Integrate circuit breaker with vMCP routing and aggregation

Complete the circuit breaker integration by wiring it through the Virtual
MCP Server stack for automatic backend failure handling.

Configuration wiring (cmd/vmcp/app/commands.go):
  - Wire circuit breaker config from YAML to health monitor
  - Pass configurable failure threshold and timeout to monitor
  - Log circuit breaker enablement on server startup

Capability filtering (pkg/vmcp/aggregator/default_aggregator.go):
  - Filter tools, resources, and prompts from unhealthy backends
  - Skip capabilities when backend status is Unhealthy, Unknown, or
    Unauthenticated
  - Keep capabilities from Healthy and Degraded backends (degraded
    backends are still operational)
  - Add isBackendHealthy helper for status evaluation

Routing protection (pkg/vmcp/router/default_router.go):
  - Check backend health before routing requests
  - Return ErrBackendUnavailable when backend is unhealthy
  - Add isTargetHealthy helper for status evaluation
  - Log warnings when routing fails due to backend unavailability

Testing (pkg/vmcp/router/default_router_test.go):
  - Add HealthStatus to all test fixtures
  - Add test cases for unhealthy backend routing failures
  - Add test cases for unauthenticated backend failures
  - Add test cases for degraded backend success (still operational)
  - Cover all three routing methods: tools, resources, prompts

Related-to: #3036

Author: taskbot

cmd/vmcp/app/commands.go

@@ -433,6 +433,19 @@ func runServe(cmd *cobra.Command, _ []string) error {
 			Timeout:            defaults.Timeout,
 			DegradedThreshold:  defaults.DegradedThreshold,
 		}
+
+		// Configure circuit breaker if enabled
+		if cfg.Operational.FailureHandling.CircuitBreaker != nil && cfg.Operational.FailureHandling.CircuitBreaker.Enabled {
+			healthMonitorConfig.CircuitBreaker = &health.CircuitBreakerConfig{
+				Enabled:          true,
+				FailureThreshold: cfg.Operational.FailureHandling.CircuitBreaker.FailureThreshold,
+				Timeout:          time.Duration(cfg.Operational.FailureHandling.CircuitBreaker.Timeout),
+			}
+			logger.Infof("Circuit breaker enabled (failure threshold: %d, timeout: %v)",
+				cfg.Operational.FailureHandling.CircuitBreaker.FailureThreshold,
+				time.Duration(cfg.Operational.FailureHandling.CircuitBreaker.Timeout))
+		}
+
 		logger.Info("Health monitoring configured from operational settings")
 	}
 

pkg/vmcp/aggregator/default_aggregator.go

@@ -302,65 +302,77 @@ func (a *defaultAggregator) MergeCapabilities(
 	// Convert resolved tools to final vmcp.Tool format
 	tools := make([]vmcp.Tool, 0, len(resolved.Tools))
 	for _, resolvedTool := range resolved.Tools {
+		// Look up full backend information from registry
+		backend := registry.Get(ctx, resolvedTool.BackendID)
+		if backend == nil {
+			logger.Warnf("Backend %s not found in registry for tool %s, skipping",
+				resolvedTool.BackendID, resolvedTool.ResolvedName)
+			continue
+		}
+
+		// Filter out tools from unhealthy backends
+		if !isBackendHealthy(backend.HealthStatus) {
+			logger.Debugf("Skipping tool %s from unhealthy backend %s (status: %s)",
+				resolvedTool.ResolvedName, backend.Name, backend.HealthStatus)
+			continue
+		}
+
 		tools = append(tools, vmcp.Tool{
 			Name:        resolvedTool.ResolvedName,
 			Description: resolvedTool.Description,
 			InputSchema: resolvedTool.InputSchema,
 			BackendID:   resolvedTool.BackendID,
 		})
 
-		// Look up full backend information from registry
-		backend := registry.Get(ctx, resolvedTool.BackendID)
-		if backend == nil {
-			logger.Warnf("Backend %s not found in registry for tool %s, creating minimal target",
-				resolvedTool.BackendID, resolvedTool.ResolvedName)
-			routingTable.Tools[resolvedTool.ResolvedName] = &vmcp.BackendTarget{
-				WorkloadID:             resolvedTool.BackendID,
-				OriginalCapabilityName: resolvedTool.OriginalName,
-			}
-		} else {
-			// Use the backendToTarget helper from registry package
-			target := vmcp.BackendToTarget(backend)
-			// Store the original tool name for forwarding to backend
-			target.OriginalCapabilityName = resolvedTool.OriginalName
-			routingTable.Tools[resolvedTool.ResolvedName] = target
-		}
+		// Use the backendToTarget helper from registry package
+		target := vmcp.BackendToTarget(backend)
+		// Store the original tool name for forwarding to backend
+		target.OriginalCapabilityName = resolvedTool.OriginalName
+		routingTable.Tools[resolvedTool.ResolvedName] = target
 	}
 
