test(oauth-proxy): don't fail CI when a live upstream is unreachable#4182
Merged
Merged
Conversation
The MCP OAuth Proxy E2E suite proxies metadata / authorize redirects from ~13 LIVE third-party servers (Stripe, OpenRouter, Notion, Supabase, …) and asserts the proxy's discovery/rewriting contract. When one of those servers is slow or down, the proxy correctly returns 502 (bad gateway), but the test asserted 200/ 302 and reddened the `storage-integration` gate — a recurring flake that has blocked unrelated PRs (the OpenRouter `.well-known` fetch timing out at ~12s). Skip a server's contract assertions when the proxy reports the upstream is unreachable (HTTP 502, which none of these tests ever expects), with a loud warning. Every reachable server is still fully asserted, and any non-502 status flows through to the real expectations, so a genuine proxy regression is never masked — only third-party outages stop blocking the merge gate. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
decocms Bot
pushed a commit
that referenced
this pull request
Jun 28, 2026
PR: #4182 test(oauth-proxy): don't fail CI when a live upstream is unreachable Bump type: patch - decocms (apps/mesh/package.json): 3.67.1 -> 3.67.2 Deploy-Scope: server
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
apps/mesh/src/api/routes/oauth-proxy.integration.test.ts(run in the blockingstorage-integrationgate) proxies OAuth metadata / authorize redirects from ~13 live third-party MCP servers (Stripe, OpenRouter, Notion, Supabase, Vercel, …) and asserts the proxy's discovery/rewriting contract (200/302).When one of those servers is slow or down, the proxy correctly returns
502(bad gateway), but the test asserted200/302→ red gate. This is a recurring external-dependency flake — the OpenRouter.well-knownfetch timing out at ~12s has now blocked unrelated PRs (#4180, #4181).Fix
Skip a server's contract assertions when the proxy reports the upstream is unreachable (
HTTP 502, which none of these tests ever expects), with a loudconsole.warn. Applied uniformly to all four live-server loops (protected-resource metadata, auth-server metadata, authorize redirect, resource-param rewrite).No production code touched;
tsc+oxlintclean.🤖 Generated with Claude Code
Summary by cubic
Make the OAuth proxy E2E tests tolerant of live upstream outages by skipping a server’s assertions when the proxy returns 502 (upstream unreachable). This prevents flaky CI from third‑party downtime while keeping full checks for reachable servers.
Written for commit 642ec21. Summary will update on new commits.