fix(upstream): fail closed on profile lookup miss

David Ruzicka · David Ruzicka · commit d3d4683a5aa8 · 2026-05-02T23:11:12.000+02:00
- prevent HTTP upstream routing from falling back to this.profile
  when transport context cannot resolve the requested profileId
- report invalid upstream_mcp shapes as upstream config errors
  instead of misleading missing openapi_spec_path errors
- add regression tests for both paths
diff --git a/src/mcp/mcp-server.test.ts b/src/mcp/mcp-server.test.ts
@@ -3958,7 +3958,7 @@ paths:
 
     // -------------------------------------------------------------------------
     describe('getUpstreamMcpConfig HTTP fallback (fix: issue #1)', () => {
-      it('falls back to profile.upstream_mcp when httpTransport.getUpstreamMcpConfig returns undefined', async () => {
+      it('does not fall back to profile.upstream_mcp when httpTransport.getUpstreamMcpConfig returns undefined', async () => {
         const server = new MCPServer();
         const provider = { name: 'fallback-provider', transport: { type: 'http-streamable', url: 'https://upstream.example.com/mcp' } };
         (server as any).profile = {
@@ -3988,15 +3988,13 @@ paths:
           'fallback-profile',
         ) as any;
 
-        // Should have routed to upstream (not local tools)
-        expect(mockClientFn).toHaveBeenCalledWith('session-1', provider, undefined);
+        // Fail closed: no upstream routing when the transport context does not own the profile.
+        expect(mockClientFn).not.toHaveBeenCalled();
         expect(response.result).toBeDefined();
+        expect(response.result.tools).toEqual([]);
       });
 
-      it('logs warn when fallback fires for profileId not in transport context', async () => {
-        // The fallback is safe only in single-profile mode. When it fires for a foreign
-        // profileId it returns this.profile.upstream_mcp (potentially the wrong config).
-        // The warn log makes this auditable rather than silent.
+      it('logs warn when upstream config lookup misses for profileId not in transport context', async () => {
         const logger = new JsonLogger();
         const warnSpy = vi.spyOn(logger, 'warn');
 
@@ -4024,9 +4022,10 @@ paths:
         );
 
         expect(warnSpy).toHaveBeenCalledWith(
-          expect.stringContaining('falling back to this.profile.upstream_mcp'),
+          expect.stringContaining('refusing to fall back to this.profile.upstream_mcp'),
           expect.objectContaining({ profileId: 'profile-b' }),
         );
+        expect(mockClientFn).not.toHaveBeenCalled();
       });
     });
 
diff --git a/src/mcp/mcp-server.ts b/src/mcp/mcp-server.ts
@@ -1818,14 +1818,10 @@ export class MCPServer {
     if (this.httpTransport && profileId) {
       const fromTransport = this.httpTransport.getUpstreamMcpConfig(profileId);
       if (fromTransport !== undefined) return fromTransport;
-      // Fallback: safe only in single-profile HTTP mode where runHttp() stores the profile
-      // under defaultProfileId. If profileId normalization diverges (e.g. startup race),
-      // this recovers. In multi-profile mode this would return the wrong profile's config —
-      // the warn log makes the mismatch auditable rather than silent.
       if (this.profile?.upstream_mcp) {
-        this.logger?.warn('getUpstreamMcpConfig: profileId not found in transport context, falling back to this.profile.upstream_mcp', { profileId });
+        this.logger?.warn('getUpstreamMcpConfig: profileId not found in transport context; refusing to fall back to this.profile.upstream_mcp', { profileId });
       }
-      return this.profile?.upstream_mcp;
+      return undefined;
     }
     // stdio path: upstream_mcp cannot be used without a wired client
     if (!this.upstreamStdioWarnLogged && this.profile?.upstream_mcp && !this.getUpstreamClientFn) {
diff --git a/src/profile/profile-resolver.test.ts b/src/profile/profile-resolver.test.ts
@@ -209,9 +209,7 @@ describe('profile-resolver', () => {
     expect(resolved.specPath).toBeUndefined();
   });
 
