-
Notifications
You must be signed in to change notification settings - Fork 8
Feat: Periodic capability polling for silent redeployment detection#496
Open
teemow wants to merge 2 commits into
Open
Feat: Periodic capability polling for silent redeployment detection #496teemow wants to merge 2 commits into
teemow wants to merge 2 commits into
Conversation
...loses #494) Add a background capability poller to the AggregatorServer that periodically re-fetches tool lists from downstream MCP servers. This detects silent redeployments where servers restart without sending notifications/tools/list_changed. Made-with: Cursor
- Replace time.Sleep with require.Eventually in TestRunCapabilityPoller_StopsOnContextCancel to comply with architecture rules (no timers in tests) - Add field validity guards in injectToolSilently so an mcp-go upgrade that renames internal fields panics with a clear message instead of silently corrupting memory - Fix misleading "deep-merging" comment in muster_manager.go to accurately describe the one-level shallow merge - Use baseCount delta pattern in TestPollAllServers to decouple the assertion from how many times Register calls ListTools internally Made-with: Cursor
QuentinBisson
added a commit
that referenced
this pull request
May 12, 2026
Reorder the critical path so Phase 4 (Edge auth — agw moves in front of muster, JWT or extAuth) lands last as part of a coordinated final milestone with Phase 6 (ADR-006 → traffic.authorization) and Phase 8 (aggregator HTTP server bypass in cluster mode), instead of mid-sequence. Rationale documented in the new "Reordered critical path" section: - Lowest marginal observability value (Phase 1 already delivers per-backend audit/traces/metrics; identity at agw is additive) - Most public-facing churn; best done as a single coordinated event - External dependency on mcp-oauth JWT-mode PR has its own review cycle - Phase 5 doesn't depend on Phase 4; translator emits Phase-1-shaped routes - Phase 6 stays in muster aggregator until Phase 4 lands; cluster-mode migration to traffic.authorization is opt-in New shape: ship-to-customers happens at end of Phase 5. Final milestone (Phase 4 + 6 + 8) lands later when mcp-oauth JWT-mode is ready AND a customer audit/RBAC trigger materializes. Also adds a "Current PR status" snapshot reflecting: - 3 PRs in pre-Phase-1 ServiceClass removal - 7 of ~8 PRs in Phase 2 broker series (#647-#657) - 2 PRs in Phase 3 tracing/logging (#652, #653) - ADR-012 (#613) revised - approved/mergeable: #570 (lean list_tools), #629 (architectbot alignment) - stalled / needs review: #496, #543, #623, #627
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
Summary
AggregatorServerthat periodically re-fetches tool lists from downstream MCP servers, detecting silent redeployments where servers restart without sendingnotifications/tools/list_changedsingleflight.Groupfor deduplicationGetSessionsForServer, and a BDD scenario (poll-capability-refresh-nonoauth) that validates poll-based detection of silently-added toolsCloses #494
Review fixes (1c1e03b)
time.Sleepwithrequire.Eventuallyin poller stop test to comply with architecture rulesinjectToolSilentlyso mcp-go internal field renames fail with a clear panicTestPollAllServersto decouple assertion fromRegisterinternalsTest plan
make test)muster test --parallel 50)poll-capability-refresh-nonoauthverifies the poller detects a tool added without notification