Update stacklok/toolhive-registry-server to v1.4.4

[renovate]

This PR contains the following updates:

Package	Update	Change
stacklok/toolhive-registry-server	patch	v1.4.3 → v1.4.4

After this PR opens, .github/workflows/upstream-release-docs.yml adds source-verified content edits for the new release. For stacklok/toolhive, the same workflow also syncs reference assets (CLI help, Swagger) and regenerates the CRD MDX pages.

---

Release Notes

stacklok/toolhive-registry-server (stacklok/toolhive-registry-server)

v1.4.4

Compare Source

What's Changed

• Update anthropics/claude-code-action digest to dde2242 by @​renovate[bot] in #​786
• Update go modules by @​renovate[bot] in #​787
• Update github actions by @​renovate[bot] in #​789
• Update docker images by @​renovate[bot] in #​788
• Remove scopes_supported from protected resource metadata by @​rdimitrov in #​791
• Migrate K8s controller to v1beta1 MCP CRDs by @​rdimitrov in #​793
• Release v1.4.4 by @​toolhive-release-app[bot] in #​794

Full Changelog: stacklok/toolhive-registry-server@v1.4.3...v1.4.4

---

Configuration

📅 Schedule: (in timezone America/New_York)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

---

Docs update for toolhive-registry-server v1.4.4

At a glance

Upstream	stacklok/toolhive-registry-server v1.4.3 → v1.4.4
Hand-written changes	1 commit(s)
Reference assets	unchanged
Gaps	0
Release contributors	1 auto-assigned (see sidebar)
Action required	Spot-check skill-authored prose for accuracy

Summary of changes

Summary of changes

• Updated docs/toolhive/guides-registry/authentication.mdx to remove the scopesSupported config field and the scopes_supported discovery field, which were removed upstream in Remove scopes_supported from protected resource metadata toolhive-registry-server#791.
• Updated docs/toolhive/guides-registry/deploy-operator.mdx to drop scopesSupported from the OAuth configuration field table for the same reason.

No doc edits were needed for stacklok/toolhive-registry-server#793 (mcpv1alpha1 → mcpv1beta1 import refactor in internal/kubernetes/) — the docs already describe toolhive.stacklok.dev/v1beta1 as the active CRD API version.

Run cost

Session	Turns	Cost (USD)
Generation	54	$3.0918
Editorial review	28	$1.6444
Total	82	$4.7362

How this PR was built

Two Claude Opus sessions run per release: a generation pass
(upstream-release-docs skill, 6 phases) followed by a fresh-
context editorial pass (docs-review). Prettier/ESLint
auto-fixes are applied after.

Auto-synced paths — do not hand-edit these in review:

• docs/toolhive/reference/cli/
• docs/toolhive/reference/crds/
• static/api-specs/

If a "Gaps needing human context" section is present above,
each entry includes a paste-ready Helper prompt for local
Claude a reviewer can use to resolve the gap.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs-website	Ready	Preview, Comment	May 20, 2026 3:18pm

[claude]

Claude encountered an error after 11s —— View job

---

I'll analyze this and get back to you.

[github-actions]

Caution

Docs augmentation failed. Run log.
Retry: gh workflow run upstream-release-docs.yml -f pr_number=887

[claude]

Claude finished @renovate[bot]'s task in 4m 38s —— View job

---

Upstream release docs: toolhive-registry-server v1.4.3 → v1.4.4

• Phase 1: Discovery — release covers 7 PRs; docs-relevant ones are Remove scopes_supported from protected resource metadata toolhive-registry-server#791 and Migrate K8s controller to v1beta1 MCP CRDs toolhive-registry-server#793.
• Phase 2: Deep dive
  • Remove scopes_supported from protected resource metadata toolhive-registry-server#791 (Remove scopes_supported): removes the field from the emitted /.well-known/oauth-protected-resource metadata, the OAuthConfig.ScopesSupported config key, and DefaultScopes. Source verified against internal/auth/well_known.go and internal/config/config.go at v1.4.4 — neither contains any Scopes* symbol.
  • Migrate K8s controller to v1beta1 MCP CRDs toolhive-registry-server#793 (Migrate to v1beta1 MCP CRDs): internal Go import refactor (mcpv1alpha1 → mcpv1beta1) in internal/kubernetes/. The docs already describe toolhive.stacklok.dev/v1beta1 as the active apiVersion, so no doc-website changes.
• Phase 3: Audit impact map
• Phase 4: Implement edits
  • docs/toolhive/guides-registry/authentication.mdx: removed scopesSupported row from the OAuth config field table, removed scopesSupported: from the complete example, and removed scopes_supported from the discovery response example.
  • docs/toolhive/guides-registry/deploy-operator.mdx: removed scopesSupported row from the OAuth config field table.
• Phase 5: Validate — prettier and eslint clean. The npm run build step fails in this sandbox because the mcp-metadata-plugin cannot reach external data sources; the PR's CI will run the real build.
• Phase 6: Wrote SUMMARY.md, committed, and pushed 58d7fb9.

Other matches for scopes_supported / scopesSupported elsewhere in the docs belong to unrelated components (toolhive's embedded auth server and vMCP) and remain accurate. Auto-generated files under static/api-specs/** were not touched.
· Branch

[claude]

Claude finished @renovate[bot]'s task in 2m 39s —— View job

---

Editorial review for v1.4.4 docs changes

• Read both changed files (authentication.mdx, deploy-operator.mdx)
• Verified no stranded scopes_supported / scopesSupported / mcp-registry:read|write references in docs/toolhive/guides-registry/
• Confirmed remaining hits in concepts/embedded-auth-server.mdx and guides-vmcp/authentication.mdx are unrelated components (toolhive's embedded auth server, vMCP) and were correctly preserved
• Spot-checked tables, YAML, and JSON examples for awkward flow after removals — none found
• Spot-checked front matter descriptions against the style guide — within length and style limits

Findings

No actionable editorial fixes. The commit is a set of surgical removals:

• authentication.mdx field table (docs/toolhive/guides-registry/authentication.mdx:67-73): row removed, column widths realigned cleanly.
• authentication.mdx complete OAuth example (docs/toolhive/guides-registry/authentication.mdx:92-111): scopesSupported block removed; surrounding fields flow naturally.
• authentication.mdx discovery response example (docs/toolhive/guides-registry/authentication.mdx:392-402): scopes_supported key removed; remaining keys retain a logical order (resource → authorization_servers → bearer_methods_supported → resource_documentation).
• deploy-operator.mdx field table (docs/toolhive/guides-registry/deploy-operator.mdx:468-472): row removed, columns realigned.

Notes

• Pre-existing observation (not in scope to fix here, per "don't introduce new claims"): the OAuth configuration fields table in deploy-operator.mdx:468-472 documents only mode/resourceUrl/realm, while the equivalent table in authentication.mdx:67-73 also lists publicPaths and providers. That asymmetry predates this PR.

Nothing committed in this pass.
· Branch