From 0d27ac9e9d682c96298503e71031074671bd496e Mon Sep 17 00:00:00 2001 From: Derek Tu Date: Mon, 13 Apr 2026 12:44:46 -0700 Subject: [PATCH 01/10] Add weekly product update for Apr 13, 2026 Co-Authored-By: Claude Sonnet 4.6 --- blog/toolhive-updates/2026-04-13-updates.mdx | 148 +++++++++++++++++++ 1 file changed, 148 insertions(+) create mode 100644 blog/toolhive-updates/2026-04-13-updates.mdx diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx new file mode 100644 index 00000000..6d522f07 --- /dev/null +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -0,0 +1,148 @@ +--- +title: + ToolHive Studio v0.28.1, claim-based authorization, and Kubernetes rate + limiting +sidebar_label: 'Apr 13: Studio v0.28.1 and registry auth' +description: + ToolHive Studio adds threaded chat and MCP Apps to the Playground, the + Registry Server ships claim-based authorization, and the Kubernetes Operator + gains token-bucket rate limiting. +--- + +ToolHive Studio v0.28.1 ships a major Playground upgrade with threaded chat and +MCP Apps, the Registry Server introduces claim-based authorization and per-entry +access control, and the Kubernetes Operator adds token-bucket rate limiting to +protect shared MCP servers from noisy neighbors. + +{/* truncate */} + +## ToolHive Studio v0.28.1 + +### Threaded chat in the Playground + +The Playground now supports multiple chat threads with a sidebar, similar to the +experience in Claude Desktop or ChatGPT. You can star, rename, and delete +threads, and titles are auto-generated by the active model after the first +response. If you rename a thread manually, the title stays put. Scroll position +is also persisted per thread so you don't lose your place when switching around. + +### MCP Apps + +MCP tools that declare a UI resource now render interactive HTML views directly +inside the chat. The app runs in a sandboxed iframe with server-declared CSP, +and supports both inline and fullscreen display modes. This implements the +`mcp-apps/2026-01-26` spec. + +### Skills — local builds tab + +The Skills page now has a **Local Builds** tab (still behind a feature flag) +where you can see everything built via `thv skill build`, remove builds, or +install them directly from the card. + +### Under the hood + +- Bundled ToolHive v0.16.0 and MCP Optimizer v0.3.0 +- Added Sentry tracing for Playground thread actions and MCP Apps +- Fixed CLI setup writing to both `.bashrc` and `.bash_profile` on Linux — it + now only writes to the correct one +- Shared `general-tabs` component for injecting custom fields, broader use of + `app-info` module +- Patched Hono CVEs (CVE-2026-39406 through CVE-2026-39410) +- Enterprise builds now hide the newsletter signup in the Help menu +- Routine dependency updates + +## Registry Server + +### Claim-based authorization + +All read, write, and admin operations are now gated by JWT claims. You only see +and manage the resources your identity grants access to — unauthorized resources +are hidden entirely rather than returning permission errors. + +### Per-entry access control for Kubernetes sources + +Individual MCP server entries discovered from Kubernetes can now carry their own +authorization claims, enabling per-user or per-team visibility without needing a +separate source per team. + +### Immutable entry visibility + +Once an entry is published with a specific set of claims, subsequent versions +must use identical claims. This prevents accidental changes to who can see a +resource. + +### Caller identity endpoint + +A new `/me` endpoint returns your authenticated identity and roles, following +the same pattern used by GitHub, Microsoft Graph, and Slack. Useful for +frontends to display user context and derive permissions. + +### Source and registry entry browsing + +Admins can now list all entries within a specific source or registry, making it +easier to audit what's being served. + +### Skills sync from external sources + +The sync pipeline now picks up and serves skills alongside servers from upstream +data sources. Previously, skills were silently ignored during sync (publishing +still worked). + +### SIEM-compliant audit logging + +:::note + +This feature is merged but not yet released. + +::: + +A new structured audit log captures all API operations with caller identity, +resource details, timing, and outcome. It supports dedicated