MightyPrytanis · MightyPrytanis · Mar 2, 2026 · Feb 28, 2026 · Feb 28, 2026 · Mar 2, 2026
@@ -25,7 +25,7 @@ console.error('[HTTP Bridge] Starting module load...');
 // ESSENTIAL IMPORTS ONLY - These must load before server starts
 // ============================================================================
 
-import express from 'express';
+import express, { Request, Response, NextFunction } from 'express';
 console.error('[HTTP Bridge] Express imported');
 import cors, { CorsOptions } from 'cors';
 console.error('[HTTP Bridge] CORS imported');
@@ -1242,7 +1242,8 @@ app.get('/mcp/tools/info', async (req, res) => {
 });
 
 // Catch-all for unknown /mcp routes - always return JSON
-app.all('/mcp/*', (req, res) => {
+// Using '/mcp/*path' (named wildcard) for compatibility with path-to-regexp v8+
+app.all('/mcp/*path', (req, res) => {
   res.status(404).json({ isError: true, content: [{ text: `Unknown MCP route: ${req.path}` }] });
 });
 
@@ -1460,6 +1461,21 @@ app.use('/api', onboardingRoutes);
 // Mount beta portal routes
 app.use('/api/beta', betaRoutes);
 
+// ============================================================================
+// GLOBAL ERROR HANDLER
+// ============================================================================
+
+// Must be registered after all routes. Catches any unhandled errors and
+// returns a JSON response so tests never receive HTML/DOCTYPE error pages.
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+app.use((err: Error, req: Request, res: Response, _next: NextFunction) => {
+  console.error('[HTTP Bridge] Unhandled error:', err.message);
+  res.status(500).json({
+    isError: true,
+    content: [{ type: 'text', text: err.message || 'Internal server error' }],
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
-app.use((err: Error, req: Request, res: Response, _next: NextFunction) => {
-  console.error('[HTTP Bridge] Unhandled error:', err.message);
-  res.status(500).json({
-    isError: true,
-    content: [{ type: 'text', text: err.message || 'Internal server error' }],
+
+function sanitizeErrorMessage(err: Error, status: number): string {
+  // For client errors, it's generally safe to surface the message (validation, bad input, etc.)
+  if (status >= 400 && status < 500 && err.message) {
+    return err.message;
+  }
+
+  // For server errors, avoid leaking internal details
+  return 'Internal server error';
+}
+
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+app.use((err: Error, req: Request, res: Response, _next: NextFunction) => {
+  console.error('[HTTP Bridge] Unhandled error:', err.message);
+
+  const anyErr = err as any;
+  let status: number | undefined;
+
+  if (typeof anyErr.statusCode === 'number') {
+    status = anyErr.statusCode;
+  } else if (typeof anyErr.status === 'number') {
+    status = anyErr.status;
+  }
+
+  if (!status || status < 400 || status > 599) {
+    status = 500;
+  }
+
+  const isMcpRoute = req.path.startsWith('/mcp');
+  const message = sanitizeErrorMessage(err, status);
+
+  if (isMcpRoute) {
+    return res.status(status).json({
+      isError: true,
+      content: [{ type: 'text', text: message }],
+    });
+  }
+
+  return res.status(status).json({
+    error: {
+      message,
+    },
-// eslint-disable-next-line @typescript-eslint/no-unused-vars
-app.use((err: Error, req: Request, res: Response, _next: NextFunction) => {
-  console.error('[HTTP Bridge] Unhandled error:', err.message);
-  res.status(500).json({
-    isError: true,
-    content: [{ type: 'text', text: err.message || 'Internal server error' }],
+
+function sanitizeErrorMessage(err: Error, status: number): string {
+  // For client errors, it's generally safe to surface the message (validation, bad input, etc.)
+  if (status >= 400 && status < 500 && err.message) {
+    return err.message;
+  }
+
+  // For server errors, avoid leaking internal details
+  return 'Internal server error';
+}
+
+// eslint-disable-next-line @typescript-eslint/no-unused-vars
+app.use((err: Error, req: Request, res: Response, _next: NextFunction) => {
+  console.error('[HTTP Bridge] Unhandled error:', err.message);
+
+  const anyErr = err as any;
+  let status: number | undefined;
+
+  if (typeof anyErr.statusCode === 'number') {
+    status = anyErr.statusCode;
+  } else if (typeof anyErr.status === 'number') {
+    status = anyErr.status;
+  }
+
+  if (!status || status < 400 || status > 599) {
+    status = 500;
+  }
+
+  const isMcpRoute = req.path.startsWith('/mcp');
+  const message = sanitizeErrorMessage(err, status);
+
+  if (isMcpRoute) {
+    return res.status(status).json({
+      isError: true,
+      content: [{ type: 'text', text: message }],
+    });
+  }
+
+  return res.status(status).json({
+    error: {
+      message,
+    },
+  });
+});
+
 // ============================================================================
 // SERVER STARTUP
 // ============================================================================

