Add weekly product update for Apr 13

blog/toolhive-updates/2026-04-13-updates.mdx

@@ -0,0 +1,105 @@
+---
+title: Threaded chat, claim-based authorization, and MCP tool rate limiting
+sidebar_label: 'Apr 13: Playground, registry auth, and rate limiting'
+description:
+  The ToolHive Desktop UI ships threaded chat and MCP Apps in the Playground,
+  the Registry Server introduces claim-based authorization with per-entry access
+  control, MCPServers in Kubernetes gain per-user rate limiting, and vMCP gains
+  an embedded OAuth authorization server.
+---
+
+This week brings a major Playground upgrade in the ToolHive Desktop UI with
+threaded chat and MCP Apps, claim-based authorization across the Registry Server
+for fine-grained access control, and per-user, per-tool call rate limiting for
+MCPServers in Kubernetes.
+
+{/* truncate */}
+
+## ToolHive Desktop UI: Playground upgrade and skills management
+
+The [ToolHive Desktop UI](/toolhive/guides-ui/) v0.28.1 ships a redesigned
+Playground experience and new skills tooling:
+
+- **Threaded chat in the Playground** supports multiple chat threads with a
+  sidebar, similar to the experience in Claude Desktop or ChatGPT. You can star,
+  rename, and delete threads, and titles are auto-generated by the active model
+  after the first response. Scroll position is persisted per thread so you don't
+  lose your place when switching around.
+- **MCP Apps** render interactive HTML views directly inside the chat for MCP
+  tools that declare a UI resource. The app runs in a sandboxed iframe with
+  server-declared CSP, supporting both inline and fullscreen display modes. This
+  implements the `mcp-apps/2026-01-26` draft MCP specification for interactive
+  UI resources.
+
+Under the hood, this release bundles ToolHive v0.16.0, fixes CLI setup writing
+to both `.bashrc` and `.bash_profile` on Linux, and patches Hono CVEs
+(CVE-2026-39406 through CVE-2026-39410).
+
+## Registry Server: Claim-based authorization and access control
+
+The [Registry Server](/toolhive/guides-registry/) introduces identity-aware
+access control across all endpoints and improves operational reliability:
+
+- **Claim-based authorization** gates all read, write, and admin operations by
+  JWT claims. You only see and manage the resources your identity grants access
+  to — unauthorized resources are hidden entirely rather than returning
+  permission errors.
+- **Per-entry access control for Kubernetes sources** lets individual MCP server
+  and skill entries carry their own authorization claims, enabling per-user or
+  per-team visibility without needing a separate source per team.
+- **Immutable entry visibility** ensures that once an entry is published with a
+  specific set of claims, subsequent versions must use identical claims,
+  preventing accidental changes to who can see a resource.
+- **Caller identity endpoint** exposes a new `/me` endpoint that returns your
+  authenticated identity and roles, following the same pattern used by GitHub,
+  Microsoft Graph, and Slack. Useful for frontends to display user context and
+  derive permissions.
+- **Source and registry entry browsing** lets admins list all entries within a
+  specific source or registry, making it easier to audit what's being served.
+- **Skills sync from external sources** picks up and serves skills alongside
+  servers from upstream data sources. Previously, skills were silently ignored
+  during sync (publishing still worked).
+
+Additional fixes include immediate re-sync when filter configuration changes
+(rather than waiting for the next upstream data change) and corrected pagination
+for list endpoints that previously returned incomplete pages when access control
+filtering removed rows.
+
+## Rate limiting for MCP tool calls
+
+[MCPServers in Kubernetes](/toolhive/guides-k8s/) now support
+[per-user, per-tool call rate limiting](/toolhive/guides-k8s/rate-limiting) to
+protect backend services from resource exhaustion, prevent performance
+degradation under heavy load, and mitigate data exfiltration risks. Configure
+shared limits that cap total requests across all users, per-user limits that
+give each authenticated user an independent bucket, or combine both. Only
+`tools/call` requests are rate-limited — lifecycle and discovery methods pass
+through. When a request exceeds the limit, the proxy responds with HTTP 429 and
+a `Retry-After` header. Rate limiting requires Redis for counter storage and
+fails open if Redis is unreachable.
+
+## Virtual MCP Server: Embedded authorization server
+
+[vMCP](/toolhive/guides-vmcp/) now includes an
+[embedded authorization server](/toolhive/guides-vmcp/authentication#embedded-authorization-server)
+that operates as a full OAuth authorization server integrated within the vMCP
+process. It handles user authentication through upstream identity providers like
+GitHub, Google, or Okta, stores their tokens, and issues JWTs for subsequent
+vMCP requests. The server supports OAuth 2.0 Dynamic Client Registration
+(RFC 7591) so MCP clients can self-register without manual configuration, and
+offers two outgoing authentication strategies: forwarding stored upstream tokens
+directly, or exchanging them at a different identity provider for
+backend-specific credentials.
+
+## Getting started
+
+For detailed release notes, check the project repositories:
+
+- [ToolHive Runtimes](https://github.com/stacklok/toolhive/releases) (CLI and
+  Kubernetes Operator)
+- [ToolHive Desktop UI](https://github.com/stacklok/toolhive-studio/releases)
+- [ToolHive Cloud UI](https://github.com/stacklok/toolhive-cloud-ui/releases)
+- [ToolHive Registry Server](https://github.com/stacklok/toolhive-registry-server/releases)
+
+You can find all ToolHive documentation on the
+[Stacklok documentation site](/toolhive).