Description
Observed behavior
The thv run command does not throw an error if it's unable to access a secret passed with the --secrets flag. I first encountered this when my secrets provider config entry was messed up, but can also reproduce by trying to reference a nonexistent secret. The output makes it look like the MCP server was successfully started, but it was not.
Reproduce
Run an MCP and reference a secret key that doesn't exist:
$ thv run --secret badsecret,target=GITHUB_PERSONAL_ACCESS_TOKEN github
10:22AM INF Processed cmdArgs: []
10:22AM INF ✅ MCP server ghcr.io/github/github-mcp-server:latest is verified successfully
10:22AM INF Image ghcr.io/github/github-mcp-server:latest has 'latest' tag, pulling to ensure we have the most recent version...
10:22AM INF Pulling image: ghcr.io/github/github-mcp-server:latest
Pulling from github/github-mcp-server: latest
Digest: sha256:9cd2504664e109dc2db016c71f38c6256a2c258de984566082a55f6923b2d044
Status: Image is up to date for ghcr.io/github/github-mcp-server:latest
10:22AM INF Successfully pulled image: ghcr.io/github/github-mcp-server:latest
10:22AM INF Using host port: 50862
10:22AM INF Logging to: /Users/dan/Library/Application Support/toolhive/logs/github.log
10:22AM INF MCP server is running in the background (PID: 52396)
10:22AM INF Use 'thv stop github' to stop the server
All looks well, but the server is not actually running:
$ thv list
No MCP servers found
Alternately, "break" your secrets provider (edit config.yaml and set provider_type: ""). This is how I originally discovered it, somehow my provider was blanked out.
Expected behavior
The thv run command should fail with the error you'd get from a thv secret command.
Example with a bad secret key:
$ thv secret get badsecret
Failed to get secret badsecret: secret not found: badsecret
Example with a broken provider config:
$ thv secret list
Failed to create secrets manager: failed to get secrets provider type: invalid secrets provider type: (valid types: encrypted, 1password, none)