[FEATURE][UI]: Add gateway credential reveal endpoint with admin UI support

[gandhipratik203]

---

🔗 Related Issue

Closes #3346, closes #2968 — see also #3201 for an alternative approach

---

📝 Summary

• Adds GatewayCredentialRevealResponse schema to mcpgateway/schemas.py
• Adds get_gateway_with_credentials() service method to gateway_service.py — fetches and decrypts gateway
  credentials without calling .masked()
• Adds POST /admin/gateways/{gateway_id}/reveal endpoint to admin.py, gated by gateways.read permission
  with mandatory audit logging on every call
• Wires up the Show button in the Edit Gateway modal (admin.js) to transparently call the reveal endpoint
  on first click, then toggle show/hide on subsequent clicks
• Adds 5 unit tests covering all acceptance criteria

Changes are purely additive — masked(), get_gateway(), and the existing GET endpoint are untouched.

Functionality	PR #3201	This PR
Reveal gateway credentials via API	✅	✅
Audit log on every credential reveal	—	✅
Dedicated reveal endpoint	—	✅

---

🏷️ Type of Change

• Bug fix
• Feature / Enhancement
• Documentation
• Refactor
• Chore (deps, CI, tooling)
• Other (describe below)

---

🧪 Verification

Check	Command	Status
Lint suite	make lint	✅
Unit tests	make test	✅ 13,776 passed
Coverage ≥ 80%	make coverage	✅

---

🔬 Steps to Test

Prerequisites

• Server running locally (make dev)
• Logged in to the Admin UI at http://localhost:8000/admin

Test 1 — UI flow (end-to-end)

1. Navigate to MCP Servers → scroll to Add New MCP Server or Gateway
2. Fill in: Name = test-reveal, URL = any reachable SSE URL, Authentication Type = Bearer Token, Token =
   supersecrettoken123
3. Click Add Gateway
4. Find test-reveal in the list → click Edit
5. In the Token field, click Show
6. Expected: button briefly shows Loading…, then reveals supersecrettoken123
7. Click Hide → token is masked again
8. Click Show again → token revealed instantly (no network call needed, cached in data-real-value)

Optional for reviewers:
Test 2 — API (Swagger UI)

1. Open http://localhost:8000/docs
2. Authorize with a Bearer JWT token
3. Call POST /admin/gateways/{gateway_id}/reveal with the ID of test-reveal
4. Expected: 200 response with authToken:

Test 3 — Unauthenticated request

1. Call POST /admin/gateways/{gateway_id}/reveal without Authorization header
2. Expected: 401 Unauthorized

Test 4 — Non-existent gateway

1. Call POST /admin/gateways/does-not-exist/reveal
2. Expected: 404 Not Found

Test 5 — Audit trail

1. After calling the reveal endpoint, check audit trail via GET /admin/audit-trail
2. Expected: entry with action: READ, resource_type: gateway, resource_id: <gateway_id>

---

📸 Observed Output

Edit Gateway modal — before clicking Show

Edit Gateway modal — after clicking Show

---

✅ Checklist

• Code formatted (make black isort pre-commit)
• Tests added/updated for changes
• Documentation updated (if applicable)
• No secrets or credentials committed

---

📓 Notes

This implementation uses a dedicated POST endpoint rather than modifying the existing GET endpoint (as
proposed in #3201). Benefits: explicit user intent, mandatory audit logging on every reveal, no risk of
accidentally exposing credentials in GET responses or logs.

[crivetimihai]

Thanks @gandhipratik203. Well-designed approach — the dedicated POST endpoint with mandatory audit logging is the right pattern for credential reveal. Good comparison with #3201. A few items: (1) CI checks are failing — please investigate, (2) this will conflict with #3508 which removes the same Show buttons — we'll coordinate merge order, (3) the allow_admin_bypass=False on @require_permission('gateways.read') is a good security choice for credential access.

[gandhipratik203]

Thanks @gandhipratik203. Well-designed approach — the dedicated POST endpoint with mandatory audit logging is the right pattern for credential reveal. Good comparison with #3201. A few items: (1) CI checks are failing — please investigate, (2) this will conflict with #3508 which removes the same Show buttons — we'll coordinate merge order, (3) the allow_admin_bypass=False on @require_permission('gateways.read') is a good security choice for credential access.

Thanks for the review @crivetimihai

(1) CI is now passing.

(2) Since #3508 has merged, I've rebased on main and re-added the Show/Hide buttons to the Edit Gateway form only.
These are now wired to the working toggleInputMask() function.

I've intentionally kept the scope limited to the Edit form, since revealing stored credentials is the primary use case.
If Show/Hide support is also needed on the Add form, I can track that as a separate issue.

(3) Glad the allow_admin_bypass = False choice makes sense.
Credential access felt like it warranted an explicit permission check regardless of admin status.

[gcgoncalves]

Disregard my last review, the problem was on my end.

[marekdano]

@gandhipratik203 - can you please resolve conflicts?

[jonpspri]

Updated scope: this PR now also resolves the underlying bug in #2968 (admin UI can no longer reveal gateway tokens after security hardening). PR #3201 has been closed in favor of this approach.

Please update the PR description to include Closes #2968 alongside Closes #3346.

[jonpspri]

Security Review — Converting to Draft

Security review identified issues that need to be addressed before this PR is merge-ready. Summary below, roughly prioritized.

Critical

1. Viewer-level access to plaintext secrets (admin.py:11914) — The endpoint uses gateways.read, which is granted to viewer (the lowest-privilege role). Any viewer can reveal plaintext credentials. Needs a dedicated permission (e.g. gateways.reveal_credentials) restricted to platform_admin/team_admin, or at minimum gateways.update.

2. No team-scoping — cross-tenant credential access (gateway_service.py:2779) — get_gateway_with_credentials queries by gateway_id alone with no team filter. A user on Team A who knows a gateway ID on Team B can reveal Team B's credentials.

High

3. __repr__ leaks plaintext credentials (schemas.py:3633) — Pydantic's default __repr__ renders all field values. Any log, traceback, or debug statement touching a GatewayCredentialRevealResponse will emit plaintext secrets. Needs a __repr__ override or SecretStr with custom serializer.

4. Unhandled decryption/validation errors (admin.py:11942) — Only GatewayNotFoundError is caught. Malformed auth data or encryption failures become opaque 500s with no logging context.

5. Audit service failure blocks credential return (admin.py:11947) — If log_action() raises, the response is never returned. No explicit policy on whether audit failure should block reveal.

6. Fetch errors only shown as tooltip (auth.js:91) — When the reveal fetch fails, the error is communicated only via button.title (hover tooltip). No showErrorMessage() or console.error().

Medium

7. gatewayId not URL-encoded (auth.js:83) — Should use encodeURIComponent() as defense-in-depth.

8. All credential fields populated at once (auth.js:30-46) — _populateRevealedCredentials caches all credentials in DOM data-real-value even when the user only clicked Show on one field.

9. Missing deny-path regression tests — CLAUDE.md requires tests for unauthenticated, wrong-team, and insufficient-permission paths. None exist for this endpoint.

[jonpspri]

@gandhipratik203 This one makes me nervous -- let's revisit it after we've gone through the re-engineering of the security architecture.