Add initial MCP usage guides

Signed-off-by: Dan Barr <[email protected]>

Author: danbarr

docs/toolhive/guides-mcp/_template.mdx

@@ -0,0 +1,63 @@
+---
+title: SERVER_NAME MCP server guide
+sidebar_label: SERVER_NAME
+description: Using the SERVER_NAME MCP server with ToolHive for PURPOSE.
+last_update:
+  author: YOUR_GITHUB_USERNAME
+  date: YYYY-MM-DD
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+## Overview
+
+A brief overview of the MCP server, its purpose, and key features. Link to the
+official documentation.
+
+## Metadata
+
+<MCPMetadata name='SERVER_NAME' />
+
+## Usage
+
+<Tabs groupId='mode' queryString='mode'>
+<TabItem value='ui' label='UI' default>
+
+UI instructions go here. Only include a screenshot if it adds value, such as
+showing a unique configuration option or feature.
+
+</TabItem>
+<TabItem value='cli' label='CLI'>
+
+CLI instructions go here, with multiple usage examples specific to the MCP
+server.
+
+```bash
+thv run ...
+```
+
+If appropriate, include guidance for using network isolation and/or a custom
+permission profile.
+
+</TabItem>
+<TabItem value='k8s' label='Kubernetes'>
+
+Kubernetes manifest and instructions go here
+
+```yaml title="SERVER_NAME.yaml"
+apiVersion: toolhive.stacklok.dev/v1alpha1
+kind: MCPServer
+```
+
+</TabItem>
+</Tabs>
+
+## Sample prompts
+
+Provide sample prompts that users can use to interact with the MCP server.
+
+## Recommended practices
+
+- Include some recommended practices for using the MCP server safely and
+  effectively

docs/toolhive/guides-mcp/context7.mdx

@@ -0,0 +1,180 @@
+---
+title: Context7 MCP server guide
+sidebar_label: Context7
+description:
+  Using the Context7 MCP server with ToolHive for up-to-date documentation.
+last_update:
+  author: danbarr
+  date: 2025-08-27
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+## Overview
+
+The [Context7 MCP server](https://github.com/upstash/context7) provides
+up-to-date, version-specific documentation and code examples straight from the
+source for any library or framework. Instead of relying on outdated training
+data, Context7 fetches current documentation and API references directly into
+your LLM's context, ensuring you get working code examples and accurate
+information.
+
+Context7 eliminates common issues like hallucinated APIs that don't exist,
+outdated code patterns, and generic answers based on old package versions. It
+supports thousands of popular libraries including Next.js, React, MongoDB,
+Supabase, and many more.
+
+Learn more at [context7.com](https://context7.com) and view the
+[project documentation](https://github.com/upstash/context7) for additional
+details.
+
+## Metadata
+
+<MCPMetadata name='context7' />
+
+## Usage
+
+While Context7 works without an API key, registering at
+[context7.com/dashboard](https://context7.com/dashboard) provides:
+
+- Higher rate limits
+- Priority access during peak usage
+- Better performance for frequent queries
+
+:::note
+
+Currently, the Context7 MCP server only supports a CLI argument for the API key.
+This means ToolHive's secrets management cannot be used to inject the key.
+Instead, you must pass the API key directly as a command-line argument when
+starting the server.
+
+:::
+
+<Tabs groupId='mode' queryString='mode'>
+<TabItem value='ui' label='UI' default>
+
+Select the `context7` MCP server in the ToolHive registry. The server works
+without authentication for basic usage, but you can add an API key for higher
+rate limits.
+
+In the **Command arguments** section, optionally add `--api-key YOUR_API_KEY` if
+you have a Context7 API key. This provides higher rate limits and priority
+access.
+
+:::tip[Security tip]
+
+Enable outbound network filtering on the **Network Isolation** tab to restrict
+the server's network access using the default profile contained in the registry.
+
+:::
+
+</TabItem>
+<TabItem value='cli' label='CLI'>
+
+Run with the default configuration (no API key required for basic usage):
+
+```bash
+thv run context7
+```
+
+If you have a Context7 API key for higher rate limits, pass it as an argument:
+
+```bash
+thv run context7 -- --api-key <YOUR_API_KEY>
+```
+
+Enable [network isolation](../guides-cli/network-isolation.mdx) using the
+default profile from the registry to restrict the server's network access:
+
+```bash
+thv run --isolate-network context7
+```
+
+Combine API key with network isolation:
+
+```bash
+thv run --isolate-network context7 -- --api-key <YOUR_API_KEY>
+```
+
+</TabItem>
+<TabItem value='k8s' label='Kubernetes'>
+
+For basic usage without authentication:
+
+```yaml title="context7.yaml"
+apiVersion: toolhive.stacklok.dev/v1alpha1
+kind: MCPServer
+metadata:
+  name: context7
+  namespace: toolhive-system
+spec:
+  image: ghcr.io/stacklok/dockyard/npx/context7:1.0.14
+  transport: stdio
+  port: 8080
+  permissionProfile:
+    type: builtin
+    name: network
+```
+
+Apply the manifest to your cluster:
+
+```bash
+kubectl apply -f context7.yaml
+```
+
+For higher rate limits, add your API key as a command-line argument:
+
+```yaml {8} title="context7-with-auth.yaml"
+apiVersion: toolhive.stacklok.dev/v1alpha1
+kind: MCPServer
+metadata:
+  name: context7
+  namespace: toolhive-system
+spec:
+  image: ghcr.io/stacklok/dockyard/npx/context7:1.0.14
+  args:
+    - '--api-key'
+    - 'YOUR_API_KEY'
+  transport: stdio
+  port: 8080
+  permissionProfile:
+    type: builtin
+    name: network
+```
+
+</TabItem>
+</Tabs>
+
+## Sample prompts
+
+Here are practical prompts you can use with the Context7 MCP server:
+
+- "Create a Next.js middleware that checks for a valid JWT in cookies and
+  redirects unauthenticated users to `/login`. Use context7"
+- "Show me how to set up MongoDB connection pooling with the latest MongoDB
+  Node.js driver. Use context7"
+- "Configure a Supabase client with TypeScript types for a user authentication
+  system. Use context7"
+- "Create a React component using the latest Tailwind CSS utility classes for a
+  responsive navigation bar. Use context7"
+- "Show me how to implement server-side rendering with the current version of
+  Nuxt.js. Use context7"
+- "Configure Redis caching with the Upstash Redis SDK for serverless functions.
+  Use context7"
+
+## Recommended practices
+
+- Add `use context7` to your prompts to automatically fetch up-to-date
+  documentation for the libraries you're working with.
+- When you know the exact library, you can specify it directly using the
+  Context7 ID format: `use library /supabase/supabase for api and docs`
+- Consider setting up a rule in your MCP client to automatically invoke Context7
+  for code-related queries, eliminating the need to manually add `use context7`
+  to each prompt.
+- Use the `topic` parameter when requesting documentation to focus on specific
+  areas like "routing", "authentication", or "deployment".
+- Register for an API key at
+  [context7.com/dashboard](https://context7.com/dashboard) if you plan to make
+  frequent requests or need higher rate limits.
+- Enable network isolation to restrict the server's outbound access.

