[BUG][PLUGINS]: RESOURCE_POST_FETCH plugins are executed before invoke_resource() resolves resource templates

[TS0713]

🐞 Bug Summary

• RESOURCE_POST_FETCH plugins are executed before invoke_resource() resolves resource templates. Because of this ordering, plugins only receive raw/template content, and values introduced during invoke_resource() are not redacted.

---

🧩 Affected Component

Select the area of the project impacted:

• mcpgateway - API
• mcpgateway - UI (admin panel)
• mcpgateway.wrapper - stdio wrapper
• Federation or Transports
• CLI, Makefiles, or shell scripts
• Container setup (Docker/Podman/Compose)
• Other (explain below)

---

🔁 Steps to Reproduce

1. Enable RESOURCE_POST_FETCH hook with secrets_detection plugin.
2. Create a resource whose content is dynamically resolved via invoke_resource() (e.g., template expansion or secret injection).
3. Call read_resource() for that resource.
4. Observe that secrets added during invoke_resource() appear in the response without being redacted.

---

🤔 Expected Behavior

What should have happened instead?

1. RESOURCE_POST_FETCH should execute after invoke_resource() so plugins receive the fully materialized content.
2. Secrets detection should redact sensitive values from the final resolved payload before returning it to the client.

---

🧠 Environment Info

You can retrieve most of this from the /version endpoint.

Key	Value
Version or commit	e.g. v0.9.0 or main@a1b2c3d
Runtime	e.g. Python 3.11, Gunicorn
Platform / OS	e.g. Ubuntu 22.04, macOS
Container	e.g. Docker, Podman, none

---

🧩 Additional Context (optional)

Add any configuration details, flags, or related issues.

Root cause: RESOURCE_POST_FETCH currently runs immediately after DB fetch instead of after resource resolution.

Proposed fix:

Move RESOURCE_POST_FETCH invocation to after content normalization + invoke_resource()

Ensure plugins operate on fully resolved content

[crivetimihai]

Confirmed Bug: RESOURCE_POST_FETCH hooks execute before invoke_resource()

Thanks for reporting this — you're correct. This is a code bug, not a configuration issue.

Root Cause

In mcpgateway/services/resource_service.py, the _plugin_manager.invoke_hook() call for RESOURCE_POST_FETCH occurs before invoke_resource() fetches actual content from gateways.

Execution order in read_resource():

Line	What happens
2164	_read_template_resource() returns ResourceContent with text = formatted template URI (e.g., "file:///data/x.txt")
2224	_plugin_manager.invoke_hook(RESOURCE_POST_FETCH, ...) — hooks run HERE
2246-2278	invoke_resource() — actual content fetched from gateway HERE
2255	setattr(content, "text", resource_response) — content updated AFTER hooks already ran

What plugins receive vs. expect

Field	Plugins receive	Plugins expect
content.text	"file:///data/myfile.txt" (template URI string)	Actual file/resource content

Impact

All resource_post_fetch plugins receive template URIs instead of actual content for gateway-backed resources. This breaks:

• HTMLToMarkdownPlugin
• SafeHTMLSanitizer
• Summarizer
• CitationValidator
• Any content filtering/transformation plugins

Suggested Fix

Move the invoke_hook() call (lines 2219-2230) to after the invoke_resource() calls complete (after line 2279), so plugins receive the actual fetched content.

---

cc: @arujof @terylt — Can you help review and verify a fix for this?

If you'd like to submit a PR for this fix, please coordinate with @arujof (Fred) and @terylt (Teryl) for testing and verification. Happy to help review!

[crivetimihai]

Proposed Fix: Move RESOURCE_POST_FETCH hook after invoke_resource()

File to modify

mcpgateway/services/resource_service.py

The Problem

The current code structure has multiple return paths after invoke_resource(), making the fix slightly more involved than just moving a block of code.

Current flow (buggy):

POST_FETCH hooks (line 2224) → invoke_resource() → return

Required flow:

invoke_resource() → POST_FETCH hooks → return

Solution: Refactor to single return with post-fetch

Step 1: Remove the early post-fetch hook block (delete lines 2219-2230)

# DELETE THIS BLOCK (lines 2219-2230):
                # Call post-fetch hooks if registered
                if has_post_fetch:
                    # Create post-fetch payload
                    post_payload = ResourcePostFetchPayload(uri=original_uri, content=content)
                    # Execute post-fetch hooks
                    post_result, _ = await self._plugin_manager.invoke_hook(
                        ResourceHookType.RESOURCE_POST_FETCH, post_payload, global_context, contexts, violations_as_exceptions=True
                    )  # Pass contexts from pre-fetch

