Refresh MCP guides after PR #1001 image bumps#1003
Open
danbarr wants to merge 2 commits into
Open
Conversation
Validated the six guides touched by the Docker image version bumps against real thv CLI runs and the toolhive operator, plus two more guides that shared the same stale patterns. Fixes found along the way: - Remove GITHUB_DYNAMIC_TOOLSETS, removed upstream in github-mcp-server v1.5.0 - Remove --save-trace from playwright.mdx, not a real flag - Add missing --allow-docker-gateway flag for the host.docker.internal example in fetch.mdx - Update network isolation framing across context7, fetch, filesystem, github, grafana, k8s, and osv guides now that thv run isolates by default; drop now-redundant --isolate-network from examples - Rework playwright.mdx to use PLAYWRIGHT_MCP_* environment variables instead of raw CLI args, swap the origin-filtering example for session persistence and Kubernetes backend scale-out, and correct the security framing around --allowed-origins
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
There was a problem hiding this comment.
Pull request overview
Updates the ToolHive MCP server usage guides to align with recent image/version bumps (PR #1001) and current ToolHive runtime behavior, especially around default network isolation and server-specific configuration flags.
Changes:
- Refreshes multiple MCP guides to reflect that
thv runenables network isolation by default, removing redundant--isolate-networkusage and clarifying when a custom permission profile is still needed. - Removes/updates stale server configuration patterns (for example, dropped Playwright’s non-existent flags and moved Playwright configuration examples to
PLAYWRIGHT_MCP_*env vars). - Expands the Playwright guide with updated Kubernetes examples, including horizontal backend scaling and Redis session storage references.
Reviewed changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| docs/toolhive/guides-mcp/playwright.mdx | Reworks configuration guidance and examples to use PLAYWRIGHT_MCP_* env vars; adds scaled Kubernetes example with Redis session storage. |
| docs/toolhive/guides-mcp/osv.mdx | Updates network isolation guidance to reflect default isolation and the registry’s least-privilege profile. |
| docs/toolhive/guides-mcp/k8s.mdx | Clarifies default isolation behavior and updates the example to use a custom permission profile without --isolate-network. |
| docs/toolhive/guides-mcp/grafana.mdx | Same as k8s: clarifies default isolation and updates the permission profile flow. |
| docs/toolhive/guides-mcp/github.mdx | Removes stale dynamic toolsets guidance and updates default network isolation explanation. |
| docs/toolhive/guides-mcp/filesystem.mdx | Updates guidance to reflect that the filesystem server needs no network access and isolation is already applied by default. |
| docs/toolhive/guides-mcp/fetch.mdx | Clarifies default network isolation behavior and documents --allow-docker-gateway for host.docker.internal access. |
| docs/toolhive/guides-mcp/context7.mdx | Updates network isolation guidance to reflect default isolation and the registry’s least-privilege profile. |
ToolHive permission profiles use a leading-dot prefix for subdomain matching (.github.com) and don't support asterisk wildcards. Using *.github.com in prose risked readers copying invalid syntax into a real permission profile.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Validated the six guides touched by PR #1001's Docker image version bumps against real
thvCLI runs and a live ToolHive operator deployment, plus two more guides (filesystem, osv) that shared the same stale patterns.Fixes found along the way:
GITHUB_DYNAMIC_TOOLSETSfrom github.mdx; the feature was removed upstream in github-mcp-server v1.5.0.--save-tracefrom playwright.mdx; it's not a real flag on the Playwright MCP server.--allow-docker-gatewayflag to thehost.docker.internalexample in fetch.mdx.thv runisolates network access by default; dropped the now-redundant--isolate-networkflag from examples.PLAYWRIGHT_MCP_*environment variables instead of raw CLI args, swapped the origin-filtering example for session persistence (CLI) and Kubernetes backend scale-out with Redis session storage, and corrected the security framing around--allowed-origins/--blocked-origins(not a security boundary, per upstream docs).Type of change
Related issues/PRs
Follow-up validation of #1001.
Screenshots
N/A - no visual or sidebar changes.
Submitter checklist
Content and formatting
Reviewer checklist
Content