feat: Structured Server State - Health as Single Source of Truth (smart-mcp-proxy#205)

* docs: update 013 spec to reflect current implementation state

Mark completed items from smart-mcp-proxy#192 (Unified Health Status):
- HealthStatus struct and calculator implemented
- Health field on Server struct
- Frontend HealthStatus interface and component integration
- Action buttons working in ServerCard and Dashboard

Narrow remaining scope to:
- Structured state objects (OAuthState, ConnectionState)
- Doctor() aggregation from Health
- Dashboard UI consolidation

* docs: streamline 013 spec to focus on remaining work

Remove completed items (smart-mcp-proxy#192 Unified Health Status):
- HealthStatus struct, calculator, and frontend integration
- Health field on Server
- Action buttons in UI

Remaining scope:
- OAuthState and ConnectionState structured types
- Doctor() aggregation from Health
- Dashboard UI consolidation (remove duplicate diagnostics)

* docs: redesign 013 spec with Health as single source of truth

- Health becomes the single source of truth for per-server issues

- Add new Health actions: set_secret, configure

- Doctor() aggregates from Health instead of independent detection

- UI navigates to fix locations (secrets page, config tab)

- Remove OAuthState/ConnectionState structured objects from scope

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

* docs: add CLI handling to 013 spec

- Add FR-012: upstream list MUST handle new Health actions

- Add CLI Hint column to Actions table

- Add Phase 4: CLI Updates to plan.md

- Add section 8: CLI Updates to quickstart.md

* Add tasks

* feat: add set_secret and configure health actions

Implement Health as single source of truth for server state by adding
two new action types that detect and surface configuration issues:

- set_secret: Shown when a server references an unresolved secret
  (e.g., ${env:MISSING_TOKEN}). Detail field contains the secret name.
- configure: Shown when OAuth configuration has parameter errors
  (e.g., missing RFC 8707 resource parameter).

Changes:
- Add ActionSetSecret/ActionConfigure constants and extraction helpers
- Extend HealthCalculatorInput with MissingSecret/OAuthConfigErr fields
- Add detection logic in CalculateHealth() with unit tests
- Refactor Doctor() to aggregate diagnostics from Health.Action
- Add action buttons in ServerCard.vue and Dashboard.vue
- Update CLI hints in upstream_cmd.go for new actions
- Update TypeScript types and swagger.yaml documentation

This ensures CLI (mcpproxy doctor), Web UI, and MCP tools all show
consistent health information derived from the same source.

* fix: propagate health field to tray for consistent connected count

The tray was showing incorrect connected counts (8/15) compared to CLI
(13 healthy) because the health field was not being propagated through
the API client layer.

Changes:
- Add HealthStatus struct and Health field to tray API client
- Extract health from JSON response in GetServers()
- Include health in adapter GetAllServers() output map
- Add extractHealthLevel() helper to managers.go
- Add debug logging to trace health extraction
- Add validation script (scripts/validate-health-api.sh)
- Add tests for health propagation and consistency

Spec 013: Health is the single source of truth for server status.

* fix(frontend): use health.level for connected server count

The web UI was showing 8 connected servers instead of 13 because it
was using the legacy connected boolean field instead of health.level.

Added isServerConnected() helper that uses health.level === healthy
as the source of truth (per Spec 013), with fallback to legacy connected
field for backward compatibility.

This aligns the web UI with the tray and CLI which were fixed in the
previous commit.

* fix: improve doctor CLI output and health propagation

- Fix OAuth display to show server objects with specific auth login hints
- Add sortArrayByServerName for consistent doctor output ordering
- Fix health extraction to handle both struct pointers and maps
- Add health status calculation to GetAllServers() endpoint
- Update Action field docs to include set_secret and configure

* fix: use correct field names for missing secrets in doctor output

Update doctor command to use field names from contracts.MissingSecretInfo:
- secret_name instead of name
- used_by (array) instead of server

Also fix tests to match the actual backend JSON structure.

