Adding comprehensive integration tests for oauth consolidation

[cutecatfann]

What I did
I let Claude 4.6 Opus go wild with these tests! I did a review of the code and some edits (of course), but I think it did a pretty good job. I think the overview doc plus existing tests supported the AI well. However, it kept lying that it ran the tests + the CI locally... It would say that it ran all of the tests and all passed, then I would manually run to verify and something would fail

• Adds test coverage for per-server OAuth routing introduced in Phase 1 of the OAuth consolidation (MCPT-480 through MCPT-485)
• Covers the three command-layer entry points (authorize, revoke, enable) plus workingset registration, cleanup, mode determination, flag toggle, and mixed-mode operation
• Introduces function-pointer testability hooks in cmd/docker-mcp/oauth/ and cmd/docker-mcp/server/enable.go (same pattern as pkg/workingset/oauth.go) so routing tests run without Docker Desktop, docker pass, or a daemon
• Fixes mockDesktopMode in pkg/workingset/oauth_test.go to override shouldUseGatewayOAuthFunc, making existing Desktop-mode tests deterministic regardless of environment

Routing coverage

                       ┌─────────────────┐
                       │  Server request │
                       └────────┬────────┘
                                │
                       lookupIsCommunity()
                                │
                  ┌─────────────┼─────────────┐
                  │ err         │ ok          │
                  ▼             ▼             │
            IsCEMode()?   DetermineMode()     │
             ┌──┴──┐     ┌─────┼────────┐     │ 
             │     │     │     │        │     │
            yes    no  ModeCE ModeCommunity ModeDesktop
             │     │     │     │        │
             ▼     ▼     ▼     ▼        ▼
           ┌───┐ ┌───┐ ┌───┐ ┌───┐   ┌───┐
           │CE │ │DT │ │CE │ │CM │   │DT │
           └───┘ └───┘ └───┘ └───┘   └───┘

CE = Gateway-owned (credential helper)
CM = Gateway-owned (docker pass)
DT = Desktop-owned (Secrets Engine)

── Tested paths per entry point ──────────────────

authorize:  err+CE ✓  err+DT ✓  CE ✓  CM ✓  DT ✓
revoke:     err+CE ✓  err+DT ✓  CE ✓  CM ✓  DT ✓
enable:     ·····     ·····     CE ✓  CM ✓  DT ✓

── Tested paths per subsystem ────────────────────

registration (workingset/oauth.go):
    CE skip ✓ → community+flagON skip ✓ → catalog register ✓
    community dynamic discovery flagON skip ✓ / flagOFF register ✓

cleanup (workingset/server.go):
    CE early return ✓ → community+flagON filter ✓ → flagOFF include ✓

mode determination (pkg/oauth/mode.go):
    CE×catalog ✓  CE×community ✓
    DT×catalog×flagON ✓  DT×catalog×flagOFF ✓
    DT×community×flagON ✓  DT×community×flagOFF ✓  DT×community×flagErr ✓

flag toggle (pkg/oauth/flag_disable_test.go):
    community fallback DT ✓  catalog unaffected ✓  CE unaffected ✓
    flag error → DT ✓  provider mode cached ✓  determineMode is pure ✓

mixed mode (pkg/oauth/mixed_mode_test.go):
    two-server dispatch ✓  credhelper routing ✓  provider refresh routing ✓
    docker pass fallback ✓  CE regression ✓

34 total new tests

pkg/oauth/ (11 tests, 2 new files)

• flag_disable_test.go -- flag toggle, fallback, purity, provider mode caching
• mixed_mode_test.go -- simultaneous catalog+community, CE regression, docker pass fallback

cmd/docker-mcp/oauth/ (12 tests, 2 new files)

• auth_test.go -- Authorize() routing for all mode combinations + catalog-lookup-failure fallback
• revoke_test.go -- Revoke() routing (same matrix)

cmd/docker-mcp/server/ (5 tests, 1 new file)

• enable_oauth_test.go -- Enable() OAuth routing: gateway-owned, desktop catalog, community+flagON, dynamic discovery

pkg/workingset/ (6 tests across existing files)

• oauth_mixed_mode_test.go -- mixed registration flagON/OFF, community dynamic discovery flagON/OFF, cleanup filtering
• dcr_cleanup_test.go -- CE mode early return
• oauth_test.go -- mockDesktopModefix (overridesshouldUseGatewayOAuthFunc`)

🤖 Description generated with Claude Code and edited