toolhive VS Playwright

With the new network isolation features in ToolHive, you don’t have to trust. You can verify – and enforce.

GitHub

At Stacklok, we created ToolHive because we saw a gap in running MCP servers easily but also securely. As security engineers, we knew there had to be a better way.

This looks interesting, but anytime security is offloaded to an LLM I am extremely skeptical. IMO the right way to do this is to enforce permissions explicitly through a AuthZ policy. Something like what Toolhive [0] is doing is the right way I think.

All MCP comms from client to server go through an SSE proxy which has AuthN and AuthZ enabled. You can create custom policies for AuthZ using Cedar [1].

[0] https://github.com/stacklok/toolhive, https://github.com/stacklok/toolhive/blob/main/docs/authz.md

Building on our earlier discussion about enterprises needing dedicated hosting for MCP servers and ToolHive's Kubernetes-based solution, we're excited to announce our new Kubernetes Operator for ToolHive. This specialised tool streamlines the secure deployment of MCP servers to Kubernetes environments for enterprise and engineers.

For more details, check out the README .

The team at Stacklok, empowered by our CEO, Craig McLuckie (and co-creator of Kubernetes), recently released ToolHive, an open source project that offers a convenient way to run MCP servers with familiar technologies with authentication, authorization and network isolation. Let’s take a closer look at how ToolHive and Kubernetes come together to support MCP in an enterprise environment.

As more teams start deploying MCP servers to power tool-calling agents, one question comes up fast: how do you control who can call what? It’s not just about verifying identity, it’s about enforcing the right permissions, without bloating every server with bespoke auth logic. ToolHive was built to solve exactly this problem. It separates authentication from authorization, integrates cleanly with existing identity providers, and uses Amazon’s Cedar policy language to define clear, auditable access rules. The result is a simple but powerful way to lock down tool access without embedding auth logic into every server you run.

We are excited about the potential of Model Context Protocol (MCP) servers and inspired to make it more consistent to set up, easier to configure and overall secure. So, we're releasing ToolHive as an open-source project that uses existing technology (e.g. Docker and Kubernetes) for better packaging, security utilities, and more. Let's build on MCP together!

Fast and reliable end-to-end testing for modern web apps | Playwright

Playwright v1.54 isn’t a flashy release—but it’s a smart one. With enhanced test annotations, CHIPS-aligned cookie handling, and cleaner reporting, it's setting the groundwork for privacy-centric and maintainable testing at scale.

This guide shows how to test the entire registration flow, including real email confirmation, using Playwright and temporary inboxes created with Tigrmail. You'll get a working test in minutes and a clean way to automate email-based flows.

Playwright for end-to-end testing with canvas interactions

await expect(locator).toMatchAriaSnapshot(` - list - /children: equal - listitem: Feature A - listitem: - link "Feature B": - /url: "https://playwright.dev" `);

Playwright documentation

This is pretty cool - the Jira/Linear integration could save a ton of manual work. How do you handle test data setup and teardown? That's usually where these workflows get messy.

For alternatives in this space, there's qawolf (https://qawolf.com) for similar automated testing workflows, or I'm actually building bug0 (https://bug0.com) which also does AI-powered test automation, still in beta. For the more established players there's always Cypress (https://cypress.io) and Playwright (https://playwright.dev) if you want to stay closer to code, or TestRail (https://testrail.com) + Browserstack (https://browserstack.com) for the enterprise route.

Will definitely try the demo - the acceptance criteria parsing sounds like it could catch a lot of edge cases that usually slip through.

Privotron is built on a modern Python stack that leverages several powerful libraries for browser automation and configuration management. At its core, the application uses Playwright, a robust browser automation framework that provides cross-browser support and reliable DOM interaction capabilities. The command-line interface is implemented using Click, which enables sophisticated argument parsing and validation with minimal boilerplate code. For configuration management, Privotron employs PyYAML to parse broker-specific YAML files, allowing for declarative definitions of opt-out workflows. The architecture combines declarative configuration with imperative execution, allowing for a flexible and extensible system that can adapt to the varied requirements of different data broker opt-out processes.

In my job, I've encountered a tool called Playwright for this purpose and was greatly impressed by its capabilities. You can program it to do all the things you do manually -- and run them automatically without needing to open a browser. It's no wonder someone took the time to transform such bloatware as a modern browser into something more automation-friendly. Amazing!