Update bug report with root cause and fix summary

Two issues caused MCPRemoteProxy to fail connecting to upstream:
X-Forwarded-Host redirect loop and missing redirect following.
Both are now fixed. Document the investigation timeline and
remaining known issues.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: aron-muon

BUG_FIX_ISSUE.md

@@ -1,213 +1,95 @@
-## Issue: MCPRemoteProxy fails to forward requests to upstream MCP servers returning 406
+## Issue: MCPRemoteProxy fails to connect to upstream MCP servers
 
 ### Summary
 
 MCPRemoteProxy with embedded auth server (case 2: client auth, no upstream auth) successfully
-authenticates users via Okta but fails to establish an MCP connection because the upstream
-server rejects all proxied requests with HTTP 406 (Not Acceptable).
+authenticates users via Okta but fails to establish an MCP connection to the upstream server.
 
 ### Environment
 
 - ToolHive operator and proxyrunner from commit `3b834c81` (aron-muon/toolhive fork)
 - Upstream MCP: `https://api.gov.nominal.io/docs/mcp` (Nominal documentation MCP, public, no auth required)
+- Proxy: `nominal-docs.mcp.staging.muonspace.com` (MCPRemoteProxy)
 - Transport: `streamable-http`
 - Auth: Embedded auth server with `disableUpstreamTokenInjection: true`, Okta OIDC upstream
 
-### Root Cause (Hypothesized)
+### Root Cause
 
-The upstream MCP server requires the `Accept: application/json, text/event-stream` header on
-all POST requests (per the MCP streamable-http spec). Without it, the server returns:
+**Two issues combined** to prevent the proxy from reaching the upstream MCP server:
 
-```json
-{"jsonrpc":"2.0","id":"server-error","error":{"code":-32600,"message":"Not Acceptable: Client must accept both application/json and text/event-stream"}}
-```
-HTTP 406.
-
-Direct curl to the upstream with the correct `Accept` header succeeds (HTTP 200 with valid
-MCP response). Direct curl without it returns 406.
-
-### What We Tried
-
-1. **`headerForward.addPlaintextHeaders`** — configured `Accept: application/json, text/event-stream`
-   on the MCPRemoteProxy spec. The middleware is registered (`"header forward middleware
-   configured","headers":"Accept"`) and applied (`"applied middleware","name":"header-forward"`),
-   but the upstream still returns 406.
-
-2. **Middleware ordering verification** — the `header-forward` middleware is outermost (added
-   last in `PopulateMiddlewareConfigs`, applied in reverse order), so it should set the `Accept`
-   header before any other middleware processes the request. The Go `httputil.ReverseProxy` with
-   `Rewrite` creates `pr.Out` as a shallow clone of `pr.In`, so headers set by middleware should
-   propagate to the outbound request.
-
-### Observed Behavior
-
-- Proxy logs show `"applied middleware","name":"strip-auth"` and `"applied middleware","name":"header-forward"` — both are active.
-- Authenticated client requests (Claude Code via Okta OAuth) pass through auth/authz successfully — audit events show `outcome: success` with user identity.
-- All initialize requests complete in `duration_ms: 2` — far too fast for a real upstream round-trip, indicating the upstream rejects immediately.
-- The proxy's internal health check returns `status_code: 401` because it hits the OIDC middleware without a token (separate known issue, non-blocking).
-- After 155 attempts over 5 minutes, the proxy logs `"initialize not successful, but continuing"`.
-- Claude Code reports `Failed to reconnect to nominal-docs-staging`.
-
-### Expected Behavior
-
-The proxy should forward the `Accept: application/json, text/event-stream` header (either from
-the client's original request or from `headerForward` configuration) to the upstream, and the
-upstream should respond with HTTP 200 containing a valid MCP initialize response.
-
----
-
-### Investigation Results
-
-Exhaustive code-level analysis of the entire request path was performed. Findings below.
-
-#### 1. Accept header DOES survive the reverse proxy (code is correct)
-
-Traced the full path from middleware to upstream:
-
-1. `pkg/transport/middleware/header_forward.go:130-134` — middleware calls
-   `r.Header.Set("Accept", "application/json, text/event-stream")` on the inbound request.
-2. Go's `httputil.ReverseProxy.ServeHTTP` calls `outreq = req.Clone(ctx)` which calls
-   `r.Header.Clone()` — a **deep copy** of all headers, including Accept.
-3. Before `Rewrite` is called, Go only strips `Forwarded`, `X-Forwarded-For`,
-   `X-Forwarded-Host`, `X-Forwarded-Proto` — Accept is **not** stripped.
-4. The `Rewrite` function (`pkg/transport/proxy/transparent/transparent_proxy.go:505-545`)
-   only modifies URL (scheme, host, path), Host header, X-Forwarded-\*, query params, and
-   OTEL propagation headers — it **never touches Accept**.
-5. After `Rewrite`, Go's `removeHopByHopHeaders` only strips `Connection`, `Keep-Alive`,
-   `Proxy-*`, `Te`, `Trailer`, `Transfer-Encoding`, `Upgrade` — **not Accept**.
-6. `tracingTransport.RoundTrip` (`transparent_proxy.go:364-447`) only modifies `req.Host` —
-   **not Accept**.
-7. The `WithContext` shallow copy in Rewrite shares the same Header map (pointer), so all
-   modifications are visible to the original `outreq` used by Go's ReverseProxy.
-
-**Conclusion: No code path strips or modifies the Accept header. The header-forward middleware
-correctly propagates Accept through the reverse proxy to the upstream.**
+#### Issue 1: X-Forwarded-Host causes redirect loop (fixed in `258bd69c`)
 
