You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
feat: Experimental Oauth 2.0 support in gateway (#768)
* Oauth 2.1 design
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* oauth 2.0 design
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* Support for oauth auth type in gateway
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* Decrypt client secret
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* authorization code flow, token storage, tool fetching, tool calling with Oauth2.0
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* test fixes
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* 256 fuzz testing (#760)
* Implement comprehensive fuzz testing automation (#256)
- Add property-based testing with Hypothesis for JSON-RPC, JSONPath, and schema validation
- Add coverage-guided fuzzing with Atheris for deep code path exploration
- Add API endpoint fuzzing with Schemathesis for contract validation
- Add security-focused testing for vulnerability discovery (SQL injection, XSS, etc.)
- Add complete Makefile automation with fuzz-all, fuzz-quick, fuzz-extended targets
- Add optional [fuzz] dependency group in pyproject.toml for clean installation
- Add comprehensive reporting with JSON/Markdown outputs and executive summaries
- Add complete developer documentation with examples and troubleshooting guides
- Exclude fuzz tests from main test suite to prevent auth failures
- Found multiple real bugs in JSON-RPC validation during development
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update fuzz testing
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update fuzz testing
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
---------
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* 344 cors security headers (#761)
* Update CORS
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update CORS
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update CORS ADRs
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update CORS
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update CORS
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Fix compose
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update helm chart
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update CORS docs
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update test
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
---------
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* feat: Bulk Import Tools modal wiring #737 (#739)
* feat: Bulk Import Tools modal wiring and backend implementation
- Add modal UI in admin.html with bulk import button and dialog
- Implement modal open/close/ESC functionality in admin.js
- Add POST /admin/tools/import endpoint with rate limiting
- Support both JSON textarea and file upload inputs
- Validate JSON structure and enforce 200 tool limit
- Return detailed success/failure information per tool
- Include loading states and comprehensive error handling
Refs #737
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* fix: Remove duplicate admin_import_tools function and fix HTML formatting
- Remove duplicate admin_import_tools function definition
- Fix HTML placeholder attribute to use double quotes
- Add missing closing div tag
- Fix flake8 blank line issues
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* feat: Complete bulk import backend with file upload support and enhanced docs
- Add file upload support to admin_import_tools endpoint
- Fix response format to match frontend expectations
- Add UI usage documentation with modal instructions
- Update API docs to show all three input methods
- Enhance bulk import guide with UI and API examples
Backend improvements:
- Support tools_file form field for JSON file uploads
- Proper file content parsing with error handling
- Response includes imported/failed counts and details
- Frontend-compatible response format for UI display
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Bulk import
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* fix: Remove conflicting inline script and fix bulk import functionality
- Remove conflicting inline JavaScript that was preventing form submission
- Fix indentation in setupBulkImportModal function
- Ensure bulk import modal uses proper admin.js implementation
- Restore proper form submission handling for bulk import
This fixes the issue where bulk import appeared to do nothing.
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* fix: Integrate bulk import setup with main initialization
- Add setupBulkImportModal() to main initialization sequence
- Remove duplicate DOMContentLoaded listener
- Ensure bulk import doesn't interfere with other tab functionality
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* fix: JavaScript formatting issues in bulk import modal
- Fix multiline querySelector formatting
- Fix multiline Error constructor formatting
- Ensure prettier compliance for web linting
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* debug: Temporarily disable bulk import setup to test tabs
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* fix: Remove duplicate setupFormValidation call and delay bulk import setup
- Remove duplicate setupFormValidation() call that could cause conflicts
- Use setTimeout to delay bulk import modal setup after other initialization
- Add better null safety to form element queries
- This should fix tab switching issues
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* fix: Restore proper initialization sequence for tab functionality
- Remove setTimeout delay for bulk import setup
- Keep bulk import setup in main initialization but with error handling
- Ensure tab navigation isn't affected by bulk import modal setup
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* fix: Correct HTML structure and restore tab navigation
- Move bulk import modal to correct location after tools panel
- Remove extra closing div that was breaking HTML structure
- Ensure proper page-level modal placement
- Restore tab navigation functionality for all tabs
This fixes the broken Global Resources, Prompts, Gateways, Roots, and Metrics tabs.
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* feat: Add configurable bulk import settings
Configuration additions:
- MCPGATEWAY_BULK_IMPORT_MAX_TOOLS (default: 200)
- MCPGATEWAY_BULK_IMPORT_RATE_LIMIT (default: 10)
Implementation:
- config.py: Add new settings with defaults
- admin.py: Use configurable rate limit and batch size
- .env.example: Document all bulk import environment variables
- admin.html: Use dynamic max tools value in UI text
- CLAUDE.md: Document configuration options for developers
- docs: Update bulk import guide with configuration details
This makes bulk import fully configurable for different deployment scenarios.
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Update docs
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
---------
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* Implemented configuration export (#764)
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* cleanup
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* cleanup
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* fixes
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* ruff fixes
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* fix flake8 errors
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* fix eslint errors
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* aiohttp added in the main dependencies section of pyproject.toml
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
* Review, rebase and lint
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Fix Alembic multiple heads issue
Create merge migration to resolve parallel migration chains:
- Main branch migrations (34492f99a0c4)
- OAuth branch migrations (add_oauth_tokens_table)
This resolves CI/CD test failures caused by Alembic not knowing
which migration head to follow during 'alembic upgrade head'.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Fix Alembic migration chain - remove merge migration hack
- Remove unnecessary merge migration file (813b45a70b53)
- Fix OAuth config migration to follow proper chain (f8c9d3e2a1b4 → 34492f99a0c4)
- OAuth tokens migration already correctly follows (add_oauth_tokens_table → f8c9d3e2a1b4)
- Now single migration head without parallel branches
This eliminates the 'Multiple heads are present' error in CI/CD tests
by ensuring migrations follow a linear chain instead of creating
parallel migration branches that need artificial merge migrations.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
* Review, rebase and lint
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
---------
Signed-off-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: Shamsul Arefin <shamsul.arefin@iqvia.com>
Co-authored-by: Mihai Criveti <crivetimihai@gmail.com>
Co-authored-by: VK <90204593+vk-playground@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>
0 commit comments