* make swagger

* fix(frontend): add Login option to server detail page Actions dropdown

Use unified health.action to show Login button consistently with
ServerCard.vue, replacing the narrow needsOAuth check that only
matched errors containing 'authorization'.

* chore(frontend): remove dead needsOAuth computed properties

Both ServerCard.vue and ServerDetail.vue now use healthAction from the
unified health status. The needsOAuth computed properties were no longer
referenced anywhere and can be safely removed.

* fix: add build tag to managers_test.go for Linux CI compatibility

The test file was missing the same build constraint as managers.go,
causing test compilation failures on Linux (ubuntu-latest in CI).
The managers.go file has //go:build !nogui && !headless && !linux
but managers_test.go had no build tag, leading to undefined:
extractHealthLevel errors when running tests on Linux.

* chore: remove unused diagnostics functions after Health.Action refactor

* refactor: extract isHealthy helper pattern for consistent health checks

Add centralized helper functions for checking server health status:

Go:
- Add IsHealthy() to internal/health/constants.go for core server use
- Add isServerHealthy() to tray adapter for local HealthStatus type
- Update tray adapter to use helper instead of duplicated inline logic

TypeScript:
- Create frontend/src/utils/health.ts with isServerConnected() helper
- Add HealthLevel, AdminState, HealthAction constants matching backend
- Update stores/servers.ts to import from centralized utility

Benefits:
- Single source of truth for health check logic per language
- Consistent fallback behavior when health is nil/undefined
- Easier maintenance when updating health check algorithm
- Better testability with isolated helper functions

Implements suggestion smart-mcp-proxy#1 from PR smart-mcp-proxy#205 review.

* refactor(types): eliminate magic strings for health actions

Add health constants generation to cmd/generate-types to create
TypeScript types from a single source of truth:

- Add HealthLevel, AdminState, and HealthAction const/type exports
- Add HealthStatus interface using the typed unions
- Fix generate-types output path to frontend/src/types/
- Update Server interface with missing fields (connecting, authenticated,
  tool_list_token_size, oauth_status, token_expires_at, user_logged_out,
  health)
- Add UpdateInfo and InfoResponse types
- Update api.ts to re-export health types from contracts.ts
- Add documentation to Go constants noting TypeScript synchronization

This prevents drift between Go and TypeScript when adding new health
actions and provides compile-time type checking for action strings.

* refactor(frontend): consolidate APIResponse type to single source of truth

Remove duplicate APIResponse interface from api.ts and re-export it from
contracts.ts, which is the generated source of truth for types derived
from Go constants.

* test(tray): add real unit tests for ServerAdapter with mock client

Replace documentation-style tests with 22 actual unit tests that verify
adapter behavior through mock dependency injection. Changes include:

- Add ClientInterface to enable mock-based testing
- Refactor ServerAdapter to depend on interface instead of concrete Client
- Add MockClient implementation for controlled test scenarios
- Test health data preservation through GetAllServers transformation
- Test isServerHealthy helper with all health level and fallback cases
- Test GetUpstreamStats correctly uses health.level as source of truth
- Test error handling paths for API failures
- Add end-to-end health data flow integration test

* feat(tray,frontend): use health.action as single source of truth for actions

Implements User Stories 4 and 5 from spec 013:

Tray (US4 - FR-013 through FR-017):
- Remove serverSupportsOAuth() URL heuristic, use health.action instead
- Show Login Required for stdio OAuth servers (e.g., npx @anthropic/mcp-gcal)
- Add menu items for set_secret and configure health actions
- Use health.level for connected count (no legacy fallback)
- Use health.detail for tooltip instead of last_error

Web UI (US5 - FR-018, FR-019):
- Suppress redundant last_error display when health.action conveys the issue
- Add shouldShowError computed property
- Login/set_secret/configure actions suppress verbose error alert

