fix(db): Guard against inactive transaction during async cleanup

[crivetimihai]

Summary

This PR fixes two related issues affecting gateway registration with Moody's MCP server:

1. [BUG]: MCP CF crashes while listing tools from moody's mcp server #2341 - Transaction Inactive Crash: Gateway crashes with InvalidRequestError: This transaction is inactive after successfully fetching tools/resources
2. [BUG]: Multiple gateway import failing with unique constraint error for resources #2352 - Unique Constraint Violation: Re-adding a gateway fails with UniqueViolation on uq_team_owner_uri_resource

---

Root Cause Analysis

Issue #2341: Transaction Inactive During Async Cleanup

Timeline from logs:

Timestamp	Event
09:42:54.938Z	Fetched 10 tools from gateway ✓
09:42:55.506Z	Fetched 53 resources from gateway ✓
09:42:56.024Z	Fetched 1 resource templates from gateway ✓
09:42:56.378Z	DELETE .../mcp "HTTP/1.1 204 No Content" ✓
09:42:56.416Z	InvalidRequestError('This transaction is inactive') ✗

Root Cause: CancelledError during MCP session cleanup (DELETE request) causes the transaction to become inactive. Then get_db() tries to commit() on the inactive transaction.

Fix: Add db.is_active checks before commit() and rollback() in get_db().

Issue #2352: Unique Constraint Violation on Re-Registration

The Constraint:

# Resources unique on (team_id, owner_email, uri) - NOT including gateway_id
UniqueConstraint("team_id", "owner_email", "uri", name="uq_team_owner_uri_resource")

Failure Sequence:

1. Gateway A registered → resources created with (team_id, owner_email, uri)
2. Gateway A deleted → but [BUG]: MCP CF crashes while listing tools from moody's mcp server #2341 crash leaves orphaned resources
3. Gateway B registered (same MCP server) → tries to INSERT same resources → CONFLICT

Fix: Add upsert logic for orphaned resources and prompts only:

• Query for existing records where gateway_id IS NULL or points to non-existent gateway
• Update orphaned records instead of creating duplicates
• Resources belonging to active gateways are NOT touched

---

Changes

mcpgateway/main.py

• Added db.is_active guard before commit() in get_db()
• Added db.is_active guard before rollback() in exception handler
• Added db.invalidate() fallback for broken connections

mcpgateway/services/gateway_service.py

• Added upsert logic for orphaned resources only (query by team_id, owner_email, uri)
• Added upsert logic for orphaned prompts only (query by team_id, owner_email, name)
• Uses per-resource team/owner overrides when building lookup key
• Only updates records where gateway_id IS NULL or gateway doesn't exist

scripts/cleanup_orphaned_resources.py (NEW)

• Cleanup script to remove orphaned records from affected databases

tests/unit/mcpgateway/services/test_gateway_resources_prompts.py

• Added test_register_gateway_updates_orphaned_resources
• Added test_register_gateway_does_not_update_active_gateway_resources

---

Manual Cleanup (For Affected Users)

If you experienced the #2341 crash, you may have orphaned resources/prompts/tools in your database. A cleanup script is provided:

# Dry run (default) - shows what would be deleted
python scripts/cleanup_orphaned_resources.py

# Actually delete orphaned records
python scripts/cleanup_orphaned_resources.py --execute

# Filter by team or owner
python scripts/cleanup_orphaned_resources.py --team-id <team_id>
python scripts/cleanup_orphaned_resources.py --owner-email <email>

Note: The upsert fix will handle orphaned records automatically on re-registration (they get reassigned to the new gateway). The cleanup script is only needed if you want to proactively remove orphaned records without re-registering.

---

Code Review Findings (Addressed)

Finding	Severity	Status
Upsert updates any existing resource without verifying it's orphaned	High	✅ Fixed - now only updates records where gateway_id IS NULL or gateway doesn't exist
Resource lookup uses gateway-level keys but inserts use per-resource overrides	Medium	✅ Fixed - lookup now uses per-resource team_id and owner_email overrides
No tests for upsert logic	Low	✅ Fixed - added 2 tests for orphaned resource handling

---

Test Plan

• Run gateway service tests: 75 passed
• Run gateway resources/prompts tests: 6 passed
• Run all service tests: 1795 passed, 34 skipped
• Integration test with Moody's MCP server

Closes #2341
Closes #2352

[crivetimihai]

Root Cause Analysis

Timeline from Logs

Timestamp	Event
09:42:54.938Z	Fetched 10 tools from gateway ✓
09:42:55.506Z	Fetched 53 resources from gateway ✓
09:42:56.024Z	Fetched 1 resource templates from gateway ✓
09:42:56.378Z	DELETE https://screening-ai-services.npe.moodys.cloud/mcp "204 No Content" ✓
09:42:56.416Z	InvalidRequestError('This transaction is inactive') ✗
09:42:56.418Z	POST /gateways HTTP/1.1" 500 ✗

The Trigger

The logs show a CancelledError during MCP session cleanup:

receive_response_body.failed exception=CancelledError("Cancelled via cancel scope ... by
<Task pending name='starlette.middleware.base.BaseHTTPMiddleware.__call__.<locals>.call_next.<locals>.coro' ...")

Sequence of Events

1. Request starts → get_db() creates session, yields it
2. Gateway registration → Tools/resources fetched successfully
3. MCP session cleanup → DELETE request sent
4. CancelledError → During response body reception
5. Exception propagates → Transaction implicitly rolled back
6. FastAPI cleanup → get_db() resumes after yield
7. Commit attempted → Transaction already inactive → CRASH

Moody's Server Details

• Tools: 10 (getLegalDisclaimers, getAuthStatus, screenAndWait, etc.)
• Resources: 53
• Resource Templates: 1
• Protocol Version: 2025-11-25