You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Improved MCP Streamable HTTP resumability by wiring persisted event replay into the upstream transport. SSE reconnects can now use Last-Event-ID within the same session, with replay scoped to that session to prevent cross-client event leakage.
Hardened session reconnect behavior after explicit DELETE /mcp termination. Peta Core now allows one short grace-period reuse of a server-issued session ID only for the same authenticated identity and token fingerprint, while continuing to reject unknown client-selected session IDs.
Clarified and enforced the current reverse-request boundary for shared downstream connections. Standard downstream server-initiated sampling, roots, and elicitation requests are no longer advertised as supported in the shared managed runtime.
Fixes and Improvements
Preserved MCP progress and cancellation semantics across the proxy boundary. Progress notifications are routed back to the originating upstream session with the client's original progress token, and upstream cancellation notifications are translated to the actual downstream in-flight request ID.
Isolated resource subscription state by downstream connection scope, preventing shared managed and per-user temporary sessions from receiving or unsubscribing each other's resource updates.
Added HTTP-to-SSE fallback for downstream remote server connection startup when Streamable HTTP negotiation fails and the server configuration supports fallback.
Strengthened request and event persistence handling with session-scoped replay validation, durable-first event IDs, and broader tests for persistent event ordering and reconnect behavior.
Fixed reconnect handling in authentication middleware and moved generated session IDs to UUID-based values while retaining compatibility with existing 32-character session IDs.
Removed duplicate Intercom OAuth handling in server startup logic.
Operational Notes
Downstream MCP servers that require standard reverse requests (sampling, roots, or elicitation) still need a dedicated downstream session model; these capabilities are intentionally not exposed in the current shared managed connection mode.
Clients reconnecting an SSE stream should continue using GET /mcp with Mcp-Session-Id and include Last-Event-ID when available so missed events can be replayed safely.