log file output, +event type filtering, and optional request body capture, designed for NIST SP +800-53 AU-3 compliance. + +### Other improvements + +- **Filter changes take effect immediately** — updating a registry's filter + configuration now triggers a re-sync right away rather than waiting for the + next upstream data change. +- **Fixed incomplete list results** — list endpoints for sources and registries + could previously return incomplete pages when access control filtering removed + rows. Pages are now always filled correctly. + +## Kubernetes Operator: Rate limiting + +The Kubernetes Operator now supports +[token-bucket rate limiting](/toolhive/guides-k8s/rate-limiting) to prevent +individual users from monopolizing shared MCP servers. You can configure shared +limits that cap total requests across all users, per-user limits that give each +authenticated user an independent bucket, or combine both. Only `tools/call` +requests are rate-limited — lifecycle and discovery methods pass through. When a +request exceeds the limit, the proxy responds with HTTP 429 and a `Retry-After` +header. Rate limiting requires Redis for counter storage and fails open if Redis +is unreachable. + +## Embedded authorization server + +The +[embedded authorization server](/toolhive/guides-vmcp/authentication#embedded-authorization-server) +operates as an OAuth authorization server integrated within the vMCP process. It +handles user authentication through upstream identity providers like GitHub, +Google, or Okta, stores their tokens, and issues JWTs for subsequent vMCP +requests. The server supports OAuth 2.0 Dynamic Client Registration (RFC 7591) +so MCP clients can self-register without manual configuration. For outgoing +requests, it can either forward stored upstream tokens directly or exchange them +at a different identity provider for backend-specific credentials. + +## Getting started + +For detailed release notes, check the project repositories: + +- [ToolHive Runtimes](https://github.com/stacklok/toolhive/releases) (CLI and + Kubernetes Operator) +- [ToolHive Desktop UI](https://github.com/stacklok/toolhive-studio/releases) +- [ToolHive Cloud UI](https://github.com/stacklok/toolhive-cloud-ui/releases) +- [ToolHive Registry Server](https://github.com/stacklok/toolhive-registry-server/releases) + +You can find all ToolHive documentation on the +[Stacklok documentation site](/toolhive). From eb247b29c35f079b58e6eb7675c1fd9cf97f950c Mon Sep 17 00:00:00 2001 From: Derek Tu Date: Mon, 13 Apr 2026 12:49:54 -0700 Subject: [PATCH 02/10] Align weekly update formatting with previous posts Rework section structure to use ## headers with bold lead-in bullet points, remove version number from title, add product doc links, and consolidate Registry Server subsections. Co-Authored-By: Claude Sonnet 4.6 --- blog/toolhive-updates/2026-04-13-updates.mdx | 188 ++++++++----------- 1 file changed, 78 insertions(+), 110 deletions(-) diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx index 6d522f07..086a85b0 100644 --- a/blog/toolhive-updates/2026-04-13-updates.mdx +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -1,138 +1,106 @@ --- -title: - ToolHive Studio v0.28.1, claim-based authorization, and Kubernetes rate - limiting -sidebar_label: 'Apr 13: Studio v0.28.1 and registry auth' +title: Threaded chat, claim-based authorization, and Kubernetes rate limiting +sidebar_label: 'Apr 13: Studio Playground and registry auth' description: - ToolHive Studio adds threaded chat and MCP Apps to the Playground, the - Registry Server ships claim-based authorization, and the Kubernetes Operator - gains token-bucket rate limiting. + ToolHive Studio ships threaded chat and MCP Apps in the Playground, the + Registry Server introduces claim-based authorization with per-entry access + control, and the Kubernetes Operator gains token-bucket rate limiting. --- -ToolHive Studio v0.28.1 ships a major Playground upgrade with threaded chat and -MCP Apps, the Registry Server introduces claim-based authorization and per-entry -access control, and the Kubernetes Operator adds token-bucket rate limiting to -protect shared MCP servers from noisy neighbors. +This week brings a major Playground upgrade in ToolHive Studio with threaded +chat and MCP Apps, claim-based authorization across the Registry Server for +fine-grained access