-#### 2. Nothing strips the Accept header
+The transparent proxy's `Rewrite` function called `pr.SetXForwarded()` for all upstreams,
+including remote third-party servers. This injected `X-Forwarded-Host: nominal-docs.mcp.staging.muonspace.com`
+(the proxy's own hostname) into outbound requests. The third-party upstream at
+`api.gov.nominal.io` used this header to construct a 307 redirect URL pointing back to the
+proxy, creating an infinite redirect loop:
 
-The only header-stripping middleware is `stripAuthMiddleware`
-(`pkg/runner/middleware.go:316-327`), which calls `r.Header.Del("Authorization")` — only
-Authorization. Confirmed no other middleware or reverse proxy component touches Accept.
-
-#### 3. MCP parser middleware does NOT intercept requests
-
-`ParsingMiddleware` (`pkg/mcp/parser.go:69-105`) **always** calls `next.ServeHTTP(w, r)`. It
-reads the body, parses JSON-RPC, stores the parsed data in request context, and passes
-through. It never generates its own response or short-circuits the middleware chain.
-
-#### 4. Path rewriting works correctly
-
-The `Rewrite` function at `transparent_proxy.go:521-523` unconditionally replaces the outbound
-path with `remoteBasePath` (`/docs/mcp`). Both client paths `/mcp` and `/docs/mcp` get
-rewritten to `/docs/mcp`. The `WithContext` shallow copy shares the same `URL` pointer, so
-modifications are visible to the original `outreq`. Tests in
-`pkg/transport/proxy/transparent/remote_path_test.go` confirm this behavior.
-
-#### 5. The "2ms / 155 attempts" observations are from the RUNNER's self-check, NOT from client requests
-
-**This is the key finding that reframes the bug.**
-
-At `pkg/runner/runner.go:414`, the runner calls `waitForInitializeSuccess()` which sends
-POST requests to **the proxy's own address** (`http://localhost:8080/docs/mcp`) at
-`runner.go:810-820`. These self-check requests:
-
-- Have **no JWT token** (the runner doesn't authenticate with itself)
-- Go through the **full middleware chain**, including the OIDC auth middleware
-- Are immediately rejected by the auth middleware with **401 Unauthorized** (~2ms, no network)
-- Are retried with exponential backoff for 5 minutes (155 attempts)
-- Result in the `"initialize not successful, but continuing"` log at `runner.go:415`
-
-The runner's self-check (`runner.go:818-820`) **does** set the correct Accept header:
-```go
-req.Header.Set("Content-Type", "application/json")
-req.Header.Set("Accept", "application/json, text/event-stream")
-req.Header.Set("MCP-Protocol-Version", "2024-11-05")
 ```
-But it never reaches the upstream because the auth middleware rejects it first.
-
-**The "2ms" timing and "155 attempts" are entirely explained by instant 401 rejections from
-the OIDC auth middleware on the runner's unauthenticated self-check requests. They do not
-reflect actual client-to-upstream behavior.**
-
-#### 6. Actual client requests (with JWTs) should work
-
-For real Claude Code requests with valid ToolHive JWTs, the flow is:
+Client → proxy (nominal-docs.mcp.staging.muonspace.com)
+       → upstream (api.gov.nominal.io)
+       → 307 redirect to nominal-docs.mcp.staging.muonspace.com  ← loop!
+```
 
-1. Auth middleware validates JWT — **passes** (confirmed by audit: `outcome: success`)
-2. `strip-auth` removes Authorization header — prevents JWT leaking to upstream
-3. `header-forward` sets `Accept: application/json, text/event-stream`
-4. Reverse proxy forwards to upstream with Accept header intact
-5. Upstream should receive Accept and return 200
+**Fix**: Skip `SetXForwarded()` when `isRemote` is true. Remote third-party upstreams don't
+need the proxy's internal hostname, and it causes redirect loops when the upstream constructs
+redirect URLs from `X-Forwarded-Host`. Local container backends still receive these headers.
 
-**Based on code analysis, the header forwarding is correct for authenticated client requests.**
+#### Issue 2: Transparent proxy does not follow HTTP redirects (fixed in `31d868ae`)
 
-### Revised Assessment
+After fixing the X-Forwarded-Host loop, the upstream still 307-redirected — this time a
+legitimate HTTPS→HTTP scheme redirect:
 
-The original hypothesis ("the issue is in the HTTP header forwarding layer") appears to be
-**incorrect**. The code correctly forwards the Accept header for authenticated requests. The
-observed symptoms (2ms timing, 155 attempts, 401 status codes) are entirely explained by the
-runner's unauthenticated self-check hitting the OIDC middleware.
+```
+from:     https://api.gov.nominal.io/docs/mcp/
+location: http://api.gov.nominal.io/docs/mcp
+```
 
-The remaining failure (`Claude Code reports "Failed to reconnect"`) has a different root cause
-than the Accept header. Likely explanations, in order of probability:
+Go's `http.Transport.RoundTrip` does not follow redirects (that is `http.Client`'s job), but
+`httputil.ReverseProxy` uses the Transport directly. The 307 response was passed through to
+the MCP client, which cannot follow upstream redirects through the proxy.
 
-1. **Infrastructure between the proxy pod and the upstream** — a service mesh sidecar
-   (Istio/Envoy), egress proxy, network policy, or cloud NAT stripping or modifying the
-   Accept header before it reaches `api.gov.nominal.io`. This is the most likely cause in a
-   Kubernetes environment.
+**Fix**: Added `forwardFollowingRedirects` to `tracingTransport` that follows up to 10
+redirects transparently. 307/308 preserve method and body (RFC 7538); 301/302/303 change to
+GET (RFC 7231). Each followed redirect is logged at WARN level.
 
-2. **The runner's failed self-check delays client registration** — the 5-minute
-   `waitForInitializeSuccess` failure means the proxy never confirms upstream reachability
-   before registering with client managers (`runner.go:425-431`). If Claude Code connects
-   during or immediately after this window, it might experience session establishment issues
-   unrelated to the Accept header.
+### Investigation Timeline
 
-3. **Observation conflation** — the 406 status was observed via direct curl tests (without
-   Accept header) during debugging, while the actual Claude Code failure may be a different
-   issue (OAuth flow completion, session management, or reconnection logic).
+#### Initial hypothesis: Accept header not reaching upstream (INCORRECT)
 
-### Next Steps
+The original report assumed the upstream was returning 406 because the `Accept` header was
+missing. Code analysis proved the header-forward middleware correctly propagates Accept through
+the reverse proxy — no code path strips or modifies it.
 
-1. **Add debug logging to `tracingTransport.RoundTrip`** at
-   `pkg/transport/proxy/transparent/transparent_proxy.go:364` to dump all outbound request
-   headers (`req.Header`). This will definitively confirm whether Accept reaches the wire
-   for authenticated client requests.
+#### Debug logging revealed the real status code
 
-2. **Check for infrastructure header stripping** — inspect service mesh configs
-   (Istio/Envoy sidecar), egress policies, and network proxies in the cluster that sit
-   between the proxy pod and the upstream.
