Add vMCP MCPServerEntry static backend support (#4707)

* Add vMCP MCPServerEntry static backend support

Enable vMCP static mode to parse and connect to MCPServerEntry-type
backends from ConfigMap configuration, routing MCP traffic directly to
remote servers without proxy pods.

- Add BackendType constants (container, proxy, entry) to vmcp types
- Extend StaticBackendConfig with Type and CABundlePath fields
- Propagate entry backend fields through discoverer to Backend
- Add custom CA bundle support to HTTP client transport (per-backend)
- Add config validation for entry backend type and CA bundle paths
- Add unit tests for all new functionality (19 test cases)

Closes #4658

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Address review feedback: harden path validation and TLS config

- Strengthen CA bundle path validation with null byte check,
  path traversal rejection, and absolute path requirement to match
  existing patterns in pkg/git/client.go and pkg/server/discovery/
- Clone TLS config instead of replacing it to preserve existing
  settings (e.g. NextProtos for HTTP/2 ALPN) from the cloned transport
- Add backward-compatibility comments to unused BackendType constants
- Add test cases for null bytes and relative paths in CA bundle path

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Remove duplicate CABundlePath from StaticBackendConfig

Main gained a CABundlePath field (after Metadata) via #4698 while this
branch added one (before Metadata, alongside Type). Remove the duplicate
to fix the build.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

* Regenerate CRD manifests and API docs

Update VirtualMCPServer CRD schema to include the new Type field on
StaticBackendConfig. Regenerated with task operator-manifests and
task crdref-gen.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: ChrisJBurns

deploy/charts/operator-crds/files/crds/toolhive.stacklok.dev_virtualmcpservers.yaml

@@ -842,9 +842,9 @@ spec:
                       properties:
                         caBundlePath:
                           description: |-
-                            CABundlePath is the file path to the CA certificate bundle for TLS verification.
-                            Set by the operator when an MCPServerEntry has a caBundleRef, pointing to the
-                            mounted ConfigMap volume path (e.g., /etc/toolhive/ca-bundles/<entry-name>/ca.crt).
+                            CABundlePath is the file path to a custom CA certificate bundle for TLS verification.
+                            Only valid when Type is "entry". The operator mounts CA bundles at
+                            /etc/toolhive/ca-bundles/<name>/ca.crt.
                           type: string
                         metadata:
                           additionalProperties:
@@ -868,6 +868,14 @@ spec:
                           - sse
                           - streamable-http
                           type: string
+                        type:
+                          description: |-
+                            Type is the backend workload type: "entry" for MCPServerEntry backends, or empty
+                            for container/proxy backends. Entry backends connect directly to remote MCP servers.
+                          enum:
+                          - entry
+                          - ""
+                          type: string
                         url:
                           description: URL is the backend's MCP server base URL.
                           pattern: ^https?://

deploy/charts/operator-crds/templates/toolhive.stacklok.dev_virtualmcpservers.yaml

@@ -845,9 +845,9 @@ spec:
                       properties:
                         caBundlePath:
                           description: |-
-                            CABundlePath is the file path to the CA certificate bundle for TLS verification.
-                            Set by the operator when an MCPServerEntry has a caBundleRef, pointing to the
-                            mounted ConfigMap volume path (e.g., /etc/toolhive/ca-bundles/<entry-name>/ca.crt).
+                            CABundlePath is the file path to a custom CA certificate bundle for TLS verification.
+                            Only valid when Type is "entry". The operator mounts CA bundles at
+                            /etc/toolhive/ca-bundles/<name>/ca.crt.
                           type: string
                         metadata:
                           additionalProperties:
@@ -871,6 +871,14 @@ spec:
                           - sse
                           - streamable-http
                           type: string
+                        type:
+                          description: |-
+                            Type is the backend workload type: "entry" for MCPServerEntry backends, or empty
+                            for container/proxy backends. Entry backends connect directly to remote MCP servers.
+                          enum:
+                          - entry
+                          - ""
+                          type: string
                         url:
                           description: URL is the backend's MCP server base URL.
                           pattern: ^https?://

docs/operator/crd-api.md

@@ -269,6 +269,8 @@ func (d *backendDiscoverer) discoverFromStaticConfig() []vmcp.Backend {
 			Name:          staticBackend.Name,
 			BaseURL:       staticBackend.URL,
 			TransportType: staticBackend.Transport,
+			Type:          vmcp.BackendType(staticBackend.Type),
+			CABundlePath:  staticBackend.CABundlePath,
 			HealthStatus:  vmcp.BackendHealthy, // Assume healthy, actual health check happens later
 			Metadata:      staticBackend.Metadata,
 		}

pkg/vmcp/aggregator/discoverer.go

@@ -1309,6 +1309,116 @@ func TestStaticBackendDiscoverer_MetadataGroupOverride(t *testing.T) {
 	}
 }
 