control, and token-bucket rate limiting in the Kubernetes +Operator to protect shared MCP servers from noisy neighbors. {/* truncate */} -## ToolHive Studio v0.28.1 - -### Threaded chat in the Playground - -The Playground now supports multiple chat threads with a sidebar, similar to the -experience in Claude Desktop or ChatGPT. You can star, rename, and delete -threads, and titles are auto-generated by the active model after the first -response. If you rename a thread manually, the title stays put. Scroll position -is also persisted per thread so you don't lose your place when switching around. - -### MCP Apps - -MCP tools that declare a UI resource now render interactive HTML views directly -inside the chat. The app runs in a sandboxed iframe with server-declared CSP, -and supports both inline and fullscreen display modes. This implements the -`mcp-apps/2026-01-26` spec. - -### Skills — local builds tab - -The Skills page now has a **Local Builds** tab (still behind a feature flag) -where you can see everything built via `thv skill build`, remove builds, or -install them directly from the card. - -### Under the hood - -- Bundled ToolHive v0.16.0 and MCP Optimizer v0.3.0 -- Added Sentry tracing for Playground thread actions and MCP Apps -- Fixed CLI setup writing to both `.bashrc` and `.bash_profile` on Linux — it - now only writes to the correct one -- Shared `general-tabs` component for injecting custom fields, broader use of - `app-info` module -- Patched Hono CVEs (CVE-2026-39406 through CVE-2026-39410) -- Enterprise builds now hide the newsletter signup in the Help menu -- Routine dependency updates - -## Registry Server - -### Claim-based authorization - -All read, write, and admin operations are now gated by JWT claims. You only see -and manage the resources your identity grants access to — unauthorized resources -are hidden entirely rather than returning permission errors. - -### Per-entry access control for Kubernetes sources - -Individual MCP server entries discovered from Kubernetes can now carry their own -authorization claims, enabling per-user or per-team visibility without needing a -separate source per team. - -### Immutable entry visibility - -Once an entry is published with a specific set of claims, subsequent versions -must use identical claims. This prevents accidental changes to who can see a -resource. - -### Caller identity endpoint - -A new `/me` endpoint returns your authenticated identity and roles, following -the same pattern used by GitHub, Microsoft Graph, and Slack. Useful for -frontends to display user context and derive permissions. - -### Source and registry entry browsing - -Admins can now list all entries within a specific source or registry, making it -easier to audit what's being served. - -### Skills sync from external sources - -The sync pipeline now picks up and serves skills alongside servers from upstream -data sources. Previously, skills were silently ignored during sync (publishing -still worked). - -### SIEM-compliant audit logging +## ToolHive Studio: Playground upgrade and skills management + +[ToolHive Studio](/toolhive/guides-ui/) v0.28.1 ships a redesigned Playground +experience and new skills tooling: + +- **Threaded chat in the Playground** supports multiple chat threads with a + sidebar, similar to the experience in Claude Desktop or ChatGPT. You can star, + rename, and delete threads, and titles are auto-generated by the active model + after the first response. Scroll position is persisted per thread so you don't + lose your place when switching around. +- **MCP Apps** render interactive HTML views directly inside the chat for MCP + tools that declare a UI resource. The app runs in a sandboxed iframe with + server-declared CSP, supporting both inline and fullscreen display modes. This + implements the `mcp-apps/2026-01-26` spec. +- **Local builds tab for skills** (still behind a feature flag) shows everything + built via `thv skill build`, with options to remove builds or install them + directly from the card. + +Under the hood, this release bundles ToolHive v0.16.0 and MCP Optimizer v0.3.0, +adds Sentry tracing for Playground thread actions and MCP Apps, fixes CLI setup +writing to both `.bashrc` and `.bash_profile` on Linux, and patches Hono CVEs +(CVE-2026-39406 through CVE-2026-39410). + +## Registry Server: Claim-based authorization