[FIX][AUTH]: Cross-replica cache invalidation for auth caches

[marekdano]

🐛 Bug-fix PR

---

📌 Summary

AuthCache published invalidation messages to mcpgw:auth:invalidate, but CacheInvalidationSubscriber only listened on mcpgw:cache:invalidate. In multi-replica deployments, when one replica invalidated auth data (e.g., after a role change or token revocation), other replicas never received the message and continued serving stale in-memory auth caches.

💡 Fix Description

1. Subscribe to both channels — Added _channels list containing both mcpgw:cache:invalidate and mcpgw:auth:invalidate. Updated start() to subscribe to all channels via await self._pubsub.subscribe(*self._channels) and stop() to unsubscribe from all.
2. Handle auth invalidation messages — Added 7 new message handlers in _process_invalidation():
   • user:{email} — clears user cache, context cache, and team cache entries for the user
   • revoke:{jti} — adds JTI to revoked set, clears revocation cache and matching context cache entries
   • team:{email} — clears team cache and context cache for the user
   • role:{email}:{team_id} — clears specific role cache entry
   • team_roles:{team_id} — clears all role cache entries for a team
   • teams:{email} — clears teams list cache entries for the user
   • membership:{email} — clears team membership cache entries for the user

The startswith check ordering ensures team_roles: and teams: are matched before team:.

Tests: tests/unit/mcpgateway/cache/test_cache_invalidation_subscriber.py

• Updated test_subscriber_initialization to assert _channels includes both channels
• Fixed FakePubSub.subscribe/unsubscribe signatures to accept *_channels (varargs)
• Added create_mock_auth_cache() helper
• Added TestAuthCacheInvalidationSubscriber class with 11 tests covering all auth invalidation message types, channel subscription verification, and an end-to-end regression test

🧪 Verification

Check	Command	Status
Lint suite	make lint	✅
Unit tests	make test	✅
Coverage ≥ 80 %	make coverage	✅
Manual regression no longer fails	steps / screenshots

📐 MCP Compliance (if relevant)

• Matches current MCP spec
• No breaking change to MCP clients

✅ Checklist

• Code formatted (make black isort pre-commit)
• No secrets/credentials committed

[crivetimihai]

Thanks @marekdano. Critical fix for multi-replica deployments — the channel mismatch (mcpgw:auth:invalidate vs mcpgw:cache:invalidate) meant auth cache changes weren't propagated across replicas. The 7 new message handlers cover the key invalidation scenarios. Good test coverage.

[jonpspri]

Review: Approve

Reviewed the full diff (6 commits after rebase onto main), ran all linters and tests.

What was checked

Check	Result
Black / isort	Clean
flake8	Clean
pylint	10.00/10
bandit	0 issues
Unit tests (49)	All pass

Assessment

Core fix is correct. AuthCache publishes to mcpgw:auth:invalidate but the subscriber only listened on mcpgw:cache:invalidate — the channel mismatch meant auth invalidations never propagated across replicas. Subscribing to both channels and adding the 7 auth message handlers resolves the gap.

Security:

• Channel-origin guard ensures auth-prefixed messages are only accepted from mcpgw:auth:invalidate, preventing spoofing via the cache channel.
• Final commit closes a subtle bypass where channel="" (empty/falsy) would short-circuit the guard — now rejects unless channel is exactly mcpgw:auth:invalidate.
• _MAX_REVOKED_JTIS cap (100K) prevents unbounded memory growth from pubsub flooding.

Correctness:

• All 7 message types published by auth_cache (user:, revoke:, team:, role:, team_roles:, teams:, membership:) have matching handlers.
• _AUTH_PREFIXES tuple orders team_roles: and teams: before team: to prevent prefix collision in startswith().
• threading.Lock usage in sync _process_auth_invalidation called from async context is safe — only fast dict ops, no await while held.

Test coverage:

• 11 new tests covering all 7 handler types, channel guard deny/accept paths, _MAX_REVOKED_JTIS cap, prefix collision regressions, empty identifiers, and identifiers with colons.
• End-to-end cross-replica regression test included.

[crivetimihai]

Review: Approve

Rebased onto current main (clean, no conflicts), reviewed the full implementation, ran linting, tests, and verified on a live 3-replica deployment with Redis.

Verification

Check	Result
Black / isort / flake8 / bandit	Clean
Unit tests (52, up from 49)	All pass
Full cache module tests (440)	All pass
Live deployment (3 replicas + Redis + nginx LB)	All endpoints healthy
Redis pubsub mcpgw:auth:invalidate subscribers	72 (matches mcpgw:cache:invalidate)
All 7 auth invalidation message types via Redis	72 subscribers received each
Channel-origin guard (auth msgs on wrong channel)	Correctly rejected
Admin UI (login, dashboard, tools, tokens)	Working

Changes made during review (2 commits)

1. test: add listener-path regression tests for channel forwarding

Added 3 tests that exercise the full _listen_loop → _process_invalidation path with channel data from fake pubsub messages, closing a coverage gap identified during review:

• test_listen_loop_forwards_channel_to_process_invalidation — verifies channel kwarg is forwarded from pubsub message
• test_listen_loop_auth_message_evicts_cache_end_to_end — full path from pubsub message through auth cache eviction
• test_listen_loop_auth_message_rejected_on_wrong_channel_end_to_end — deny-path proving channel guard works through the listener

Also fixed _MAX_REVOKED_JTIS docstring to accurately describe the reconciliation path (Redis L2 fallback on L1 miss via is_token_revoked() / get_auth_context(), not the unused sync_revoked_tokens() method).

2. refactor: clarify auth dispatch comment and test names

The comment "Order matters: team_roles/teams must be checked before team" was misleading — there is no actual startswith() prefix collision between teams:, team_roles:, and team: (the 5th character differs: s/_ vs :). Reworded the comment and renamed two test methods from prefix_collision to dispatches_to_correct_handler.

Assessment

• Core fix is correct. All 7 publish calls in auth_cache.py have matching handlers that replicate the exact L1 eviction logic.
• Security is sound. Channel-origin guard rejects auth messages on wrong channel; empty/missing channel fails closed; _MAX_REVOKED_JTIS caps memory growth.
• Thread safety matches existing patterns. Short lock scopes with no await under lock.
• Test coverage is comprehensive. 52 tests including listener-path, channel guard deny/accept, cap enforcement, dispatch correctness, edge cases, and end-to-end regression.

Note for follow-up

invalidate_team() in auth_cache.py:508 does _team_cache.pop(email, None) with a bare email key, but production code writes _team_cache keys as f"{user_email}:{sorted_teams}". This means the pop never matches a real entry. This is pre-existing behavior (not introduced by this PR) and the subscriber correctly mirrors it. Worth a separate fix.