stacklok · danbarr · Sep 3, 2025 · Sep 2, 2025
diff --git a/docs/toolhive/reference/cli/thv_client_register.md b/docs/toolhive/reference/cli/thv_client_register.md
@@ -26,6 +26,7 @@ Valid clients:
   - claude-code: Claude Code CLI
   - cline: Cline extension for VS Code
   - cursor: Cursor editor
+  - lm-studio: LM Studio application
   - roo-code: Roo Code extension for VS Code
   - vscode: Visual Studio Code
   - vscode-insider: Visual Studio Code Insiders edition

diff --git a/docs/toolhive/reference/cli/thv_client_remove.md b/docs/toolhive/reference/cli/thv_client_remove.md
@@ -26,6 +26,7 @@ Valid clients:
   - claude-code: Claude Code CLI
   - cline: Cline extension for VS Code
   - cursor: Cursor editor
+  - lm-studio: LM Studio application
   - roo-code: Roo Code extension for VS Code
   - vscode: Visual Studio Code
   - vscode-insider: Visual Studio Code Insiders edition

diff --git a/docs/toolhive/reference/cli/thv_proxy.md b/docs/toolhive/reference/cli/thv_proxy.md
@@ -24,6 +24,7 @@ This command starts a standalone proxy without creating a workload, providing:
 - Automatic authentication detection via WWW-Authenticate headers
 - OIDC-based access control for incoming proxy requests
 - Secure credential handling via files or environment variables
+- Dynamic client registration (RFC 7591) for automatic OAuth client setup
 
 #### Authentication modes
 
@@ -42,6 +43,15 @@ OAuth client secrets can be provided via (in order of precedence):
 2. --remote-auth-client-secret-file flag (secure file-based approach)
 3. TOOLHIVE_REMOTE_OAUTH_CLIENT_SECRET environment variable
 
+#### Dynamic client registration
+
+When no client credentials are provided, the proxy automatically registers an OAuth client
+with the authorization server using RFC 7591 dynamic client registration:
+
+- No need to pre-configure client ID and secret
+- Automatically discovers registration endpoint via OIDC
+- Supports PKCE flow for enhanced security
+
 #### Examples
 
 Basic transparent proxy:
@@ -75,6 +85,11 @@ Auto-detect authentication requirements:
 	thv proxy my-server --target-uri https://protected-api.com \
 	  --remote-auth-client-id my-client-id
 
+Dynamic client registration (automatic OAuth client setup):
+
+	thv proxy my-server --target-uri https://protected-api.com \
+	  --remote-auth --remote-auth-issuer https://auth.example.com
+
 ```
 thv proxy [flags] SERVER_NAME
 ```

diff --git a/docs/toolhive/reference/cli/thv_run.md b/docs/toolhive/reference/cli/thv_run.md
@@ -58,6 +58,15 @@ ToolHive supports five ways to run an MCP server:
    This allows remote MCP servers to be managed like local workloads with full
    support for client configuration, tool filtering, import/export, etc.
 
+#### Dynamic client registration
+
+When no client credentials are provided, ToolHive automatically registers an OAuth client
+with the authorization server using RFC 7591 dynamic client registration:
+
+- No need to pre-configure client ID and secret
+- Automatically discovers registration endpoint via OIDC
+- Supports PKCE flow for enhanced security
+
 The container will be started with the specified transport mode and
 permission profile. Additional configuration can be provided via flags.
 

diff --git a/static/api-specs/toolhive-api.yaml b/static/api-specs/toolhive-api.yaml
@@ -123,6 +123,7 @@ components:
       - AmpCursor
       - AmpVSCodeInsider
       - AmpWindsurf
+      - LMStudio
     client.MCPClientStatus:
       properties:
         client_type:
@@ -142,6 +143,7 @@ components:
           - AmpCursor
           - AmpVSCodeInsider
           - AmpWindsurf
+          - LMStudio
         installed:
           description: Installed indicates whether the client is installed on the
             system
@@ -634,8 +636,6 @@ components:
           type: string
         clientSecretFile:
           type: string
-        enableRemoteAuth:
-          type: boolean
         envVars:
           description: Environment variables for the client
           items:
@@ -967,6 +967,7 @@ components:
             - AmpCursor
             - AmpVSCodeInsider
             - AmpWindsurf
+            - LMStudio
           type: array
           uniqueItems: false
       type: object
@@ -1015,6 +1016,7 @@ components:
           - AmpCursor
           - AmpVSCodeInsider
           - AmpWindsurf
+          - LMStudio
       type: object
     v1.createClientResponse:
       properties:
@@ -1041,6 +1043,7 @@ components:
           - AmpCursor
           - AmpVSCodeInsider
           - AmpWindsurf
+          - LMStudio
       type: object
     v1.createGroupRequest:
       properties:
@@ -1071,6 +1074,9 @@ components:
             type: string
           description: Environment variables to set in the container
           type: object
+        group:
+          description: Group name this workload belongs to
+          type: string
         host:
           description: Host to bind to
           type: string
@@ -1355,6 +1361,9 @@ components:
             type: string
           description: Environment variables to set in the container
           type: object
+        group:
+          description: Group name this workload belongs to
+          type: string
         host:
           description: Host to bind to
           type: string