and access control + +The [Registry Server](/toolhive/guides-registry/) introduces identity-aware +access control across all endpoints and improves operational reliability: + +- **Claim-based authorization** gates all read, write, and admin operations by + JWT claims. You only see and manage the resources your identity grants access + to — unauthorized resources are hidden entirely rather than returning + permission errors. +- **Per-entry access control for Kubernetes sources** lets individual MCP server + entries carry their own authorization claims, enabling per-user or per-team + visibility without needing a separate source per team. +- **Immutable entry visibility** ensures that once an entry is published with a + specific set of claims, subsequent versions must use identical claims, + preventing accidental changes to who can see a resource. +- **Caller identity endpoint** exposes a new `/me` endpoint that returns your + authenticated identity and roles, following the same pattern used by GitHub, + Microsoft Graph, and Slack. Useful for frontends to display user context and + derive permissions. +- **Source and registry entry browsing** lets admins list all entries within a + specific source or registry, making it easier to audit what's being served. +- **Skills sync from external sources** picks up and serves skills alongside + servers from upstream data sources. Previously, skills were silently ignored + during sync (publishing still worked). :::note -This feature is merged but not yet released. +**SIEM-compliant audit logging** is merged but not yet released. A new +structured audit log captures all API operations with caller identity, resource +details, timing, and outcome. It supports dedicated log file output, event type +filtering, and optional request body capture, designed for NIST SP 800-53 AU-3 +compliance. ::: -A new structured audit log captures all API operations with caller identity, -resource details, timing, and outcome. It supports dedicated log file output, -event type filtering, and optional request body capture, designed for NIST SP -800-53 AU-3 compliance. - -### Other improvements - -- **Filter changes take effect immediately** — updating a registry's filter - configuration now triggers a re-sync right away rather than waiting for the - next upstream data change. -- **Fixed incomplete list results** — list endpoints for sources and registries - could previously return incomplete pages when access control filtering removed - rows. Pages are now always filled correctly. +Additional fixes include immediate re-sync when filter configuration changes +(rather than waiting for the next upstream data change) and corrected pagination +for list endpoints that previously returned incomplete pages when access control +filtering removed rows. -## Kubernetes Operator: Rate limiting +## Kubernetes Operator: Token-bucket rate limiting -The Kubernetes Operator now supports +The [Kubernetes Operator](/toolhive/guides-k8s/) now supports [token-bucket rate limiting](/toolhive/guides-k8s/rate-limiting) to prevent -individual users from monopolizing shared MCP servers. You can configure shared -limits that cap total requests across all users, per-user limits that give each +individual users from monopolizing shared MCP servers. Configure shared limits +that cap total requests across all users, per-user limits that give each authenticated user an independent bucket, or combine both. Only `tools/call` requests are rate-limited — lifecycle and discovery methods pass through. When a request exceeds the limit, the proxy responds with HTTP 429 and a `Retry-After` header. Rate limiting requires Redis for counter storage and fails open if Redis is unreachable. -## Embedded authorization server +## Virtual MCP Server: Embedded authorization server docs The [embedded authorization server](/toolhive/guides-vmcp/authentication#embedded-authorization-server) -operates as an OAuth authorization server integrated within the vMCP process. It -handles user authentication through upstream identity providers like GitHub, -Google, or Okta, stores their tokens, and issues JWTs for subsequent vMCP -requests. The server supports OAuth 2.0 Dynamic Client Registration (RFC 7591) -so MCP clients can self-register without manual configuration. For outgoing -requests, it can either forward stored upstream