[BUG]: REST /tools list endpoint returns stale visibility data after tool update #2018
Description
Description
The REST /tools list endpoint returns stale visibility data after a tool's visibility is updated via PUT. The cache is not properly invalidated when tool visibility changes.
Steps to Reproduce
-
Update a tool's visibility via PUT:
curl -X PUT "http://localhost:8080/tools/{tool_id}" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"visibility": "team"}'
-
Verify via direct GET (shows correct updated value):
curl -H "Authorization: Bearer $TOKEN" "http://localhost:8080/tools/{tool_id}" # Returns: visibility: "team" ✓
-
Check via list endpoint (shows stale value):
curl -H "Authorization: Bearer $TOKEN" "http://localhost:8080/tools" # Returns: visibility: "public" ✗
-
Check via RPC (shows correct updated value):
curl -X POST "http://localhost:8080/rpc" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d '{"jsonrpc":"2.0","method":"tools/list","params":{},"id":1}' # Returns: visibility: "team" ✓
Expected Behavior
The /tools list endpoint should return the updated visibility immediately after a PUT update, or at least within the configured cache TTL (REGISTRY_CACHE_TOOLS_TTL=60s).
Actual Behavior
- Direct GET
/tools/{id}returns correct visibility - RPC
tools/listreturns correct visibility and applies correct filtering - REST GET
/toolslist returns stale visibility indefinitely
Environment
- docker-compose with 3 gateway replicas
- REGISTRY_CACHE_ENABLED=true
- REGISTRY_CACHE_TOOLS_TTL=60
Impact
This causes inconsistency between:
- The tool detail view (correct)
- The tool list view (stale)
- RPC-based operations (correct)
Token scoping/RBAC filtering works correctly on RPC but may show incorrect counts on REST list due to stale visibility data.
Possible Causes
- Registry cache key not being invalidated on tool update
- Each replica maintains separate in-memory cache that isn't synchronized
- Nginx caching layer (if enabled)
Related
Discovered while testing token scoping fixes in #1915.