|
| 1 | +# CLAUDE.md |
| 2 | + |
| 3 | +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. |
| 4 | + |
| 5 | +## Project Overview |
| 6 | + |
| 7 | +ToolHive is a lightweight, secure manager for MCP (Model Context Protocol) servers written in Go. It provides three main components: |
| 8 | + |
| 9 | +- **CLI (`thv`)**: Main command-line interface for managing MCP servers locally |
| 10 | +- **Kubernetes Operator (`thv-operator`)**: Manages MCP servers in Kubernetes clusters |
| 11 | +- **Proxy Runner (`thv-proxyrunner`)**: Handles proxy functionality for MCP server communication |
| 12 | + |
| 13 | +The application acts as a thin client for Docker/Podman Unix socket API, providing container-based isolation for running MCP servers securely. |
| 14 | + |
| 15 | +## Build and Development Commands |
| 16 | + |
| 17 | +### Essential Commands |
| 18 | + |
| 19 | +```bash |
| 20 | +# Build the main binary |
| 21 | +task build |
| 22 | + |
| 23 | +# Install binary to GOPATH/bin |
| 24 | +task install |
| 25 | + |
| 26 | +# Run linting |
| 27 | +task lint |
| 28 | + |
| 29 | +# Fix linting issues automatically |
| 30 | +task lint-fix |
| 31 | + |
| 32 | +# Run unit tests (excluding e2e tests) |
| 33 | +task test |
| 34 | + |
| 35 | +# Run tests with coverage analysis |
| 36 | +task test-coverage |
| 37 | + |
| 38 | +# Run end-to-end tests |
| 39 | +task test-e2e |
| 40 | + |
| 41 | +# Run all tests (unit and e2e) |
| 42 | +task test-all |
| 43 | + |
| 44 | +# Generate OpenAPI/Swagger documentation |
| 45 | +task swagger-gen |
| 46 | + |
| 47 | +# Generate CLI documentation |
| 48 | +task docs |
| 49 | + |
| 50 | +# Build container images |
| 51 | +task build-image |
| 52 | +task build-egress-proxy |
| 53 | +task build-all-images |
| 54 | +``` |
| 55 | + |
| 56 | +### Running Tests |
| 57 | + |
| 58 | +- Unit tests: `task test` |
| 59 | +- E2E tests: `task test-e2e` (requires build first) |
| 60 | +- All tests: `task test-all` |
| 61 | +- With coverage: `task test-coverage` |
| 62 | + |
| 63 | +The test framework uses Ginkgo and Gomega for BDD-style testing. |
| 64 | + |
| 65 | +## Architecture Overview |
| 66 | + |
| 67 | +### Core Components |
| 68 | + |
| 69 | +1. **CLI Application (`cmd/thv/`)** |
| 70 | + - Main entry point in `main.go` |
| 71 | + - Command definitions in `app/` directory |
| 72 | + - Uses Cobra for CLI framework |
| 73 | + - Key commands: run, list, stop, rm, proxy, restart, serve, version, logs, secret, inspector, mcp |
| 74 | + |
| 75 | +2. **Kubernetes Operator (`cmd/thv-operator/`)** |
| 76 | + - CRD definitions in `api/v1alpha1/` |
| 77 | + - Controller logic in `controllers/` |
| 78 | + - Follows standard Kubernetes operator patterns |
| 79 | + |
| 80 | +3. **Core Packages (`pkg/`)** |
| 81 | + - `api/`: REST API server and handlers |
| 82 | + - `auth/`: Authentication (anonymous, local, OAuth/OIDC) |
| 83 | + - `authz/`: Authorization using Cedar policy language |
| 84 | + - `client/`: Client configuration and management |
| 85 | + - `container/`: Container runtime abstraction (Docker/Kubernetes) |
| 86 | + - `registry/`: MCP server registry management |
| 87 | + - `runner/`: MCP server execution logic |
| 88 | + - `transport/`: Communication protocols (HTTP, SSE, stdio, streamable) |
| 89 | + - `workloads/`: Workload lifecycle management |
| 90 | + |
| 91 | +### Key Design Patterns |
| 92 | + |
| 93 | +- **Factory Pattern**: Used extensively for creating runtime-specific implementations (Docker vs Kubernetes) |
| 94 | +- **Interface Segregation**: Clean abstractions for container runtimes, transports, and storage |
| 95 | +- **Middleware Pattern**: HTTP middleware for auth, authz, telemetry |
| 96 | +- **Observer Pattern**: Event system for audit logging |
| 97 | + |
| 98 | +### Transport Types |
| 99 | + |
| 100 | +ToolHive supports multiple MCP transport protocols: |
| 101 | +- **stdio**: Standard input/output |
| 102 | +- **HTTP**: Traditional HTTP requests |
| 103 | +- **SSE**: Server-Sent Events for streaming |
| 104 | +- **streamable**: Custom streamable HTTP protocol |
| 105 | + |
| 106 | +### Security Model |
| 107 | + |
| 108 | +- Container-based isolation for all MCP servers |
| 109 | +- Cedar-based authorization policies |
| 110 | +- Secret management with multiple backends (1Password, encrypted storage) |
| 111 | +- Certificate validation for container images |
| 112 | +- OIDC/OAuth2 authentication support |
| 113 | + |
| 114 | +## Testing Strategy |
| 115 | + |
| 116 | +### Test Organization |
| 117 | + |
| 118 | +- **Unit tests**: Located alongside source files (`*_test.go`) |
| 119 | +- **Integration tests**: In individual package test files |
| 120 | +- **End-to-end tests**: Located in `test/e2e/` |
| 121 | +- **Operator tests**: Chainsaw tests in `test/e2e/chainsaw/operator/` |
| 122 | + |
| 123 | +### Mock Generation |
| 124 | + |
| 125 | +The project uses `go.uber.org/mock` for generating mocks. Mock files are located in `mocks/` subdirectories within each package. |
| 126 | + |
| 127 | +## Configuration |
| 128 | + |
| 129 | +- Uses Viper for configuration management |
| 130 | +- Configuration files and state stored in platform-appropriate directories |
| 131 | +- Supports environment variable overrides |
| 132 | +- Client configuration stored in `~/.toolhive/` or equivalent |
| 133 | + |
| 134 | +## Development Guidelines |
| 135 | + |
| 136 | +### Code Organization |
| 137 | + |
| 138 | +- Follow Go standard project layout |
| 139 | +- Use interfaces for testability and runtime abstraction |
| 140 | +- Separate business logic from transport/protocol concerns |
| 141 | +- Keep packages focused on single responsibilities |
| 142 | + |
| 143 | +### Operator Development |
| 144 | + |
| 145 | +When working on the Kubernetes operator: |
| 146 | +- CRD attributes are used for business logic that affects operator behavior |
| 147 | +- PodTemplateSpec is used for infrastructure concerns (node selection, resources) |
| 148 | +- See `cmd/thv-operator/DESIGN.md` for detailed decision guidelines |
| 149 | + |
| 150 | +### Dependencies |
| 151 | + |
| 152 | +- Primary container runtime: Docker API |
| 153 | +- Web framework: Chi router |
| 154 | +- CLI framework: Cobra |
| 155 | +- Configuration: Viper |
| 156 | +- Testing: Ginkgo/Gomega |
| 157 | +- Kubernetes: controller-runtime |
| 158 | +- Telemetry: OpenTelemetry |
| 159 | + |
| 160 | +## Common Development Tasks |
| 161 | + |
| 162 | +### Adding New Commands |
| 163 | + |
| 164 | +1. Create command file in `cmd/thv/app/` |
| 165 | +2. Add command to `NewRootCmd()` in `commands.go` |
| 166 | +3. Update CLI documentation with `task docs` |
| 167 | + |
| 168 | +### Adding New Transport |
| 169 | + |
| 170 | +1. Implement transport interface in `pkg/transport/` |
| 171 | +2. Add factory registration |
| 172 | +3. Update runner configuration |
| 173 | +4. Add comprehensive tests |
| 174 | + |
| 175 | +### Working with Containers |
| 176 | + |
| 177 | +The container abstraction supports both Docker and Kubernetes runtimes. When adding container functionality: |
| 178 | +- Implement the interface in `pkg/container/runtime/types.go` |
| 179 | +- Add runtime-specific implementations in appropriate subdirectories |
| 180 | +- Use factory pattern for runtime selection |
| 181 | + |
| 182 | +## Commit Guidelines |
| 183 | + |
| 184 | +Follow conventional commit format: |
| 185 | +- Separate subject from body with blank line |
| 186 | +- Limit subject line to 50 characters |
| 187 | +- Use imperative mood in subject line |
| 188 | +- Capitalize subject line |
| 189 | +- Do not end subject line with period |
| 190 | +- Use body to explain what and why vs. how |
0 commit comments