tokens directly or exchange them -at a different identity provider for backend-specific credentials. +documentation now covers the full OAuth authorization server integrated within +vMCP. The auth server handles user authentication through upstream identity +providers like GitHub, Google, or Okta, stores their tokens, and issues JWTs for +subsequent vMCP requests. It supports OAuth 2.0 Dynamic Client Registration +(RFC 7591) so MCP clients can self-register without manual configuration, and +offers two outgoing authentication strategies: forwarding stored upstream tokens +directly, or exchanging them at a different identity provider for +backend-specific credentials. ## Getting started From 44fb936263be06ebb15b8a7c41fbc526a275daa4 Mon Sep 17 00:00:00 2001 From: Derek Tu Date: Mon, 13 Apr 2026 12:52:36 -0700 Subject: [PATCH 03/10] Remove SIEM-compliant audit logging callout Co-Authored-By: Claude Sonnet 4.6 --- blog/toolhive-updates/2026-04-13-updates.mdx | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx index 086a85b0..ee6516bb 100644 --- a/blog/toolhive-updates/2026-04-13-updates.mdx +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -62,16 +62,6 @@ access control across all endpoints and improves operational reliability: servers from upstream data sources. Previously, skills were silently ignored during sync (publishing still worked). -:::note - -**SIEM-compliant audit logging** is merged but not yet released. A new -structured audit log captures all API operations with caller identity, resource -details, timing, and outcome. It supports dedicated log file output, event type -filtering, and optional request body capture, designed for NIST SP 800-53 AU-3 -compliance. - -::: - Additional fixes include immediate re-sync when filter configuration changes (rather than waiting for the next upstream data change) and corrected pagination for list endpoints that previously returned incomplete pages when access control From 86cb2f1ae3e3d696a786ac2d4b8264c0bf7c2778 Mon Sep 17 00:00:00 2001 From: Derek Tu Date: Mon, 13 Apr 2026 13:11:55 -0700 Subject: [PATCH 04/10] Address PR review feedback - Replace "ToolHive Studio" with "ToolHive desktop UI" throughout - Remove MCP Optimizer mention (deprecated/removed in UI) - Remove Sentry tracing and duplicate MCP Apps from under-the-hood - Add "and skill" to per-entry access control for K8s sources - Rename K8s section to "Per-user, per-tool call rate limiting" - Rephrase to use "MCPServers in Kubernetes" instead of "Kubernetes Operator" Co-Authored-By: Claude Sonnet 4.6 --- blog/toolhive-updates/2026-04-13-updates.mdx | 41 ++++++++++---------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx index ee6516bb..5ba18a4e 100644 --- a/blog/toolhive-updates/2026-04-13-updates.mdx +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -1,23 +1,23 @@ --- title: Threaded chat, claim-based authorization, and Kubernetes rate limiting -sidebar_label: 'Apr 13: Studio Playground and registry auth' +sidebar_label: 'Apr 13: Desktop UI Playground and registry auth' description: - ToolHive Studio ships threaded chat and MCP Apps in the Playground, the - Registry Server introduces claim-based authorization with per-entry access - control, and the Kubernetes Operator gains token-bucket rate limiting. + The ToolHive desktop UI ships threaded chat and MCP Apps in the Playground, + the Registry Server introduces claim-based authorization with per-entry access + control, and MCPServers in Kubernetes gain per-user rate limiting. --- -This week brings a major Playground upgrade in ToolHive Studio with threaded -chat and MCP Apps, claim-based authorization across the Registry Server for -fine-grained access control, and token-bucket rate limiting in the Kubernetes -Operator to protect shared MCP servers from noisy neighbors. +This week brings a major Playground upgrade in the ToolHive desktop UI with +threaded chat and MCP Apps, claim-based authorization across the Registry Server +for fine-grained access control, and per-user, per-tool call rate limiting for +MCPServers in Kubernetes. {/* truncate */} -## ToolHive Studio: Playground upgrade and skills management +## ToolHive desktop UI: Playground upgrade and skills management -[ToolHive Studio](/toolhive/guides-ui/) v0.28.1 ships a redesigned Playground -experience and new skills tooling: +The [ToolHive desktop