Fix stateful session context propagation and affinity forwarding for appropriate list tools response

[kevalmahajan]

🐛 Bug-fix PR

Closes #2973

📌 Summary

Fixed a bug where server_id and other request context (headers, user auth) were lost when using stateful sessions and server_id was lost when using session_affinity. It ensures that:

Long-lived session tasks can dynamically recover context from the active request.
Internal session affinity forwarding for POST requests correctly preserves the server_id.

🔁 Reproduction Steps

1. Configure MCPGATEWAY_USE_STATEFUL_SESSIONS=true and MCPGATEWAY_SESSION_AFFINITY_ENABLED=true.
2. Connect to /servers/server-id/mcp and list the tools
   Before fix: Returns tools for "default_server_id" (empty/all).
   After fix: Returns tools strictly for <id>.

🐞 Root Cause

Two separate issues contributed to this bug:

1. ContextVar Loss: in stateful sessions, the run_server task is long-lived and spawned separately. The contextvars (server_id_var) set during the initial connection or previous requests do not propagate to this isolated task context, causing handlers to see the default value.

2. Forwarding Data Loss: When session affinity is enabled, stateful POST requests are forwarded internally to the /rpc endpoint in main.py. The original streamablehttp_transport extracted server_id from the URL, but
   main.py's /rpc endpoint expects it in the JSON body (params). The forwarding logic was not injecting the server_id from the URL into the JSON body, so main.py received server_id=None.

💡 Fix Description

1. Dynamic Context Recovery: Introduced _get_request_context_or_default helper in streamablehttp_transport.py. This function first checks contextvars (fast path). If missing (stateful case), it inspects mcp_app.request_context to retrieve the underlying starlette.requests.Request object and extracts server_id, headers, and re-verifies user auth via
   verify_credentials.

2. Affinity Forwarding Injection: Updated handle_streamable_http to extract the server_id from the URL regex and inject it into the params of the JSON-RPC body before forwarding the request to /rpc. This ensures correct routing in main.py.

🧪 Verification

Check	Command	Status
Lint suite	make lint
Unit tests	make test
Coverage ≥ 80 %	make coverage
Manual regression no longer fails	steps / screenshots

📐 MCP Compliance (if relevant)

• Matches current MCP spec
• No breaking change to MCP clients

✅ Checklist

• Code formatted (make black isort pre-commit)
• No secrets/credentials committed- [ ]

[crivetimihai]

Review Changes Summary

Rebased onto main (clean, no conflicts) and addressed all review findings across three commits:

Commit 1: fix: address review findings for stateful session context propagation

• Security: Removed debug log statement that leaked auth headers and user context at INFO level (token/PII exposure)
• Consistency: Applied _get_request_context_or_default() to call_tool, read_resource, and list_resource_templates — previously only list_* handlers were updated
• Bug fix: Fixed server_id injection to create params dict when absent from JSON-RPC body, ensuring paramless requests still get proper server scoping
• Cleanup: Removed orphaned blank line, cleaned up duplicate/unused test imports, fixed test property cleanup, ran black + isort

Commit 2: test: add missing coverage for context propagation and affinity injection

• Added 8 tests covering all branches in _get_request_context_or_default():
  • Fast path (ContextVars populated), anonymous user string-to-dict conversion, URL without server_id pattern, LookupError fallback, generic Exception fallback with error logging, cookie JWT token forwarding
• Added server_id injection edge case tests: JSON-RPC body without params key, URL without server pattern

Commit 3: fix: normalize raw JWT payload in stateful session context recovery

Addresses data shape mismatch between require_auth_override() (raw JWT) and handler expectations (normalized context):

• _normalize_jwt_payload(): New function that converts raw JWT fields (sub, token_use, nested user.is_admin) into canonical {email, teams, is_admin, is_authenticated} shape — mirrors streamable_http_auth normalization logic
  • Session tokens: resolves teams via _resolve_teams_from_db_sync()
  • API tokens: resolves teams via normalize_token_teams()
  • Detects admin from both top-level and nested user.is_admin
• call_tool fix: Replaced get_user_email_from_context() (reads stale ContextVar) with extraction from already-recovered user_context dict
• Test updates: Mocks now use realistic JWT payload shapes (sub, token_use, teams) instead of pre-normalized dicts; added 6 dedicated _normalize_jwt_payload unit tests

Test results

All 246 unit tests pass. Security review found no exploitable vulnerabilities.

[crivetimihai]

Pre-existing issues identified during review

Two pre-existing gaps were identified during the review of this PR. Neither was introduced by this PR — they exist on main and in the original forwarding code. Filed as follow-up bugs:

1. [HIGH] server_id not injected for internally-forwarded Streamable HTTP requests — #3018

The internally-forwarded branch (x-forwarded-internally=true) posts the original JSON-RPC body to /rpc without injecting server_id from the URL path. The local-owner branch (added in this PR) correctly injects it. Cross-worker forwarded requests to /servers/{id}/mcp will lose server scoping.

2. [MEDIUM] Fallback auth token precedence differs from middleware — #3019

The stateful session fallback path resolves identity via require_auth() which prioritizes cookie tokens over Authorization headers. The primary middleware (streamable_http_auth) uses Authorization header only. If both exist with different users, identity can drift. Low practical risk — requires unusual conditions (both cookie and header with different identities).