|
| 1 | +# GitHub Copilot Instructions for ToolHive |
| 2 | + |
| 3 | +This file provides GitHub Copilot with context about the ToolHive project to help generate better pull request reviews and suggestions. |
| 4 | + |
| 5 | +## Project Overview |
| 6 | + |
| 7 | +ToolHive is a lightweight, secure manager for Model Context Protocol (MCP) servers written in Go. It provides: |
| 8 | + |
| 9 | +- **CLI (`thv`)**: Main command-line interface for managing MCP servers locally |
| 10 | +- **Kubernetes Operator (`thv-operator`)**: Manages MCP servers in Kubernetes clusters |
| 11 | +- **Proxy Runner (`thv-proxyrunner`)**: Handles proxy functionality for MCP server communication |
| 12 | + |
| 13 | +## Key Architecture Principles |
| 14 | + |
| 15 | +- **Container-based isolation**: All MCP servers run in Docker/Podman containers |
| 16 | +- **Security first**: Cedar-based authorization, secret management, certificate validation |
| 17 | +- **Runtime abstraction**: Support for both Docker and Kubernetes via factory pattern |
| 18 | +- **Multiple transport protocols**: stdio, HTTP, SSE, streamable MCP transports |
| 19 | +- **Interface segregation**: Clean abstractions for testability and runtime flexibility |
| 20 | + |
| 21 | +## Code Review Focus Areas |
| 22 | + |
| 23 | +### Go Code Standards |
| 24 | +- Follow Go standard project layout conventions |
| 25 | +- Use interfaces for testability and runtime abstraction |
| 26 | +- Keep public methods in top half of files, private methods in bottom half |
| 27 | +- Separate business logic from transport/protocol concerns |
| 28 | +- Keep packages focused on single responsibilities |
| 29 | + |
| 30 | +### Security Considerations |
| 31 | +- Never expose or log secrets and keys |
| 32 | +- Validate all container images and certificates |
| 33 | +- Ensure proper isolation between MCP servers |
| 34 | +- Review Cedar authorization policies carefully |
| 35 | +- Check for proper input validation and sanitization |
| 36 | + |
| 37 | +### Testing Requirements |
| 38 | +- Unit tests alongside source files (`*_test.go`) |
| 39 | +- Integration tests within packages |
| 40 | +- End-to-end tests in `test/e2e/` |
| 41 | +- Use Ginkgo/Gomega for BDD-style testing |
| 42 | +- Mock generation using `go.uber.org/mock` |
| 43 | + |
| 44 | +### Architecture Patterns |
| 45 | +- **Factory Pattern**: Used for runtime-specific implementations (Docker vs Kubernetes) |
| 46 | +- **Middleware Pattern**: HTTP middleware for auth, authz, telemetry |
| 47 | +- **Observer Pattern**: Event system for audit logging |
| 48 | +- Implement interfaces defined in `pkg/container/runtime/types.go` |
| 49 | + |
| 50 | +### Development Workflow |
| 51 | +- Check that `task lint` and `task lint-fix` pass |
| 52 | +- Ensure `task test` (unit tests) and `task test-e2e` pass |
| 53 | +- Use `task build` to verify successful compilation |
| 54 | +- Follow commit message guidelines from CONTRIBUTING.md |
| 55 | + |
| 56 | +### Key Dependencies |
| 57 | +- Docker API for container runtime |
| 58 | +- Chi router for web framework |
| 59 | +- Cobra for CLI framework |
| 60 | +- Viper for configuration management |
| 61 | +- controller-runtime for Kubernetes operations |
| 62 | +- OpenTelemetry for observability |
| 63 | + |
| 64 | +## Common Anti-Patterns to Flag |
| 65 | + |
| 66 | +- Using concrete types instead of interfaces for testability |
| 67 | +- Mixing business logic with transport/protocol code |
| 68 | +- Hardcoding container runtime specifics instead of using abstraction |
| 69 | +- Missing error handling, especially for container operations |
| 70 | +- Inadequate input validation for MCP server configurations |
| 71 | +- Security vulnerabilities in secret handling or container permissions |
| 72 | +- Missing tests for new functionality |
| 73 | +- Not following the project's commit message format |
| 74 | + |
| 75 | +## Project-Specific Guidelines |
| 76 | + |
| 77 | +### Operator Development |
| 78 | +- CRD attributes for business logic that affects operator behavior |
| 79 | +- PodTemplateSpec for infrastructure concerns (node selection, resources) |
| 80 | +- Refer to `cmd/thv-operator/DESIGN.md` for detailed decisions |
| 81 | + |
| 82 | +### Transport Implementation |
| 83 | +- Implement transport interface in `pkg/transport/` |
| 84 | +- Add factory registration for new transports |
| 85 | +- Update runner configuration appropriately |
| 86 | +- Add comprehensive tests for new transport types |
| 87 | + |
| 88 | +### Container Runtime |
| 89 | +- Support both Docker and Kubernetes via abstraction |
| 90 | +- Use factory pattern for runtime selection |
| 91 | +- Implement interfaces consistently across runtimes |
| 92 | + |
| 93 | +## Configuration Management |
| 94 | +- Uses Viper with environment variable overrides |
| 95 | +- Client configuration in `~/.toolhive/` or platform equivalent |
| 96 | +- Support for multiple secret backends (1Password, encrypted storage) |
| 97 | + |
| 98 | +When reviewing PRs, focus on these areas to ensure code quality, security, and adherence to the project's architectural principles. |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?v=4&size=40){kind=avatar}
0 commit comments