Update ToolHive reference docs for v0.13.0 (#635)

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: github-actions[bot]

docs/toolhive/reference/cli/thv_config.md

@@ -41,11 +41,9 @@ The config command provides subcommands to manage application configuration sett
 * [thv config set-build-env](thv_config_set-build-env.md)	 - Set a build environment variable for protocol builds
 * [thv config set-ca-cert](thv_config_set-ca-cert.md)	 - Set the default CA certificate for container builds
 * [thv config set-registry](thv_config_set-registry.md)	 - Set the MCP server registry
-* [thv config set-registry-auth](thv_config_set-registry-auth.md)	 - Configure OAuth/OIDC authentication for the registry
 * [thv config unset-build-auth-file](thv_config_unset-build-auth-file.md)	 - Remove build auth file(s)
 * [thv config unset-build-env](thv_config_unset-build-env.md)	 - Remove build environment variable(s)
 * [thv config unset-ca-cert](thv_config_unset-ca-cert.md)	 - Remove the configured CA certificate
 * [thv config unset-registry](thv_config_unset-registry.md)	 - Remove the configured registry
-* [thv config unset-registry-auth](thv_config_unset-registry-auth.md)	 - Remove registry authentication configuration
 * [thv config usage-metrics](thv_config_usage-metrics.md)	 - Enable or disable anonymous usage metrics
 

docs/toolhive/reference/cli/thv_config_set-registry-auth.md

@@ -21,11 +21,16 @@ The command automatically detects the registry type:
   - Other URLs are treated as MCP Registry API endpoints (v0.1 spec)
   - Local paths are treated as local registry files
 
+Any previously configured registry authentication is cleared when this command is run.
+To configure OIDC authentication, provide --issuer and --client-id flags.
+
 Examples:
   thv config set-registry https://example.com/registry.json           # Static remote file
   thv config set-registry https://registry.example.com                # API endpoint
   thv config set-registry /path/to/local-registry.json               # Local file path
   thv config set-registry file:///path/to/local-registry.json        # Explicit file URL
+  thv config set-registry https://registry.example.com \
+    --issuer https://auth.company.com --client-id toolhive-cli       # With OAuth auth
 
 ```
 thv config set-registry <url-or-path> [flags]
@@ -35,7 +40,11 @@ thv config set-registry <url-or-path> [flags]
 
 ```
   -p, --allow-private-ip   Allow setting the registry URL or API endpoint, even if it references a private IP address (default false)
+      --audience string    OAuth audience parameter for registry authentication
+      --client-id string   OAuth client ID for registry authentication
   -h, --help               help for set-registry
+      --issuer string      OIDC issuer URL for registry authentication
+      --scopes strings     OAuth scopes for registry authentication (default [openid,offline_access])
 ```
 
 ### Options inherited from parent commands

docs/toolhive/reference/cli/thv_config_set-registry.md

@@ -32,12 +32,12 @@ thv registry login [flags]
 ### Options
 
 ```
-      --audience string    OAuth audience (optional)
-      --client-id string   OAuth client ID to save if OAuth is not configured
+      --audience string    OAuth audience parameter for registry authentication (optional)
+      --client-id string   OAuth client ID for registry authentication
   -h, --help               help for login
-      --issuer string      OIDC issuer URL to save if OAuth is not configured
-      --registry string    Registry URL to save if not already configured
-      --scopes strings     OAuth scopes (defaults to openid,offline_access)
+      --issuer string      OIDC issuer URL for registry authentication
+      --registry string    Registry URL
+      --scopes strings     OAuth scopes for registry authentication (defaults to openid,offline_access)
 ```
 
 ### Options inherited from parent commands

docs/toolhive/reference/cli/thv_config_unset-registry-auth.md

@@ -155,6 +155,7 @@ thv run [flags] SERVER_OR_IMAGE_OR_PROTOCOL [-- ARGS...]
       --print-resolved-overlays                     Debug: show resolved container paths for tmpfs overlays (default false)
       --proxy-mode string                           Proxy mode for stdio (streamable-http or sse (deprecated, will be removed)) (default "streamable-http")
       --proxy-port int                              Port for the HTTP proxy to listen on (host port)
+  -p, --publish stringArray                         Publish a container's port(s) to the host (format: hostPort:containerPort)
       --remote-auth                                 Enable OAuth/OIDC authentication to remote MCP server (default false)
       --remote-auth-authorize-url string            OAuth authorization endpoint URL (alternative to --remote-auth-issuer for non-OIDC OAuth)
       --remote-auth-bearer-token string             Bearer token for remote server authentication (alternative to OAuth)
@@ -172,7 +173,7 @@ thv run [flags] SERVER_OR_IMAGE_OR_PROTOCOL [-- ARGS...]
       --remote-forward-headers stringArray          Headers to inject into requests to remote MCP server (format: Name=Value, can be repeated)
       --remote-forward-headers-secret stringArray   Headers with secret values from ToolHive secrets manager (format: Name=secret-name, can be repeated)
       --resource-url string                         Explicit resource URL for OAuth discovery endpoint (RFC 9728)
-      --runtime-add-package stringArray             Add additional packages to install in the builder stage (can be repeated)
+      --runtime-add-package stringArray             Add additional packages to install in the builder and runtime stages (can be repeated)
       --runtime-image string                        Override the default base image for protocol schemes (e.g., golang:1.24-alpine, node:20-alpine, python:3.11-slim)
       --secret stringArray                          Specify a secret to be fetched from the secrets manager and set as an environment variable (format: NAME,target=TARGET)
       --target-host string                          Host to forward traffic to (only applicable to SSE or Streamable HTTP transport) (default "127.0.0.1")