Commit dc637b2
Release/v1.0.4 (#5311)
* fix(docker): restrict hermetic wheel closure to s390x/ppc64le only
Signed-off-by: Madhu Mohan Jaishankar <madhu.mohan.jaishankar@ibm.com>
* Updated version to 1.0.4
Signed-off-by: cafalchio <mcafalchio@gmail.com>
* npm audit fix
Signed-off-by: Gabriel Costa <gabrielcg@proton.me>
* Updated python versions
Signed-off-by: cafalchio <mcafalchio@gmail.com>
* Updated UBI container versions
Signed-off-by: cafalchio <mcafalchio@gmail.com>
* chore: refresh release dependency locks
Signed-off-by: lucarlig <luca.carlig@ibm.com>
* chore: bump cpex plugin packages
Signed-off-by: lucarlig <luca.carlig@ibm.com>
* chore: refresh Go dependencies
Signed-off-by: lucarlig <luca.carlig@ibm.com>
* code quality gates
Signed-off-by: cafalchio <mcafalchio@gmail.com>
* docs: add cargo-vet prune release step
Signed-off-by: lucarlig <luca.carlig@ibm.com>
* Addressed dependabot issues
Signed-off-by: cafalchio <mcafalchio@gmail.com>
* fix(deps): remove duplicate python-multipart entry in uv.lock
The python-multipart [[package]] block in uv.lock had its version, sdist,
and wheel lines duplicated (introduced in the dependabot merge), producing
invalid TOML (duplicate keys). uv could not parse the lockfile, which broke
every uv-based command and test gate. Remove the three duplicate lines so
the block is well-formed again.
Signed-off-by: Pratik Gandhi <gandhipratik203@gmail.com>
* fix(sso): merge Keycloak realm/client roles from access_token, not just userinfo/id_token
Keycloak's built-in "realm roles" and "client roles" client-scope mappers
default access.token.claim=true but id.token.claim=userinfo.token.claim=false.
Since SSO role mapping reads claims from the userinfo response (with an
id_token fallback for split-host 401s), realm_access/resource_access were
silently missing on any stock Keycloak setup, even when the operator
assigned the correct role and configured SSO_KEYCLOAK_ROLE_MAPPINGS
correctly. New admins (and any role-mapped user) would fall through to
the default role instead.
_get_user_info()/_enrich_user_data_from_claims() now also decode the
already-in-hand access_token and merge realm_access/resource_access/groups
when missing from userinfo and id_token, covering both the normal 200 path
and the existing 401 split-host fallback.
Also fix a related inconsistency in _map_groups_to_roles(): role_mappings
lookups were case-sensitive while _should_user_be_admin() already matched
case-insensitively, which could grant is_admin=True with no matching RBAC
role row when IdP role casing differed from the configured mapping key.
Updated the local Keycloak dev seed (infra/keycloak/realm-export.json) to
explicitly enable id_token/userinfo claim inclusion on the realm/client
role mappers, and documented the default-mapper gotcha in the Keycloak SSO
tutorial.
Closes #5327
Signed-off-by: Suresh Kumar Moharajan <suresh.kumar.m@ibm.com>
* chore: update detect-secrets baseline for keycloak SSO claims fix
Line numbers shifted in mcpgateway/services/sso_service.py and
tests/unit/mcpgateway/services/test_sso_service.py after the role-claims
merge fix; regenerated via make detect-secrets-scan.
Signed-off-by: Suresh Kumar Moharajan <suresh.kumar.m@ibm.com>
* chore: fix stale line number in detect-secrets baseline
Previous baseline update had an off-by-one line number for the existing
admin.html allowlisted entry; regenerated to match current file state.
Signed-off-by: Suresh Kumar Moharajan <suresh.kumar.m@ibm.com>
* chore: regenerate detect-secrets baseline (stable)
Baseline had residual stale line-number drift from earlier regenerations
run against transient working-tree states. Re-scanned against the clean
checkout; two consecutive scans now agree with no diff.
Signed-off-by: Suresh Kumar Moharajan <suresh.kumar.m@ibm.com>
* chore: regenerate detect-secrets baseline via pinned pre-commit hook
Earlier regeneration used the Makefile's pinned detect-secrets release via
'make detect-secrets-scan', which computes slightly different line offsets
than the IBM fork pinned in .pre-commit-config.yaml that CI actually runs.
Regenerate using 'pre-commit run detect-secrets' so the baseline matches
what CI checks against.
Signed-off-by: Suresh Kumar Moharajan <suresh.kumar.m@ibm.com>
* chore: fix stale realm-export.json line number in detect-secrets baseline
Previous commit captured the baseline before the post-stabilization scan
result; the realm-export.json entry shifts from line 172 to 200 because
this PR adds 28 lines of protocolMappers above it.
