fix(mcp): thread run-scoped registry through discoverSchemas#577
Merged
Conversation
Commit 07389b9 added context.registry plumbing into mcpClientFactory.create for McpToolCallTask and McpPromptGetTask, but the discovery hop those tasks take *before* the main call (this.discoverSchemas -> mcpList(...)) was still unconfigured: the nested McpListTask.run() ran with TaskRunner's default registry, which falls back to globalServiceRegistry. In hosts that isolate per-(tenant, project) credential stores on the run-scoped registry, the discovery hop's bearer key never resolved against the right store, and the auth-resolution fallback in resolveAuthSecrets (resolved ?? value) sent the literal credential key name to the remote MCP server as the bearer token. That leaks an internal identifier and breaks discovery against any server that gates listTools/listPrompts behind auth. Threads context.registry through discoverSchemas(_signal, serverConfig, registry) for both tasks, and extends mcpList(input, config, runConfig) to accept a runConfig so the registry reaches the nested McpListTask.run(). Adds McpDiscoveryRegistry.test.ts with regressions that drive the full discovery -> list -> call chain through a stub factory and assert the bearer recorded during discovery comes from the run-scoped store, not the global one. Also covers the client_credentials secret-slot equivalent so the resolver fallback for that auth type is pinned. https://claude.ai/code/session_012goPYgXU4i7BF2k8aDatKP
Coverage Report
File CoverageNo changed files found. |
sroussey
added a commit
that referenced
this pull request
Jun 12, 2026
## @workglow/browser-control ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/task-graph ### Features - add bugs URL to package.json files across all packages and providers ### Bug Fixes #### task-graph,storage - cache restart-resume + SharedInMemory sync barrier (#552) ### Documentation #### task-graph - fix TaskOutputTabularRepository README examples for new constructor signature ## @workglow/javascript ### Features - add bugs URL to package.json files across all packages and providers ### Bug Fixes - tsgo issue ## @workglow/ai ### Features - add typecheck budget guard to catch type-instantiation regressions (#555) - add bugs URL to package.json files across all packages and providers ### Bug Fixes #### ai - export ChunkRetrievalInputSchema + nightly schema-vs-type drift guard (#565) ## @workglow/knowledge-base ### Features - add bugs URL to package.json files across all packages and providers ## workglow ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/storage ### Features - add bugs URL to package.json files across all packages and providers ### Bug Fixes #### task-graph,storage - cache restart-resume + SharedInMemory sync barrier (#552) ## @workglow/mcp ### Features - add bugs URL to package.json files across all packages and providers ### Bug Fixes #### mcp - thread run-scoped registry through discoverSchemas (#577) - resolve auth credentials through the run-scoped registry ## @workglow/util ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/test ### Features - add bugs URL to package.json files across all packages and providers #### supabase - add Supabase vector storage with pgvector support (#578) ### Bug Fixes #### mcp - thread run-scoped registry through discoverSchemas (#577) - resolve auth credentials through the run-scoped registry #### task-graph,storage - cache restart-resume + SharedInMemory sync barrier (#552) ### Tests - pin HF router provider for tool-calling conformance tests (#564) ### Chores - update deps ### Updated Dependencies - `@aws-sdk/client-sqs`: ^3.1068.0 - `@cloudflare/workers-types`: ^4.20260612.1 - `@types/dom-chromium-ai`: ^0.0.17 - `miniflare`: ^4.20260611.0 ## @workglow/tasks ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/job-queue ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/indexeddb ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/openai ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/llamacpp-server ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/mlx ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/electron ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/ollama ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/node-llama-cpp ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/aws ### Features - add bugs URL to package.json files across all packages and providers ### Chores - update deps ### Updated Dependencies - `@aws-sdk/client-sqs`: ^3.1068.0 ## @workglow/anthropic ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/google-gemini ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/postgres ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/stable-diffusion-server ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/supabase ### Features - add bugs URL to package.json files across all packages and providers #### supabase - add Supabase vector storage with pgvector support (#578) ## @workglow/playwright ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/sqlite ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/cloudflare ### Features - add bugs URL to package.json files across all packages and providers ### Chores - update deps ### Updated Dependencies - `@cloudflare/workers-types`: ^4.20260612.1 ## @workglow/huggingface-transformers ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/tf-mediapipe ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/chrome-ai ### Features - add bugs URL to package.json files across all packages and providers ### Chores - update deps ### Updated Dependencies - `@types/dom-chromium-ai`: ^0.0.17 ## @workglow/huggingface-inference ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/cactus ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/bun-webview ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/cli ### Features - add bugs URL to package.json files across all packages and providers ## @workglow/web ### Features - add bugs URL to package.json files across all packages and providers ### Chores - update deps ### Updated Dependencies - `@tailwindcss/vite`: ^4.3.1 - `tailwindcss`: ^4.3.1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Commit
07389b9("fix(mcp): resolve auth credentials through the run-scoped registry") wiredcontext.registryintomcpClientFactory.create(...)insideMcpToolCallTask.execute/McpPromptGetTask.execute. But both tasks'execute()first callsthis.discoverSchemas(context.signal, serverConfig), which internally callsmcpList(...)— a freshnew McpListTask(config).run(input)with NO run config. The nested run defaultedTaskRunner.runner.registrytoglobalServiceRegistry(packages/task-graph/src/task/TaskRunner.ts:94, 629), so in hosts that isolate per-(tenant, project) credential stores on the run-scoped registry, the discovery hop's bearer key never resolved against the right store.Combined with the
resolved ?? valuefallback inresolveAuthSecrets(packages/mcp/src/util/McpAuthProvider.ts:388), the discoverylistTools/listPromptsrequest sends the literal credential key name to the remote MCP server as a bearer token — leaking an internal identifier and breaking discovery against any server that gates list endpoints behind auth.Fix (option a)
Picked option (a) — kept the
mcpList(...)call insidediscoverSchemasand threaded a registry through it:mcpList(input, config, runConfig)— new optional third arg, forwarded intoMcpListTask.run(input, runConfig). Keeps the standalone task as the single source of truth for client construction.McpToolCallTask.discoverSchemas(_signal, serverConfig, registry)andMcpPromptGetTask.discoverSchemas(_signal, serverConfig, registry)accept the registry and forward it viamcpList(..., { registry }).execute()methods passcontext.registryintodiscoverSchemas(...).Option (b) — open the client inline and skip
mcpListentirely — would have moved logic out of the task layer and duplicated the close/error handling. Option (a) is a strictly smaller change.Test
New
packages/test/src/test/mcp/McpDiscoveryRegistry.test.tsexercises the full discovery → list-tools → call-tool chain with a run-scoped credential store. Pattern follows the existingMcpClientUtil.test.ts:ServiceRegistryinstances — a global with aWRONG-global-valuebearer, a run-scoped withRIGHT-run-value.mcpClientFactory.createso that every client construction (discovery + main call) calls back intoresolveMcpClientAuth(config, registry)and records the bearer header.McpToolCallTaskandMcpPromptGetTaskwithtask.run({}, { registry: runScoped })and asserts the discovery hop's recorded bearer equals the run-scoped value, never the literal key.client_credentialsclient_secretresolution against the run-scoped registry — the sameresolved ?? valuefallback applies to that auth type, so the reviewer's coverage-gap concern is closed.Test plan
bun scripts/test.ts mcp vitest— 7 files, 106 tests, all pass (3 new tests inMcpDiscoveryRegistry.test.ts).bunx tsgo -b packages/mcp packages/test— clean typecheck.main-targeted PR.https://claude.ai/code/session_012goPYgXU4i7BF2k8aDatKP
Generated by Claude Code