                    # Use modified content if plugin changed it
                    if post_result.modified_payload:
                        content = post_result.modified_payload.content

Step 2: Refactor the return section to resolve content first, then call hooks

Replace lines 2244-2287 with:

                # ═══════════════════════════════════════════════════════════════════════════
                # RESOLVE CONTENT: Fetch actual content from gateway if needed
                # ═══════════════════════════════════════════════════════════════════════════
                
                # If content is a Pydantic content model, invoke gateway
                if isinstance(content, (ResourceContent, TextContent)):
                    resource_response = await self.invoke_resource(
                        db=db,
                        resource_id=getattr(content, "id"),
                        resource_uri=getattr(content, "uri") or None,
                        resource_template_uri=getattr(content, "text") or None,
                        user_identity=user,
                        meta_data=meta_data,
                    )
                    if resource_response:
                        setattr(content, "text", resource_response)
                
                # If content is any object that quacks like content
                elif hasattr(content, "text") or hasattr(content, "blob"):
                    if hasattr(content, "blob"):
                        resource_response = await self.invoke_resource(
                            db=db,
                            resource_id=getattr(content, "id"),
                            resource_uri=getattr(content, "uri") or None,
                            resource_template_uri=getattr(content, "blob") or None,
                            user_identity=user,
                            meta_data=meta_data,
                        )
                        if resource_response:
                            setattr(content, "blob", resource_response)
                    elif hasattr(content, "text"):
                        resource_response = await self.invoke_resource(
                            db=db,
                            resource_id=getattr(content, "id"),
                            resource_uri=getattr(content, "uri") or None,
                            resource_template_uri=getattr(content, "text") or None,
                            user_identity=user,
                            meta_data=meta_data,
                        )
                        if resource_response:
                            setattr(content, "text", resource_response)
                
                # Normalize primitive types to ResourceContent
                elif isinstance(content, bytes):
                    content = ResourceContent(type="resource", id=str(resource_id), uri=original_uri, blob=content)
                elif isinstance(content, str):
                    content = ResourceContent(type="resource", id=str(resource_id), uri=original_uri, text=content)
                else:
                    # Fallback to stringified content
                    content = ResourceContent(type="resource", id=str(resource_id) or str(content.id), uri=original_uri or content.uri, text=str(content))

                # ═══════════════════════════════════════════════════════════════════════════
                # POST-FETCH HOOKS: Now called AFTER content is resolved from gateway
                # ═══════════════════════════════════════════════════════════════════════════
                if has_post_fetch:
                    post_payload = ResourcePostFetchPayload(uri=original_uri, content=content)
                    post_result, _ = await self._plugin_manager.invoke_hook(
                        ResourceHookType.RESOURCE_POST_FETCH, post_payload, global_context, contexts, violations_as_exceptions=True
                    )
                    if post_result.modified_payload:
                        content = post_result.modified_payload.content

                return content

Key changes summary

1. Remove early return statements — consolidate to single return content at the end
2. Use elif chain — instead of multiple if ... return blocks
3. Move post-fetch hook — to after all invoke_resource() calls complete
4. Normalize content in-place — assign to content variable instead of returning directly

---

Testing Requirements

Unit/Integration Tests

Add a test in tests/unit/plugins/ or tests/integration/ that verifies:

1. Register a resource_post_fetch plugin that captures content.text
2. Fetch a gateway-backed template resource
3. Assert the plugin received actual content, not the template URI

Example test outline:

async def test_post_fetch_receives_resolved_content():
    """RESOURCE_POST_FETCH plugins should receive actual gateway content, not template URIs."""
    captured_content = []
    
    # Plugin that captures what it receives
    class CapturePlugin:
        async def resource_post_fetch(self, payload, context):
            captured_content.append(payload.content.text)
            return PluginResult(continue_processing=True)
    
    # Register plugin, fetch template resource via gateway
    # ...
    
    # Assert plugin received actual content, not "file:///data/x.txt"
    assert captured_content[0] != "file:///data/x.txt"
    assert "actual file content" in captured_content[0]

Before submitting PR

1. Run coverage tests — ensure coverage stays above 85%:

   make coverage

2. Run load tests — verify no performance regression:

   make testing-up load-test-ui

3. Run full test suite:

   make test

4. Run linting/formatting:

   make autoflake isort black pre-commit
   make flake8 bandit pylint verify

---

cc: @arujof @terylt — This outlines the complete fix. The main risk is the refactor from multiple returns to a single return path — tests should verify all code paths still work correctly. Happy to help review the PR!