 	// Add resources to routing table
 	for _, resource := range resolved.Resources {
 		backend := registry.Get(ctx, resource.BackendID)
 		if backend == nil {
-			logger.Warnf("Backend %s not found in registry for resource %s, creating minimal target",
+			logger.Warnf("Backend %s not found in registry for resource %s, skipping",
 				resource.BackendID, resource.URI)
-			routingTable.Resources[resource.URI] = &vmcp.BackendTarget{
-				WorkloadID:             resource.BackendID,
-				OriginalCapabilityName: resource.URI,
-			}
-		} else {
-			target := vmcp.BackendToTarget(backend)
-			// Store the original resource URI for forwarding to backend
-			target.OriginalCapabilityName = resource.URI
-			routingTable.Resources[resource.URI] = target
+			continue
+		}
+
+		// Filter out resources from unhealthy backends
+		if !isBackendHealthy(backend.HealthStatus) {
+			logger.Debugf("Skipping resource %s from unhealthy backend %s (status: %s)",
+				resource.URI, backend.Name, backend.HealthStatus)
+			continue
 		}
+
+		target := vmcp.BackendToTarget(backend)
+		// Store the original resource URI for forwarding to backend
+		target.OriginalCapabilityName = resource.URI
+		routingTable.Resources[resource.URI] = target
 	}
 
 	// Add prompts to routing table
 	for _, prompt := range resolved.Prompts {
 		backend := registry.Get(ctx, prompt.BackendID)
 		if backend == nil {
-			logger.Warnf("Backend %s not found in registry for prompt %s, creating minimal target",
+			logger.Warnf("Backend %s not found in registry for prompt %s, skipping",
 				prompt.BackendID, prompt.Name)
-			routingTable.Prompts[prompt.Name] = &vmcp.BackendTarget{
-				WorkloadID:             prompt.BackendID,
-				OriginalCapabilityName: prompt.Name,
-			}
-		} else {
-			target := vmcp.BackendToTarget(backend)
-			// Store the original prompt name for forwarding to backend
-			target.OriginalCapabilityName = prompt.Name
-			routingTable.Prompts[prompt.Name] = target
+			continue
 		}
+
+		// Filter out prompts from unhealthy backends
+		if !isBackendHealthy(backend.HealthStatus) {
+			logger.Debugf("Skipping prompt %s from unhealthy backend %s (status: %s)",
+				prompt.Name, backend.Name, backend.HealthStatus)
+			continue
+		}
+
+		target := vmcp.BackendToTarget(backend)
+		// Store the original prompt name for forwarding to backend
+		target.OriginalCapabilityName = prompt.Name
+		routingTable.Prompts[prompt.Name] = target
 	}
 
 	// Determine conflict strategy used
@@ -466,3 +478,18 @@ func (a *defaultAggregator) AggregateCapabilities(
 
 	return aggregated, nil
 }
+
+// isBackendHealthy determines if a backend is healthy enough to have its capabilities included.
+// Returns true for healthy and degraded backends (degraded backends are still operational).
+// Returns false for unhealthy, unknown, and unauthenticated backends.
+func isBackendHealthy(status vmcp.BackendHealthStatus) bool {
+	switch status {
+	case vmcp.BackendHealthy, vmcp.BackendDegraded:
+		return true
+	case vmcp.BackendUnhealthy, vmcp.BackendUnknown, vmcp.BackendUnauthenticated:
+		return false
+	default:
+		// Unknown status - err on the side of caution
+		return false
+	}
+}

pkg/vmcp/router/default_router.go

@@ -71,6 +71,13 @@ func routeCapability(
 		return nil, fmt.Errorf("%w: %s", notFoundErr, key)
 	}
 