+// TestStaticBackendDiscoverer_EntryBackendFields verifies that the Type and CABundlePath
+// fields from StaticBackendConfig are correctly propagated to the vmcp.Backend.
+func TestStaticBackendDiscoverer_EntryBackendFields(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name              string
+		staticBackends    []config.StaticBackendConfig
+		groupRef          string
+		expectedType      vmcp.BackendType
+		expectedCABundle  string
+		expectedName      string
+		expectedURL       string
+		expectedTransport string
+		expectedMetaEnv   string
+		checkOtherFields  bool
+	}{
+		{
+			name: "entry backend with CA bundle",
+			staticBackends: []config.StaticBackendConfig{
+				{
+					Name:         "entry-mcp",
+					URL:          "https://mcp.internal:8443/mcp",
+					Transport:    "streamable-http",
+					Type:         "entry",
+					CABundlePath: "/some/path/ca.crt",
+				},
+			},
+			groupRef:         "test-group",
+			expectedType:     vmcp.BackendTypeEntry,
+			expectedCABundle: "/some/path/ca.crt",
+		},
+		{
+			name: "entry backend without CA bundle",
+			staticBackends: []config.StaticBackendConfig{
+				{
+					Name:      "entry-no-ca",
+					URL:       "https://mcp.external:443/mcp",
+					Transport: "streamable-http",
+					Type:      "entry",
+				},
+			},
+			groupRef:         "test-group",
+			expectedType:     vmcp.BackendTypeEntry,
+			expectedCABundle: "",
+		},
+		{
+			name: "container backend has empty type",
+			staticBackends: []config.StaticBackendConfig{
+				{
+					Name:      "container-backend",
+					URL:       "http://localhost:8080/mcp",
+					Transport: "sse",
+				},
+			},
+			groupRef:         "test-group",
+			expectedType:     "",
+			expectedCABundle: "",
+		},
+		{
+			name: "entry backend preserves other fields",
+			staticBackends: []config.StaticBackendConfig{
+				{
+					Name:         "full-entry",
+					URL:          "https://mcp.internal:8443/mcp",
+					Transport:    "streamable-http",
+					Type:         "entry",
+					CABundlePath: "/etc/toolhive/ca-bundles/internal/ca.crt",
+					Metadata:     map[string]string{"env": "prod"},
+				},
+			},
+			groupRef:          "test-group",
+			expectedType:      vmcp.BackendTypeEntry,
+			expectedCABundle:  "/etc/toolhive/ca-bundles/internal/ca.crt",
+			expectedName:      "full-entry",
+			expectedURL:       "https://mcp.internal:8443/mcp",
+			expectedTransport: "streamable-http",
+			expectedMetaEnv:   "prod",
+			checkOtherFields:  true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			ctx := context.Background()
+
+			discoverer := NewUnifiedBackendDiscovererWithStaticBackends(
+				tt.staticBackends,
+				nil, // No auth config needed for this test
+				tt.groupRef,
+			)
+
+			backends, err := discoverer.Discover(ctx, tt.groupRef)
+			require.NoError(t, err)
+			require.Len(t, backends, 1)
+
+			assert.Equal(t, tt.expectedType, backends[0].Type)
+			assert.Equal(t, tt.expectedCABundle, backends[0].CABundlePath)
+
+			if tt.checkOtherFields {
+				assert.Equal(t, tt.expectedName, backends[0].Name)
+				assert.Equal(t, tt.expectedURL, backends[0].BaseURL)
+				assert.Equal(t, tt.expectedTransport, backends[0].TransportType)
+				assert.Equal(t, tt.expectedMetaEnv, backends[0].Metadata["env"])
+			}
+		})
+	}
+}
+
 // TestBackendDiscoverer_Discover_DeterministicOrdering tests that Discover returns backends
 // in a deterministic order (sorted alphabetically by name) regardless of input order.
 // This prevents non-deterministic ConfigMap content that would cause unnecessary

pkg/vmcp/aggregator/discoverer_test.go

@@ -9,12 +9,15 @@ package client
 
 import (
 	"context"
+	"crypto/tls"
+	"crypto/x509"
 	"errors"
 	"fmt"
 	"io"
 	"log/slog"
 	"net"
 	"net/http"
+	"os"
 	"time"
 
