Skip to content

fix(vmcp): vmcp creates authz middleware #3474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jerm-dro merged 3 commits into from
Jan 28, 2026
Merged

fix(vmcp): vmcp creates authz middleware #3474

jerm-dro merged 3 commits into from
Jan 28, 2026
+403 −2

Conversation

@jerm-dro
Copy link
Contributor

@jerm-dro jerm-dro commented Jan 28, 2026

Summary

Authz configuration is currently in the vMCP server's spec: https://github.com/stacklok/toolhive/blob/jerm/2026-01-27-fix-authz-dropped/pkg/vmcp/config/config.go#L180

However, this config is ignored and not applied resulting in cedar policies not being enforced.

This PR updates NewIncomingAuthMiddleware so it correctly enforces the cedar policies.

Testing

The newly added regression tests failed without this fix:

Screenshot 2026-01-27 at 4 32 56 PM

The tests now pass.

@jerm-dro
-m
f130ed1 
Signed-off-by: Jeremy Drouillard <jeremy@stacklok.com>
@github-actions github-actions bot added the size/S Small PR: 100-299 lines changed label Jan 28, 2026
@github-actions github-actions bot added size/S Small PR: 100-299 lines changed and removed size/S Small PR: 100-299 lines changed labels Jan 28, 2026
@codecov
Copy link

codecov bot commented Jan 28, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 71.42857% with 8 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.96%. Comparing base (2acfcfc) to head (be97cd7).
⚠️ Report is 16 commits behind head on main.

Files with missing lines Patch % Lines
pkg/vmcp/auth/factory/incoming.go 71.42% 4 Missing and 4 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #3474      +/-   ##
==========================================
+ Coverage   64.95%   64.96%   +0.01%     
==========================================
  Files         396      396              
  Lines       38492    38540      +48     
==========================================
+ Hits        25001    25037      +36     
- Misses      11542    11552      +10     
- Partials     1949     1951       +2

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@jerm-dro
bolster tests
be97cd7 
Signed-off-by: Jeremy Drouillard <jeremy@stacklok.com>
@github-actions github-actions bot added size/M Medium PR: 300-599 lines changed and removed size/S Small PR: 100-299 lines changed labels Jan 28, 2026
@jerm-dro jerm-dro merged commit e00d514 into main Jan 28, 2026
35 checks passed
@jerm-dro jerm-dro deleted the jerm/2026-01-27-fix-authz-dropped branch January 28, 2026 15:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yrobla yrobla yrobla approved these changes

@jhrozek jhrozek Awaiting requested review from jhrozek jhrozek is a code owner

@amirejaz amirejaz Awaiting requested review from amirejaz amirejaz is a code owner

Assignees

No one assigned

Labels

size/M Medium PR: 300-599 lines changed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jerm-dro @yrobla