+	// Check if the backend is healthy before routing
+	if !isTargetHealthy(target.HealthStatus) {
+		logger.Warnf("%s %s found but backend %s is unavailable (status: %s)",
+			entityType, key, target.WorkloadName, target.HealthStatus)
+		return nil, fmt.Errorf("%w: backend %s is %s", ErrBackendUnavailable, target.WorkloadName, target.HealthStatus)
+	}
+
 	logger.Debugf("Routed %s %s to backend %s", entityType, key, target.WorkloadID)
 	return target, nil
 }
@@ -116,3 +123,18 @@ func (*defaultRouter) RoutePrompt(ctx context.Context, name string) (*vmcp.Backe
 		ErrPromptNotFound,
 	)
 }
+
+// isTargetHealthy determines if a backend target is healthy enough to route requests to.
+// Returns true for healthy and degraded backends (degraded backends are still operational).
+// Returns false for unhealthy, unknown, and unauthenticated backends.
+func isTargetHealthy(status vmcp.BackendHealthStatus) bool {
+	switch status {
+	case vmcp.BackendHealthy, vmcp.BackendDegraded:
+		return true
+	case vmcp.BackendUnhealthy, vmcp.BackendUnknown, vmcp.BackendUnauthenticated:
+		return false
+	default:
+		// Unknown status - err on the side of caution
+		return false
+	}
+}

pkg/vmcp/router/default_router_test.go

@@ -35,6 +35,7 @@ func TestDefaultRouter_RouteTool(t *testing.T) {
 						WorkloadID:   "backend1",
 						WorkloadName: "Backend 1",
 						BaseURL:      "http://backend1:8080",
+						HealthStatus: vmcp.BackendHealthy,
 					},
 				},
 				Resources: make(map[string]*vmcp.BackendTarget),
@@ -73,6 +74,60 @@ func TestDefaultRouter_RouteTool(t *testing.T) {
 			expectError:   true,
 			errorContains: "routing table tools map not initialized",
 		},
+		{
+			name: "backend is unhealthy",
+			setupTable: &vmcp.RoutingTable{
+				Tools: map[string]*vmcp.BackendTarget{
+					"test_tool": {
+						WorkloadID:   "backend1",
+						WorkloadName: "Backend 1",
+						BaseURL:      "http://backend1:8080",
+						HealthStatus: vmcp.BackendUnhealthy,
+					},
+				},
+				Resources: make(map[string]*vmcp.BackendTarget),
+				Prompts:   make(map[string]*vmcp.BackendTarget),
+			},
+			toolName:      "test_tool",
+			expectError:   true,
+			errorContains: "backend unavailable",
+		},
+		{
+			name: "backend is unauthenticated",
+			setupTable: &vmcp.RoutingTable{
+				Tools: map[string]*vmcp.BackendTarget{
+					"test_tool": {
+						WorkloadID:   "backend1",
+						WorkloadName: "Backend 1",
+						BaseURL:      "http://backend1:8080",
+						HealthStatus: vmcp.BackendUnauthenticated,
+					},
+				},
+				Resources: make(map[string]*vmcp.BackendTarget),
+				Prompts:   make(map[string]*vmcp.BackendTarget),
+			},
+			toolName:      "test_tool",
+			expectError:   true,
+			errorContains: "backend unavailable",
+		},
+		{
+			name: "backend is degraded but still works",
+			setupTable: &vmcp.RoutingTable{
+				Tools: map[string]*vmcp.BackendTarget{
+					"test_tool": {
+						WorkloadID:   "backend1",
+						WorkloadName: "Backend 1",
+						BaseURL:      "http://backend1:8080",
+						HealthStatus: vmcp.BackendDegraded,
+					},
+				},
+				Resources: make(map[string]*vmcp.BackendTarget),
+				Prompts:   make(map[string]*vmcp.BackendTarget),
+			},
+			toolName:    "test_tool",
+			expectedID:  "backend1",
+			expectError: false,
+		},
 	}
 
 	for _, tt := range tests {
@@ -126,6 +181,7 @@ func TestDefaultRouter_RouteResource(t *testing.T) {
 						WorkloadID:   "backend2",
 						WorkloadName: "Backend 2",
 						BaseURL:      "http://backend2:8080",
+						HealthStatus: vmcp.BackendHealthy,
 					},
 				},
 				Prompts: make(map[string]*vmcp.BackendTarget),
@@ -163,6 +219,42 @@ func TestDefaultRouter_RouteResource(t *testing.T) {
 			expectError:   true,
 			errorContains: "routing table resources map not initialized",
 		},
+		{
+			name: "backend is unhealthy",
+			setupTable: &vmcp.RoutingTable{
+				Tools: make(map[string]*vmcp.BackendTarget),
+				Resources: map[string]*vmcp.BackendTarget{
+					"file:///path/to/resource": {
+						WorkloadID:   "backend2",
+						WorkloadName: "Backend 2",
+						BaseURL:      "http://backend2:8080",
+						HealthStatus: vmcp.BackendUnhealthy,
+					},
+				},
+				Prompts: make(map[string]*vmcp.BackendTarget),
+			},
+			uri:           "file:///path/to/resource",
+			expectError:   true,
+			errorContains: "backend unavailable",
+		},
+		{
+			name: "backend is degraded but still works",
+			setupTable: &vmcp.RoutingTable{
+				Tools: make(map[string]*vmcp.BackendTarget),
+				Resources: map[string]*vmcp.BackendTarget{
+					"file:///path/to/resource": {
+						WorkloadID:   "backend2",
+						WorkloadName: "Backend 2",
+						BaseURL:      "http://backend2:8080",
+						HealthStatus: vmcp.BackendDegraded,
+					},
+				},
+				Prompts: make(map[string]*vmcp.BackendTarget),
+			},
+			uri:         "file:///path/to/resource",
+			expectedID:  "backend2",
+			expectError: false,
+		},
 	}
 
 	for _, tt := range tests {
@@ -217,6 +309,7 @@ func TestDefaultRouter_RoutePrompt(t *testing.T) {
 						WorkloadID:   "backend3",
 						WorkloadName: "Backend 3",
 						BaseURL:      "http://backend3:8080",
+						HealthStatus: vmcp.BackendHealthy,
 					},
 				},
 			},
@@ -253,6 +346,42 @@ func TestDefaultRouter_RoutePrompt(t *testing.T) {
 			expectError:   true,
 			errorContains: "routing table prompts map not initialized",
 		},
+		{
+			name: "backend is unhealthy",
+			setupTable: &vmcp.RoutingTable{
+				Tools:     make(map[string]*vmcp.BackendTarget),
+				Resources: make(map[string]*vmcp.BackendTarget),
+				Prompts: map[string]*vmcp.BackendTarget{
+					"greeting": {
+						WorkloadID:   "backend3",
+						WorkloadName: "Backend 3",
+						BaseURL:      "http://backend3:8080",
+						HealthStatus: vmcp.BackendUnhealthy,
+					},
+				},
+			},
+			promptName:    "greeting",
+			expectError:   true,
+			errorContains: "backend unavailable",
+		},
+		{
+			name: "backend is degraded but still works",
+			setupTable: &vmcp.RoutingTable{
+				Tools:     make(map[string]*vmcp.BackendTarget),
+				Resources: make(map[string]*vmcp.BackendTarget),
+				Prompts: map[string]*vmcp.BackendTarget{
+					"greeting": {
+						WorkloadID:   "backend3",
+						WorkloadName: "Backend 3",
+						BaseURL:      "http://backend3:8080",
+						HealthStatus: vmcp.BackendDegraded,
+					},
+				},
+			},
+			promptName:  "greeting",
+			expectedID:  "backend3",
+			expectError: false,
+		},
 	}
 
 	for _, tt := range tests {
@@ -292,14 +421,14 @@ func TestDefaultRouter_ConcurrentAccess(t *testing.T) {
 	// Setup routing table
 	table := &vmcp.RoutingTable{
 		Tools: map[string]*vmcp.BackendTarget{
-			"tool1": {WorkloadID: "backend1"},
-			"tool2": {WorkloadID: "backend2"},
+			"tool1": {WorkloadID: "backend1", HealthStatus: vmcp.BackendHealthy},
+			"tool2": {WorkloadID: "backend2", HealthStatus: vmcp.BackendHealthy},
 		},
 		Resources: map[string]*vmcp.BackendTarget{
-			"res1": {WorkloadID: "backend1"},
+			"res1": {WorkloadID: "backend1", HealthStatus: vmcp.BackendHealthy},
 		},
 		Prompts: map[string]*vmcp.BackendTarget{
-			"prompt1": {WorkloadID: "backend2"},
+			"prompt1": {WorkloadID: "backend2", HealthStatus: vmcp.BackendHealthy},
 		},
 	}