Update module github.com/stacklok/toolhive to v0.17.0

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/stacklok/toolhive	v0.16.0 → v0.17.0

---

Release Notes

stacklok/toolhive (github.com/stacklok/toolhive)

v0.17.0

Compare Source

🚀 ToolHive v0.17.0 Release Notes

Release Date: April 9, 2026
Full Changelog: v0.16.0...v0.17.0

Breaking Changes

CRD Phase Value Standardization (Running → Ready)

All workload CRDs now use Ready as the healthy phase value. MCPServer, EmbeddingServer, and MCPRegistry previously reported Running while MCPRemoteProxy, VirtualMCPServer, and MCPGroup used Ready. This inconsistency has been resolved.

Migration guide:

• Update any scripts, monitoring alerts, or tooling that checks .status.phase == "Running" to check for "Ready" instead.

PR: #​4689

MCPRegistry CRD v2 Config Format

The MCPRegistry CRD spec has been restructured to align with the registry server v2 config format. The previous flat registries[] with inline source configs has been replaced with separate top-level sources[] and registries[] fields.

Migration guide:

• Rewrite MCPRegistry manifests to use the v2 sources[] / registries[] split format instead of the flat registries[] structure.
• PVC-based registry sources have been removed entirely.
• Auto-injection of a default Kubernetes source has been removed — you must explicitly declare all sources, including Kubernetes discovery sources.
• See updated examples in cmd/thv-operator/REGISTRY.md and the examples/operator/mcp-registries/ directory.
• A new configYAML escape hatch is available (see below) as an alternative to the typed fields.

PR: #​4653

MCPRegistry Status Simplified

MCPRegistryStatus has been flattened from a three-phase model (SyncStatus + APIStatus + DeriveOverallPhase) to the standard Kubernetes workload pattern: Phase + Ready condition + ReadyReplicas + URL.

Migration guide:

• If you read .status.syncStatus or .status.apiStatus, switch to .status.phase and .status.conditions (type Ready).
• kubectl wait --for=condition=Ready now works consistently for MCPRegistry, matching MCPServer and other workloads.

PR: #​4643

---

Deprecations

MCPRegistry Typed Spec Fields (Use configYAML Instead)

The following MCPRegistry spec fields are deprecated and will be removed in a future release. Users should migrate to the new configYAML passthrough path, which gives full control over the registry server's config.yaml without the operator parsing or transforming it.

Deprecated Field	Replacement
spec.sources[]	Put source config directly in spec.configYAML
spec.registries[]	Put registry view config directly in spec.configYAML
spec.databaseConfig	Put database config in spec.configYAML and use spec.pgpassSecretRef for the pgpass secret
spec.authConfig	Put auth config in spec.configYAML
spec.telemetryConfig	Put telemetry config in spec.configYAML

Migration guide:

1. Write your registry server config.yaml content and set it as spec.configYAML on your MCPRegistry resource.
2. Use spec.volumes and spec.volumeMounts (standard corev1 types) for any secrets, ConfigMaps, or PVCs that the registry server needs.
3. Use spec.pgpassSecretRef if you need the operator to handle pgpass file mounting with chmod 0600 (the one detail that can't be expressed through volumes alone).
4. The two paths are mutually exclusive — you cannot mix configYAML with the legacy typed fields. CEL validation and the reconciler enforce this.
5. The legacy typed fields remain fully functional for now. No action is required immediately, but plan to migrate before the next major release.

PRs: #​4693, #​4653

---

New Features

MCPServerEntry — Zero-Infrastructure Catalog Entries

A new MCPServerEntry CRD allows declaring remote MCP servers as lightweight catalog entries without deploying proxy pods. This is the headline feature of v0.17.0, delivered across multiple PRs:

• Validation controller & MCPGroup integration — MCPServerEntry resources are validated (group refs, auth config refs, CA bundle ConfigMaps) and tracked in MCPGroup status. (#​4664)
• Backend discovery — VirtualMCPServer discovers MCPServerEntry backends and routes traffic to remote URLs directly, with CA bundle volume mounting for TLS verification. (#​4698)
• Static backend support — MCPServerEntry works as a static backend in vMCP, included in ConfigMap generation with remoteURL, transport, and auth config. (#​4707)
• Dynamic mode reconciler — vMCP dynamic mode watches MCPServerEntry resources at runtime, automatically adding/removing backends without restart. Supports CA bundles fetched from ConfigMaps. (#​4710)
• SSRF protection — ValidateRemoteURL rejects URLs targeting internal/metadata endpoints (loopback, link-local, RFC 1918, cloud metadata) to prevent SSRF when fetching user-supplied URLs in-cluster. (#​4697)
• Documentation & examples — Full documentation and example manifests for MCPServerEntry. (#​4715)

Mutating Webhook Middleware (Phase 3)

Mutating webhook support with JSONPatch, enabling dynamic request/response mutation through configurable webhook endpoints. This completes the webhook middleware series. (#​4372)

AuthServerRef — Dedicated Auth Server Configuration

New authServerRef field on MCPServer and MCPRemoteProxy CRDs separates the embedded auth server from externalAuthConfigRef. Users can now configure both an embedded auth server for incoming client authentication and an outgoing token exchange (e.g., AWS STS) on the same resource. (#​4644)

Rate Limit Middleware

Rate limiting is now wired into the proxy runner middleware chain. The middleware:

• Rate-limits tools/call requests only; other methods pass through.
• Returns HTTP 429 with JSON-RPC -32029 error and Retry-After header.
• Fails open on Redis errors (logs warning, allows request).
• Pings Redis at startup to fail fast on misconfiguration.

