code flow, token storage, tool fetching, tool calling with Oauth2.0
Signed-off-by: Shamsul Arefin <[email protected]>
* test fixes
Signed-off-by: Shamsul Arefin <[email protected]>
* 256 fuzz testing (#760)
* Implement comprehensive fuzz testing automation (#256)
- Add property-based testing with Hypothesis for JSON-RPC, JSONPath, and schema validation
- Add coverage-guided fuzzing with Atheris for deep code path exploration
- Add API endpoint fuzzing with Schemathesis for contract validation
- Add security-focused testing for vulnerability discovery (SQL injection, XSS, etc.)
- Add complete Makefile automation with fuzz-all, fuzz-quick, fuzz-extended targets
- Add optional [fuzz] dependency group in pyproject.toml for clean installation
- Add comprehensive reporting with JSON/Markdown outputs and executive summaries
- Add complete developer documentation with examples and troubleshooting guides
- Exclude fuzz tests from main test suite to prevent auth failures
- Found multiple real bugs in JSON-RPC validation during development
Signed-off-by: Mihai Criveti <[email protected]>
* Update fuzz testing
Signed-off-by: Mihai Criveti <[email protected]>
* Update fuzz testing
Signed-off-by: Mihai Criveti <[email protected]>
---------
Signed-off-by: Mihai Criveti <[email protected]>
* 344 cors security headers (#761)
* Update CORS
Signed-off-by: Mihai Criveti <[email protected]>
* Update CORS
Signed-off-by: Mihai Criveti <[email protected]>
* Update CORS ADRs
Signed-off-by: Mihai Criveti <[email protected]>
* Update CORS
Signed-off-by: Mihai Criveti <[email protected]>
* Update CORS
Signed-off-by: Mihai Criveti <[email protected]>
* Fix compose
Signed-off-by: Mihai Criveti <[email protected]>
* Update helm chart
Signed-off-by: Mihai Criveti <[email protected]>
* Update CORS docs
Signed-off-by: Mihai Criveti <[email protected]>
* Update test
Signed-off-by: Mihai Criveti <[email protected]>
---------
Signed-off-by: Mihai Criveti <[email protected]>
Signed-off-by: Shamsul Arefin <[email protected]>
* feat: Bulk Import Tools modal wiring #737 (#739)
* feat: Bulk Import Tools modal wiring and backend implementation
- Add modal UI in admin.html with bulk import button and dialog
- Implement modal open/close/ESC functionality in admin.js
- Add POST /admin/tools/import endpoint with rate limiting
- Support both JSON textarea and file upload inputs
- Validate JSON structure and enforce 200 tool limit
- Return detailed success/failure information per tool
- Include loading states and comprehensive error handling
Refs #737
Signed-off-by: Mihai Criveti <[email protected]>
* fix: Remove duplicate admin_import_tools function and fix HTML formatting
- Remove duplicate admin_import_tools function definition
- Fix HTML placeholder attribute to use double quotes
- Add missing closing div tag
- Fix flake8 blank line issues
Signed-off-by: Mihai Criveti <[email protected]>
* feat: Complete bulk import backend with file upload support and enhanced docs
- Add file upload support to admin_import_tools endpoint
- Fix response format to match frontend expectations
- Add UI usage documentation with modal instructions
- Update API docs to show all three input methods
- Enhance bulk import guide with UI and API examples
Backend improvements:
- Support tools_file form field for JSON file uploads
- Proper file content parsing with error handling
- Response includes imported/failed counts and details
- Frontend-compatible response format for UI display
Signed-off-by: Mihai Criveti <[email protected]>
* Bulk import
Signed-off-by: Mihai Criveti <[email protected]>
* fix: Remove conflicting inline script and fix bulk import functionality
- Remove conflicting inline JavaScript that was preventing form submission
- Fix indentation in setupBulkImportModal function
- Ensure bulk import modal uses proper admin.js implementation
- Restore proper form submission handling for bulk import
This fixes the issue where bulk import appeared to do nothing.
