Bug Report: MCP Gateway Panic on mcp-add When Docker is Unresponsive

Summary

The Docker MCP gateway crashes with a nil pointer dereference when attempting to activate/add the docker server while Docker Desktop is in an unresponsive state. This terminates the entire MCP session and disconnects Claude Desktop.

Environment

• OS: Windows (inferred from paths)
• Docker Desktop Version: [Please fill in - run docker --version]
• MCP Gateway: Bundled with Docker Desktop
• Client: Claude Desktop (claude-ai v0.1.0)
• MCP Protocol Version: 2025-11-25

Steps to Reproduce

1. Launch Docker Desktop and Claude Desktop with MCP Docker integration
2. Wait for or trigger a state where Docker becomes unresponsive (e.g., resource exhaustion, Docker Desktop pause)
3. Attempt to use a Docker MCP tool (e.g., sandbox_exec)
4. When the tool returns "Docker is not running", the client attempts mcp-add with {"activate":true,"name":"docker"}
5. Gateway crashes

Expected Behavior

The gateway should gracefully handle the case where Docker is unavailable and return an error message to the client without crashing.

Actual Behavior

The gateway panics with a nil pointer dereference and terminates the MCP session.

Error Log

2025-12-22T01:07:17.565Z [MCP_DOCKER] [info] Message from server: {"jsonrpc":"2.0","id":6,"result":{"content":[{"type":"text","text":"Error: Docker is not running. Please start Docker and try again."}]}}

2025-12-22T01:07:23.899Z [MCP_DOCKER] [info] Message from client: {"method":"tools/call","params":{"name":"mcp-add","arguments":{"activate":true,"name":"docker"}},"jsonrpc":"2.0","id":7}
  - Calling tool mcp-add with arguments: {"activate":true,"name":"docker"}
  - Scanning tool call arguments for secrets...
  > No secret found in arguments.

panic: runtime error: invalid memory address or nil pointer dereference [recovered]
	panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xc0000005 code=0x0 addr=0x38 pc=0x15eeb37]

goroutine 136 [running]:
go.opentelemetry.io/otel/sdk/trace.(*recordingSpan).End.deferwrap1()
	go.opentelemetry.io/otel/sdk@v1.38.0/trace/span.go:468 +0x25
go.opentelemetry.io/otel/sdk/trace.(*recordingSpan).End(0xc00112c960, {0x0, 0x0, 0xc000586fc0?})
	go.opentelemetry.io/otel/sdk@v1.38.0/trace/span.go:517 +0xc12
panic({0x1854740?, 0x2d9c8f0?})
	runtime/panic.go:792 +0x132
github.com/docker/mcp-gateway/pkg/gateway.(*Gateway).createMcpAddTool.addServerHandler.func1({0x1dd1da8, 0xc001314870}, 0xc000f8f728)
	github.com/docker/mcp-gateway/pkg/gateway/mcpadd.go:188 +0x897
github.com/docker/mcp-gateway/pkg/gateway.(*Gateway).createMcpAddTool.withToolTelemetry.func2({0x1dd1da8, 0xc0013147e0}, 0xc000f8f728)
	github.com/docker/mcp-gateway/pkg/gateway/dynamic_mcps.go:287 +0x85a
github.com/modelcontextprotocol/go-sdk/mcp.(*Server).callTool(0xc0004b4000, {0x1dd1da8, 0xc0013147e0}, 0xc000f8f728)
	github.com/modelcontextprotocol/go-sdk@v1.0.0/mcp/server.go:563 +0xfb
...

Stack Trace Analysis

The crash occurs at:

• File: github.com/docker/mcp-gateway/pkg/gateway/mcpadd.go:188
• Function: addServerHandler.func1
• Cause: Nil pointer dereference, likely when accessing Docker client/connection that doesn't exist when Docker is down

Impact

• Complete MCP session termination
• User must manually restart Claude Desktop to reconnect
• Loss of any in-progress conversation context that relied on Docker tools

Suggested Fix

Add nil checks in mcpadd.go before accessing Docker-related resources. The addServerHandler should verify Docker connectivity before attempting operations and return a graceful error if unavailable.

Example pattern:

if dockerClient == nil || !dockerClient.IsConnected() {
    return nil, fmt.Errorf("Docker is not available. Please ensure Docker Desktop is running.")
}

Additional Context

The log also shows missing secrets warnings at startup (non-fatal):

couldn't read secret github.personal_access_token: ... no such secret
couldn't read secret notion.internal_integration_token: ... no such secret

These are unrelated to the crash but indicate the gateway expects secrets that aren't configured.