 	"github.com/mark3labs/mcp-go/client"
@@ -87,25 +90,58 @@ func NewHTTPBackendClient(registry vmcpauth.OutgoingAuthRegistry) (vmcp.BackendC
 // environment-specific settings like TLS config or proxy overrides). Otherwise a transport
 // with the standard Go defaults is constructed, preserving proxy, dial timeout, HTTP/2, and
 // idle-connection settings that a zero-value &http.Transport{} would drop.
-func newBackendTransport() *http.Transport {
+//
+// If caBundlePath is non-empty, a custom TLS configuration is applied that trusts both
+// the system root CAs and the certificate(s) in the specified file. This is used for
+// entry-type backends with self-signed or internal CA certificates.
+func newBackendTransport(caBundlePath string) (*http.Transport, error) {
+	var t *http.Transport
 	if dt, ok := http.DefaultTransport.(*http.Transport); ok {
-		return dt.Clone()
-	}
-	// http.DefaultTransport has been replaced (e.g. in tests or by a third-party library).
-	// Construct a transport with the same defaults as the Go standard library uses for
-	// http.DefaultTransport so we don't silently drop proxy, timeout, or HTTP/2 settings.
-	return &http.Transport{
-		Proxy: http.ProxyFromEnvironment,
-		DialContext: (&net.Dialer{
-			Timeout:   30 * time.Second,
-			KeepAlive: 30 * time.Second,
-		}).DialContext,
-		ForceAttemptHTTP2:     true,
-		MaxIdleConns:          100,
-		IdleConnTimeout:       90 * time.Second,
-		TLSHandshakeTimeout:   10 * time.Second,
-		ExpectContinueTimeout: 1 * time.Second,
+		t = dt.Clone()
+	} else {
+		// http.DefaultTransport has been replaced (e.g. in tests or by a third-party library).
+		// Construct a transport with the same defaults as the Go standard library uses for
+		// http.DefaultTransport so we don't silently drop proxy, timeout, or HTTP/2 settings.
+		t = &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			DialContext: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).DialContext,
+			ForceAttemptHTTP2:     true,
+			MaxIdleConns:          100,
+			IdleConnTimeout:       90 * time.Second,
+			TLSHandshakeTimeout:   10 * time.Second,
+			ExpectContinueTimeout: 1 * time.Second,
+		}
+	}
+
+	if caBundlePath != "" {
+		caCert, err := os.ReadFile(caBundlePath) //nolint:gosec // CA bundle path is validated by config validator (no path traversal)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read CA bundle from %s: %w", caBundlePath, err)
+		}
+
+		caCertPool, err := x509.SystemCertPool()
+		if err != nil {
+			// Fall back to empty pool if system certs can't be loaded
+			caCertPool = x509.NewCertPool()
+		}
+
+		if !caCertPool.AppendCertsFromPEM(caCert) {
+			return nil, fmt.Errorf("failed to parse CA certificate from %s", caBundlePath)
+		}
+
+		if t.TLSClientConfig == nil {
+			t.TLSClientConfig = &tls.Config{}
+		} else {
+			t.TLSClientConfig = t.TLSClientConfig.Clone()
+		}
+		t.TLSClientConfig.RootCAs = caCertPool
+		t.TLSClientConfig.MinVersion = tls.VersionTLS12
 	}
+
+	return t, nil
 }
 
 // roundTripperFunc is a function adapter for http.RoundTripper.
@@ -202,7 +238,11 @@ func (h *httpBackendClient) defaultClientFactory(ctx context.Context, target *vm
 	//
 	// Clone DefaultTransport per call so each client gets an isolated connection pool,
 	// preventing stale keep-alive connections from one backend affecting others.
-	var baseTransport http.RoundTripper = newBackendTransport()
+	httpTransport, err := newBackendTransport(target.CABundlePath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create transport for backend %s: %w", target.WorkloadID, err)
+	}
+	var baseTransport http.RoundTripper = httpTransport
 
 	// Resolve authentication strategy ONCE at client creation time
 	authStrategy, err := h.resolveAuthStrategy(target)