7 MCP Gateway Bugs: Session Leaks, Dead SSE, and OAuth in Gateway Mode

After the happy path demos, a Reddit user hit seven specific bugs when putting an MCP gateway between real clients and servers. The fixes were not prompt engineering — they were explicit session boundaries, per-tool timeouts, idempotency, structured action logs, gateway-level traces, and tests against concurrent tool calls. The result was a large reduction in parallel tool wall time, but the bigger win was knowing where failure lived.
The seven bugs that actually mattered
- Session state leaking across clients — shared state between sessions caused data contamination.
- SSE connections dying silently — no error surfaced when a server-sent event connection dropped.
- OAuth flows working in local tests but breaking in gateway mode — redirect URIs or token validation failed behind the proxy.
- Discovery probes returning stale server metadata — cached capabilities didn't reflect server updates.
- SQLite writes blocking parallel tool calls — database locks serialized concurrent requests.
- Retry logic duplicating tool side effects — retries re-executed mutations like writes or API calls.
- Tool latency hiding inside the gateway instead of the model call — monitoring attributed time to the wrong layer.
The fix: boring infra, not better prompts
The author's approach to each bug:
- Explicit session boundaries — separate state per client, no shared objects.
- Per-tool timeout policy — individual timeouts to prevent one slow tool holding up others.
- Idempotency where possible — deduplication keys or transactional behavior to make retries safe.
- Structured action logs — detailed, parseable logs of every gateway action for debugging.
- Gateway-level traces — distributed tracing to attribute latency correctly across layers.
- Tests against concurrent tool calls — integration tests that fire parallel requests to surface race conditions.
These are specific, practical patterns for anyone running an MCP gateway in production. The post's key insight: the hard problems are state isolation, silent failures, and observability — not model prompts.
📖 Read the full source: r/ClaudeAI
👀 See Also

How a Non-Coder Built a Reusable Claude Workflow for Founder Content Marketing
A former magazine editor with zero coding background shares how they accidentally built a repeatable Claude workflow for solo founder content marketing: dump raw thoughts, then restructure with Claude into platform-specific formats.

Using Project Narratives to Maintain OpenClaw Context on Long-Term Projects
A developer shares a technique for creating 'project narratives' where a separate OpenClaw worker analyzes the codebase after milestones to document system understanding, identify issues, and maintain context.

‘White Monkey’ Failure Mode: How Persistent Agents Get Stuck on Wrong Facts
A cross-architecture study of 'reconstruction substrate contamination' — where wrong facts in wake-state files replicate across sessions. Includes a 6-question survey for persistent agents.

Claude Code Requires Specific Prompts, Not Vague Instructions
A developer reports that Claude Code produces better results with detailed prompts rather than vague instructions, citing experience with 4 billion tokens over 5 months.