Add Virtual MCP Server documentation (#326)

* Add Virtual MCP Server documentation skeleton

Add documentation structure for the new Virtual MCP Server feature
that aggregates multiple MCP servers into a single unified endpoint.

New guides (docs/toolhive/guides-vmcp/):
- index.mdx: Landing page
- intro.mdx: Introduction and use cases
- quickstart.mdx: Getting started with VirtualMCPServer CRD
- configuration.mdx: CRD configuration reference
- tool-aggregation.mdx: Conflict resolution strategies
- authentication.mdx: Two-boundary auth model
- composite-tools.mdx: Multi-step workflows

New concept page:
- concepts/vmcp-architecture.mdx: Architecture overview

New tutorial:
- tutorials/quickstart-vmcp.mdx: End-to-end tutorial

The documentation contains placeholder TODOs for detailed examples
and manifests to be filled in.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Address PR feedback for Virtual MCP documentation

Changes based on review feedback:

- Fix "VS Code" to "Visual Studio Code" on first use (style guide)
- Fix link text to match page title in intro.mdx
- Remove redundant guides-vmcp/quickstart.mdx (duplicates tutorial)
- Update sidebars.ts to remove quickstart from guides section
- Rewrite concepts/vmcp-architecture.mdx to be user-focused:
  - Explain "why" vMCP exists and when to use it
  - Cover key capabilities with practical examples
  - Follow Diataxis "Explanation" documentation style
  - Remove developer-focused architecture details

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Fix unimplemented pass_through auth strategy references

Replace pass_through (not implemented) with actual implemented strategies:
- unauthenticated: for backends requiring no auth
- header_injection: for API keys and bearer tokens
- token_exchange: for RFC 8693 token exchange

The only implemented outgoing auth strategies are:
- unauthenticated
- header_injection
- token_exchange

pass_through is in the design but not yet implemented (see TODO in
pkg/vmcp/config/validator.go).

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Fix broken link to deleted quickstart.mdx

Update configuration.mdx to link to intro.mdx instead of the
deleted quickstart.mdx file.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Address PR feedback for Virtual MCP documentation

- Change title from "Virtual MCP architecture" to "Understanding Virtual
  MCP Server" to better reflect user-focused content
- Remove specific percentages (90%, 87%) that sound LLM-generated
- Simplify authentication section: reference MCP spec mechanism instead
  of specific implementation details like token exchange
- Update related links to match new title

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Fix vMCP docs to match actual CRD field names

- authentication.mdx: Fix outgoing auth types to use actual CRD values
  (discovered, pass_through, external_auth_config_ref) instead of
  fictional types (unauthenticated, token_exchange, header_injection)
- authentication.mdx: Clarify that MCPExternalAuthConfig defines the
  actual auth strategies (tokenExchange, headerInjection)
- composite-tools.mdx: Fix field names (dependsOn, onError, maxRetries)
  to match CRD; remove fictional elicitation fields (onDecline, onCancel)
- configuration.mdx: Refactor from reference doc to how-to guide; link
  to autogenerated CRD spec; fix incoming auth types (anonymous, local,
  oidc with kubernetes/configMap/inline subtypes)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Add working YAML examples to vMCP quickstart tutorial

Replace TODO placeholders with actual working examples provided by
jhrozek from testing:
- MCPGroup manifest for demo-tools
- MCPServer manifests for fetch and osv servers
- VirtualMCPServer manifest with anonymous auth and prefix strategy

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Fix vMCP docs: remove non-existent CRD features

Verified against VirtualMCPServer CRD (virtualmcpserver_types.go):
- Remove pass_through from outgoing auth (CRD only has discovered,
  external_auth_config_ref)
- Add Failed to status phase list (CRD has Pending, Ready, Degraded,
  Failed)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Address jhrozek's PR feedback on vMCP documentation

Based on PR review feedback:

authentication.mdx:
- Add OIDC inline configuration example with clientSecretRef
- Add Kubernetes service account token example
- REMOVE token caching section (not implemented per jhrozek)

configuration.mdx:
- REMOVE token caching section (not implemented)
- Add link to quickstart for MCPGroup reference

composite-tools.mdx:
- Add info admonition noting elicitation has not been extensively tested