+Added outbound request and upstream response logging to `tracingTransport.RoundTrip`. This
+showed every upstream response was **307 Temporary Redirect**, not 406. The 406 observed
+during initial debugging was from direct curl tests without the Accept header — the proxy was
+never reaching the upstream because of the redirect issues.
 
-3. **Capture actual network traffic** — use `tcpdump` or pod-level packet capture to see
-   the exact HTTP request sent to `api.gov.nominal.io` and verify the Accept header is
-   present on the wire.
+#### The "2ms / 155 attempts" were from the runner self-check
 
-4. **Fix the runner self-check for OIDC-protected proxies** — `waitForInitializeSuccess`
-   should either skip when OIDC is configured, bypass the middleware chain by hitting the
-   `/health` endpoint, or send the request directly to the upstream (like the pinger does)
-   instead of through the proxy's own middleware. This is a separate bug that causes
-   misleading logs and delays proxy readiness.
+The `waitForInitializeSuccess()` function (`runner.go:414`) sends POST requests to the
+proxy's own address without a JWT. The OIDC auth middleware immediately rejects these with
+401 (~2ms, no network round-trip). This produced the misleading "initialize not successful"
+logs and fast timing that was initially attributed to the upstream rejecting requests.
 
-### Reproduction
+### Fixes Applied
 
-```bash
-# Upstream works directly with correct Accept header:
-curl -s -w "\n%{http_code}" -X POST https://api.gov.nominal.io/docs/mcp \
-  -H "Content-Type: application/json" \
-  -H "Accept: application/json, text/event-stream" \
-  -d '{"jsonrpc":"2.0","method":"initialize","id":1,"params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"test","version":"1.0"}}}'
-# Returns 200 with valid MCP response
+| Commit | Description |
+|--------|-------------|
+| `c1c36ba1` | Add debug logging for outbound request headers |
+| `d3f45069` | Add upstream response status logging |
+| `a187848a` | Log upstream redirect responses with Location URL |
+| `258bd69c` | Strip X-Forwarded-* headers for remote upstream servers |
+| `31d868ae` | Follow upstream HTTP redirects in transparent proxy |
 
-# Upstream rejects without Accept header:
-curl -s -w "\n%{http_code}" -X POST https://api.gov.nominal.io/docs/mcp \
-  -H "Content-Type: application/json" \
-  -d '{"jsonrpc":"2.0","method":"initialize","id":1,"params":{"protocolVersion":"2025-03-26","capabilities":{},"clientInfo":{"name":"test","version":"1.0"}}}'
-# Returns 406: "Not Acceptable: Client must accept both application/json and text/event-stream"
-```
+### Remaining Known Issues
 
-### Impact
+1. **Runner self-check fails for OIDC-protected proxies** — `waitForInitializeSuccess` sends
+   unauthenticated requests through the middleware chain, always getting 401. Should skip or
+   bypass auth for OIDC-protected proxies. Non-blocking (logs warning and continues).
 
-This blocks MCPRemoteProxy use case 2 (embedded auth server + public upstream MCP) from
-working end-to-end. The auth changes (`disableUpstreamTokenInjection`, `strip-auth` middleware)
-are functioning correctly. The header forwarding code is also correct. The remaining failure
-is most likely environmental (infrastructure header stripping) or caused by the runner
-self-check bug producing misleading diagnostics.
+2. **Debug logging should be removed** before merging to upstream — the outbound request and
+   response logging in `tracingTransport.RoundTrip` was added for diagnosis and is noisy.