UI](/toolhive/guides-ui/) v0.28.1 ships a redesigned +Playground experience and new skills tooling: - **Threaded chat in the Playground** supports multiple chat threads with a sidebar, similar to the experience in Claude Desktop or ChatGPT. You can star, @@ -32,9 +32,8 @@ experience and new skills tooling: built via `thv skill build`, with options to remove builds or install them directly from the card. -Under the hood, this release bundles ToolHive v0.16.0 and MCP Optimizer v0.3.0, -adds Sentry tracing for Playground thread actions and MCP Apps, fixes CLI setup -writing to both `.bashrc` and `.bash_profile` on Linux, and patches Hono CVEs +Under the hood, this release bundles ToolHive v0.16.0, fixes CLI setup writing +to both `.bashrc` and `.bash_profile` on Linux, and patches Hono CVEs (CVE-2026-39406 through CVE-2026-39410). ## Registry Server: Claim-based authorization and access control @@ -47,8 +46,8 @@ access control across all endpoints and improves operational reliability: to — unauthorized resources are hidden entirely rather than returning permission errors. - **Per-entry access control for Kubernetes sources** lets individual MCP server - entries carry their own authorization claims, enabling per-user or per-team - visibility without needing a separate source per team. + and skill entries carry their own authorization claims, enabling per-user or + per-team visibility without needing a separate source per team. - **Immutable entry visibility** ensures that once an entry is published with a specific set of claims, subsequent versions must use identical claims, preventing accidental changes to who can see a resource. @@ -67,12 +66,12 @@ Additional fixes include immediate re-sync when filter configuration changes for list endpoints that previously returned incomplete pages when access control filtering removed rows. -## Kubernetes Operator: Token-bucket rate limiting +## Kubernetes: Per-user, per-tool call rate limiting -The [Kubernetes Operator](/toolhive/guides-k8s/) now supports -[token-bucket rate limiting](/toolhive/guides-k8s/rate-limiting) to prevent -individual users from monopolizing shared MCP servers. Configure shared limits -that cap total requests across all users, per-user limits that give each +[MCPServers in Kubernetes](/toolhive/guides-k8s/) now support +[per-user, per-tool call rate limiting](/toolhive/guides-k8s/rate-limiting) to +prevent individual users from monopolizing shared MCP servers. Configure shared +limits that cap total requests across all users, per-user limits that give each authenticated user an independent bucket, or combine both. Only `tools/call` requests are rate-limited — lifecycle and discovery methods pass through. When a request exceeds the limit, the proxy responds with HTTP 429 and a `Retry-After` From 070a037df15c9ee64f4265939b52a6e991878614 Mon Sep 17 00:00:00 2001 From: Derek Tu Date: Mon, 13 Apr 2026 13:29:33 -0700 Subject: [PATCH 05/10] Address remaining PR review feedback - Reframe vMCP section as a feature highlight, not a docs update - Add use cases for rate limiting: resource exhaustion, performance degradation, and data exfiltration Co-Authored-By: Claude Sonnet 4.6 --- blog/toolhive-updates/2026-04-13-updates.mdx | 31 ++++++++++---------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx index 5ba18a4e..f60d7290 100644 --- a/blog/toolhive-updates/2026-04-13-updates.mdx +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -70,22 +70,23 @@ filtering removed rows. [MCPServers in Kubernetes](/toolhive/guides-k8s/) now support [per-user, per-tool call rate limiting](/toolhive/guides-k8s/rate-limiting) to -prevent individual users from monopolizing shared MCP servers. Configure shared -limits that cap total requests across all users, per-user limits that give each -authenticated user an independent bucket, or combine both. Only `tools/call` -requests are rate-limited — lifecycle and discovery methods pass through. When a -request exceeds the limit, the proxy responds with HTTP 429 and a `Retry-After` -header. Rate limiting requires Redis for counter storage and fails open if Redis -is unreachable. - -## Virtual MCP Server: Embedded authorization server docs - -The +protect backend services from resource exhaustion, prevent performance +degradation under heavy load, and mitigate data exfiltration risks. Configure +shared limits that cap