docs: add .thvignore documentation for hiding sensitive files #161
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Contributor
There was a problem hiding this comment.
Pull Request Overview
This PR adds comprehensive documentation for the .thvignore feature, which allows users to hide sensitive files from MCP containers while maintaining bind mounts for development. The feature helps prevent secrets like environment variables, SSH keys, and cloud credentials from being exposed to containerized MCP servers.
Key changes:
- Added complete
.thvignoredocumentation covering usage, patterns, and troubleshooting - Updated existing MCP server documentation to reference the new security feature
- Integrated the new page into the documentation sidebar under the Security section
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
docs/toolhive/guides-cli/thvignore.md |
New comprehensive documentation page explaining .thvignore functionality, usage patterns, and troubleshooting |
docs/toolhive/guides-cli/run-mcp-servers.mdx |
Added reference to .thvignore documentation in the file system access section |
sidebars.ts |
Added the new .thvignore page to the Security section of the documentation sidebar |
danbarr
requested changes
Sep 8, 2025
- Add new documentation page explaining .thvignore functionality - Document how to prevent secrets from leaking into MCP containers - Include examples for creating and using .thvignore files - Add reference to .thvignore in run-mcp-servers guide - Update sidebar to include new .thvignore page under Security section
- Fix global config path to be cross-platform compatible (Linux/macOS/Windows) - Remove redundant Requirements section - Change section heading to 'Create an ignore file' - Update file creation description to be more specific - Replace 'fetch' with 'filesystem' in command examples (better example) - Update troubleshooting section to use collapsible details format - Convert recommendation text to use tip admonition format - Improve global patterns description text - Add clarification about pattern matching limitations (no full glob syntax)
JAORMX
force-pushed
the
add-thvignore-docs
branch
from
df26d9d to
ac67329
Compare
JAORMX
commented
Sep 9, 2025
Contributor
Author
JAORMX
left a comment
JAORMX
left a comment
There was a problem hiding this comment.
Thanks for the feedback @danbarr! I've addressed all your comments:
- Fixed the global config paths to be cross-platform (Linux/macOS/Windows)
- Removed the Requirements section since it was redundant
- Changed the heading and made the file creation description more specific
- Switched from
fetchtofilesystemin the examples - much better since it actually uses the mounts - Updated troubleshooting to use collapsible details
- Converted the recommendation to a tip admonition
- Clarified that we don't support full gitignore glob syntax like
**/*.env
Should be good to go now.
danbarr
approved these changes
Sep 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds comprehensive documentation for the
.thvignorefeature in ToolHive, which allows users to prevent sensitive files from being exposed when mounting directories to MCP containers.Closes #109
Changes
✨ Added new documentation page
/docs/toolhive/guides-cli/thvignore.mdexplaining:.thvignoreworks with tmpfs and bind mount overlays.thvignorefiles.env, SSH keys, cloud credentials)📝 Updated
/docs/toolhive/guides-cli/run-mcp-servers.mdxto reference the new.thvignoredocumentation in the file system access section📚 Updated
sidebars.tsto include the new.thvignorepage under the Security sectionContext
The
.thvignoremechanism is an important security feature that helps developers:.env, SSH keys, and cloud credentials secureThis feature was added in ToolHive v0.2.1 (see stacklok/toolhive#1137).
Testing