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Remove unimplemented features, add tool aggregation example

authentication.mdx:
- Remove Cedar authorization section (not implemented for vMCP)
- Remove Cedar policies link from related information

tool-aggregation.mdx:
- Add note that MCPToolConfig via toolConfigRef is in development
- Add complete working example with MCPGroup, MCPServers, and
  VirtualMCPServer showing prefix-based conflict resolution

Verified against CRD definitions in virtualmcpserver_types.go,
mcpserver_types.go, and mcpgroup_types.go.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Add workflow examples to composite-tools.mdx

Replace TODO placeholders with working examples:
- Incident investigation: parallel data gathering with dependsOn
- Deployment with approval: elicitation step for human-in-the-loop
- Cross-system data aggregation: template expansion between steps
- Complete VirtualMCPServer manifest with inline composite tool

Fixed parameter format to use JSON Schema (type: object, properties,
required) instead of shorthand notation.

Verified against CompositeToolSpec and WorkflowStep definitions in
virtualmcpserver_types.go.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Add VS Code configuration to vMCP quickstart

Adds VS Code/Copilot mcp.json configuration instructions to the
Virtual MCP Server quickstart tutorial. Includes file paths for
macOS and Linux, and links to client compatibility reference for
other MCP clients.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Fix vMCP documentation based on cluster testing (#331)

* Fix VirtualMCPServer output columns in quickstart

Update expected kubectl output to match actual CRD printer columns:
- Change STATUS to PHASE
- Add BACKENDS and READY columns

Verified by testing against live cluster.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Fix minimal VirtualMCPServer config to include required incomingAuth

The vMCP binary requires incomingAuth.type to be specified. Without it,
the pod crashes with: "incoming_auth.type must be one of: oidc, local,
anonymous"

Verified by testing against live cluster.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Add note about optional clientSecretRef for token introspection

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

---------

Co-authored-by: Claude <[email protected]>

* Fix composite tools example tool reference (#337)

- Change fetch.fetch_url to fetch.fetch (correct tool name)
- Add comment clarifying llm.summarize is a hypothetical backend

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <[email protected]>

* Simplify authentication docs to tested configurations (#343)

- Add warning for anonymous incoming authentication
- Simplify outgoing auth to discovery mode only (tested working)
- Remove broken default config (CRD/binary type mismatch)
- Remove external_auth_config_ref examples (pending code fixes)
- Remove TODO placeholders
- Add link to configuration guide

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-authored-by: Claude <[email protected]>

* Fix outgoing auth and clarify OIDC clientSecretRef (#344)

* Simplify outgoing auth in configuration docs

- Remove broken default.type: discovered config
- Remove broken source: mixed with external_auth_config_ref example
- Simplify to just source: discovered (tested working)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

* Clarify OIDC clientSecretRef is for opaque tokens

- Separate basic OIDC example (without clientSecretRef)
- Add explanation for opaque OAuth token introspection
- Show full example with clientSecretRef for that use case

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <[email protected]>

---------

Co-authored-by: Claude <[email protected]>

* Polish vMCP docs (#347)

* Polish vMCP documentation

- Apply consistent terminology: 'Virtual MCP Server (vMCP)' on first
  mention, then 'vMCP'
- Rewrite bullet lists with complete sentences
- Add MCPGroup context explanation on first use
- Expand outgoing auth configuration details
- Enhance experimental feature warning
- Improve language directness

* Add vMCP usage to style guide and LLM instructions

* Note that vMCP is part of the operator

* Add vMCP to nav menu

* Polish the intro

* Polish the config guide

- Add MCPGroup section since it doesn't have its own guide
- Remove redundant auth content, just point to auth guide
- Note that ClusterIP can be exposed via Ingress/Gateway

* Add vMCP CRDs to operator deployment guide

* Rename vMCP concepts file and re-order guides

Feels like the tool aggregation and composite guides logically belong
together.