total requests across all users, per-user limits that +give each authenticated user an independent bucket, or combine both. Only +`tools/call` requests are rate-limited — lifecycle and discovery methods pass +through. When a request exceeds the limit, the proxy responds with HTTP 429 and +a `Retry-After` header. Rate limiting requires Redis for counter storage and +fails open if Redis is unreachable. + +## Virtual MCP Server: Embedded authorization server + +[vMCP](/toolhive/guides-vmcp/) now includes an [embedded authorization server](/toolhive/guides-vmcp/authentication#embedded-authorization-server) -documentation now covers the full OAuth authorization server integrated within -vMCP. The auth server handles user authentication through upstream identity -providers like GitHub, Google, or Okta, stores their tokens, and issues JWTs for -subsequent vMCP requests. It supports OAuth 2.0 Dynamic Client Registration +that operates as a full OAuth authorization server integrated within the vMCP +process. It handles user authentication through upstream identity providers like +GitHub, Google, or Okta, stores their tokens, and issues JWTs for subsequent +vMCP requests. The server supports OAuth 2.0 Dynamic Client Registration (RFC 7591) so MCP clients can self-register without manual configuration, and offers two outgoing authentication strategies: forwarding stored upstream tokens directly, or exchanging them at a different identity provider for From 86da4debdc28615306a1f8c64765a873ecbafe43 Mon Sep 17 00:00:00 2001 From: Derek Tu Date: Mon, 13 Apr 2026 14:33:13 -0700 Subject: [PATCH 06/10] Capitalize Desktop in ToolHive Desktop UI, rename K8s section Co-Authored-By: Claude Sonnet 4.6 --- blog/toolhive-updates/2026-04-13-updates.mdx | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx index f60d7290..e012cc3f 100644 --- a/blog/toolhive-updates/2026-04-13-updates.mdx +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -2,21 +2,21 @@ title: Threaded chat, claim-based authorization, and Kubernetes rate limiting sidebar_label: 'Apr 13: Desktop UI Playground and registry auth' description: - The ToolHive desktop UI ships threaded chat and MCP Apps in the Playground, + The ToolHive Desktop UI ships threaded chat and MCP Apps in the Playground, the Registry Server introduces claim-based authorization with per-entry access control, and MCPServers in Kubernetes gain per-user rate limiting. --- -This week brings a major Playground upgrade in the ToolHive desktop UI with +This week brings a major Playground upgrade in the ToolHive Desktop UI with threaded chat and MCP Apps, claim-based authorization across the Registry Server for fine-grained access control, and per-user, per-tool call rate limiting for MCPServers in Kubernetes. {/* truncate */} -## ToolHive desktop UI: Playground upgrade and skills management +## ToolHive Desktop UI: Playground upgrade and skills management -The [ToolHive desktop UI](/toolhive/guides-ui/) v0.28.1 ships a redesigned +The [ToolHive Desktop UI](/toolhive/guides-ui/) v0.28.1 ships a redesigned Playground experience and new skills tooling: - **Threaded chat in the Playground** supports multiple chat threads with a @@ -66,7 +66,7 @@ Additional fixes include immediate re-sync when filter configuration changes for list endpoints that previously returned incomplete pages when access control filtering removed rows. -## Kubernetes: Per-user, per-tool call rate limiting +## Rate limit for MCP tool calls [MCPServers in Kubernetes](/toolhive/guides-k8s/) now support [per-user, per-tool call rate limiting](/toolhive/guides-k8s/rate-limiting) to From dfe1308ab509cd5cd629d9fd27d2fb7e49d80a8d Mon Sep 17 00:00:00 2001 From: Derek Tu Date: Mon, 13 Apr 2026 14:36:17 -0700 Subject: [PATCH 07/10] Update title and section heading for rate limiting Co-Authored-By: Claude Sonnet 4.6 --- blog/toolhive-updates/2026-04-13-updates.