Skip to content

Refresh MCP guides after PR #1001 image bumps#1003

Open
danbarr wants to merge 2 commits into
mainfrom
verify-mcp-guide-image-bumps
Open

Refresh MCP guides after PR #1001 image bumps#1003
danbarr wants to merge 2 commits into
mainfrom
verify-mcp-guide-image-bumps

Conversation

@danbarr

@danbarr danbarr commented Jul 1, 2026

Copy link
Copy Markdown
Collaborator

Description

Validated the six guides touched by PR #1001's Docker image version bumps against real thv CLI runs and a live ToolHive operator deployment, plus two more guides (filesystem, osv) that shared the same stale patterns.

Fixes found along the way:

  • Removed GITHUB_DYNAMIC_TOOLSETS from github.mdx; the feature was removed upstream in github-mcp-server v1.5.0.
  • Removed --save-trace from playwright.mdx; it's not a real flag on the Playwright MCP server.
  • Added the missing --allow-docker-gateway flag to the host.docker.internal example in fetch.mdx.
  • Updated network isolation framing across context7, fetch, filesystem, github, grafana, k8s, and osv guides now that thv run isolates network access by default; dropped the now-redundant --isolate-network flag from examples.
  • Reworked playwright.mdx to use PLAYWRIGHT_MCP_* environment variables instead of raw CLI args, swapped the origin-filtering example for session persistence (CLI) and Kubernetes backend scale-out with Redis session storage, and corrected the security framing around --allowed-origins/--blocked-origins (not a security boundary, per upstream docs).

Type of change

  • Documentation update
  • Bug fix (typo, broken link, etc.)

Related issues/PRs

Follow-up validation of #1001.

Screenshots

N/A - no visual or sidebar changes.

Submitter checklist

Content and formatting

  • I have reviewed the content for technical accuracy
  • I have reviewed the content for spelling, grammar, and style

Reviewer checklist

Content

  • I have reviewed the content for technical accuracy
  • I have reviewed the content for spelling, grammar, and style

Validated the six guides touched by the Docker image version bumps
against real thv CLI runs and the toolhive operator, plus two more
guides that shared the same stale patterns. Fixes found along the way:

- Remove GITHUB_DYNAMIC_TOOLSETS, removed upstream in github-mcp-server
  v1.5.0
- Remove --save-trace from playwright.mdx, not a real flag
- Add missing --allow-docker-gateway flag for the host.docker.internal
  example in fetch.mdx
- Update network isolation framing across context7, fetch, filesystem,
  github, grafana, k8s, and osv guides now that thv run isolates by
  default; drop now-redundant --isolate-network from examples
- Rework playwright.mdx to use PLAYWRIGHT_MCP_* environment variables
  instead of raw CLI args, swap the origin-filtering example for
  session persistence and Kubernetes backend scale-out, and correct
  the security framing around --allowed-origins
Copilot AI review requested due to automatic review settings July 1, 2026 17:03
@vercel

vercel Bot commented Jul 1, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs-website Ready Ready Preview, Comment Jul 1, 2026 5:15pm

Request Review

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the ToolHive MCP server usage guides to align with recent image/version bumps (PR #1001) and current ToolHive runtime behavior, especially around default network isolation and server-specific configuration flags.

Changes:

  • Refreshes multiple MCP guides to reflect that thv run enables network isolation by default, removing redundant --isolate-network usage and clarifying when a custom permission profile is still needed.
  • Removes/updates stale server configuration patterns (for example, dropped Playwright’s non-existent flags and moved Playwright configuration examples to PLAYWRIGHT_MCP_* env vars).
  • Expands the Playwright guide with updated Kubernetes examples, including horizontal backend scaling and Redis session storage references.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
docs/toolhive/guides-mcp/playwright.mdx Reworks configuration guidance and examples to use PLAYWRIGHT_MCP_* env vars; adds scaled Kubernetes example with Redis session storage.
docs/toolhive/guides-mcp/osv.mdx Updates network isolation guidance to reflect default isolation and the registry’s least-privilege profile.
docs/toolhive/guides-mcp/k8s.mdx Clarifies default isolation behavior and updates the example to use a custom permission profile without --isolate-network.
docs/toolhive/guides-mcp/grafana.mdx Same as k8s: clarifies default isolation and updates the permission profile flow.
docs/toolhive/guides-mcp/github.mdx Removes stale dynamic toolsets guidance and updates default network isolation explanation.
docs/toolhive/guides-mcp/filesystem.mdx Updates guidance to reflect that the filesystem server needs no network access and isolation is already applied by default.
docs/toolhive/guides-mcp/fetch.mdx Clarifies default network isolation behavior and documents --allow-docker-gateway for host.docker.internal access.
docs/toolhive/guides-mcp/context7.mdx Updates network isolation guidance to reflect default isolation and the registry’s least-privilege profile.

Comment thread docs/toolhive/guides-mcp/github.mdx Outdated
Comment thread docs/toolhive/guides-mcp/github.mdx Outdated
ToolHive permission profiles use a leading-dot prefix for subdomain
matching (.github.com) and don't support asterisk wildcards. Using
*.github.com in prose risked readers copying invalid syntax into a
real permission profile.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants