Forward MCPServerEntry headerForward to vMCP outbound requests

cmd/thv-operator/Taskfile.yml

@@ -168,7 +168,7 @@ tasks:
         platforms: [windows]
         ignore_error: true   # Windows has no mkdir -p, so just ignore error if it exists
       - go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.17.3
-      - $(go env GOPATH)/bin/controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./cmd/thv-operator/..." paths="./pkg/json/..." paths="./pkg/vmcp/config/..." paths="./pkg/vmcp/auth/types/..." paths="./pkg/telemetry/..." paths="./pkg/audit/..."
+      - $(go env GOPATH)/bin/controller-gen object:headerFile="hack/boilerplate.go.txt" paths="./cmd/thv-operator/..." paths="./pkg/json/..." paths="./pkg/vmcp" paths="./pkg/vmcp/config/..." paths="./pkg/vmcp/auth/types/..." paths="./pkg/telemetry/..." paths="./pkg/audit/..."
 
   operator-manifests:
     desc: Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects

cmd/thv-operator/api/v1beta1/mcpserverentry_types.go

@@ -101,6 +101,11 @@ const (
 	// ConditionTypeMCPServerEntryRemoteURLValidated indicates whether the RemoteURL passes
 	// format and SSRF safety checks.
 	ConditionTypeMCPServerEntryRemoteURLValidated = "RemoteURLValidated"
+
+	// ConditionTypeMCPServerEntryHeaderSecretRefsValidated indicates whether every Kubernetes
+	// Secret referenced by spec.headerForward.addHeadersFromSecret exists. Absent when the
+	// entry declares no header Secret refs.
+	ConditionTypeMCPServerEntryHeaderSecretRefsValidated = "HeaderSecretRefsValidated"
 )
 
 // Condition reasons for MCPServerEntry.
@@ -146,6 +151,14 @@ const (
 	// ConditionReasonMCPServerEntryRemoteURLInvalid indicates the RemoteURL is malformed or
 	// targets a blocked internal/metadata endpoint.
 	ConditionReasonMCPServerEntryRemoteURLInvalid = ConditionReasonRemoteURLInvalid
+
+	// ConditionReasonMCPServerEntryHeaderSecretsValid indicates every referenced header Secret exists.
+	ConditionReasonMCPServerEntryHeaderSecretsValid = "HeaderSecretsValid"
+
+	// ConditionReasonMCPServerEntryHeaderSecretNotFound indicates a Secret referenced by
+	// spec.headerForward.addHeadersFromSecret was not found in the entry's namespace.
+	// Reuses the string value used by MCPRemoteProxy for parity.
+	ConditionReasonMCPServerEntryHeaderSecretNotFound = ConditionReasonHeaderSecretNotFound
 )
 
 //+kubebuilder:object:root=true

cmd/thv-operator/controllers/mcpserverentry_controller.go

@@ -85,6 +85,12 @@ func (r *MCPServerEntryReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	}
 	allValid = valid && allValid
 
+	valid, err = r.validateHeaderForwardSecretRefs(ctx, entry)
+	if err != nil {
+		return ctrl.Result{}, err
+	}
+	allValid = valid && allValid
+
 	// Compute overall phase and Valid condition
 	r.updateOverallStatus(entry, allValid)
 
@@ -300,6 +306,60 @@ func (r *MCPServerEntryReconciler) validateCABundleRef(
 	return true, nil
 }
 
+// validateHeaderForwardSecretRefs checks that every Secret referenced by
+// spec.headerForward.addHeadersFromSecret exists in the entry's namespace.
+// Skipped (condition removed) when no Secret-backed headers are declared.
+// Returns (valid, error) where a non-nil error means a transient API failure
+// that should be requeued.
+func (r *MCPServerEntryReconciler) validateHeaderForwardSecretRefs(
+	ctx context.Context,
+	entry *mcpv1beta1.MCPServerEntry,
+) (bool, error) {
+	ctxLogger := log.FromContext(ctx)
+
+	if entry.Spec.HeaderForward == nil || len(entry.Spec.HeaderForward.AddHeadersFromSecret) == 0 {
+		meta.RemoveStatusCondition(&entry.Status.Conditions,
+			mcpv1beta1.ConditionTypeMCPServerEntryHeaderSecretRefsValidated)
+		return true, nil
+	}
+
+	for _, ref := range entry.Spec.HeaderForward.AddHeadersFromSecret {
+		if ref.ValueSecretRef == nil {
+			continue
+		}
+		secret := &corev1.Secret{}
+		secretKey := types.NamespacedName{
+			Namespace: entry.Namespace,
+			Name:      ref.ValueSecretRef.Name,
+		}
+		if err := r.Get(ctx, secretKey, secret); err != nil {
+			if errors.IsNotFound(err) {
+				meta.SetStatusCondition(&entry.Status.Conditions, metav1.Condition{
+					Type:   mcpv1beta1.ConditionTypeMCPServerEntryHeaderSecretRefsValidated,
+					Status: metav1.ConditionFalse,
+					Reason: mcpv1beta1.ConditionReasonMCPServerEntryHeaderSecretNotFound,
+					Message: fmt.Sprintf("Secret %q referenced for header %q not found",
+						ref.ValueSecretRef.Name, ref.HeaderName),
+					ObservedGeneration: entry.Generation,
+				})
+				return false, nil
+			}
+			ctxLogger.Error(err, "Failed to get referenced header Secret",
+				"secret", ref.ValueSecretRef.Name, "header", ref.HeaderName)
+			return false, err
+		}
+	}
+
+	meta.SetStatusCondition(&entry.Status.Conditions, metav1.Condition{
+		Type:               mcpv1beta1.ConditionTypeMCPServerEntryHeaderSecretRefsValidated,
+		Status:             metav1.ConditionTrue,
+		Reason:             mcpv1beta1.ConditionReasonMCPServerEntryHeaderSecretsValid,
+		Message:            "All referenced header Secrets exist",
+		ObservedGeneration: entry.Generation,
+	})
+	return true, nil
+}
+
 // validateRemoteURL checks that the RemoteURL is well-formed and does not target
 // a blocked internal or metadata endpoint (SSRF protection).
 func (*MCPServerEntryReconciler) validateRemoteURL(

cmd/thv-operator/controllers/mcpserverentry_controller_test.go

@@ -330,6 +330,81 @@ func TestMCPServerEntryReconciler_Reconcile(t *testing.T) {
 				{mcpv1beta1.ConditionTypeMCPServerEntryValid, metav1.ConditionTrue, mcpv1beta1.ConditionReasonMCPServerEntryValid},
 			},
 		},
+		{
+			name: "headerForward plaintext only - no secret validation needed",
+			entry: func() *mcpv1beta1.MCPServerEntry {
+				e := newMCPServerEntry(testEntryGroupRef, nil, nil)
+				e.Spec.HeaderForward = &mcpv1beta1.HeaderForwardConfig{
+					AddPlaintextHeaders: map[string]string{"X-MCP-Toolsets": "projects,issues"},
+				}
+				return e
+			}(),
+			objects:   []client.Object{newMCPGroup(mcpv1beta1.MCPGroupPhaseReady)},
+			wantPhase: mcpv1beta1.MCPServerEntryPhaseValid,
+			conditions: []struct {
+				condType string
+				status   metav1.ConditionStatus
+				reason   string
+			}{
+				{mcpv1beta1.ConditionTypeMCPServerEntryValid, metav1.ConditionTrue, mcpv1beta1.ConditionReasonMCPServerEntryValid},
+			},
+		},
+		{
+			name: "headerForward secret ref exists",
+			entry: func() *mcpv1beta1.MCPServerEntry {
+				e := newMCPServerEntry(testEntryGroupRef, nil, nil)
+				e.Spec.HeaderForward = &mcpv1beta1.HeaderForwardConfig{
+					AddHeadersFromSecret: []mcpv1beta1.HeaderFromSecret{
+						{
+							HeaderName:     "X-API-Key",
+							ValueSecretRef: &mcpv1beta1.SecretKeyRef{Name: "api-key-secret", Key: "token"},
+						},
+					},
+				}
+				return e
+			}(),
+			objects: []client.Object{
+				newMCPGroup(mcpv1beta1.MCPGroupPhaseReady),
+				&corev1.Secret{
+					ObjectMeta: metav1.ObjectMeta{Name: "api-key-secret", Namespace: testEntryNS},
+					Data:       map[string][]byte{"token": []byte("secret-value")},
+				},
+			},
+			wantPhase: mcpv1beta1.MCPServerEntryPhaseValid,
+			conditions: []struct {
+				condType string
+				status   metav1.ConditionStatus
+				reason   string
+			}{
+				{mcpv1beta1.ConditionTypeMCPServerEntryHeaderSecretRefsValidated, metav1.ConditionTrue, mcpv1beta1.ConditionReasonMCPServerEntryHeaderSecretsValid},
+				{mcpv1beta1.ConditionTypeMCPServerEntryValid, metav1.ConditionTrue, mcpv1beta1.ConditionReasonMCPServerEntryValid},
+			},
+		},
+		{
+			name: "headerForward secret ref missing flips entry to Failed",
+			entry: func() *mcpv1beta1.MCPServerEntry {
+				e := newMCPServerEntry(testEntryGroupRef, nil, nil)
+				e.Spec.HeaderForward = &mcpv1beta1.HeaderForwardConfig{
+					AddHeadersFromSecret: []mcpv1beta1.HeaderFromSecret{
+						{
+							HeaderName:     "X-API-Key",
+							ValueSecretRef: &mcpv1beta1.SecretKeyRef{Name: "missing-secret", Key: "token"},
+						},
+					},
+				}
+				return e
+			}(),
+			objects:   []client.Object{newMCPGroup(mcpv1beta1.MCPGroupPhaseReady)},
+			wantPhase: mcpv1beta1.MCPServerEntryPhaseFailed,
+			conditions: []struct {
+				condType string
+				status   metav1.ConditionStatus
+				reason   string
+			}{
+				{mcpv1beta1.ConditionTypeMCPServerEntryHeaderSecretRefsValidated, metav1.ConditionFalse, mcpv1beta1.ConditionReasonMCPServerEntryHeaderSecretNotFound},
+				{mcpv1beta1.ConditionTypeMCPServerEntryValid, metav1.ConditionFalse, mcpv1beta1.ConditionReasonMCPServerEntryInvalid},
+			},
+		},
 	}
 
 	for _, tt := range tests {

cmd/thv-operator/controllers/virtualmcpserver_controller.go

@@ -2112,12 +2112,19 @@ func injectSubjectProviderIfNeeded(
 // convertBackendsToStaticBackends converts Backend objects to StaticBackendConfig for ConfigMap embedding.
 // Preserves metadata and uses transport types from workload Specs.
 // Logs warnings when backends are skipped due to missing URL or transport information.
-// caBundlePathMap maps backend names to their CA bundle mount paths (populated for MCPServerEntry backends).
+//
+// caBundlePathMap maps backend names to their CA bundle mount paths (populated for
+// MCPServerEntry backends with caBundleRef).
+// headerForwardMap maps backend names to per-backend HeaderForwardConfig (populated
+// for MCPServerEntry backends with headerForward). Plaintext values are embedded
+// as-is; secret-backed headers carry only env-var identifiers that the vMCP runtime
+// resolves via secrets.EnvironmentProvider (TOOLHIVE_SECRET_<ident>).
 func convertBackendsToStaticBackends(
 	ctx context.Context,
 	backends []vmcptypes.Backend,
 	transportMap map[string]string,
 	caBundlePathMap map[string]string,
+	headerForwardMap map[string]*vmcptypes.HeaderForwardConfig,
 ) []vmcpconfig.StaticBackendConfig {
 	logger := log.FromContext(ctx)
 	static := make([]vmcpconfig.StaticBackendConfig, 0, len(backends))
@@ -2146,6 +2153,10 @@ func convertBackendsToStaticBackends(
 			cfg.CABundlePath = caBundlePath
 		}
 
+		if hf, ok := headerForwardMap[backend.Name]; ok && hf != nil {
+			cfg.HeaderForward = hf
+		}
+
 		static = append(static, cfg)
 	}
 	return static

cmd/thv-operator/controllers/virtualmcpserver_deployment.go

@@ -347,6 +347,16 @@ func (r *VirtualMCPServerReconciler) buildEnvVarsForVmcp(
 	// Mount outgoing auth secrets
 	env = append(env, r.buildOutgoingAuthEnvVars(ctx, vmcp, typedWorkloads)...)
 
+	// Mount per-backend header-forward secrets for MCPServerEntry backends.
+	// Each Secret referenced by MCPServerEntry.spec.headerForward.addHeadersFromSecret
+	// is exposed as TOOLHIVE_SECRET_<IDENT> via valueFrom.secretKeyRef. The vMCP
+	// runtime reads these through secrets.EnvironmentProvider at request time.
+	headerEnv, err := r.buildHeaderForwardEnvVarsForEntries(ctx, vmcp.Namespace, typedWorkloads)
+	if err != nil {
+		return nil, fmt.Errorf("failed to build header forward env vars: %w", err)
+	}
+	env = append(env, headerEnv...)
+
 	// Always mount HMAC secret for session token binding.
 	env = append(env, r.buildHMACSecretEnvVar(vmcp))
 
@@ -482,6 +492,71 @@ func (r *VirtualMCPServerReconciler) buildOutgoingAuthEnvVars(
 	return env
 }
 
+// buildHeaderForwardEnvVarsForEntries iterates entry-type workloads and emits one
+// env var per (entry, header) declared in spec.headerForward.addHeadersFromSecret.
+// Each env var uses valueFrom.secretKeyRef so the Secret value is injected by
+// Kubernetes at pod start and never stored in the vMCP ConfigMap.
+//
+// The env var name is TOOLHIVE_SECRET_<IDENT> where <IDENT> is generated by
+// ctrlutil.GenerateHeaderForwardSecretEnvVarName(entry.Name, headerName). Scoping
+// by entry name prevents collisions when multiple entries in the group declare
+// the same header.
+//
+// Returns (nil, nil) when no entries declare Secret-backed headers — this is the
+// common case and produces no env var churn on the Deployment spec.
+func (r *VirtualMCPServerReconciler) buildHeaderForwardEnvVarsForEntries(
+	ctx context.Context,
+	namespace string,
+	typedWorkloads []workloads.TypedWorkload,
+) ([]corev1.EnvVar, error) {
+	// Early return if no MCPServerEntry workloads to avoid unnecessary API calls.
+	hasEntries := false
+	for _, workload := range typedWorkloads {
+		if workload.Type == workloads.WorkloadTypeMCPServerEntry {
+			hasEntries = true
+			break
+		}
+	}
+	if !hasEntries {
+		return nil, nil
+	}
+
+	entryMap, err := r.listMCPServerEntriesAsMap(ctx, namespace)
+	if err != nil {
+		return nil, fmt.Errorf("failed to list MCPServerEntries: %w", err)
+	}
+
+	var envVars []corev1.EnvVar
+	for _, workload := range typedWorkloads {
+		if workload.Type != workloads.WorkloadTypeMCPServerEntry {
+			continue
+		}
+		entry, found := entryMap[workload.Name]
+		if !found || entry.Spec.HeaderForward == nil {
+			continue
+		}
+		for _, ref := range entry.Spec.HeaderForward.AddHeadersFromSecret {
+			if ref.ValueSecretRef == nil {
+				continue
+			}
+			envVarName, _ := ctrlutil.GenerateHeaderForwardSecretEnvVarName(entry.Name, ref.HeaderName)
+			envVars = append(envVars, corev1.EnvVar{
+				Name: envVarName,
+				ValueFrom: &corev1.EnvVarSource{
+					SecretKeyRef: &corev1.SecretKeySelector{
+						LocalObjectReference: corev1.LocalObjectReference{
+							Name: ref.ValueSecretRef.Name,
+						},
+						Key: ref.ValueSecretRef.Key,
+					},
+				},
+			})
+		}
+	}
+
+	return envVars, nil
+}
+
 // discoverExternalAuthConfigSecrets discovers ExternalAuthConfigs from workloads in the group
 // and returns environment variables for their client secrets. This is used for discovered mode.
 func (r *VirtualMCPServerReconciler) discoverExternalAuthConfigSecrets(