Tests:
- TestServerNeedsAction: verifies health.action detection
- TestTrayLoginActionForStdioServers: stdio OAuth servers show login
- TestConnectedCountHealthLevelOnly: no fallback to legacy connected
- TestHealthActionMenuItemSelection: correct menu items per action

---------

Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Algis Dumbris <a.dumbris@gmail.com>

Author: 3 people

cmd/generate-types/main.go

@@ -14,7 +14,7 @@ func main() {
 	typeDefinitions := generateTypeDefinitions()
 
 	// Create output directory if it doesn't exist
-	outputDir := "web/frontend/src/types"
+	outputDir := "frontend/src/types"
 	if err := os.MkdirAll(outputDir, 0755); err != nil {
 		fmt.Printf("Error creating output directory: %v\n", err)
 		os.Exit(1)
@@ -46,6 +46,50 @@ func generateTypeDefinitions() string {
   error?: string;
 }
 
+`)
+
+	// Health constants - generated from internal/health/constants.go
+	// These must stay in sync with the Go constants
+	sb.WriteString(`// Health constants - generated from internal/health/constants.go
+// Health levels
+export const HealthLevelHealthy = 'healthy' as const;
+export const HealthLevelDegraded = 'degraded' as const;
+export const HealthLevelUnhealthy = 'unhealthy' as const;
+export type HealthLevel = typeof HealthLevelHealthy | typeof HealthLevelDegraded | typeof HealthLevelUnhealthy;
+
+// Admin states
+export const AdminStateEnabled = 'enabled' as const;
+export const AdminStateDisabled = 'disabled' as const;
+export const AdminStateQuarantined = 'quarantined' as const;
+export type AdminState = typeof AdminStateEnabled | typeof AdminStateDisabled | typeof AdminStateQuarantined;
+
+// Health actions - suggested remediation for health issues
+export const HealthActionNone = '' as const;
+export const HealthActionLogin = 'login' as const;
+export const HealthActionRestart = 'restart' as const;
+export const HealthActionEnable = 'enable' as const;
+export const HealthActionApprove = 'approve' as const;
+export const HealthActionViewLogs = 'view_logs' as const;
+export const HealthActionSetSecret = 'set_secret' as const;
+export const HealthActionConfigure = 'configure' as const;
+export type HealthAction =
+  | typeof HealthActionNone
+  | typeof HealthActionLogin
+  | typeof HealthActionRestart
+  | typeof HealthActionEnable
+  | typeof HealthActionApprove
+  | typeof HealthActionViewLogs
+  | typeof HealthActionSetSecret
+  | typeof HealthActionConfigure;
+
+export interface HealthStatus {
+  level: HealthLevel;
+  admin_state: AdminState;
+  summary: string;
+  detail?: string;
+  action?: HealthAction;
+}
+
 `)
 
 	// Server types
@@ -63,15 +107,22 @@ func generateTypeDefinitions() string {
   enabled: boolean;
   quarantined: boolean;
   connected: boolean;
+  connecting?: boolean; // Connection attempt in progress
+  authenticated?: boolean; // Has stored OAuth token (regardless of validity)
   status: string;
   last_error?: string;
   connected_at?: string; // ISO date string
   last_reconnect_at?: string; // ISO date string
   reconnect_count: number;
   tool_count: number;
+  tool_list_token_size?: number; // Token size for this server's tools
   created: string; // ISO date string
   updated: string; // ISO date string
   isolation?: IsolationConfig;
+  oauth_status?: 'authenticated' | 'expired' | 'error' | 'none'; // OAuth authentication status
+  token_expires_at?: string; // ISO date string when OAuth token expires
+  user_logged_out?: boolean; // True if user explicitly logged out (prevents auto-reconnection)
+  health?: HealthStatus; // Unified health status calculated by the backend
 }
 