(#​4652)

Registry Policy Gates with Type-Safe Configs

Separate runner and registry policy gates with dedicated type-safe config structs (UpdateRegistryConfig, DeleteRegistryConfig), replacing the previous any-typed interface. (#​4711)

Decoupled configYAML Path for MCPRegistry

A new configYAML field provides a raw YAML passthrough to the registry server, bypassing the operator's typed field parsing. Includes volumes/volumeMounts for user-managed volume wiring and pgpassSecretRef for operator-managed pgpass mounts. The two paths (typed fields vs. configYAML) are mutually exclusive. The existing typed fields are deprecated but fully functional. (#​4693)

Custom CA Certificate Support for OTLP Endpoints

New caBundleRef field on MCPTelemetryOTelConfig references a ConfigMap containing a CA bundle. The operator mounts it into the pod and configures OTLP HTTP exporters with WithTLSClientConfig(), appending the custom CA to the system pool. (#​4676)

Discovery API: supports_skills Field

The GET /api/v1beta/discovery/clients response now includes supports_skills to indicate client skill support capabilities. (#​4699)

---

Bug Fixes

• SigV4 proxy header stripping — Fixed a regression from Go 1.26.0 bump where X-Forwarded-* headers signed by SigV4 were rewritten by httputil.ReverseProxy, causing AWS 401 rejections when behind a gateway (e.g., ngrok). (#​4670)
• OAuth token refresh retry — OAuth token refresh now retries on server errors instead of failing immediately. (#​4513)
• Type coercion for hidden backend tools — Fixed argument type coercion for backend tools excluded via excludeAll or filter. Sessions now track all resolved tools internally so the workflow engine can coerce arguments for any backend tool, whether advertised or not. (#​4671)
• Exclude terminating pods from ReadyReplicas — MCPServer ReadyReplicas count no longer includes terminating pods, providing accurate readiness information. (#​4609)
• MCPServer deletion ordering — Deletion check now runs before validation and external API calls, preventing unnecessary work for resources being deleted. (#​4650)
• Recovery middleware ErrAbortHandler — The recovery middleware now recognizes http.ErrAbortHandler instead of treating it as an unexpected panic. (#​4682)
• Authorization policy logging — Added logging when authorization policies filter list responses, improving auditability. (#​4690)

---

Security

• SSRF protection on RemoteURL validation — Blocks loopback, link-local, cloud metadata, RFC 1918 private, IPv6 ULA, and unspecified addresses. Normalizes IPv4-mapped IPv6 addresses to prevent bypass. Blocks localhost, kubernetes.default.svc, cluster.local, and metadata.google.internal hostnames. (#​4697)
• OpenTelemetry SDK security update — Bumped go.opentelemetry.io/otel/sdk from v1.42.0 to v1.43.0 (security fix). (#​4686)

---

Infrastructure & Internal

• Registry API image bumped to v1.0.1 — Updated default registry API image to support v2 config format. (#​4706)
• Go version unpinned — CI now uses stable Go instead of pinning to patch versions. (#​4713)
• E2E test helpers extracted — Shared E2E helpers moved to testutil package for reuse. (#​4654)
• RestoreHijackPrevention and RestoreSession stubs — Interface stubs added for future session restore support. (#​4405)
• RegistryServerName tracking — RunConfig now tracks the registry entry name for origin tracking. (#​4696)
• Coding conventions documented — Added coding conventions derived from PR review feedback. (#​4636, #​4700)
• Removed accidentally committed RFC draft (#​4691)

---

Upgrade Guide Summary

Immediate (required for v0.17.0)

1. Update phase checks: Replace .status.phase == "Running" with .status.phase == "Ready" for MCPServer, EmbeddingServer, and MCPRegistry resources. This affects scripts, monitoring alerts, Helm hooks, and CI pipelines.
2. Rewrite MCPRegistry manifests: Migrate from the flat registries[] format to the v2 sources[] / registries[] split. Remove any PVC source references. Explicitly declare all sources including Kubernetes discovery sources (auto-injection has been removed).
3. Update MCPRegistry status consumers: Switch from .status.syncStatus / .status.apiStatus to .status.phase and .status.conditions[type=Ready]. The old sub-status types and the mcpregistrystatus package no longer exist.

Recommended (deprecated, will be removed in a future release)

4. Migrate MCPRegistry to configYAML: The typed spec fields (sources, registries, databaseConfig, authConfig, telemetryConfig) are deprecated. Write your registry server config as raw YAML in spec.configYAML, use spec.volumes/spec.volumeMounts for secrets and ConfigMaps, and spec.pgpassSecretRef for pgpass. The two paths are mutually exclusive — you cannot mix them.

Optional

5. Auth server users: If you need both embedded auth and external token exchange on the same MCPServer or MCPRemoteProxy, adopt the new authServerRef field to separate the embedded auth server from externalAuthConfigRef.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.