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx index e012cc3f..30b739e5 100644 --- a/blog/toolhive-updates/2026-04-13-updates.mdx +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -1,5 +1,5 @@ --- -title: Threaded chat, claim-based authorization, and Kubernetes rate limiting +title: Threaded chat, claim-based authorization, and MCP tool rate limiting sidebar_label: 'Apr 13: Desktop UI Playground and registry auth' description: The ToolHive Desktop UI ships threaded chat and MCP Apps in the Playground, @@ -66,7 +66,7 @@ Additional fixes include immediate re-sync when filter configuration changes for list endpoints that previously returned incomplete pages when access control filtering removed rows. -## Rate limit for MCP tool calls +## Rate limiting for MCP tools calls [MCPServers in Kubernetes](/toolhive/guides-k8s/) now support [per-user, per-tool call rate limiting](/toolhive/guides-k8s/rate-limiting) to From 0ce3ecce36cab7c6e6f957eae62c53303bf7ac5c Mon Sep 17 00:00:00 2001 From: Derek Tu Date: Mon, 13 Apr 2026 14:37:46 -0700 Subject: [PATCH 08/10] Remove local builds tab bullet point Co-Authored-By: Claude Sonnet 4.6 --- blog/toolhive-updates/2026-04-13-updates.mdx | 3 --- 1 file changed, 3 deletions(-) diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx index 30b739e5..7d9d220a 100644 --- a/blog/toolhive-updates/2026-04-13-updates.mdx +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -28,9 +28,6 @@ Playground experience and new skills tooling: tools that declare a UI resource. The app runs in a sandboxed iframe with server-declared CSP, supporting both inline and fullscreen display modes. This implements the `mcp-apps/2026-01-26` spec. -- **Local builds tab for skills** (still behind a feature flag) shows everything - built via `thv skill build`, with options to remove builds or install them - directly from the card. Under the hood, this release bundles ToolHive v0.16.0, fixes CLI setup writing to both `.bashrc` and `.bash_profile` on Linux, and patches Hono CVEs From 0afd29011962663077a31929a426f00a61a7a824 Mon Sep 17 00:00:00 2001 From: Derek Tu Date: Mon, 13 Apr 2026 14:42:04 -0700 Subject: [PATCH 09/10] Address latest review feedback - Add vMCP to description and update sidebar label - Clarify mcp-apps spec reference with context - Broaden sidebar label to cover more topics Co-Authored-By: Claude Sonnet 4.6 --- blog/toolhive-updates/2026-04-13-updates.mdx | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx index 7d9d220a..69ce24d2 100644 --- a/blog/toolhive-updates/2026-04-13-updates.mdx +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -1,10 +1,11 @@ --- title: Threaded chat, claim-based authorization, and MCP tool rate limiting -sidebar_label: 'Apr 13: Desktop UI Playground and registry auth' +sidebar_label: 'Apr 13: Playground, registry auth, and rate limiting' description: The ToolHive Desktop UI ships threaded chat and MCP Apps in the Playground, the Registry Server introduces claim-based authorization with per-entry access - control, and MCPServers in Kubernetes gain per-user rate limiting. + control, MCPServers in Kubernetes gain per-user rate limiting, and vMCP gains + an embedded OAuth authorization server. --- This week brings a major Playground upgrade in the ToolHive Desktop UI with @@ -27,7 +28,8 @@ Playground experience and new skills tooling: - **MCP Apps** render interactive HTML views directly inside the chat for MCP tools that declare a UI resource. The app runs in a sandboxed iframe with server-declared CSP, supporting both inline and fullscreen display modes. This - implements the `mcp-apps/2026-01-26` spec. + implements the `mcp-apps/2026-01-26` draft MCP specification for interactive + UI resources. Under the hood, this release bundles ToolHive v0.16.0, fixes CLI setup writing to both `.bashrc` and `.bash_profile` on Linux, and patches Hono CVEs From 0592c9ca30950b920b8924b8fff4f7e724420d39 Mon Sep 17 00:00:00 2001 From: Derek2Tu Date: Mon, 13 Apr 2026 14:51:36 -0700 Subject: [PATCH 10/10] Update blog/toolhive-updates/2026-04-13-updates.mdx Co-authored-by: Dan Barr --- blog/toolhive-updates/2026-04-13-updates.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blog/toolhive-updates/2026-04-13-updates.mdx b/blog/toolhive-updates/2026-04-13-updates.mdx index 69ce24d2..88e12841 100644 --- a/blog/toolhive-updates/2026-04-13-updates.mdx +++ b/blog/toolhive-updates/2026-04-13-updates.mdx @@ -65,7 +65,7 @@ Additional fixes include immediate re-sync when filter configuration changes for list endpoints that previously returned incomplete pages when access control filtering removed rows. -## Rate limiting for MCP tools calls +## Rate limiting for MCP tool calls [MCPServers in Kubernetes](/toolhive/guides-k8s/) now support [per-user, per-tool call rate limiting](/toolhive/guides-k8s/rate-limiting) to