docs/toolhive/guides-mcp/fetch.mdx

@@ -0,0 +1,117 @@
+---
+title: Fetch MCP server guide
+sidebar_label: Fetch
+description: Using the Fetch MCP server with ToolHive to retrieve website data.
+last_update:
+  author: danbarr
+  date: 2025-08-15
+---
+
+import Tabs from '@theme/Tabs';
+import TabItem from '@theme/TabItem';
+
+## Overview
+
+A simple, lightweight MCP server that retrieves data from a website to add
+real-time context to an AI agent workflow.
+
+[GoFetch](https://github.com/StacklokLabs/gofetch) is a Go implementation of the
+original
+[Fetch MCP server](https://github.com/modelcontextprotocol/servers/tree/main/src/fetch)
+with improved performance and security, built by Stacklok.
+
+## Metadata
+
+<MCPMetadata name='fetch' />
+
+## Usage
+
+<Tabs groupId='mode' queryString='mode'>
+<TabItem value='ui' label='UI' default>
+
+Select the `fetch` MCP server in the ToolHive registry. No additional
+configuration is required to run it.
+
+By default, it can access any website. To restrict its network access,
+[enable **network isolation**](../guides-ui/network-isolation.mdx) and enter the
+allowed hosts and ports.
+
+</TabItem>
+<TabItem value='cli' label='CLI'>
+
+Run with the default configuration:
+
+```bash
+thv run fetch
+```
+
+To control which website resources the server can access, create a custom
+permission profile:
+
+```json title="fetch-profile.json"
+{
+  "network": {
+    "outbound": {
+      "insecure_allow_all": false,
+      "allow_host": [
+        "host.docker.internal",
+        "intranet.example.com",
+        ".googleapis.com"
+      ],
+      "allow_port": [443]
+    }
+  }
+}
+```
+
+Then run the server with the profile and
+[enable network isolation](../guides-cli/network-isolation.mdx):
+
+```bash
+thv run --isolate-network --permission-profile fetch-profile.json fetch
+```
+
+</TabItem>
+<TabItem value='k8s' label='Kubernetes'>
+
+Create a Kubernetes manifest to deploy the Fetch MCP server:
+
+```yaml title="fetch.yaml"
+apiVersion: toolhive.stacklok.dev/v1alpha1
+kind: MCPServer
+metadata:
+  name: fetch
+  namespace: toolhive-system
+spec:
+  image: ghcr.io/stackloklabs/gofetch/server:0.0.5
+  transport: streamable-http
+  targetPort: 8080
+  port: 8080
+  permissionProfile:
+    type: builtin
+    name: network
+```
+
+Apply the manifest to your Kubernetes cluster:
+
+```bash
+kubectl apply -f fetch.yaml
+```
+
+</TabItem>
+</Tabs>
+
+## Sample prompts
+
+Here are some sample prompts you can use to interact with the Fetch MCP server:
+
+- "Fetch the latest news from `https://news.ycombinator.com`"
+- "Get the current weather for `https://weather.com`"
+- "Retrieve the latest blog posts from `https://example.com/blog`"
+
+## Recommended practices
+
+- Use network isolation to restrict the server's outbound network access to the
+  specific hosts and ports required for your use case.
+- Enable [telemetry](../guides-cli/telemetry-and-metrics.md) to monitor tool
+  usage including URL access for security and auditing purposes.