Merge branch 'main' into registry-toolbox-flag

internal/server/server.go

@@ -304,14 +304,10 @@ func hostCheck(allowedHosts map[string]struct{}) func(http.Handler) http.Handler
 	return func(next http.Handler) http.Handler {
 		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			_, hasWildcard := allowedHosts["*"]
-			hostname := r.Host
-			if host, _, err := net.SplitHostPort(r.Host); err == nil {
-				hostname = host
-			}
-			_, hostIsAllowed := allowedHosts[hostname]
+			_, hostIsAllowed := allowedHosts[r.Host]
 			if !hasWildcard && !hostIsAllowed {
-				// Return 403 Forbidden to block the attack
-				http.Error(w, "Invalid Host header", http.StatusForbidden)
+				// Return 400 Bad Request or 403 Forbidden to block the attack
+				http.Error(w, "Invalid Host header", http.StatusBadRequest)
 				return
 			}
 			next.ServeHTTP(w, r)
@@ -410,11 +406,7 @@ func NewServer(ctx context.Context, cfg ServerConfig) (*Server, error) {
 	}
 	allowedHostsMap := make(map[string]struct{}, len(cfg.AllowedHosts))
 	for _, h := range cfg.AllowedHosts {
-		hostname := h
-		if host, _, err := net.SplitHostPort(h); err == nil {
-			hostname = host
-		}
-		allowedHostsMap[hostname] = struct{}{}
+		allowedHostsMap[h] = struct{}{}
 	}
 	r.Use(hostCheck(allowedHostsMap))
 

server.json

@@ -31,6 +31,18 @@
                     "default": "tools.yaml",
                     "isRequired": false
                 },
+                {
+                    "type": "named",
+                    "name": "--tools-files",
+                    "description": "Multiple file paths specifying tool configurations. Files will be merged. Cannot be used with –-tools-file or –-tools-folder.",
+                    "isRequired": false
+                },
+                {
+                    "type": "named",
+                    "name": "--tools-folder",
+                    "description": "Directory path containing YAML tool configuration files. All .yaml and .yml files in the directory will be loaded and merged. Cannot be used with –-tools-file or –-tools-files.",
+                    "isRequired": false
+                },
                 {
                     "type": "named",
                     "name": "--address",
@@ -70,6 +82,82 @@
                         "warn",
                         "error"
                     ]
+                },
+                {
+                    "type": "named",
+                    "name": "--logging-format",
+                    "description": "Specify logging format to use.",
+                    "default": "standard",
+                    "choices": [
+                        "standard",
+                        "json"
+                    ]
+                },
+                {
+                    "type": "named",
+                    "name": "--disable-reload",
+                    "description": "Disables dynamic reloading of tools file.",
+                    "format": "boolean",
+                    "isRequired": false
+                },
+                {
+                    "type": "named",
+                    "name": "--prebuilt",
+                    "description": "Use a prebuilt tool configuration by source type.",
+                    "isRequired": false
+                },
+                {
+                    "type": "named",
+                    "name": "--stdio",
+                    "description": "Listens via MCP STDIO instead of acting as a remote HTTP server.",
+                    "format": "boolean",
+                    "isRequired": false
+                },
+                {
+                    "type": "named",
+                    "name": "--telemetry-gcp",
+                    "description": "Enable exporting directly to Google Cloud Monitoring.",
+                    "format": "boolean",
+                    "isRequired": false
+                },
+                {
+                    "type": "named",
+                    "name": "--telemetry-otlp",
+                    "description": "Enable exporting using OpenTelemetry Protocol (OTLP) to the specified endpoint (e.g. 'http://127.0.0.1:4318').",
+                    "isRequired": false
+                },
+                {
+                    "type": "named",
+                    "name": "--telemetry-service-name",
+                    "description": "Sets the value of the service.name resource attribute for telemetry data.",
+                    "default": "toolbox",
+                    "isRequired": false
+                },
+                {
+                    "type": "named",
+                    "name": "--ui",
+                    "description": "Launches the Toolbox UI web server.",
+                    "format": "boolean",
+                    "isRequired": false
+                },
+                {
+                    "type": "named",
+                    "name": "--allowed-origins",
+                    "description": "Specifies a list of origins permitted to access this server.",
+                    "default": "*",
+                    "isRequired": false
+                },
+                {
+                    "type": "named",
+                    "name": "--help",
+                    "description": "Show help for toolbox",
+                    "isRequired": false
+                },
+                {
+                    "type": "named",
+                    "name": "--version",
+                    "description": "Show version for toolbox",
+                    "isRequired": false
                 }
             ]
         }