-  it('throws missing openapi_spec_path for upstream_mcp with invalid shape (no transport.url)', async () => {
-    // looksLikeUpstreamMcpProxy rejects objects that don't have transport.type + transport.url,
-    // so resolveSpecPath treats the profile as non-proxy and throws for missing spec path.
+  it('throws invalid upstream_mcp for object shape missing transport.url', async () => {
     const root = await createTempDir();
     const profilesDir = path.join(root, 'profiles');
     const profilePath = path.join(profilesDir, 'bad-proxy.json');
@@ -223,7 +221,22 @@ describe('profile-resolver', () => {
       upstream_mcp: {},
     });
 
-    await expect(resolveProfileById('bad-proxy', profilesDir)).rejects.toThrow('openapi_spec_path');
+    await expect(resolveProfileById('bad-proxy', profilesDir)).rejects.toThrow('invalid upstream_mcp');
+  });
+
+  it('throws invalid upstream_mcp for legacy array shape without openapi_spec_path', async () => {
+    const root = await createTempDir();
+    const profilesDir = path.join(root, 'profiles');
+    const profilePath = path.join(profilesDir, 'legacy-array-proxy.json');
+
+    await writeJson(profilePath, {
+      profile_name: 'legacy-array-proxy',
+      profile_id: 'legacy-array-proxy',
+      tools: [],
+      upstream_mcp: [{ name: 'legacy', transport: { type: 'http-streamable', url: 'https://example.com/mcp' } }],
+    });
+
+    await expect(resolveProfileById('legacy-array-proxy', profilesDir)).rejects.toThrow('invalid upstream_mcp');
   });
 
   it('extracts env vars and auth methods for profile index', async () => {
diff --git a/src/profile/profile-resolver.ts b/src/profile/profile-resolver.ts
@@ -411,6 +411,7 @@ function resolveSpecPath(
   profilePath: string,
   specPathRaw?: string,
   overrideSpecPath?: string,
+  hasUpstreamMcp = false,
   isUpstreamMcpProxy = false,
 ): string | undefined {
   const trimmed = normalizeSpecPath(specPathRaw);
@@ -422,6 +423,12 @@ function resolveSpecPath(
     if (isUpstreamMcpProxy) {
       return undefined;
     }
+    if (hasUpstreamMcp) {
+      throw new ConfigurationError('Profile has invalid upstream_mcp configuration', {
+        profilePath,
+        path: 'upstream_mcp',
+      });
+    }
     throw new ConfigurationError('Profile is missing openapi_spec_path', { profilePath });
   }
   if (isHttpUrl(trimmed)) {
@@ -574,7 +581,13 @@ export async function resolveProfileById(
   }
 
   const match = matches[0];
-  const specPath = resolveSpecPath(match.profilePath, match.specPathRaw, options?.specPathOverride, match.isUpstreamMcpProxy);
+  const specPath = resolveSpecPath(
+    match.profilePath,
+    match.specPathRaw,
+    options?.specPathOverride,
+    match.hasUpstreamMcp,
+    match.isUpstreamMcpProxy,
+  );
 
   return {
     profileId: match.profileId,
@@ -632,7 +645,13 @@ export async function resolveProfileFromPath(
     throw new ConfigurationError('Profile file does not look like a valid profile', { profilePath: resolvedPath });
   }
 
-  const specPath = resolveSpecPath(resolvedPath, entry.specPathRaw, options?.specPathOverride, entry.isUpstreamMcpProxy);
+  const specPath = resolveSpecPath(
+    resolvedPath,
+    entry.specPathRaw,
+    options?.specPathOverride,
+    entry.hasUpstreamMcp,
+    entry.isUpstreamMcpProxy,
+  );
 
   return {
     profileId: entry.profileId,
