Feat/860 enterprise multitenancy, role-based access control, JWT revocation and SSO #862
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
crivetimihai
requested review from
ChrisPC-39,
MohanLaksh,
araujof,
imolloy,
kevalmahajan,
madhav165,
manavgup,
rakdutta and
terylt
MohanLaksh
reviewed
Sep 2, 2025
There was a problem hiding this comment.
PR Review Summary:
make serve
- Login with
admin@example.comandchangeme - Successfully able to add
streamable httptransport server () - Successfully tested the
get pr detailstool
-
Successfully able to add mcp-container-runtime on sse transport
-
Successfully able to test a tool
get current time -
Able to see metrics for the executed tools
-
Able to export metrics as a
csvfile -
Able to create a team
9. Not able to exit add members when clicking on cancel below.
PR Test Summary:
1. make test - 1 test failing
FAILED tests/unit/mcpgateway/test_main_extended.py::TestApplicationStartupPaths::test_startup_without_plugin_manager - sqlalchemy.exc.OperationalError: (sqlite3.OperationalError) no such table: global_config
=== 1 failed, 2652 passed, 24 skipped, 1069 warnings in 233.88s (0:03:53) ===
make autoflake isort black flake8- PASS - no errors
3. make pylint - FAIL - Your code has been rated at 9.71/10
🐛 pylint mcpgateway mcp-servers/python...
************* Module mcpgateway.db
mcpgateway/db.py:1698:13: E1136: Value 'Mapped' is unsubscriptable (unsubscriptable-object)
Your code has been rated at 9.71/10 (previous run: 10.00/10, -0.29)
make: *** [Makefile:723: pylint] Error 2
-
make smoketest- PASS
✅ Smoketest passed! -
make doctest- all pass
616 passed, 7 skipped, 69 warnings in 22.10s
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
mcpgateway/db.py:2358:16: E1136: Value 'Mapped' is unsubscriptable (unsubscriptable-object)The error is occurring because pylint doesn't recognize Mapped[Type] syntax as valid. This is a common issue with SQLAlchemy 2.0's new typing system. The code is actually correct - Mapped is designed to be subscriptable with type parameters. This requires Did you run |
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
|
Hey @crivetimihai I had a chance to test the changes in this branch locally, and it's looking great – really solid work! As I was going through it, a couple of questions came to mind regarding the architecture, and I was hoping to get your insights:
I'm keen to align my understanding with the intended design. |
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
terylt
reviewed
Sep 4, 2025
There was a problem hiding this comment.
One thing we did in our SysFlow open source project is use a manifest file to set versions for things in the container. This helped a lot in the CI/CD as we could quickly update versions for new builds. Here's an example: https://github.com/sysflow-telemetry/sf-collector/blob/master/makefile.manifest.inc
Might be useful here cc: @araujof
terylt
reviewed
Sep 4, 2025
There was a problem hiding this comment.
One comment on linting. I've noticed this a bit with other PRs that a bunch of the file changes are linting related from stuff checked in in previous PRs. Are there ways that we might be able to stabilize the linting so that it has to be done during PR check in and remains consistent? I think this might help with the readability of the PRs as we wouldn't get lint changes from code checked in from previous PRs. Just a thought.
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
terylt
reviewed
Sep 4, 2025
|
|
||
|
|
||
| # Helper function for authentication compatibility | ||
| def get_user_email(user): |
There was a problem hiding this comment.
This looks to be similar to the get_user_email in the admin.py script
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
madhav165
pushed a commit
that referenced
this pull request
Sep 5, 2025
…cation and SSO (#862) * Multitenancy support Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Cleanup comments and duplicate env Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Cleanup comments and duplicate env Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix smoketest Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix docker-compose Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix postgres Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * .env.example update Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * flake8 alembic script Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update helm charts Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update ruff Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update doctest Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update doctest 45% Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix blocking removal of last admin Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix blocking removal of last admin Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix number of team members Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix team approval workflow Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix logs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix logs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add multitenancy scripts to check migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add multitenancy scripts to check migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix gateways a2a and prompts migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix APP_ROOT_PATH Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix APP_ROOT_PATH part 2 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * flake8 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update names in UI Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update Tools samples for Bulk Import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs for password change Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add 2nd pass. check field Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add 2nd pass. check field Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix missing token_usage_logs migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix missing token_usage_logs migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix JSON types during migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix JSON types during migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Major refactor migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Major refactor migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix flake8 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
4 tasks
vk-playground
pushed a commit
to vk-playground/mcp-context-forge
that referenced
this pull request
Sep 14, 2025
…cation and SSO (IBM#862) * Multitenancy support Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Cleanup comments and duplicate env Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Cleanup comments and duplicate env Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix smoketest Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix docker-compose Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix postgres Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * .env.example update Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * flake8 alembic script Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update helm charts Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update ruff Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update doctest Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update doctest 45% Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix blocking removal of last admin Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix blocking removal of last admin Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix number of team members Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix team approval workflow Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix logs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix logs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add multitenancy scripts to check migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add multitenancy scripts to check migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix gateways a2a and prompts migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix APP_ROOT_PATH Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix APP_ROOT_PATH part 2 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * flake8 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update names in UI Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update Tools samples for Bulk Import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs for password change Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add 2nd pass. check field Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add 2nd pass. check field Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix missing token_usage_logs migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix missing token_usage_logs migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix JSON types during migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix JSON types during migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Major refactor migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Major refactor migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix flake8 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
vk-playground
pushed a commit
to vk-playground/mcp-context-forge
that referenced
this pull request
Sep 14, 2025
…cation and SSO (IBM#862) * Multitenancy support Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Cleanup comments and duplicate env Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Cleanup comments and duplicate env Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix smoketest Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix docker-compose Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix postgres Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * .env.example update Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * flake8 alembic script Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update helm charts Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update ruff Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update doctest Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update doctest 45% Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix blocking removal of last admin Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix blocking removal of last admin Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix number of team members Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix team approval workflow Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix logs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix logs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add multitenancy scripts to check migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add multitenancy scripts to check migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix gateways a2a and prompts migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix APP_ROOT_PATH Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix APP_ROOT_PATH part 2 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * flake8 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update names in UI Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update Tools samples for Bulk Import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs for password change Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add 2nd pass. check field Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add 2nd pass. check field Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix missing token_usage_logs migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix missing token_usage_logs migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix JSON types during migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix JSON types during migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Major refactor migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Major refactor migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix flake8 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
vk-playground
pushed a commit
to vk-playground/mcp-context-forge
that referenced
this pull request
Sep 16, 2025
…cation and SSO (IBM#862) * Multitenancy support Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Cleanup comments and duplicate env Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Cleanup comments and duplicate env Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix smoketest Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix docker-compose Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix postgres Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * .env.example update Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * flake8 alembic script Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update helm charts Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docstring Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update ruff Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update doctest Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update doctest 45% Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix blocking removal of last admin Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix blocking removal of last admin Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix number of team members Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix team approval workflow Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix logs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix logs Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add multitenancy scripts to check migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add multitenancy scripts to check migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add manual testing Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix gateways a2a and prompts migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix APP_ROOT_PATH Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix APP_ROOT_PATH part 2 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * flake8 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update names in UI Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update Tools samples for Bulk Import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Update docs for password change Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add 2nd pass. check field Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add 2nd pass. check field Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix missing token_usage_logs migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix missing token_usage_logs migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix JSON types during migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix JSON types during migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Major refactor migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Major refactor migration Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix flake8 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix import Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Fix tests Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
🏢 EPIC: Complete Multi-Tenancy System Implementation
🚀 Summary
This massive PR transforms MCP Gateway from a single-tenant system into a production-ready enterprise multi-tenant platform with team-based resource scoping, comprehensive authentication, and enterprise SSO integration.
Impact: Complete architectural transformation enabling secure team collaboration, enterprise SSO integration, and scalable multi-tenant deployments.
🎯 Issues Closed
Primary Epic:
Core Security & Authentication:
SSO Integration:
Future Work:
🔥 Major Features Implemented
🔐 Authentication & Authorization System
👥 Team Management System
🔒 Resource Scoping & Visibility
🏗️ Platform Administration
🗄️ Database & Infrastructure
📐 System Architecture
This implementation introduces a comprehensive multi-tenant architecture:
graph TB subgraph "Authentication Layer" Email[Email Authentication<br/>Argon2id Hashing] SSO[Multi-Provider SSO<br/>GitHub, Google, IBM Verify] JWT[Enhanced JWT Tokens<br/>Team Context + Scoped Access] end subgraph "Team Management" PersonalTeams[Personal Teams<br/>Auto-Creation] MultiTeam[Multi-Team Membership<br/>Owner/Member Roles] Invitations[Email Invitations<br/>Token-Based Workflow] end subgraph "Resource Scoping" ResourceVis[Three-Tier Visibility<br/>Private/Team/Public] TeamAPI[Team-Scoped APIs<br/>All Resource Types] CrossTeam[Cross-Team Access<br/>Public Resources] end subgraph "Platform Administration" PlatformAdmin[Platform Admin Role<br/>System-Wide Access] DomainMap[Domain-Based Assignment<br/>Auto-Admin via SSO] end Email --> JWT SSO --> JWT JWT --> MultiTeam PersonalTeams --> MultiTeam MultiTeam --> ResourceVis ResourceVis --> TeamAPI PlatformAdmin --> DomainMap🗄️ Database Schema Changes
New Multi-Tenant Tables:
Extended Resource Tables:
All existing resource tables (tool, server, resource, prompt, a2a_agent) extended with:
🔧 Configuration Changes
New Environment Variables:
Core Multi-Tenancy:
Authentication:
SSO Integration:
🔐 Security Enhancements
Multi-Tenant Security Model:
Enterprise Security Controls:
🚀 API Changes
New Authentication Endpoints:
POST /auth/email/register- Email user registrationPOST /auth/email/login- Email user loginGET /auth/sso/providers- List available SSO providersGET /auth/sso/login/{provider}- Initiate SSO loginPOST /auth/sso/callback/{provider}- Handle SSO callbackNew Team Management Endpoints:
GET /teams- List user's teamsPOST /teams- Create new teamGET /teams/{team_id}- Get team detailsPUT /teams/{team_id}- Update teamDELETE /teams/{team_id}- Delete team (non-personal only)POST /teams/{team_id}/invitations- Invite user to teamGET /teams/{team_id}/members- List team membersDELETE /teams/{team_id}/members/{user_email}- Remove team memberEnhanced Resource Endpoints:
All resource endpoints (tools, servers, resources, prompts, a2a agents) now support:
?team_id=uuid- Filter by team?visibility=private|team|public- Filter by visibilityteam_id,owner_email,visibilityfields in request/response bodies📚 Documentation Added
Complete Documentation Suite:
docs/docs/architecture/multitenancy.md(934 lines)docs/docs/manage/sso-ibm-tutorial.md- IBM Security Verify setupdocs/docs/manage/sso-github-tutorial.md- GitHub SSO setupdocs/docs/manage/sso-google-tutorial.md- Google SSO setupEnterprise Deployment Guides:
🧪 Testing
Test Coverage:
Test Categories:
⚡ Performance Optimizations
Database Optimizations:
API Performance:
🔄 Migration Strategy
Backward Compatibility:
Upgrade Path:
🏆 Business Impact
Enterprise Readiness:
Scalability Improvements:
🎯 Breaking Changes
Database Schema:
email_users,email_teams,email_team_members,email_team_invitationsteam_id,owner_email,visibilitycolumnsAPI Changes:
Configuration:
Note: All changes are backward compatible when multi-tenancy features are disabled.
🚦 Deployment Checklist
Pre-Deployment:
Deployment:
make alembic-upgradePost-Deployment:
🎉 Summary
This PR represents a complete architectural transformation of MCP Gateway into a production-ready enterprise multi-tenant platform. The implementation includes:
Result: MCP Gateway now supports multi-tenancy, team collaboration, and SSO integration.