* Polish auth guide

* Polish tool aggregation guide

* Polish composite tools guide

- Soften technical jargon ("DAG")
- Add basic info up front before the full use cases
- Make sure all YAML snippets have parent keys to make location
  and indentation clear

* Polish the quickstart and concepts guides

* Add quickstart and concepts links to index

* Clarify inbound auth spec conformance

* Clarify service options

---------

Signed-off-by: Dan Barr <[email protected]>
Co-authored-by: Dan Barr <[email protected]>

* Address feedback about terminology

Signed-off-by: Juan Antonio Osorio <[email protected]>

---------

Signed-off-by: Dan Barr <[email protected]>
Signed-off-by: Juan Antonio Osorio <[email protected]>
Co-authored-by: Claude <[email protected]>
Co-authored-by: Jakub Hrozek <[email protected]>
Co-authored-by: Dan Barr <[email protected]>
Co-authored-by: Dan Barr <[email protected]>

Author: 4 people

.github/copilot-instructions.md

@@ -107,6 +107,7 @@ Common terms used in this project:
 - open source (not "open-source")
 - large language model (LLM)
 - Visual Studio Code ("VS Code" after first use)
+- Virtual MCP Server (vMCP) - a feature of ToolHive that aggregates multiple MCP servers into a single endpoint; use "Virtual MCP Server (vMCP)" on first use, "vMCP" thereafter
 
 Check this list for consistent use within the documentation. If you find inconsistencies, update the text to match the preferred term. If you find a term that is not listed here, consider adding it to the list for future reference.
 

AGENTS.md

@@ -107,6 +107,7 @@ Common terms used in this project:
 - open source (not "open-source")
 - large language model (LLM)
 - Visual Studio Code ("VS Code" after first use)
+- Virtual MCP Server (vMCP) - a feature of ToolHive that aggregates multiple MCP servers into a single endpoint; use "Virtual MCP Server (vMCP)" on first use, "vMCP" thereafter
 
 Check this list for consistent use within the documentation. If you find inconsistencies, update the text to match the preferred term. If you find a term that is not listed here, consider adding it to the list for future reference.
 

STYLE-GUIDE.md

@@ -263,6 +263,11 @@ all caps. Written out, it is lower-cased.
 applications provide context to LLMs. MCP is an abbreviation, so it's written in
 all caps. Written out, it is proper-cased.
 
+**vMCP**: Virtual MCP Server, a feature of ToolHive that aggregates multiple MCP
+servers into a single endpoint. It's written with a lowercase "v" followed by
+"MC" in all caps and a capital "P" (not "VMCP" or "Vmcp"). Use "Virtual MCP
+Server (vMCP)" on first use, "vMCP" thereafter.
+
 **npm**: the registry for JavaScript packages (the "npm registry"), and the
 default package manager for JavaScript. Since it's both the registry _and_ the
 package manager, it may be useful to disambiguate "the npm registry". It's not

