fix: manageGateway/queryGateway 未返回完整可访问 URL，导致评测框架构造了错误的 hostname 触发 TLS 证书不匹配

[binggg]

Attribution issue

• issueId: issue_mojh1bit_4ih8ny
• category: tool
• canonicalTitle: manageGateway/queryGateway 未返回完整可访问 URL，导致评测框架构造了错误的 hostname 触发 TLS 证书不匹配
• representativeRun: atomic-js-cloudbase-mock-jinguyuan-dumpling-mcp/2026-04-29T03-14-06-0uqr62

Automation summary

• root_cause: queryGateway(action=getAccess) built URLs from ALL domains returned by getDomainList(), including the internal DefaultDomain (e.g. {envId}.tcbaccess-in.tencentcloudbase.com) which lacks public TLS certificates. The TLS certificate only covers *.tcloudbase.com domains. Additionally, manageGateway(action=createAccess) returned no URL at all, leaving agents without the correct externally-accessible URL to share with callers.
• changes: (1) Added isExternalDomain() filter that keeps only *.tcloudbase.com domains (which have valid public TLS certs) and excludes *.tencentcloudbase.com internal domains. (2) listGatewayDomains() now returns both domains (external only, used for URL construction) and allDomains (full list for reference). (3) queryGateway(action=getAccess) returns urls and domains from external domains only, plus allDomains for visibility. (4) manageGateway(action=createAccess) now queries the domain list after creating the access entry and returns urls, primaryUrl, and domains so the agent immediately knows the accessible URL without an extra round-trip. (5) Updated tests to use a realistic mock where DefaultDomain is

Changed files

• mcp/src/tools/gateway.test.ts
• mcp/src/tools/gateway.ts

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fe288fedd9

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Include custom domains when building accessible gateway URLs

isExternalDomain() now whitelists only *.tcloudbase.com, which drops valid user-bound custom domains (for example api.example.com) returned by getDomainList().ServiceSet. In this same file, listCustomDomains still treats ServiceSet as the custom-domain source, so filtering them out here means queryGateway(action=getAccess) and manageGateway(action=createAccess) can return empty or incomplete urls/primaryUrl even when public access is correctly configured through a custom domain, regressing production setups that rely on non-tcloudbase.com hostnames.

Useful? React with 👍 / 👎.

[binggg]

Attribution post-PR evaluation

• visibility: internal identifiers, run ids, and private links are intentionally omitted
• attempt: 1
• eval_scope: primary_plus_regression
• overall: FAILED
• summary: at least one planned evaluation case failed
• updated_at: 2026-04-29T04:30:10.183Z

Cases

• [FAILED] — primary — evaluation failed
• [PENDING] — regression 1 — queued
• [PENDING] — regression 2 — queued