MCP-417 Improve proxied server resilience

[nquinquenel]

No description provided.

[hashicorp-vault-sonar-prod]

MCP-417

[sonarqube-agent]

SonarQube Remediation Agent

SonarQube found 1 issue in this PR that the agent can fix for you. Est. time saved: ~15 min

1 issue found

• 🟠 Either re-interrupt this method or rethrow the "InterruptedException" that can be caught here. — ProxiedToolsLoader.java:150

• Run Remediation Agent
  Select the checkbox above to enable this action.

View Project in SonarCloud

💡 Got issues in your backlog? Let the agent fix them for you.

[sonar-review-alpha]

Summary

What changed:

• Added automatic download of the sonar-context-augmentation binary for integration tests (replaces manual setup)
• Added binary availability checking before initializing proxied servers—missing binaries are now skipped with clear logging instead of causing hangs
• Updated integration tests to verify both the happy path (binary found) and graceful degradation (binary missing)
• Cleaned up gradle configuration and removed unused imports

Why it matters:
Proxied MCP servers are now resilient to missing binaries. The server will log warnings and continue starting, rather than hanging or failing silently. This makes deployment more forgiving and diagnostics clearer.

What reviewers should know

Where to focus:

1. ProxiedToolsLoader.java (lines 73-87) — The core resilience improvement. It filters out unreachable binaries and logs clearly what's happening. The new isCommandAvailable() method handles both absolute paths and PATH lookups.
2. Integration tests (ProxiedServerITest.java) — Two test scenarios now: happy path with the binary present, and a new test case verifying graceful skip when binary is missing. Note the assertions on exact tool counts (10) and total tools (34) from staging.
3. Gradle build (its/build.gradle.kts) — The downloadCagBinary task handles architecture detection and automatic binary extraction. It runs as a dependency of processTestResources, so binaries are ready before tests run.

Non-obvious details:

• The binary is downloaded to build/cag-binary and copied into test resources at binaries/sonar-context-augmentation
• Workspace mount is now optional via withWorkspaceMount() to support testing with simulated volume mounts
• The missing-binary test ensures no hangs—the server must start successfully even with zero reachable proxied servers

---

• Generate Walkthrough
• Generate Diagram

🗣️ Give feedback

[sonar-review-alpha]

The core resilience fix in ProxiedToolsLoader is sound — checking binary availability before attempting to connect is the right approach. The IT test infrastructure improvements (automated binary download, re-enabling ProxiedServerITest) are also good moves. However, there is one bug that will cause the new missing-binary IT test to always fail: the log message asserted in the test does not match what the implementation actually emits. There are also minor reliability concerns in the build task.

🗣️ Give feedback

[sonar-review-alpha]

The core isCommandAvailable fix in ProxiedToolsLoader is clean, correct, and well-tested. The fail-fast behaviour is exactly right: check before connecting, warn with the binary path and server name, bail out gracefully if nothing is reachable. No correctness issues in the production code.

The build and test infrastructure side has a few reliability gaps worth addressing before this ships.

🗣️ Give feedback

[sonarqube-agent]

SonarQube Remediation Agent

SonarQube found 2 issues in this PR that the agent can fix for you. Est. time saved: ~2 min

2 issues found

• 🟡 Make this line start after 4 spaces instead of 2 in order to indent the code consistently. (Indentation level is at 2.) — ProxiedToolsLoader.java:139
• 🟡 Make this line start after 6 spaces instead of 4 in order to indent the code consistently. (Indentation level is at 2.) — ProxiedToolsLoader.java:141

• Run Remediation Agent
  Select the checkbox above to enable this action.

View Project in SonarCloud

💡 Got issues in your backlog? Let the agent fix them for you.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues
0 New dependency risks

Measures
0 Security Hotspots
80.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud