Fix: log HTTP connection errors to stderr for operator visibility#3514
Conversation
When an HTTP backend connection fails (e.g., 401 auth errors), log the error to stderr via log.Printf so operators can see the reason. The error chain includes the backend response body with specific messages like "Missing API key" or "Invalid API key". This fixes TestTavilyAuthFailure integration tests which check stderr for these error messages. Agent-Logs-Url: https://github.com/github/gh-aw-mcpg/sessions/40888e44-12ac-4b0d-b93b-083f02fe9a52 Co-authored-by: lpcox <15877973+lpcox@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
This PR updates the launcher’s HTTP-backend connection path to ensure connection/auth failures become visible on stderr (in addition to the existing file logger output), aligning runtime/operator visibility with the integration tests’ expectations.
Changes:
- Emit an additional stderr log line when
mcp.NewHTTPConnectionfails for an HTTP backend. - Preserve existing structured/file logging and server error state recording.
Show a summary per file
| File | Description |
|---|---|
| internal/launcher/launcher.go | Adds a log.Printf on HTTP connection creation failure to surface backend/auth errors on stderr. |
Copilot's findings
Tip
Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Files reviewed: 1/1 changed files
- Comments generated: 1
| // Create an HTTP connection | ||
| conn, err := mcp.NewHTTPConnection(l.ctx, serverID, serverCfg.URL, serverCfg.Headers, oidcProvider, oidcAudience, l.config.Gateway.HTTPKeepaliveInterval()) | ||
| if err != nil { | ||
| log.Printf("FAILED to create HTTP connection for server %q: %v", serverID, err) |
There was a problem hiding this comment.
This new stderr log prints the raw err from mcp.NewHTTPConnection. That error chain can include full HTTP response bodies (e.g., initialize failed: status=..., body=...) and potentially large or sensitive data, so writing it verbatim to stderr/CI logs risks secret leakage and noisy output. Consider sanitizing/redacting and truncating the error string before printing (and keeping the console format consistent with other launcher stderr logs, e.g. using the [LAUNCHER] prefix).
Summary
Fixes the failing
TestTavilyAuthFailureintegration tests by ensuring HTTP backend connection errors are logged to stderr.Problem
The
TestTavilyAuthFailure/MissingAPIKeyandTestTavilyAuthFailure/InvalidAPIKeyintegration tests were failing because the gateway's HTTP connection errors (including auth failures like 401 responses) were only logged to the file logger (logger.LogErrorWithServer), not to stderr. The tests check stderr for error messages from the backend (e.g., "Missing API key", "Invalid API key").Fix
Added a
log.Printfcall ininternal/launcher/launcher.gowhen an HTTP backend connection fails. This logs the error to stderr, making the backend's error response body (which includes specific messages like "Missing API key") visible in the console output. The error was already being logged to the file logger; this adds stderr output for operator visibility.Changes
internal/launcher/launcher.go: Addedlog.Printffor HTTP connection failure errors, consistent with other operationallog.Printfcalls in the launcher (e.g., container detection, health restarts).Testing
TestTavilyAuthFailure/MissingAPIKey✅TestTavilyAuthFailure/InvalidAPIKey✅