diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx new file mode 100644 index 00000000..88e12841 --- /dev/null +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -0,0 +1,105 @@ +--- +title: Threaded chat, claim-based authorization, and MCP tool rate limiting +sidebar_label: 'Apr 13: Playground, registry auth, and rate limiting' +description: + The ToolHive Desktop UI ships threaded chat and MCP Apps in the Playground, + the Registry Server introduces claim-based authorization with per-entry access + control, MCPServers in Kubernetes gain per-user rate limiting, and vMCP gains + an embedded OAuth authorization server. +--- + +This week brings a major Playground upgrade in the ToolHive Desktop UI with +threaded chat and MCP Apps, claim-based authorization across the Registry Server +for fine-grained access control, and per-user, per-tool call rate limiting for +MCPServers in Kubernetes. + +{/* truncate */} + +## ToolHive Desktop UI: Playground upgrade and skills management + +The [ToolHive Desktop UI](/toolhive/guides-ui/) v0.28.1 ships a redesigned +Playground experience and new skills tooling: + +- **Threaded chat in the Playground** supports multiple chat threads with a + sidebar, similar to the experience in Claude Desktop or ChatGPT. You can star, + rename, and delete threads, and titles are auto-generated by the active model + after the first response. Scroll position is persisted per thread so you don't + lose your place when switching around. +- **MCP Apps** render interactive HTML views directly inside the chat for MCP + tools that declare a UI resource. The app runs in a sandboxed iframe with + server-declared CSP, supporting both inline and fullscreen display modes. This + implements the `mcp-apps/2026-01-26` draft MCP specification for interactive + UI resources. + +Under the hood, this release bundles ToolHive v0.16.0, fixes CLI setup writing +to both `.bashrc` and `.bash_profile` on Linux, and patches Hono CVEs +(CVE-2026-39406 through CVE-2026-39410). + +## Registry Server: Claim-based authorization and access control + +The [Registry Server](/toolhive/guides-registry/) introduces identity-aware +access control across all endpoints and improves operational reliability: + +- **Claim-based authorization** gates all read, write, and admin operations by + JWT claims. You only see and manage the resources your identity grants access + to — unauthorized resources are hidden entirely rather than returning + permission errors. +- **Per-entry access control for Kubernetes sources** lets individual MCP server + and skill entries carry their own authorization claims, enabling per-user or + per-team visibility without needing a separate source per team. +- **Immutable entry visibility** ensures that once an entry is published with a + specific set of claims, subsequent versions must use identical claims, + preventing accidental changes to who can see a resource. +- **Caller identity endpoint** exposes a new `/me` endpoint that returns your + authenticated identity and roles, following the same pattern used by GitHub, + Microsoft Graph, and Slack. Useful for frontends to display user context and + derive permissions. +- **Source and registry entry browsing** lets admins list all entries within a + specific source or registry, making it easier to audit what's being served. +- **Skills sync from external sources** picks up and serves skills alongside + servers from upstream data sources. Previously, skills were silently ignored + during sync (publishing still worked). + +Additional fixes include immediate re-sync when filter configuration changes +(rather than waiting for the next upstream data change) and corrected pagination +for list endpoints that previously returned incomplete pages when access control +filtering removed rows. + +## Rate limiting for MCP tool calls + +[MCPServers in Kubernetes](/toolhive/guides-k8s/) now support +[per-user, per-tool call rate limiting](/toolhive/guides-k8s/rate-limiting) to +protect backend services from resource exhaustion, prevent performance +degradation under heavy load, and mitigate data exfiltration risks. Configure +shared limits that cap total requests across all users, per-user limits that +give each authenticated user an independent bucket, or combine both. Only +`tools/call` requests are rate-limited — lifecycle and discovery methods pass +through. When a request exceeds the limit, the proxy responds with HTTP 429 and +a `Retry-After` header. Rate limiting requires Redis for counter storage and +fails open if Redis is unreachable. + +## Virtual MCP Server: Embedded authorization server + +[vMCP](/toolhive/guides-vmcp/) now includes an +[embedded authorization server](/toolhive/guides-vmcp/authentication#embedded-authorization-server) +that operates as a full OAuth authorization server integrated within the vMCP +process. It handles user authentication through upstream identity providers like +GitHub, Google, or Okta, stores their tokens, and issues JWTs for subsequent +vMCP requests. The server supports OAuth 2.0 Dynamic Client Registration +(RFC 7591) so MCP clients can self-register without manual configuration, and +offers two outgoing authentication strategies: forwarding stored upstream tokens +directly, or exchanging them at a different identity provider for +backend-specific credentials. + +## Getting started + +For detailed release notes, check the project repositories: + +- [ToolHive Runtimes](https://github.com/stacklok/toolhive/releases) (CLI and + Kubernetes Operator) +- [ToolHive Desktop UI](https://github.com/stacklok/toolhive-studio/releases) +- [ToolHive Cloud UI](https://github.com/stacklok/toolhive-cloud-ui/releases) +- [ToolHive Registry Server](https://github.com/stacklok/toolhive-registry-server/releases) + +You can find all ToolHive documentation on the +[Stacklok documentation site](/toolhive).