feat: hosted MCP server#3655
Conversation
compatible with apps like poke.com
(thanks gemini)
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a pre-hosted MCP server, which is a great feature for developers. The frontend changes in Dart look good, and the backend integration in Python is mostly solid. However, I've identified a few critical and high-severity issues in the new mcp_sse.py router that should be addressed before this can be safely deployed to production. The most critical issue is the use of in-memory session storage, which will not work correctly in a multi-worker environment. I've also found issues with incorrect JSON-RPC error handling, a security inconsistency in one of the new endpoints, and silent error handling. My review comments provide details and suggestions for fixing these.
|
This PR is ready to be merged. It was fully tested with
|
neooriginal
requested review from
aaravgarg and
beastoin
and removed request for
aaravgarg
(issues caught by Gemini Code review)
|
we need this! used poke.com with limitless pendant mcp server, it was so cool and helpful! |
For sure! Hope it will be merged soon |
|
@gemini-code-assist review |
There was a problem hiding this comment.
Code Review
This pull request successfully introduces a hosted MCP server, adding a new UI section in the developer settings for configuration and a corresponding backend router. The frontend changes in Dart appear solid and provide a good user experience for developers. The backend implementation in mcp_sse.py is comprehensive but has a few critical and high-severity issues that need to be addressed. Specifically, the session management approach is not safe for production, and error handling for invalid client input and request parsing could be improved to be more robust and informative.
| router = APIRouter() | ||
|
|
||
| # Store active sessions | ||
| active_sessions: dict = {} |
There was a problem hiding this comment.
The use of a global dictionary active_sessions for session management is not safe for production environments. When running with multiple worker processes (e.g., using gunicorn), each worker will have its own in-memory copy of this dictionary. This will lead to session data being inconsistent across workers, causing requests to fail if they are routed to a worker that did not create the session. This is a critical issue that will break session handling under load.
To fix this, you should use a shared, persistent store for session management, such as Redis or Memcached. This will ensure that all worker processes share the same session state.
There was a problem hiding this comment.
this is not necessary as there is no need for it to persist
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
|
@gemini-code-assist review |
There was a problem hiding this comment.
Code Review
This pull request introduces a hosted MCP server, adding a new UI section in the developer settings for configuration details and a new backend router (mcp_sse) to handle the server logic. The frontend changes look good, providing a clear way for developers to get the necessary connection information. The backend implementation, however, has a critical issue with its session management, which uses an in-memory dictionary that is not suitable for a multi-worker production environment. Additionally, there's an inconsistency in input validation that should be addressed.
Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
aaravgarg
requested review from
mdmohsin7
and removed request for
aaravgarg and
beastoin
|
@neooriginal any demo video or something? Or any example mcp that I can use to test this? |
Can't, too much private data. You can use Chatgpt or poke or anything else |
|
what abt oauth in chatgpt, how do u handle that @neooriginal |
|
@neooriginal works with poke, pls tell how it works with chatgpt or attach a connection flow at least with chatgpt which wont reveal any data once thats done, will merge |
Just put any username like "Omi" and as oauth key the API key |
Server URL: https://api.omi.me/v1/mcp/sse Hope this helps. |
|
Error fetching OAuth configuration error from chatgpt pls try once urself, idts it works |
|
@neooriginal chatgpt calls these endpoints: INFO: 52.255.111.27:0 - "POST /v1/mcp/sse HTTP/1.1" 401 Unauthorized |
|
That's weird, I did try it myself. Probably made a simple change that broke oauth. |
compatible with apps like poke.com and chatgpt web. for apps that require this kind of format: <img width="494" height="563" alt="Bildschirmfoto 2025-12-08 um 12 27 10" src="https://github.com/user-attachments/assets/30575fc4-96df-42b1-9b14-cef09d353469" /> This pull request introduces a new "Pre-hosted MCP" section in the developer settings page and adds backend support for a new `mcp_sse` router. The main goal is to make it easier for developers to connect to a pre-hosted MCP server without requiring Docker, by surfacing the relevant server URL and API key information in the UI, and enabling the backend endpoint. **Frontend Enhancements:** * Added a "Pre-hosted MCP" section to the developer settings page (`developer.dart`), allowing users to easily copy the MCP server URL and see instructions for using their MCP API key. * Imported the `Env` class to retrieve the API base URL for the MCP server endpoint. **Backend Integration:** * Registered the new `mcp_sse` router in the backend application, making the SSE endpoint available for client connections. [[1]](diffhunk://#diff-df5184bf1f67239fcedd4578cd15b7c94f3f765feabd09c5f20b5831bca33903R27) [[2]](diffhunk://#diff-df5184bf1f67239fcedd4578cd15b7c94f3f765feabd09c5f20b5831bca33903R81) duplicate of BasedHardware#3652
4 participants
compatible with apps like poke.com and chatgpt web.
for apps that require this kind of format:
This pull request introduces a new "Pre-hosted MCP" section in the developer settings page and adds backend support for a new
mcp_sserouter. The main goal is to make it easier for developers to connect to a pre-hosted MCP server without requiring Docker, by surfacing the relevant server URL and API key information in the UI, and enabling the backend endpoint.Frontend Enhancements:
developer.dart), allowing users to easily copy the MCP server URL and see instructions for using their MCP API key.Envclass to retrieve the API base URL for the MCP server endpoint.Backend Integration:
mcp_sserouter in the backend application, making the SSE endpoint available for client connections. [1] [2]duplicate of #3652