Add policy_stopped workload status and enforce policy gate on restart (#4857)

* Add policy_stopped workload status and enforce policy gate on restart

Introduces WorkloadStatusPolicyStopped as a first-class workload status
to support enterprise policy enforcement. When non-registry servers are
blocked by policy, workloads can be set to this status so the UI and CLI
can surface the reason clearly, rather than showing an opaque "error".

- Add WorkloadStatusPolicyStopped constant to pkg/container/runtime/types.go
- Update enums tag in pkg/core/workload.go to include policy_stopped
- Map policy_stopped to BackendUnhealthy in mapWorkloadStatusToVMCPHealth
- Call EagerCheckCreateServer in restartSingleWorkload so the policy gate
  blocks restart of workloads that violate the active policy
- Add 🚫 indicator for policy_stopped in CLI list and status output,
  following the existing ⚠️ pattern for unauthenticated workloads
- Regenerate swagger docs to include the new status enum value

Part of stacklok/stacklok-enterprise-platform#406

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Remove enterprise reference from WorkloadStatusPolicyStopped comment

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Fix exhaustive lint errors in status switch statements

Add all WorkloadStatus cases to the switches in list and status
commands to satisfy the exhaustive linter.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Address PR review comments: fix policy gate bypass and missing enum

- Add policy_stopped to workloadStatusResponse enums tag so the swagger
  spec for the status endpoint includes the new value
- Add EagerCheckCreateServer check in maybeSetupContainerWorkload after
  loadRunnerFromState to cover the path where the outer LoadState call
  fails on a partial name but succeeds after label-based name resolution
- Regenerate swagger docs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

* Set policy_stopped status on blocked restart and deduplicate status indicator

- Call SetWorkloadStatus with WorkloadStatusPolicyStopped in both policy
  gate failure paths in restartSingleWorkload and maybeSetupContainerWorkload,
  so a blocked restart transitions the workload into the new status instead
  of leaving it as stopped
- Extract the status indicator switch (⚠️ / 🚫) from list.go and status.go
  into a single workloadStatusIndicator helper in common.go

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: reyortiz3

cmd/thv/app/common.go

@@ -11,6 +11,7 @@ import (
 
 	groupval "github.com/stacklok/toolhive-core/validation/group"
 	"github.com/stacklok/toolhive/pkg/config"
+	"github.com/stacklok/toolhive/pkg/container/runtime"
 	"github.com/stacklok/toolhive/pkg/secrets"
 	"github.com/stacklok/toolhive/pkg/workloads"
 )
@@ -155,6 +156,23 @@ func completeLogsArgs(cmd *cobra.Command, args []string, _ string) ([]string, co
 	return completions, cobra.ShellCompDirectiveNoFileComp
 }
 
+// workloadStatusIndicator returns the status string with a visual indicator prepended
+// for statuses that warrant user attention (unauthenticated, policy_stopped).
+// All other statuses are returned as plain strings.
+func workloadStatusIndicator(status runtime.WorkloadStatus) string {
+	switch status {
+	case runtime.WorkloadStatusUnauthenticated:
+		return "⚠️  " + string(status)
+	case runtime.WorkloadStatusPolicyStopped:
+		return "🚫 " + string(status)
+	case runtime.WorkloadStatusRunning, runtime.WorkloadStatusStopped, runtime.WorkloadStatusError,
+		runtime.WorkloadStatusStarting, runtime.WorkloadStatusStopping, runtime.WorkloadStatusUnhealthy,
+		runtime.WorkloadStatusRemoving, runtime.WorkloadStatusUnknown:
+		return string(status)
+	}
+	return string(status)
+}
+
 // AddGroupFlag adds a --group flag to the provided command for filtering by group.
 // If withShorthand is true, adds the -g shorthand as well.
 func AddGroupFlag(cmd *cobra.Command, groupVar *string, withShorthand bool) {

cmd/thv/app/list.go

@@ -12,7 +12,6 @@ import (
 
 	"github.com/spf13/cobra"
 
-	rt "github.com/stacklok/toolhive/pkg/container/runtime"
 	"github.com/stacklok/toolhive/pkg/core"
 	"github.com/stacklok/toolhive/pkg/workloads"
 )
@@ -165,11 +164,8 @@ func printTextOutput(workloadList []core.Workload) {
 
 	// Print workload information
 	for _, c := range workloadList {
-		// Highlight unauthenticated workloads with a warning indicator
-		status := string(c.Status)
-		if c.Status == rt.WorkloadStatusUnauthenticated {
-			status = "⚠️  " + status
-		}
+		// Highlight unauthenticated and policy-stopped workloads with indicators
+		status := workloadStatusIndicator(c.Status)
 
 		// Print workload information
 		if _, err := fmt.Fprintf(w, "%s\t%s\t%s\t%s\t%d\t%s\t%s\n",

cmd/thv/app/status.go

@@ -13,7 +13,6 @@ import (
 
 	"github.com/spf13/cobra"
 