 export interface OAuthConfig {
@@ -307,6 +358,27 @@ export function isAPIError(response: APIResponse): response is APIError {
 export function isAPISuccess<T>(response: APIResponse<T>): response is APISuccess<T> {
   return response.success;
 }
+
+// Update check types (from internal/updatecheck/types.go)
+export interface UpdateInfo {
+  available: boolean;
+  latest_version?: string;
+  release_url?: string;
+  checked_at?: string; // ISO date string
+  is_prerelease?: boolean;
+  check_error?: string;
+}
+
+export interface InfoResponse {
+  version: string;
+  web_ui_url: string;
+  listen_addr: string;
+  endpoints: {
+    http: string;
+    socket: string;
+  };
+  update?: UpdateInfo;
+}
 `)
 
 	return sb.String()

cmd/mcpproxy-tray/internal/api/adapter.go

@@ -10,13 +10,34 @@ import (
 	internalRuntime "mcpproxy-go/internal/runtime"
 )
 
+// ClientInterface defines the methods required by ServerAdapter from the API client.
+// This interface allows for testing with mock implementations.
+type ClientInterface interface {
+	GetServers() ([]Server, error)
+	GetInfo() (map[string]interface{}, error)
+	EnableServer(serverName string, enabled bool) error
+	TriggerOAuthLogin(serverName string) error
+	StatusChannel() <-chan StatusUpdate
+}
+
+// isServerHealthy returns true if the server is considered healthy.
+// It uses health.level as the source of truth, with a fallback to the legacy
+// connected field for backward compatibility when health is nil.
+func isServerHealthy(health *HealthStatus, legacyConnected bool) bool {
+	if health != nil {
+		return health.Level == "healthy"
+	}
+	// Fallback to legacy connected field if health is not available
+	return legacyConnected
+}
+
 // ServerAdapter adapts the API client to the ServerInterface expected by the tray
 type ServerAdapter struct {
-	client *Client
+	client ClientInterface
 }
 
 // NewServerAdapter creates a new server adapter
-func NewServerAdapter(client *Client) *ServerAdapter {
+func NewServerAdapter(client ClientInterface) *ServerAdapter {
 	return &ServerAdapter{
 		client: client,
 	}
@@ -61,7 +82,7 @@ func (a *ServerAdapter) GetUpstreamStats() map[string]interface{} {
 	connectedCount := 0
 	totalTools := 0
 	for _, server := range servers {
-		if server.Connected {
+		if isServerHealthy(server.Health, server.Connected) {
 			connectedCount++
 		}
 		totalTools += server.ToolCount
@@ -114,7 +135,7 @@ func (a *ServerAdapter) GetStatus() interface{} {
 
 	connectedCount := 0
 	for _, server := range servers {
-		if server.Connected {
+		if isServerHealthy(server.Health, server.Connected) {
 			connectedCount++
 		}
 	}
@@ -215,7 +236,7 @@ func (a *ServerAdapter) GetAllServers() ([]map[string]interface{}, error) {
 
 	var result []map[string]interface{}
 	for _, server := range servers {
-		result = append(result, map[string]interface{}{
+		serverMap := map[string]interface{}{
 			"name":            server.Name,
 			"url":             server.URL,
 			"command":         server.Command,
@@ -230,7 +251,20 @@ func (a *ServerAdapter) GetAllServers() ([]map[string]interface{}, error) {
 			"should_retry":    server.ShouldRetry,
 			"retry_count":     server.RetryCount,
 			"last_retry_time": server.LastRetry,
-		})
+		}
+
+		// Spec 013: Include health status as source of truth for connected count
+		if server.Health != nil {
+			serverMap["health"] = map[string]interface{}{
+				"level":       server.Health.Level,
+				"admin_state": server.Health.AdminState,
+				"summary":     server.Health.Summary,
+				"detail":      server.Health.Detail,
+				"action":      server.Health.Action,
+			}
+		}
+
+		result = append(result, serverMap)
 	}
 
 	return result, nil