fix(upstream): launcher user-supplied docker run misses bundle-dir PATH + direct-exec (MCP-2881)

[Dumbris]

Summary

Follow-up to #715/#716 (the docker credential-helper PATH fix). An independent review of #716 found a pre-existing gap not addressed there.

The launcher path's user-supplied docker run branch in buildLauncherCmd (internal/upstream/core/connection_launcher.go) still called wrapWithUserShell(...) directly. Unlike the stdio path, it never adopted resolveDockerSpawn/direct-exec, so it got no bundle-dir PATH prepend (prependDockerDirToPath) and no direct-exec of the resolved absolute docker binary.

Consequence: a user-supplied docker run … upstream launched via the launcher (HTTP/SSE transport with Command also set) did not receive the #715 credential-helper fix and could still fail with docker-credential-desktop … not found in $PATH on an uncached image pull.

This is pre-existing tech debt, not a regression from #716 (confirmed against origin/main = the #716 merge). #716 correctly covered the launcher's isolation branch and all stdio paths.

Fix

Route the launcher's user-supplied docker run branch through the same resolveDockerSpawn + prependDockerDirToPath(envVars, dockerDir) wiring the stdio path already uses — a one-to-one mirror of connectStdio's else if isDirectDockerRun branch — so direct-exec + bundle-dir PATH augmentation apply uniformly across every docker spawn entrypoint (isolation-injection, stdio user-supplied, launcher user-supplied).

Tests (TDD)

New connection_launcher_test.go:

• TestBuildLauncherCmdUserSuppliedDockerRunDirectExec — failing-first: asserts the launcher path direct-execs the resolved absolute docker, carries the injected -e KEY=VALUE flags as raw argv, inserts --cidfile via the args-based helper, and prepends the bundle dir to the spawn env PATH.
• TestBuildLauncherCmdUserSuppliedDockerRunShellWrapFallback — resolution-failure keeps the login-shell wrap (no regression of Docker Desktop not detected on macOS: servers fail with command not found: docker despite docker_available: true #696's last-resort PATH lookup).
• TestBuildLauncherCmdPlainCommandStillShellWraps — non-docker launcher commands still shell-wrap and get no docker PATH augmentation / cidfile.

Verification

• go test -race ./internal/upstream/... — green
• golangci-lint run --config .github/.golangci.yml ./internal/upstream/... — 0 issues
• gofmt clean, go build ./cmd/mcpproxy OK

Related #715

[cloudflare-workers-and-pages]

Deploying mcpproxy-docs with    Cloudflare Pages

Latest commit:	2328ae8
Status:	✅  Deploy successful!
Preview URL:	https://a0294813.mcpproxy-docs.pages.dev
Branch Preview URL:	https://fix-mcp-2881-launcher-docker.mcpproxy-docs.pages.dev

View logs

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[github-actions]

📦 Build Artifacts

Workflow Run: View Run
Branch: fix/mcp-2881-launcher-docker-run-bundle-path

Available Artifacts

• archive-darwin-amd64 (28 MB)
• archive-darwin-arm64 (25 MB)
• archive-linux-amd64 (16 MB)
• archive-linux-arm64 (14 MB)
• archive-windows-amd64 (28 MB)
• archive-windows-arm64 (25 MB)
• frontend-dist-pr (0 MB)
• installer-dmg-darwin-amd64 (21 MB)
• installer-dmg-darwin-arm64 (19 MB)

How to Download

Option 1: GitHub Web UI (easiest)

1. Go to the workflow run page linked above
2. Scroll to the bottom "Artifacts" section
3. Click on the artifact you want to download

Option 2: GitHub CLI

gh run download 27756242864 --repo smart-mcp-proxy/mcpproxy-go

Note: Artifacts expire in 14 days.

[mcpproxy-gatekeeper]

APPROVE — reviewed via Claude Code on the ACTUAL #717 branch (HEAD 2328ae8; a prior reviewer falsely called it a no-op by diffing the wrong branch). Routes buildLauncherCmd's user-supplied 'docker run' through shared resolveDockerSpawn + prependDockerDirToPath — faithful mirror of merged stdio fix; direct-exec/shell-wrap gating + cidfile helper selection + env injection all consistent across the 3 entrypoints; isolation path untouched. go build clean, internal/upstream tests pass (3 new launcher tests), golangci-lint v2 0 issues. MCP-2881.