Signed-off-by: Suresh Kumar Moharajan <suresh.kumar.m@ibm.com>
* Updated cryptography and msgpack
Signed-off-by: cafalchio <mcafalchio@gmail.com>
* fix(ci): pin buildx version to avoid Docker Hub rate-limit on setup-buildx-action
Signed-off-by: Madhu Mohan Jaishankar <madhu.mohan.jaishankar@ibm.com>
* chore(docker): update UBI image versions
Signed-off-by: Madhu Mohan Jaishankar <madhu.mohan.jaishankar@ibm.com>
* docs: update roadmap for release 1.0.4 due date and changelog reference
Signed-off-by: Lang-Akshay <akshay.shinde26@ibm.com>
* fix(secrets): update generated_at timestamp and adjust line numbers for detected secrets
Signed-off-by: Lang-Akshay <akshay.shinde26@ibm.com>
* docs: update 1.0.4 release description in roadmap to reflect accurate focus areas
Signed-off-by: Lang-Akshay <akshay.shinde26@ibm.com>
* fix secrets
Signed-off-by: cafalchio <mcafalchio@gmail.com>
* fixed secrets
Signed-off-by: cafalchio <mcafalchio@gmail.com>
* Updated langsmith python package
Signed-off-by: cafalchio <mcafalchio@gmail.com>
---------
Signed-off-by: Madhu Mohan Jaishankar <madhu.mohan.jaishankar@ibm.com>
Signed-off-by: cafalchio <mcafalchio@gmail.com>
Signed-off-by: Gabriel Costa <gabrielcg@proton.me>
Signed-off-by: lucarlig <luca.carlig@ibm.com>
Signed-off-by: Pratik Gandhi <gandhipratik203@gmail.com>
Signed-off-by: Suresh Kumar Moharajan <suresh.kumar.m@ibm.com>
Signed-off-by: Lang-Akshay <akshay.shinde26@ibm.com>
Co-authored-by: Madhu Mohan Jaishankar <madhu.mohan.jaishankar@ibm.com>
Co-authored-by: Gabriel Costa <gabrielcg@proton.me>
Co-authored-by: lucarlig <luca.carlig@ibm.com>
Co-authored-by: Pratik Gandhi <gandhipratik203@gmail.com>
Co-authored-by: Suresh Kumar Moharajan <suresh.kumar.m@ibm.com>
Co-authored-by: Lang-Akshay <akshay.shinde26@ibm.com>1 parent 30a7057 commit dc637b2
32 files changed
Lines changed: 1706 additions & 2814 deletions
File tree
- .github/workflows
- charts/mcp-stack
- docs/docs
- architecture
- development
- manage
- infra/keycloak
- mcp-servers
- go/fast-time-server
- rust
- fast-time-server
- filesystem-server
- mcpgateway
- services
- tools/builder
- scripts
- supply-chain
- tests/unit
- mcpgateway
- services
- tools/builder
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | | - | |
| 2 | + | |
3 | 3 | | |
4 | 4 | | |
5 | 5 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
59 | 59 | | |
60 | 60 | | |
61 | 61 | | |
62 | | - | |
63 | | - | |
64 | | - | |
65 | | - | |
66 | | - | |
| 62 | + | |
| 63 | + | |
| 64 | + | |
| 65 | + | |
| 66 | + | |
| 67 | + | |
67 | 68 | | |
68 | 69 | | |
69 | 70 | | |
| |||
73 | 74 | | |
74 | 75 | | |
75 | 76 | | |
76 | | - | |
77 | | - | |
78 | | - | |
79 | | - | |
80 | | - | |
81 | | - | |
82 | 77 | | |
83 | 78 | | |
84 | 79 | | |
| |||
107 | 102 | | |
108 | 103 | | |
109 | 104 | | |
| 105 | + | |
| 106 | + | |
110 | 107 | | |
111 | 108 | | |
112 | 109 | | |
| |||
220 | 217 | | |
221 | 218 | | |
222 | 219 | | |
| 220 | + | |
| 221 | + | |
223 | 222 | | |
224 | 223 | | |
225 | 224 | | |
| |||
231 | 230 | | |
232 | 231 | | |
233 | 232 | | |
234 | | - | |
235 | | - | |
236 | | - | |
237 | | - | |
238 | | - | |
239 | | - | |
240 | | - | |
241 | | - | |
242 | | - | |
243 | | - | |
244 | | - | |
| 233 | + | |
| 234 | + | |
| 235 | + | |
| 236 | + | |
| 237 | + | |
| 238 | + | |
| 239 | + | |
245 | 240 | | |
246 | 241 | | |
247 | 242 | | |
248 | | - | |
249 | | - | |
250 | | - | |
251 | | - | |
252 | | - | |
253 | | - | |
254 | | - | |
255 | | - | |
256 | | - | |
257 | | - | |
| 243 | + | |
| 244 | + | |
| 245 | + | |
| 246 | + | |
| 247 | + | |
| 248 | + | |
| 249 | + | |
| 250 | + | |
| 251 | + | |
| 252 | + | |
| 253 | + | |
| 254 | + | |
| 255 | + | |
| 256 | + | |
| 257 | + | |
| 258 | + | |
258 | 259 | | |
259 | | - | |
260 | | - | |
| 260 | + | |
261 | 261 | | |
262 | 262 | | |
263 | 263 | | |
| |||
333 | 333 | | |
334 | 334 | | |
335 | 335 | | |
| 336 | + | |
| 337 | + | |
336 | 338 | | |
337 | 339 | | |
338 | 340 | | |
| |||
0 commit comments