[Bug]: app_user_email not propagated to plugin global context if a context already exists #1550
Description
🐞 Bug Summary
We are interested in developing a security plugin for the mcp-context-forge gateway. In order to make it work, we need to track which user has made which request. Currently in some circumstances, the GlobalContext being sent to the plugin's invoke events has user: null which is wrong. This happens when a plugin GlobalContext is initialised at some point with no user and then re-used without making sure that a user is defined. The fix is simple: just set global_context.user = app_user_email in the case we re-use the global context similarly to how global_context.server_id = gateway_id is already set in the same case.
🧩 Affected Component
Select the area of the project impacted:
-
mcpgateway- API -
mcpgateway- UI (admin panel) -
mcpgateway.wrapper- stdio wrapper - Federation or Transports
- CLI, Makefiles, or shell scripts
- Container setup (Docker/Podman/Compose)
- Other (explain below)
🔁 Steps to Reproduce
- Run a small MCP plugin that just dumps all data it gets. Here's a snippet which runs one as a separate server.
- Add the server to the list of plugins.
- Run the gateway (using
make devfor example) - Set up a secondary account (say
alice@example.com) - Add a simple MCP Server (like
microsoft-docs) and make a virtual server with its tools - Get
alice@example.com's JWT token (using instructions from the README) and set up an MCP client with the wrapper. - Set up an MCP client with the gateway and the JWT token
- Run a query that uses the MCP server's tools
- Observe the snippet script, you will see
user: null
🤔 Expected Behavior
What should have happened instead?
At the last step you should see user: "alice@example.com"
📓 Logs / Error Output
Paste any relevant stack traces or logs here.
Logs from the snippet plugin:
13:07:19 - tool_call_logger.plugin - INFO - Tool call logged: {"hook_type": "tool_post_invoke", "tool_name": "microsoft-docs-microsoft-docs-search", "request_id": "bc2c9a41070941c3abde48ca3f92e5d6", "tenant_id": null, "server_id": "645f7a995ad34bd7883bcafeed096565", "user": "null", "result": ...}
🧠 Environment Info
You can retrieve most of this from the /version endpoint.
| Key | Value |
|---|---|
| Version or commit | v0.9.0 |
| Runtime | Python 3.11, Gunicorn |
| Platform / OS | macOS |
| Container | none |
🧩 Additional Context (optional)
N/A