Skip to content
This repository was archived by the owner on Oct 28, 2025. It is now read-only.

feat: add basic tracing to mcp#93

Merged
brandonspark merged 7 commits intomainfrom
katrina/mcp-telemetry
Aug 12, 2025
Merged

feat: add basic tracing to mcp#93
brandonspark merged 7 commits intomainfrom
katrina/mcp-telemetry

Conversation

@liukatkat
Copy link
Copy Markdown
Collaborator

@liukatkat liukatkat commented Jul 31, 2025

What:

This PR adds basic tracing to mcp.

Why:

We want to make mcp more robust and increase observability!

Test plan:

You can see traces getting sent!
image

Copy link
Copy Markdown
Collaborator Author

liukatkat commented Jul 31, 2025

This stack of pull requests is managed by Graphite. Learn more about stacking.

@liukatkat liukatkat mentioned this pull request Jul 31, 2025
@liukatkat liukatkat changed the title tracing.py wip: add basic tracing to mcp Jul 31, 2025
Comment thread src/utilities/tracing.py Outdated
@liukatkat liukatkat changed the base branch from brandon/mcp-scan to graphite-base/93 August 1, 2025 00:09
@liukatkat liukatkat force-pushed the katrina/mcp-telemetry branch from a9dd681 to b3df907 Compare August 1, 2025 00:09
@liukatkat liukatkat changed the base branch from graphite-base/93 to katrina/pre-commit-fix August 1, 2025 00:09
@liukatkat liukatkat changed the title wip: add basic tracing to mcp feat: add basic tracing to mcp Aug 1, 2025
@liukatkat liukatkat marked this pull request as ready for review August 1, 2025 17:33
@liukatkat liukatkat force-pushed the katrina/pre-commit-fix branch from 4f8418a to f469726 Compare August 1, 2025 20:07
@liukatkat liukatkat force-pushed the katrina/mcp-telemetry branch 2 times, most recently from 68e079e to a292fcd Compare August 1, 2025 20:20
@liukatkat liukatkat force-pushed the katrina/pre-commit-fix branch from f469726 to 91436a7 Compare August 1, 2025 20:20
@liukatkat liukatkat force-pushed the katrina/mcp-telemetry branch from a292fcd to f96dba9 Compare August 1, 2025 20:26
@liukatkat liukatkat force-pushed the katrina/pre-commit-fix branch from 91436a7 to 4d0f758 Compare August 1, 2025 20:26
@liukatkat liukatkat changed the base branch from katrina/pre-commit-fix to graphite-base/93 August 2, 2025 00:21
@liukatkat liukatkat force-pushed the katrina/mcp-telemetry branch from f96dba9 to a5b7303 Compare August 2, 2025 00:21
@liukatkat liukatkat changed the base branch from graphite-base/93 to main August 2, 2025 00:21
@liukatkat liukatkat force-pushed the katrina/mcp-telemetry branch from a5b7303 to d1fb1c2 Compare August 4, 2025 21:34
Copy link
Copy Markdown
Collaborator

@flaper87 flaper87 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for working on adding tracing. This is quite important 🙏

Comment thread src/utilities/tracing.py
Comment thread src/semgrep_mcp/server.py
# Initialize resources on startup with tracing
# MCP requires Pro Engine
process = await run_semgrep_process(["mcp", "--pro"])
with start_tracing("mcp-python-server") as span:
Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure we want to call this here. Similarly to the other PR, if this start_tracing is called here, we will have a single span used for every request sent to the server. The server_lifespan is called only once, and we really want to call start_as_current_span when a new request is received.

That being said, since FastMCP is based on FastAPI, I wonder if it'd be enough to follow these docs 🤔

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi Flavio, could you confirm your concern with this behavior? My impression (which I have confirmed via local testing) is that the server_lifespan manager is invoked once per session registered to the MCP. Meaning, if we run one server, we could service several clients who want to use the MCP, for instance if we had numerous editors open, or if we were in mcp.semgrep.ai and many users wanted to use the MCP.

In which case, my understanding is this code will cause one top-level span to be registered for each user's session, and each request of semgrep_scan_rpc therein will also produce a span.

I personally believe this to be the desirable behavior--do you disagree?

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mmh, that may not be what we want. Thikning outloud here.

The way tracing of HTTP requests is normally done is that we would have a trace per request and multiple spans as part of that trace. That way, it is possible to analyze traces independently.

If we create a span per user session, that means all subsequent calls (usages of MCP/tools/etc) for that session will be under the same trace. This may make things like comparing multiple calls to security_check, as they will all belong to the same trace.

By creating a trace per request (tool call, etc), we can forward that trace.id to semgrep CLI and have semgrep's create spans under the same trace.

TL;DR: What I'm proposing is that we should not have a root span per user session, but rather per request.

Does it make sense? Happy to discuss this further

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

that makes sense. but i think that having a top-level span gives us more context when analyzing the calls. with the newly added semgrep mcp command, we pull and cache rules per each session. so all the calls in the same session will be using the same set of cached rules. we might also add more features in the future where the context of the session will matter for each call. so, this case might be slightly different from HTTP requests in the sense that each request is not necessarily independent.

i also think that we won't necessarily lose anything (in fact, i think we gain info) by nesting the calls under a parent span. but happy to know what you think about this!

Copy link
Copy Markdown
Collaborator

@brandonspark brandonspark left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good work! w.r.t. whether we have a top-level span or not, this seems to be a two way door. With the release ideally happening today, let's bias towards getting this in.

@liukatkat liukatkat force-pushed the katrina/mcp-telemetry branch from 635f1ae to de12f0e Compare August 12, 2025 20:53
@brandonspark brandonspark dismissed flaper87’s stale review August 12, 2025 22:45

two-way door, we want to get this out for now. can always revisit later

@brandonspark brandonspark merged commit 98c9bd0 into main Aug 12, 2025
14 checks passed
@brandonspark brandonspark deleted the katrina/mcp-telemetry branch August 12, 2025 22:45
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants