Address PR review comments and fix CI issues

- Fix operator-crds README.md that was accidentally emptied - Add comprehensive unit tests for composite tool parameter conversion - Improve error handling documentation in converter.go - Bump toolhive-operator Helm chart version from 0.5.2 to 0.5.3 - Update all documentation to use standard JSON Schema format for parameters 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>

Author: JAORMX

cmd/thv-operator/pkg/vmcpconfig/converter.go

@@ -259,7 +259,9 @@ func (*Converter) convertCompositeTools(
 if err := json.Unmarshal(crdTool.Parameters.Raw, &params); err == nil {
 tool.Parameters = params
 }
-// If unmarshal fails, leave Parameters as nil
+// If unmarshal fails, leave Parameters as nil. This should never happen in practice
+// because the webhook validation ensures Parameters contains valid JSON before reaching
+// this conversion point. See virtualmcpcompositetooldefinition_webhook.go for validation.
 }
 
 // Convert steps

cmd/thv-operator/pkg/vmcpconfig/converter_test.go

@@ -0,0 +1,186 @@
+package vmcpconfig
+
+import (
+"context"
+"encoding/json"
+"testing"
+
+"github.com/stretchr/testify/assert"
+"github.com/stretchr/testify/require"
+"k8s.io/apimachinery/pkg/runtime"
+
+mcpv1alpha1 "github.com/stacklok/toolhive/cmd/thv-operator/api/v1alpha1"
+)
+
+func TestConverter_convertCompositeTools(t *testing.T) {
+t.Parallel()
+
+tests := []struct {
+name string
+compositeTools []mcpv1alpha1.CompositeToolSpec
+wantLen int
+wantTool *struct {
+name string
+params map[string]any
+stepsCount int
+}
+}{
+{
+name: "valid parameters as JSON Schema",
+compositeTools: []mcpv1alpha1.CompositeToolSpec{
+{
+Name: "test-tool",
+Description: "A test tool",
+Parameters: &runtime.RawExtension{
+Raw: mustMarshalJSON(t, map[string]any{
+"type": "object",
+"properties": map[string]any{
+"param1": map[string]any{
+"type": "string",
+"default": "value1",
+},
+},
+"required": []string{"param1"},
+}),
+},
+Steps: []mcpv1alpha1.WorkflowStep{
+{
+ID: "step1",
+Type: "tool",
+Tool: "some-tool",
+},
+},
+},
+},
+wantLen: 1,
+wantTool: &struct {
+name string
+params map[string]any
+stepsCount int
+}{
+name: "test-tool",
+params: map[string]any{
+"type": "object",
+"properties": map[string]any{
+"param1": map[string]any{
+"type": "string",
+"default": "value1",
+},
+},
+"required": []any{"param1"},
+},
+stepsCount: 1,
+},
+},
+{
+name: "nil parameters",
+compositeTools: []mcpv1alpha1.CompositeToolSpec{
+{
+Name: "test-tool-no-params",
+Description: "A test tool without params",
+Parameters: nil,
+Steps: []mcpv1alpha1.WorkflowStep{
+{
+ID: "step1",
+Type: "tool",
+Tool: "some-tool",
+},
+},
+},
+},
+wantLen: 1,
+wantTool: &struct {
+name string
+params map[string]any
+stepsCount int
+}{
+name: "test-tool-no-params",
+params: nil,
+stepsCount: 1,
+},
+},
+{
+name: "empty parameters",
+compositeTools: []mcpv1alpha1.CompositeToolSpec{
+{
+Name: "test-tool-empty",
+Description: "A test tool with empty params",
+Parameters: &runtime.RawExtension{Raw: []byte("{}")},
+Steps: []mcpv1alpha1.WorkflowStep{
+{
+ID: "step1",
+Type: "tool",
+Tool: "some-tool",
+},
+},
+},
+},
+wantLen: 1,
+wantTool: &struct {
+name string
+params map[string]any
+stepsCount int
+}{
+name: "test-tool-empty",
+params: map[string]any{},
+stepsCount: 1,
+},
+},
+{
+name: "invalid JSON parameters - should be ignored (webhook validates before this)",
+compositeTools: []mcpv1alpha1.CompositeToolSpec{
+{
+Name: "test-tool-invalid",
+Description: "A test tool with invalid JSON",
+Parameters: &runtime.RawExtension{Raw: []byte("invalid json{")},
+Steps: []mcpv1alpha1.WorkflowStep{
+{
+ID: "step1",
+Type: "tool",
+Tool: "some-tool",
+},
+},
+},
+},
+wantLen: 1,
+wantTool: &struct {
+name string
+params map[string]any
+stepsCount int
+}{
+name: "test-tool-invalid",
+params: nil, // Invalid JSON results in nil params
+stepsCount: 1,
+},
+},
+}
+
+for _, tt := range tests {
+t.Run(tt.name, func(t *testing.T) {
+t.Parallel()
+
+converter := NewConverter()
+vmcp := &mcpv1alpha1.VirtualMCPServer{
+Spec: mcpv1alpha1.VirtualMCPServerSpec{
+CompositeTools: tt.compositeTools,
+},
+}
+
+result := converter.convertCompositeTools(context.Background(), vmcp)
+
+require.Len(t, result, tt.wantLen)
+if tt.wantTool != nil {
+assert.Equal(t, tt.wantTool.name, result[0].Name)
+assert.Equal(t, tt.wantTool.params, result[0].Parameters)
+assert.Len(t, result[0].Steps, tt.wantTool.stepsCount)
+}
+})
+}
+}
+
+func mustMarshalJSON(t *testing.T, v any) []byte {
+t.Helper()
+data, err := json.Marshal(v)
+require.NoError(t, err)
+return data
+}

deploy/charts/operator-crds/README.md

@@ -1 +1,43 @@
-\n
+
+# ToolHive Operator CRDs Helm Chart
+
+![Version: 0.0.60](https://img.shields.io/badge/Version-0.0.60-informational?style=flat-square)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+A Helm chart for installing the ToolHive Operator CRDs into Kubernetes.
+
+---
+
+ToolHive Operator CRDs
+
+## TL;DR
+
+```console
+helm upgrade -i toolhive-operator-crds oci://ghcr.io/stacklok/toolhive/toolhive-operator-crds
+```
+
+## Prerequisites
+
+- Kubernetes 1.25+
+- Helm 3.10+ minimum, 3.14+ recommended
+
+## Usage
+
+### Installing from the Chart
+
+Install one of the available versions:
+
+```shell
+helm upgrade -i <release_name> oci://ghcr.io/stacklok/toolhive/toolhive-operator-crds --version=<version>
+```
+
+> **Tip**: List all releases using `helm list`
+
+### Uninstalling the Chart
+
+To uninstall/delete the `toolhive-operator-crds` deployment:
+
+```console
+helm uninstall <release_name>
+```
+

deploy/charts/operator/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: toolhive-operator
 description: A Helm chart for deploying the ToolHive Operator into Kubernetes.
 type: application
-version: 0.5.2
+version: 0.5.3
 appVersion: "v0.6.5"

deploy/charts/operator/README.md

@@ -1 +1,105 @@
-\n
+
+# ToolHive Operator Helm Chart
+
+![Version: 0.5.3](https://img.shields.io/badge/Version-0.5.3-informational?style=flat-square)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+
+A Helm chart for deploying the ToolHive Operator into Kubernetes.
+
+---
+
+## TL;DR
+
+```console
+helm upgrade -i toolhive-operator oci://ghcr.io/stacklok/toolhive/toolhive-operator -n toolhive-system --create-namespace
+```
+
+Or for a custom values file:
+
+```consoleCustom
+helm upgrade -i toolhive-operator oci://ghcr.io/stacklok/toolhive/toolhive-operator -n toolhive-system --create-namespace --values values-openshift.yaml
+```
+
+## Prerequisites
+
+- Kubernetes 1.25+
+- Helm 3.10+ minimum, 3.14+ recommended
+
+## Usage
+
+### Installing from the Chart
+
+Install one of the available versions:
+
+```shell
+helm upgrade -i <release_name> oci://ghcr.io/stacklok/toolhive/toolhive-operator --version=<version> -n toolhive-system --create-namespace
+```
+
+> **Tip**: List all releases using `helm list`
+
+### Uninstalling the Chart
+
+To uninstall/delete the `toolhive-operator` deployment:
+
+```console
+helm uninstall <release_name>
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release. You will have to delete the namespace manually if you used Helm to create it.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|-------------|------|---------|
+| fullnameOverride | string | `"toolhive-operator"` | Provide a fully-qualified name override for resources |
+| nameOverride | string | `""` | Override the name of the chart |
+| operator | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"containerSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}},"env":{},"features":{"experimental":false},"gc":{"gogc":75,"gomeglimit":"150MiB"},"image":"ghcr.io/stacklok/toolhive/operator:v0.6.5","imagePullPolicy":"IfNotPresent","imagePullSecrets":[],"leaderElectionRole":{"binding":{"name":"toolhive-operator-leader-election-rolebinding"},"name":"toolhive-operator-leader-election-role","rules":[{"apiGroups":[""],"resources":["configmaps"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":["coordination.k8s.io"],"resources":["leases"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":[""],"resources":["events"],"verbs":["create","patch"]}]},"livenessProbe":{"httpGet":{"path":"/healthz","port":"health"},"initialDelaySeconds":15,"periodSeconds":20},"nodeSelector":{},"podAnnotations":{},"podLabels":{},"podSecurityContext":{"runAsNonRoot":true},"ports":[{"containerPort":8080,"name":"metrics","protocol":"TCP"},{"containerPort":8081,"name":"health","protocol":"TCP"}],"proxyHost":"0.0.0.0","rbac":{"allowedNamespaces":[],"scope":"cluster"},"readinessProbe":{"httpGet":{"path":"/readyz","port":"health"},"initialDelaySeconds":5,"periodSeconds":10},"replicaCount":1,"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"serviceAccount":{"annotations":{},"automountServiceAccountToken":true,"create":true,"labels":{},"name":"toolhive-operator"},"tolerations":[],"toolhiveRunnerImage":"ghcr.io/stacklok/toolhive/proxyrunner:v0.6.5","volumeMounts":[],"volumes":[]}` | All values for the operator deployment and associated resources |
+| operator.affinity | object | `{}` | Affinity settings for the operator pod |
+| operator.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Configuration for horizontal pod autoscaling |
+| operator.autoscaling.enabled | bool | `false` | Enable autoscaling for the operator |
+| operator.autoscaling.maxReplicas | int | `100` | Maximum number of replicas |
+| operator.autoscaling.minReplicas | int | `1` | Minimum number of replicas |
+| operator.autoscaling.targetCPUUtilizationPercentage | int | `80` | Target CPU utilization percentage for autoscaling |
+| operator.containerSecurityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true,"runAsNonRoot":true,"runAsUser":1000,"seccompProfile":{"type":"RuntimeDefault"}}` | Container security context settings for the operator |
+| operator.env | object | `{}` | Environment variables to set in the operator container |
+| operator.gc | object | `{"gogc":75,"gomeglimit":"150MiB"}` | Go memory limits and garbage collection percentage for the operator container |
+| operator.gc.gogc | int | `75` | Go garbage collection percentage for the operator container |
+| operator.gc.gomeglimit | string | `"150MiB"` | Go memory limits for the operator container |
+| operator.image | string | `"ghcr.io/stacklok/toolhive/operator:v0.6.5"` | Container image for the operator |
+| operator.imagePullPolicy | string | `"IfNotPresent"` | Image pull policy for the operator container |
+| operator.imagePullSecrets | list | `[]` | List of image pull secrets to use |
+| operator.leaderElectionRole | object | `{"binding":{"name":"toolhive-operator-leader-election-rolebinding"},"name":"toolhive-operator-leader-election-role","rules":[{"apiGroups":[""],"resources":["configmaps"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":["coordination.k8s.io"],"resources":["leases"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":[""],"resources":["events"],"verbs":["create","patch"]}]}` | Leader election role configuration |
+| operator.leaderElectionRole.binding.name | string | `"toolhive-operator-leader-election-rolebinding"` | Name of the role binding for leader election |
+| operator.leaderElectionRole.name | string | `"toolhive-operator-leader-election-role"` | Name of the role for leader election |
+| operator.leaderElectionRole.rules | list | `[{"apiGroups":[""],"resources":["configmaps"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":["coordination.k8s.io"],"resources":["leases"],"verbs":["get","list","watch","create","update","patch","delete"]},{"apiGroups":[""],"resources":["events"],"verbs":["create","patch"]}]` | Rules for the leader election role |
+| operator.livenessProbe | object | `{"httpGet":{"path":"/healthz","port":"health"},"initialDelaySeconds":15,"periodSeconds":20}` | Liveness probe configuration for the operator |
+| operator.nodeSelector | object | `{}` | Node selector for the operator pod |
+| operator.podAnnotations | object | `{}` | Annotations to add to the operator pod |
+| operator.podLabels | object | `{}` | Labels to add to the operator pod |
+| operator.podSecurityContext | object | `{"runAsNonRoot":true}` | Pod security context settings |
+| operator.ports | list | `[{"containerPort":8080,"name":"metrics","protocol":"TCP"},{"containerPort":8081,"name":"health","protocol":"TCP"}]` | List of ports to expose from the operator container |
+| operator.proxyHost | string | `"0.0.0.0"` | Host for the proxy deployed by the operator |
+| operator.rbac | object | `{"allowedNamespaces":[],"scope":"cluster"}` | RBAC configuration for the operator |
+| operator.rbac.allowedNamespaces | list | `[]` | List of namespaces that the operator is allowed to have permissions to manage. Only used if scope is set to "namespace". |
+| operator.rbac.scope | string | `"cluster"` | Scope of the RBAC configuration. - cluster: The operator will have cluster-wide permissions via ClusterRole and ClusterRoleBinding. - namespace: The operator will have permissions to manage resources in the namespaces specified in `allowedNamespaces`. The operator will have a ClusterRole and RoleBinding for each namespace in `allowedNamespaces`. |
+| operator.readinessProbe | object | `{"httpGet":{"path":"/readyz","port":"health"},"initialDelaySeconds":5,"periodSeconds":10}` | Readiness probe configuration for the operator |
+| operator.replicaCount | int | `1` | Number of replicas for the operator deployment |
+| operator.resources | object | `{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}}` | Resource requests and limits for the operator container |
+| operator.serviceAccount | object | `{"annotations":{},"automountServiceAccountToken":true,"create":true,"labels":{},"name":"toolhive-operator"}` | Service account configuration for the operator |
+| operator.serviceAccount.annotations | object | `{}` | Annotations to add to the service account |
+| operator.serviceAccount.automountServiceAccountToken | bool | `true` | Automatically mount a ServiceAccount's API credentials |
+| operator.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
+| operator.serviceAccount.labels | object | `{}` | Labels to add to the service account |
+| operator.serviceAccount.name | string | `"toolhive-operator"` | The name of the service account to use. If not set and create is true, a name is generated. |
+| operator.tolerations | list | `[]` | Tolerations for the operator pod |
+| operator.toolhiveRunnerImage | string | `"ghcr.io/stacklok/toolhive/proxyrunner:v0.6.5"` | Image to use for Toolhive runners |
+| operator.volumeMounts | list | `[]` | Additional volume mounts on the operator container |
+| operator.volumes | list | `[]` | Additional volumes to mount on the operator pod |
+| registryAPI | object | `{"image":"ghcr.io/stacklok/thv-registry-api:v0.1.0","serviceAccount":{"annotations":{},"automountServiceAccountToken":true,"labels":{},"name":"toolhive-registry-api"}}` | All values for the registry API deployment and associated resources |
+| registryAPI.image | string | `"ghcr.io/stacklok/thv-registry-api:v0.1.0"` | Container image for the registry API |
+| registryAPI.serviceAccount | object | `{"annotations":{},"automountServiceAccountToken":true,"labels":{},"name":"toolhive-registry-api"}` | Service account configuration for the registry API |
+| registryAPI.serviceAccount.annotations | object | `{}` | Annotations to add to the registry API service account |
+| registryAPI.serviceAccount.automountServiceAccountToken | bool | `true` | Automatically mount a ServiceAccount's API credentials |
+| registryAPI.serviceAccount.labels | object | `{}` | Labels to add to the registry API service account |
+| registryAPI.serviceAccount.name | string | `"toolhive-registry-api"` | The name of the service account to use for the registry API |
+

docs/operator/composite-tools-quick-reference.md

@@ -17,10 +17,12 @@ spec:
  failureMode: abort # Optional: abort|continue|best_effort (default: abort)
 
  parameters: # Optional: input parameters
- param_name:
- type: string
- description: Description of the parameter
- required: false
+ type: object
+ properties:
+ param_name:
+ type: string
+ description: Description of the parameter
+ required: []
 
  steps: # Required: workflow steps
  - id: step1