docs/toolhive/concepts/vmcp.mdx

@@ -0,0 +1,145 @@
+---
+title: Understanding Virtual MCP Server
+sidebar_label: Virtual MCP Server (vMCP)
+description:
+  Learn what Virtual MCP Server does, why it exists, and when to use it.
+---
+
+This document explains Virtual MCP Server (vMCP), a feature of the ToolHive
+Kubernetes Operator. You'll learn why it exists, when to use it, and how it
+simplifies managing multiple MCP servers while enabling powerful multi-system
+workflows.
+
+## The problem vMCP solves
+
+**Before vMCP**: Engineers manage 10+ separate MCP server connections, each with
+its own authentication, manually coordinate multi-step workflows across systems,
+and repeatedly configure the same parameters.
+
+**With vMCP**: Connect once to a unified endpoint that aggregates all backend
+MCP servers, execute complex multi-system workflows declaratively, and use
+pre-configured tools with sensible defaults.
+
+## Core value propositions
+
+vMCP delivers four key benefits:
+
+1. **Reduce complexity**: Many connections become one, dramatically simplifying
+   configuration
+2. **Speed up workflows**: Parallel execution across systems instead of
+   sequential calls
+3. **Improve security**: Centralized authentication and authorization with a
+   two-boundary model
+4. **Enable reusability**: Define workflows once, use them everywhere
+
+## Key capabilities
+
+### Multi-server aggregation
+
+Managing 10-20+ MCP server connections is overwhelming. Each server needs its
+own configuration, authentication, and maintenance. vMCP aggregates all backend
+MCP servers into one endpoint with automatic conflict resolution.
+
+**Example scenario**: An engineering team needs access to 8 backend servers
+(GitHub, Jira, Slack, Confluence, PagerDuty, Datadog, AWS, and internal company
+docs). Instead of configuring 8 separate connections, they configure one vMCP
+connection with SSO. This significantly reduces configuration complexity and
+makes onboarding new team members much easier.
+
+When multiple backend MCP servers have tools with the same name (for example,
+both GitHub and Jira have `create_issue`), vMCP automatically prefixes them:
+`github_create_issue`, `jira_create_issue`. You can also define custom names for
+clarity.
+
+### Multi-step workflows (composition)
+
+Real-world tasks span multiple systems and require manual orchestration. vMCP
+lets you define declarative workflows with parallel execution, conditionals,
+error handling, and human-in-the-loop approval gates.
+
+**Example scenario**: During an incident investigation, you need logs from your
+logging system, metrics from your monitoring platform, traces from your tracing
+service, and infrastructure status from your cloud provider. Without vMCP, an
+engineer manually runs 4 commands sequentially and aggregates results. With
+vMCP, you fetch all of this in parallel, automatically aggregate it into a
+formatted report, and create a Jira ticket with all the data. This workflow is
+reusable for every incident.
+
+**Example scenario**: For an app deployment, merge the pull request, wait for
+tests, ask a human for approval, deploy only if approved, and notify the team in
+Slack. vMCP handles this entire flow declaratively, with automatic rollback on
+deployment failure.
+
+### Tool customization and overrides
+
+Third-party MCP servers often have generic names, descriptions, and unrestricted
+parameters. vMCP lets you filter, rename, and wrap tools without modifying the
+upstream servers.
+
+**Security policy enforcement**: You can restrict a fetch tool to internal
+domains only (`*.company.com`), validate URLs before calling the backend, and
+provide clear error messages for policy violations.
+
+**Simplified interfaces**: A complex tool like AWS EC2 might have 20+
+parameters, but your frontend team only needs 3. You can create a simplified
+wrapper that uses instance names instead of IDs and pre-fills safe defaults for
+all other parameters.
+
+### Parameter defaults and pre-configuration
+
+Generic servers require repetitive parameter specification. You always use the
+same repo, channel, or database. vMCP lets you create specialized instances with
+pre-configured defaults.
+
+**Example scenario**: Without vMCP, every GitHub query requires specifying
+`repo: stacklok/toolhive`. With vMCP, you pre-configure this default - engineers
+never specify the repo parameter, and they can't accidentally query the wrong
+repository. This eliminates hundreds of repetitive parameter entries per week.
+
+**Example scenario**: Configure staging database as the default (safe for
+development), while production queries require an explicit approval gate.
+Connection details are centralized in vMCP configuration instead of scattered
+across individual tool configurations.
+
+### Authentication boundary separation
+
+Different authentication is needed for clients versus backend MCP servers, and
+managing credentials across multiple systems is complex. vMCP implements a
+two-boundary auth model that separates these concerns.
+
+**How it works**: Clients authenticate to vMCP using OAuth 2.1 authorization as
+defined in the MCP specification. vMCP then handles authentication to each
+backend MCP server independently. Revoking access is simple: disable the user in
+your identity provider and all backend access is revoked instantly.
+
+This approach provides single sign-on for users, centralized access control, and
+a complete audit trail.
+
+## When to use vMCP
+
+### Good fit
+
+- Teams managing 5+ MCP servers
+- Tasks requiring coordination across multiple systems
+- Centralized authentication and authorization requirements
+- Workflows that should be reusable across the team
+- Security policies that need centralized enforcement
+
+### Not needed
+
+- Single MCP server usage
+- Simple, one-step operations
+- No orchestration requirements
+
+## Summary
+
+vMCP transforms MCP from individual servers into a unified orchestration
+platform. The use cases range from simple aggregation to complex workflows with
+approval gates, making it valuable for teams managing multiple MCP servers.
+
+## Related information
+
+- [Deploy vMCP](../guides-vmcp/intro.mdx)
+- [Configure authentication](../guides-vmcp/authentication.mdx)
+- [Tool aggregation and conflict resolution](../guides-vmcp/tool-aggregation.mdx)
+- [Composite tools and workflows](../guides-vmcp/composite-tools.mdx)

