Merge branch 'main' into dev_363_js

Author: rakdutta

.darglint

@@ -1,2 +1,2 @@
 [darglint]
-docstring_style=google
+ignore=DAR402

.github/workflows/pytest.yml

@@ -70,7 +70,7 @@ jobs:
           pip install pytest pytest-cov pytest-asyncio coverage[toml]
 
       # -----------------------------------------------------------
-      # 3️⃣  Run the tests with coverage
+      # 3️⃣  Run the tests with coverage (fail under 80% coverage)
       # -----------------------------------------------------------
       - name: 🧪  Run pytest
         run: |
@@ -80,14 +80,20 @@ jobs:
             --cov-report=html \
             --cov-report=term \
             --cov-branch \
-            --cov-fail-under=40
+            --cov-fail-under=80
 
       # -----------------------------------------------------------
-      # 4️⃣  Run doctests
+      # 4️⃣  Run doctests (fail under 55% coverage)
       # -----------------------------------------------------------
-      - name: 🧪  Run doctests
+      - name: 📊  Doctest coverage with threshold
         run: |
-          pytest --doctest-modules mcpgateway/ --tb=short
+          # Run doctests with coverage measurement
+          pytest --doctest-modules mcpgateway/ \
+            --cov=mcpgateway \
+            --cov-report=term \
+            --cov-report=json:doctest-coverage.json \
+            --cov-fail-under=55 \
+            --tb=short
 
       # -----------------------------------------------------------
       # 5️⃣  Doctest coverage check

.pre-commit-config.yaml

@@ -515,13 +515,13 @@ repos:
   # -----------------------------------------------------------------------------
   # 🧪 DOCTEST VALIDATION
   # -----------------------------------------------------------------------------
-  - repo: local
-    hooks:
-      - id: doctest
-        name: 🧪 Doctest - Validate Documentation Examples
-        description: Runs doctest on all Python modules to ensure documentation examples work.
-        entry: python3 -m pytest --doctest-modules mcpgateway/ --tb=short
-        language: system
-        pass_filenames: false
-        always_run: true
-        types: [python]
+  # - repo: local
+  #   hooks:
+  #     - id: doctest
+  #       name: 🧪 Doctest - Validate Documentation Examples
+  #       description: Runs doctest on all Python modules to ensure documentation examples work.
+  #       entry: python3 -m pytest --doctest-modules mcpgateway/ --tb=short
+  #       language: system
+  #       pass_filenames: false
+  #       always_run: true
+  #       types: [python]

Makefile

@@ -38,7 +38,7 @@ FILES_TO_CLEAN := .coverage coverage.xml mcp.prof mcp.pstats \
                   $(DOCS_DIR)/docs/test/sbom.md \
                   $(DOCS_DIR)/docs/test/{unittest,full,index,test}.md \
 				  $(DOCS_DIR)/docs/images/coverage.svg $(LICENSES_MD) $(METRICS_MD) \
-                  *.db *.sqlite *.sqlite3 mcp.db-journal
+                  *.db *.sqlite *.sqlite3 mcp.db-journal *.py,cover
 
 COVERAGE_DIR ?= $(DOCS_DIR)/docs/coverage
 LICENSES_MD  ?= $(DOCS_DIR)/docs/test/licenses.md
@@ -111,7 +111,7 @@ venv:
 
 .PHONY: activate
 activate:
-	@echo "💡  Enter the venv using:\n. $(VENV_DIR)/bin/activate\n"
+	@echo -e "💡  Enter the venv using:\n. $(VENV_DIR)/bin/activate\n"
 
 .PHONY: install
 install: venv
@@ -193,6 +193,8 @@ clean:
 	@rm -f $(FILES_TO_CLEAN)
 	@# Delete Python bytecode
 	@find . -name '*.py[cod]' -delete
+	@# Delete coverage annotated files
+	@find . -name '*.py,cover' -delete
 	@echo "✅  Clean complete."
 
 
@@ -202,7 +204,7 @@ clean:
 # help: 🧪 TESTING
 # help: smoketest            - Run smoketest.py --verbose (build container, add MCP server, test endpoints)
 # help: test                 - Run unit tests with pytest
-# help: coverage             - Run tests with coverage, emit md/HTML/XML + badge
+# help: coverage             - Run tests with coverage, emit md/HTML/XML + badge, generate annotated files
 # help: htmlcov              - (re)build just the HTML coverage report into docs
 # help: test-curl            - Smoke-test API endpoints with curl script
 # help: pytest-examples      - Run README / examples through pytest-examples
@@ -243,7 +245,9 @@ coverage:
 	@/bin/bash -c "source $(VENV_DIR)/bin/activate && coverage html -d $(COVERAGE_DIR) --include=app/*"
 	@/bin/bash -c "source $(VENV_DIR)/bin/activate && coverage xml"
 	@/bin/bash -c "source $(VENV_DIR)/bin/activate && coverage-badge -fo $(DOCS_DIR)/docs/images/coverage.svg"
-	@echo "✅  Coverage artefacts: md, HTML in $(COVERAGE_DIR), XML & badge ✔"
+	@echo "🔍  Generating annotated coverage files..."
+	@/bin/bash -c "source $(VENV_DIR)/bin/activate && coverage annotate -d ."
+	@echo "✅  Coverage artefacts: md, HTML in $(COVERAGE_DIR), XML, badge & annotated files (.py,cover) ✔"
 
 htmlcov:
 	@echo "📊  Generating HTML coverage report..."
@@ -626,12 +630,12 @@ vulture:                            ## 🧹  Dead code detection
 # help: grype-install        - Install Grype
 # help: grype-scan           - Scan all files using grype
 # help: grype-sarif          - Generate SARIF report
-# help: security-scan        - Run Trivy security-scan
+# help: security-scan        - Run Trivy and Grype security-scan
 .PHONY: grype-install grype-scan grype-sarif security-scan
 
 grype-install:
 	@echo "📥 Installing Grype CLI..."
-	@curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin
+	@curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sudo sh -s -- -b /usr/local/bin
 
 grype-scan:
 	@command -v grype >/dev/null 2>&1 || { \
@@ -642,7 +646,7 @@ grype-scan:
 		exit 1; \
 	}
 	@echo "🔍 Grype vulnerability scan..."
-	@grype $(IMG):latest --scope all-layers --only-fixed
+	@grype $(IMG) --scope all-layers
 
 grype-sarif:
 	@command -v grype >/dev/null 2>&1 || { \
@@ -653,7 +657,7 @@ grype-sarif:
 		exit 1; \
 	}
 	@echo "📄 Generating Grype SARIF report..."
-	@grype $(IMG):latest --scope all-layers --output sarif --file grype-results.sarif
+	@grype $(IMG) --scope all-layers --output sarif --file grype-results.sarif
 
 security-scan: trivy grype-scan
 	@echo "✅ Multi-engine security scan complete"
@@ -705,9 +709,10 @@ tomllint:                         ## 📑 TOML validation (tomlcheck)
 # =============================================================================
 # help: 🕸️  WEBPAGE LINTERS & STATIC ANALYSIS (HTML/CSS/JS lint + security scans + formatting)
 # help: install-web-linters  - Install HTMLHint, Stylelint, ESLint, Retire.js & Prettier via npm
-# help: lint-web             - Run HTMLHint, Stylelint, ESLint, Retire.js and npm audit
+# help: nodejsscan           - Run nodejsscan for JS security vulnerabilities
+# help: lint-web             - Run HTMLHint, Stylelint, ESLint, Retire.js, nodejsscan and npm audit
 # help: format-web           - Format HTML, CSS & JS files with Prettier
-.PHONY: install-web-linters lint-web format-web
+.PHONY: install-web-linters nodejsscan lint-web format-web
 
 install-web-linters:
 	@echo "🔧 Installing HTML/CSS/JS lint, security & formatting tools..."
@@ -722,7 +727,12 @@ install-web-linters:
 		retire \
 		prettier
 
-lint-web: install-web-linters
+nodejsscan:
+	@echo "🔒 Running nodejsscan for JavaScript security vulnerabilities..."
+	$(call ensure_pip_package,nodejsscan)
+	@$(VENV_DIR)/bin/nodejsscan --directory ./mcpgateway/static || true
+
+lint-web: install-web-linters nodejsscan
 	@echo "🔍 Linting HTML files..."
 	@npx htmlhint "mcpgateway/templates/**/*.html" || true
 	@echo "🔍 Linting CSS files..."
@@ -744,7 +754,6 @@ format-web: install-web-linters
 	                 "mcpgateway/static/**/*.css" \
 	                 "mcpgateway/static/**/*.js"
 
-
 ################################################################################
 # 🛡️  OSV-SCANNER  ▸  vulnerabilities scanner
 ################################################################################
@@ -926,7 +935,7 @@ trivy:
 
 # help: dockle               - Lint the built container image via tarball (no daemon/socket needed)
 .PHONY: dockle
-DOCKLE_IMAGE ?= $(IMG):latest         # mcpgateway/mcpgateway:latest from your build
+DOCKLE_IMAGE ?= $(IMG)         # mcpgateway/mcpgateway:latest
 dockle:
 	@echo "🔎  dockle scan (tar mode) on $(DOCKLE_IMAGE)..."
 	@command -v dockle >/dev/null 2>&1 || { \
@@ -944,7 +953,7 @@ dockle:
 	echo "📦  Saving image to $$TARBALL..." ; \
 	"$$CONTAINER_CLI" save $(DOCKLE_IMAGE) -o "$$TARBALL" || { rm -f "$$TARBALL"; exit 1; }; \
 	echo "🧪  Running Dockle..." ; \
-	dockle --no-color --exit-code 1 --exit-level warn --input "$$TARBALL" ; \
+	dockle -af settings.py --no-color --exit-code 1 --exit-level warn --input "$$TARBALL" ; \
 	rm -f "$$TARBALL"
 
 # help: hadolint             - Lint Containerfile/Dockerfile(s) with hadolint
@@ -1530,7 +1539,7 @@ docker:
 	@$(MAKE) container-build CONTAINER_RUNTIME=docker CONTAINER_FILE=Containerfile
 
 docker-prod:
-	@$(MAKE) container-build CONTAINER_RUNTIME=docker CONTAINER_FILE=Containerfile.lite
+	@DOCKER_CONTENT_TRUST=1 $(MAKE) container-build CONTAINER_RUNTIME=docker CONTAINER_FILE=Containerfile.lite
 
 docker-build:
 	@$(MAKE) container-build CONTAINER_RUNTIME=docker

README.md

@@ -118,9 +118,11 @@ ContextForge MCP Gateway is a feature-rich gateway, proxy and MCP Registry that
 
 ## 🚀 Overview & Goals
 
-**ContextForge MCP Gateway** is a production-grade gateway, registry, and proxy that sits in front of any [Model Context Protocol](https://modelcontextprotocol.io) (MCP) server or REST API-exposing a unified endpoint for all your AI clients.
+**ContextForge MCP Gateway** is a gateway, registry, and proxy that sits in front of any [Model Context Protocol](https://modelcontextprotocol.io) (MCP) server or REST API-exposing a unified endpoint for all your AI clients.
 
-It supports:
+**⚠️ Caution**: The current release (0.3.1) is considered alpha / early beta. It is not production-ready and should only be used for local development, testing, or experimentation. Features, APIs, and behaviors are subject to change without notice. **Do not** deploy in production environments without thorough security review, validation and additional security mechanisms.  Many of the features required for secure, large-scale, or multi-tenant production deployments are still on the [project roadmap](https://ibm.github.io/mcp-context-forge/architecture/roadmap/) - which is itself evolving.
+
+It currently supports:
 
 * Federation across multiple MCP and REST services
 * Virtualization of legacy APIs as MCP-compliant tools and servers
@@ -133,6 +135,8 @@ It supports:
 
 For a list of upcoming features, check out the [ContextForge MCP Gateway Roadmap](https://ibm.github.io/mcp-context-forge/architecture/roadmap/)
 
+**⚠️ Important**: MCP Gateway is not a standalone product - it is an open source component with **NO OFFICIAL SUPPORT** from IBM or its affiliates that can be integrated into your own solution architecture. If you choose to use it, you are responsible for evaluating its fit, securing the deployment, and managing its lifecycle. See [SECURITY.md](./SECURITY.md) for more details.
+
 ---
 
 <details>
@@ -848,6 +852,14 @@ make lint          # optional: run style checks (ruff, mypy, etc.)
 
 ### Containerised (self-signed TLS)
 
+## Container Runtime Support
+
+This project supports both Docker and Podman. The Makefile automatically detects
+which runtime is available and handles image naming differences.
+
+### Auto-detection
+```bash
+make container-build  # Uses podman if available, otherwise docker
 
 > You can use docker or podman, ex: