docs: sync ADP changes from cloudv2 (2026-07-01)#118
Conversation
…ients AI Gateway now enables OAuth 2.0 Dynamic Client Registration (RFC 7591) globally, so its authorization-server metadata advertises a registration_endpoint and spec-conformant MCP clients (Claude Code, Cursor, ChatGPT) can self-register instead of requiring a manually provisioned OAuth client. Update the remote MCP clients guide to: - Add a section covering how to enable per-tenant self-registration with `rpk ai oauth-client dcr`, the open and initial-access-token admission modes, registration caps and rate limits, Initial Access Token lifecycle, and how to review DCR-issued clients. - Point the manual registration section at the self-registration path. - Remove the outdated "No Dynamic Client Registration" limitation. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01JQB7JbF6ZT53Jx2J5RchsZ
✅ Deploy Preview for redpanda-agentic-data-plane ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
[adp-docs PR critic] Verdict: looks accurate. I verified every factual claim in the diff against cloudv2 source and they match. One suggestion about a precision nuance, plus one optional enhancement. No critical or blocking issues. What I verified against source (all correct):
Suggestion (precision):
Minor (optional enhancement):
Reviewed at head Generated by Claude Code |
Address docs-team-standards review suggestions on the Dynamic Client Registration section: clarify the authorization-code flow phrasing and use sentence case for the "Mint initial access tokens" heading. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
[adp-docs PR critic] Re-review of new commit Since my earlier review at
Neither change introduces or alters any factual claim, so nothing new to verify against cloudv2. The source-accuracy checks from my prior review still hold. For the record, the one advisory suggestion from my earlier review is still open (not a blocker): the section intro still states unconditionally that AI Gateway "advertises a Reviewed at head Generated by Claude Code |
The authorization-server metadata advertises registration_endpoint only after DCR is enabled for the organization (disabled tenants return registration_endpoint: null, per adp/aigw DCR-DEMO.md and RFC section 1). Reorder the section intro so the "off by default" fact precedes the endpoint-advertisement claim, matching source behavior. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ources row
The bare `*` in the monospace default value paired with the `*Restrict*`
bold marker later in the cell, so AsciiDoc bolded the wrong span. Use the
{asterisk} attribute for the literal wildcard so the code renders `*` and
`*Restrict*` bolds correctly.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Per the docs-team-standards terminology list, "once" is ambiguous (one time vs. as soon as); use "after". Applies to the two temporal uses in the self-registration intro and the admission-modes lead-in. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
[adp-docs PR critic] Re-review of commits Three commits landed since my last review at
The source-accuracy checks from my prior reviews still hold, and the earlier suggestion is now addressed. Nothing outstanding on my end. Reviewed at head Generated by Claude Code |
Summary
Syncs a user-facing AI Gateway change from cloudv2 into the ADP docs: OAuth 2.0 Dynamic Client Registration (DCR, RFC 7591) is now enabled by default across gateway clusters, so spec-conformant MCP clients (Claude Code, Cursor, ChatGPT) can self-register instead of requiring a manually provisioned OAuth client.
Preview pages
cloudv2 change documented
d274f01— adp: enable Dynamic Client Registration globally on aigw. Flips the operator-level DCR gate (ingress.idp.dcr.global_enabled) totruein the base and integration aigw configs, so every cluster mounts/oauth/idp/registerand advertisesregistration_endpointin the OAuth authorization-server discovery document. Per-tenant admission stays gated by the DCR settings row (enabled+admission_mode), managed viarpk ai oauth-client dcr.What changed in the docs
modules/connect/pages/remote-mcp-clients.adoc:rpk ai oauth-client dcr update, theopenandinitial-access-tokenadmission modes (and thatsoftware-statementis reserved), registration caps and rate limits (--allowed-resource,--client-cap,--rate-per-hour,--inactive-ttl-days), Initial Access Token mint/list/revoke, and how DCR-issued clients appear (dcr-<id>name, DCR badge, PKCE with no secret).Grounded the CLI surface and admission-mode behavior in cloudv2 source:
apps/rpai/internal/cmd/oauthclient/dcr.go,adp/manifests/aigw/base/config.toml, andapps/aigw/demos/idp-local/DCR-DEMO.md.Not documented (intentionally)
3c20658— deps: bump ai-sdk-go (Claude Sonnet 5). The docs describe models generically ("Claude Opus, Sonnet, and Haiku") and state that Redpanda maintains the model catalog, which auto-updates without a Redpanda release (configure-provider.adoc). No specific model versions are enumerated, so this dependency bump needs no docs change.Reviewer
Added @birdayz (author of the cloudv2 DCR commit) as an optional reviewer for a source-accuracy check. Their approval is not blocking.
Verification
npm run buildcompletes; the new<<self-register-with-dcr>>anchor resolves and the page renders. (Unrelated pre-existing build warnings about GitHub API credentials and missing attributes in other files are not affected by this change.)🤖 Generated with Claude Code
https://claude.ai/code/session_01JQB7JbF6ZT53Jx2J5RchsZ