docs/toolhive/guides-k8s/deploy-operator-helm.mdx

@@ -33,7 +33,7 @@ chart. To install a specific version, append `--version <VERSION>` to the
 command, for example:
 
 ```bash
-helm upgrade --install toolhive-operator-crds oci://ghcr.io/stacklok/toolhive/toolhive-operator-crds --version 0.0.52
+helm upgrade --install toolhive-operator-crds oci://ghcr.io/stacklok/toolhive/toolhive-operator-crds --version 0.0.73
 ```
 
 ## Install the operator
@@ -52,7 +52,7 @@ chart. To install a specific version, append `--version <VERSION>` to the
 command, for example:
 
 ```bash
-helm upgrade --install toolhive-operator oci://ghcr.io/stacklok/toolhive/toolhive-operator -n toolhive-system --create-namespace --version 0.3.7
+helm upgrade --install toolhive-operator oci://ghcr.io/stacklok/toolhive/toolhive-operator -n toolhive-system --create-namespace --version 0.5.6
 ```
 
 Verify the installation:
@@ -237,21 +237,23 @@ and then apply the CRDs using `kubectl`.
 First, upgrade the CRD Helm chart to match your target operator version:
 
 ```bash
-helm upgrade -i toolhive-operator-crds oci://ghcr.io/stacklok/toolhive/toolhive-operator-crds --version 0.0.52
+helm upgrade -i toolhive-operator-crds oci://ghcr.io/stacklok/toolhive/toolhive-operator-crds --version 0.0.73
 ```
 
 Then apply the CRDs from the same version tag:
 
 ```bash
-kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.52/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpexternalauthconfigs.yaml
-kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.52/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcptoolconfigs.yaml
-kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.52/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpremoteproxies.yaml
-kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.52/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpservers.yaml
-kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.52/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpgroups.yaml
-kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.52/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpregistries.yaml
+kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.73/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpexternalauthconfigs.yaml
+kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.73/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcptoolconfigs.yaml
+kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.73/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpremoteproxies.yaml
+kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.73/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpservers.yaml
+kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.73/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpgroups.yaml
+kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.73/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_mcpregistries.yaml
+kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.73/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_virtualmcpcompositetooldefinitions.yaml
+kubectl apply -f https://raw.githubusercontent.com/stacklok/toolhive/refs/tags/toolhive-operator-crds-0.0.73/deploy/charts/operator-crds/crds/toolhive.stacklok.dev_virtualmcpservers.yaml
 ```
 
-Replace `0.0.52` in both commands with your target CRD version.
+Replace `0.0.73` in both commands with your target CRD version.
 
 ### Upgrade the operator Helm release
 
@@ -267,7 +269,7 @@ This upgrades the operator to the latest version available in the OCI registry.
 To upgrade to a specific version, add the `--version` flag:
 
 ```bash
-helm upgrade -i toolhive-operator oci://ghcr.io/stacklok/toolhive/toolhive-operator -n toolhive-system --reuse-values --version 0.3.7
+helm upgrade -i toolhive-operator oci://ghcr.io/stacklok/toolhive/toolhive-operator -n toolhive-system --reuse-values --version 0.5.6
 ```
 
 If you have a custom `values.yaml` file, include it with the `-f` flag:
@@ -302,6 +304,8 @@ kubectl delete crd mcpremoteproxies.toolhive.stacklok.dev
 kubectl delete crd mcpservers.toolhive.stacklok.dev
 kubectl delete crd mcpgroups.toolhive.stacklok.dev
 kubectl delete crd mcpregistries.toolhive.stacklok.dev
+kubectl delete crd virtualmcpcompositetooldefinitions.toolhive.stacklok.dev
+kubectl delete crd virtualmcpservers.toolhive.stacklok.dev
 ```
 
 Finally, uninstall the CRD Helm chart metadata: