fix: correct managed OAuth credential name lookup for gateway MCP clients

aidandaly24 · aidandaly24 · commit e6cd895acd0e · 2026-03-13T11:36:49.000-04:00
The managed OAuth credential is created with the suffix '-oauth' (e.g.
'my-gateway-oauth') but was being looked up with '-agent-oauth' in
schema-mapper.ts and displayed with '-agent-oauth' in AddGatewayScreen.

This mismatch caused the credential lookup to fail silently, resulting
in an empty provider_name in the generated @requires_access_token
decorator. The agent runtime then crashed with:
  ParamValidationError: Invalid length for parameter
  resourceCredentialProviderName, value: 0, valid min length: 1
diff --git a/src/cli/operations/agent/generate/__tests__/schema-mapper.test.ts b/src/cli/operations/agent/generate/__tests__/schema-mapper.test.ts
@@ -190,3 +190,23 @@ describe('mapGenerateConfigToRenderConfig', () => {
     expect(result.memoryProviders[0]!.strategies).toEqual(['SEMANTIC', 'USER_PREFERENCE', 'SUMMARIZATION']);
   });
 });
+
+describe('gateway credential provider name mapping', () => {
+  it('uses the correct credential name suffix (-oauth) matching GatewayPrimitive creation', async () => {
+    // Regression test: credential is created as `${gatewayName}-oauth` by GatewayPrimitive,
+    // so the lookup in mapGatewaysToGatewayProviders must use the same suffix.
+    // Previously used '-agent-oauth' which caused provider_name="" in generated code.
+    //
+    // We verify this by checking the source code directly since ConfigIO requires
+    // a full build environment to import.
+
+    const fs = await import('node:fs');
+    const path = await import('node:path');
+    const schemaMapperPath = path.resolve(import.meta.dirname ?? __dirname, '../schema-mapper.ts');
+    const source = fs.readFileSync(schemaMapperPath, 'utf-8');
+
+    // The credential lookup must use `${gateway.name}-oauth` (not `-agent-oauth`)
+    expect(source).toContain('`${gateway.name}-oauth`');
+    expect(source).not.toContain('-agent-oauth');
+  });
+});
diff --git a/src/cli/operations/agent/generate/schema-mapper.ts b/src/cli/operations/agent/generate/schema-mapper.ts
@@ -199,7 +199,7 @@ async function mapGatewaysToGatewayProviders(): Promise<GatewayProviderRenderCon
 
       if (gateway.authorizerType === 'CUSTOM_JWT' && gateway.authorizerConfiguration?.customJwtAuthorizer) {
         const jwtConfig = gateway.authorizerConfiguration.customJwtAuthorizer;
-        const credName = `${gateway.name}-agent-oauth`;
+        const credName = `${gateway.name}-oauth`;
         const credential = project.credentials.find(c => c.name === credName);
 
         if (credential) {
diff --git a/src/cli/tui/screens/mcp/AddGatewayScreen.tsx b/src/cli/tui/screens/mcp/AddGatewayScreen.tsx
@@ -272,7 +272,7 @@ export function AddGatewayScreen({ onComplete, onExit, existingGateways, unassig
                       ? [{ label: 'Allowed Scopes', value: wizard.config.jwtConfig.allowedScopes.join(', ') }]
                       : []),
                     ...(wizard.config.jwtConfig.agentClientId
-                      ? [{ label: 'Agent Credential', value: `${wizard.config.name}-agent-oauth` }]
+                      ? [{ label: 'Agent Credential', value: `${wizard.config.name}-oauth` }]
                       : []),
                   ]
                 : []),

Original file line number	Diff line number	Diff line change
`@@ -272,7 +272,7 @@ export function AddGatewayScreen({ onComplete, onExit, existingGateways, unassig`
`272`	`272`	`? [{ label: 'Allowed Scopes', value: wizard.config.jwtConfig.allowedScopes.join(', ') }]`
`273`	`273`	`: []),`
`274`	`274`	`...(wizard.config.jwtConfig.agentClientId`
`275`		- ? [{ label: 'Agent Credential', value: `${wizard.config.name}-agent-oauth` }]
	`275`	+ ? [{ label: 'Agent Credential', value: `${wizard.config.name}-oauth` }]
`276`	`276`	`: []),`
`277`	`277`	`]`
`278`	`278`	`: []),`