-	"github.com/stacklok/toolhive/pkg/container/runtime"
 	"github.com/stacklok/toolhive/pkg/core"
 	"github.com/stacklok/toolhive/pkg/workloads"
 )
@@ -100,10 +99,7 @@ func printStatusJSONOutput(workload core.Workload) error {
 
 func printStatusTextOutput(workload core.Workload) {
 	w := tabwriter.NewWriter(os.Stdout, 0, 0, 3, ' ', 0)
-	status := string(workload.Status)
-	if workload.Status == runtime.WorkloadStatusUnauthenticated {
-		status = "⚠️  " + status
-	}
+	status := workloadStatusIndicator(workload.Status)
 
 	// Print workload information in key-value format
 	_, _ = fmt.Fprintf(w, "Name:\t%s\n", workload.Name)

docs/server/docs.go

@@ -32,7 +32,7 @@ type workloadListResponse struct {
 type workloadStatusResponse struct {
 	// Current status of the workload
 	//nolint:lll // enums tag needed for swagger generation with --parseDependencyLevel
-	Status runtime.WorkloadStatus `json:"status" enums:"running,stopped,error,starting,stopping,unhealthy,removing,unknown,unauthenticated"`
+	Status runtime.WorkloadStatus `json:"status" enums:"running,stopped,error,starting,stopping,unhealthy,removing,unknown,unauthenticated,policy_stopped"`
 }
 
 // updateRequest represents the request to update an existing workload

docs/server/swagger.json

@@ -44,6 +44,9 @@ const (
 	// WorkloadStatusUnauthenticated indicates that the workload is running but
 	// cannot authenticate with the remote MCP server (e.g., expired refresh token).
 	WorkloadStatusUnauthenticated WorkloadStatus = "unauthenticated"
+	// WorkloadStatusPolicyStopped indicates that the workload was stopped by
+	// policy enforcement. The StatusContext field carries the human-readable reason.
+	WorkloadStatusPolicyStopped WorkloadStatus = "policy_stopped"
 )
 
 // ContainerInfo represents information about a container

docs/server/swagger.yaml

@@ -33,7 +33,7 @@ type Workload struct {
 	ProxyMode string `json:"proxy_mode,omitempty"`
 	// Status is the current status of the workload.
 	//nolint:lll // enums tag needed for swagger generation with --parseDependencyLevel
-	Status runtime.WorkloadStatus `json:"status" enums:"running,stopped,error,starting,stopping,unhealthy,removing,unknown,unauthenticated"`
+	Status runtime.WorkloadStatus `json:"status" enums:"running,stopped,error,starting,stopping,unhealthy,removing,unknown,unauthenticated,policy_stopped"`
 	// StatusContext provides additional context about the workload's status.
 	// The exact meaning is determined by the status and the underlying runtime.
 	StatusContext string `json:"status_context,omitempty"`

pkg/api/v1/workload_types.go

@@ -243,6 +243,8 @@ func mapWorkloadStatusToVMCPHealth(status rt.WorkloadStatus) vmcp.BackendHealthS
 		return vmcp.BackendUnknown
 	case rt.WorkloadStatusUnauthenticated:
 		return vmcp.BackendUnauthenticated
+	case rt.WorkloadStatusPolicyStopped:
+		return vmcp.BackendUnhealthy
 	default:
 		return vmcp.BackendUnknown
 	}
@@ -1086,6 +1088,15 @@ func (d *DefaultManager) restartSingleWorkload(ctx context.Context, name string,
 		return d.restartContainerWorkload(ctx, name, foreground)
 	}
 
+	// Check policy gates before restarting — the loaded RunConfig carries the same
+	// fields (RegistryAPIURL, RegistryURL, RemoteURL) that the gate evaluates on create.
+	if err := runner.EagerCheckCreateServer(ctx, runConfig); err != nil {
+		if statusErr := d.statuses.SetWorkloadStatus(ctx, name, rt.WorkloadStatusPolicyStopped, err.Error()); statusErr != nil {
+			slog.Warn("Failed to set workload status to policy_stopped", "workload", name, "error", statusErr)
+		}
+		return fmt.Errorf("server restart blocked by policy: %w", err)
+	}
+
 	// Check if this is a remote workload
 	if runConfig.RemoteURL != "" {
 		return d.restartRemoteWorkload(ctx, name, runConfig, foreground)
@@ -1295,6 +1306,16 @@ func (d *DefaultManager) maybeSetupContainerWorkload(ctx context.Context, name s
 		return "", nil, fmt.Errorf("failed to load state for %s: %w", workloadName, err)
 	}
 
+	// Check policy gates before restarting. This covers the case where the caller
+	// could not load state via the original name but we resolved the canonical name
+	// from container labels above, so the check must happen here.
+	if err := runner.EagerCheckCreateServer(ctx, mcpRunner.Config); err != nil {
+		if statusErr := d.statuses.SetWorkloadStatus(ctx, workloadName, rt.WorkloadStatusPolicyStopped, err.Error()); statusErr != nil {
+			slog.Warn("Failed to set workload status to policy_stopped", "workload", workloadName, "error", statusErr)
+		}
+		return "", nil, fmt.Errorf("server restart blocked by policy: %w", err)
+	}
+
 	// Set workload status to starting - use the workload name for status operations
 	if err := d.statuses.SetWorkloadStatus(ctx, workloadName, rt.WorkloadStatusStarting, ""); err != nil {
 		slog.Warn("Failed to set workload status to starting", "workload", workloadName, "error", err)