@@ -42,8 +42,9 @@
       });
     });
 
-    // Wait a bit for server to be fully ready
-    await new Promise(resolve => setTimeout(resolve, 100));
+    // Wait for server to be fully ready before issuing test requests
+    // Increased from 100ms to 500ms to avoid race condition on slow CI runners
+    await new Promise(resolve => setTimeout(resolve, 500));
 
     // Get CSRF token for POST requests
     try {
@@ -89,7 +90,7 @@
        const errorText = await response.text();
        console.error('Error response:', errorText);
      }
      expect(response.status).toBe(200);
      const data = await response.json();
      expect(data).toHaveProperty('tools');
      expect(Array.isArray(data.tools)).toBe(true);
@@ -99,13 +100,13 @@
      const response = await fetch(`${baseUrl}/mcp/tools`);
      const data = await response.json();
      // Should have 32+ tools (updated from original 17)
      expect(data.tools.length).toBeGreaterThanOrEqual(32);
    });

    it('should return tools in correct format', async () => {
      const response = await fetch(`${baseUrl}/mcp/tools`);
      const data = await response.json();
      const firstTool = data.tools[0];
      expect(firstTool).toHaveProperty('name');
      expect(firstTool).toHaveProperty('description');
      expect(firstTool).toHaveProperty('inputSchema');
@@ -124,7 +125,7 @@
          input: {}
        })
      });
      expect(response.status).toBe(200);
      const data = await response.json();
      expect(data).toHaveProperty('content');
    });
@@ -176,7 +177,7 @@
      });
      const data = await response.json();
      expect(data.isError).toBe(true);
      expect(data.content[0].text).toContain('not found');
    });

    it('should handle invalid input schemas', async () => {
@@ -220,7 +221,7 @@
    it('should expose chronometric_module via HTTP', async () => {
      const response = await fetch(`${baseUrl}/mcp/tools`);
      const data = await response.json();
      const chronometricModule = data.tools.find((t: any) => t.name === 'chronometric_module');
      expect(chronometricModule).toBeDefined();
    });

@@ -240,7 +241,7 @@
          }
        })
      });
      expect(response.status).toBe(200);
      const data = await response.json();
      expect(data).toHaveProperty('content');
    });
@@ -250,21 +251,21 @@
    it('should expose mae_engine via HTTP', async () => {
      const response = await fetch(`${baseUrl}/mcp/tools`);
      const data = await response.json();
      const maeEngine = data.tools.find((t: any) => t.name === 'mae_engine');
      expect(maeEngine).toBeDefined();
    });

    it('should expose goodcounsel_engine via HTTP', async () => {
      const response = await fetch(`${baseUrl}/mcp/tools`);
      const data = await response.json();
      const goodcounselEngine = data.tools.find((t: any) => t.name === 'goodcounsel_engine');
      expect(goodcounselEngine).toBeDefined();
    });

    it('should expose potemkin_engine via HTTP', async () => {
      const response = await fetch(`${baseUrl}/mcp/tools`);
      const data = await response.json();
      const potemkinEngine = data.tools.find((t: any) => t.name === 'potemkin_engine');
      expect(potemkinEngine).toBeDefined();
    });