Signed-off-by: Mihai Criveti <[email protected]>
* fix: Integrate bulk import setup with main initialization
- Add setupBulkImportModal() to main initialization sequence
- Remove duplicate DOMContentLoaded listener
- Ensure bulk import doesn't interfere with other tab functionality
Signed-off-by: Mihai Criveti <[email protected]>
* fix: JavaScript formatting issues in bulk import modal
- Fix multiline querySelector formatting
- Fix multiline Error constructor formatting
- Ensure prettier compliance for web linting
Signed-off-by: Mihai Criveti <[email protected]>
* debug: Temporarily disable bulk import setup to test tabs
Signed-off-by: Mihai Criveti <[email protected]>
* fix: Remove duplicate setupFormValidation call and delay bulk import setup
- Remove duplicate setupFormValidation() call that could cause conflicts
- Use setTimeout to delay bulk import modal setup after other initialization
- Add better null safety to form element queries
- This should fix tab switching issues
Signed-off-by: Mihai Criveti <[email protected]>
* fix: Restore proper initialization sequence for tab functionality
- Remove setTimeout delay for bulk import setup
- Keep bulk import setup in main initialization but with error handling
- Ensure tab navigation isn't affected by bulk import modal setup
Signed-off-by: Mihai Criveti <[email protected]>
* fix: Correct HTML structure and restore tab navigation
- Move bulk import modal to correct location after tools panel
- Remove extra closing div that was breaking HTML structure
- Ensure proper page-level modal placement
- Restore tab navigation functionality for all tabs
This fixes the broken Global Resources, Prompts, Gateways, Roots, and Metrics tabs.
Signed-off-by: Mihai Criveti <[email protected]>
* feat: Add configurable bulk import settings
Configuration additions:
- MCPGATEWAY_BULK_IMPORT_MAX_TOOLS (default: 200)
- MCPGATEWAY_BULK_IMPORT_RATE_LIMIT (default: 10)
Implementation:
- config.py: Add new settings with defaults
- admin.py: Use configurable rate limit and batch size
- .env.example: Document all bulk import environment variables
- admin.html: Use dynamic max tools value in UI text
- CLAUDE.md: Document configuration options for developers
- docs: Update bulk import guide with configuration details
This makes bulk import fully configurable for different deployment scenarios.
Signed-off-by: Mihai Criveti <[email protected]>
* Update docs
Signed-off-by: Mihai Criveti <[email protected]>
---------
Signed-off-by: Mihai Criveti <[email protected]>
Co-authored-by: Mihai Criveti <[email protected]>
Signed-off-by: Shamsul Arefin <[email protected]>
* Implemented configuration export (#764)
Signed-off-by: Mihai Criveti <[email protected]>
Signed-off-by: Shamsul Arefin <[email protected]>
* cleanup
Signed-off-by: Shamsul Arefin <[email protected]>
* cleanup
Signed-off-by: Shamsul Arefin <[email protected]>
* fixes
Signed-off-by: Shamsul Arefin <[email protected]>
* ruff fixes
Signed-off-by: Shamsul Arefin <[email protected]>
* fix flake8 errors
Signed-off-by: Shamsul Arefin <[email protected]>
* fix eslint errors
Signed-off-by: Shamsul Arefin <[email protected]>
* aiohttp added in the main dependencies section of pyproject.toml
Signed-off-by: Shamsul Arefin <[email protected]>
* Review, rebase and lint
Signed-off-by: Mihai Criveti <[email protected]>
* Fix Alembic multiple heads issue
Create merge migration to resolve parallel migration chains:
- Main branch migrations (34492f99a0c4)
- OAuth branch migrations (add_oauth_tokens_table)
This resolves CI/CD test failures caused by Alembic not knowing
which migration head to follow during 'alembic upgrade head'.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <[email protected]>
Signed-off-by: Mihai Criveti <[email protected]>
* Fix Alembic migration chain - remove merge migration hack
- Remove unnecessary merge migration file (813b45a70b53)
- Fix OAuth config migration to follow proper chain (f8c9d3e2a1b4 → 34492f99a0c4)
- OAuth tokens migration already correctly follows (add_oauth_tokens_table → f8c9d3e2a1b4)
- Now single migration head without parallel branches
This eliminates the 'Multiple heads are present' error in CI/CD tests
by ensuring migrations follow a linear chain instead of creating
parallel migration branches that need artificial merge migrations.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <[email protected]>
Signed-off-by: Mihai Criveti <[email protected]>
* Review, rebase and lint
Signed-off-by: Mihai Criveti <[email protected]>
---------
Signed-off-by: Shamsul Arefin <[email protected]>
Signed-off-by: Mihai Criveti <[email protected]>
Co-authored-by: Shamsul Arefin <[email protected]>
Co-authored-by: Mihai Criveti <[email protected]>
Co-authored-by: VK <[email protected]>
Co-authored-by: Claude <[email protected]>
0 commit comments